Darknet Diaries - Ep 46: XBox Underground (Part 2)
Episode Date: September 3, 2019This is the story about the XBox hacking scene and how a group of guys pushed their luck a little too far.This is part 2 of a 2 part series.SponsorsThis episode was sponsored by IT Pro TV. Ge...t 65 hours of free training by visiting ITPro.tv/darknet.Learn more about stocks and investing from MyWallSt. Visit mywallst.com/darknet to learn more.
Transcript
Discussion (0)
Just real quick before we get started, this is part two of a series on Xbox Underground,
so listen to part one first before this one.
Alright, let's get started.
One of my favorite Greek myths is the story of Icarus.
He was a young boy stuck on an island.
His father made a pair of wings made out of wax and feathers for him to fly away.
Icarus put on the wings and was able to fly around.
His father told him not to fly too high or too low.
Icarus took off and flew away, but forgot about his father's warning and flew too close to the sun.
Wax melted and his wings fell apart. He free fell and plunged into the sea below and drowned.
These are true stories from the dark side of the internet. I'm Jack Recider. This is Dark by Delete Me.
I know a bit too much about how scam callers work. They'll use anything they can find about you online to try to get at your money.
And our personal information is all over the place online.
Phone numbers, addresses, family members, where you work,
what kind of car you drive, it's endless.
And it's not a fair fight.
But I realized I don't need to be fighting this alone anymore.
Now I use the help of Delete.me.
Delete.me is a subscription service that finds and removes personal information
from hundreds of data brokers' websites and continuously works to keep it off.
Data brokers hate them because Delete.me makes sure your personal profile is no longer theirs to sell.
I tried it, and they immediately got busy scouring the internet for my name and gave me reports on what they found.
And then they got busy deleting things. It was great to have someone on my team when it comes to my privacy.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for Darknet Diaries listeners.
Today, get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries
and use promo code darknet at checkout.
The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries
and enter code darknet at checkout.
That's joindeleteme.com slash darknetdiaries. enter code Darknet at checkout. That's join, delete me.com slash
Darknet Diaries. Use code Darknet. Support for this show comes from Black Hills Information
Security. This is a company that does penetration testing, incident response, and active monitoring
to help keep businesses secure. I know a few people who work over there, and I can vouch they do very good work. If you want to improve the security
of your organization, give them a call. I'm sure they can help. But the founder of the company,
John Strand, is a teacher, and he's made it a mission to make Black Hills Information Security
world-class in security training. You can learn things like penetration testing, securing the
cloud, breaching the cloud, digital forensics, and so much more. But get this, the whole thing is pay
what you can. Black Hills believes that great intro security classes do not need to be expensive,
and they are trying to break down barriers to get more people into the security field.
And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range,
which is great for practicing
your skills and showing them off to potential employers. Head on over to BlackHillsInfosec.com
to learn more about what services they offer and find links to their webcasts to get some
world-class training. That's BlackHillsInfosec. dot com. Blackhillsinfosec.com.
All right, let's recap real quick.
We left off with this Xbox Underground hacking crew
having full access to dozens of networks of video game companies
like Epic, Activision, EA, Bungie, Microsoft, Zombie Studios, and Steam.
And we're going to be hearing more from Schizo,
who was sort of watching this whole thing from afar it's not just the xbox that defined this group the xbox put it on the map
it's all the other fucking shenanigans that brought it together and of course we have sanad
who's loving the fact that he can play early release versions of xbox games but also at the
same time a little worried that things might be going a little too far.
Yeah, exactly.
Then there's Dylan, who's just hacking into everything he can, sort of on a total rampage.
But at the same time, he's willing to share the story with us.
Where do we begin?
And there are other hackers involved, too.
There's David, who's doing a lot of Halo modding, and he's fascinated with everything
Microsoft. And there's Nathan, who's part of the scene. He's really smart and helps
them out sometimes. And there's Justin May, or MTW, who got arrested at PAX, but is still active
in the group. And then there's other characters like Austin and Anthony, who are also doing their
own hacks. But they're all only after video games though, and source code. They all pretty much
agreed not to steal any credit cards, or empty PayPal accounts or make any money with this hacking. And for the most part,
they didn't dig into any personal data either. One of the networks they had access to was Microsoft
itself, the makers of the Xbox. Now David was particularly interested in seeing what new stuff
Microsoft was doing, and perhaps had a weird fantasy about someday working for the team behind
the Xbox. So they put a lot of focus into poking around this network. They had a few valid logins
for the Xbox developers network and they'd log in with different accounts to see what different
developers had access to. One day Dylan logged into an account and noticed a new folder that
this developer had access to but other developers didn't.
It was like, okay, this is not something that's normally there.
So we click on this.
It was like, it wasn't, it was just called Durango.
Dylan was looking through this developer's account,
which displayed different kinds of hardware components that they had access to.
The developer had access to an Xbox 360 system, the Xbox Kinect,
now this Durango system. Hmm, what's a Durango, he thought.
We had no idea what it was.
Maybe this was some kind of secret project Microsoft was working on.
We were like, well, that's a bit odd. So we kind of navigated there.
In this server was a SharePoint website. And after playing around with the URLs of the SharePoint site,
they were able to see a listing of a lot of files.
And that kind of gave us access to, hey, these, you know, internal documents.
Of course, they start grabbing these documents, spec sheets, photos, driver software, source code, and more.
They share all this information with their circle of hackers,
and someone figures it out.
This is the specs for the new Xbox,
which would be later known as the Xbox One,
but at that time, it was simply codenamed Durango.
This hacker group was holding in their hands all the ingredients and blueprints of the next Xbox
that Microsoft was working on.
So we had like two pictures of the internals or the back of the machine and the internals
and one picture of just the case. And then we had the software itself, which was their recovery
software. That kind of gave us a basis for, okay, let's just try and build the hardware.
What we found out was they were using a Supermicro case.
And if you know anything about the Xbox 360,
it was previously using a Mac Pro G5 at the time.
So these were just off-the-shelf kind of things.
Now, when a group of hackers who are becoming experts
at reverse engineering software
and are able to look through machine code
and had a few clues to go by,
of course, they began trying to figure out
what hardware it would take to run this software.
So really, we just, you know, went into the drivers,
saw what the drivers were they were using,
and compared them to what we saw in the pictures,
cross-referenced it,
cross-referenced the specs of the machine,
idea of what
processor they were using, what graphics
card they were using,
and pretty soon
we had this identical
hardware list. Everyone
is thinking the same thing at this point. Let's
build a Durango.
They just started going on
Newegg and finding all the parts
on there. People started pitching in to help buy the parts and put these things together.
And Nathan volunteered to get all the parts shipped to his house and he'd build the thing.
So Nathan got all the parts from Newegg.
He puts it together and he installs Durango OS on it.
And it worked.
Nathan had in his hands pretty much the exact prototype to the next Xbox gaming system, which nobody had yet,
except for a few Microsoft developers. This was incredible. I mean, this is something every tech
magazine on the planet wished they had, and here this small group of hackers had it and was just
keeping it quiet amongst themselves. It was expensive to make, though though and didn't do much more than a regular xbox so the group decided to
sell it off nathan was happy to do this since he needed some money to pay for college so the group
starts asking around the people they know to see if anyone would be interested in buying it and
they did find a buyer another hacking group heavy into modding xes. They wanted it. And they were willing to pay $5,000 for this counterfeit
Durango. Okay, so yeah, the
buyer paid, I believe
it was $5,000 US.
Yeah, they internationally bank
transferred it to me while I was
actually abroad.
We didn't even, you know, think
this would happen. But yeah,
it happened. So we were like, okay, well,
time to send them the hardware
so nathan had this unit and the buyer wanted them to send it to seychelles an island off the coast
of africa and justin volunteered to ship it there remember justin right he's the one who got arrested
at pax justin and nathan lived in delaware and maryland so not really that far from each other. He goes to meet up with Justin or MTW,
and he hands off the unit to MTW to ship out.
Now, why they did it that way, I have no idea.
Justin may have been scamming the post office.
Somehow he was able to get super cheap shipping.
So he was able to convince people,
hey, let me ship it.
It'll be a lot cheaper if i do it
so justin gets the package and ships it off and somehow it never got to the destination
justin was the last one to see that durango it just disappeared after that so what really went
on here some speculate it could have just been lost in shipping or maybe the fbi intercepted it maybe
justin was an informant for the fbi and the whole thing was just set up to make justin look good as
an informant nobody knows now actually sanad didn't know any of this was going on at the time
well here's the thing they would do stuff and then when shit like went wrong that's when they would tell me and i'm just like why would you tell me now like you know what i mean because i was i was obviously the older one
out of all of them so i have a little more street smarts so to say and when certain things seems off
and your gut is telling you something's off then it's it's off you know um and justin just i don't know what it
was about him but he always gave me this weird feeling that he was always up to something like
fishy but even if people thought justin was fishy they still shared very sensitive stuff with him
and even though this whole selling of a durango was shady and really weird Dylan thought let's do it again and he
decided to make a second one and sell it um so we didn't actually make a second one that's the
interesting thing so I decided okay well we got these photos from when we posted about it before
and I was like well I might as well put on ebay and see what attention i can
get so you took the photos from the first one you built and you stuck on ebay we took the photos
which had my username at the time on it and we stuck it on ebay when sanad heard about this he
wasn't happy oh i was I was pretty ticked off.
And I even mentioned to them that I was ticked off.
I told them to stop.
I tried to be as cautious as possible, but there was only so much I could do.
I couldn't control the other people.
The Durango listing on eBay started getting bids like crazy. This listing went viral.
It quickly rose past $5,000, past $10,000, and people just kept bidding on it. It rose all the
way to $20,000. That's when I believe eBay canceled the auction. This was a counterfeit item and
coveted Microsoft intellectual property. But it was with this that the world became known
that the codename for the new Xbox was Durango.
This eBay listing pissed off David.
This was too risky and bold of Dylan.
This caught a ton of media attention.
For sure, Microsoft was going to investigate
how this got stolen or created,
and they might start coming after him.
So David got angry and stopped talking to Dylan. going to investigate how this got stolen or created, and they might start coming after him.
So David got angry and stopped talking to Dylan.
It turned into such a headache,
because here's the flip side of it.
Imagine you're a partner of Microsoft,
and you're seeing that your shit may not be that secure on the Microsoft side.
We want to do audits.
We want audits on security.
We want logs.
How can we trust you guys?
Think of the IT team
or security personnels
with each respective department.
Think of the jobs that were lost.
The uncomfortable conversations.
The millions of dollars spent trying to mitigate this problem.
It's not fun.
Microsoft did start investigating this, big time.
And perhaps they were aware of this hacking long before this.
But now, now they had a smoking gun that something was getting stolen from the strongholds of Microsoft.
And this wasn't good for anyone.
Microsoft assigned a senior security executive named Miles Hawks to start investigating the case.
A few weeks later, the first person falls.
Nathan Leroux.
This is the guy who was creating some in-game gold and some games,
and he was participating in some of the hacks for these companies,
and he was the one who put the Durango together.
The FBI paid him a visit.
I believe him and Dylan were on
a video chat or something,
and he got raided during
that video chat. I don't believe
I was on a call with him
when he was getting raided, no.
He was on an anime
marathon. He was watching it
for probably over a day.
Yeah, so when the police showed up,
you could see, as you can see, it's like his mugshot. He was completely out of it.
Yeah. That's kind of the reasoning behind why he looks so shit in his mugshot because he really
didn't get any sleep. The FBI had a long and serious talk with Nathan. Who knows what they
talked about, though, and how long it really was.
Perhaps they even confiscated all of Nathan's computers.
It was a very intense situation for Nathan.
From then on out, he was scared straight.
He completely disappeared from the hacking scene, and he moved to a new place,
and got a straight and narrow job in a small game development studio.
From here, things started to break up.
There was new air among the group, and things had gotten out of hand.
It was uncontrollable, and there was just too many digital tracks left everywhere.
People were getting angry with each other and growing apart.
David and Anthony feuded over something and split apart.
Sanad went quiet and kept his nose out of trouble.
And Dylan, well, Dylan just kept at it.
I think at that point we were very much done.
We knew we went too deep.
We knew something's going to happen eventually.
And I think I kind of took this route of kind of self-destruction
where I just was like, you know what, fuck it.
And a few others pushed on too.
Before Nathan got arrested, he taught Anthony what he knows
about creating in-game money and selling it.
There's a popular EA game called FIFA.
It's a soccer game, and it's hugely popular around the world.
In the game are coins that you can use to buy extra things like jerseys and
improve your players. Millions of people play the game all the time and they want more FIFA coins to
improve their team. Even today, buying and selling FIFA coins is highly lucrative. Nathan found a way
to create in-game coins and sell them to people for real money, but he wasn't really good at it.
It was crude and there wasn't really a good way to do it. But now that Anthony wasn't really talking to David anymore, Anthony decided to take what Nathan taught him
and try to improve it. And Austin, who was part of the group too, joined up and started helping
Anthony make FIFA coins. They found a way to reverse engineer the executable to basically
have the server spit out unlimited coins. And then they were selling them to some guy in China.
This was working, like, really well.
Anthony and Austin started making good money doing this.
And because they had hacked into EA and stole source code for FIFA,
it made it a lot easier for them to reverse engineer how to hack it.
This was growing more and more profitable every day.
They would spend all their
time creating FIFA coins and selling them. Meanwhile, back at Microsoft, the investigation
as to who was selling the Durangos on eBay heated up. Miles Hawks, the senior security executive at
Microsoft, was making some progress. Somehow, they traced Dylan's eBay account all the way back to
his house in Perth, Australia. So Miles gets on a plane
and heads down under. Yeah, so he was their private eye, I guess we'll say. And I mean, one day he just
ended up at the house of my parents. And I think I wasn't there at the time. So he actually came back the next day and i i found out so i i was there for this um second
time i mean he came he wanted to just lay down you know they're not there to kind of you know
prosecute anyone you know they're not you know law enforcement they don't care too much they
just want to know what's going on so i guess that's where we kind of opened up myself and
david actually you know gave them what we knew,
what we had,
how things were done,
how people got onto Xbox Live.
He kind of took all this info,
went back,
and that was really it.
Miles visited Howdy.
Howdy basically said
that he didn't do shit.
I believe he surrendered a kit or two that he had in his garage in plain view.
Howdy had this weird dream that he was going to get a job at Microsoft to do what God knows.
But Howdy claimed that he could offer people up in exchange for a job.
And Miles said, thanks for the kits, man.
Gotta go.
Around this time, back in Delaware,
Justin, or MTW, the hacker who got arrested at PAX,
he was running a major scam operation.
Here's what he was up to.
When you buy a Cisco router and it goes bad,
you can call the support line and ask them to do a replacement.
This is called an RMA.
Because they want you to get your network back up and running as quickly as possible,
they send you a replacement router right away.
And you're supposed to put your old broken router in the box and send it back to them.
Justin knew this and figured out a way to trick Cisco into processing an RMA for him,
even though he didn't have a router to send back.
Cisco would ship him a brand new device and he would turn around and sell it.
This left Cisco high and dry without any return device.
And he was doing this with the Microsoft Surface devices too.
Like, he was doing this hundreds of times,
making huge amounts of cash.
Enough to buy a BMW coupe for $60,000.
Justin was telling David and Dylan and the rest of the crew all about these scams
he was doing. Dylan didn't seem to really care if Justin wasn't an informant because Dylan was
sharing tons of information with him anyways. To David, the scams proved Justin was still
trustworthy. The amount of scamming that he was doing was way beyond what the feds should be
allowing him to do if they were watching him. And even if David didn't trust Justin,
it's better the devil you know than the devil you don't. So maybe it's a good idea to keep an eye
on Justin, keep him close. David was attending University of Toronto in Canada, but he was
planning a trip to the U.S. He wanted to go to the annual DEFCON conference in Las Vegas, Nevada,
in the U.S. David told Justin about his plans to go to Vegas.
And right after that, unknown to David, an indictment was created in the U.S. for him.
The indictment had 16 counts of criminal activity, including fraud, identity theft,
and conspiracy to steal trade secrets. The indictment listed Sanad, Nathan, and David
as co-conspirators.
The feds seemed to be moving forward with this case, but why now?
Maybe the feds figured out David's plans to go to the U.S.
Maybe it was just time for this operation to crash.
I don't know.
However, a closer look at the indictment does reveal something interesting.
There's another person in the indictment does reveal something interesting. There's another person in the
indictment only known as Person A. A lot of evidence in the indictment was provided by this Person A.
And in fact, the indictment even says that Person A did some of the hacking in the group too,
which means they were part of this crew. So now we know for sure there is a snitch among the group. They were tipping off the feds.
The indictment said this person A was a resident of Delaware.
For some reason, though, David canceled his trip to Vegas and Daft Con.
Maybe he got nervous about crossing borders.
Maybe some other things in his life took precedence, but he just didn't go.
There's a new character that shows up at this point,
an 18-year-old named Armin. Armin lived near Redmond, Washington. You know what's in Redmond,
Washington, right? Microsoft's headquarters. Armin was extremely fascinated with Xboxes and
had been following what's been going on in the scene. Armin's mom was dating a guy who worked at
Microsoft, and he'd often come over to Armin's house after work wearing the Microsoft employee
badge. Armin devised a plan. He acquired a badge cloner, and when his mom's boyfriend came back,
he was able to make a duplicate copy of that Microsoft employee badge. Now with a functioning
badge to get into the Microsoft building, he decided to go
in there and walk around. To look the part, Armin dressed like a regular employee, wearing clothes
with Microsoft logos on it and looking like he belonged. He went down into the headquarters in
the middle of the day, swiped his badge, and got in. He first just wandered around, taking in the sights and sounds.
He was particularly in awe of just being there.
He was in the belly of the beast of the place he obsessed over.
This was where they made the Xbox,
and some of his favorite video games were made right here in this building.
It was cool just seeing the place.
I admit, I've been on that campus too, and I felt a sense of awe.
It was like a soccer field right in the middle of campus, and free sodas for everyone.
And just the sheer brainpower that's walking around there is extraordinary.
For about a year, Armin would come and go on the Microsoft campus, becoming familiar with it and learning the layout better and better,
all while using a rogue employee badge.
Armin dreamed about one day
working at Microsoft. He applied for a position at one of Microsoft's vendors as a quality assurance
tester. And he continued to dress in Microsoft swag and go on campus and wander around the offices.
Eventually, he found the office where the engineers and developers were working on the Durango. As he walked through the offices, he spotted one of the actual Durangos.
Whoa, this was a real, authentic, official Microsoft Xbox One prototype.
Armin spent the last year infiltrating this campus,
and it was at this moment that he knew what to do with his access.
He waited until the coast was clear, grabbed one of these
Durangos he found, shoved it in his backpack, and quickly left the building. Amazing. He got all the
way home and unloaded the console. He had a fully working authentic Durango now. He was absolutely
brimming with excitement from the rush of this. But it's really hard to contain this kind of
excitement. He reached out to Austin, one of the members of this Xbox Underground, to tell him
about it. At this point, Austin kind of was done doing things with Xbox Underground and was making
a shift to selling FIFA coins with Anthony. So Armin told Austin that he had an authentic Durango
and he wanted to know if Austin wanted one too. Austin asked at what price. Armin wanted logins to the Xbox developer network
and a few thousand dollars for it. So Austin called up Dave in Ontario and told him about Armin.
Dave was baffled by this deal but was too curious to turn it down and they were put in touch with
each other. Dave and Austin both agreed to buy one so Armin formed a new plan. In September 2012, Armin gets dressed in his full
Microsoft attire and gets a big oversized backpack and he gets ready to go into the headquarters.
He waits until about 9 p.m., walks up to the building, swipes his badge, and he's in. Business
as usual, no problem. He knows the place well, so he knows where to go to try to look for Durangos. He's walking through the office looking for them. He's getting nervous,
he's getting sweaty palms, he's looking around a lot. He hears footsteps. He dives into a cubicle
and waits for the footsteps to go away. As soon as the footsteps go away, he scurries up the stairs
to the fifth floor where he thinks he could find the Durangos.
When he opens the door to the fifth floor, it's totally dark.
Perfect, he thought.
He starts walking through the office in the dark.
But some motion detectors sensed him and the lights flicked right on.
This spooked him, so he goes back into the stairwell and down two flights of stairs.
He opens the door into the office and wanders around there. Walking through rows of cubicles, he finally comes across a cubicle with
a pair of Durangos in it, and sitting on top of one of them is a blacked, high-heeled shoe.
He looks around. Nobody is there. He grabs both Durangos, jams them in his backpack, and
takes off for the door, leaving the black high-heeled shoe right there on the floor. He goes
into the lobby, walks through the door, goes outside, finds his car, and drives home. Success!
Armin ships the two Durangos to Dave and Austin and gets his cash and logins.
Awesome, he thought. Dave was amazed too.
But then Armin got a call from that Microsoft vendor that he applied to,
saying he got the job as a quality assurance tester.
Whoa, I'll take it, Armin said, and went to work for them.
Microsoft discovered these three Durangos were now stolen and started investigating.
They found some security footage showing Armin leaving the building.
And this was enough to identify Armin and get him arrested.
Microsoft wanted the Durangos back really bad.
And Armin was only 18 and was scared of the legal troubles he was facing. So he begged David and Austin to return the Durangos. is more important than ever. I recently visited spycloud.com to check my darknet exposure
and was surprised by just how much
stolen identity data criminals have at their disposal,
from credentials to cookies to PII.
Knowing what's putting you and your organization at risk
and what to remediate is critical for protecting you
and your users from account takeover,
session hijacking, and ransomware.
SpyCloud exists to disrupt cybercrime with a mission to
end criminals' ability to profit from stolen data. With SpyCloud, a leader in identity threat
protection, you're never in the dark about your company's exposure from third-party breaches,
successful phishes, or info-stealer infections. Get your free Darknet Exposure Report at spycloud.com slash darknetdiaries.
The website is spycloud.com slash darknetdiaries.
Back in Australia, Dylan did some thinking and thought,
you know what, maybe it's time to tell Epic he's the hacker.
So he called them up and told them,
hi, I'm the one who hacked you.
Basically that. I actually went back to the IT guys, the original IT guys, hacker so he called them up and told him hi i'm the one who hacked you basically that i actually
went back to the it guys the original it guys um gmail looked at the phone number on his link to
his account and i called his personal mobile as a naive kid i probably i i believe i probably said
something like oh you know i'm the guy who hacked you. And I don't think they took it too seriously.
They were like, oh, well, you know,
they were trying to FF us or something.
But then I kind of eventually was like,
no, no, you know, can we sort this out?
And that's where we kind of made a disclosure.
Not a responsible disclosure,
because, you know, it can't be responsible at all
at that point in time.
But it was definitely, you was definitely a disclosure nonetheless.
They actually said, and this was, if they'll confirm that or not,
they'll say the FBI would not help them at all.
So they were actually, they were pretty happy with the fact that we actually,
you know, at least gave them the information that they wanted all along.
And Dylan had the audacity to ask for a reward for telling Epic how he
hacked into them.
And Dylan even gave them his address in Australia.
Yeah.
I asked them,
I was like,
I just said,
like some swag or something.
And I guess I ended up with a poster,
a signed poster.
So yeah,
probably the first,
first kind of reward I ever got.
It's still funny because it's like, you know,
we did all these things wrong,
but we still got rewarded in the end.
Since that eBay listing, Sanad distanced himself from the group.
But he did have the Durango software
and wanted to see if he could get it working on one of his own computers.
I realized that you can install Durango OS on any type of hardware.
It didn't have to be that specific hardware.
I put it on a Gateway Blade server and it loaded completely fine.
This was exciting for Sanad.
To be able to play around on the Xbox One long before it came out for the public.
So cool.
There was always one problem with the the counterfeit durangos the
video driver from the durango os for some weird reason didn't work properly with you know the the
cards that you'd buy from retail so the picture was always shifted like there was no way to center
it um i tried to like mess with it a little bit i because you know it was based off
of windows 8 at the time so i even tried taking the drivers from windows 8 and popping them in
there trying to see if i could fix it like no matter what i did it stayed that way it's not
kept tinkering with this video issue and is still playing on those dev kits playing stolen games and
a lot of retail games too at this point he actually has a massive collection of gaming consoles and games
one day out of the blue somebody on irc messages me i can't remember his handle but he was um
he was talking to me about stuff and i was i had my guard up you know this guy messages me and he
starts talking about durango stuff i thought maybe he
was trying to get the software off me to make his own durango and he was like no no no he's like i
already have the software i got it from nathan and remember nathan was raided and arrested earlier
so i'm like okay and then he's like oh nathan's sitting with me and i'm like, okay, and then he's like, oh, Nathan's sitting with me, and I'm like, okay, because he
had a, he had a Baltimore IP address, so I kind of was still, like, weirded out by it, but then he
started talking about some, like, internal Xbox 360 bootloader that got leaked, and he even sent
me the file, and then he tried to
explain what it was, but he really didn't know what he was talking about, I guess he had somebody
else hop on and explain it as quote-unquote Nathan, and then it made more sense to what it was,
and then I'm like, you know, let me see the picture of your Durango, so he takes a picture
with, you know, he wrote out his alias and a timestamp on it.
And I look at the screen and the one problem that we could never fix was apparently working for him, which was the video issue.
So I asked him about it and he's like, oh, I figured out a way to resign the drivers and blah, blah, blah.
And to me, it just seemed off.
So my response to him was, I think you're a UC.
And he just starts going off on me.
He's like, you think I'm an undercover and this, that, whatever.
And I mean, let's be realistic. If I say to somebody, I think you're a UC, how many people are going to know that stands for undercover?
You know?
So I was just like, all right. I'm like, this dude's totally a cop. So I stopped talking to him. A couple of days go by. He doesn't hear anything from that guy anymore. But then comes
the day that Sanad will always remember. It was December 4th, 2012 at 5.30 in the morning.
I have like insomnia issues.
So I was taking sleeping meds at the time.
For some weird reason, they didn't kick in until like 3.30 in the morning.
Two hours later, I wake up to loud banging on my door.
And I'm just like, who is it? And they're like, it's the police.
Open up, open up.
So I'm thinking police
maybe the house is on fire or something like maybe something happened or something you know
what i mean so i go to open my door and they had kicked and banged it so hard that the doorknob
jammed and i'm just like you know i can't open it so they're like stand back and next thing i know
the door flings open i see a shield and then guns pointed at my face.
And I'm in my boxers, mind you.
So I just put my hands up in the air instantly.
It's the FBI.
Now, Sinan is Middle Eastern, and he thought all this is probably for the hacking,
but he didn't want to admit anything before he knew for sure.
You know, they pull me outside, and it's freezing cold.
Like I said, it's in December.
My neighbors are driving by thinking that, like, I killed the president or something
because of how many FBI agents they sent to my house.
It had to have been at least four dozen.
There was, like, close to 50 agents there.
It was insane.
So I'm like, you know, what's going on, what's going on.
And the special agent in charge was like, Oh, you know, we got to finish clearing the house.
And then, you know, we'll pull you back in and we'll talk to you. I'm like, okay.
They pull us in. It was me and my dad. Um, which by the way, my dad's like, he's not dark skin,
but he's got really tan complexion. He looked like he was a
ghost. Like he was just white. They have him in the family room and me in the kitchen. And they're
asking my dad, like, you know, your son took the project, the rainbow. My dad's like the truck.
Like he had no idea what the hell they were talking about. They were like, your son stole
millions and millions of dollars and this, that, and whatever. And my dad's like, no, he didn't. He's like, I would know if my son had millions and millions of dollars.
So I told the agent, I'm like, he doesn't know anything. Like, stop, stop bothering him. Like
you guys aren't going to get anything out of him. Cause he really doesn't know anything.
So they stopped questioning him. Then, um, they go to me and they're like, all right. They're
like, we want to show you something.
So he pulls out a little manila folder.
And the first thing he pulls out is a picture of the Durango.
I'm like, okay, well, he probably obviously saw that on eBay or something.
So then he starts talking about Epic Games and Valve and all this, that and whatever.
And then he pulls out chat logs between me and other people.
And that's when I realized, like,
somebody set us up.
Now remember, Nathan was also raided by the FBI.
So you might think that all these chat logs
were something they took from Nathan's computers.
No, they had logs from dating way before Nathan.
So this was not something Nathan would have had.
It would have been someone who was around much earlier than that.
Sanad knew that someone in their circle had to have been an informant,
tipping off the FBI, providing chat logs and screenshots to them,
giving up real names and locations for people.
Sanad was pissed.
The level of anxiety was like through the roof.
It was just so much going on you know they these guys
with masks came in the house and went right to my room um like it was just it was insane
i've like the only time i've ever seen anything like that was in the movies
the fbi began confiscating everything from sanad he He had a lot of stuff too. First, the FBI started taking all of the Xbox dev kits from Sanad.
There was quite a bit. Probably around like 20 of them.
Jeez, that's a lot of dev kits. And he had three retail Xboxes too, and a ton of other games and consoles yeah they took a dreamcast they took a nintendo 64 they took um
i had a binder with a whole bunch of like uh internal microsoft discs and internal like sony
discs and stuff like that that they took there was like a whole bunch of like miscellaneous stuff
they took like they got so lazy or tired or whatever of writing stuff down that they started
labeling stuff like bag of microchips bag of cds like
there was just so much stuff they were literally there for like five hours clearing up everything
my seizure list was four pages handwritten so one of the agents goes um oh my buddy does this
thing where he gets all the old you know uh sega Sega Genesis games and stuff like that. And, and he plays them and,
you know, he has a whole bunch on one thing. I'm like, yeah, those are emulators and ROMs.
And I'm pretty sure that's piracy. And then the, the agent in charge was like, Hey, we're not
talking about that right now. And I'm looking at him like, uh, so it's okay if you guys do it,
but as soon as somebody else does it, it it's not okay i was a little ticked off
like i was having anxiety and um you know i i was taking colonopin at the time for my anxiety
he literally wouldn't give me my medication he sat the pill bottle in front of him and said
these could be anything and they also found some drugs that sanat had uh yeah i had some pot
and um the agent pulls my bowl out and brings it to me. And he's like,
what's in this? I said, pot. And he goes, uh, I'm going to have it tested. And I'm like, okay.
So he calls up the local like narcotics people and they come and they like scrape a little off
it. And he's like, yeah, it's pot. He literally just left everything where it was. Like he left
the pot and the bowl right on my desk when they left. They left the pot. After the FBI finished seizing everything, they didn't take him to jail.
They let him stay home and said they'll follow up with them later for next steps.
They left a search warrant with Sanad to keep.
And he wanted to show the others this search warrant.
So I posted it on Facebook and Dylan saw it and decided to dox the special agent in charge and the judge from Newark that signed the search warrant.
And he put a hit out on both of them he put a he put a hit out on some forum on the special
agent in charge and the judge i don't know if it was a joke or you know but like still it made me
look really really bad went about uh discovering you know who they were, their personal information.
So yeah, I probably did dox them a bit
because I believe I actually posted a text file with their information.
Dylan did talk about putting a hit on the agents,
but this was just some sick joke that this young kid did.
Nothing ever came of it.
As far as federal agents went, yeah, that was a stupid thing for me to say,
but I did actually say it, yeah.
You kind of have this attitude of like, when the shit goes bad, you kind of just...
Dig the hole deeper.
Yeah.
Yeah, that used to be the general way I dealt with things, I think.
You know, I was a bit of a naive kid,
and I think it kind of shows how careless I was, how kind of out there I think. I, you know, I was a bit of a naive kid. I think I kind of, you know, it kind of shows how careless I was, how kind of out there I was.
When a computer experiences a kernel panic, there's no telling what it might do. It might crash. It might corrupt files. It might reboot. It might not do anything.
But when Dylan would have a kernel panic, you couldn't predict what he would do either. Despite all of this going on, Dylan was still hacking into places, everywhere, because
it's an absolute thrill to get into places you're not supposed to get into and grab stuff you're
not supposed to see and play games you're not supposed to play. One night, Dylan, still only
17 years old, was focused on trying to hack into a game studio.
These late-night hacking sessions were typical,
and this one lasted all the way to when the sun started to come up the next day.
And I kind of noticed, oh, you know, it's pretty early in the morning,
and there's police outside the house.
I guess this kind of, like, panic set in.
I was like, shit.
There was at least a dozen armed police.
They were armed, so, you know,
they weren't just normal police officers,
so I knew, you know, shit, something's up.
It's always so weird to me to hear that hackers
get this huge army coming after them.
I think it's still even to today.
I mean, you know, you're a hacker.
You're, you know, obviously
you're a very dangerous person.
The police have their weapons drawn
and start approaching the house.
I kind of realized,
oh, this is game over.
So I powered off like as many machines
as I could.
Kid, one of my laptops inside roof cavity and I was like oh fuck oh fuck oh fuck
they initially knocked they had their they were actually about to ram the door uh but one of my
parents actually opened it I believe to which they know, quickly searched the entire house to, you know, make sure it's all clear, apprehended me.
Yeah, so then we end up sitting down.
They wanted to kind of, I guess, you know, they told me basically what it's for.
I went, okay, and just kind of was very quiet to them.
I didn't really have anything to say.
So I guess I was even more maybe arrogant, maybe you could say, towards them.
It took them a good, I'd say it was a good several hours they spent seizing everything.
Basically, it was any hardware at first followed by any documentation
they started taking
they took school bags
they took whatever they could
I actually purchased
a few servers at auction
which I didn't power these up yet
but when I actually
got them they had their hard drives
but no RAM
to this day I have no idea if they had anything
on them. All I know was they
came from the Ministry of
Defense.
Well, the Department of Defense at the time.
Yeah, so they had the
asset stickers there and
didn't look good.
The guy that's
being done for X, Y, and Z
to do with IT
happens to have, you know, these military servers, I guess.
Dylan had three Xbox dev kits, one retail Xbox.
He took his BlackBerry, two MacBooks, an iMac.
Oh, yeah, and then my actual PC itself.
Quite a lot was taken.
I think we estimated about like probably 50,000, 100 grand maybe worth of hardware.
You might be wondering how Dylan could afford all this stuff at 17.
I wondered this too, and Dylan didn't admit publicly to me how he acquired the money.
My guess is that Dylan did things outside of hacking,
and got away from his computer from
time to time and figured out a way to make money like other rebellious 17 year olds would.
The police took Dylan down to the station to be processed and they tried to get a recorded
confession from him while he was there. I believe they asked, you know, are you going to talk? And
I just didn't even look at them. I didn't say anything, didn't look at them.
He didn't really cooperate that well with the police.
I think I was pissed off, actually.
I think it was more of a pissed off that I was caught.
As
naive as it sounds,
I think it was just...
We thought we'd get caught,
but then when we did get caught, it was a bit of a
surprise.
I don't think it was,
I don't think it was a sort of surprise
as like someone who's scared.
It was the sort of surprises.
Well, you know, finally.
He knew he went too far
and this day was coming.
And I think at this point,
he just wanted this whole thing to be over with.
Honestly, I think that was really where it's at
because it was, we did so much that we just wanted this whole thing to be over with. Honestly, I think that was really where it's at because we did so much that we just wanted it over
and there was no easy way out.
And that's what, you know, everyone had that kind of attitude.
How do we make our exit?
Because we're too loud.
Everyone knows.
How do we exit?
The police arrested Dylan and would keep him there
unless he paid his bail.
Yeah, so as soon as I was released on bail, just on my own reconnaissance, basically,
I actually went straight to the Apple store and tweeted from one of their Macs that I was arrested and raided.
You think you'd learn, right? After getting arrested. No, no.
It went from there.
It was like, no, okay.
I'm just going to basically tweet about it.
And I was like, hey, I got raided.
This arrest scared Dylan.
And he stopped hacking for a while after that.
He came home to absolutely no computers.
The police even found the one hiding in a ceiling.
So he just spent some time thinking about this whole thing for a while.
Meanwhile, back in Canada, Dave is still attending University of Toronto and still doing some
hacking. He had a Volkswagen Golf R at the time. He loved that car. He souped it up a lot too. It
looked slick. He wanted to buy a new bumper for it,
make it look even cooler. He found a place in the States who was willing to sell it to him,
but for some reason they wouldn't ship to Canada. Justin offered to have it shipped to his house.
Dave was paranoid about entering the US. He planned many trips there, but canceled them
last minute. But for some reason he decided this time he's
going to go through with it. So David liked this plan. They would ship the bumper to Justin's house.
David would drive eight hours down to Delaware and pick up the bumper, grab a bite to eat with
Justin, drive back. David's father was also in on the plan so they could take turns driving.
David and his father get the family car ready and off they go. They head south from Toronto and go across the bridge into New York State
and they have to go through a border patrol checkpoint.
They stop the car at the checkpoint.
The guard there takes their driver's license and looks at it.
They run it through the computer.
After a few minutes, the guard comes back to the car and says,
What's Xenon?
Xenon?
Xenon was David's hacker name.
This was his online name, his Twitter name, forum handles,
and so much more was connected to this name.
David's heart sank, the blood brushed out of his face.
He was puzzled that this checkpoint guard knew this.
He tried to explain to the guard that it's nothing, and he tried to play it cool.
But before he knew it,
a few men in dark uniforms started approaching the car.
David's dad said,
Something's wrong.
Step out of the vehicle, one agent shouted.
David and his father were whisked into a detention room.
They told his father that his son was not coming back to Canada for a long
time. His father was sad and couldn't believe this and put his head in his hands. David tried to say,
it's going to be okay, dad, but his father couldn't hear him. David was arrested by the U.S. police
and taken to jail. David was taken into custody in a jail in Delaware and there he took a plea
deal to help educate the companies he hacked to show them how he got in. David was taken into custody in a jail in Delaware, and there he took a plea deal to help educate the companies he hacked to show them how he got in.
David was cooperative and helpful at explaining how these exploits were used.
Prosecutors were even a little impressed with how much knowledge he had as a young man to be able to do all this.
Meanwhile, over in New Jersey, Sanad is just trying to live his life.
It was the end of September, and I get a phone call,
and it was some agent from Newark.
And he's like, hey, are you going to be home tomorrow, October 1st?
I was like, yeah. I'm like, why?
He's like, oh, we're just going to come bring back some of your stuff
that we didn't need for the case and blah, blah, blah.
And I'm just like, all right, well, you guys are in Newark.
I'm like, I could totally come pick it up. He's like, no, no, it's, it's no big deal. We'll come tomorrow
and we'll drop it off. He's like, that's our job. So I'm like, okay. So eight 30 in the morning,
my door's getting banged on and they're like arrest warrant, arrest warrant. They sent like
15, 20 agents to come arrest me when I would have gladly went over there and they could have just
arrested me. Like, you know, like self-turnedturned in like I don't know why they went through all that
trouble it it almost seems like they wanted to go out for the ride so they they locked me up that
day they bring me to Delaware to arraign me Sanad absolutely hated being in jail and asked to be let
out on bail he'd rather be put on probation being in jail and asked to be let out on bail. He'd rather be
put on probation or anything. Just he wanted to be out of there. They told him if they let him out,
he'd have to be under strict conditions. You know, at the time I was like, I don't care what the
conditions are. Just, you know, get me out of here. They agree and let him out on probation.
So I meet up with the probation officer in Delaware. He's like, you're going to be on an
ankle monitor. It's going to be GPS monitored. We're not going to do the phone line one because
we want to know where you are at all times. There's no computer access, no internet access,
no internet capable devices, no video games, blah, blah, blah. He's like, you know, you're
going to submit to drug tests and this, that, whatever.
And I'm just like, okay.
Sanad was happy to be out of jail, but quickly lost himself.
Little did I know how hard it would be to completely go from having, you know, internet in your life to not having it at all.
He wasn't even allowed to have cable TV, since that could also be used for internet.
So he got real bored, real quick.
Somehow during this time,
he finally got a copy of the indictment that was against him.
I get a copy of the indictment,
and I start reading about Person A from Wilmington, Delaware.
We all only knew one person from Wilmington, Delaware.
Justin.
Sanad was pretty upset that Justin would do that.
But at the same time, he wasn't surprised since the whole incident at PAX, he's always been very suspicious.
But this solved the mystery of when he was raided that so many chat logs were in his file.
But combine this with the boredom of his probation conditions, things weren't going well for Sanat.
I was literally a prisoner in my home.
It was insane.
So I started kind of losing it a little bit.
I got to the point where I just didn't even want to charge the ankle monitor anymore, and I was just sick and tired of it.
I started losing it. You know, my friends were afraid to come see me and I just, I got so bored and you know, I just, I couldn't live with myself
anymore. So I was just like, you know what? I'm just not going to charge this bracelet anymore.
And I stopped charging it. The first time I get a phone call at like three o'clock in the morning,
it's my pretrial officer. And she she's like you need to plug your bracelet in
and charge it up right now
so I'm like alright whatever so I charge it
and then like a few days later
I decide to stop charging it again
and then April 1st
of 2014
the phone starts ringing
like early in the morning and
I'm like who the hell is calling at this time
I go to the family and I'm like who the hell's calling at this time I go to the family
room I pick up the phone and it's like this one guy's like uh yeah we're the U.S. Marshals and
the New Jersey State Police we have an arrest warrant for Mr. Nashua and I'm like it's April
1st somebody's got to be playing a trick on me I look out the window and there's a U.S. Marshal
standing right there so I open the the door, he just walks right in
and he pulls out the chains and everything.
He's like, you know, you're coming with us.
During Sanad's probation,
David was still in jail.
The police put David in the back of a van
to drive him to court to talk to a judge,
some pre-hearing thing.
But there someone else was in the back seat too.
A 20-year-old white guy.
Lanky, freckled, long hair.
David recognized him.
It was Nathan.
Nathan had been arrested too.
And now all three of them were in custody facing court appearances.
This was the first time David met Nathan in person.
And here they are in the back of a police van.
After Nathan was raided, he was done with hacking.
It freaked him out. And now
that he was arrested on the way to court, it's freaked him out all over again. He wasn't taking
this well. David told him that it was Dylan who took this all too far. Dylan's an asshole. David
even told Nathan, you can rat on me or do whatever because you don't deserve this shit. Let's just do
what we got to do and get out of here. David felt bad for Nathan because of all
the people in the group, Nathan was the least involved and had one of the best futures ahead
of him. The three of them would go in front of a judge many times. This time was just to set bail.
David opted out of getting out on bail, but Nathan did want out, and so the judge did grant him bail.
So Nathan paid his bail and went to live with his parents in Maryland.
He had to wear an ankle monitor at all times and report his whereabouts frequently.
While living there, Nathan grew increasingly paranoid. He was scared. He didn't want to go to prison. He thought he wasn't tough enough for it. He thought he was going to get raped or
murdered there. He was just too much to bear the thought of it. So on June 16th, he clipped off his
ankle monitor and made a run for it. He paid a friend to drive him 400 miles north to the border
of Canada. And there they would try to smuggle him into Canada somehow. They drove seven hours to the
border and they arrived at the checkpoint. And they tried to act as inconspicuous as possible.
Just gonna pass right on through.
But for some reason,
the car was stopped by the guards at the checkpoint.
They're just a few hundred feet from the border.
Canada was so close.
Border guards weren't letting them in though
and started coming to the car.
Nathan panicked and got out of the car
and started running for the border. He was on the
bridge and on the other side of the river was Canada. If only he could get there, everything
would be okay. He ran as fast as he could, even contemplating jumping off the bridge at one point,
but the border guards caught up to him and surrounded him. To Nathan, jail was not an
option at all. So in a moment of total fear and rage,
he pulled out a knife out of his pocket
and began stabbing himself all over,
including the neck, until he collapsed.
Nathan woke up in an intensive care unit in Ontario, Canada.
He had wounds and bandages all over,
but he soon stabilized,
and they took him back to the U.S. and put him back in jail. I can only imagine the deep depression
that Nathan must have felt being there. I mean, it seems like he would rather die than go to jail,
and they took him to the very place he hated most of all. I mean, if you had to pick between jail and death and you got both,
how terrible would you feel?
Such a horror.
Now he has to stay in jail and wait for his court hearing.
David, Sanad, and Nathan were all back in jail at this point,
some of them returning for a second time.
They were all being held in the same jail
but really weren't allowed to see each other nathan i met before dave um they brought him to
put him into a suicide watch room which was on the unit i was in and uh as soon as i saw him like he
looked way different he had a scar on his like on his neck you know close to his like cheekbone almost um i guess
he tried to cut his own throat and his hair was very short like i've never seen his hair short
like that so they had him on suicide watch they wouldn't let me talk to him like a few days later
they sent him to a different unit and then i met dave when we went to go to our plea hearing.
When I walked on the elevator, the first thing he said to me was, hey, Sonic.
Sonic is Sanad's hacker name.
And this was the first time the two of them met in real life.
We both rode on the same van together.
We sat on the same bullpen together.
I mean, I had nothing to say at first.
And then when we sat in the van and started talking, he was like,
you know a person named Justin, right?
I'm like, yeah, I know.
They all waited in jail for about a year for their trial to begin.
The three of them come together for their trial, Sanad, Nathan, and David.
We ended up pleading guilty to a conspiracy, and it was the two charges were unlawful access
to a secure computer network and criminal copyright infringement.
Sanad was worried that he'd have to go to prison for five years,
but the judge told him he only had to serve 18 months in prison.
The judge also told David that he had 18 months in prison,
but the judge gave Nathan 24 months. After Sanad and
Nathan were sentenced, they were put in a holding cell together. Sanad's sentence included time
served, and since he already was in jail for 15 months, this meant he only had to do like another
three months before getting out. That wasn't so bad. Nathan wasn't taking this at all. It was pretty bad.
Nathan was crying like a lot.
I actually felt really bad for him.
I tried to talk to him a little bit,
and he just really didn't want to hear it.
He was very distraught.
David, Sanad, and Nathan were all locked up in prison to serve out their time.
Back on the other side of the globe, in Perth, Dylan was
facing a world of legal battles. I guess I pled not guilty to the sense that they tried to hit
me with everything when there wasn't everything that I did. At the start, they put a lot of false
charges on me. They were saying he had child exploitation material on his computers and other
things that he didn't actually have or do. Waiting for his trial seemed to take forever. He battled with courts for three years.
And what was what was happening was I wanted a trial by jury and they didn't really like that.
But that was my legal right. So this hearing was for it to go from the children's court
to move to kind of the district court.
This, again, delayed all kinds of stuff and caused more complications for the courts.
They basically said, okay, so we're going to move it.
No one really objected to it,
but we're going to take your passport.
And before then, I was able to travel.
I was able to do whatever I wanted.
I was traveling even.
I had no problem going abroad and back.
But all of a sudden, three years later, I'm a flight risk.
And it was an odd way to do it.
And I guess what I didn't like
was I was losing my freedom there.
Because three years later,
you're already past what you did as a kid.
You're not focused on that anymore.
Yeah, so they basically
wanted to take my passport. Within 48 hours,
I had to surrender it.
Within six hours, I was on the way to
Dubai.
Where were you trying to... What was your destination?
My destination
was one of three countries
I ended up with, the Czech Republic.
Yeah. Because that's where
you have some roots, right? That's where I have
citizenship, yeah.
Oh, okay.
So as a citizen, there was kind of, you know,
you can't really be exercised as a citizen.
Dylan's mom was originally from the Czech Republic,
but moved to Perth.
And in fact, Dylan was a Czech citizen.
So he felt safe to hide out there for a while.
At first, it was fine.
No police.
Australian government didn't actually try to come after him.
Hmm, this might work.
Until they eventually actually kind of charged my mother because she was on my bail application.
They charged her with perversion of justice.
His mom was being blamed for driving him to the airport
and giving him money to leave.
Dylan says he used his own money and took a taxi to the airport,
but he wasn't there to testify.
So the jury believed she was guilty,
and so they sent her to prison.
18 months for perversion of justice for not even what was alleged,
but just because, you know, the jury believed.
Dylan's mom
served a full 18 months in prison
and then was released.
She could have had a new trial,
but I guess
it's the sense of you kind of just
want it all done with.
It's kind of a harsh
reality of everything.
Someone's got to go down for something.
Your poor mom, though.
I know.
And for something that she
didn't even do.
She's got to hate you at this point.
What is your
relationship now?
It's great.
It's not bad. I don't think anyone
holds it against me.
I think everyone that sees it is that these police misuse their power.
They kind of abused it a bit further than they should have.
Took it a bit too far.
And that's just how it was.
I mean, if you ask them now, they're not actively pursuing me.
They don't care you know about me like
i i sometimes put it as i'm probably the most unwanted fugitive
since then dylan has never been convicted nor served any prison time for his hacking
nor has he ever returned to australia the place where he spent his entire life living. So I lost,
yeah, quite a lot in this. I mean, yeah, it hits a toll on you always. Now Dylan is living in the UK
and isn't worried about all his past catching up to him. He thinks that enough time has passed,
and if something was going to happen, it would have happened by now. He even gives talks openly
at conferences and discusses what he did. It's weird to me, I know.
But perhaps you just can't catch everyone sometimes.
There were a lot of people in this hacking circle, and half got away.
Dylan was one who got away.
And now that the statute of limitations are up in the US,
which is the only one who really wanted him,
then it actually does seem over.
Currently, he's working as a security researcher in the UK,
and he applies his knowledge
to help find vulnerabilities in other companies. But everything he does is now legal.
100% legal, 100% above board. I keep very good records of conversations, very good records and
logs of, you know, what we access, what we do.
Yeah, somehow he has no fear at all about police coming after him anymore.
Look, I've worked with police.
I'm active in the community.
I go to every single, you know,
InfoSec convention, London, XYZ, you know?
I'm not hiding because I'm not doing anything wrong.
I did something when I was a kid,
when I was a teenager, an underage teenager.
It was wrong.
I learned from that.
You know, don't judge someone on their past.
I think judge someone on their present.
You know, we all do stupid things in our past.
We can't change that.
But we can always, you know, make a better picture of ourselves.
As Sanad sat in prison and looked over his court documents, something didn't add up.
Austin was added to his indictment as a co-conspirator.
He's the one who was doing a lot of hacking with them and then went off to make FIFA coins with Anthony.
Austin was listed as a co-conspirator in the indictment and was also facing charges.
Okay, this makes sense, but something's missing here.
Where was Austin? He was actually
in court, but very briefly, and wasn't arrested and didn't get sentenced, even though it lists him
as a co-conspirator. I kept wondering, like, why Austin never got locked up. His sentencing was
supposed to be around the time I was supposed to be getting released. He never had sentencing.
I never knew that he was bringing in those four other
people on that case there was a separate case going on when austin and anthony were hacking
the fifa game to make coins and sell them they got some people pretty angry and the police went
after austin but austin didn't serve time for that case either. Instead, Anthony and a few other guys were brought to court
for that case. Well, he gave up four people in exchange for his time. And Schizo thinks that
Austin may have bribed his way out of jail. But for whatever reason, Austin was let go,
and Anthony was left high and dry, holding a mountain of legal problems. The courts wanted to convict
Anthony of one count of conspiracy to commit wire fraud. Anthony's lawyers were hopeful that they
could get the case thrown out, because it clearly said in EA's terms that FIFA coins had no monetary
value, so acquiring them and selling them should not have violated any laws. But Anthony had sold a lot of coins, millions of dollars worth,
along with a few other people who were involved.
Anthony was still a bit worried as his trial date got closer,
and after seeing David, Sanad, and Nathan end up in prison,
he got more nervous about what would happen to him.
He had to wait for months for his court date to come.
The waiting was stressful
and depressing for Anthony. By this time, Sanad had been released from prison for a while.
I was talking to another friend of mine and, you know, we're just talking about everything.
And I actually asked him, I said, oh, you know, how's Anthony doing? He still talked to me. He's
like, Anthony's dead. And I'm like, what? And he's like, yeah, he's like Anthony's dead and I'm like what and
he's like yeah he's like he he died I'm like get out of here I'm like he must be joking or something
you know and then I started reading like you know articles online and stuff and it was it was a
reality Anthony died from a mix of alcohol and medication. Those close to him say it was not suicide.
I mean, it still, like, honestly, it still has me kind of screwed up.
Anthony was 27 years old when he died.
It was worth $4 million,
which I'm pretty sure he got that by selling those FIFA coins.
It was that lucrative.
And when the crew learned about Anthony's death and put the pieces together,
they thought Austin probably turned him in.
This created a new sense of bitterness towards Austin.
Well, Austin, I never liked.
I talked to him one time.
I never even knew.
He came into the picture way after me.
I never liked the kid.
Like, it wasn't that I didn't trust him.
I just didn't like him.
At this point, all three of them, Sanad, David, and Nathan, were all done with prison and they were out.
And there was various levels of probation for all of them.
David went back to Canada and still wonders how all this got out of hand.
He just wanted to play around, but things just went too far.
He went back to school and finished his degree,
and he still owns that VW Golf R.
He's trying to build a career in security.
But Nathan didn't have such a good experience after prison.
In fact, the last few years were particularly rough on him.
Nathan's incredibly smart.
Some in the circle even call him a genius.
I really saw Nathan as a very great person. Very talented programmer. Nathan's incredibly smart. Some in the circle even call him a genius.
His family wasn't able to fully pay for his schooling, but during all that hacking, he was going to University of Maryland.
And in fact, Nathan wasn't even hacking that much with the group. You know, Nathan didn't play a big role in it, but Nathan was still part of the
core group at the time. He focused more on school, even though he could barely afford it.
And when they sold the Durango, Dylan gave him a cut of the sales. And while Dylan spent his money getting more computers, Nathan spent his share on something else. He decided to put his
money into his college fees. He was really just part of the family and such a nice guy.
They felt bad that Nathan not only had to go through all this,
but got even more of a sentence.
David even told them back in the van,
you don't deserve this shit.
Ride on me or do whatever you have to.
And while Nathan was out on bail living in Maryland with his family,
he came out and told his family he was gay.
After professing his homosexuality, he lost out and told his family he was gay. After professing his
homosexuality, he lost some of the support he needed, which is another reason he tried to run
for the Canadian border. And when he got caught and was brought back to the place he hated more
than anything in life, he actually came out as transgender and started identifying as a woman.
Nathan began calling herself Holly. To spend two years in prison as a male identifying as a woman. Nathan began calling herself Holly. To spend two years in
prison as a male identifying as a female has to be really, really rough. It's like doing prison
on hard mode. Without the support she needed from loved ones, it must have been horrible for Holly.
It makes sense why she had such a hard time after the sentencing. When she got out of prison,
Holly didn't see a positive future ahead for herself.
I don't know what the situation was, whether she had a bad probation officer or a bad home life situation,
but it got extremely depressing for her.
And you can feel especially depressed if it feels like no one cares for you.
About a year after Holly was let out of prison, she ended up in Fresno, California.
And from there, she met up with another woman, and they decided to do something together.
They got some supplies and checked into a Motel 6, and, well, I'll let the local Fresno news station, KSCE24, explain the rest.
If you can see it right behind me, this Motel 6, now surrounded by police, fire engines,
and Chief Jerry Dyer just briefed us minutes ago.
He says that two motel workers were smelling toxic fumes coming from a motel room,
and this call came in as a possible hazmat situation.
According to Chief Dyer, it's some sort of sulfuric acid.
Also confirmed that there's two deceased females.
There is some type of a chemical making
process inside. There appeared to be respirators on the two females and we're not certain at this
point whether or not this is a murder-suicide or maybe a double suicide or accidental death. While all these people were getting arrested and sent to prison,
Justin, or MTW, or Person A, continued to scam Cisco and Microsoft by requesting replacements
for devices he didn't have. He was pulling in tons of cash doing this too. And somehow he was
doing this under the watchful eye of the feds. But now that the feds caught everyone they were after,
they didn't have a need for Justin anymore. And I think they revoked his free pass.
Justin got arrested and pled guilty to 35 counts of mail fraud and laundering. The court documents
showed that he issued hundreds and hundreds of returns or RMAs
like Cisco 3850 switches and Microsoft Surfaces. The records indicate he made about $300,000
from these scams. Justin is currently sitting in a jail waiting for his sentencing hearing.
He could be facing years in prison for all this scamming he did.
When Sanad got out of prison, he had to go through probation. He had to check with a probation officer and follow strict rules. But he didn't
get along with this probation officer at all. After prison, Sanad got a full-time job and started
going to school full-time, but the probation officer kept pushing him. And she had the nerve to tell me,
you could do more with yourself.
Like, I don't know how much more you want me to do.
You know, like, not many people will work full-time
and go to school full-time as is, you know.
And one of the terms of his probation
was that he would be allowed to use a computer
if he went to school,
but his probation officer refused to let him use one.
You know how hard it is to go through college without a computer?
During this time, the probation officer visits Sanad at his home a bunch of times and checks on him, but he starts just hating how she's treating him.
She just, she kept pushing my buttons, pushing my buttons, pushing my buttons.
Everything that I would ever ask her would always be a no.
And like, for example, like I would want to go down and see, you know, my sister in Virginia
or something and it's no, you know, like she, it could be, she would come up with the craziest
reasons to why she wouldn't let me do anything. It was December of 2015. The whole thing in San Bernardino had happened. You know,
I just started this job at a vapor shop. I'm there for a few weeks and these two guys come in.
So as soon as I saw them, I'm just like, these guys are federal agents. We go to the back room
in the shop and they sit, you know, across the table from me and I'm sitting down and they start
asking me questions. You know, they're like, oh, can you tell us about your encrypted chatting, and, you know,
you're chatting over Xbox Live and PlayStation Network, and, you know, all this stuff, and I'm
like, you know, that's, that's all in my paperwork, and they're like, oh, this is, this is completely
different from the Baltimore investigation, and I'm like, why do I feel like I'm being interrogated?
So, I'm not sure if it's because the whole thing with Dylan, you know, leaking the information
on the special agent and the judge, they wouldn't show me their actual badges with the names
on them, they just showed me their little shields, and then he was like, you know, I'm
agent so-and-so, and this is agent so-and-so, we're from the JTTF, and I had
no clue what the hell the JTTF was, so I'm like, what's the JTTF, and he's like, the Joint Terrorism
Task Force, he says this, my heart literally stopped for a couple of seconds, my mouth dropped,
I was in complete shock, why are these people here? He starts talking about the San
Bernardino thing and like all this other stuff. And I stop him and I'm like, honestly, I'm like,
I feel like you guys are just here because I'm Middle Eastern. Suddenly, Sanad feels like he's
being interrogated as like a possible terrorist. And it really bothers him. Under the Patriot Act,
suspected terrorists can be treated
very differently than regular criminals.
But Sanad's boss stands up for him
as she starts telling them,
hey, he's already served his time
and leave him alone.
So they leave.
But Sanad finds out that the two agents
first had a chat with the probation officer
who told them to go visit him at work.
And this really bothered Sanad so much more.
Like, you've been to my house so many times
and you know I'm not a violent person.
Why didn't you just tell them to come to my house
and talk to me?
Why would you let them come to my job?
So when I confront her about it, right,
and she saw how upset I was,
she had the nerve to tell me,
well, you just need to move on from this.
The pressure from this probation officer
was just growing more and more for Sanad.
It was just too much for him to handle at this point.
Even though he was living at home
and his dad was there for him,
Sanad was in a dark place.
It was a really bad time.
Even worse than prison.
I was depressed.
It was just...
They put me through so much that I was just sick and tired of it.
The pressure was enormous.
The depression was unignorable.
Everyone has a breaking point.
And this was Sinad's breaking point.
He couldn't deal with this anymore.
So he bought some heroin.
Too much for any one person to need.
One night, when the depression got too bad,
and everything was just too much,
he fixed up some needles.
I tried to overdose on opiates, specifically heroin.
He loaded up the needle with what he knew was too much.
And he shot up.
He closed his eyes.
Everything went dark.
He fell over onto the floor.
His dad was home at the time.
Yeah, they heard a thump,
and then they went to my room,
and they found me laying on the floor unconscious.
His father called 911, and the paramedics arrived quickly
and injected him with Narcan,
a medication used to block the effects of opioids.
Within a few minutes, the Narcan kicked in, and Sanad came back too.
Oh, God, it was the most painful feeling in my life.
I honestly felt like I got hit by a truck.
Like, my whole body just felt so sore and achy.
It was an extremely horrible feeling.
They took him to the hospital for treatment,
and his probation officer visited him there.
Sanad asked if she's going to violate him for taking the drugs,
but she told him, no, she won't.
He takes it easy for a while to recover from this incident.
There was a family wedding that my family wanted me to go with them to. And, you know, it was out of state. It was in New York. So I had to get
permission. So I call her up to ask her for permission. And that's when she was like,
we're not letting you go out of state. You know, we're violating you. Mind you,
where I was going was only like an hour away from where I lived anyway.
A violation is bad on probation.
It means you might have to go back to prison or serve some jail time or get more probation.
Whatever the violation was, Sanad was not seeing a bright future for himself.
It got to the point where I was like, well, they're violating me.
I might as well just, you know, just get it as high as possible.
Things started getting really out of hand.
I literally went into the courtroom, like, beyond blitz.
It just got really, really bad.
So they put me in Essex County for three weeks,
and then they put me in a rehab program in Newark, New Jersey,
which, honestly, that place was a complete joke.
It was literally a money mill.
Sanad spends four months in rehab and then gets to come home.
The rehab worked out.
He's feeling clean.
He's got no urges to take any drugs.
He's doing good.
But then he gets sick.
I get yearly bronchitis,
so I coughed so hard one day that one of my ribs snapped and like, it was the most painful feeling I've ever had in my life. I can't even stress how
painful it was. I go to the hospital. So the orthopedist puts me on oxycodone, and I'm on it for quite some time.
And before I'm supposed to get off, I tell the probation officer, I'm like, look, I'm like, I need to go on something like Suboxone or something to slowly come off this.
I'm like, if you guys cut me off this, I'm going to get sick.
People who are on opioids like oxycodone for even just five days
have a high percentage of becoming addicted to other opioids like heroin. And so he asked his
probation officer for help coming off of it so he doesn't relapse. And she's like, no, you're just
trying to use it as a crutch. And, you know, that's all you're trying to do. And her boss
is agreeing with her. He straight up called me a frequent flyer.
So she gives me this hard time and basically they kick me out.
They're like, no, we're not doing it.
Of course, I get sick.
And the only thing I knew that would take away that feeling was more opiates.
Oxycodone is not very easy to find on the street.
The only thing I knew what to get was heroin because that's the easiest thing to find in New Jersey.
So Sanad begins doing heroin to get his fix.
But soon after that, the probation officer finds out he's on it.
She shows no sympathy for him
and brings him directly to court to see a judge.
When I went to court, the judge was like,
I understand you broke your rib and I know how painful that could be,
but I'm doing this to save your life.
And then she gave me nine months in federal prison and another year of probation.
Sanad serves his nine months in prison,
which he has many more stories about being in the shoe and other issues that went on there.
When he gets out, he gets permission to move to West Virginia to live with his sister.
Perhaps a change of scenery will help him serve his probation better.
Honestly, my probation officer down here is awesome.
She does not bother me.
She's basically like, look, just pass your drug test.
Don't catch any new charges.
Don't use any unauthorized computers.
We're good.
Yeah, so tell me about your computer usage today.
What are you allowed to use computer-wise?
The smartphone that I'm talking to you on,
and it has monitoring software on it.
For the last eight years,
Sanad has not been able to use any technology
other than this phone he's allowed to use.
And no video games at all.
No video games for eight years.
But in August of 2019, just last month,
his probation was done.
He served all his time.
And now he can go and play video games if he wants.
He said that on midnight of that night,
he was going to go play Halo.
In case you're wondering how I made this episode, Sanad's phone sucks.
And since that's all I could talk to him with, I found a person in West Virginia to help.
Her name is Diane.
She had a mic and was willing to record this interview for me.
I appreciate Diane's patience.
No problem.
I'll let her know.
He said he really appreciates her patience.
Oh, and Sanad?
He's been sober for a year now and feeling much better about life.
So, all this brings us
to today. Wow,
what a magical time to look back and see what
the Xbox had to go through to become what
it is today. The Xbox hacker
scene in the 2010s was a special
era to be part of i really don't
think something like this will ever happen again of how fucking wild and insane it was it was
anarchy why wouldn't it happen again on the console side shit's locked down like a motherfucker now
well that's because someone ruined it yeah we did thanks MTW
no but I mean
as I said
the overlap of groups and
communities and stuff like that
the wild west that partners
now it was
things now are on the wild list
and stuff like that security
is taken to a different level
there are no
there's no at least on the There are no, there's no,
at least on the Microsoft side of things,
there is no dev kits anymore.
There's no specialty or proprietary made units anymore.
Security is a huge, huge focus now, and rightfully so.
You know, it's been how many years
since the Xbox One has been released
and you don't really hear of anything being done.
Not to say that there isn't work being done in the background.
I'm sure there is.
But it's not public.
You don't really hear much of anything public.
From what I've heard, it's a very tight-knit group.
And even at that point, not much is being done progress-wise that is worth a shit.
Let's put it that way.
If I'm wrong, so be it.
But this is what has been conveyed to me.
You've been listening to Darknet Diaries.
Thank you so much to Sanad, Dylan, and Schizo
for sharing this amazing, incredible story with us.
You guys are unbelievable.
And oh yeah, Bunny, thank you too.
Think this story is too crazy to be true?
Well, this was actually the cover article for Wired magazine
back in the May 2018 issue,
which was written by Brendan Kroener.
So thanks, Brendan, for all your work you did on that story too. But you you can also go to darknetdiaries.com, where you can see links to
news articles, photos, indictments, and all kinds of court documents that I had to meticulously comb
through to fact-check the story. And amazingly enough, it all checks out. Hey, Dylan, I heard
you got harassed by a vendor once and got kind of shoved and pushed around. You want to tell us that
story? Okay, yeah.
Where do we begin?
Oh, actually, wait. Let's
do this. That'll be a bonus
episode that will be available for
Patreon users in a few weeks.
So if you want to hear that story, go to
patreon.com slash darknetdiaries
and look for it in a couple weeks.
This episode was created by me
the best warthog driver you ever did see yee-haw jack reciter editing assistance is from my personal
cortana damien the theme music and other songs for this episode was created by break master chief
cylinder What, what, what? Ah, oh my God!