Lex Fridman Podcast - #340 – Chris Tarbell: FBI Agent Who Took Down Silk Road
Episode Date: November 22, 2022Chris Tarbell is a former FBI special agent and cybercrime investigation specialist who brought down Ross Ulbricht and Silk Road, and Hector Monsegur (aka Sabu) of LulzSec and Anonymous. Please suppor...t this podcast by checking out our sponsors: - True Classic Tees: https://trueclassictees.com/lex and use code LEX to get 25% off - InsideTracker: https://insidetracker.com/lex to get 20% off - ExpressVPN: https://expressvpn.com/lexpod to get 3 months free - BetterHelp: https://betterhelp.com/lex to get 10% off - Blinkist: https://blinkist.com/lex to get 25% off premium EPISODE LINKS: Hacker And The Fed podcast: https://podcasts.apple.com/podcast/hacker-and-the-fed/id1649541362 Naxo: https://naxo.com/who-we-are PODCAST INFO: Podcast website: https://lexfridman.com/podcast Apple Podcasts: https://apple.co/2lwqZIr Spotify: https://spoti.fi/2nEwCF8 RSS: https://lexfridman.com/feed/podcast/ YouTube Full Episodes: https://youtube.com/lexfridman YouTube Clips: https://youtube.com/lexclips SUPPORT & CONNECT: - Check out the sponsors above, it's the best way to support this podcast - Support on Patreon: https://www.patreon.com/lexfridman - Twitter: https://twitter.com/lexfridman - Instagram: https://www.instagram.com/lexfridman - LinkedIn: https://www.linkedin.com/in/lexfridman - Facebook: https://www.facebook.com/lexfridman - Medium: https://medium.com/@lexfridman OUTLINE: Here's the timestamps for the episode. On some podcast players you should be able to click the timestamp to jump to that time. (00:00) - Introduction (08:05) - Silk Road (18:28) - Mass surveillance (22:40) - Operation Onion Peeler (27:56) - Hacker Avunit (38:45) - Ross Ulbricht and Silk Road (51:29) - Edward Snowden (53:33) - NSA surveillance (1:05:40) - Silk Road murders (1:14:26) - Dark web (1:18:28) - Ross Ulbricht's arrest (1:26:27) - Aaron Swartz (1:29:45) - Donald Trump and the Mar-a-Lago raid (1:32:50) - Tech companies and censorship (1:41:49) - War in Ukraine (1:45:47) - Anonymous and LulzSec (1:55:59) - FBI (1:59:00) - Personal threats (2:04:47) - Hector Monsegur a.k.a Sabu (2:17:57) - Cyber attack threats against civilians (2:34:45) - Most secure operating system (2:38:33) - Cyber war (2:46:28) - Advice for young people (2:51:39) - FBI's credibility (3:00:10) - Love
Transcript
Discussion (0)
The following is a conversation with Chris Tarbel, a former FBI special agent and cybercrime
specialist who tracked down and arrested Russ Auburt, the leader of Silk Road, the billion
dollar drug marketplace, and he tracked down and arrested Hector Monsugur, aka Sabu, of
Lalsek and Anonymous, which is some of the most influential hacker groups in history. He is co-founder of
Naxo, a complex cybercrime investigation firm, and is a co-host of a podcast called The
Hacker and the Fed. This conversation gives the perspective of the FBI cybercrime investigator,
both the technical and the human story. I would also like to interview people on the other side.
The cybercriminals who have been caught, and perhaps the cybercriminals who have not
been caught, and are still out there.
And now, a quick few second mention of each sponsor.
Check them out in the description, it's the best way to support this podcast.
We've got true classic teas for shirts, inside track of bio-modernering,
express VPN for privacy, better help from the health and blinkist for non-fiction
choose wise to my friends. And now onto the full lad reads, as always no ads in
the middle, I try to make this interesting, but if you skip them please still check
out our sponsors. I enjoyed their stuff. Maybe you will too.
This show is brought to you by True Classic Teas. High quality solvents, limited t-shirts for men. They also make other men's wear staples like polo's,
walk-on shirts and boxers, but I have a lot of their black t-shirts that's my main go-to.
I'm not exactly sure why, but there's a certain kind of comfort in having
a great t-shirt that all look the same, having many of them.
So it removes that extra little decision in your life.
So you can liberate your mind to focus on the more difficult decisions in your life.
So it's just this reliable thing I can count on.
Either I wear a suit or I wear a true classic T-shirt. That's it. That's all I need to worry about. Life is simple.
And there's a kind of minimalist aesthetic to a black t-shirt that just brings out the
best in me. It makes my soul sing. I think it's also in part a programmer, aesthetic, engineer, aesthetic. I'm not
exactly sure. But I do know that a lot of programmers I hang out with often wear black t-shirts.
So I'm not sure what that's about. That could also just be in general a guy thing. I'm
going to have to get some data on that. Anyway, go to trueclassic.com and enter code Lex to get 25% off.
This show is also brought to you by InsideTracker, a service I use to track biological data.
Your lifestyle decisions should be made based on data coming from your own body.
I can't wait until the day that we have high bandwidth signal coming from the body at
a frequency that is exceptionally high.
So we have this short-term and long-term data about what's going on inside our body.
Just raw data.
So machine learning algorithms can just interpret that data to make decisions based on.
I mean, to me, that's such an exciting world.
Of creating systems that are able to truly listen to our body.
There's experiences I have, but going to doctors, I think the job of a doctor is so difficult.
They get just few little inkling into the symptoms you provide.
There's some data that can collect, they can do MRIs and all that kind of scans.
It's not a high resolution picture what's going on in your body.
Now, if you're the average case for a particular condition or disease or particular issue you're
having in your life, yeah, fine.
But a lot of us are not the perfectly representative average case.
In fact, most humans aren't.
And so it makes sense that we should be looking at that specific person to make decisions for
that specific person.
Anyway, get special savings for a limited time when you go to inside tracker.com slash
flex.
This show is brought to you by express VPN.
I use them to protect my privacy on the internet.
This conversation talks a lot about tour,
which is a super extreme way to
protect your privacy on the internet. Now, that's like advanced stuff. The
basic stuff that everybody should be doing is a VPN, everybody. And my favorite
VPN, long, long, long, long before they were a sponsor, has been expressed VPN,
big sexy button. It just works. It's super fast, any operating system, including Linux,
whatever your favorite flavor of Linux is, and I've tried them all, I like all of the flavors.
That's actually factually incorrect because I love all the flavors of Linux that I've tried, but there's a huge amount of them. I think there's a website called DistroWatch that looks at the popularity
based on how often they're searched, I think, of different distribution of Linux. It's
kind of cool to see all the different flavors. It's really exciting how active the community
is in the development of those flavors. Anyway, go to expressvpm.com slash lagspod for
an extra three months free.
This episode is sponsored by BetterHelp spelled H-E-L-P-H-H-H-L-P.
I think there's a lot of ways in which social media reveals the mental and stability that
we have, the sort of the role-coaster of life.
And it's easy to lose yourself on that and not seek balance and a deep
exploration of your mind beyond that kind of shallow roller coaster. Now I'm a
huge believer of talk therapy as a way to do that kind of serious exploration.
However you do that. And I think the great thing about better health is it's super easy to do that. It makes it accessible to try. You get
access to a licensed professional really quickly. Your mind is the most precious thing
you have. So make sure you take care of it. It's easy, private, affordable, available,
anywhere. You can check it out at betterHelp.com slash Lex and save on your first
month.
This shows also brought to you by Blinkist, my favorite app for learning new things.
Blinkist takes key ideas from thousands of nonfiction books and condenses them down
into 15 minutes that you can read or listen to.
There's actually AI systems that have recently been seeing pop-up
that do summarization.
And let me tell you something.
While that's nice and everything, they do not do nearly as good of a job as humans do,
especially when those humans are the sort of world-class humans whoever they are behind
Blinkist.
There's really an extra level, an extra
depth of insight that Blinkist is able to do for nonfiction books. It's not just
that it's brief. It's also somehow reveals something new. Even for books I've
read, it's revisiting the summaries, gives me a new perspective in that book. I
don't know, it's really, really powerful.
So I recommended not just for books you have a red, but also for books you have red.
And it includes basically all the major non-fiction books you can think of.
You can claim a special offer for savings if you visit blinkist.com slash Lex.
This is Alex Friedman podcast to support it.
Please check out our sponsors in the description.
And now dear friends, here's Chris Tarbel. You are one of the most successful cyber security law enforcement agents of all time.
You tracked and brought down Russ Aubrick, aka Dreadpire Roberts, who ran Silk Road and Sabu
of Lossek and Anonymous, who was one of the most influential hackers in the world. So first, can you tell me the story of tracking down Russell Brick and Silk Road? Let's start from
the very beginning. And maybe let's start by explaining what is the Silk Road.
It was really the first dark market website. You were literally could buy anything there.
I'll take it back. There's two things you couldn't buy there. You couldn't buy guns because that was a different website. And you couldn't buy fake degrees. So no one
could become a doctor. But you could buy literally whatever else you wanted. You could post
things, drugs. You could buy heroin right from Afghanistan, the good stuff, hacking tools.
You could hack for hire. You could buy murders for hire if you wanted someone killed.
Now, so when I was an FBI agent, I had to kind of sell some of these cases and this was
a big drug case, you know, that's the way people saw Silver Road.
So internally to the FBI, I had to sell it.
I had to find the worst thing on there that I could possibly find.
And I think one time I saw a posting for baby parts.
So let's say that you had a young child
and that needed a liver.
You could literally go on there and ask
for a six-month-old liver if you wanted to.
For surgical operations versus something darker.
Yeah, I never saw anything that dark as far as people
who wanted to eat body parts.
I did interview a cannibal once when I was in the FBI.
That's another crazy story,
but that one actually weirded me out.
So I just watched Jeffrey Dahmer, a documentary on Netflix,
and it just changed the way I see human beings,
because it's a portrayal of a normal looking person
doing really dark things, and doing so,
not out of a place of insanity, seemingly,
but just because he has almost like a fetish
for that kind of thing.
It's disturbing that people like that are out there.
So people like that would then be using Silk Road,
not like that necessarily,
but people of different walks of life
would be using Silk Road to primarily,
what was the primary thing, drugs?
It was primarily drugs.
And that's where it started.
It started off with Ross Albrich,
growing mushrooms out in the wilderness of California
and selling them.
But really, here's what's more of a libertarian viewpoint.
I mean, it was like, you choose what you want to do
for yourself and do it.
And in the way Silk Road kind of had the anonymity
is that it used what's called Tor,
the onion router, which is an anonymizing function on the deep web.
It was actually invented by the US Navy back in the mid-90s or so,
but it also used cryptocurrency.
So it was the first time that we saw this birth on the internet,
a mixing cryptocurrency and an IP blocking software.
So, you know, in cybercrime, you go after one, the IP address,
and trace it through the network,
or two, you go after the cache,
and this one kind of blocked both.
Cache meaning the flow of money, physical or digital.
And IP is some kind of identifying thing of the computer.
It's your telephone number on your computer.
So yeah, all computers have, you computers have a unique four octet numbers.
So 123.123.123.123.123.
And the computer uses DNS or domain name services
to render that name.
So if you were looking for CNN.com,
your computer then translates that to that IP address
so that telephone number where it can find that information
Didn't so called used to have guns in the beginning or it was that considered to have guns or
Did it naturally emerging and rust realized like this is not good? It went back and forth
I think there were guns on there and he tried to police it
You know, he he told himself that the captain of the boat, so he had to follow his rules.
So, I think he took off those posts eventually and moved guns elsewhere.
What was the system of censorship that he used of selecting what is okay and not okay?
I mean, it's alone. He's the captain of the boat. Do you know, by chance, if there was a lot of
debates and criticisms internally amongst the criminals
of what isn't isn't allowed, I mean, it's interesting to see a totally different moral
code emerge that's outside the legal code of society.
We did get the server and was able to read all of the chat logs that happened.
I mean, all the records were there.
I don't remember big debates.
I mean, there was a clear leadership.
Yeah.
And that was the final decision.
That was the CEO of Silk Road.
And so primarily it was drugs and primarily out of an ideology of freedom, which is if you
want to use drugs, you should be able to use drugs.
You should put in your body what you want to put in your body.
And when you were presenting a case of why this should be investigated,
you're trying to find, as you mentioned,
the worst possible things on there, is that what you were saying?
So we had a rest of the guy named Jeremy Hammond,
and he hit himself.
He was a hacker, and we were resting.
It was the second time he had been arrested for hacking.
He used Tor.
And so that kind of brought us to a point.
The FBI has a computer system where you look up things, you know, you look up anything.
I could look up your name or whatever if you're associated with my case. And we were
finding at the time a lot of things in, you need to look it up. The case would end.
We'd be like, oh, this is Tor. It just stopped. Like we didn't even get any further.
So, you know, we had just had this bigger rest of Sabu
and took down Anonymous.
And sometimes in the FBI, the way it used the old school FBI,
when you had a big case and you're working seven days a week
and 14 hours, 15 hours a day, you sort of take a break.
The boss kind of said, yeah, I've seen a few months.
Go get to know your family a little bit, you know, and come back. But the group of guys
I was with was like, let's find the next big challenge. And that's when we were finding,
you know, case closed, it was tour, case closed, it was tour. So let's take a look at
tour and let's see what we can do. Maybe we'll take a different approach. And Silk Road
was being looked at by other law enforcement, but it was taking like a drug approach where
I'm going to find a drug buyer who got, you know, the drug sent to them in the mail and let's arrest
up. Let's go up the chain, but the buyers didn't know their dealers. They never met them.
And so you were taking a cybersecurity approach. Yeah, we said, let's try to look at this from
a cyber approach and see if we can glean anything out of it. So I'm actually indirectly connected
to, I'm sure I'm not admitting anything
that's not already on my FBI file.
Oh, I can already tell you what you're gonna tell me though.
What's that?
That when you were at college, you wrote a paper
and you're connected to the person that started.
You told him a bitch.
You clever son of a bitch.
I'm an FBI general former, FBI general. How would I not have known if you told that? I could have told you a bitch. You clever son of a man. An FBI, a general former FBI agent. Well, how would I not have known?
No, but I could have told you other stuff.
No, exactly what you were about to tell me.
I was looking up his name because I forgot.
So one of my advisors for my PhD was Greenstatt.
And she is married to Roger Dingoldine,
which is the co-founder of the tour project.
And I actually reached out to him last night to do a tour podcast together.
I don't know
I
Know that it was good is a good party trick. I mean as cool that you
Know this and the timing of it. It was just like beautiful, but
Just the link around the on the tour project
So we understand.
So tour is this black box that people disappear in in terms of like the when you were tracking
people.
Can you paint a picture of what tours used in general?
Other, it's like when you talk about Bitcoin, for example, cryptocurrency, especially today, much more people
use it for legal activity versus illegal activity.
What about tour?
Tour was originally invented by the US Navy so that like spies inside countries could
talk to spies and no one could find them.
There was no way of tracing them.
And then they released that information free to the world.
So tour has two different versions of, not versions, two different
ways it can be utilized. There's dot onion sites, which is like a normal website, dot com, but it's
only found within the Tor browser. You can only get there if you know the whole address and get there.
The other way Tor is used is to go through the internet and then come out the other side if you
want a different IP address. If you're trying to hide your identity. So if you were doing like say cybercrime, I would have the victim computer and I would
trace it back out to a tour relay.
And then because you don't have an active connection or what's called a circuit at the
time, I wouldn't be able to trace it back.
But even if you had an active circuit, I would have to go to each machine physically at
live and try to rebuild that, which is literally impossible. So what do you feel about tour, ethically, philosophically, as a human being on this
world that spend quite a few years of your life and still trying to protect people?
So part of my time in the FBI was working on child exploitation, Kitty Porn, as they call
it, that really changed my life in a way.
And so anything that helps facilitate the exploitation of children, fucking pisses me off, chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- chit- freedom that Russell Aldrich, for example, tried to embody is something that you don't
connect with anymore because of what you've seen that ideal being used for.
I mean, the child exploitation is a specific example for it.
You know, and it's easy for me to sit here and say child exploitation, child porn, because
no one listening to this is ever going to say that I'm wrong
and that we should allow child porn.
Should, because some people utilize it in a bad way,
should it go away?
No, I mean, I'm a technologist.
I want technology to move forward.
People are going to do bad things
and they're going to use technology
to help them do bad things. Well, let me ask you then.
We'll jump around a little bit, but the things you were able to do in tracking down information
and we'll get to it.
There is some suspicion that this was only possible with mass surveillance, like with NSA,
for example.
First of all, is there any truth to that? And second of all,
what do you feel are the pros and cons of mass surveillance? There is no truth to that. And then
my feelings on mass surveillance, if there was, would you tell me probably not. But I love this
conversation so much. But what do you feel about the given that you said child porn?
What are the pros and cons of surveillance at a society level?
I mean, nobody wants to give up their privacy.
I say that.
I say no one wants to give up their privacy.
But I mean, I just have to get a search warrant to look inside your house.
Or I can just log on to your Facebook and you've got pictures of all inside your
house and what's going on. I mean, it's not, you know, so people like
the idea of not giving up their privacy but they do it anyways. They're
giving away their freedoms all the time. They're carrying watches that gives
out their heartbeat to a weight of companies that are storing that. I mean
what's more personal than your heartbeat? So I think people on mass really want to protect their privacy
and I would say most people don't really need to protect their privacy. But the case
against mass surveillance is that if you want to criticize the government in a very difficult
time, you should be able to do it. So when you need the freedom, you should have it. So when you wake up one day and realize
there's something going wrong with the country I love, I want to be able to help.
One of the great things about the United States of America is there's that individual revolutionary
spirit, like so that the government doesn't become too powerful. You can always protest. There's always
the best of the ideal of freedom of speech. You can always say, fuck you to the man.
And I think there's a concern of direct or indirect suppression of that through master
valence. You might not, is that little subtle fear that grows with time that why you know why bother criticizing
the government?
It's going to be a headache.
I'm going to get a ticket every time I say something bad that kind of thing.
So it gets out you can get out of hand the bureaucracy grows and the freedom slip away.
Is that's the that's the criticism?
I completely see your point and I agree with it.
But I mean on the other side people criticize with it. I mean, but I mean, on the
other side, people criticize the government of these freedoms, but I mean tech companies
are talking about destroying your privacy and controlling what you can say. I realize
their private platforms and you they can decide what's on their platform. But, you know, they're
taking away your freedoms of what you can say. And we've heard some things where maybe
government officials were in line with tech companies
to take away some of that freedom.
And I agree with you, that gets scary.
Yeah, there's something about government that feels maybe because of the history of human
civilization, maybe because tech companies are a new thing, but just knowing the history
of abuses of government. If there's something about government that enables the corrupting nature of
power to take hold at scale, more than tech companies, at least what we've seen so far.
You know, I agree. I agree. But I mean, we haven't had a voice like we've had until recently.
I mean, anyone that has a Twitter account now can speak and become a news article.
You know, my parents didn't My parents didn't have that voice.
If they wanted to speak out against the government or do something, they had to go to a protestor,
organize a protestor, do something along those lines.
We have more of a place to put our voice out now.
That's incredible, but that's why it hurts and that's why you notice it when certain voices get removed.
The president of the United States of America was removed from all such platforms.
And that hurts. Yeah, that's crazy to me. That's insane.
That's insane that we took that away.
But let's return to still grow in my sub-baked. So how did your path with this very difficult, very fascinating case cross?
We were looking to open a case against Tor because it was a problem.
All the cases were closing because Tor.
So we went on Tor and we came up with 26 different onion, dot onions that we targeted.
We were looking for nexus to hacking
because I was on a squad called CY2
and we were like the premier squad in New York
that was working a criminal cyber intrusions.
And so any website that was offered hackers for hire
or hacking tools for free in our paid services, any website that was offered hackers for hire or
hacking tools for free, you know, or paid services, you know, like now we're seeing ransomware, for as a paid service and fishing as a paid service. Anything that offered that, so we open this case
on, I think we called it, so you have to name cases, one of the fun thing in the FBI is when you
start a case, you get to name it. You would not believe how much time is spent
in coming up with the name. You know, case it goes, I think we call this onion peeler because
it's the, yeah. So a little bit of humor, a little bit of wit and some profundity to language. Yeah.
Yeah. Yeah. I'm gonna have to work with this for quite a lot. So yeah, this one had the potential
of being a big one, you know, because I think I think Silk Road was like the sixth on the list
For that case, but we all knew that was sort of the golden ring if you could make the splash
That that onion site was going down then it would probably get some publicity and that's part of you know law enforcement
It's getting some publicity out of it that you know that makes others think not to do it
I wish to say that tour is the name of the project,
the browser, what is the onion technology behind tour?
Let's say you wanna go to a dot-downian site.
You'll put in the dot-down you don't wanna go to,
and your computer will build communications
with a tour relay, which are all publicly available out there.
But you'll encrypt it.
You'll put a package around your data, and so it's encrypted and so you can encrypt it. You'll put a package around your data.
And so it's encrypted and so you can't read it.
It goes to that first relay.
That first relay knows about you
and then knows about the next relay down the chain.
And so it takes your data and then encrypts that
on the outside and sends it to relay number two.
Now relay number two only knows about relay number one.
It doesn't know who you are asking for this.
And it goes through there adding those layers on top, layers of encryption until it gets
where it is.
That, and then even the onion service doesn't know except for the relay it came from who
it's talking to.
And so it peels back that, gives the information, puts another layer back on.
And so it's layers like you're peeling an onion back of the different relays and that
encryption protects who the sender is and what information they're sending.
The more layers they are, the more exponentially difficult it is to decrypt it.
I mean, you get to a place where you don't have to have so many layers because it doesn't matter
anymore. It's mathematically impossible to decrypt it. gripped it, but the more relays you have, the slower it is.
I mean, that's one of the big drawbacks on tours is how slow
it operates.
So, how do you appeal the onion?
So, what are the different methodologies for trying to get
some information from a cybersecurity perspective on these
operations like the Silk Road?
It's very difficult. People have come up with different techniques.
There's been techniques to put out in the news media about how they do it.
Running massive amounts of relays and you're controlling those relays.
I think I've been trying to try that once.
So there's a technical solution and what about social engineering?
What about trying to infiltrate the actual
humans that are using the Silk Road and trying to get in that way?
Yeah, I mean, I definitely could see the way of doing that. And in this case, in our
takedown, we use that. There was one of my partners, Jared Daryl, and he was an HSI investigator,
and he had worked his way up to be a system admin on the site.
So that did glean quite a bit of information
because he was inside and talking to,
at that time, O'Neill, I know it is DPR
or Dreadpire Roberts.
We didn't know who that was yet,
but we had that open communication.
And one of the things, the technical aspects on that is there was a jabber server.
That's a communication type of communication server that was being used.
We knew that Ross had his jabber set to a Pacific time.
We had a pretty good idea what part of the country was in.
I mean, isn't that from DPR's perspective, from Russ's perspective, isn't that clumsy?
He wasn't a big computer guy.
Do you notice that aspect of like the technical savvy of some of these guys doesn't seem
to be quite, why wouldn't they good at this?
Well, the real techie savvy ones we don't arrest.
We don't get to them.
We don't find them.
We get to them.
Shout out to the techie criminals.
They probably watch in this.
I mean, yeah, I mean, you were getting a low-hanging fruit.
I mean, you were getting the ones that can be caught.
I mean, I'm sure we'll talk about it, but the anonymous case, there was a guy named
AVUnit.
He's still, I lose sleep over him
because I, we didn't catch him.
We caught everybody else within catch him.
He's good though.
He pops up two once in a while
and the internet pisses me off.
Yeah, what's his name again?
AVUnit, all I know is this AVUnit.
AVUnit.
Yeah, I got a funny story about him
and what people think he is.
Can I actually, can we go on that brief tangent?
Sure, I love tangents.
Well, let me ask you, since he's probably he or she,
do we know what's he?
We have no idea.
Okay.
I mean, that's another funny story about hackers,
the he, she issue.
What's the funny story there?
Well, one of the guys in Losec was a she was a 17 year old girl. And my source in the case, the guy Sabu that I rested in part of and we'd set side by side
for nine months and then took down the case and all that.
He was convinced she was a girl and he said, you know, he was in love with her almost at
one point.
And turns out to be a 35 yearyear-old guy that lived in England.
Also, he was convinced there was a...
Yes, he was absolutely convinced.
Based on what exactly by a linguistic,
like human-based linguistic analysis, or what?
She, he, whatever, you know, Kayla,
his way, it was, ended up being like a modification
of his sister's name.
The real guy's sister's name was so good at building the backstory.
All these guys, and it's funny,
these guys are part of a hacking crew,
they social engineer the shit out of each other.
Just to build if one of them ever gets caught,
they'll convince the everybody else that,
they're a Brazilian, ISP owner or something like that,
and that's how I'm so powerful.
Well, yeah, that social engineering aspect,
is part of living a life of cyber crime
or cyber security and offensive or defensive.
So, AB unit, can I ask you also just a tangent of attention
first?
That's my favorite tangent.
Okay.
Is it possible for me to have a podcast conversation
with somebody who hasn't been caught yet
And because they have the conversation they still won't be caught and is that a good idea?
Meaning is there a safe way for criminal to talk to me out of podcast?
I would think so
I would think that that someone could I mean someone who has been living a double life for
long enough, where you think they're not a criminal.
No, no, no, they would have to admit that they would say I am a V unit.
Oh, you would want to have a conversation with a V unit.
Yes.
Oh, my God.
I'm just speaking from an FBI perspective, technically speaking, because I, I, so let me explain my motivation or I think I would like to be
able to talk to people from all walks of life and understanding
criminals, understanding their mind, I think is very important.
And I think there's fundamentally something different between a
criminal who's still active
versus one that's been caught.
The mind just from observing it changes completely once you're caught.
You have a big shift in understanding of the world.
I mean, I do have a question about the ethics of having such conversations, but first technically
is that possible?
If I was technically advising you,
I would say first off, don't advertise it.
Don't the fewer people that you're gonna tell
that you're having this conversation with, the better.
And yeah, you could, you're doing it in person?
Are you doing it in?
In person will be amazing, yeah,
but their face would not be shown.
Face would not be shown.
Yeah, I mean, you couldn't publish the show for a while
They'd have to put a lot of trust in you that you are not going to you're gonna have to alter those tapes
I say tapes because it's old school the off-tongue, you know
Exactly. I'm sure a lot of people just said that like oh shit. This old guy just in tape. I heard it VHS
was in 1800s, I think
old guy just in tape. I heard it VHS was in 1800s, I think. But yeah, yeah, you could do it. They'd have to have complete faith and trust in you that you destroy the originals after
you've altered it.
What about if they don't have faith? Is there a way for them to attain security? So like
for me to go through some kind of process where I meet them somewhere where I mean you're not gonna do it without a bag over your head
I don't know if that's the life you want to live. I'm fine with the bag over my head
That's gonna take it taking out a context
But I just I think it's a worthy effort
It's a worthy it's worthy to go through the hardship of that to understand the mind of somebody
I think fundamentally
Conversations are a different thing than the mind of somebody, I think fundamentally conversations are a different thing than
the operation of law enforcement.
Understanding the mind of a criminal, I think, is really important.
I don't know if you're going to have the honest conversation that you're looking for.
I mean, it may sound honest, but it may not be the truth.
I found most times when I was talking to criminals, it's lies mixed with half-truths.
And you kind of, if they're good, they can keep that story going
for long enough. If they're not, you know, you kind of see the relief in them when you finally break
that wall down. That's the job of an interviewer. If the interviewer is good, then perhaps not directly,
but through the gaps, seeps out the truth of the human being.
So not necessarily the details of how they do the operations
that's on, but just who they are,
as a human being, what their motivations are,
what their ethics are, how they see the world,
what is good, what is evil,
do they see themselves as good,
what do they see their motivation as,
do they have resentment,
what do they think about love for the people
within their small community? Do they have
resentment for the government or for other nations or for other people? Do they have childhood issues
that led to a different view of the world than others perhaps have? Do they have certain fetishes
like sexual and otherwise that led to their construction of the world? They might be able to reveal
the world, they might be able to reveal some deep flaws to the cyber security infrastructure of our world, not in detail, but philosophically speaking.
They might have, I know you might say it's just a narrative, but they might have a kind of
ethical concern for the well-being of the world,
that they're essentially attacking the weakness
of the cybersecurity infrastructure
because they believe ultimately
that would lead to a safer world.
So the attacks will reveal the weaknesses.
And if they're stealing a bunch of money,
that's okay because that's gonna enforce you
to invest a lot more money in defending,
yeah, defending things that actually matter, you know, nuclear warheads and all those kinds of
things. I mean, I could see, you know, it's fascinating to explore the mind of a human being like
that because I think it will help people understand. Now, of course, it's still a person that's creating a lot of suffering in the
world, which is a problem. Do you think ethically it's a good thing to do?
I don't. I mean, I feel like I have a fairly high ethical bar that I have to put myself
on. And I don't think I have a problem with it. I would love to listen to it.
Okay. Great. I mean, not that I'm your ethical coach here. Yeah.
Well, that's interesting. I mean, so because I thought you would have become jaded and exhausted by the criminal mind.
It's funny. You know, I'm fast forward in our story.
I'm very good friends with Hector Montsery or the Sabu, the guy I arrested.
And he tells stories of what he did in his past.
And I'm like, oh, that Hector, you know.
But then I listened to your episode with Brett Johnson.
And I was like, this guy stealing money from the US government and welfare fraud and all
that sort of thing, he just pissed me off.
And I don't know why I have that differentiation in my head.
I don't know why I think one's just, oh, a Hector will be Hector and then this guy just
pissed me off.
Well, you didn't feel that way about Hector until you probably met him.
Well, I didn't know Hector.
I knew Sabo.
So I hunted down Sabo and I learned about Hector
over those nine months.
We'll talk about it.
Let's finish with, let's return tangent
to back to attention.
Oh, one tangent up, who's AV unit?
I don't know.
Interesting.
So he's at the core of anonymous.
He's one of the critical people anonymous. What
is known about him? There's what's known in public and what was known because, uh,
a sad with Hector and, um, he was sort of like the, the set things up guy. Um, so if
Losec had like their hackers, which was Sabu and Kayla and they had their, uh, their,
their media guy, Skytopiary, up,
he lived up in the Northern end of England.
And they had a few other guys,
but AVUnit was the guy that set up infrastructure.
So if you need a VPN in Brazil
or something like that to pop through,
one of the first things Hector told me
after we arrested him is that AVUnit
was the secret service agent.
And I was like, oh shit.
Just because he kind of lived that lifestyle.
He'd be around for a bunch of days
and then all of a sudden gone for three weeks.
And I try to get more out of Hector
and that early on in that relationship,
you know, I'm sure it was a little bit guarded
and maybe trying to social engineer me.
Maybe he wanted that, oh shit,
there's law enforcement involved in this.
And not to say, I mean, I, I was, you know, over my head with that case, just the amount of work
that was going on. Um, so to track them all down, um, plus the 350 hacks that came in about
just military institutions, um, you know, it was swimming in the deep end. Um, so it was just at
the end of the case, I looked back and I was like,
maybe you knew I could have had them all. You know, maybe that's the perfectionist in me.
Man, well reach out somehow. I can't I won't say how, right? We'll have to figure out.
Would you have them on? Yeah. Oh my god. You just let me know. Just talk shit about you the whole time. That's perfect.
I mean, probably doesn't even care about me. But well, now he will.
Oh, yeah.
Because there's a certain pleasure of a guy
who's extremely good at his job, not catching another guy
who's extremely good at his job.
Obviously better.
He got away.
Better.
He's still eating, I love it.
Yeah.
So you or she, if I can meet that guy one day,
that he or she, that'd be great.
I mean, I have no power.
So yes, so,
Bro, can you speak to the scale of this thing? What would it?
Just for people who are not familiar, how big was it?
And any other interesting things you understand about separation when it was active?
So it was when we finally got looking through the books and, know the numbers came out is about 1.2 billion dollars in sales
It's kind of hard with the fluctuation value of Bitcoin at the time to come up with a real number
So you kind of pick a daily average, you know and go across so what's the operation was done in Bitcoin is all done in Bitcoin
You couldn't you had escrow accounts on you know you came in and you put money in an escrow account
and you know, the transaction wasn't done
until the client got the drugs or whatever they had bought.
And then the drug dealers had sent it in.
There was some talk at the time
that the cartel was starting to sell on there.
So that started getting a little hairy there at the end.
What was the understanding of the relationship between organized crime like the cartels and
this kind of more ad hoc new age market that is the Silk Road?
I mean, it was all just chatter.
It was just, you know, because like I said, Jared was on the inside, so we saw some of
it from the admin sides.
And Ross had a lot of private conversations with the different people that he advised him.
But no one knew each other.
I mean, the only thing that they knew
with the admins had to send an ID to Ross,
had to send a picture of their driver's license or passport,
which I always found very strange,
because if you are an admin on a site that sells fake IDs,
why would you send your real ID?
And then why would the guy running the site
who profits from selling fake IDs,
believe that it was.
But fast forward, pay attention, they were all real IDs.
All the IDs that we found on Ross's computer
as the admins were the real people's IDs.
What do you make of that?
Just for other clumsiness?
Yeah, low hanging fruit, I guess.
I guess that's what it is.
I mean, I would have bought, I mean, even Ross bought fake IDs off the site.
He had federal agents knock on his door.
You know, and then he got a little cocky about it.
The landscape, the dynamics of trust is fascinating here.
So you trust certain ideas or like, who do you trust in that kind of market?
What was your understanding of the network of trust?
I have nothing anyone trust anybody, you know? I mean, I think Ross had his advisors of
trust, but outside of that, I mean, he required people to send their ID for their trust.
He, you know, people stalled from him. There was, there's open cases of that. It's a criminal world.
You can't trust anybody.
What was his life like, you think?
Lonely.
Can you imagine me entrapped in something like that where the whole world focus on that
and you can't tell people what you do all day?
Could he have walked away?
Like someone else take over the site just shut down. Either one, just you put
yourself in his shoes, the loneliness, the the anxiety, the just the growing
immensity of it. So walk away with some kind of financial stability. I couldn't
have made it past two days. I don't know, I don't like loneliness. I mean, my wife's
away. I probably call her 10, 12 times a day.
We just talk about things.
You know, I just, you know, something crossed my mind.
I want to talk about it.
And I'm sure she would like to talk to her, like, honestly, about everything.
So if you were running so crowded, you wouldn't be able to like...
Hopefully I'd have a little protection.
I'd only mention joy when we were in bed To have that marital connection, but who knows?
I mean she's gonna question why the Ferrari is outside and things like that. Yeah
I'm sure you can come up with something. Why didn't he walk away?
It's another question of why don't criminals walk away in situations?
Well, I mean, I don't know every criminal mind and some do I mean a unit walked away
I mean I'm not to go back to that son of a bitch, but
there's a theme to this. But, you know, Ross started counting his
dollars. I mean, he really kept track of how much money he was making and it started,
you know, getting exponentially growth. I mean, he, I mean, if he would have stayed at it,
he would have probably been one of the richest people in the world.
And do you think he liked the actual money or the fact of the number growing?
I mean, have you ever held a Bitcoin?
Yeah.
Oh, you have? Well, he never did.
He never did. He never held a Bitcoin.
He can't hold it. It's not real.
Oh, oh, oh.
It's not like I can give you a briefcase of Bitcoin or something like that.
He liked the idea of it growing.
He liked the idea.
I mean, I think it started off as sharing this idea But then he really did turn to like I am the captain of the ship and that's what goes and he was making a lot of money
And again
My interactions with Ross was about
Maybe five or six hours over a two-day period
I knew DPR because I read his words and all that. I didn't really know Ross.
There was a journal found on his computer and so it sort of kind of gave me a little inside.
So I don't like to do a playbook for criminals, but I'll tell you right now, don't write things down.
There was a big fat about people like, remember kids going around shooting people with paintballs and
filming it? I don't know why you would do that.
Why would you videotape yourself committing crime and then publish it?
Like, if there's one thing I've taught my children, don't record yourself doing bad things.
It never goes back, goes well.
So.
And you actually give advice in the other end of logs being very useful and for the defense
perspective.
For, you know, information is useful for being able to figure out what the attacks were all about.
Logs are the only reason I found Hector Montsegar. I mean, the one time his, uh,
VPN dropped during a Fox hack, and I, he says he did, it wasn't even hacking. He just was sent a link and he clicked on it.
And in 10 million lines of, uh, of logs, there was one IP address that stuck out.
This is fascinating. We'll explore several angles of that. There was one IP address that stuck out.
This is fascinating. We'll explore several angles of that. So,
what was the process of bringing down
Russ and the Silk Road?
All right. So that's a long story. You want the whole thing? You want to break it up?
Let's start at the beginning.
Once we had the information of the chat logs and all that from the server, we fasted the server with the chat log.
So the dot onion was running the website, the Silk Road, was running on a server in Iceland.
How did you figure that out?
That was one of the claims that the NSA.
Yeah, that's the one that we said that I wouldn't tell you if it was. It's on the internet. I mean, the internet has their conspiracy theories and all that.
So, but you figure out that's the part of the thing you do. It's puzzle pieces and you have
to put them together and look for different pieces of information and figure out, okay,
so you figure out the servers in Iceland. We get a copy of it and so we start getting clues
off of that and we- Wait, the physical copy of the server? Yeah, you fly over there. So, you go over there. So you go, if you've never been, you should definitely go to Iceland.
Is it beautiful?
I love it. I love it. It was what, so I'll tell you this.
So, so tangents. I love this.
Yeah. So I went to Iceland for the anonymous case.
Then I went to Iceland for the Silk Road case and I was like, oh, shit,
all cyber crime goes to Iceland. Um, it was just my sort of thing.
And I was over there for like the third time. And I said, if I ever can bring my family here was like, oh shit, all cyber crime goes to Iceland. It was just my sort of thing. And I was over there for like the third time
and I said, if I ever can bring my family here.
Like, so there's a place called Thing of R
and I'm sure I'm fucking up the name
that Icelandics are pissed right now.
But it's where the North American Continental plate
and the European Continental plate aren't pulling apart
and it's being filled in with the volcanic material
in the middle and it's so cool.
Like, I was like, one day, I'll be able to afford
to bring my family here.
And once I left, it's like the humbling
and the beauty of nature, just everything, man.
It was a different world.
It was insane how great Iceland is.
And so we went back and we rented a van,
and we took friends, and we drove around the entire country.
Absolutely, like a beautiful place.
Like Reykjavik's nice, but get out of Reykjavik
as quick as you can and see the countryside.
How's this place even real?
Well, it's so new.
I mean, that's, so, you know, our rivers have been going
through here for millions of years
and flattened everything out and all that.
These are new, this is new land being carved by these rivers. You can walk behind a waterfall in one place.
It's the most beautiful place I've ever been.
You understand why this is a place where a lot of hacking is being done?
Because the energy is free and it's cool. So you have a lot of servers going on there.
Server farms, the energy is coming up out of the ground, geothermal. And so, and then it keeps all the servers nice and cool.
So why not keep your computers there at a cheap rate?
I'll definitely visit for several reasons, including to talk to AV unit.
Yeah. What's other?
What the servers are there, but they don't probably live there. I mean, that's the interesting. I mean,
the Pacific, the PST of the time zone, so there's so many fast, anything's to explore here.
But so you got to add to that. I mean, the European Internet cable goes through there. So,
you know, across the Greenland and down through Canada and all that. So they have backbone
access with cheap energy and free cold weather, you know, and beautiful. Oh, and beautiful, yes.
So chat logs on that server, what are the, what was in the chat logs?
Everything, he kept them all.
That's another issue.
If you're getting a criminal enterprise, please don't keep out.
Again, I'm not making a guidebook
of how to commit the perfect crime.
But, you know, every chat you ever had,
and everyone's chat, it was like going into Facebook
of criminal activity.
Yeah, I'm just looking at texts with Elon Musk being part of the conversations.
I don't know if you're familiar, but they've been made public for the court case he's going
through.
He was going through.
He was going through, was going through with Twitter.
I don't know where it is.
But it made me realize that, oh, okay.
I'm generally, that's my philosophy on life, is like anything I text or email or say publicly
or privately, I should be proud of.
So I try to kind of do that because you basically, you say, don't keep chat logs, but it's very
difficult to erase chat logs from this world.
Like, I guess if you're a criminal,
that should be, like, you have to be exceptionally competent
at that kind of thing to erase your footprints
is very, very difficult.
Can't make one mistake.
All it takes is one mistake of keeping it.
But yeah, I mean, not only do you have to be,
whatever you put in a chat log or whatever you put in an email, it has to hold up and you have to be whatever you put in chat log or whatever
you put in an email, it has to hold up and you have to be a stand behind it publicly when
it comes out.
But it has to, if it comes out 10 years from now, you have to stand behind it.
I mean, we're seeing that now in today's society.
Yeah, but that's a responsibility.
You have to take it really, really seriously.
It felt like if I was a parent and advising teens, like you kind of have to teach them
that.
I know there's a sense like,
no, we'll become more accustomed to that kind of thing, but in reality, no, I think in the future
we'll still be held responsible for the weird shit we do. Yeah, a friend of mine, his daughter got
kicked out of college because of something she posted in high school and the shittiest thing for him,
but great for my kids. Great lesson. Look over there and you don't want that happen to you. Yeah. Okay. So in the chat logs was useful information like bread
crumbs of what of information that you can then pull that. Yeah. Great evidence and stuff.
You know, I mean, obviously, yeah, a lot of evidence. Here's a sale of this much heroin
because, you know, Ross ended up getting charged with a
ZAR status on certain things.
It's a certain weight in each type of drug that you had, I think it's four or five employees
of your empire and that you made more than $10 million.
It's just like the Narco track freighters get charged with, you know, uh, anybody out of Columbia, you know, and so.
And that was primarily what he was charged with during when he was arrested is the drug.
Yeah, and you got to charge with some of the hacking tools too.
Okay.
Like, because he's in prison, what for life sentences plus 40 years and no possibility of
parole in the federal system, there's no possibility of parole when you have life. The only way you get out is if the
president pardons you.
There's always a chance. There is. I think it was close. I heard I heard
rumors. There was close.
Well, right. So it depends given it's fascinating, but given the political,
the ideological ideas that he represented. And espoused, it's, it's fascinating, but given the political, the ideological ideas that he represented and
espoused, it's not out of the realm of possibility.
Yeah, I mean, I've been asked before who, you know, who does he get out of prison first
or does Snowden come back in North America?
I don't know.
I have no idea.
So, I just became a Russian citizen.
I saw that, and I've heard a lot of good, weird theories about that one.
Well, actually, on another tangent, let me ask you, do you think Snowden is a good or bad person?
A bad person.
Can you make the case that he's a bad person?
There's ways of being a whistleblower and there's rules set up on how to do that.
He didn't follow those rules.
I mean, I'm red, white and blue,
so I'm pretty, you know, I'm like,
I think his actions were anti-American.
I think the results of his actions were anti-American.
I don't know if his actions were anti-American.
Do you think he could have anticipated
the negative consequences of his action?
Should we judge him by the consequences
or the ideals
of the intent of his actions? I think we all get to judge him by best our own beliefs, but I believe
what he did was wrong. Can you still man the case that he is actually a good person and good for
this country for the United States of America as a flag bearer for the whistleblowers, the check on the power of government.
Yeah, I mean, I'm not a big government type guy. So, you know, even that sounds weird coming from
a government guy for so many years. But there's rules in place for a reason. I mean, he put, you know,
some of our best capabilities.
He made them publicly available.
They really kind of set us back in the,
and this isn't my world at all,
but the offensive side of cybersecurity.
Right, so he revealed stuff that he didn't need to reveal
in order to make the point.
Correct.
So you, if you can imagine a world where he leaked stuff that revealed the mass surveillance
efforts and not reveal other stuff. Like, is the mass surveillance, I mean, that's the thing that,
of course, there's in the interpretation of that there's fear mongering, but at the core,
that there's fear mongering, but at the core, that was a real shock to people that it's possible for government to collect data at scale.
It's surprising to me that people are that shocked by it.
Well, there's conspiracies, and then there's like actual evidence that that is happening.
I mean, it's a real, there's a lot of reality that people ignore, but when it hits you in
the face, you realize, holy shit, we're living in a new world.
This is the new reality, and we have to deal with that reality.
Just like you work in cybersecurity, I think it really hasn't hit most people.
How fucked we are, are in terms of cybersecurity. Okay, let me
rephrase that. How many dangers there are in a digital world, how
much under attack we all are, and how more intense the attacks are
getting, and how difficult the defense is, and how important it is,
and how much we should value it, and all the different things we should do
at the small and large scale to defend. Like most people really haven't woken up. They think about privacy
from tech companies. They don't think about attacks, cyber attacks.
People don't think they're a target. That message has definitely to get out there.
I mean, if you have a voice, you're a target. If the place you work, you might be a target.
You know, your husband might work at some place, and because now people are working from home,
so they're gonna target you to get access
to his network in order to get in.
When that same way, the idea that the US government
or any government could be doing master of valence
on its citizens is one that was a wake-up call
because you could imagine the ways in which that could
like you could abuse the power of that to control the citizenry for political reasons and purposes.
Absolutely. You know, you could abuse it. I think during the part of the Snowden League,
saw the two NSA guys were moderating like their girlfriends. And there's rules in place for that.
Those people should be punished if they're abusing that.
But how else are we going to hear about, you know, terrorists that are in the country
talking about birthday cakes?
And you know, that was a case where that was the trip word that, you know, we're going
to go bomb New York cities some way.
Yeah, it's complicated, but it just feels like there should be some balance of transparency.
There should be a check in that power.
Because like, you know, in the name of the war on terror, you can sort of sacrifice, there
is a trade opportunity in freedom, but it just feels like there's a giant slippery slope
on the sacrificing of freedom in the name of security.
I hear you. And you know, we live in a world where, well, I live in a world where I had to tell you exactly when I arrested someone, I had to write a 50 page document of how I arrested you.
And all the probable cause I have against you and all that. Well, you know, bad guys are reading
that. They're reading how I caught you and they're changing their way they're doing things. They're changing their M.O. They're doing it to be more secure. If we tell
people how we're monitoring, how what we're surveilling, we're going to lose that. The terrorists
are just going to go a different way. I'm not trying to, again, I'm not big government. I'm not
trying to say that it's cool that we're monitoring the US government's monitoring everything, you know, big tax monitoring, everything. They're just monetizing it versus
possibly using it against you.
But there is a balance. In those 50 pages, they have a lot of value. They make your job
harder, but they prevent you from abusing the power of the job. Yeah, that's a balance. That's the tricky balance.
So the chat logs in Iceland
give you evidence of the heroin
and all the large scale,
the czar level drug trading.
What else did it give you in terms of the how to catch? I gave a same structure.
So, the onion name was actually running on a server in France.
So, if you like, and it only came to you through a back channel of VPN to connect to the
Iceland server, there was a Bitcoin, like, an avult server that was also in Iceland.
And I think that was so that the admins
couldn't get into the Bitcoins.
The other admins that were hired to work on the site,
so you could get into the site,
but you couldn't talk to the money.
Only Ross had access to that.
And then, you know, another big mistake
on Ross's part is he had the backups for everything
at a data center in Philadelphia.
Don't put your infrastructure in the United States.
I mean, again, let's not make a playbook, but you know.
Well, I think these are low-hinge food that people of competence would know already.
I agree.
But it's interesting that he wasn't competent enough to make.
So he was incompetent in certain ways.
Yeah, I don't think he was a mastermind of setting up an
infrastructure that would protect his, his, his online business,
because you know, keeping chat logs, keeping a diary, putting
infrastructure where it shouldn't be bad decisions.
How did you figure out that he is in San Francisco?
So we had that part with Jared that he was on the west coast. And then
again, as Jared, Jared Degen was a he was a partner in he was a DHS agent
worked for HSI Homeland Security Investigations in Chicago. He started his Silk Road investigation
because he was working at a hair and a weird package came in. I'm couldn't find out. He started his Silk Road investigation because he was working at O'Hare and a weird package
came in, couldn't have find out. He traced it back to Silk Road. So he started working at a Silk
Road investigation long before I started my case. And he made his way up undercover all the way to
be an admin on Silk Road. So he was talking to Ross on a jababber server, the private jabber server, private chat communication server.
And we noticed that Ross's time zone
on that jabber server was set to the West Coast.
So we had Pacific time on there.
So we had a region one-twenty-fourth of the world
was covered of where we thought it might be.
And from there, how do you get to San Francisco?
There was another guy, an IRS agent that was part of the team, and he used a powerful
tool to find his clue.
He used the world of Google.
He simply just went back and Googled around for Silk Road at the time it was coming up
and found some posts on like some help forums that this guy was starting an
onion website and wanted some cryptocurrency help. And if you could help him, please reach
out to Ross.albric at gmail.com in my world. That's a clue.
Okay, so that's as simple as that. Yeah. and the name he used on that post was Frosty.
Yeah, so you have to connect Frosty and other uses in Frosty and here's a Gmail and the Gmail
has the name.
The Gmail posted that I need help under the name Frosty on this forum.
So what's the connection of Frosty elsewhere?
The person logging into the Philadelphia backup server, the name of the computer was Frosty.
Another clue in my world. And that's it. The name is there, the connection to the Philadelphia
server, and then to Iceland is there. And so the rest is small details in terms of, uh,
or is there interesting details? No, I mean, there's some electronics surveillance that find Ross Alberg living in a house and
is there, you know, is a computer at his house attaching to, uh, you know, does it have
tour traffic at the same time that DPR's on, um, another big clue, matching up time frames.
Again, just putting your email out there, putting your name out there like that.
Like, what I see from that, just at the scale of that market, what I, what it just makes me wonder how many criminals are out there that are not making these low-hanging food mistakes, and are still successfully operating.
To me, it seems like you could be a criminal, much, it's much easier to be a criminal on the internet.
What else to use?
Interesting to understand about that case of us
and that's still crude and just the history of it
from your own relationship with it,
from a cybersecurity perspective,
from an ethical perspective, all that kind of stuff.
When you look back, what's interesting to you about that case?
I think my views on the case have changed over time.
I mean, it was my job back then.
So I just looked at it as of, you know, I'm going after this.
I sort of made a name for myself in the bureau for the anonymous case, and then this one
was just, I mean mean this was a bigger deal
I mean they flew me down to DC to meet with the director about this case. The president of the United
States was going to announce this case the arrest unfortunately the government shut down two days
before so it was just us and that's really the only reason I had any publicity out of it is because
the government shut down and the only thing that went public was that affidavit with my signature at the end.
Otherwise it would have just been the attorney general and the president announcing the
rest of this big thing and you wouldn't have seen me.
Did you understand that this was a big case?
Yeah.
I knew it.
Yeah, the new design.
Was it because of the scale of it or what it stood for?
I just knew that the public was gonna react
and a big way, like the media was,
now I think that it was gonna be on the front page
of every newspaper than the day after the arrest, no.
But I could sense it, like I went like three or four days
without sleep.
When I was out in San Francisco to arrest Ross,
I had sent three guys to Iceland to,
so it was a three-prong approach for the takedown.
It was get Ross, get the bitcoins,
and seize the site. We didn't want someone else taking control of the site, and we wanted
that big splash of that banner. Look at the government found this site. You might not
want to think about doing this again.
So, you were able to pull off all three?
Maybe that's my superpower. I'm really good about putting smarter people than I am,
together, and on the right things.
I definitely only way to do it.
In the business I formed, that's what I did.
I hired only smarter people than me.
And I'm not that smart, but smart enough
to know who the smart people are.
The team was able to do all three.
Yeah, we were able to get all three done.
Yeah, and the one guy, one of the guys,
the main guy's I sent to Iceland,
and he was so smart.
I sent another guy from the FBI to France to get that part and he couldn't do it.
So the guy in Iceland did it from Iceland.
They had to pull some stuff out of memory in a computer.
You know, it's lie process stuff.
I'm sure you've done that before, but...
I'm sure you did done that before, but I'm sure you did.
Look at what you're doing.
You're just like a multi-layer interrogation going on.
Was there a concern that somebody else
would step in and control the site?
Absolutely.
We didn't have insight on who exactly I control.
So it turns out that Ross had like dictatorial control.
So it wasn't easy to delegate to somebody else.
He had, I think he had some sort of ideas. I mean his diary talked about walking away and giving
it to somebody else, but he didn't, he couldn't give up that control on anybody apparently.
Which makes you think that power corrupts and his ideals were not as strong as he espoused
about. Because if it was about the freedom of
being able to buy drugs, if you want to, then he surely should have found ways to delegate
that power.
We changed over time.
You could see it in his writings that he changed.
So people argue back and forth that there was never murders on Silk Road when we were doing
the investigation to us, there were six murders.
So there was the way we see him at the time was Ross ordered people to be murdered.
You know, some people stole from him and all that.
It was sort of an evolution from, oh man, I can't deal with this, I can't do it, it's too
much. evolution from oh man, I can't deal with this. I can't do it. It's too much to the last one was like
The guy said well, he's got three roommates
It's like I will kill them too. Was that ever proven in court? No, it's murder the murders never went forward because there was some
Some stuff problems in that case. So there was a separate case in Baltimore
That they had been working on for a lot longer. And so, you know, during the investigation, that caused a bunch of problems because now we have
multiple federal agencies case against the same thing. How do you decide not to push forward the
murder investigations? So there was a deconfliction meeting that happened in DC. I didn't happen to go to that meeting, but Jared went, this is
before I ever knew Jared, and we have like televisions where we can just sit in a room
and sit in on the meeting, but it's all, you know, secured network and all that, so we
can talk openly about secure things. And we sat in on the meeting and people just kept
saying the term sweat equity.
I've got sweat equity, meaning that they had worked on the case for so long that they deserve to take them down.
And by this time, you know, no one knew about us, but we told them at the meeting that we had found the server and we have a copy of it and we have the infrastructure.
And these guys had just had communications under covers.
They didn't really know what was going on.
And this wasn't my first deflection meeting.
We had a huge deflection meeting during the anonymous case.
What's the deflection meeting?
Agents within your agency or other federal agencies have an open investigation
that if you expose your case or took down your case,
would hurt their case or the other way.
Oh, so you kind of have,
it's like the rival gangs meet at the table
in a smoke filled room and...
Less bullets at the end, but yeah.
Yes.
It's a boy with a sweat equity.
Yeah.
I mean, there's careers at stake, right?
Yeah.
You hate that idea.
Yeah, I mean, why would you, why is that at stake? right? Yeah. You hate that idea. Yeah.
I mean, why would you?
Why is that a stake?
Just because you've worked on it long enough, longer than I have, that means you get you,
you did better.
Yeah.
That's, that's insane to me.
That's rewarding, bad behavior.
And so that one of the part of the sweat equity discussion was about murder and this was,
here's a chance to actually bust them, be given the data to have from Iceland and all that kind of stuff. So why, well, they wanted us just to turn
the data over to them. To them. Yeah. Thanks. Thanks for getting us this far. Here it is.
I mean, it came to the point where they sent us like, they, they had a picture of what
they thought Ross was. And it was an internet meme. It really was a meme. It was a photo that we could look up.
Like it was insane.
All right, so there's different degrees of competence all across the world between different people. Yes. Okay. Just part of you regret because you push forward the heroin and the drug trade.
We never got to the murder discussion.
I mean, the only regret in it is that the internet doesn't seem to understand.
They just kind of blow that part off that he literally paid people to have people murdered.
It didn't result in a murder, and I think God knows and results it in a murder.
But that's where his mind was. His mind and where he wrote in his diary was that I had people killed, and here's the money. He paid it.
He paid a large amount of bitcoins for that murder.
So those murders...
You didn't just even think about it, he actually took action, but the murders never happened.
He took action by paying the money.
Correct.
And the people came back with the results.
He thought they were murdered.
That said, can you understand the steel man in the case for the drug trade on Silk Road?
Like, can you make the case that it's a net positive for society?
So, there was a time period of when we found out the infrastructure, and when we built the
case against Ross, I don't remember, he's at six weeks, a month, two months, I don't
know, somewhere in there.
But then at Ross's ascendancy, there was a father that stood up and talked about his
son dying.
And I went back and kind of did the math, and it was between those time periods of when
we knew we could shut it down, we could have pulled the plug on the server and gone.
And when Ross was arrested, his son died from buying drugs and so on.
And I still think about that father a lot. But if we look at scale
at the war on drugs, let's just even outside of cell code, do you think the war on drugs by the
United States has caused, has alleviated more suffering or caused more suffering in the world?
That might be above my pay scale. I mean, I understand the other side of the argument. I mean, people said that I don't have to go down to the corner to buy drugs.
I'm not going to get shot on the corner buying drugs or something.
I can just have them sent to my house. People are going to do drugs.
Anyways, I understand that argument
from my personal standpoint. If I made it more difficult for my children to get drugs
that I'm satisfied.
So your personal philosophy is that if we legalize all drugs, including heroin and cocaine,
that would not make for a better world.
I don't, no, personally, I don't believe.
Do you think that organizing all drugs would make for a better world?
Can you imagine that it would?
Do you understand that argument?
Sure, I mean, as I've gotten older, I've started to, I like to see both sides of an argument
and when I can't see the other side, I let's when I can really like to dive into it.
And I can see the other side, I can see the why people would say that.
But I don't want to be my race children in a world where drugs are just free for use.
And then the other side of it is, was Silk Road taking down Silk Road?
Did that increase or decrease the number of drug trading criminals in the world?
It's unclear.
Online, I think it increased. I think, you know, that's one of the things I think about a lot with Silk Road was that
no one really knew.
I mean, there were thousands of users, but then after that, it was on the front page of
the paper, and there was millions of people that knew about Tor and onion sites.
It was an advertisement.
You know, I would have thought, I thought crypto was going to crash right after that.
Like, I don't know.
Like, what people now see, that bad people are doing bad things with crypto.
That'll crash.
Well, I'm obviously wrong on that one.
And I thought, you know, Ross was sentenced to two life sentences plus 40 years.
No one's going to start up these dark markets exploded after that.
You know, some of them started as, you know, opportunistic.
I'm going to, you know, take those escrow accounts and I'm going to steal all the money that came in. You know, they of them started as, you know, opportunistic, I'm gonna, you know, take those escrow accounts
and I'm gonna steal all the money they came in,
you know, they were with that.
But, you know, but there were a lot of dark markets
that popped up after that.
Now, we put the playbook out there.
Yeah, yeah, but and also there's a case for,
do you ever think about not taking down,
if you've not taken down a silk road, you could use it because
it's a market. It itself is not necessarily the primary criminal organization. It's a
market for criminals. So it could be used to track down criminals in the physical world.
So if you don't take it down, given that it was, you know, the central, how centralized it was, it could be used as
a place to find criminals, right?
So the dealers, the drug dealers?
They take it out of the dealers?
Yeah.
So if you have the cartel, get the cartels, start to get to involve you, go after the dealers.
It would have been very difficult because of the tour.
Because of all the productions and anonymityity decloaking all that would have been
drastically more difficult and a lot of people in upper management of the FBI didn't have the appetite of running
Something like that that would have been the FBI running a drug market
How many how many kids how many fathers would have to come in and said my kid bought while the FBI was running a site a
Drug site my kid died so I didn't know anybody in the FBI was running a site, a drug site, my kid died. So I didn't know anybody in the FBI in management, they would have the appetite to let us run
what was happening on Silk Road.
Because remember that time we still believe
in six people are dead.
We're still investigating, where are all these bodies?
That's pretty much why we took down Ross when we did.
I mean, we had to jump on it fast.
What else can you say about this complicated world that has grown of the dark web?
I don't understand it.
It would have been something for me.
I thought I thought it was gonna collapse,
but I mean, it's just gotten bigger in what's going out there.
Now, I'm really surprised that it hasn't grown
into other networks or people haven't developed
other networks, but you mean,
or like instead of tour.
Yeah, yeah.
Tour's still the main one out there.
I mean, there's a few others
and I'm not gonna put an advertisement out for them,
but I thought that market would have grown.
Yeah, my sense was when I interacted with tour,
it was that there's huge usability issues,
but that's for like legal activity.
Yeah.
Because like if you care about privacy, it's just not as good of a browser, like to look
at stuff.
No, it's way too slow.
It's way too slow.
I mean, you can't even, like, I know some people would use it to like view movies like
Netflix, you can only view certain movies in certain countries, you can use it for that,
but it's too slow even for that. So,
were you ever able to hold in your mind the landscape of the dark web, like what's going on out there?
It's like to me as a human being, it's just difficult to understand the digital world,
like these anonymous usernames, like doing anonymous activity.
It's just, it's hard to, what am I trying to say?
It's hard to visualize it in the way I can visualize
a couple of reading a lot about Hitler.
I can visualize meetings between people, military strategy,
deciding on certain evil atrocities, all that kind of stuff.
I can visualize the people, there's agreements,
hands, handshakes, stuff signed, groups built,
like in the digital space, like with bots,
with anonymity, anyone human can be multiple people.
It's just, yeah, it's all lies, it's all lies.
Yeah, it feels like I can't trust anything.
No, you can't, you honestly can't.
And like, you can talk to two different people,
and it's the same person.
Like, there's so many different, you know,
Hector had so many different identities online
that, you know, of things that, you know,
that the lies to each other.
I mean, he lied to people inside his group
just to use another name to spy on,
make sure what they're, you know,
we're talking shit behind his back
or we're doing anything.
It's all lies. And people that can keep all those lies straight. It's unbelievable to me.
Ross Allbrick represents the very early days of that.
That's why the, the competence wasn't there.
Just imagine how good the people are now.
The kids that grow up.
Oh, they've learned from his, the his mistakes.
Just the extreme components.
You just see how good people are at video games,
like the level of play in terms of video games.
Like I used to think I sucked.
Now I'm not even like, I'm not even in the like
consideration of calling myself shitty at video games.
I'm not even, I'm like non-existent. I'm like the mold.
Yeah, I stop playing it, it's so embarrassing.
It's embarrassing.
It's like wrestling with your kid, and you finally beats you.
You're like, well, fuck that, I'm not wrestling.
I'm like, get it any, or you're never again.
And in some sense, hacking at his best and it's worse
is a kind of game, and you can get exceptionally good
at that kind of game.
And you get the accusations of it.
I mean, there's power that comes along.
If you have success, look at the kid
that was hacking into Uber and rocks our games.
He put it out there that he was doing it.
I mean, he used the name, whatever hacked into Uber
was his screen name.
He was very proud of it.
I mean, one building evidence against himself.
But he wanted that slap on the back
like, look at what a great hacker you are.
Yeah.
What do you think is in the mind of that guy?
What do you think is in the mind of Ross?
Do you think they see themselves as good people?
Oh, no.
Do you think they acknowledged the bad
they're doing down to the world?
So that Uber hacker, I think that's just youth, and not realizing what consequences are,
I mean, based on his actions.
Ross was a little bit older.
I think I'd Ross truly is a libertarian.
He was truly had his beliefs that he could provide the gateway for other people to live
that libertarian lifestyle and put in their body what they want.
I don't think that was a front or a lie.
What's the difference between DPR and Ross? He said, like, I have never met Ross until I have
only had those two days of worth of interaction. It's just interesting given how long you've
chased him and then having met him, what was the difference to you as a human being?
He was a human being. He was an actual person. He was nervous when we arrested him.
So one of the things that I learned through my law enforcement career is,
if I'm going to be the case agent, I'm going to be the one in charge of deal with this person,
I'm not putting handcuffs on him. Something else is going to do that. I'm going to be there to help him.
You can do it to help.
And so, you know, right after someone's arrested, you obviously have had them down for weapons to make
sure for every safety. But then I just put my hand on their chest. Just feel their heart, feel their
breathing. I'm sure it's the scariest day. But then to have that human contact kind of settles people
down. And you kind of let's start thinking about this. I'm gonna tell you, you know, I'm gonna be open
and honest with you.
You know, there's a lot of cops out there
and federal agents cops that just go to the hard ass tactic.
You don't get very far with that.
You don't get very far being a mean asshole to somebody,
you know, be compassionate, be human.
And it's gonna go a lot further.
So given everything he's done,
you were still able to have compassion for him. Yeah. We took him to the jail and we, so he, it was after
hours. So he didn't get to see a judge that day. So he's sick. We stuck in the San Francisco
jail. I hadn't slept for about four days because I was dealing with people in Iceland,
bosses in DC, bosses in New York. So I and I was in San Francisco, so time frame.
Like the Iceland people were calling me
when I was supposed to be sleeping, it was insane.
But I still went out that night,
well Ross sat in jail and bought him breakfast.
I said, what do you want for breakfast?
I'll have a nice breakfast for you
because we picked him up in the morning
and took him over to the FBI,
did the FBI booking, the fingerprints and all that.
And I got him breakfast.
I mean, you don't get paid back for that sort of thing.
I'm not looking but,
how do my own-
Did he make special requests for breakfast?
Yeah, he asked for certain things.
Like, can you mention, there's that top secret FBI.
That's not top secret.
I think you want us to get a nulla bars.
And, you know, but,
but he already had a lawyer up.
So, you know, which is his right, he can do that.
So I knew we were gonna work together,
you know, like I did with Hector.
But I mean, this is a lot of that's the last day.
Most of the conversations have to be them with lawyers.
From that point on, I can't question him
when he asked for a lawyer,
or if I did, it couldn't be used against him.
So we just had conversation where I talked to him.
You know, he could, you know,
could say things to me,
but then I would remind him that he asked for a lawyer,
and he'd have to wave that and all that.
But we didn't talk about his case so much,
we just talked about human beings.
Did he, with his eyes, with his words,
revealing kind of regret,
or did you see a human being changing,
understanding something about themselves
and the process of being caught?
No, I don't think that.
I mean, he did offer me $20 million to let him go when we were driving to the jail.
Oh, no.
And I asked him, what I was going to do with the agent that sat in the front seat.
The money really broke him, huh?
I think so.
I think he kind of got caught up in how much money it was and how, you know,
when crypto started, it was pennies and by the time you get arrested, it was 120 bucks and the other,
you know, 177,000 bitcoins, even today, you know, that's a lot of bitcoins.
So you really could have been, if you continue to be one of the richest people in the world,
I possibly could have been, if I took that 20 million then, I could have been if you continue to be one of the richest people in the world. I possibly could have been if I took that 20 million then I could have been a living we
could have this conversation in Venezuela in a castle in a palace.
Yeah until it runs out and then the government storms the castle.
Yeah.
Have you talked to Russ since?
No.
No.
I would be open to it.
I don't think he probably wants to hear from me.
And do you know where in which prison he is?
I think he's somewhere out in Arizona.
I know he was in the one next to Supermax
for a little while, like the high security one
that shares the fence with Supermax,
but I don't think he's there anymore.
I think he's out in Arizona.
I haven't seen in a while.
I wonder if he can do interviews in prison?
That'd be nice.
Some people are allowed to.
So I've not seen an interview with him.
I know people have wanted to interview him
about books and that sort of thing.
Right, because the story really blew up.
Did it surprise you?
How much the story?
And many elements of it blew up.
Movies.
It did surprise me.
Like my wife's uncle, who I didn't,
I've been married to my wife for 22 years now.
I don't think he knew my name.
And he was excited about that.
He reached out when the, when Silk Road came out.
So he, you know, that was surprising to say.
Did you think the movie was on the, on the topic was good?
I didn't have anything to do with that movie.
I've watched it once.
It was kind of cool that Jimmy Simpson, you know,
was my name in the movie. But outside of that, I thought it sort of missed the mark on some
things.
When Hollywood, I don't think they understand what's interesting about these kinds of
stories. And there's a lot of things that are interesting and they missed all of them.
So for example, I recently talked to John Carmack, who is a world class developer and so on.
So Hollywood would think that the interesting thing about John Carmack is some kind of like,
shitty, like a parody of a hacker or something like that.
They would show like really crappy, like, emulation of some kind of Linux terminal thing.
The reality is like the technical details for five hours with him,
for 10 hours with him is what people actually want to see.
Even people that don't program, they want to see a brilliant mind,
the, the details that they're not,
that even if they don't understand all the details,
they want to have an inkling of the genius there.
That's just one way I'm saying, like,
that you want to reveal the, the, the genius,
the complexity of that world in interesting
ways and to make a Hollywood almost parody caricature of it, it just destroys the spirit of the thing.
So one, the operation of BI is fascinating. Just tracking down these people on the side of security
front is fascinating. The other is just how you run a tour, how you run this kind of organization, the trust
issues of the different criminal entities involved, the anonymity, the low hanging fruit,
the being shady at certain parts, the unattack on the front.
All those are fascinating things.
That's what a movie should reveal.
It should probably be a series, honestly,
and that's like a series in the movie.
Yeah, and one of that FX show or something like that,
kind of gritty, you know?
Yeah, yeah, gritty.
Exactly, gritty.
I mean, shows like Chernobyl from HBO made me realize,
okay, you can do a good job of a difficult story
and reveal the human side,
but also reveal the technical side
and have some deeper, fun understanding on that case,
on the bureaucracy of a Soviet regime.
In this case, you could reveal the bureaucracy,
the chaos of a criminal organization,
of law enforcement organization.
I mean, there's so much to explore, it's best.
Yeah, I like to know, like, when I rewatch it,
I can't watch episode three,. The the the animal sent the episode they go around shooting all the
dogs and all that. I got to skip that part. We're a big soft yeah. I really am. Yeah. I'm sure
I'll probably cry at some point. I love it. I love it. Listen, don't get me talking to
that episode you made about your grandmother. Oh my god, that was rough. Just a linger on
this ethical versus legal question, what do you think about
people like Aaron Schwartz? I don't know if you're familiar with him, but he was
somebody who broke the law on the name of an ethical ideal. He downloaded and
released academic publications that were behind paywall.
And he was arrested for that and then committed suicide.
And a lot of people see him, certainly in the MIT community,
but throughout the world as a hero.
Because you look at the way knowledge, scientific knowledge, is being put behind paywalls, it does
seem somehow unethical.
And he basically broke the law to do the ethical thing.
Now you could challenge it, maybe it is unethical, but there's a gray area, and to me at least it is ethical.
To me at least he is a hero, because I'm familiar with the paywall created by the institutions
that hold these publications, they're adding very little value.
So it is basically holding hostage the work of millions of brilliant scientists
for some kind of honestly a crappy capitalist institution. Like they're not actually making
that much money. It doesn't make any sense to me. It should, to me, it should all be open
public access. There's no reason it shouldn't be all publication. So he stood for that ideal
and it was punished harshly for it. That's the other criticism was too harshly. And of course,
deeply unfortunately, that also led to a suicide because he was also tormented on many levels.
I mean, are you familiar with him?
What do you think about that line between what is legal and what is ethical?
So it's tough. It's a tough case. I mean, the outcome was tragic, obviously.
Unfortunately, when you're in law enforcement, you have to, your job is to enforce the laws.
I mean, it is not if you're told that you have to do a certain case, you know, and there
is a violation of at the time, you know, 18 U.S. 10, 10, 30 computer hacking.
You have to press forward with that.
I mean, you have to charge, you bring the case to the university, you know, the university
agency office and whether they're going to press charges or not, you know, you can't,
you can't really pick and choose what you press and don't press for it. I never felt that
at least that flexibility and on the FBI. I mean, maybe when you're a street cop and you
pull somebody over, you can let them go with a warning.
So the FBI, you're sitting in a room, but you're also, you're also human being, you have
your passion, you arrested Ross, they hand on the chest. I mean, that's, that's a human thing.
Right. So there's a, but I can't be the jury for whether it was a good hack or a bad hack.
It's all someone, a victim has come forward and said, we're the victim of this. And I agree
with you, because again, I, the basis of the internet was to share academic thought. I mean,
that's where the internet was born. But it's not, it's not up to you. So the, the role of the internet was to share academic thought. I mean, that's where the internet was born.
But it's not up to you.
So the role of the FBI is enforced the law.
Correct.
And there's a limited number of tools
on our Batman belt that we can use.
Not to get into all the aspects of the Trump case
and in Mar-a-Lago and the documents there.
I mean, the FBI has so many tools they can use and a search warrant is the only way they
could get in there.
I mean, that's it.
There's no other legal document or legal way to enter and get those documents.
What do you think about the FBI and Mar-a-Lago and FBI taking the documents for Donald Trump. You know, it's a tough spot. It's a really tough spot. The FBI's got a lot of black
eyes, you know, recently. And I don't know if it's the same FBI that I remember when I
was there. Do you think they deserve it in part? Was it done clumsily the way the they're rating of the former president's residence?
Yeah
It's tough. It's you know because again, they're only limited to what they're allowed what they're legally allowed to do and in a search warrant
Is the only legal way of doing it?
I have my personal and political views on certain things
You know and I think it might be surprising to somewhere those
political points stand. But you told me offline that you're a hardcore communist.
That was very, very surprising to me. Well, that's only you will try to bring me into the
communist party. Exactly. I was trying to recruit you.
It's giving you all kinds of flyers.
Okay. But you said, like, you know, people in that
BI just found the law, but there's a chain of command. And so on,
what do you think about the conspiracy theories that people,
some small number of people inside the FBI conspired to undermine
the presidency of Donald Trump?
If you would ask me when I was inside and before all this
happened, I was like, it never happened. I don't believe in conspiracies. There's too many people
involved. Something's going to come out with some sort of information. But I mean, from
the more the stuff that comes out, it's surprising that agents are being fired because of certain
actions they're taken inside and being dismissed because of politically motivated actions.
So do you think it's explicit or just pressure? Do you think that it could exist just pressure at the higher ups?
That has a political leaning and you kind of
maybe don't explicitly order any kind of thing
but just kind of pressure people to lean one way or the other and then create a culture that
leans one way or the other based on political leanings?
You would really, really hope not, but I mean that seems to be the narrative that's being written. the other and then create a culture that leans one way or the other based on political leanings.
You would really, really hope not, but I mean, that seems to be the narrative that's
being written.
But when you were operating, you didn't feel that pressure.
Man, I was just a low level.
You know, I had no aspirations of being a boss.
I wanted to be a case agent my entire life.
So you love the puzzle of it, the chase.
I love solving things.
Yeah, to be a management and
manage people and all that and like no desire whatsoever. What do you think about Mark Zuckerberg
on Joe Rogan's podcast saying that they have to be I warned Facebook about potential for
an interference. And then Facebook inferred from that that they're talking about
Hunter Biden laptop story and thereby censored it. We think about that whole
story. Again, you asked me when I was in the FBI, I wouldn't believe it from being
on the inside. I wouldn't believe these things. But there's a certain narrative
being written that is surprising to me that the FBI is involved in these
stories. So, but the interesting thing me that the FBI is involved in these stories.
So, but the interesting thing there is the FBI is saying that they didn't really make
that implication. They're saying that there's interference activity happening. Just watch
out. And it's a weird relationship between FBI and Facebook. You could see from the best
possible interpretation that the FBI just wants Facebook to be aware, because it is a powerful platform, a platform for viral spread of misinformation. So, in the best
possible interpretation of it, it makes sense for API to send some information saying like we were
seeing some shady activity. Absolutely. But it seems like all of that somehow escalated to a
political interpretation. I mean, yeah, it sounded like there was a wink wink with it.
Right.
I don't know if Mark met for that to be that way.
You know, like again, are we being social engineered or was that a true expression that
that Mark had?
And I wonder if the wink wink is direct or just culture really you know maybe
Certain people responsible on the Facebook side lean have a certain political lean and then certain people on the FBI side have a political
Lean when they're interacting together and it's like literally has nothing to do with the
Giant conspiracy theory but just with the culture that has a particular
political lean during a particular time in history.
And so maybe it could be a hundred buy in laptop one time and then it could be
whoever Donald Trump Jr.'s laptop another time.
It's a tough job. I mean, if you're the liaison, if you're the FBI's liaison to Facebook,
you know, there are certain people that I'm sure they were offered a position at some
point.
They seem to be, you know, there's FBI agents that go, I know I've got a couple that's
gone to Facebook.
This is a really good agent that now leads up their child exploitation stuff.
Another squadmate runs their internal investigations, both great investigators.
So, you know, there's good money
Especially when you're an FBI agent that's capped out at a you know a 1310 or whatever pay scale you're capped out at
It's it's alluring to to be you know, maybe want to please them and
and be asked to to join them. Yeah
And over time that corrupts.
I think there has to be an introspection in tech companies
about the culture that they develop,
about the political ideology, the bubble.
It's interesting to see that bubble.
I've asked myself a lot of questions
of interviewed the Pfizer CEO,
what seems now a long time ago.
And I've gotten a lot of criticism,
the positive comments, but also criticism
from that conversation.
And I did a lot of soul searching
about the kind of bubbles we have in this world.
And he makes me wonder pharmaceutical companies,
they all believe they're doing good.
And I wonder, because the idea that have
is to create drugs that help people and do so at scale.
And it's hard to know at which point that can be corrupted
and it's hard to know when it was corrupted and if it was corrupted and where, which drugs
and which companies and so on.
And I don't know.
I don't know that complicated.
It seems like inside a bubble, you can convince yourself if anything is good.
People inside the third Reich regime were able to convince themselves.
I'm sure many, just bloodlamps,
there's another book I've been really recently reading about it, and the ability of humans
to convince they're doing good when they're clearly murdering and torturing people in front
of their eyes is fascinating.
They're able to convince themselves they're doing good.
It's crazy.
Like, there's not even an inkling of doubt.
Yeah, I don't know what to make of that.
It has taught me to be a little bit more careful when I enter to different bubbles to be skeptical
about what's taken as an assumption of truth.
You always have to be skeptical about,
like what's assumed this true?
Is it possible it's not true?
You know, if you're doing,
if you're talking about the America,
it's assumed that, you know,
in certain places that surveillance is good.
Well, let's question that assumption.
Yeah, and I also, it inspired me to question my own assumptions
that I hold this true constantly, constantly,
it's tough.
It's tough.
But you don't grow.
Do you want to be just static and not grow?
You have to question yourself on some of these things.
If you want to grow as a person.
Yeah, for sure.
Now, one of the tough things actually,
if being a public personality, when you speak publicly, is you get attacked all along the way as
you're growing. And in part, a big, softy, as well, if I may say, and those heart, it hurts,
it hurts. It hurts. Do you pay attention to it? Yeah.
Yeah.
Yeah.
It's very hard.
Like, I have two choices.
One you can shut yourself off from the world and ignore it.
I never found that compelling.
This kind of idea of like, hate is going to hate.
Like this idea that anyone with a big platform or anyone's ever done anything was always gotten
hate.
Okay, maybe.
But I still want to be vulnerable where my heart and my sleeve really show myself, like
open myself to the world, really listen to people.
And that means every once in a while somebody will say something that touches me in a way
that's like, what if they're right?
Do you let that hate influence you?
I mean, can you be bullied into a different opinion than you think you really are just because
of that hate?
No, no, I believe not, but it hurts in a way that's hard to explain.
Yeah, it just, it gets to like, it shakes your faith in humanity actually, is probably
why it hurts.
People that call me a putin apologist or as a landscapeologist, which I'm currently
getting almost an equal amount of, but it hurts. It hurts because I, it hurts because it, like, it damages slightly my faith in humanity
to be able to see the love that connects us and then to see that I'm trying to find that.
And that's, I'm doing my best in the limited capabilities I have to find that. And that's, I'm doing my best in the limited capabilities I have to find that.
And so to call me something like a bad actor essentially, from whatever perspective,
it just makes me realize, well, people don't have empathy and compassion for each other.
And it makes me question that for a brief moment. And that's like a crack. And it hurts.
How many people do this to your face?
Very few.
It's online e-mossals, man.
I have to be honest, it happens.
Because I've hung around with Rogan enough,
when your platform grows,
there's people that will come up to Joe and say,
stuff to his face that they forget.
They still, they forget he's actually a real human being. They'll make
accusations about him. So does that cause him to wall himself off more? No, he's
he's pretty gangsta on that. But yeah, it's still hard. If you're if you're a
human, if you really feel others, I think that's also the difference with Joe and me.
He has a family that he deeply loves and that's an escape from the world form.
There's a loneliness in me that's always longing to connect with people and with regular people,
just to learn their
stories and so on. And so if you open yourself up that way, the things they tell you can
really hurt. In every way, like, just me going to Ukraine, just seeing so much loss and
death, some of it is like, is, I mean, unforgitably haunting, not in some kind of political way, activist
way, or who's right, who's wrong way, but just like, man, like so much pain, you see
it and just stays with you.
When you see a human being bad to another human, you can't get rid of that in your head.
You can't imagine that we can treat each other like that. That's
the hard part, I think. I mean, it's for me, it is. When I saw parents, like, when I
did the child exploitation stuff, when they rented their children out, they literally rented
infant children out to others for sexual gratification. Like, I don't know how a human being could
do that to another human being. And that sounds like the kind of thing you're going through.
I went through a huge funk when I did those cases afterwards.
I should have talked to somebody, but in the FBI, you have to keep them a cheese mop up
or they're going to take your gun away from you.
Well, I think that's examples of evil that that's like the worst of human nature, but just because I have wars is just as bad.
I mean, somehow war, it's somehow understandable, given all the very intense propaganda that's
happening. So it's you can understand that there is love in the heart of the soldiers on each side, given the information they're given.
There's a lot of people on the Russian side believe they're saving these Ukrainian cities from Nazi occupation.
Now, there is stories.
There is a lot of evidence of people for fun murdering civilians.
Now, that is closer to the things you've experienced of like evil embodied.
And I haven't interacted with that directly with people who for fun murdered civilians.
But you know it's there in the world.
I mean, you're not naive to it.
Yes, but if you experience that directly,
if somebody shots somebody for fun in front of me,
that would probably break me.
Yeah.
Like seeing it yourself,
knowing that it exists is different
than seeing it yourself.
Now, I've interacted with the victims of that
and they tell me stories and you see their homes destroyed, destroyed for no good military reason.
It's civilians with civilian homes being destroyed. That really lingers with you. But, um, yeah, the people that are capable of that.
That goes with the propaganda. I mean, if you had to build a story, you have to, you know, you have to have on the other side, you know,
the homes are going to be destroyed. The non-military targets are going to be destroyed.
To put it in perspective, I'm not sure a lot of people understand the deep human side,
or even the military strategy side of this war.
There's a lot of experts outside of the situation that are commenting on it with certainty.
And that kind of hurts me because I feel like there's a lot of uncertainty.
There's so much propaganda. It's very difficult to know what is true.
Yeah. So my whole hope was to travel to Ukraine, to travel to Russia, to talk to soldiers,
to talk to leaders, to talk to real people that have lost homes, that have lost family members,
leaders to talk to real people that have lost homes, that have lost family members, that this war has divided, who this war changed completely, how they see the world, whether
they have love or hate in their heart to understand their stories.
I've learned a lot on the human side of things by having talked to a lot of people there,
but it has been on the Ukrainian side for me currently.
Traveling to the Russian side is more difficult
Let me ask you about your now friend can we go as far as it says friend in a sabu and hector
Mazagir
What's the what's what's the story? What's your long story with him can you tell me about?
What is Losek? Who is Sabu?
And who's anonymous? What is anonymous? Where's the right place to start that story?
Probably anonymous. Anonymous is a, it's still, I guess, a decentralized organization.
They call themselves headless, but once you look into them a little ways, they're not really headless.
They call themselves headless, but once you look into them a little ways and they're not really headless
the power struggle comes with whoever has a hacking ability
That might be your good hacker or you have a giant botnet used for DDoS
So you're gonna wield more power if you can control where it goes
Anonymous started doing their like hack-divism stuff in 2010 or so.
The word hack was in the media all the time then. And then right around then there was a federal contractor named H.B. Geary Federal. Their CEO was Aaron Barr. And Aaron Barr said he was going to come
out and de-anonymize anonymous. He's going to come out and talk at blackhead or Defcon or one of those and say you know who they are
He figured it out or so you figured it out by based on you know when people were online when people were in IRC when tweets came out
It was there was no scientific proof behind it or anything
So he's just gonna falsely name people that were that were in anonymous
So anonymous one on the attack they went and hacked in HBG,
HBG, Federal, and they turned his life upside down.
They took over his Twitter account and all that stuff.
Pretty quickly.
I have very mixed feelings about all of this.
Okay.
I get,
like part of me
admires the positive side of the hacktivism.
Okay.
Is there no room for admiration there of the fuck you to the man?
Not at the time.
Again, it was the violation.
18 U.S.E. 1030.
So, it was my job.
It's what I, you know, so at the time, no, in retrospect, sure.
Okay.
But what was the philosophy of the activism?
Was it, what, the philosoph philosophically were they at least expressing it
for the good of humanity or no?
They outwardly said that they were gonna go after people
that they thought were corrupt.
So they were judge and jury on corruption,
they were gonna go after it.
Once you get inside and realize what they were doing,
they were going after people that they had an opportunity
to go after.
So maybe someone had a zero day and then they searched for servers running that zero day. And then from there, let's find a target. I mean, one time they went after a toilet paper company.
I still don't understand what that toilet paper company did, but it was an opportunity to make a splash.
Is there some of the joke for the Lolls?
It developed into that. So I think the
hack to wisdom and the anonymous stuff wasn't so much for the lows. But from that, HBG or Federal
HAC, then there were six guys that worked well together and they formed a crew, a hacking crew,
and they kind of split off into their own private channels. And that's LULZ SEC Lulls Sec of course it is Lulls
SEC and
Who founded that organization?
So Kayla and Sebu were the hackers of the group and so they really did all the work on HB Gary
So they're these are code names. Yeah, they're online names there. They're they're nicks. Um, and so, you know, they, they, they,
they, they saw they knew each other as, you know, they talked as, as those names. Um, and they
worked well together. And so they, they formed a hacking crew. And that's when they started the,
the, at the first they didn't name it, this was the 50 days of Lolls where they would just release major, major breaches.
And it stirred up the media.
I mean, they put hacking on the media every day.
They had 400 or 500,000 Twitter followers.
You know, and it was kind of interesting,
but then they started swinging at the B-Hive
and they took out some FBI affiliated sites
and then they started fuck FBI Fridays. Every Friday they would release something and we waited
it for baited breath. I mean they had us hookline and sinker pissed. We were waiting to see what
was going to be dropped every Friday. It was a little embarrassing looking back on it now.
And this is in their early 2010s. Yeah, this was 2010, 2011 turn there.
So I actually linger on anonymous.
What do you still understand?
What the heck is anonymous?
It's just a place where you hang out.
I mean, it's just it started on 4chan with 8chan.
And it's really just, anyone,
you could be an anonymous right now if you wanted to.
Just you're in there hanging out in the channel now.
You're probably not gonna get much cred until you work your way up and prove who
you are or someone vouches for you. But anybody can be an anonymous. And you can leave anonymous.
What's the leadership of an anonymous? Do you have a sense that there is a leadership?
There's a power play. Now, there's not someone that you know that says this is what we're doing.
No, we're doing. I love the philosophical and the technical aspect of all of this, but I think there is a
slippery slope to where for the laws, you can actually really hurt people.
That's the terrifying thing.
When you attach, I'm actually really terrified of the power of the law.
The fun thing somehow becomes a slippery slope. I
haven't quite understood the dynamics of that, but even in myself, if you just have fun
with a thing, you lose track of the ethical grounding of the thing. And so it feels like
hacking for fun can just turn it literally to nuclear war. Like literally destabilize. Yeah,
the yada yada, the nuclear war, I could say. Yeah. So I've been more careful with the
law. I, I, I, yeah, I've been more careful about that. And I wonder about it because
in internet speak, somehow ethics can be put aside through the slippery slope of language.
I don't know, everything becomes a joke.
If everything's a joke, then everything's allowed,
and everything's allowed,
then you don't have a sense of what is right and wrong.
You lose sense of what is right and wrong.
You still have victims, I mean, you're laughing at someone.
Someone's the butt of this joke.
Whether it's major corporations or the individuals,
I mean, some of the stuff they did was just
releasing people's PII and their personal
identifying information and stuff like that.
I mean, is it a big deal?
I don't know, maybe, maybe not,
but if you could choose,
do not have your information put out there, probably wouldn't.
We do have a sense of what an auto says today.
Has it ever been one stable organization
or is it a collection of hackers that kind of
emerge
for particular tasks for particular
like a hacktivism task and that kind of stuff. It's a collection of people that has some hackers in it.
There's not a lot of
big hackers in it. I mean, there's something that will come bouncing and bounce out. Even back then, there's probably just as many reporters in it, people in the media in it, with the hackers
at the time, just trying to get the inside scoop on things. Some giving the inside scoop,
we arrested a reporter that gave over the username and password to his newspaper, and just so you could break the story.
He trusted him.
Speaking of trust, reporters, boy, there's good ones.
There's good ones.
There are.
There are.
But boy, do I have a complicated relationship with them?
How many stories about you are completely true?
You can just make stuff up on the internet.
And one of the things that,
I mean, there's so many fascinating psychological, sociological elements of the internet,
to me, one of them is that you can say that Lex is a lizard, right? And if it's not funny, so Lizard is kind of funny, what should we say?
Lex has admitted to being an agent of the FBI.
Okay, you can just say that, right?
And then the response that the ancient,
I would be like, oh, is that true?
I didn't realize that.
They won't go like provide evidence, please.
All right, they'll just say like, oh, that's weird. I didn't, I kind of thought he might be kind of weird.
And then it piles on and it's like, hey, hey, hey guys. Like, here's a random dude on the internet just said a random thing.
You can't just like pile up as, and then Johnny 69 69 is now a source that says.
And then like, the thing is, I'm a tiny guy, but when it grows
If you're like have a big platform. I feel like newspapers will pick that up and then they'll like start to build on a story And you never know where that story really started. It's so cool. I mean to me actually honestly
It's kind of cool that there there's a viral nature of the internet that can just fabricate truth completely
I think we have to accept that new reality and try to deal with it somehow. You can't just like complain
that Johnny 69 can start a random thing, but I think in the best possible world, it is
the role of the journalist to be the adult in the room and put a stop to it versus look
for the sexiest story so that they could be clickbait that can generate money.
Journalism should be about sort of slowing things down,
thinking deeply through what is true or not
and showing that to the world.
I think there's a lot of hunger for that.
And I think they'll actually get the most clicks in the end.
I mean, it's that same pressure I think we're talking about
with the FBI and with the tech companies about controllers. I mean, the's that same pressure I think we're talking about with the FBI and with the tech
companies about controllers.
I mean, the editors have to please and get those clicks.
I mean, they're measured by those clicks.
So, you know, I'm sure the journalists, the true journalists, the good ones out there
want that, but they want to stay employed too.
Gankshanku really has another tangent, the Jared and others they're doing undercover.
In terms of the tools you have for catching cybersecurity criminals, how much of a Zendocover?
Undercover is a high bar to jump over.
You have to do a lot to start an undercover in the FBI.
There's a lot of thresholds.
It's not your first investigative tool step. You have to identify a problem
and then show that the lower steps can't get you there. But I mean, I think we had
an undercover going on the squad about all times when one was being shut down or taken
down, we were spinning up another one. So it's a good tool to have in utilize.
There are a lot of work.
I don't think if you run one,
you'll never run another one in your life.
So it's like psychologically,
there's a lot of work just technically,
but it also psychologically,
like if the really,
it's 24-7, you're inside that world,
like you have to know what's going on
and what's happening,
you're taking on, you have to remember who you are when you're, you're, you're
a criminal online.
You have to go to a special school for it, too.
Was that ever something compelling to you?
I went through the school, but I'm not pretty open and honest guy.
And so it's tough for me to build that wall of lies.
It's, maybe I'm just not smart enough to keep all the lies straight.
You have to put a guy who's good at building up a wall of lies would say that exact same
exactly. It's so annoying the way truth works in this world. It's like people have told
me like because I'm trying to be honest and transparent, that's exactly what an agent
would do, right? But I feel like an agent would not wear a student tie. I wear a student
tie every day. I was a student tie. I wore a suit and tie every day.
I was a suit and tie guy.
And you wore?
Yeah.
Every day.
I remember one time I wore shorts in and the SAC came in and this was when I was,
I was a rock star at the time in the bureau and I had shorts in and, uh, um, I said,
sorry, man, I apologize for my attire.
And she got you can wear bike shorts in here.
I wouldn't care.
I was like, oh, shit.
That sounds nice.
I never wore the bike shorts, but.
Yeah.
Well, I see a student ties constraining.
I think it's liberating in sorts.
It's like shows that you're taking a moment seriously.
Well, not just that people wanted it.
I mean, people expected when you're not,
you are dressed like a perfect FBI agent.
When someone knocks in their door,
that's what they wanna see.
They wanna see what Hollywood built up
is what an FBI agent is.
You show up like my friend, Delwan,
he was dressed always in t-shirts and shorts.
People aren't gonna take him serious,
they're not gonna give him what they want.
I wonder how many police agents just show up
and like Sam from the FBI started interrogating them.
I could have barbed.
Probably.
I could have been.
Oh definitely, if they've had a few drinks,
you could definitely,
well, but people are gonna recognize you,
that's the only problem. That's another thing. You start taking out a big, big cases. You can definitely, well, but Pilar gonna recognize you. That's the only problem.
That's another thing.
You start taking out a big, big cases.
You can't work cases anymore in the FBI.
Your face gets out there.
Your name too.
Yeah.
Well, actually, let me ask you about that
before we return to our friend Sabu.
Okay.
You've, you've tracked and worked on
some of the most dangerous people in this world.
Have you ever feared for your life?
So I had to make a really, really shitty phone call one time.
I was sitting in the bureau and this was right after Silk Road and Jared called me. He was back in Chicago and he called me and said, Hey, your, your name
and your kid's name are on a website for an assassination. They're, they're paying to have you guys
killed. Now, that these things happen on the black market, they come up, you know, and, and,
you know, people debate whether they're real or not, but we have to think it's serious. Someone's
paying to have me killed me. So I had to call my wife and we have a word
in that if I said this word, and we only said it one time to each other,
if I said this is serious, drop what you're doing
and get to the kids.
And so I had to drop the word to her.
And I could feel the breath come out of her
because her, she thought her kids were in danger.
And at the time they were. I wasn't in a state of mind to drive
myself. So an agent on the squad, a girl named Evelina, she drove me, lights
and sirens all the way to make it school. And we had locked, I called the school,
we were in a lockdown. Nobody should get in or out, especially someone with a gun.
The first thing they did was let me in especially someone with a gun. The first thing that
it was let me in the building with a gun. So I was a little disappointed with that. My
kids were, I think, kindergarten in fifth grade or somewhere around there, maybe the
closer second, I'm not sure where. But all hell broke loose. And we had to, from there,
go move into a safe house. I live in New York City, NYPD surrounded my house.
The FBI put cameras outside my house.
You couldn't drive into my neighborhood without, like, your license plate being read.
Hey, why is this person here?
Why is that person there?
I got to watch my house on an iPad while I sat at my desk.
But, you know, again, I put my family through that and it scared the shit out of them.
And that's, to be honest, I think that's sort of
my mother-in-law's words were, I thought you did cyber crime.
And because during so a road, I didn't tell
my family what I was working on.
Anyway, I'll talk about that sort of.
I want to escape that.
I don't want to be there, you know.
I remember that, like, so when I was in the FBI,
like, driving in, I used to go in at 4.30 every morning, because I get to go to the gym before I
hit good at the desk. I'd be at the desk at seven. So in the gym at five, a couple hours, and then
go. The best time I had was that drive in in the morning, where I could just be myself. I listened
to a sports podcast out of DC.
I talked about sports and the nationals and whatever it was, the capitals. It was great to not think about Silk Road for 10 minutes.
But that was my best time. But yeah, again. I've had that move into the safehouse.
I left my MP5 at home. That's the Bureau's machine gun.
I left my MP5 at home. That's the the bureaus machine gun
showed my wife to just pull and spray
so How often did you live or work and live with fear in your heart? It was only that time
I mean in my for actual physical security
Then I mean after the anonymous stuff. I you know, I really
Titan down to my cyber security.
I don't have social media.
I don't have pictures of me and my kids online.
I don't really, if I go to a wedding or something,
I say, I don't take my picture with my kids.
If you're gonna post it someplace or something like that.
So that's sort of security I have.
But just like everybody, you start to relax
a little bit and security breaks down because it's not convenient.
But it's also part of your job, so you're much better at, let me your job now in your job before, so you're probably much better at taking care of the little hanging food at least.
I understand the threat, and I think that's what a lot of people don't understand. It's understanding what the threat against them is.
So I'm aware of that and what possibly.
And I think about it, you know, I think about things.
I do remember, so you tripped a memory in my mind.
I remember a lot of times and I had a gun on my hip.
I still carry a gun to this day, opening my front door and being concerned what was on
the other side
Leave walking out of the house. Yeah, because I couldn't see it. I remember those four o'clock's heading to the car
I
I was literally scared. Yeah
I mean having seen some of the things you've seen it makes you perhaps question
How much evil there's out there in the world.
How many dangerous people there are out there?
Crazy people, even.
There's a lot of crazy.
There's a lot of evil.
Most people, I think, get into cybercrime or just opportunistic, not necessarily evil.
They don't really know, maybe think about the victim.
It's a crime of opportunity. I don't label that as evil. They don't really know, maybe think about the victim. They just do it as a crime of opportunity.
I don't label that as evil.
And one of the things about America
that I'm most very happy about
is that rule of law,
despite everything we talk about.
There is, it's tough to be a criminal in the United States.
So like if you walk outside your house, you're much safer than you are
in most other places in the world.
You're safer and in the systems tougher. I mean, low sex, six guys, one guy in the United
States, five guys, other places. Hector was facing 125 years. Those guys got slaps on
the wrist and went back to college. You know, different laws, different places.
So who's Hector?
Tell me the story of Hector.
So this law,
second organization was started.
So Hector was before that in, he was, he was in part in anonymous.
He was all, he was doing all kinds of hacking stuff, but then he launched the law
sec. He's old school hacker.
I mean, he, he, he learned how to hack.
And I don't want to tell his story, but he learned to hack because he grew up in the lower east side
of New York and picked up some NYPD computers that were left on the sidewalk for trash.
Yeah.
Taught himself how to do this.
This is exactly look like a hacker. For people who don't know, he looks, I don't know exactly
what he looks like, but not not a not like
a technical, not what you would imagine. But perhaps that's that's a that's a Hollywood
portrayal. Yeah, I think you get in trouble these days saying that what a hacker looks like.
I don't know if they have a traditional look. Just like I said, Hollywood has an idea of an
FBI looks like. I don't think you can do that anymore. I don't think you can say that
anymore. Well, he certainly has a big personality
and charisma and all that kind of stuff.
That's taboo.
I can see him selling me anything.
That's taboo.
That's convincing me of anything.
There's two different people.
There's taboo and there's Hector.
Hector is a sweet guy.
He likes to have intellectual conversations.
And that's just the thing.
He'd rather just sit there and have a one-on-one conversation with you.
But Sabu, that's a rule. It's about a fucker. And you first met Sabu. I was tracking Sabu.
It was tracking. It's all I knew was Sabu. I didn't know, Hector.
So when did your paths cross? In terms of tracking. When did you first take on the case?
The spring of 11.
It really was through anonymous. Through anonymous. Well, then really kind of
Lollseq. We were, Lollseq was a big thing and it was pushed out to all the cyber, you
know, 56 field offices in the FBI. Most of them have cyber squads or cyber units. And
so, you know, it was being pushed out there, and it was in the news every day, but it really wasn't ours.
So, we didn't have a lot of victims in our AOR area
of responsibility.
And so, we just kind of pay attention to it.
Then I got a tip that a local hacker in New York
had broken into AOL.
And so, Olivia Olson and I, she's another agent,
who she's still in, she's a supervisor on L.A.,
she's a great agent.
We went all around New York looking for this kid just to see what we can find and ended up out in
Staten Island at his grandmother's house. She didn't know where he was obviously, why would she?
But I left my card. He gave me a call that night, started talking to me. And I said, let's just meet up tomorrow
at the McDonald's across from 26th Fend.
And he came in and three of us sat there and talked
and gave me a stuff.
He started telling me about the felonies
he was committing those days, including that break in day well.
And then he finally says, I can give you Sabu.
Sabu to us was the kind of source of saving back and he was our guy.
You know, he was the guy that was in the news that was pissing us off.
So, so he was part of the FBI Fridays?
Sabu was, yeah.
Oh, he let it.
Yeah, he was the leader of fuck FBI Fridays.
So, yeah.
Well, it was one of the more memorable F, the triple Fs.
I said, how do you get,
how and why do you go after the B hive?
That's kind of intense.
You get you on the news, it's the lulls,
it's funnier to go after the big ones.
You know, and they weren't getting like real FBI,
they weren't breaking an FBI mainframe or anything,
but they were affiliates or anything to have to.
There a lot of law enforcement stuff was coming out.
So, but we looked back and so if this kid knew that
Sabu, maybe there was a chance we'd use him
to lure Sabu out, but we also said,
well, maybe this kid knows Sabu in real life.
And so we went and looked through the IPs and 10 million IPs, we find one and it blogged to him. And so that
day, Sabu, someone had docksed Sabu. And we were a little afraid he was going to be on
the run. We had a surveillance team and FBI surveillance teams are awesome. Like you
cannot even tell their FBI agents. It's, they are really that good.
I mean, there's baby strollers and all.
Whatever you wouldn't expect an FBI agent to have.
So that's a little like the movies.
A little bit, yeah, I mean, it is true,
but they fit into the area.
So now they're on the lower side,
which is, you know, a baby stroller
might not fit in there as well,
something slaying on the ground or something like that.
They really get, play the character and get into it.
So now I can never trust a baby's troller.
Yeah, well, yeah, probably shouldn't.
Every baby, I'm just like, look at stereotypes.
It's suspicious.
Especially if the moms were in cargo pants
while she pushes it.
Yeah, so if it's like a verse.
Stereotypical moms, stereotypical baby.
I'm gonna be very suspicious.
I'm gonna question the baby.
The baby's wired, we care no.
No. You know, we raised out there and like our squad's not even
full. There's only a few guys there and like I said, I was a suit guy but that day
I had shorts and a t-shirt on and a white t-shirt on and I only bring it up because
Sabu makes fun of me to this day. So I'd a bullet profess and a white t-shirt on
and that was it. I'd shorts tune and, and all that. But, raised over to there, we didn't have any equipment.
We brought our bosses, bosses, boss.
He stopped off at NYPD, got us like a ballistic shield and a battering ram if we needed it.
Then we get to Hector's house, Sabu's house, and he's on the sixth floor.
And so normally, you know, we're the cyberdork squad. We'll hop in the elevator, and the sixth floor is the long normally, you know, where the cyberdork squad will hop in the elevator,
sixth floor is the long ways to go up
and bolt the proof vest in a ballistic shield.
But we had been caught in elevator before on a search.
So we didn't took the stairs.
We get to the top, a tad winded,
but knocking the door and this big towering guy
opens the door just slightly.
And he sees the green vest with big yellow letters, FBI.
And he steps outside.
I can help you, you know,
tries to social engineer us.
But eventually we get our way inside the house.
You know, I noticed a few things that are kind of out of place.
There's a laptop charger and a flashing modem.
I said, do you have a computer here?
And he says, no, there's no computer here.
So we knew the the the the truths and then the half lies and all that sort of thing.
So it took us about another two hours and finally he gave up that he was that boat.
He was the guy we were looking for.
So we sat there and we kind of showed them sort of the evidence we had against him.
And you know, from his words, we sat there and talked, talked like two grown adults and you know, I gave him the options and he said, well, let's talk about working together. So he chose to
become an informant. I don't think he chose that night, but that's where it kind of went to.
and forment. I don't think he chose that night, but that's where it kind of went to. So the we brought him down to the FBI that night, which was it was a funny trip because I'm sitting
in the back seat of the car with him. And I was getting calls from all over the US from
different FBI agents saying that we arrested the wrong guy. I was like, I don't think so.
And they're like, why do you think so? I was like, because he says it's him.
And they still said, nope, wrong guy.
So I said, well, we'll see how it plays out.
That's not interesting, because it's,
it's a strange world.
It's such a strange world, because it's tough to,
because you still have to prove it's the same guy, right?
Because the anonymity.
Yeah, I mean, we had his laptop by that, you know,
by that point.
Yeah, I know what's saying. That helped, I mean, we had his laptop, you know, that point. Yeah, I know what he was saying.
That helped, again, in my clue in my world.
Yeah, yeah.
But yeah, if he would have fought it,
I mean, that definitely would have come in as evidence
that ever if your agents are saying it's not him,
you have to disclose that stuff.
So you had a lot of stuff on him.
Um, what was he facing if he was based on 125 years?
125 years in prison.
That's not that's if you took every charge
we had against him and put him consecutively.
No, no one ever gets charged that,
but yeah, he had essentially it would have been
on our 25 years.
You know, fast forward to the end.
He got thanked by the judge for his service after nine months
and he walked out of the court of free man.
But that's being, while being an informant.
Yes.
Well, so the word informant here really isn't that good.
It's not fitting that technically,
I guess that's what he was,
but he didn't know the other people. It was all a nut. He knew Nix and all that. He really gave us the insight of what was
happening in the hacker world. Like I said, he was an old school hacker. He was back when hackers
didn't work together with anonymous. He was down, you know, a cult of dead cow and those type
guys like way back. He was around for that. He's like an a cyclopedia of hacking. But, you know, we just-
So I kissed Prime was in the 90s.
For tear hack, but yeah, he kind of came back
when an anonymous started going after MasterCard
and PayPal and all that, do the WikiLeague stuff.
But even that little interaction being an informant,
he probably made a lot of enemies.
How do you protect a guy like that?
He made enemies after we was revealed. Yeah. How does the FBI protect him?
Yeah.
Good luck.
I mean, perhaps I'll talk to him one day.
But is that guy afraid for his life?
Again, I think he doesn't seem like it.
He has very good security for himself, cybersecurity.
But, you know, he doesn't like the negative things said about him online. He has very good security for himself, cybersecurity.
But, you know, he doesn't like the negative thing
set about him online.
I don't think anybody does.
But, you know, I think it's so many years
of the internet kind of bitching at you and all that.
You get callous to, it's just internet bitching.
And also the hacking world moves on very quickly. He has kind of,
yeah, they're have their own wars to fight now, and he's not part of those wars anymore.
There's still people out there that bitch and moan about him, but yeah, I think it's less.
I think, you know, he has a good message out there of, you know,
he, he, trying to keep kids from making the same mistakes he made.
He tries to really preach that.
How do people get into this line of work?
Is there all kinds of ways being,
not your line of work, his line of work?
Just all the stories you've seen of people
that are in anonymous and lawless, and so-called, and all the stories you've seen of people that are anonymous and lullsick and
silk road and all the cybercriminals you've interacted with. What's the profile of a cyber
criminal? I don't think there's a profile anymore. I used to be able to say the kid in your
mom's basement or something like that, but it's not's wide. It's like I've arrested
I've arrested people that you wouldn't expect would be cyber criminals and
It's in the United States. It's international. It's everything. Oh, it's international I mean, we're seeing a lot of the big hackers now
The bigger rest for hackers in England. So it's surprisingly, you know, there's you know
You're not gonna see there's a lot of good hackers like down in Brazil
But I don't think Brazil law enforcement
Is as good to have hunt them down so you're not going to see the bigger rest. How much
State sponsored
Cyber attacks are there do you think more than you can imagine
And it was even what do you want to say an attack?
You had a successful attack or just a probing? Probing for information, just like feeling, you know,
testing that there's where the attack factors are,
trying to collect all the possible attacks.
Put a Windows 7 machine on the internet forward face
and then put a packet sniffer on there
and look at where the track comes from.
I mean, we've been 24 hours,
you were gonna fill up a hard drive with packets
just coming at it.
Yeah. I mean, it's not hard to know. I mean, it 24 hours, you were going to fill up a hard drive with packets just coming at it. Yeah.
I mean, it's not hard to know.
I mean, it's just constantly probing for entry points into things.
You know, you could go mad putting up honey pot, draws in trussions, should I see what
message is.
Just to see what's out there.
Yeah, and it doesn't go anywhere.
It maybe has fake information and stuff like that.
You know, it's kind of to see what's going on
and judge what's happening in internet.
You know, like your finger and test the wind
of what's happening these days.
The funny thing about like, because I'm at MIT,
that attracted even more attention
for the, not for the laws, but for the technical challenge.
It seems like people enjoy hacking MIT.
It's just the amount of traffic MIT was getting
for that in terms of just the sheer number of attacks
from different places is crazy.
Yeah, just like that, putting up a machine
seeing what comes.
NASA used to be the golden ring.
Now everybody got NASA, like really 90s.
If you could hack NASA, that was the,
now MIT is a big one.
Yeah, it's fun.
It's fun to see.
Respect.
Because I think in that case, it comes from a somewhat good place.
Cause you know, they're not getting any money for my money.
It's more for the challenge.
Let me ask you about that about this world of cybersecurity.
How big of a threat are cyber attacks for companies and for individuals?
Like, let's lay out.
Where are we in this world?
What's out there? It's the wild, wild west. I mean, people want the idea of security, but it's inconvenient,
so they don't, they push back on it. And there are a lot of opportunistic nation state financially motivated hackers, hackers
for the loils.
You got three different tiers there.
And they're on the prowl.
They have tools.
They have really good tools that are being used against us.
And at what scale?
So when you're thinking of, I don't know what's, let's talk about companies first. So say you're talking to a mid-tier.
I wonder what the most interesting business is. So Google, we can look at large tech companies
that we can look at medium-sized tech companies. And like you are sitting in a room with
the CTO, with the CEO, and the question is, how fucked are we?
And what should we do?
What's the low hanging food?
What are the different strategies
and those companies should consider?
I mean, the problem is they wanna push button.
They wanna, they wanna, out of the box solution
that I'm secure, you know, they wanna tell people
they're secure, but that's very challenging to have.
It's impossible.
If I could, if someone had it, they'd be a billionaire.
They'd be beyond a billionaire. That's what everybody wants.
So you can buy all the tools you want. It's configuring them the proper way.
And if anyone's trying to tell you that there's one solution that fits all,
there's a lot of people that's the security that are stankhole assessment.
Yeah, and I feel like there's tools,
if they're not configured correctly,
they just introduce, they don't increase security significantly,
and they introduce a lot of pain for the people,
they decrease efficiency of the actual work you have to do.
So like, we had, I was a Google for a time.
And I think mostly I want to give props to their security efforts, but user data. So like data that belongs to users is like the
holy, like the amount of security they have around that is incredible.
So, most any time I had to work with anything
even resembling user days,
I never got a chance to work with actual user data.
Anything resembling that,
first of all, you have no access to the internet.
It's impossible to even come close to the accidentally
in the internet, and there's so much pain
to actually like interact with that data.
I mean, it was extremely inefficient.
In places where I thought it didn't have to be that inefficient,
the security was too much.
But I have to give respect to that,
because in that case, you want to err on the side of security,
but that's Google.
Yeah, but they were doing a good job of this.
The reputation of harm, if you got out,
I mean, Google, you know, why is Google drive free,
you know, because they want your data.
They want you to park your data there.
So, you know, if they got hacked or leaked information, the reputation of harm would be
tremendous.
But, you know, for a company that's not, it's really hard to do that, right?
And the company is not as big as Google or not as tech-savvy as Google might have a lot of trouble
with doing that kind of stuff instead of increasing security,
they'll just decrease the efficiency.
Well, yeah, so there's a big difference between IT
and security and unfortunately,
these mid-side companies, they try to stack security
into their IT department.
Your IT department is about business continuity. They're
about trying to move business forward. They want the users to
get the data they need to do their jobs for the company can grow.
Security is not that. They don't want you to get the data. They
will, you know, but there's, there's fine tuning you can do to,
you know, ensure that. I mean, it's simple as like having good
onboarding procedures for employees. Like, like, you come into my company, you don't need access to everything.
Maybe you need access to something for one day, turn the access on, don't leave it on.
I mean, I was the victim of the OPM hack, the Office of Personal Management,
because old credentials from a third party vendor were sitting there and active.
And the Chinese government found those credentials and were able to log in
and steal all my information.
So a lot could be helped if you just control the credentials, the access, the access control,
how long they last, and people who need access to a certain thing, only get access to that thing
and not nothing else. And then she gets refreshed like that. Access control, like we said,
setting up people leaving the company, get rid of their, they don't need control.
like we said, setting up people leaving the company, get rid of their, they don't need control.
Two-factor authentication, you know,
that's a big thing, you know.
It's, I mean, I sound like a broken record
because this isn't anything new,
this isn't rocket science,
the problem is we're not implementing it,
or if we are, we're not doing it correctly
because these guys are taking us.
Well, two-factor authentication is a good example
something that I just was annoyed by for the longest time
because yes, it's very good, but it seems that it's pretty
easy to implement horribly to where it's not
convenient at all for the legitimate user to use.
It should be trivial to authenticate yourself twice.
It should be super easy.
If security, if it's slightly inconvenient for you,
it's thinking about how inconvenient it is for a hacker
and how it's just gonna move onto the next person.
Yes, yes.
In theory, when it's implemented extremely well,
yeah, but I just don't think so.
I think actually if it's inconvenient,
it shows that system has been thought through a lot.
Do you know why we need two-factor authentication?
People are using the same password across the same site.
So when one site is compromised, people just take that username and password and it's
called credential stuffing and just stuff it across the internet.
So if 10 years ago, when we told everybody, don't use the same fucking password across
the internet across the phone all the sites, sites. Maybe two factor wouldn't be needed.
Yeah, so you wouldn't need two factor
if everyone did a good job with passwords.
Yeah.
Right, but I'm saying like the two factor authentication,
it should be super easy to authenticate myself
in some other device really quickly.
Like there should be, it should be frictionless.
Like you just hit okay.
Okay, and anything that belongs to me.
Yeah.
And like, I should, it should very importantly,
be easy to set up what belongs to me.
I don't know the full complexity of the cyber attacks
these platforms are under.
They're probably under insane amount of attacks.
Yeah, you've got it right there. That people have no idea these large companies how often they're
attacked on a per second basis. And they have to fight all that off and pick out the
good traffic in there. So yeah, I would, there's no way I'd want to run a large tech company.
What about protecting individuals for individuals?
What's good advice for to try to protect yourself from this increasingly dangerous world
of cyber attacks?
Again, educate yourself that you understand that there is a threat.
First, you have to realize that, then you're going to step up and you're going to do stuff
a little bit more.
Sometimes I guess I take that to a little bit extreme.
I remember one time my mom called me and she was screaming that I woke up this morning
and I just clicked on a link and now my phone is making weird noises.
And I was like, throw your phone in a glass of water.
Just put in a glass of water right now and I made my mom cry.
It was not a pleasant thing.
So sometimes I go to a little extremes on those ones, but
understand there's a risk in making it a little more difficult to become a victim. I mean,
just understanding certain things. You know, simple things like, as we add more internet of the
things to people's houses, I mean, how many Wi-Fi networks do people have? It's normally just one,
and you're bumping your phones and giving your password to people to come to visit.
Set up a guest network.
Set up something you can change every 30 days.
Simple little things like that.
You know, I hate to remind you, but change your passwords.
I mean, I feel like I'm a broken record again,
but just make it more difficult for others to victimize you.
And then don't use the same password everywhere.
That, yes.
I mean, I still know people that do that.
I mean, as.fm.gov got popped last week, two weeks ago.
And that's 350 million user-named passwords
with connected Twitter accounts, Google accounts,
all the different social media accounts.
That is a treasure trove for the next two and a half, three years
of just using those credentials everywhere.
Using, you'll learn, even if it's not the right password,
you'll learn people's passwords styles.
Bad guys are making portfolios out of people.
We're figuring out how people generate their passwords
and kind of figuring it,
and then it's easier to crack their password.
We're making a dossier in each person.
It's 350 million dossiers just in that one hack. Yahoo,, we're making a dossier on each person. It's 350 million
dossiers just in that one hack. Yahoo! That was a half a billion. So the the thing a hacker
would do with that is try to find all the laying low-hanging fruit. Like how some kind of
program that yeah, evaluates the strength of the passwords and then finds the weak ones.
That means that this person is probably the kind of person that would use the same password across multiple.
Or even just write a program into that.
Remember the ring hack a few couple of years ago?
That's all it was, it was credential stuffing.
So ring the security system by default had two factor
but didn't turn it on.
And they also had, don't try unlimited tries
to log into my account.
You can lock it out after 10 by default, not turned on.
Cause it's not convenient for people.
The ring, you know, was like,
I want people to stick these little things up
and have security in their house.
But, you know, cybersecurity, don't make it inconvenient
then people won't die by our product.
That's all I think I have to say.
They want to say that it's insecure
and got hacked into reputational harm right there for ring,
but they didn't.
It was just credential stuffing.
People bought username and passwords on the black market
and just wrote a bot that just went through ring
and used every one of them to maybe 1% hit,
but that's a big hit to the number of ring users.
You can use also password managers
to make the changing of the passwords easier.
And to make you can choose the difficulty, the number of special characters,
the length of it and all that. My favorite things on websites, ELAU for your password being
too long or having too many special care, or like, or yeah, you're not allowed to have this
special character or something. You can only use these three special characters.
to have this special character or something. You can only use these three special characters.
It's, you know, you understand how password cracking works.
If you specifically tell me which
special characters I can use.
I want to, like, I honestly just want to have a one-on-one meeting.
Like, late at night with the engineer that programmed that
because that's like an intern.
I just want to have a sit-down meeting.
Yeah, I made my parents switch banks once
because the security was so poor.
I was like, you can't have money here.
But then there's also like the zero day attacks.
Like I mentioned, I mentioned before the QNAP NAS,
the CAT Act.
Luckily I didn't have anything private on there,
but it really woke me up until like, okay.
So like, if you take everything extremely seriously.
Unfortunately, for the end user, it's just something you do about zero day.
You have no control over that.
The engineers that made this software don't even know about it.
Now, let's talk about one day's.
So there's a patch now out there for the security.
So if you're not updating your system for these security badges, if it's just not on you, my father-in-law has such an old iPhone, you can't security-patch it anymore.
So, you know, and I tell him, I said, you know, this is what you're missing out on, this
is what you're exposing yourself to, because, you know, we talked about that powerful tool
that how we found Ross Olberg at Gmail.com. Well, bad guys are using that too. It's called, you know, we used to be called Google Dorking. Now, it's,
I think it's named kind of Google hacking by the community. You can go in, you know, and
find a vulnerability, read about the white paper, what's wrong with that, that software,
and then you can go on the internet and find all of the computers that are running that
outdated software. And there's your list. There's your target list Yeah, I know the vulnerabilities that are running again not making a playbook here, but you know
That's how easy it is to to find your targets and that's what that's what the the bad guys are doing
Then the reverse is tough. It's much tougher, but it's still doable, which is like first find the target if you have specific targets
To you know hack into a Twitter account, for example.
Much harder.
That's probably social engineering, right?
That's probably the best way.
Probably, if you want something specific to that, I mean, if you really want to go far,
you're targeting a specific person, how hard is it to get into their office and put a
little device, USB device in line with their mouse, who checks how their mouse is plugged in.
And you can, for 40 bucks on the black market,
you can buy a key logger that just USB,
then the mouse plugs right into it.
It looks like an extension on the mouse,
if you can even find it.
You can buy the stuff with a mouse inside of it,
and just plug it into somebody's computer.
And as there's a key logger that lives in there
and calls home, it sends everything you want.
So, I mean, it's cheap.
Yeah.
In grad school, a program that built a bunch of key loggers,
it was fascinating and tracking mouse.
Just for what I was doing as part of the research,
I was doing to see if by the dynamics of how you type
and how you move the mouse, you can tell who
the person is.
That's like, it's called the active authentication.
Basically, biometrics, that's not using bio.
To see how identifiable that is.
So it's fascinating to study that, but it's also fascinating how damn easy it is to install
keyloggers.
So I think in natural, what happens is you realize how many vulnerabilities
that are in this world.
You do that when you understand bacteria and viruses,
you realize they're everywhere.
And the same way with, I'm talking about biological ones,
and then you realize that all the vulnerabilities that are out there,
one of the things I've noticed quite a lot is
how many people don't log out of their computers.
Just how easy physical access the system actually is.
Like, in a lot of places in this world, and I'm not talking about private homes, I'm talking about companies, especially large companies.
It seems quite trivial in certain places that I've been to to walk in and have physical access to a system. And that's depressing to me.
It is.
I laughed because one of my partners at NACC so that I work at now, he worked at
a big company.
Like you would know the name as soon as I told you, and I'm going to say it.
But the guy who owned the company and the company has his name on it,
didn't want to ever log into a computer just annoyed the shit out of him.
So they hired a person that stands next to his computer when he's not there,
and that's his physical security.
That's good. That's pretty good actually.
Yeah, I mean, I guess if you go forward to do that.
At least you're taking your security seriously.
I feel like there's a lot of people in that case,
we just not have a login.
Yeah.
No, the security team there had to really work around to make that work
non-compliant with company policy. But that's interesting. The keylog is there's a lot of
there's just a lot of threats. Yeah, I mean a lot of ways to get in. Yeah, I mean, so you can't
sit around and worry about someone physically aiming at access to your computer with keylogger and
stuff like that. You know, if you're traveling to a foreign country and you work for the FBI, then yeah, you do.
You pick little, you know, sometimes some countries you would bring a fake laptop just
to see if they stole it or accessed it.
I really want, especially in this modern day, to just create a lot of clones of myself,
they generate Lex sounding things and just get put so much information out there.
I actually dox myself all across the world.
Then you're not a target, I guess.
I just put it out there.
I've always said that though.
We do these searches in FBI houses and stuff like that.
If someone just got a box load of 10 terabyte drives and just encrypted them,
oh my god, you know how long the FBI would spin their wheels trying to get that data off there?
Be insane. Also, just give them. You don't even know which one you're looking for. Yeah.
That's true. That's true. So it's like me printing like a treasure map to a random location. Just get people to go on.
Goosh, goosh, jesus. Yeah. What, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good, good you know, I know you're a letting guy, I like letting X2, but, you know, it's tough
to have run a business on Linux.
You know, people want to move more towards the Microsofts and the Google's just because
that they don't, it's easier to communicate with other people that maybe are a computer
guy.
So, you have to just take what's best, what's easiest and secure the shit out of it as
much as you can and just think about it.
What are you doing these days in Nexo?
So we just started Nexo.
So I left the government and went to a couple of consultancies and I started working really
other people.
I worked good in the government with.
I brought them out with me.
And now you used to work for the man and now you're the man.
Exactly.
But now we formed a partnership and it's just a, it's a new cyber security firm that we,
our launch party is actually on Thursday, so it's going to be exciting.
Do you want to give more details about the party so that somebody can hack into it?
No, I don't know.
I don't know how you can tell you where it is.
You can come if you want, but don't, don't, don't bring the hackers.
Well, that's, that's, the hacker will be there with us.
I can't believe you invited me,
because you also say insider threat is the biggest threat.
By the way, can you explain what the insider threat is?
The biggest insider threat in my life is my children.
My son's big into Minecraft,
and we'll download executables mindlessly
and just run them on the network.
So he can recommend against marriage and family and kids.
Nope, nope.
I stick it from a security perspective.
From a security perspective, absolutely.
But no, I just segmentation.
I mean, we do it in all businesses for years.
Started segmenting networks, different networks.
I just do it at home.
My kid's on his own network.
It makes it a little bit easier to see what they're doing,
too. You can monitor traffic and then also throttle bandwidth.
If your Netflix isn't playing fast enough or buffers or something, so you can obviously
change that a little too.
You know they're going to listen to this, right?
You're going to get your tricks.
Yes, they'll definitely listen.
There's nothing more humbling than your family.
You think you've done something big and you go on a big podcast and talk to less for
you and they don't, they don't, they don't care.
Unless, unless you're on TikTok or, you'll show up on a YouTube feed or something like
that and then they go, oh yeah, this guy is boring.
My son does a podcast for his school and it's still, I still can't get it to telling
like so.
So one of the, Hector and I just started a podcast talking about cyber security
We do a podcast called hacker in the fed it just came out yesterday. So first episode. So yeah, we got 13
13 that 1300 downloads the first day so pretty we were at the top of hacker news
Which is a big website and ours are world so it's called hacker in the fed hacker in the beds of Emma
So go download and listen to hacker in the fed
I can't wait to see what because I don't think I've seen a video of YouTube together so I can't wait to see
what the the chemistries like. We're I mean it's not weird that you guys used to be enemies and
now your friends. So yeah I mean we just did some a trailer and all that and the our producer we
have a great producer got him Phineas and he kind of pulls things out of me. And I said, I said, okay, I got one. My relationship with Hector is, you know,
we're very close friends now. And then I was like, oh, I arrested one of my closest friends,
which is a very strange relationship. Yeah, it's weird. But he says that I changed his
life. I mean, he was going down a very dark path and I gave him an option that one night and he
He made the right choice. I mean, he's he now does penetration testing
He does a lot of good work and you know, he's turned his life around
Do you worry about
Cyber war in the 21st century?
Absolutely
If there is a global war it'll start with cyber, you know, if it's not already started
Do you feel like there's a is a global war, it'll start with cyber, you know, if it's not already started.
Do you feel like there's a, like a boiling, like the, the drums of war beating?
What's happening in Ukraine with Russia?
It feels like the United States becoming more and more involved in the conflict in that part of the world and China is watching very closely,
in the conflict in that part of the world, and China is watching very closely,
is starting to get involved geopolitically,
and probably in terms of cyber.
Do you worry about this kind of thing happening
in the next decade or two,
like where it really escalates?
You know, people in the 1920s
were completely terrible at predicting the World War II.
Do you think we're at the precipice of war potentially?
I think we could be.
I mean, I would hate to just be, you know, just fear margarine out there, you know,
COVID's over, so the next big thing in the media is war and all that, but I mean, there's
some flags going up that are very strange to me.
Is there a way to avoid this?
I hope so. I hope some part of people that I are figuring it out. I hope people are playing
their parts and talking to the right people because that's the war is the last thing I want.
Well, there's two things to be concerned about on the cyber side. One is the actual defense on the technical side of cyber.
The other one is the panic that might happen when something like some dramatic event happened
because of cyber, some major hack that becomes public.
I'm honestly more concerned about the panic because I feel like if people don't think
about the stuff, the panic can hit harder.
Like if they're not conscious about the fact that we're constantly under attack,
I feel like it'll come like a much harder surprise.
Yeah, I think people will be really shocked on things. I mean, so we talked about low-sector
day and low-sector was 2011. They had access into a water supply system
of a major U.S. city.
They didn't do anything with it.
They were sitting on it in case someone got arrested
and they were gonna maybe just expose that it's insecure.
Maybe they were gonna do something to fuck with it.
I don't know, but that's 2011.
I don't think it's gotten a lot better since then.
You know, I don't think it's gotten a lot better since then.
And there's probably nation states or major organizations that are sitting secretly on hacks like 100% 100% they're sitting
seriously waiting to expose things.
I mean, I again, I don't want to scare this shit out of people,
but people have to understand the cyber threat.
I mean, there are, you know, there are thousands of nation state hackers
in some countries.
I mean, we have them too.
We have offensive hackers.
You know, the terrorist attacks of 9-11,
there's planes that actually hit actual buildings,
and it was visibly clear,
and you can trace the information.
With cyber attacks, say say something that would result in the
major explosion in New York City, how do you trace that? Like, if it's well done, it's going to be
extremely difficult. The problem is, there's so many problems. One of which the US government in that case has complete freedom to blame anybody they want.
True.
And then to go start war with anybody, anybody that actually see,
that's sorry, that's one cynical take on it, of course.
No, but you're going down the right path. I mean, the guys that the food planes and the
building has wanted attribution. They took credit for it.
When we see the cyber attack,
I doubt we're gonna see attribution.
Maybe the victim side,
the US government on this side
might come out and try to blame somebody.
But, you know, like you've brought up,
they could blame anybody they want.
There's not really a good way of verifying that.
Can I just ask for your advice?
So in my personal case, am I being tracked?
How do I know?
How do I protect myself? Should I care?
You are being tracked. I wouldn't say you're being tracked by the government. You're definitely being tracked by big tech.
No, I mean me personally likes an escalated level. So like
and escalated level. So like, like you mentioned, there's an FBI file on people.
Sure.
I'd love to see what's in that file.
Who did I have the argument for?
Oh, let me ask you, FBI.
How's the cafeteria food and FBI?
At the academy?
It's bad.
Yeah.
What about like, at headquarters? At headquarters. A little bit better,, it's bad. Yeah. What about like at headquarters?
High quarters. Little bit better because that's with the director. I mean, he eats up on the
seventh floor. Have you been like a Google, have you been to Silicon Valley, those, like those,
I've been to the Google in Silicon Valley, I've been to the Google in New York. Yeah.
The food is incredible. It is great. So FBI is worse. Well, when you're going through the Academy,
they don't let you outside of the building. So you have to eat it. And I think that's the only reason people eat it.
It's pretty bad. I got it. Okay. But there's also a bar inside the FBI academy. People don't
know that. Alcohol bar? Yes, alcohol bar. And if you, as long as you've passed your PT and
alcohol bar. And if you, as long as you've passed your PT and going well, you're allowed to go to the bar. Nice. It feels like, if I was a hacker, I'll be going after celebrities,
because they're a little bit easier, like celebrity celebrities, like Hollywood. Hollywood
nudes were a big thing there for a long time. But now, yeah, I guess news. That's what
they went after. I mean, all those guys, they socialized, they did the social engineered appell
to get backups, to get the recovery for backups,
and then they just pulled all their news.
And I mean, whole websites were dedicated to that.
Yeah, see that?
See, I wouldn't do that kind of stuff.
It's very creepy.
I would go, if I was a hacker, I would go after, like,
major, like powerful people, and like like tweet something from their account and like something that like positive like loving but like for the for the walls that obviously it's a troll
God you get busted so quick by a bad hacker really but why because hackers never put things out about love. Oh, okay. Oh, you mean like, this is clearly,
it's a clearly lex.
What the fuck?
You talk about love at every podcast he does.
Oh, I would just be like, no, oh god,
now it's always good to do it.
You'll blame me.
It wasn't me.
Looking back at your life,
is there something you were,
I'm only 44 years old, I'm already looking back.
Is there stuff that you regret?
EV unit.
I still got away.
It's those the ones that got away.
Yeah, I mean, it took me a while into my law enforcement career to learn about like
the compassionate side.
And it took Hector Montseger to make me realize that criminals aren't really criminals
they're human beings.
That really humanized the whole thing for me, sitting with him for nine months.
I think that's maybe why I had a lot more compassion when I rested Ross probably wouldn't
have been so compassionate if it was before Hector, but yeah, he changed my life and
showed me that humanity side of things. So would it be fair to say that all the criminals, our most criminals are
just people that took a wrong turn at some point? They all have the capacity for good and for evil in
them? I'd say 99% of the criminals that I've interacted with, yes, the people with the child exploitation,
not one that I don't have any place in my heart for them.
What advice did you give to people in college, people in high school, trying to figure out
what they want to do with their life, how to have a life they can be proud of, how to have
a career, they can be proud of all that kind of stuff?
In the US budget that was just put forward, there's $18 billion for cybersecurity.
We're about a million people short of where we really
should be in the industry, if not more.
If you have want job security and want to work
and then see exciting stuff, head towards cybersecurity.
It's a good career.
And one thing I dislike about cybersecurity cyber security right now is they expect
you to come out of college and have 10 years experience in protecting and knowing every
different Python script out there and everything available. You know, the industry needs to
change and let the lower people in in order to broaden and get those billion jobs filled.
But as far as their personal security,
just remember, it's all gonna follow you.
I mean, there's laws out there now
that you have to turn over your social media accounts
in order to have certain things.
They just change that in New York state.
If you wanna carry a gun,
you have to turn over your social media
to figure if you're a good social character.
So hopefully you didn't say something strange in the last few years and it's
going to follow you forever. I bet Ross Albrich would tell you the same thing when not
don't put Ross Albrich at gmail.com on things because it's going to last forever.
Yeah, people sometimes for some reason they interact on social media as if they're talking into a couple of buddies, and just shooting shit, and mocking, and like, you know, what is
that? Busting each other's jobs, like making fun of yourself, like being, especially gaming
culture, like people who stream. That's not recorded. Oh my God, the things people say
on those streams. Yeah, but a lot of them are recording. So there's a whole twitch thing
where people stream for many hours a day.
And I mean, just outside of the very offensive things
they say, they just swear a lot.
They're not the kind of person that I would want to hire.
I want to work with.
Now, I understand that some of us might be that way privately, I guess, when you're shooting a shit with friends, like, uh,
playing a video game and talking shit to each other, maybe. Yeah. But like, that's all out there. You have to be conscious of the fact that that's all out there. And it's just not, it's not a good look. It's not like you're, you should, it's, it's complicated
because I'm like against hiding who you are.
But like an asshole, you should hide some of it.
Yeah, but like I just feel like it's going to be misinterpreted.
When you talk shit to your friends
while you're playing video games, it doesn't mean you're an asshole.
It's you're an asshole to your friend,
but that's how a lot of friends show love.
Yeah, an outside person can't judge how I'm friends with you.
But if I want to be, this is our relationship.
If that person can say that I'm an asshole to them,
then that's fine, I'll take it.
But you can't tell me I'm an asshole to them
just because you saw my interaction.
I agree with that.
They'll take those words out of context,
and now that's considered who you are,
it's dangerous. And people take that very nausea a lot like people treat their behavior
on the internet very, very carelessly. That's definitely something that you need to learn
and take extremely seriously. Also, I think that taking that seriously will help you figure
out what you really stand for. If you use your language carelessly,
you'd never really ask, like, what do I stand for?
I feel like it's a good opportunity when you're young
to ask, like, what are the things that are okay to say?
What are the things, what are the ideas I stand behind?
Like, what are, especially if they're controversial?
And I'm willing to say them
because I believe in them versus just saying random shift for the for the laws.
Because for the random shift, the laws keep that from off the internet. That said, man,
I was an idiot for most of my life. And I'm constantly learning and growing. I'd hate to be
responsible for the kind of person I was in my teens, in my 20s. I didn't do
anything offensive, but it just changes the person. I used to, I guess I probably still
do, but I used to, you know, I used to read so much existential literature. That was
a phase. There's like phases.
Yeah. You grow and evolve as a person that changes you in the future. Yeah, I thank God
There wasn't social media when I was in high school. I think God. Oh
My God, I would never be out in the FBI
Would you recommend that people consider a career as at a place like the FBI?
I loved the FBI. I never thought I would go any place else but the FBI
I thought I was gonna retire with the the gold watch and everything from the FBI that was my final launch.
No, but you know what I mean, it's an expression.
It's an expression.
It's an expression.
You get a gold badge, you actually get your badge in a loose site and your creds, put
in a loose site and all that.
So, does it, by the way, just on a tangent, such as we like those?
Does it hurt you that the FBI, certain people is distressed or even hated?
100% it kills me.
I've never, until recently, not, I sometimes being embarrassed about the FBI sometimes,
which is really hard for me to say because I love that place.
I love the people in it.
I love the brotherhood that you have with all the guys in your squad, the guys and girls. I just use guys. I developed
a real drinking problem there because we were so social of going out after work and continuing
on. It really was a family. I do miss that, if someone can become an FBI agent, I mean, it's pretty fucking cool, man.
The day you graduate and walk out of the academy with a gun and a badge and, you know,
the power to charge someone with a misdemeanor for flying on the United States flag at night,
that's awesome.
So, there is a part of like representing and loving your country, and especially if you're doing cyber security.
So there's a lot of technical savvy in different places in the FBI.
Yeah, I mean, there's different pieces.
Sometimes, you'll see an older agent that's done, not cybercrime, come over to cybercrime
at the end so we can get a job once he goes out.
But there's also some guys that come in.
I won't name his name, but there was a guy,
I think he was a hacker when he was a kid.
Now he's an agent, now he's way up in management.
Great guy, I love this guy.
And he knows who he is if he's listening.
He had some skills.
But we also lost a bunch of guys that had some skills,
because we had one guy in the squad
that he had to leave the FBI, because his wife became became a doctor and she got her residency down in Houston and she
couldn't move.
He wasn't allowed to transfer.
So he decided to keep his family versus the FBI.
So there's some stringent rules in the FBI that need to be relaxed a little bit.
Yeah.
I love hackers turned like leaders.
I go, one of my Quickly becoming good friends as much
There's a big hack in the 90s and then now was recently
Twitter
Chief security officer CSL
But he had a bunch of different leadership positions including being my
boss at Google but
my boss at Google, but originally a hacker. It's cool to see hackers become like leaders. I just wonder what would cause him to stop doing it. Why he would then take like a managerial
route, very high tech companies. I think a lot of those guys, so this is like the 90s,
they really were about like the freedom. There there's a philosophy to it.
And when I think the hacking culture evolved over the years, and I think when it leaves you
behind, you start to realize, oh, actually, what I want to do is I want to help the world
and I can do that in legitimate routes and so on.
But that's the story that, yeah, I would love to talk to him one day, but I wonder how
common that is to young hackers turn good.
You're saying it pulls you in.
If you're not careful, can really put you in.
Yeah, it's good at it.
You become powerful.
You become everyone's slapping you on the back
and say what a good job and all that.
At a very young age.
Yeah, I would love to get into my buddy's mind
on why he stopped hacking and moved on. That's going to be a good conversation. In his case,
maybe it's always about a great woman involved, a family and so on. Yeah. That grounds you.
Because like we have, there is a danger to hacking that once you're in a relationship once you have
family, maybe you're not willing to partake in. What's your story? What from childhood,
what are some fond memories you have? Fond memories? Where did you go up? Well, I don't give away
that information. In the United States? Yeah, yeah, yeah, in Virginia. In Virginia. What are some rough moments?
What are some beautiful moments that you remember?
I had a very good family growing up.
The rough moment, and I'll tell you a story
that just happened to me two days ago,
and it fucked me up, and it really didn't.
You'll be the first, but I've never told that.
I tried to tell my wife this two nights ago,
and I couldn't get it out.
So my father, he's a disabled veteran,
he was a disabled veteran.
He was in the army and got hurt.
And it was in a wheelchair his whole life,
all my growing up.
He was my biggest fan.
He just wanted to know everything about,
what was going on in the FBI, my stories.
I was a local cop before the FBI and I got to a high-speed car chase, you know, foot chase and all that and kicking
doors in. He wanted to hear none of those stories. And at some points, I was kind of too cool
for school and, ah, dad, I just want to break and all that and things going on. We lost
my dad during COVID, not because of COVID, but it was around that time,
but it was right when COVID was kicking off.
And so he died in the hospital by himself,
and I didn't get to see him then.
And then my mom had some people visiting her the other night,
and Tom and Karen Rogoberg,
and I'll say they're my second biggest fans,
right behind my dad.
They always asking about me and my my career and they read the books
and seen the movie. They'll even tell you that Silk Road movie was good. They'll hide you on that.
But and so they came over and I helped them with something and my mom was called me back a
couple days later and she said, I appreciate you helping them. I know you know fixing someone's
apple phone over the phone really isn't what you do for a living. It's not, it's kind of beneath you and all that. But I appreciate it.
And she said, oh, they loved hearing the stories about, you know, so rude and all those things.
And she goes, you know, your dad, he loved those stories. I just wish he could have heard of him.
He even would tell me, he would say, you know, maybe Chris will come home and I'll get him drunk and he'll tell me the stories.
But then she goes, maybe one day in heaven,
you can tell him the stories and I fucking lost it.
I literally stood in my shower sobbing.
Like a child.
Like just thinking about all my dad wanted
was those stories.
Yeah.
And now I'm on a fucking podcast telling stories to the world.
And I did tell him.
Yeah.
So, did you ever have like a long heart to heart with him about like,
about such stories?
He was in the hospital one time and I went through and I want to know about his history,
like his life, what he did. And I think he may be sensationalized some of it.
But that's what you want. You're down to hero. So you want to hear those things.
Is a good storyteller. Yeah, again, I don't know what was true and not true, but you know,
some of it was really good. And it's just good to hear his life. But you know, we lost him and
and now those stories are gone.
You miss him? Yeah.
What did he teach you about? What it means to be a man?
So my dad, um, he was a engineer. And so part of his job we worked for Vermont power and electric or whatever
it was.
I mean, when he first got married to my mom and all that, like he flew around in helicopter
checking out like power lines and dams, he used to swim inside the scuba into dams to
check to make sure like they were functioning properly and all that.
Pretty cool shit.
And then he couldn't walk anymore.
I probably would have killed myself if my life switched like that so bad. And my dad probably went through some dark points, but he had that from me maybe.
And so to get through that struggle to teach me like, you know, you pre-press on,
you have a family, people counting you, you do what you gotta do.
That was big.
Yeah.
I'm sure you're making proud, man.
I'm sure I do, but I don't think you knew that.
That I knew that.
Well, you get to pass on that love to your kids now.
I try, I try, but I can't impress them
as much as my dad impressed me.. I try, I try, but I can't impress them as much as my dad
impressed me. I can try all he want. But well, what do you think is the role of love?
Because you gave me some grief, you busted my balls a little bit for talking about love
a lot. What do you think is the role of love in the human condition?
I think it's the greatest thing I think everyone should be searching for it. If you don't have it, find it, get it as soon as you can.
I love my wife.
I really do.
I had no idea what it would love was until my kids were born.
My son came out and this is a funny story.
He came out and I just wanted to be safe and be healthy
and all that.
And I said to the doctor, I said 10 and 10 doc, 10 fingers,
10 toes, everything good. And he goes, nine and nine. I was like, what the fuck? I said,
oh, this is going to suck. Okay. We'll deal with it and all that. He was talking about the
app and the card, or some score about breathing and coloring and all that. And I was like,
oh, shit, but I had no one told me this. But so I'm just sobbing. I couldn't even cut the
umbilical cord. Like just fell in love with my kids when I saw them.
And that to me really is what love is, like just for them, man.
And I see that through your career, that love developed, which is awesome.
The being able to see the humanity in people.
I didn't when I was young. The foolishness of youth.
Yeah. You know, I needed to learn that lesson hard.
I mean, when I was young in my career, it was just about career goals.
And resting people became stats.
You rest on one, you get a good stat, you get out out of boy.
Maybe the boss likes it and you get a better job or you get you move up the chain.
It took a real change in my life to see that humanity.
And I can't wait to listen to your talk.
It's just probably hilarious and insightful.
Given the life of the two you lived and given how much you've changed each other's
lives.
I can't wait to listen, by the way.
Thank you so much.
This is a huge honor.
You're amazing person with an amazing life.
This was an awesome conversation.
Huge fan, I love the podcast.
Glad I could be here.
Thanks for the invite.
So exercise in the brain too.
It was great.
Great conversation.
And the hard too, right?
Oh, yeah, you got some tears there at the end.
Thanks for listening to this conversation with Chris Darbell.
To support this podcast, please check out our sponsors in the description.
And now, let me leave you with some words from Benjamin Franklin.
They can give up essential liberty to obtain a little temporary safety, deserve neither
liberty nor safety.
Thank you for listening and hope to see you next time.