Hacked - The Escobar Phone and Imaginary Flamethrowers
Episode Date: August 2, 2025We unpack how a Swedish entrepreneur used Pablo Escobar’s name to sell fake phones, flamethrowers, and crypto — and how a viral scam built on influencer hype finally came crashing down. That and o...ther stories. Hacked is brought to you by Push Security, check them out at PushSecurity.com Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
First thing I want to talk about is a Swedish entrepreneur who licensed the likeness of
deceased drug kingpin Pablo Escobar in order to sell imaginary flame throwers.
Cool.
Cool.
I don't know anything about that, but it sounds fun.
As names to license for a consumer electronics internet fraud go, Pablo Escobar is both
really weird and kind of a perfect choice.
For anyone who is unfamiliar, Pablo Escobar is the colonial.
Colombian drug lord who founded and led the Medellín cartel. At his peak, he was smuggling hundreds of
tons of cocaine into the U.S. was one of the richest criminals in history and essentially ruled
parts of Colombia. He had a lot to do with crime and very little to do with folding phones.
He is, importantly for this story, dead and had been for 26 years prior to the start of this new
enterprise. Alive is his brother, Roberto de Jesus Escobar Gaviria, one of our two,
two protagonists. The other, Olaf Kiroz Gustafson, a Swedish businessman and entrepreneur.
Olaf saw an opportunity to leverage the creator economy, the Escobar name, and a tapestry of mail
and wire fraud schemes in order to facilitate an elaborate, influencer-boasted consumer tech scam
that came to something of a head this past week when he pled guilty to six federal charges.
We've got a few different stories to talk about this episode,
but to start, I read a bunch of court documents on the plane, so now we've got to talk about
the story of the Escobar phone.
Here on Hacked.
How you doing, Scott?
Good.
How are you, Jordan?
I'm doing good.
I'm keeping busy.
I'm keeping moving.
I'm reading court documents on airplanes.
I'm thriving.
I just got back from a set of airplane rides myself, and I did none of those such.
I had known nothing about this case, and I'm excited for you to explain it to me.
It's pretty good.
It's a lot. It involves some like internet celebrities.
What is, I would say, a pretty obvious scam from the outset, but with some really interesting
characters in the middle of it.
Later in the episode, we have like an interesting deep technical infrastructure story,
but this story concerns flame throwers.
So we just kind of have to start with it.
I got the impression from the intro that this is a lot of trading on the family name.
Yeah.
Yeah.
It's a lot of trading on a lot of names.
is kind of what makes it interesting.
It's much more of like an internet culture, wire fraudy type story than a pure cyber
crime story, but it's also still a cyber crime story.
But this isn't like the Elon Musk flamethrowers?
These are like different flamethrowers?
Sort of.
Okay.
It definitely involves the Elon Musk flamethrower.
Oh.
Yeah.
So there is a connection there because it's fraud.
There's a lot of connections to legitimate things that have nothing to do with
this very illegitimate operation, which we're bringing to the people, of course, brought to them
by push.
Push security.
More on them later.
More on them later.
Okay.
So you're unfamiliar with this, which makes this really, really fun because I get to start by telling
you about how I got into this story actually five years ago now at this point.
Early 2020, when we were all stuck inside watching a lot of YouTube unlike now, I,
along with millions of other viewers watched as tech reviewer marketing.
Marquez, MKBHD Brownlee, uh, peeled a cheap golden decal off of a brand new Escobar Fold
2 phone to reveal a Samsung logo underneath.
The Samsung Galaxy Fold, it's a book style folding phone, is worth about $2,000 US
dollars.
This device was being promoted as a $399 foldable smartphone, quote from Pablo Escobar's
family.
Immediate red flags.
And it was gold.
And it was gold.
and it was a Samsung phone wrapped in gold.
Even deckle, it's a sticker.
It has a sticker on it.
It had a gold sticker.
It had a big old gold sticker.
They tried.
They shipped it to Marquez Brownlee.
He made a video about it.
He called this very early on.
He was actually contacted by the FBI regarding the story.
Go check out his little string of videos about this.
We're going to take a different angle on it, but they're totally worth a watch.
To dig in a little deeper.
Escobar Inc.
The corporate entity at the heart of the
this story presents itself as the official corporate heir to Pablo Escobar's empire.
According to federal prosecutors, the company actually did hold a legal right I was
unfamiliar with.
It's something called successor in interest rights, which is like the right to Pablo
Escobar's name and likeness, a legal license to profit off of the late narco
traffickers identity, basically.
Infamy.
Infamy is a better word.
Roberto de Jesus Escobar Gaviria, Pablo's older brother,
founded Escobar Inc.
And claimed to sort of like,
this entity exists to manage Escobar family's assets and intellectual property.
It was formerly registered in Guyanabo, Puerto Rico in 2015.
So registered in a U.S.
territory while Roberto remained off in Colombia.
Important for later.
These assets were largely oil barrels full of cash buried throughout the desert,
correct?
He'll never tell.
It wasn't until Swedish entrepreneur.
Yeah, that sounds right.
It wasn't until Swedish entrepreneur Olaf Gustafson, otherwise known as El Salencio, I never did find an explanation for that nickname, came on board to the company as CEO.
And it is at that point that Escobar, Inc. really started to cook. Gustafson, then in his early 30s, became the very, like, flamboyant public face of the company.
under his tenure, Escobar, Inc. shifted from that kind of intellectual property successor
and rights holding company into basically a company doing a series of outrageous publicity
stunts, trying to harness the influencer and creator economy.
To go through a couple.
They got in a fight with Netflix demanding a billion dollars for what they alleged was
unauthorized use of Pablo's story in the TV series Narcos before abruptly dropping the claim.
An aside, great show.
Totally worth watching.
Mm-hmm.
concur.
This is foreshadowing and speaks to something you brought up.
In 2019, Roberto Escobar and Gustafson made headlines by accusing Elon Musk of stealing their flame thrower design.
This is pretty rich, given where this is all going.
They threaten to sue Musk's boring company unless they got a $100 million payout for context.
Musk, as you alluded to earlier, sold a $500, quote, not a flamethrower.
Is this essentially like a novelty gadget?
This is a flamethrower.
And Roberto claimed he had the idea first.
Sure.
Sure.
Just the idea of flame throwers.
I have lots of ideas.
Should I sue people that actually execute them?
Well, if you want a really banger publicity stunt, like kind of apparently you should.
Because this in a weird way worked really well until it worked very, very poorly.
That suit went nowhere.
That same year, Escobar Inc.
launched a $50 million crowdfunding campaign to quote, impeach President Trump,
which was promptly shut down by GoFundMe because there are some things, no matter how much
you might want to, you just can't crowd fund.
Behind these, like, big carnival Barker press releases, and I guess kind of their purpose
was Gustafson's real master plan, which was an international fraudulent e-commerce
operation that would lure thousands of buyers with impossible deals on exotic tech toys.
Gustafson would later admit in court that he and his co-conspirators deliberately, quote,
identified popular products on the market and then used that Escobar name and likeness to
create these absurd publicity stunts to reliably get press to function as an advertising channel.
Smart.
For his real product, which was outlandish, obvious knockoff sold in plausibly low prices.
Not so smart.
Less smart.
Let's smart.
Inviting some mail fraud charges, as we will see.
Across all of these, and these sites are, you can,
find them in the wayback machine, you can find them archived. They're all very interesting
to look at because they're taking this like photography and iconography of Pablo Escobar and the
Medellin cartel and they're sort of just trying to transpose it over onto electronics and gadgets and
all that kind of stuff. So it's very difficult. People spend lots of disposable income on.
Exactly. None of which were being manufactured. As the U.S. Department of Justice later summarized
Gustafson, air quote, sold all these Escobar-branded flame throwers and phones and took all the
payments for it, but never delivered the products because the products never actually existed.
Only dummy units and a lot of YouTube hype.
To fuel demand for the fictional gadgets they weren't really selling, Gustafsson seeded the tech
press with dummy units.
So the average buyer would never get their Escobar phone or their flame thrower.
Escobar Inc made sure that a handful of really high-profile tech reviewers did,
or at least something that would kind of seem convincing on camera
until you peeled the gold decal off revealing the Samsung logo underneath.
Gustafson later in those core documents admitted he mailed the line was crudely made samples
of the supposed products to online tech influencers, quote,
in order to attempt to increase demand among the public.
It's like we didn't take the time to make less crudely made samples.
We just wanted to like bang it out and send it out.
It's really, slap the sticker on it, put it in a box, mail it away.
I, so the thing I never got to in all of this was how the relationship between Olaf and
Roberto started.
I don't know where he would have come from.
I have to, like, this is purely speculation.
But I really do wonder if it was just like a Swedish grifter came to the brother of Pablo
Escobar and said, I have a really crazy idea.
Can I talk to you about it?
Yeah.
And the idea being, let's get to grift in.
Let's get this grift going with some tech influencers and see if we can sell some fake folding
phones, which is, we'll start with that product. There was the Samsung Galaxy Folds. They were
wrapped in this gold foil. They were sent out. They called them the Escobar Fold 1 and 2. It was
Roa Flex Pie and then Samsung, Marquez Brownlee, Mr. Who's the Boss. The biggest names in
tech I'll cover this because it was obviously a scam. They talked about it obviously being a scam,
but if you get that message out in front of that many people with any ambiguity as to whether
it's a scam, some small subset of them are going to basically roll the dice on saying,
well, maybe I lose $400,
maybe I get a folding phone out of it.
They would not,
but that was kind of,
I think,
the arithmetic that was going on here.
To me,
it sounds like bad arithmetic.
Mm-hmm.
Like,
it sounds like if you really wanted to like,
like if they had made not a crudely put together prototype,
if they had spent $10,000 and had like a decent prototype put together,
they could have converted instead of a fraction, like three standard deviations from the mean,
they could have might have, you know, had a few standard.
Like if they brought in one more chunk or one more standard deviation,
they would have, the fraud would have been massive.
So a $10,000 investment might have returned millions instead of hundreds of thousands.
Yeah, if you and some prominent people in recent months have, I think, done a version of this,
If you were to go on Alibaba or Alibaba or Alie Express right now, you will find white label phones.
You can go to a phone manufacturer that makes a perfectly serviceable entry level Android phone.
And they will customize it.
They'll put your logo on it.
They'll put whatever software on it you want.
But they'll make you a real phone and sell it to you for not that much money with a relatively low minimum order quantity.
But that would cost more than $2,000 and some gold foil.
And this isn't that kind of an operation.
One barrel of cash from the desert would have made this way better.
Well, Scott, the bad news about the barrels of cash is it seems they all burned them as evidenced by the press release for their other product, which was the Escobar flame thrower.
This was back in 2019.
It was marketed as a $249 propane in the style of musk, not a flamethrower.
It was a, it was marked as a mainstream tactical toy modeled after the musk design who they were in a lawsuit with.
It's all very sloppy.
But the line from the press release that I bring this up because of is, quote,
I want the people to be able to burn money like me and Pablo used to do.
I burned probably a couple of billion dollars.
The Escobar Inc.
Flamethrower will sell out very fast.
Sure.
Sure, dude.
I just, I really like that.
Like, it's such a weird flex to be like, I burned billions of dollars.
And it's like, clearly you shouldn't have.
Yeah.
Because now you're shilling fake flame thrower.
Like,
totally.
Maybe you shouldn't have done that.
Yeah,
maybe you should have
kept at least one of those
billions.
Yeah.
And then you wouldn't be
trying to commit the worst
tech fraud.
Just the jankiest
tech fraud I've ever seen.
He's got the flame.
Sorry.
No,
I was going to say,
I do love that their,
their marketing strategy
is like just wickedly
underpriced them.
Mm.
It's like,
you'll,
like,
we'll get more people
that'll just roll the dice
if these are like 80%
less than they should be.
That's all it is.
It's,
it's some tiny subset
of people will do the gamble.
Yeah.
They'll go, this seems like it's probably a fraud.
But it is literally being done by the Escobar family.
Like, but maybe I get a, there was this sort of meta narrative that they're like, yes,
these are Samsung products.
Yes, these are preexisting products that were re-skinned.
But it was always framed as like, oh, these were basically off cuts from the manufacturer.
There was some marginal thing wrong with them, but we've checked it works.
And that's why we're selling it for so cheap.
It's a fire sale brought to you by Escobar Inc.
Sure.
It's like the winners of the winners of tech goods.
Exactly.
Or Rosses for the American listeners.
I didn't know that winners was Canadian.
Yeah.
You do now.
Who knew?
Flamethrowers.
Folding phones.
They did it with the iPhone, same basic grift.
They also tried to get into crypto, like 2021 peak of it.
You can really see what was going on.
Escobar coin.
Escobar Cash.
It was built as the world's first physical cryptocurrency.
They promised like they were going to do a gold tinted coin that would merge the two.
This one seems like for as much as the folding phone was nothing, this is somehow
less purely made up from what I can tell.
I feel like in the 2020 meme coins, like just Escobar coin put out by the Escobar family
would have just in itself somehow memed itself to a few billion dollars.
Yeah, honestly.
There's a version of that that would have done quite well.
If he had just gone all in on a good old fashioned rugpole on a meme coin, would have made probably a lot more money.
And based on the level of enforcement occurring right now, probably would have got away with it, Scott Free.
Yeah, like if Hawk Tua can do, like, I don't know what the full, the rugpole value on the Hawk coin was.
But like if that, I feel like the Escobar name carries more, you know, societal clout than Hawk Tua does.
Well, Hawk 2 is a cultural institution, but I take your point.
Yeah, I mean, as Coffeezilla, great YouTuber, everyone check them out,
says right now regarding crypto crimes, it's crime is legal.
He's making T-shirts to just say crime is legal now.
And that seems to be the case.
But selling fake phones and wire fraud, that type of crime seems to not be legal.
So he makes this fake crypto.
He makes this, they don't make them.
They're selling and marketing this fake, like fake.
flame thrower, the folding phone, the iPhone, the digital coin thing.
They're using this dummy unit YouTube hype thing to get it out in front of a ton of different
people.
Meanwhile, Gustafson is also orchestrating a series of stunts in the traditional media.
He's sending out these press releases that are just like, like cartel fanfic, basically.
Like they're talking about literally burning money in the jungle type thing and so can you.
it was all just really outrageous and quotable and over the top and newsweek and all these big outlets
start covering it,
amplifying the story and increasing that surface of people,
some tiny subset of which one roll the dice.
Exactly.
Making that funnel big.
That's a great way of thinking about it.
Just every one of these press releases makes that funnel bigger.
And behind the scenes, Gustafson is starting to work on like the next phase of this con,
which is designed to keep the customer's money, even as the truth starts to be
become apparent to people what's occurring here. Eventually, everyone who pays for one of these products
notice that nothing is arriving. Time goes by. There's no flamethrower in the mail. There's no foldable
phone on the doorstep. People start asking for refunds. Rather than ignore customers entirely,
Escobar Inc. used a tactic to trick payment processors and stall chargebacks. They did send something
to the customer, just enough to record a shipment in the system. According to the court filings,
instead of shipping the actual merchandise,
Gustafson would mail customers an envelope
containing a, quote, certificate of ownership.
Basically, just like a little cheap booklet that they made,
some pieces of promotional material.
The certificate, just like a little glossy thing
saying that the customer now, quote, owned an Eskimar product,
maybe promising that it's under production.
Importantly, these mailings had a tracking number
and delivery confirmations.
So, when the angry customer demanded their money back
because they didn't get a folding phone or a flamethrower, they got a piece of paper.
Gustafson fraudulently pointed the payment platform to the mailing record as proof that the product had been delivered.
In other words, he used that shipping tracking number for a worthless certificate to contest the refund requests.
PayPal, Visa, MasterCard, Clarna, a bunch of other payment processors were shown a postal receipt.
And this was typically enough to deny the customer's refund.
Mm-hmm.
Smart in a criminal way, but also more fraud.
More fraud, very shrewd and smart in a very short-term way, because this is a very trackable thing,
because you're going to have this giant paper trail of refund requests, complaints.
It's pretty easy to piece together what happened here.
Buyers are not happy.
They got the package.
Where's the flame thrower?
By the time they figure out the certificate is a scam, they might have figured it out a little
earlier, but that window for chargebacks is closed.
the dispute has been decided against them.
The scheme was very effective at thwarting people's attempts to get their money back.
Courthouse news later observed that, quote,
the vast majority of hundreds of people who paid for a non-existent Escobar
Flamethrower and never got their money back.
It got so bad that PayPal eventually terminated Escobar Inc's account after realizing the pattern.
But Gustafson had a panoply of other payment processors that he was using.
There's just so many of these.
It's like, oh, PayPal knocks out.
Just go over to strike.
Yeah.
Oh, MasterCard.
Can you go over to Clark.
And at one point, they started taking cryptocurrency payments, coin base, coin payments,
like just taking money wherever they can get it.
So they should have just instituted that all refunds would be an Escobar coin.
And you get like a quarter wrapped in gold foil.
Exactly.
But the market value of which is whatever we dictate it to be.
Precisely.
Yeah.
It's worth small fortune.
Gustafson, meanwhile.
So Escobar, Inc. operating from outside the United States, targeting largely U.S. customer base.
Meanwhile, Gustafson himself is documenting his life on various social media platforms living
like a then pretty high roller lifestyle in Dubai's luxury hotels in European beaches.
Mm-hmm.
Mm-hmm.
U.S. investigators, while he's posting all this content, are starting to trace how this money is
flowing around.
And it turns out that Gustafsson and his co-conspirators had this, like, I mean, to use a word
you used earlier funnel accounts in a bunch of different countries to collect and disperse
the proceeds from this scam. According to the Department of Justice bank accounts were opened in the
U.S., Sweden, UAE, under Gustafsons' name and shell companies that he controlled. A victim in
LA, for instance, might pay $250 via PayPal for a flamethrower. That money quickly gets bounced all over
the world to an Escobar bank account in Sweden and wired to an account in the UAE. Good old
fashion money laundering. I feel like there's another world where they actually just
built the flamethrowers in Mexico or some other country where the cost of goods sold would be
half of what they were charging. And then they would have actually made a successful little
trade business that produced things and sold things. Yeah, they kind of made the mistake of trying
to layer two different scams. And one of them isn't even really a scam. Like you can send out
outlandish press releases piggybacking on the Escobar name, which as we establishes,
established in the intro, you hold the legitimate legal right to do.
So if you just made like a crappy Android phone and sold it as an Escobar phone with all the crazy iconography,
let's say you get 80% of the news coverage without the price fraud.
Yeah.
You just, as you said, you have like a little weird novelty tech business that probably over time would make about as much money as this ended up making in a shorter period of time.
Totally.
I don't know why he didn't do that.
Because now it's going to jail.
I can't remember what the boring company sold the
Flamethrowers for.
I want to say it was like 600,
maybe.
It was $4.99 if I'm...
499.
So, yeah, so I feel like,
and that's going to be over-engineered Elon must-stuff extra thing.
Like, he did it.
Like, Elon did it as like a...
It sold 20,000 of them.
It was like a novelty tech thing.
Yeah, yeah.
It was a fun press cycle.
Totally.
It was, yeah.
Just a little cash generation.
And I'm sure Elon profited probably
decently off of each of those.
And if these guys had just taken one more month,
of like, hey, we need somebody to replicate this exact thing.
They probably, and like I doubt Elon Musk would have sued them.
He probably would have given it.
I can't swear anymore.
He probably wouldn't have cared.
And the...
Maybe we just curse on this show.
Maybe we just curse.
No, no, they've got to think about the children, Jordan, the children.
The children love cyber crime.
The cool ones do.
The cool kids.
Hactors for the children.
over 307,000 US dollars was wired by Gustafs and out of the scheme's accounts between
December 2019 and June 2020. So just in a six month random, in a random six month period during
this multi-year heist, made about 300,000 US dollars. This stolen cash was just being like
taken out. And it seems like enjoyed in real time on the dumbest stuff imaginable. He's not
keeping the money. It seems like he was sort of just getting it and spending it as fast as
he could on this like string of luxury penthouse hotel rooms and just like fleeting stuff that's
gone as quick as you got the money living for the moment but the the thing figuratively burning it
in the barrels.
Yeah, figuratively burning in the barrels.
The 307 grand is not like that goes pretty fast if you're doing like Dubai penthouses like
weeks.
That's a massive windfall and a crazy amount of money.
But if you're spending it like an idiot and it's illicit and law enforcement's going to come for you,
I was like, I don't think this.
Yeah, yeah, yeah.
You got to think about the legal bills.
You got to be saving for the legal bills.
You got to think about the opportunity cost of being in prison for several years.
Like you got to like amortize that amount out.
It ends up being more than that.
But that was just a six month chunk.
What's the, what's legally what's going on?
Sentencing.
Yeah.
So by 2021 and 2020.
this like trail of fraud had gotten the attention of U.S. federal authorities, IRS is looking at it,
FBI are looking at it, FDIC is looking at it. This sounded like a huge pain in the butt to untangle.
Europe had to get involved because that was where he seemed to be operating out of,
Eurojust, their agency. They get involved in all of it. November 21st,
2023, a federal grand jury in Los Angeles returned a blistering 115 count indictment
against Olaf Gustafson. It charged him with conspiracy to commit wire fraud.
fraud, engaging in transactions with criminal proceeds, a bunch of stuff, 115 of which I am not
going to list here and now.
Yeah.
But basically, every aspect of the scheme from the initial influencer lying to handling
of the funds was covered by another discrete criminal charge.
Notably, despite references to co-conspirators, Gustafson was the only person named
by that time, Gustafsson was hiding out in Marbella, Spain, thought he maybe, I don't know if he
thought or didn't care he was out of rank.
of U.S. law enforcement, but they have extradition laws there.
Totally.
Yeah. Spain's not the place you go and you're on the run.
On December 4th, he's arrested by Spanish law enforcement taken into custody.
Spanish media noted he was also suspected of an unrelated art smuggling case.
It hadn't come up before.
Hasn't come up again.
A true Renaissance man of selling stuff he didn't own.
Yeah, exactly.
Over the next year, U.S. officials worked through like diplomatic and legal channels,
bringing El Salencio to justice.
this. Gustafson gets brought over to the U.S. He arrives in LA in March 20th, 2025. He's under
arrest by U.S. Marshals. Ed is arraignment. He pleads not guilty. The trial set. He ends up
pleading guilty. July 18th, the reason we're talking about this now, Gustafson chose to strike
a plea deal in front of the L.A. District Court judge pleaded guilty to six felony counts.
Basically, he admitted to the core of the scheme, which was defrauding customers via wire
communications like the internet payment and ad system that we talked about.
Yeah.
Using mail and furtherance of all that.
In the plea agreement, a 31 page document, Gustafson confessed that from 2019 through
23, he ran Escobar Inc. as a fraud front, never delivering the advertised products
to paying customers.
He acknowledged the dummy units.
In the end, hundreds of victims were left without nothing for the money they sent to
Escobar Inc.
Total intended loss said the scheme topped out about $1.3 million.
A significant sum, considering it was effectively stolen like two to $500 at a time.
Like it's a big number made out of that small number.
And while a huge amount of money, I don't know if it's worth this much heat,
no.
Well, the thing that lands at me is like 115 charges, the legal operation to execute that
probably cost more than $1.3 million.
So, like, literally his real crime is, like, that against the people and the tax paying,
you know, the tax base, because it probably cost $20 million to persecute him,
to which he then copped a plea and is probably, yeah.
Yeah.
Yeah, if he, as I said earlier, if he tried to just run a influencer marketing-based novelty tech
business using the Escobar name.
A lot of people wouldn't have liked that, but he probably would have made a lot of money.
If he had tried to just do fraudulent, like, if he'd just done mail fraud, he probably wouldn't
have had a consortium of different international law enforcement coming down in him,
because the Escobar name wouldn't have been involved.
There's something about like,
totally.
Using this like criminal, like this name that means so much to so many people
as a means by which to sort of like spit in law enforcement's face.
a little bit. And it's like, oh, if you put those two together, they're going to get really,
really mad. They're going to spend a lot of energy in coming after you. So, so if he just made a
product business, he probably would have been successful. If he'd just wanted to be a fraudulent
criminal, he could have just done meme coin rug poles and made way more money. That too.
So really what it sounds like is he wasn't that smart. You know, I don't know what's going on inside
of his head, but I'll say he didn't do it. He didn't do it as nearly a good job at crime as the
Escobar name with did he borrowed.
I'll say that.
That's true.
Yeah.
That's true.
He pleads guilty, probably gets some leniency.
Um, I mean, he did.
The government, you know, dismissed the remaining hundred plus charges.
They started at 115 and he confessed to six.
There's a sentencing hearing schedule for December 2025.
We'll check back in on the story then.
He faces a statutory maximum of 20 years in federal prison for each fraud count and up to 10
years for each money laundering count.
That is the sake of the Escobar phone.
I wonder, I wonder how hard they come down on them because, like, intent is a big thing.
And his intent was clearly to just do fraud.
Like, it wasn't like he slipped up and, like, took a wrong turn.
And, like, then was like, oh, my God, I'm, like, have to, like, you know, compensate for this loss.
And now I'm committing, like, some basic white-collar crimes and, like, cooking the books.
It's like, no, this is a person who is like, yeah, I got access to this.
this like notorious name and I'm going to use it to commit fraud under.
So it's like I wonder, I wonder how lenient they will actually be.
I'm curious to see where that goes.
I don't really know what it means or what it does to put this guy in jail forever.
I, I don't know if he's the kind of person to try and run this a second time remains to be
seen.
It's just really fascinating to think back to that MKBHD video in 2020 where I and a lot of
learned about this weird thing for the first time.
And just to see where it went from there, which is a saga that shows the power of,
I would say, creator economy and influencer marketing.
Kind of reminds me a bit of the honey story we talked about in a previous episode.
Where it's like you're leveraging that economy for your own gains.
Honey obviously wasn't, you know, pure fraud.
No, no, no.
But.
Yeah.
worthy of criticism, not a fake flamethrower company.
Exactly.
Very, very different things.
Very different, like, insubstiation, but also, like, kind of similar.
And I feel like we're only going to see more and more of that stuff.
Oh, yeah.
Yeah, the more and more that that, like the, even ourselves, like, we get enough criticism
for the ads that we choose to put on this podcast.
It's like.
Yeah, which are very boring boilerplate brought.
to us from an advertising network kinds of ads.
Totally.
Like there is a whole, wherever you feel about there being some ads in the middle of a
podcast, there is this other corner of the inbox that you possess when you make a show
that is just sort of a black hole of crazy fraudulent nonsense.
Yes.
That shows up to you every single day.
And it's interesting to know that probably at some point, and this is me speculating,
but like the Eskabar Inc at some point received such an email from,
I'm assuming a Swedish guy named Olaf.
And this is what that has wrought.
Yes, I concur.
I've got a great idea.
We should have a,
have a quick Google chat about it.
Totally.
Make me CEO of your company.
That guy's got to be so good on a call.
Oh, yeah.
Like, trust me.
make me CEO of this. I have an idea.
Like, let me cook. We're all going to be rich.
We're all going to be rich. Like, I want to see. Yeah, totally. I want to see that slideshow.
Let's get back to the days of burning billions. Yeah, totally. Do you want more billions to burn in
barrels? I have a flamethrower you can do it with, except no, I don't.
Good, good stuff. Should we cozy up into the ad break?
Speaking of, yeah, let's go over and read some comparatively very, very boring advertising.
And when we get back, we're going to chatty chat about a couple of different stories.
If you're into that, we'll catch you on the other side.
Identity attacks, fishing, credential stuffing, session hijacking, account takeover.
These are the number one causes of breaches right now.
But most security tools still focus on endpoints and networks and infrastructure.
And meanwhile, the browser, the place where all that stuff is really happening where people
actually work, that's been mostly ignored.
Push changes that.
They do.
They've built a lightweight browser extension
that observes identity activity in real time.
It gives you visibility into how identities
are being used across your organization,
like when logins skip multi-factor,
when passwords get reused,
or when someone unknowingly enters credentials
into a spoofed login page.
Then, when something risky is detected,
push enforces protections right there in the browser,
no waiting, no tickets, no compromise.
It's visibility and control directly at the identity layer.
And it's not just about prevention.
They monitor for real-time threats like adversary in the middle attack,
stolen session tokens, and even newer techniques like cross-IDP impersonation,
where the attacker bypasses SSO and MFA and registers their own identity provider.
Think about it all taken together.
It's sort of like endpoint detection response, but for the browser.
Yeah, and the people behind it, amazing.
All offensive security pros, published tons of research, came on our pod, talked about their
software, their backgrounds, their everything. They break down exactly how these things work.
And yeah, they are great. So definitely check it out. Identity is the new endpoint. And push the streeting
it that way. Check them out. Pushsecurity.com. That's pushsecurity.com.
Think about the last time you heard a breach story on this show. It always starts the same way.
Someone somewhere saw something too late, an alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground up for a world where attackers are already using AI.
They created the Aurora superintelligence platform, a fully agentic system powered by the swarm of experts.
Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic agents that handle whole entire workflows.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything trustworthy.
And all of this is just off running on their secure operations graph.
A constantly updating intelligence engine fueled by more than 9 trillion telemetry events every week
and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora agent SOC.
It's the first SCC that is agent led by design.
You get agents that coordinate, agents that investigate, agents that respond at machines,
speed and hundreds more that automate the repetitive work that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model. They rebuilt the model entirely.
What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven
decision reflects your environment instead of generic assumptions. The automation frees your
concierge security team to focus on higher value strategy and proactive risk reductions
while the agents handle the grind.
If you want to see what trustworthy, production-ready AI and security operations actually looks like,
go to arcticwolf.com slash hacked.
Ever feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turned defenses on their head.
Organizations around the world saw headlines they never expected and cybersecurity teams
were tested like never before, but here's the thing.
These incidents aren't just news headlines.
They're learning opportunities.
And that's why Arctic Wolf is hosting a live webinar on February 5th,
diving into the most impactful breaches of 2025.
Their field CTO and security leaders are going to unpack not just what happened,
but why these attacks succeeded.
And most importantly, what businesses can do to fortify their defenses for it's too late.
You're going to walk away with real insights into how threat actors are evolving,
how defenders are responding,
and what strategies can help you,
ahead of the next big breach.
It's not fear mongering.
It's practical, actionable, intelligence from experts in the trenches.
Register now at arcticwolf.com slash hacked.
And we are back.
Welcome back, Jordan.
Welcome back, Scott.
That's the chatty chat corner.
What are we going to start?
Should we start in the Philippines?
I think we should probably start in the Philippines because a much more technical,
but very interesting and very kind of urgent story, sort of popped off.
recently, specifically on May 29th, 2025, when the U.S. Treasury sanctioned Funnel Technology,
a Philippines-based company.
Funnel, and we'll dig into this a little bit more, the charges are that they were supporting
hundreds of thousands of fake crypto investment websites tied to a widespread kind of genre of scam
we've talked about in the show before called pig-butchering.
The Treasury also sanctioned Liu, Steve Ligie, a 40-year-old Chinese National and Funnels's
alleged operator.
Ligie is linked to scams causing over much bigger number than the first story,
$200 million in losses to Americans,
fundals infrastructure power,
the majority of scam sites reported to the FBI.
They were essential.
It's insane.
That's,
it's,
I like this from a law enforcement perspective where they've not just gone after
the individual gangs and criminal organizations that are executing these,
but they've actually gone for a piece of their critical infrastructure.
But I'm also wary that we're not just going to see a backup version of the spin-up
if it already has not instantaneously.
Yeah, it's interesting how kind of in the weeds yet essential a piece of infrastructure
this ultimately was.
At the heart of all, this is a kind of thing called a content delivery network, a CDN.
You're going to hear us refer to that a bunch throughout this.
The basic idea, though, is that what they did was they function as a tool that could route scam sites through U.S.-based cloud services, making these fake, sketchy scam sites look a lot more legitimate and a lot harder to trace and a lot better at targeting their end victims.
Legitimate CDNs basically just speed up how fast websites and content are delivered by distributing that content all around the world, closer to the end user.
Funnull.
At a certain point, do we just call it funnel?
It's spelled F-U-N-N-U-L.
Yeah, it's like fun and then null.
So it's like fun, null.
Funnel.
Let's just go with funnel.
We'll call it funnel.
They use the same idea to serve fraud at a massive unprecedented scale.
So legitimate CDNs, there's common ones.
You've heard like Cloudflare.
I don't actually know how to say acomite.
Huge.
Huge.
Massive, massive platforms.
This is that.
But crime.
For scamming.
For scamming.
Pig butchering, I don't know that we need to dig into this too much.
I'm assuming most people are familiar.
If you are not, um, pig butchering, which was one of the main, it was pig
butchering and crypto were two of the big things that used this system allegedly.
But a pig butchering is a scam where fraudsters like basically just use social media or
dating apps or even sometimes email to like groom a victim over a very, very long period
of time.
Uh, typically at some point getting the victim.
to then either send the money, invest in a fake crypto platform. And then once the funds are in,
the scammer vanishes, having butcher to the pig, which is where the terminology comes from.
We did an entire episode on this in the back catalog, as well as we talked about it at length
in our interview with Zeke Fox number go up. This is true. He ran into a lot of these
Southeast Asian pig butchering scams that were being run by organized crime groups.
and a lot of human trafficking on the on the back end of them.
Yeah.
There are victims, both in the Zieg Fox episode in the first time we talked about this,
there's victims on both side of pig butchering.
Like there are people that have been human trafficked into having to be the pig butcher,
essentially.
There are obviously victims on the other side of the scam.
In 2022, this genre of scam, the long term grooming of a victim for an internet crime
became the number one reported crypto crime in the United States.
It was, I think, a $5.8 billion in losses.
So it's a massive, massive genre of crime.
The way funnel worked, basically they leased or controlled these giant blocks of IP addresses
from known, well-established, legitimate cloud providers.
It registered thousands of domain names, then used in scams,
so that traffic would appear to be coming from trusted services like AWS or Azure,
making detection much, much, much harder by law enforcement.
They use something called domain generation algorithms, DGAs, to create like just an endless
stream of new domains every single day, which would let the scam sites constantly rotate
addresses to evade getting taken down.
Yeah.
So essentially just using keywords and then generating patterns and combinations of those
words into new domains.
They also, um, so that content.
delivery side of things is the is the big part of it.
They had like a small sub business it seems like where they basically worked as like
crime square space, which I find really, really interesting.
They offered like prebuilt website templates for like faking a well established crypto platform.
Hey, you want a fake bank website.
We got a template for you.
So the criminals could quickly spin up the febs the fake website deliver it via their CDM
using a DGA generated domain brought to you by them.
like a true one-stop shop.
Like an ecosystem of financial crime.
In 2024, funnel bought polyfill.io, which is this like trusted JavaScript library.
Yeah, Polyfill essentially just took modern web features and allowed it to be pushed back into older browsers.
So essentially it was using JavaScript to bridge new functionality in the new browsers,
of putting them into older ones.
So it was pretty widely used for websites
that wanted to reach compliance and usability
in older browsers,
but didn't have that natively built in.
So they would just use polyfill to kind of push through that,
allow them to deploy features and functionality into,
you know, antiquated browsers.
And because it was being deployed to so many different sites,
when Funnel bought it,
they basically used it as like a vector for a supply chain attack.
to get a bunch of malicious code, uh, into all of these preexisting websites that would then
redirect the users to the other network of fraudulent crime sites that they were acting as
basically a vendor for. So you're just going to start getting redirected to like gambling,
scam sites, porn sites, whatever, uh, 384,000 websites, including a bunch of major brands,
government websites all got affected by this polyfill I.O acquisition slash supply chain attack
that existed.
is like, again, another appendage, like the Squarespace metaphor thing on the core CDN
business.
It was a very interesting network of crime and extremely different than the Escobar phone.
I'm surprised that they didn't get into more trouble for that one.
Yeah.
Because, like, taking over a popular open source library and then essentially turning it
into a redirect to criminal websites seems like something that would get flagged and
punished pretty quickly.
Yes. Yes. Yes. Which is, I mean, probably what brought us to this point, which was the May 29th sanctioning of funnel technologies by the U.S. Treasury Secretary and against Liu, Steve Ligie, this 40-year-old alleged operator of the scam.
Alleged. Alleged.
after being sanctioned,
lose online presence slowly starts
just vanishing from the mainstream platforms.
LinkedIn removes his old profile
after being contacted by journalists.
And that brings us to now
where Steve and Funnel face all of these sanctions
and we all get to kind of see what happens next.
Yeah, I'm intrigued to see
how much of an impact it makes.
Like if they're looking at, you know,
200 million plus plus
with an average loss per victim of over $150,000,
which is a wild number.
Yeah, that's really big.
I'm intrigued to see in the post funnel world before the next version of it gets spun up,
if it hasn't already, what that looks like.
Yeah, I mean, this was clearly the big fish, but I feel like typically when you have one
of those, there's also a second biggest fish.
Totally, yeah.
And even if law enforcement's looking at that, a lot of fish in the sea, take one out,
and other ones are going to get bigger.
Yeah, and nowadays, especially with some of the,
new AI tools. Like you can duplicate any major website instantaneously. Like there's an entire
AI app for that now. You just feed it a URL and it pulls you and builds you out the source code
for it. So I think that some of these tools will be facilitated going forward given our new AI
friends, which probably will be the next adaptation of the funnels. For sure. Yeah, fascinating story.
I'm curious to see where it goes. Okay. I literally have one.
front of me. So this is kind of interesting.
Hey me.
DGI.
DGI is a drone and camera manufacturer.
They make really good stuff in my personal opinion.
They aren't really available.
There's been like an unofficial ban at US customs, it would seem.
They're hard to get in the United States to varying degrees, depending on where you are.
Really?
Yeah.
I did not know this.
Yeah.
It surprised me, but I didn't know this.
Right?
Because in mainstream consumer technology, they're really big brand.
We own a number of DGI products.
Yeah, totally.
We have a couple of drones, some of their lab packs.
We have camera stabilizers.
Like, we have a bunch of things for DGI.
Yeah.
They're not officially banned in the United States, but there's just this, they're apparently
struggling to get them into the country.
This is according to DGI.
This is an evolving story.
But the reason I bring it up is because.
a story broke recently that on Amazon you can now buy a drone that looks conspicuously
like the DGI Mini 4 Pro.
It's called the Sky Rover X1 costs about the same amount of money.
Looks basically identical as just a different color.
And that is likely because it is just being sold by DGI.
This was originally reported in a platform I was unfamiliar with called Drone XL.
Security research figured out that the Sky Rover XX.
one has the exact same specs, the exact same features.
It features an incredibly conspicuously similar app to the one that DGI provides.
It also connects to DGI support, DGI global, DGI enterprise, like social media platforms,
existing infrastructure.
It sure seems like this is just DGI drone that they're selling under a different name.
Well, I feel like there's a lot of this stuff going around with trade, federal trade,
being an upheaval. Also, the fact that there's
a whole national security aspect that I think's been
brought into the forefront on some of these things. Like, do we really want to
have all these autonomous vehicles in our country that potentially
can be controlled from another foreign entity, et cetera, et cetera. How closely linked
is DGI with the Chinese government? Blah, blah, blah.
It probably sucks to be DGI. Yeah, big chunk of your consumer base. They're not
identical drones. There's some technical
differences about like the specific little sensor and like the battery connection.
Sure, they're worse.
Yeah, probably a little bit worse, which is what happens in situations like this.
I just found that really fascinating.
No, I totally see it happening more and more until kind of international trade stabilizes.
Just a smidge.
Yeah.
Yeah.
I'd be curious to see what happens there because I, you know, not an official endorsement or
anything, but I really like my DGI stuff.
Like, they make cool products.
They do.
And they're very competitive.
Priced.
Totally.
Yeah.
Yeah.
I was just flying my little, my little drone around off the balcony the other day.
It's really fun.
Like, you make a good product.
I'm, hypothetically, I did that.
I don't know if that's a lot.
Hypothetically.
Yeah.
You might be within stones through a hospital and not allowed to.
Well, maybe.
Maybe.
Maybe.
The, uh, yeah.
Yeah.
Yeah.
I, I don't know.
It's going to be fascinating to see how all this trade stuff washes out and the impacts it's going to have on security.
Apparently, Nvidia's backdooring chips.
I've read an article the other day that there's some rumors that like invidia's figured out a way to because they're essentially, I don't know, the U.S. government has said you can't sell like premium Nvidia chips to China.
And I think apparently there's been some workaround for that.
I saw some news article.
Nothing confirmed allegedly, an alleged workaround for it.
But Nvidia is back to selling chips to China.
So.
And with the amount of like Chinese AI models like coming out,
it would only make sense that, you know, in the AI arms race.
Yeah.
Calling it that China wants to be a player.
Huh.
So.
Yeah.
I've never really.
I haven't read a ton about Nvidia's like corporate structure.
It says they're based out of sense.
Santa Clara, California, which I honestly, I wouldn't have known.
I think I had a vague sense that they were an American company.
But I really at this point think of them as like a worldwide technology provider.
Yeah, they are.
I do not think of them as being like a specifically.
It's like I know they're an American company, but I'm like, I think of them as a company
that sells a core piece of infrastructure all around the world.
I think they are an American entity as far as like probably corporate headquarters go,
but I know that they have a significant portion of the company operates out of Taiwan.
They have a deep partnership with Taiwan semis, TSM.
I think, yeah, I think Jensen Huang is Taiwanese, if I'm not mistaken,
as is his cousin, Lisa Sue, who runs AMD, which is a funny thing that two of the world's largest
semiconductor CEOs are family.
There's like a Christmas dinner table.
Yeah, yeah.
With like the heads of like cumulatively a trillion and a half dollars, probably just like hanging out at it.
Or way more than that.
I think it's multi-trillion.
Is it really?
Because I knew Nvidia hit a trillion dollar valuation, but I didn't know that they'd cooked past and I have no idea what AMD is at.
Oh, I think, yeah, 4.3 trillion in video.
Good Lord.
And AMD is.
That, da-da-da-na.
That can be right.
only 300 billion, that seems low.
Hamdi, steel of a deal.
Investment thesis, inbound.
Yeah, exactly.
The only company that has any potential to combat NVIDIA
and AI dominance is worth a tenth, less than a tenth,
a 15th of what NVIDIA's worth, that's crazy.
Yeah.
Anyway.
No, that's fascinating.
But yeah, could you imagine the Christmas dinners,
like the two private jets,
park side by side on the runway and Taiwan?
Do you just take the dinner on the private jet at that point?
A question I will never, and don't really want to have to know the answer to.
Escobar phones, fun null.
Fun null.
It's been a good one.
See you very soon.
See you very soon.
Catch you in the next one.
Yeah.