Matthew Cox | Inside True Crime Podcast - Billion Dollar Cover-Up? Google Scam Exposed by Insider
Episode Date: May 16, 2025Exposing online scams and fraud with Robert from the rsnake showRoberts Links https://linktr.ee/rsnakeFollow me on all socials!Instagram: https://www.instagram.com/insidetruecrime/TikTok: https://www....tiktok.com/@mattcoxtruecrimeDo you want to be a guest? Fill out the form https://forms.gle/5H7FnhvMHKtUnq7k7Send me an email here: insidetruecrime@gmail.comDo you want a custom "con man" painting to shown up at your doorstep every month? Subscribe to my Patreon: https: //www.patreon.com/insidetruecrimeDo you want a custom painting done by me? Check out my Etsy Store: https://www.etsy.com/shop/coxpopartListen to my True Crime Podcasts anywhere: https://anchor.fm/mattcox Check out my true crime books! Shark in the Housing Pool: https://www.amazon.com/dp/B0851KBYCFBent: https://www.amazon.com/dp/B0BV4GC7TMIt's Insanity: https://www.amazon.com/dp/B08KFYXKK8Devil Exposed: https://www.amazon.com/dp/B08TH1WT5GDevil Exposed (The Abridgment): https://www.amazon.com/dp/1070682438The Program: https://www.amazon.com/dp/B0858W4G3KBailout: https://www.barnesandnoble.com/w/bailout-matthew-cox/1142275402Dude, Where's My Hand-Grenade?: https://www.amazon.com/dp/B0BXNFHBDF/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1678623676&sr=1-1Checkout my disturbingly twisted satiric novel!Stranger Danger: https://www.amazon.com/dp/B0BSWQP3WXIf you would like to support me directly, I accept donations here:Paypal: https://www.paypal.me/MattCox69Cashapp: $coxcon69
Transcript
Discussion (0)
eBay would be one example, and Google is another example.
They heavily, heavily make tons of money off of fraud.
Visa, MasterCard, they don't want any fraud.
They definitely do.
They make tens of billions of dollars out of that.
Why would I try and fix a system that we make billions of dollars on?
You can be really, really good at crime, and mostly how people get caught is...
There's a situation.
It's actually the very largest type of fraud on the internet that I'm aware of currently.
It's called surf fraud.
And it's basically, let's say I have a tax refund and on average it's going to be like
$3 or $4,000 from the government or something on average, right?
You know, some are huge, some small, none, you know.
But on average, let's say it's about $3,000 or $4,000.
Well, what these fraudsters do is they get enough information about an individual that they
can file the taxes on behalf of the victim.
And instead of that refund going to the victim, it goes to that.
And so, or a proxy or, you know, some dude in another country you can go pick it up.
So this turns out to be an enormous amount of money, about $4 billion a year.
And the only reason we really knew about it, I mean, I'm sure individuals knew about it.
And I'm sure the IRS knew about it.
But the reason why the kind of larger security community now knows about it is because
of these two whistleblowers who went after them.
And the reason they found out about it
is because one day, Intuit's going along,
and their chargeback ratios for people swiping credit cards
is, you know, whatever it is, 0.1%.
What is Intuit? Inuit, runs TurboTax and QuickBooks Online, I think.
I think QuickBooks Online is the one that I'm talking about specifically, though.
Um, but they own a bunch of stuff. At the time, they also owned a bunch of banks and stuff.
They're a pretty big, uh, financial company. But anyway, so at one day, they, uh, they noticed
their chargeback ratios. The amount of people who called in the visa master card and said,
hey, someone stole my credit card and used it at, uh, at QuickBooks, uh, went from whatever
it was 0.1%, which is typical, to like 10%, like some huge number. And typically when you hit
numbers over like say like six or seven percent visa master cards start finding you like crazy like
hundreds of thousands of dollars a day at minimum if you're a small company and maybe millions if
you're a big company so is this noticeable amount of backlash from visa master card because they want
it to stop immediately and so they'll punish the merchant uh for allowing that amount of fraud to go through
so all of a sudden all this fraud start happening like why what what why are they using fake credit cards on
our site well it's because
at some point, some smart fraud guy realized that instead of getting, let's say it's $3,000
on average, instead of taking like $100 out of the refund and giving it into it, if you use
a stolen credit card instead, pay the $100 out of that stolen credit card for the utility
of that of QuickBooks Online, suddenly now you're making $3,000 instead of $2,900.
So that ends up being a sizable amount of cash if you've got enough stolen credit cards.
And it turns out there's tons stolen credit cards out there that they can just buy in bulk, right?
So they're like, well, that's bad.
We've got to stop that immediately because we're losing a ton of money.
So they went and did a whole bunch of research to shut it down.
But really, all they really wanted to do was shut down the fake credit card part.
They didn't want to stop the part where they were actually still using QuickBooks online
to, or TurboTax Online, I think it's TurboTax Online.
Do a fraudulent transaction through the IRS.
Exactly.
So they went, and the reason for that is they went back and looked at what that meant to their
bottom line.
If they were to remove all of that fraud, what would have meant.
And it's about $100 million to their bottom line a year and what they take home.
So this isn't small dollars to that.
You know, can you imagine being the security guy inside the company going, hey,
I'd like to shut off
a hundred million dollars
worth of revenue
like you just
no one's going to take you serious
like no that's not a good idea
we can't do that
so pretty
gnarly
but that's one use case
for stolen credit cards
I think that there's a whole
kind of like land happened
it's still as far as I can tell
it's still happening
because they're
making $100 million a year
what are you going to do
you can't turn that tap off
so
Yeah, the hell with those ethics.
Well, and so now you're thinking, well, Visa MasterCard, maybe they care about the problem.
Well, so back a little bit earlier than that, I would say, but maybe five or ten years earlier,
they bought a company called Cybersource.
And Cybersource basically, think of it kind of like a knob that you can turn.
And so you can turn it all the way up and block all of the,
all of the fraud if you want,
or you can turn it all the way up
and allow all the fraud to go through, basically, right?
So it's a tuning home.
So imagine I basically was telling my system
that I would like to stop all the fraud
for the first, call it six months, four months, six months,
something like that.
Because after about six months as a merchant,
you start seeing what your real fraud ratio,
are, it takes about six months before the fraud goes through the system far enough,
that you'll see all of the chargebacks that will have happened.
So six months is about the magic number.
It can go up or down fluctuating if you have new products or services or if you get a ton
more traffic or whatever, different kinds of traffic.
That might change it.
But on average, it's around six months.
So after about call it four months, you can start saying, well, my chargeback ratios are
very low.
They're like 0.01% or something, very, very low.
Well, I will turn up the fraud.
I will give myself more fraud.
By doing that, you're basically saying to Visa and MasterCard,
our charge rack ratios are low enough that I would like to get enough more fraud in
that I'm going to make more money.
Because not every fraudulent transaction gets a chargeback.
Right.
It's some small fraction of it.
Most people do not look at their credit cards.
They do not notice an extra $100 here or there or whatever.
And even six months might go by and they don't notice it.
So as long as they're not racking up tens of thousands of dollars in their credit card bill, no one really checks.
And so it kind of just sneaks through.
So.
What's that?
I said, don't I wish.
So imagine now like six months has gone by and my chargeback for issues are still nice and low.
I'll turn up a little bit more and turn it up a little bit more.
Right.
And so Visa and MasterCard realized quite a few years back that really what they're most focused on,
they should be most focused on, is the retention of their users and how much their users are
using Buster MasterCard.
So some of that comes down to most convenient places to use it.
And some of it comes down to making sure that people don't feel like they have to always call
credit card company and say, it's been stolen again.
It's been stolen again because that brings down the utility of the credit card to the point
where you're not going to use it for really anything that you don't have to because it just
gets annoying to have to replace it all the time.
And that magic number turns out to be around 4, 5, 6% or so.
So when you start seeing chargeback ratios getting that high,
then they're like, well, this becomes a problem for us.
So they're going to start saying,
you need to start turning your fraud down, so they have cybersource.
So they're kind of in on it.
I mean, they know that this fraud's happening.
They could get the fraud to 0.01% back.
They could make it so it basically doesn't exist if they felt like it.
But they also make money on that fraud.
It's like the merchant makes money, they make money, and the average consumer just doesn't even notice a certain low rumble of fraud.
Yeah, I was going to say in like in mortgages, like they could make mortgages or applying for not just mortgages, but let's say applying for a credit card, applying for any type of a loan, you could make it almost fraud free.
you know the problem is it makes it so difficult for the average person at that point
it no longer it no longer becomes something that people want to take part in it becomes so
you know so what they do instead is they said look we're gonna we're gonna you know the actuaries
end up saying you know we're going to include that in the in the interest rate to cover
that so there's a certain amount you know banks do it um
Mortgage companies do it, you know, lenders in general do it, credit card companies do it.
You know, they incorporate that there's a certain percentage of fraud that we're okay with that we account for.
So it's not like they're losing money.
You know, it's not like they're losing huge amounts of money because they've accounted for it.
And they've, it's like we've got it set aside.
We're going to lose a billion dollars this year.
Well, guess what?
We set aside a billion point one.
We actually made money on the fraud this year.
You know what I mean?
So it's like the same thing.
it's um yeah and that irs thing the the irs you know scam like the irs you know they're they're
trying to kind of put a cap on it right and get it under control but it that was going on for
decades yeah it's still going yeah it's wrong yeah i mean really bad like it's still going it's
still going on they've you know they've done little things you know they put they gave you the
pin number now and there's little things that they've they've done but what's really amazing is that
you know, if I get your social security number and your, you know, your social security number, your, your address, some basic information on you.
And I file before you file, I can get your tax return.
Yep.
Which is, you know, is amazing.
A lot of people, it's funny, guys that I talked to locked up about it.
And I've had extensive conversations where they're like, listen, I'm talking about people that have never had jobs where we're applying for their social social.
security, I'm sorry, we're applying for their tax refund. And all I need is like,
this is some woman who's got three kids on welfare, hasn't had a job in 10 years. I'll go and
give her $300. She'll give me her full name and her social security number. And then I'll go
file saying that she made $65,000 last year for some company that she didn't, has never worked for
and she's got a tax refund for $6,500. And I'll get $6,500. And I'll get $6,000.
$6,500. They'll put $6,500 on like a prepaid card.
Yeah.
They'll send them the money and then they go and they cash it out and they've given her 300 bucks.
She's happy because she can always just say, that wasn't me.
What are you talking about?
I didn't do that.
Right.
And so these guys would be buying people's information from all kinds of people, from employers.
When people fill out a paper application, you know, they've got their full name.
They write all their information down.
And they give it to an employer with, it could be an any employer could take that.
You could go on Indeed or any of these websites and apply and have take applications or it could be, you know, I used to run ads in, you know, anything, you know, the flyer or, you know, now it would probably be you could run these ads in Craigslist anywhere and say, hey, I'm taking free mortgage applications.
you know there's government money government loans available you know people would call up you
know good credit bad credit no problem people would call up and give me all their information
you turn around and you file taxes so yep there's tons of ways you know not just that obviously
you can go and buy dumps you know on on the internet obviously too but you know they got to the
point I remember this one guy I had spoken with I always remember his name his name was um
Oh, gosh, his name was, I don't remember it.
I know, now I can't remember it because he had a name of a, it was, it was, what was his name?
Oh, shoot, it was a, it was like a famous rapper's name at the time.
He had the same name as the guy.
Oh, it was rush, something rush, because I remember there was the rush card that they'd come out with.
And, and he had, he was talking about when he first started doing it, he said that,
He said, you'd file 10 of them.
He said, nine of them would go through.
He said, now two years later, you'd file 10 of them and two would go through.
He was like, but what is it matter?
It didn't matter.
He said, and what's so funny is that sometimes they wouldn't go through and they would say, like, call the IRS.
And they'd send a letter and say, call the IRS.
He said, because he said, no fraudster's going to call the IRS.
They just forget about it.
He said, I call up.
Where's my tax refund?
He said, I'd argue with them, and they'd sit in it.
They'd go, okay, we'll fix it, we'll take care of it.
He was because think about it, I have all the information.
So you'd argue with them.
A lot of people think this is this too, which is complete BS.
People don't understand how the system works.
If I open up a company and I hire you for $80,000 a year,
and I'm supposed to have withheld, let's say, $20,000,
and then send that money to the IRS, right, for Social Security, Medicare, all these
breakdowns, you know, your federal income tax withholdings.
And I'm supposed to send that to the IRS.
And then, of course, I notified the IRS, hey, I own this company.
And I took, you know, $20,000 out of Roberts check, and I send it to you.
And then you apply for your tax refund saying, hey, I work for Matt's company.
He took $20,000 out.
After all my deductions, I'm supposed to get, you know, he over, he took two.
he took 20,000 out, but he only should have taken out 15, you owe me $5,000.
That's your tax refund.
Well, what's funny is people think the IRS knows that I have a company and that I took
$20,000 out and that they've got a little account somewhere with that $20,000 so they can
readily check your statement, your refund with what is in their little coffers.
but the truth is they don't know that at all
because no matter what
if you file and say look
Matt Cox withheld 20,000
you guys owe me five
they can't
let's say I never filed at all
what if I never told them anything
I never sent any money to them
do they still have to give you the 5,000
absolutely
they have to give you the $5,000
just because I withheld the money
and didn't send it to them
doesn't mean that you don't get the money
so even if they said look we don't know who Matt Cox is and he never sent us 20 we're not giving you five
they're not allowed to do that by law they owe you that money they're their issues with me
so a lot of people think hey why can't take get a tax refund how you can't i don't even work so
no i'm not a jeep i'm not in jeopardy of anybody claiming my tax refund because i don't work i never
made 80 000 Matt Cox never withheld 20 and he never sent it to the IRS so i'm not in jeopardy
if someone gets my social security number and files,
but that's not true.
You're still in jeopardy.
They still will send you the money.
You know, the system doesn't work the way people think,
which is what made me,
made my crime easy to do
is because most people think that the left hand
knows what the right hand's doing,
and they just don't.
Yeah.
So it, you know, just like,
you know people they think oh well visa visa master card you know credit cards you know
americans but they don't want any fraud they definitely do they make tens of billions of
dollars oh i'll bet you believe everyone same thing with the well so back in my world there's
there's there's kind of two examples i use pretty regularly so ebay would be one example and
google is another example where they heavily heavily make tons of money off of fraud so most
fraud eBay does not make any money off of, so they will try to stop it. And for those who
know nothing about eBay, their fraud systems are probably 10 years ahead of your bank. They're
way better than everybody else, like way better. In fact, all the other companies, like the
Googles of the world, all those other companies, they all learned from eBay, all the employees
who left. They taught them how to do it. eBay was way ahead of everybody else. Well, they had the
budget. They had the budget. It was it was one third.
of the company was trust and safety.
So it was an enormous amount of work put into it.
So their fraud systems were amazing.
But there's one type of fraud as an example
that there was basically nothing.
In fact, there was literally one,
I think it was maybe one,
maybe as many as five total lines of code
trying to protect this one type of fraud,
which is one of the most common kinds of fraud.
You're like, well, why would that be?
Why would they change?
Everything else has tens of thousands of lines of code
trying to protect against it.
many different sub-features and different programs running and all kinds of things happening,
and people dedicated to focus on it.
But why one of the most common is there just five lines of code that no one seems particularly
interested in fixing?
And that particular piece of code only asks, are you bidding on this item from the same
IP address that you put the item up?
so let's say I put up a beanie baby back when those things were popular for like five bucks or something
there's a kind of a nice beanie baby maybe it typically goes for like seven bucks or something
and I say my minimum bid is five and then I see that maybe I've got one person who bid on it
for like you know 530 or something well that person's interested I know I've got someone who's
interested. So I can bid on myself and say, well, how about for 545 or something? And they're like,
oh, I'm bidding on something. Drum the bright up. Right. Yeah, it's called shill bidding as the
actual technical term for it. And you can do this programmatically. You don't need to do it with your
hands. There's lots of different tools out there to do it. But the simplest way is to do it on the same IP
address. So you log in eBay and then you log out of eBay. You create another account and you log into
that another account and you're bidding on the item yourself.
And if you accidentally buy the item,
you don't really spend particularly large amount of money
because you're not actually using PayPal.
You're not actually wiring it to yourself.
You're not shipping.
So you don't have all, you don't incur all those costs.
You only incur the cost at eBay, the listing cost,
which is tiny.
So you make tons of money if you succeed
and you lose a tiny amount if you fail.
So people are like, well, this is bullshit.
Like obviously this person is the same person.
They're logging in from the same IP address, like 10 minutes afterwards, whatever.
So, and eBay had to say we have some control over this problem.
And so they put the absolute minimum amount of effort possible into it,
just to make sure that it's been dealt with.
Because if you think about it from eBay's perspective, two things happen.
They make a percentage of the upside on the PayPal side,
if the actual deal goes through, and they make the listing fee.
So the more of these transactions that go through at a higher rate, the better.
Back when they owned PayPal, they don't own PayPal anymore.
Yeah, there's no real downside.
There's no downside from eBay's perspective, but really out all, except if what ends up happening, if you do this, if you play this game enough times, pay it millions and millions of times, what ends up happening is the rough price for items goes up by a market amount, especially for commodity items.
Not so much for like stuff you might find in a swap meter, you know, a flea market or, you know, Amazon.
antique store or something, those one-off items that are super rare, they'll tend to always be
whatever they are. But the commodity items like toothbrushes or, you know, light bulbs or
whatever that you could buy on Amazon will start going up to what you'd expect them to go for
on other platforms. So there's no longer the cheap place to buy commodity. Right. Yeah, I can just
go to Walmart and pick it up. Yeah. And maybe for cheaper, whereas before eBay was cheaper because
I'd have like 10 extra light bulbs
and I'm like, ah, I get selling some light bulbs.
But now, light bulbs in general are so
overpriced and there's so much showbidding
going on, playing this game out
millions and millions of times, that, yes, there might
be a couple light bulbs if I can just sneak it in
or whatever, but typically it's always going to be
the same price as everybody else
or maybe even worse.
So not a great long-term strategy, but great
in the short-term.
And then the other one is Google.
So Google has kind of a, you know, pretty, in my opinion, a pretty sneaky business model.
Most people are not aware.
They are not a search engine.
They're an ad engine.
If you go on Google and you search for like hotels in Miami or something, there is virtually nothing on the page that is actually a search result.
It is all like links to other Google products.
There's maybe a map with a whole bunch of real property.
that they want to send people to,
that it's theirs.
Maybe there's reviews.
There's 20 things that aren't that thing.
A bunch of ads,
a bunch of stuff that isn't a search result.
So search results are actually so far down now.
People don't even realize
that there are almost no search results on Google anymore.
Unless you really know what you're doing
and you kind of scroll down
and you get past all of that stuff at the top.
And even then, it's kind of hard to tell.
But if it's like a, like what's,
you know, what's my IP address or something or what's the translation or whatever?
You may never, ever hit another website.
You're going to stay on Google and you're going to do the translation right there.
So they're getting, they're trying to keep people on Google as much as possible.
And the reason they're doing that is because you make a lot of money on ads.
And their, their ad engine represents, and I don't know the current numbers,
but something along the lines of $100 billion a year.
So that's a lot of ads.
That's a lot of ads.
And they make nothing on the search engine, zero.
there's no money to be made at all on it.
They make a little bit of money on their search.
They had a search appliance that they had for a while and, you know, some other minor products.
Really, it's YouTube ads and Google Ads, AdSense, and AdWords.
And so back one, this is probably about 20 years ago now, I was on the advisory board of a company called Click Forensics.
And Click Forensics, their entire business model was, we believe that there's a lot more fraud going on inside Google's
ad engines, then people realize.
And I knew that to be true because before that,
I had worked at a company called ValueClick.
And ValueClick was, by far at the time,
had the best anti-fraud systems of any of those companies,
of all the double clicks and fly casts of the world,
anybody who's putting these advertisements on websites.
And the reason we were the best is because I infiltrated the click fraud groups.
And I was actually inside one of the guys trading,
codes and getting them to click on my ads and I click on their ads. And, you know, so
you'd be making a good amount of money. And so I knew that none of the other guys had
anything close to what we were building. Now, Google was slightly better than the average
because they, through an acquisition of double click, own part of value clicks. So they actually
got the ad, the amateur rod engine that we had built. So they were slightly better than everybody
else, but I knew that that system was still not very good and very heavily based on a guy like
me, infiltrating click fraud groups, which I knew that they weren't going to do after I left.
So when I joined Click Forensics, we think we can find a lot of fraud.
I'm like, oh, I know you will.
And I gave him some ideas and how to do it.
And they were finding massive amounts of fraud going through the systems.
So, for example, there was a piece of code called ClickBot A.
And ClickBot A would just click on ads all over the internet.
You just surf the internet clicking on ads all day.
And so you could never tell what the original ad that they wanted to click on was
because enough ads were getting clicked on that you couldn't tell which one was fraudulent,
which one wasn't.
So they couldn't just ban people outright.
That didn't really work.
And from Google's perspective, they're also like, well, that's a whole bunch more revenue for us
because they make money cash for every ad clicked.
And so basically,
Basically, they changed their name, Click Forensics, changed the name to Adometry.
And I'll give you one guess who bought Adometry.
I don't know.
Google.
Okay.
I thought we were talking about Google.
So Google bought the only company out there who was trying their best, and I wouldn't
say they were that good, but still pretty good at identifying fraudulent click fraud going
through the Google ecosystem.
We now estimate that, well, I'll tell you,
I'll tell you another quick story to give you some idea of why I know what I know.
So I was doing some research on something completely unrelated.
I was trying to figure out how likely it is that somebody will click on something in the browser.
So if you hide some feature deep in the browser, you have to file, settings, blah, blah,
how likely is it the click on the thing?
And in particular, I was interested in this one particular thing that would stop advertisers from tracking you.
And it was a kind of a failed idea from the beginning.
It was never going to work.
But it was an interesting use case because anyone who heard about it wanted to turn on to stop people from tracking them.
And so I knew that Internet Explorer was something like, I don't know, like five close.
clicks or four or five clicks or something like that, Firefox was three clicks, and Google was something like seven clicks. Of course, they wouldn't want anyone to, you know, stop tracking them because they make all their money on tracking people and advertising to them. So that was my conjecture, is that you're going to see Firefox was going to be a very high amount of people using this particular HP header. You know, we'd see Internet Explorer kind of middle of the pack and Chrome would be way dead last. And actually, actually,
exponentially less people turning on this particular feature.
So I contacted a banner advertising company that I know,
and I'm like, hey, I want all your locks.
And anyone else asking this question, they'd say, go to help.
But it's me.
And so they're like, okay, well, we'll give them to you.
And I'm like, I want this very specific slice of data.
I want to see a user agent and that this one particular header is turned on or not.
And it turned out that Internet Explorer was like 10%.
Like, all the others were really, really low.
Like, why is it 10%?
Like, that can't be right.
A number doesn't make sense.
Unless Microsoft itself had rolled out some patch to turn it on,
there's no way they would ever be that high.
It should be like 0.001%.
Like crazy flow.
Okay.
I was going to say, do people know this is even possible,
or you're saying, were they advertising it?
Well, I mean, the part of their advertising,
hey, you could do this, it's easy.
People who know, no, and that's the thing.
It's like, it's such a small group of people.
There's no chance.
Think about how many billions of people on the planet.
I think it's like at that time it was maybe three billion or no two billion or so internet
internet users on the planet are you telling me that you got what did it true I can't even do the
math uh was it 20 million is that right 20 million people to click on six buttons or whatever
was to get there like this is no way like no no no way to educate them to do it and to get them
to do it impossible never gonna never ever ever ever going to happen unless it was automated
somehow and I'm right so so it's one of two things happen this is either not true and their their logs
are somehow messed up or their or Microsoft did something weird so I did a bunch of research trying
to figure out Microsofts did something weird they didn't I know the guys over at internet explorer
I'm like did is there any reason this could be the case like nope um so it turns out I it kind of
just came to me I'm like holy shit that's just how much fraud that this advertising system is
getting because what happened is, and they might be getting more, but at least 10% of it,
somebody, some hacker somewhere, dumped their, uh, dumped what their browser looks like when
they're, when they're legitimately doing a request and they had it turned on. So like,
so they just copy pasted what their, what the request looked like. And they're sending it out
billions of times and clicking on a bunch of ads. And so that's for a limited time at McDonald's,
enjoy the tasty breakfast trio. Your choice of chicken or sausage McMuffin or McGriffon or
McGrittles with a hash brown and a small iced coffee for five bucks plus tax available until
11 a.m. at participating McDonald's restaurants. Price excludes flavored iced coffee and
delivery. That number up. So it drove that number up to like 10% or whatever, despite the fact
that absolutely is impossible, like truly impossible. But now we finally had some real telemetry.
I'm like, that means that, I mean, and that's the low bar. That's just what we know from that one
mistake that that one hacker made, at least 10% of the amount of clicks going through the
internet on ads are fraudulent. That means if it's $100 million a year advertising
business for Google, that means $10 billion a year is being wasted on ad fraud.
Well, then I'm sure they immediately fixed it.
Well, ethically, we don't feel comfortable with this.
this isn't right yeah i wonder why he had that on his um browser is it i wonder if
he held he was a hacker he's like me so he's trying to i know he's trying to hide his his um
area or you know whatever a location but why did he include it you're saying it was a mistake
but is it possible that he did it because every time those bots were clicking he didn't want
those them to be located either like you're like now suddenly you know
all this information is coming from this one area.
Actually, that's a really good theory.
That could have been the case.
You're right.
I suspect it was probably more likely to be just a flat-out mistake based on what I saw.
But you never know.
Maybe there was some additional things there where he's like maybe there's a possibility
that some of these ad engines might actually respect this header and stop tracking me.
And if that's the case, great, it costs me nothing to include this extra, you know,
a couple of bytes of information.
So either way, yeah, I'm not saying that Google doesn't do anything to stop fraud,
but I am saying that whatever numbers they're reporting are intentionally, as eBay's are,
they have no incentive to fix this problem.
And the only way that this gets bad is if enough companies realize they're wasting
a huge amounts of money on these ads that are never going to supply them, real eyeballs
and real clicks to their, you know, their brand or whatever,
I think that might, if they start losing real revenue,
real revenue, like in the neighborhood of like $50 billion a year,
that might cause them to start reevaluating their fraud models.
It's funny, I do work for a company called Home Title Lock.
And what they do is they monitor people's home title.
Right. So you're the title to your house. And if there's any change in public records,
it notifies you, hey, you know, did you just transfer your deed or did you just, you know,
refinance your house? Did you, because what happens is someone like me could come in very easily
and file, I could take like one page and I can get rid of your mortgage. I just file what's
called a satisfaction of mortgage. And I go downtown, I don't even have to go downtown. You just file it
online. You know, I can go sit in, you can go sit in, you can go sit in, um,
Starbucks and I can you know you know scan the document I can send it and it gets recorded so and now
now with the pull the title on your house there's no mortgage on your house so and then I can file
another you know you wait two days whatever and you file a transfer of of title so like a warrant
you know there's different deeds but a warranty deed showing that your deed to your house and
your name has now been transferred to someone else or I could just get
I could just I could just order a fake ID in your name, but and sell it directly in your name.
But so anyway, you know, then of course you can go online and I could, you know, do a sale or
refinance your house or transfer the deed and sell the house, whatever case may be.
So this company protects against that.
What's funny is every time I'm interviewed about it, people are, are like, you know, well,
why doesn't the government, like, is this fixable?
And I go, it's absolutely fixable.
why wouldn't the government fix it?
Why would they?
It costs the government nothing.
They're like, yeah, but it costs, what are you talking about?
It costs, you know, hundreds of millions of dollars.
This is done all the time and this is the.
Yeah, but it costs the government nothing.
The government didn't lend the money on your house.
The government doesn't care if your house gets transferred.
Like, it's causing you a problem, not the government.
So why would they change it?
They go, okay, well, what about the title companies that ensure,
your home. They don't ensure against this. So once again, it costs them nothing. They ensure that the
day of closing, that title is in your name. That there's no, there's no encumbrances on your title,
and that your title's clean today, and we're putting it in your house, your name today. Now, if in two
days from now, something happens. That's it. That's your problem. So the day of the of the closing,
everything's correct. After that, it's on you. So once again, if this problem were to be corrected.
So who's the fault in that case? Is it the buyer? The buyer must, you know, beat it, right?
Yeah, they basically have to go out and get an attorney and try and fix this. Now, if the house was sold,
let's say the house was sold. Let's say I, my house. This scenario.
Well, let's say suddenly your house is sold from underneath you.
One day, you know, you start getting foreclosed on.
You're like, what's going on?
Oh, well, someone sold your house, borrowed money on it, didn't make the payments,
and now the bank's foreclosing on your house.
You're like, the house is in my name.
They go, no, it's in the name John Smith.
It was transferred two months ago, and half a million dollars was borrowed on it,
and there's never been a payment and we're foreclosing.
What do you talk about?
You have to go get an attorney.
so is there an incentive like if you start looking down the chain of everybody that's involved in this nobody it doesn't really cost anyone any money so there's no reason there's no incentive to fix it in some cases if you fix it it would like if the title companies sorry the insurance the title insurance companies were to go to the public records and let's say devise some kind of a system or they'd
begged the government to fix the system, and they fixed it, you don't need title companies
anymore.
Like, so why would they go out of their way to fix it?
They would rather pay the claims because they make so, there is so much money in title
insurance.
It is a cash cow.
So why would I try and fix a system that we make billions of dollars on?
Like, that's just stupid.
The only person that this causes a problem.
problem is consumers or homeowners. Everybody else makes money doing it or makes money in this in this whole thing. I mean, it's the same thing. It's like it's like from the outside you think you know the system. And then you're, but once you're on the inside, you realize, wow, this is this this this isn't correct at all. Like this is really very immoral and unethical, the very least.
least. You remind me of a kind of a semi-related story about sewing your house out from underneath
you. This isn't the same kind of fraud, but you'll see what I mean in a second. So this is kind
of a happen to a friend of a friend of friend sort of deal. But apparently they knew that
the CEO of the company, as a smallish company, was leaving on a business trip and he'd be on
it'd be on an international flight for like whatever, seven hours,
or 12 hours, whatever it was, right?
And so the night before,
they delivered a bunch of like those pod type things
filled with carver boxes, tape, markers, that kind of stuff, right?
Packing materials.
And as soon as he was on the flight,
they sent an email spoofed from him to the entire company
and said, okay, I'm sorry, I'm leaving on a flight.
I'm not going to be able to respond anything.
But this sort of an emergency situation,
we had a problem with our lease.
We need to move everything into these pods
because we're going to have to move to a new location.
Don't worry.
I got it all sorted.
I'll let you know more details when I land.
But for today, get all of the stuff,
put it in these pods,
pack everything up, tape it all up.
And if somebody doesn't show up to work,
make sure that their stuff's packed up.
It needs to be out of there by this time.
We have some drivers coming.
they'll take it away.
But it needs to all be done by this.
So everyone diligently packed everything up, taped it all up,
right all who would belong to, whatever.
Put it on these pods or whatever,
and they drove them away.
And they never saw all that stuff ever again.
You got the employees to burglarize the business for them.
Yes.
Not he, but the burglars.
Yeah.
Yeah.
So I think
I think you know
losing all
every single asset of your company
I for a long time
I thought that's the worst thing that can happen
but losing your entire house underneath you
I think might be the worst
Imagine all you did was you place
and add the newspaper to
rent out your house
you rent your house as someone who's
very qualified
they have the deposit
they've got canceled checks
showing they paid their rent on time for years.
They've got like just good credit across the board.
They move in.
They make three, four months payments.
One day you don't get your payment.
So you swing by the house to put a three-day notice on the front door.
And you go to check the mailbox because it's overflowing with mail.
You pull it out.
There's all these, there are all of these collection notices addressed to you.
And you go, that's weird.
You open so clear, address to you, you open and it says that, you know, whatever, Bank of America's foreclosing on you, you know, SunTrust Bank, you know, Tennessee National Bank, you know, BBT Bank. And you're like, what is going on? I got five banks foreclosing on my house. How can I have any banks foreclosing on my house? I have two mortgages on my house. I have a first mortgage and a second mortgage.
come to find out the person you rented the house to moved in the house
created two satisfaction of mortgages with Bank of America for your first and your second mortgage
went downtown filed those once the house was clear made a fake ID in your name
called up multiple banks and then borrowed $180,000 on your house at the same
time within a day or two closed on like five different loans on your house borrowed a million
dollars on your house and hold the money out over the next month or so and then just moved and you
didn't figure it out until you stopped getting your rent check and you come to find out of there's a
million dollars worth of from there's five or six banks foreclosing on your house to the tune of
nearly a million dollars you didn't do anything wrong except for live your life and run an ad in the
paper and just the cross the wrong person
And that's, you know, that, that happens.
That happens, God, I was reading a reading one the other day online.
It's funny, too, because I'll read these articles.
People send me these articles all the time, especially if it's real estate related.
And I'll read it.
And I'm sure you, you know this, because you'll read an article differently than the average person than your buddy who works.
Your buddy who works at Home Depot, you read that.
He reads that article.
He's like, oh, wow, that's crazy.
And he understands in a generalized.
sense. But you read that article and you go, oh, wow, they did this and this and this and then
they ended up and that's how they got the money and that's why it worked. Your buddy's like,
it doesn't really understand, but he knows something went wrong. So I'll get these real estate
related ones where it's an article that basically says like a couple of people made half a million
dollars. And, you know, by pretend, and it says pretending to be a real estate attorney and a title
company. Well, what really
happened when you break it down is
they rented an Airbnb
for a week. They ran
an ad in Craigslist
in multiple
different publications,
websites saying that their house was for
that this house is for sale.
People called up, because it was
under market value, people called up immediately,
came out to the house and they were
they said, well, I can give you a
contract, but we've got another contract pending.
but if you were to put up $3,000 or $2,000 non-refundable, then obviously the owner would know,
they're pretending to be a real estate agent, you know, the owner would know you were serious.
So people are giving $1,000, $2,000, $3,000, they're writing up a contract right
and then they do this for the whole week.
It ends up being half a million dollars.
You know, they're taking, you know, who knows how big these deposits are.
And they're depositing it into a bank account that they opened.
online in the name of a title company and they're depositing the money.
So everybody who's involved in this transaction thinks I read an ad, I went and looked at
the house.
It was slightly under market value.
I was very excited.
I gave him a $5,000 deposit.
Then I turned around and started screaming, where's my money?
You know, what happened?
I haven't heard from this person.
Come to find out it's an Airbnb that had been rented for a week by a scam artist.
It's crazy.
They didn't do it.
What did they do wrong?
You know, what did they like?
And where was their due diligence?
I'm not sure.
Like, how would they know anyway?
What?
I mean, ever been trolling all of the places you might advertise, I mean.
Right.
And think about it.
Every time you've ever sold a house, all you did was call a real estate agent or buy a house.
You went to, you talked to a real estate agent.
You went by the house.
You met them.
They gave you a business card.
You didn't check to see if this was a real estate agent.
You didn't call the owner to make sure he really had this real estate agent.
listing their house. You didn't do any of those things. You just went through the process.
Hey, so what did you want to talk about? Well, I want to tell you about Wagovi.
Yeah, Wagovi. What about it? On second thought, I might not be the right person to tell you.
Oh, you're not? No, just ask your doctor about Wagovi. Yeah, ask for it by name.
Okay. So why did you bring me to the circus? Oh, I'm really into lion tamers. You know, with the chair and
everything? Ask me.
for Wagovi by name.
Visit Wagovi.comi.com.
For savings.
Exclusions may apply.
Scary.
Yeah, it is scary.
I mean,
losing your livelihood
is right up there as well.
The only thing really
beyond there is starting to get to the point
where people are actually coming after you
personally.
And that does happen,
especially if you get involved with the cartels
or like some of these more organized criminal organizations or spooks, obviously.
Yeah, a buddy of mine literally yesterday got swatted as a matter of fact.
And, you know, he's one of those guys who's just out there and just talking about stuff.
I wouldn't even say he's particularly contentious, but, you know, he pissed off the wrong group of people and suddenly they got to come after him, you know?
And so, you know, he's, you know, has a whole bunch of police show up at his house.
with guns drawn, you know.
Like pretty bad news.
Say, did you, you know that one swatting that went wrong, right?
The guy opened the door and they shot him.
Yeah.
It was just a wrong address.
It was just an at wrong address completely.
Yeah.
Yeah.
In this case, they spoofed an email from him to the school district claiming he was going to
go shoot it up, whatever, you know.
And so they shut down the school district and rated,
his house.
And that, I mean, that was attempted murder.
And, I mean, there's a, there's a lot of things kind of like that.
I mean, there's some even creepier stories.
We've had to take down some pretty big groups.
Like, we took down an entire town in Romania once.
And basically every male in the entire city went to jail.
And I feel like this is, I read.
I feel like, remember I told you I had read the Wired article.
They called it like scam town or something in the name of it where they were talking about the Western Union.
There was like more Western Union per capital in that town than anywhere in the world.
And they had, I remember in the article, sorry to interrupt you, but that they had two detectives on the busting scam artists.
And they were like, there's two of us.
Like, there's only two of us.
Like, half the people in this in the town are committing scams.
And the big thing was they weren't that concerned.
And keep mind, this was 10 years ago.
I read the article.
They were like, they weren't at least 10 years.
Honestly, it might have been 15 at this point.
Yeah.
That's right.
So they were saying that they, they weren't that concern because they weren't stealing from their own people.
It was all internet based and they're stealing from foreigners.
And they just weren't that concerned about it.
I mean, not that the detectives weren't concerned.
They were genuinely concerned.
Yeah.
But they also said that, look, there's, there's so little money here that, you know,
that the most of the police work with these guys.
They'll call and tell them, hey, you're going to get raided.
Yep.
You got about 12 hours before they show up.
Yep.
So, but you were saying it was.
Yeah, that actually dovetails nicely into the story.
So we actually sent a couple guys there to investigate just to kind of get a lay
the land and um and they were just at a bar kind of just kind of chatting with the the bartender and he's
like what do you do and you know for your spare time or whatever it's like oh internet fraud and uh
you know it's like even the bartender like even you know just some random studio like how like how
like how is this your other job you know um and so we ended up raiding this town
basically every male in the town went to jail and uh the chief of police it wasn't the chief police
involved in it, was not located in the town.
He was somewhere in the main city.
And so about a couple weeks later, he disappeared and just literally never showed up again.
And we're pretty sure that that group of people you're talking about, the police that were informants,
they needed to know how that happened.
And so, like, you can't let that happen again.
So, you know, go and torture this guy until you figure out how we actually got caught.
that shouldn't have been possible.
So that guy, you never did find him.
But, yeah, so the world of internet security is like very closely related to organized crime.
A lot of overlap, which makes it incredibly dangerous for practitioners.
Yeah, I was going to say the Russians and, you know, Chinese and Russians and a lot of those
organizations will pull off scams that the Italian mob, you know,
they just don't you know they don't they don't get that sophisticated but a lot of the companies a lot of
our like the russian mob and stuff will do really sophisticated types of frauds yeah not that they
don't sell drugs and do you know other things too but it's they'll they'll do pump and dump
schemes they'll do have massive credit card um uh you know groups going around europe you know hitting
credit cards doing credit card counterfeiting uh i wrote a book about a a a credit
card counterfeiter that was working with the Russian mob. And I mean, he's like, they were ordering
50,000 credit cards at a time, or, you know, I'm sorry, you have 50,000 dollars worth of
a credit cards at a time. A hundred thousand. He's like, that's, that's unheard of. He's like,
your typical credit card buyer or counterfeit credit card buyer, he's like, they're ordering
10, you know, 10 cards at a time at five bucks a card or $10 a card. He's like, they're not making
huge orders. He was working with one guy that was literally, he said, just,
ordering massive amounts he ended up having i think he got two i don't think he had three i think
he had two or three um you know the thermal printers that the uh the fargo 2500 or whatever it was
it's like a three or five thousand dollar printer and you know had the embossers and everything
and so he's massively making sending out these cards and sometimes they give them the
the information to put on the track and uh yeah and it was all it was like
all Russian and
Russians that were doing it and they had
they worked with teams
that would go throughout Europe
and just hit stores and just buy up a ton of stuff
and then there's these guys that work
actually with the store owners sometimes
periodically they'll come in and buy out a
you know run up a bunch of
a bunch of transactions
that didn't actually happen
yeah I remember one story
It was a, I forget how they originally found this guy, but effectively they found a bunch of photos of the person that they were after.
And this guy's like high profile, you know, scam artist or whatever.
They really needed to find him.
And so they got a digital forensics expert to analyze the photos.
And so there's basically a photos of him and his girlfriend and some other guy on a vacation together.
So they flew from wherever it was in Europe, down to Sharmal Sheikh in Egypt,
hung out there for a while and then flew back, basically.
So it was like a two or three day vacation or something.
And so, but it was just basically photos of the trip, right?
You know, him and his girlfriend sitting there taking photos in their seats, you know, at the hotel, whatever.
But they didn't know where exactly it happened.
They didn't know when.
They didn't know how long ago, et cetera.
and they really needed to find all this information.
So they were able to track what kind of airline,
what kind of airplane it was, rather,
by virtue of the photos on the inside.
So they could tell it was this type of layout,
so it was probably a Boeing, whatever, whatever, right?
And they were able to tell what seats they were in
by virtue of the photos.
Then they figured out what hotel they stayed in
because there was a photo of a bunch of drink,
and you could see underneath a napkin.
They could see the embossing of the name at the hotel.
And then they had a picture of them at night,
and in the night sky, you could tell one of the planets or something.
So they knew exactly when that occurred, like exactly.
And then they found, there was another photo of them departing
and part of the coastlines.
They knew what direction they had taken.
So they knew the flight path.
which was a correlating all that together they knew exactly the inbound flight and the outbound flight it must have been one of these five flights inbound and it was definitely this flight outbound so that who was on both flights and they were able to figure out exactly what these were and then they tied it tied it back to a to a credit card that was used um to buy two things or three things the the the flights a um a camera which
matched to the XF data inside the photos and a rental car, a car, a rental car, I think it was.
But then with a rental car, they were able to figure out where he went with a rental car because
it had, you know, the GPS stuff built into it or whatever. And that's how they nailed him.
That's insane. Did you see the documentary, Don't Fuck with Cats?
Yes. I was going to say that's very, that scenario you just gave me very similar.
Although, you know, those, they were pretty bad at that, actually.
They ended up getting somebody killed.
I mean, that was pretty bad.
But you mean, the people that were following them?
Yeah.
I mean, the first half, I don't think, I don't feel like they contributed to the murder.
Uh, the, the, rewatch that, man.
The first half of it is them accidentally getting someone else killed.
Uh, it was pretty bad.
I mean, I'd have to rewatch it because I, I thought they were just kind of track
because he had killed the kittens
and so they were kind of just trying to figure out
who they went after the wrong person
Oh that's right
Initially they had named the wrong person
Yeah you have to be really really careful
You really have to know what you're doing
You can't just be some internet slip
That person didn't
Did that that person get killed or kill himself?
I think they committed suicide
But you know
That's come on
I don't know man
I think I'm not thinking myself out
no matter how much of a problem.
Yeah, you have to be really, really careful with stuff like this.
You really do.
I've been involved with cases where everyone just got very excited about somebody
rather than having good evidence on it and, you know, busted down doors and it turns out
they were totally innocent.
I'm like, why are you doing?
Just because you get excited, you really have to follow the real evidence.
It's one of the reasons I'd make a terrible witness because I could caveat my way out of anything, you know, like, what is the possibility you got this wrong? Well, you know, statistically is very high.
Like, well, how could you, how could you ever like tamper with this data? Well, incredibly easily, actually.
So I don't. That's not what they want to hear when they got. Not what anyone wants to hear. They want to hear definitive. I saw with my own eyes. Yeah. I'm on a 100% positive. It was him. Even though eyewitness testimony is almost all.
It's always inaccurate.
Yeah.
So I remember I was going to say I actually saw two guys break into a car one time right in front of me.
But right there, like they're 20 feet away.
Saw both of them clearly.
When the cops showed up, they were like, could you tell us, you know, could you pick them out of a lineup?
I was like, no.
You know, he was like, well, how tall were they?
I was like, tall.
They were like, well, how tall?
I'm like, look, I'm five foot six.
Everybody's tall.
I couldn't tell you if he was five nine or six foot one he was 20 feet away he was a black guy I don't know and I looked at the cop I remember the cop next to him was black I go it could have been him I don't know he's 20 feet away my adrenaline shot up I couldn't pick the guy out it's not that I don't want to help I called the police like I want to help you I'm the one that jumped out of the car and screamed at the guys what are you doing you know and they took off running because they saw me and they yelled at me and I you know instead of walking away I was like nah bro will
So that's not your car and they immediately just took off.
So I was ready to help.
But I'm also not going to stand there and point people out that I'm not positive that.
I don't know who those two guys were.
There were two young black guys.
Like, I'm not, I don't know.
I would actually rather as, you know, even if they are absolutely guilty,
I'd rather them get away with it than get someone who is totally innocent and put them in.
Right.
I mean, I agree.
They'll get caught some other way, some other time.
You know, one of my.
old scamma buddies used to say, and I think it was very, very wise. He's like, like, you can be
really, really good at a crime, but you could only do one crime at a time. And mostly how people
get caught is they're doing two crimes at the same time. You know, so they'll be speeding and
they'll have drugs in the car. They won't get caught for the drugs. They get caught because they're
speeding. And then the cops will pull them over, like it was to smell like weed in your car,
whatever, you know, or they'll be like, drugs are very related often. They'll be extremely
high first crime and then they'll go rob something well then they make mistakes because they're
high and they you know kind of forget what we're doing and even if drugs aren't involved
it's it's criminals get cocky that every time i got away with something i became emboldened by
it and i got cockier and cockier and got even you know you would think oh he just got listen
i've been handcuffed taken to a police station they the i got walk the head of wakobia's
department screaming at the cops. This guy's committing a shotgunning scam. He has withdrawing
he's got multiple mortgages on this property. He's withdrawing the money. It's a, it's a scam.
He was absolutely right. I talked my way out of it. The police let me go, told him that there was a
mistake at the bank. Loan officer must have made a mistake. My explanation seemed okay.
It was reasonable. He let me go. I took off.
you would think I would have said, hey, I got away with it.
Absolutely not.
Absolutely.
Within a month or so, I was committing even more, more egregious crimes because I just
gotten away.
Because in my mind, it was, I'm just that good.
They'll never, even when they got me in handcuffs, I talked my way out of it.
And I know many, many people that are running multi, they're making millions of dollars
a year.
And they do something, this is actually my buddy's at, actually is in the middle of
committing a mortgage, a huge, not a mortgage scam, sorry, a huge scam. He's making hundreds of
thousands of dollars. He's got half a million dollars in the bank and he and his wife are on a little
vacation and they check into a hotel for a week and they use a stolen credit card. You have half a
million dollars in the bank. You can't pay $1,500 to rent a place for five days. Are you in, are you
kidding me. Are you kidding me? Well, he was like, why would I have a stolen credit card? I don't know.
Maybe because if they were to go through the stuff in your room, they'd see that you're running a
massive scam. Maybe that person gets notified and checks. Maybe like, why risk it? That those are the
you know, you get cocky and you think you're you're above it and the rules don't apply. You're just
that smart and you just. And you do two crimes. That's exactly like that you're right. You just
screw up.
Yeah.
I mean,
if you really want to
be the best
bank robber in the
world or
best jewel thief
in the world or
whatever, you could
totally do it.
Like, you really
can do it.
I mean,
I wouldn't recommend
banks these days,
but jewel theft,
totally.
100%.
You can totally do that.
You would just
have to be the
absolute best
like ninja stealth
dude in the world
and really know
your shit
and know exactly
all these security
systems work.
And it would be a
full-time job.
And no breaks,
no vacations.
This is what
focus on and getting the next big jewel, uh, jewel stuff done. This guy in Austin, just a couple
days ago, uh, he got held down at a bar and he got his watch stolen. It's like a $300,000
watch or something, crazy expensive watch. And they took an Uber home. It took a fucking Uber
home, you know, like, like you got to be, you got to, if you're really going to be good
at crime, you really have to know what you're doing. And you have to be truly professional. I think
that's the problem is everyone wants to think it's easy path it's actually the hardest path you
actually have to be perfect yeah yeah you can i always say you know the police can make a mistake
over and oh they only have to you know be right once like they always catch you once you know
they could keep making mistakes right you know you really can't make mistakes and that and that's
difficult to do because let's face it if you were that diligent and intelligent and hardworking
then you'd probably just go get a regular job yeah exactly and and probably make great money doing it
Uh, if you're that, if you're that dedicated, you know, you have crap, right. Yeah, yeah, exactly. I mean, most, my thing most of the guys, it's, it's, it's the, as a result of just, you know, of drugs and poverty and just they don't know what else to do or have anything else to do. And it's certain things get taught. That tax scam we were talking about, a lot of the guys that I was locked up with, like they were taught that. Like, they don't have the ability to do anything other than work at like a grocery store, bagging groceries. Like they just, they don't have an education. They drop that a, a
high school. They were raised in horrible areas. They have nobody really mentoring them. But they've
got a cousin that makes a lot of money committing fraud. And he teaches them the step by step.
Here's what you do. You get this. You go to your friends and get their social security numbers.
You do this. And kind of lays it out with them over the course of a week or so, teaches them how to do it.
They figure out how to do it. It works well for six months to 18 months. And then they get caught.
and then they go to jail for five years and they get out and they learn even more stuff in jail
and then they or prison sorry they get out and it just keeps going and going and going and
now it's a it's a that's just a part of it's a part of their life going in and out of prison committing
fraud because for them it's extremely lucrative and they don't have they don't have any other
there's no other avenue other than to go get a low paying job and you know stick it out like
So, yeah.
I feel bad for him, but it's not the life.
It really isn't.
Oh, no.
With all the cameras these days and all this internet telemetry and everything
you have phoning home all the time, like, oh, I just, I mean, it's rough.
I would really not recommend it.
Or if you're in it and you're doing well, now is the time to think about your retirement.
It's not going to get better.
It's going to get much, much harder for you very soon, too.
I've read a few articles on the original Silk Road, right?
And Ross, Ross, Ulbricht, I mean, I know he got like a two or three life sentences or something and 30 years plus five life sentences or something along those lines.
I mean, and I know that, you know, I know the basics of it out of, you know, what he was doing, why he was doing, which I always thought was weird, by the way, because I, I, I, I, I, I know.
I've met, you know, just based on my past, I've met a bunch of guys like this that are super, super bright, that for some reason they don't, like they have like they're bright, they should be able to live a normal life, be successful.
They have a couple of failures, which it seems to me like, like Ross had had a few failures.
And then he kind of just went off the grid.
like he he just like things didn't fall into place for him he didn't want to struggle in some way
and he suddenly decided hey i'm going to do something completely illegal and lucrative even though
he worked very hard at it but i think the payoff came pretty quickly he was also kind of one of those
dudes who uh he just maybe anarchists you know maybe kind of like i feel like he's he was
bright like what i think it's it's typically it's always some guy who's pretty sharp you know
that that kind of leans toward that and it's like they're rebels but he also had several
failed businesses too uh wasn't it and yeah i don't remember those details but uh but i do recall
he ended up moving from austin to san francisco to i think kind of go out in his own and
I suspect at least half of it
because I actually know one of his roommates
he probably just wanted to be more isolated
because he's starting to get
the business is rolling and he's having to do more
and it's kind of hard to hide that
if you've got roommates
so I think that was at least part
of what happened there
was the girlfriend at the time
I don't know about that but he was living with a girl
but I don't think that they were romantically involved
Okay. Well, I mean, I know eventually he ended up getting arrested. I forget, was it the FBI? Well, it was sort of a customs deal. He was importing a number of drugs and all kinds of stuff. But how he actually got caught was he tried to import a passport, a set of legal passports. He wanted to create new identities.
Right.
So they hosed as the people who were shipping the thing.
So they were basically a sting operation.
And he ordered it from his own site.
And then they just basically followed it to his address.
And when they busted him, he actually had his laptop open and logged in to Silk Road.
He had a notebook open with the passwords with his diary effectively, like saying everything he had done.
And I mean, it was a very clear-cut case.
It was definitely him, you know?
It's like, I think he just didn't think they were going to be able to get to him, right?
He was using a server that was located in Iceland or something.
Like, he really felt like he was insulated and it eventually wasn't.
Yeah.
So you, we had talked about Silk Road 2.
And the only thing I know about Silk Road 2 was that,
I thought it was just kind of a
I mean obviously you can name
your site whatever you want was it was kind of a
copycat site
that had started
but that's all I know like that's all I could
find really on it was so
there was a bunch of Silk Road 2s
a bunch of different people tried to
start it up over again and I don't think it went
anywhere but
so how I get involved in this story
was about
two months after
got pulled into jail, I would say, approximately, I started getting a series of emails
from, you know, cartel members who wanted to start Silk Road 2. And I'm like, let's, let's do it.
And I'm like, I don't, why, why are you thinking I would do anything to do with this at all?
And they said, well, we know that you're the real guy who ran the original Silk Road.
And Russell O'Brick was just your patsy. And why do they think that?
Exactly. And I'm like, well, my answer was, I'm not. Right. I'm not where you think I am. I didn't do that. Like, yeah.
They said, sure. Sure. You're not. That's exactly what you'd say if you were the guys. Right. Well, that, well, how do I get out of it then? Right. So I'm like, okay, well, why, why do you think that I am the real guy? And like, well, you probably met him when he was living in Austin because you live in Austin. I'm like, okay, well, that sort of makes sense.
But you wrote your second to last blog post.
I wrote about 1,000 blog posts in my old website.
And the second to last one was sort of like,
if there was a possibility of ever taking over my security research that was doing,
maybe you'd use, like, my handles arsenic.
So you'd use like Dren Pirate Arsenic or something.
And you could kind of continue the research forward with using my name,
except for I didn't really feel like that was a good idea.
because I think the research should stand on its own.
I don't think you should tie it to any person.
So I said, I actually didn't think that was a good idea.
But he's the Dread Pirate Roberts.
I'm the hacker on the Silk Road.
I was talking about the Dred Pirate R. Snake Roberts, and I'm Robert.
So that naming thing, there was confusion there.
I wrote some code a while back called Slow Loris.
And Slow Loris was what's called a denial-service attack tool.
And basically it was used to take down.
websites. And it got a lot of publicity because it was used during the Iranian Green
Revolution to take down leadership websites. And the people who were doing the other types of
attacks before my tool came out were taking down the entire country and causing all kinds
of problems. So my tool was very specifically designed to be low bandwidth. So it didn't
affect the rest of the country. So protesters could talk outside the country. Anyway, it got a lot
of publicity. And so
Ross Oldbrich used
Lloris to take down websites of
competitors.
So I wrote it, he used it.
So that, okay, so there is, I was just
going to say, so there is a connection there because
that was a lot of research. If there was no
connection, I was like, that's a lot of research for
a couple of, for some cartel guys to put
together. Yeah. Oh, yeah. But
there is actually, at least there
is a connection. There, there is
a connection, although slight.
Also, Silk Road was a very well-designed system.
It was very secure.
And it took advantage of something called Web Application Security.
It did a lot of things correctly to stop certain types of attacks.
And my website was the Web Application Security Lab.
So it stands to reason that he and I somehow were talking to each other all the time.
And I was getting him advice on he might have been the developer,
but I was the guy, you know, puppet master behind it all.
So not, if I didn't know me and I didn't know the situation, I go, and if I had read this in like the New York Times or Washington Post or something, I'd be like, ugh, that sounds like he is the guy. Right. Right. And so I'm like, well, that, that's pretty good. It's not correct, but it's pretty good. What would you do with it? Like, let's say, let's say I said, no, and I don't want to help you out. What would you do with it? Like, well, we'd ruin your life. We'd spread this out everywhere that you could think of and we would make your life a living hell and you basically would
never get a job and you know we follow you everywhere kind of deal i'm like okay it sounds pretty bad
so okay what would you like me to do and i're like well we'd like you to come and take over silk road two
for us and i'm like okay what does that entail and i'm like well we already have a server set up so
you don't know where it is so we don't have to you don't have to we're not really risking anything
by doing this um so just go ahead and log into this server over here and uh start building and uh when
when you're done, just kind of let us know, and we'll, you know, start driving traffic to it.
So, so, I mean, at this point, you've got to be thinking you got to, you got to contact the FBI.
I mean, you can't go forward with it. Well, so here's what ends up happening. So I go ahead and
get access to the box. And it's on a tour hidden service. So it's designed to stop guys like me from
figuring out where it's located.
But one thing I think that they didn't really understand is one of my, one of the things
I'm very good at is decloaking things, figuring out where things are really located,
figuring out who people really are.
It's a, you know, you can have many areas of specialties in computer security that it just
happens to be one of mine.
And I am also security researchers, so I find net new exploits, things that no one's ever
seen before.
And so I found an exploit.
into our hidden services and decloaked it and figure out where it really was.
With that information, I then handed that off to people who cared about such things,
namely Interpol.
And so a couple months goes by and I don't hear anything.
I'm like, I mean, I gave these people to you on a silver platter.
I know exactly who they are.
They don't act about best.
And so I called up the people who care about such things.
And I said, hey, what the hell?
Like, what's going on?
Are you going to do something about this or what?
And they're like, oh, yeah, sorry about that, Robert.
We probably should have gotten back in touch with you quite a while back.
But don't worry about that guy anymore.
That guy has a job for the rest of his life.
So apparently that is a common tactic when they basically deliver somebody up like that.
Effectively, they become a full-time employee of whatever government,
jurisdiction they belong
to. And so they now have
an insider, so.
So they, I understand, they grabbed
the guy and now basically
working for them. He's a
he's a CI now. But still in
the organization.
Presumably, yeah.
Well, because thus far, he hadn't really
he had explored the possibility, but he
hadn't actually done anything. You didn't build the site.
You didn't. Well, he did
try to blackmail me.
And I am sure
he had done many other things that once they started investigating him they put a bunch of pieces
together so that was enough to get going and now he works for them so yeah i i didn't end up
building silk road too uh uh but it was a it was an interesting foray into that side of the
world um i wouldn't recommend it but yeah i interviewed a guy uh by the name of
Colby Colby Cop yeah K-O-P-P I think and he had actually what did he
he actually started a website you know uh which is common and he he had he'd started a website
and was he started the web did he start the website or I think he no no that's wrong he was just
a vendor he was a vendor on the website
site that's right and he was selling um he was selling different a variety of different types of
drugs and he did this for forever and at some point you know getting the drugs is obviously an issue
so it started with him getting drugs through a friend's father and who was like a connected to a
biker gang well those guys got busted a few of them and so but
In the meantime, he'd been connected with a supplier out of Mexico and they were, you know, cartel.
And then he eventually ends up meeting the guys from the cartel and they're, they're helping him.
They're providing the drugs, which he's then, he's got a reshipper that's doing all the shipping for them.
And I forget how long this went on for 18 months or two years.
He eventually gets busted and he's in prison right now.
But I interviewed him just before he was sentenced and went to prison.
So he pled guilty, but he hadn't been sentenced yet.
And so he did the interview with me.
And then I told him I would not release it until after he was sentenced.
So he was then sentenced and had like a couple months to turn himself in and contacted me.
He's like, okay, I was sentenced.
I got.
I forget what he got four or five years.
And he said, go ahead and release it.
So I released it.
But he had a fascinating story.
I think it's it's very, it was very interesting.
And he was great at telling the story.
But it was the same thing.
It was, well, he also had, it was, it was much, it was a very long.
It was probably an hour and a half, two hour story.
But it was great.
It was a really super interesting story.
So the security community does have a lot of these kinds of stories in them.
You know, you almost can't avoid the criminal.
element because half of what we're doing is protecting against the criminal elements.
So half of the actors in computer security are the other side, right?
And that can take the form of nation states or it can take the form of criminal actors,
but it's it is the other half.
So when you go to computer security conferences, for instance, I would say, you know, you walk
around and you're you're going to run into spooks and you're going to run into criminals.
like it's just kind of the nature of the beast and it's very hard to tell which one is which they all kind of look just like sort of nerds running around just having a good time and drinking too much um but like one example i think would be worth talking about with your group here um was the story of paula rue um
and so like this guy just a normal computer dork you know building some software um the software was designed to basically protect people's computers using something called
plausible deniability encryption.
So the idea is, let's say you get busted by the cops and you really, really don't want
to give up, you know, your super secret plans and stuff.
Let's say you've got the nuclear codes in them or something, like something terrible,
right?
Well, there's several different ways that that can go down.
Depending on where you're located, sometimes they'll just beat you up a bunch.
Sometimes they'll just put you in a hole and just, you know, wait it out until you get
tired of being in there. Sometimes they'll threaten you. There's a bunch of different ways that
that can happen. But basically what it comes down to is typically they just need to know that you either
do have it or don't have it. If they think you don't have it, then their gumption to continue to
punish you kind of goes down significantly. In many cases, they'll just let you go, especially
the United States. So, but how do you get them to believe that you don't have anything if you've got
this encrypted drive? Well, with plausible deniability encryption, you basically
have this software that when someone comes beating you up, you can give them a different
password than the main password and it'll decrypt and turn into something completely
different. So instead of the nuclear codes, it's, you know, your nude photos or something
that you obviously would not want out. And so it makes sense why you defend that password
to the point of getting beat up and whatever. And it's plausible that you would want to use
this software for such a purpose.
Right.
And so, therefore, it is very likely that you will allow them to continue to beat you up
for a prolonged period of time before you finally give it up.
So you basically just hold out as long as you possibly can, give them the fake password
to the other thing, and you can do multiple levels of this thing, right?
So there can be many different levels of plausible encryption.
So maybe you start off with your tax forms.
You're like, oh, I got my tax forms.
That's why I use it.
And like, uh-huh, uh-huh.
And then like a month later.
like, fine, here's my nude photos.
And then maybe a month later, it's like, okay, well, yeah, I cheated on my taxes last year or something.
And like, oh, that's why you're holding out so much or whatever.
So you never give up the primary thing you're really, really trying to protect whatever at the very bottom of these layers of these onions.
Anyway, this Paul de Rue guy developed this software and it was pretty clear by his employer that he had more or less stole it from them and was making it himself and like selling it on the side.
So they wanted to come after him and extract their pound of flesh for intellectual property theft.
And so he fled.
He just left the country and kind of just appeared.
No one knew what happened to the guy.
So years and years and years and years go by.
Where'd you go?
No one else.
Well, at the time, at that time, no one knows.
It's just kind of disagree.
So years and years go by and there's this piece of software that's on the internet called TrueCrypt.
and all security people kind of know it exists.
Many of us use it.
I use it.
A bunch of people use it.
I know if you're in my world,
you're probably using it or something very similar.
And someone at some point said,
where did this software come from?
Who wrote this thing?
Why are we all using this thing?
No one even knows who the author is.
Like, shouldn't we be asking this question?
Like, we're all using this thing.
What is that vulnerability is in it?
You know, is it written by spooks?
Like, we got to find that.
Like, someone do it.
audit on this thing. So it was sort of all hands on deck because we kind of all realized how
vulnerable we were by virtue of not knowing anything about the software. So we all do this research
and it turns out there's a couple small issues with it. Nothing really crazy. Just like
you'd have to be like a local user on it to attack another local user. So it's really not a particularly
big deal. But at the same time, we're all like, okay, but we can't rely on not knowing who this
person is. So we, the industry created a new one called Veracrip. So it's basically copy that of the old
one. And silently, TrueCrypt said, don't use TrueCrypt anymore, use VeraCrypt. It's like,
okay, well, I guess whoever wrote it agrees that the new version is better, and they weren't
a bad actor in this context. Around the same time, some investigative journalists start
digging into this case and trying to figure out, like, what is going on with this software?
Like, it's so weird. Well, they track it back to this guy named Paul Aruh, who they think
is the guy. Now, Paul is a very interesting.
character. So we grew up at, this is, this is the guy who disappeared, right? And so we know that
this is, this guy has built similar software that does a similar thing. And they start tying it
to a bunch of murders of real estate agents in different countries, like the Philippines. And
it was kind of like unclear why anyone want to murder these, these random Filipino, like, you know,
real estate agents, these women, like, why, why is this happening? Well, they track it back to
these two guys who were hit men, um, and who had fled the country immediately afterwards.
They had spent a multiple days with her, like, like going around, like checking out places
until they, I think they knew enough about her before they killed her. Um, the, the second one,
Catherine. Maybe they just got to know her. Yeah, I don't know, but they, they definitely,
they definitely had it out. You've known enough real estate agents. So, you know, I'm never hired.
So they basically tie it to another murder that's almost identical.
And they realize this is a serial thing.
They kind of figure out that the second murder, I think your name is Catherine Lee,
she was killed because there was another deal that happened with some of that she introduced to Paula Rue's team,
who was supposed to embezzle a bunch of money, buy a piece of property for like 50 million euro or something.
I forget if that number's correct, but whatever.
Some very large sum of money.
The deal fell through.
That guy fled the country with the money.
And so they're like, they have to kill somebody to, you know, send a message,
this is never going to happen again.
And so they killed her.
And so a similar kind of thing happened with a previous real estate agent where she had done
something hinky and they had to kill her as a result.
So this had been a group of real estate agents across these different island nations or whatever.
So then they start tracking it back.
the hitman and who are these hitmen and then where did they get their orders from and they kind
of backtrack it to this army ranger as former army ranger that had had a lot of PTSD and sort of
had joined up with this guy this this dude uh paula root and so uh and they realized that this guy's
been like a hitman for him for years and so he does contract killing for him um and and then they
start really investigating this guy. They flip him and they start going after Paul like through
this guy. And it turns out he's like one of the biggest arms dealer and drug dealer in the world.
Like he supplied the Somalis with a bunch of guns and ammunition. He supplied Iran. He had his own
fishing boats where he would like like supply missions to different regions, a bunch of different
arms deals around the country, around the world, rather, a really fascinating story.
And he's just a computer guy, you know what I mean?
So I think when you're thinking about computer security, you kind of have to kind of
blur your eyes a little bit.
It's like, yes, computer security, yes, but blur it to think about morality.
Like, morality can flip very easily depending on, you know, circumstances and people's
disposition and the economic situation and so on, which is why you see a lot more of that
kind of crime in drug-related situations where people are like hard up cash or in less economic
friendly zones, Middle Eastern and Eastern European type countries? Yeah, I was going to say,
you know, it's so hands off now, or it can be hands off now where, you know, dealing drugs or a lot
of things, you know, just based on
as a result of the
internet, it's, it's everything's like so
remote. Now you can be in the safety of
another country.
It seems, I was going to say, it seems like you can be in
the safety, but the truth is, is all these guys are,
oh, well, I use, you know,
VPN or I use this, or
they don't know this, they'll never figure this out.
And then they always end up grab, not always,
but they end up tracking these guys
down. But
it's not like they hacked into
the computer system. It's typically
because they start following their email address or they use the same nickname and they start
tracking all these different places and websites where this name has shown up and they read
enough about it and they build a little dossier and before you know it they're like this guy
lives in you know whatever Dallas Texas he's got to live in this area he you know we believe
he goes to this barber you know what I'm saying you're like how did you figure this out it's like
okay, well, there were these little, you know, breadcrumbs left all over the internet that he
never thought anybody would piece together. And then next thing, you know, they figure it out
and there's, there's your front door. And you're like, I don't understand. I was using,
you know, there was a, the server was in another country. I used a different, you know, whatever,
you know, different address, a different this, a different this. Yeah, but there's these little
things that put it all together is really detective work.
I mean, super interesting detective work that typically gets these guys that feel like
they're so safe.
Yeah, that is exactly how I broke one of the largest, I don't know how to use these words
without using these words, but CSAM group in the world, child pornographers and
the world.
I will try to use, I will try to say the story without.
actually using those words. I don't want you to get demonetized.
Right. That's fine. You know, it's, you're good. You want to just say,
let's go with, what, S-O's? Sure. Is that good? No. Yeah, whatever.
So effectively, there was this group that called themselves P, you know, that word,
you for university. And it was sort of a Dool-on-Tundra kind of meant like,
like there are young kids that we're going to be doing bad things to, but also we will teach
you how to do it.
So it was a pretty big organization, like maybe a hundred or more different people in it.
And so we were trying to track them.
I had an anti-that-P word group.
It was called the Ethical Hackers Against That P-word.
and so
what we found
we were basically monitoring
the group forever
and everything was encrypted
so you can't really see anything
or very rarely you could see anything
every once in all something
that sneak through
but
but one of the guys
one of the main guys
who ran the whole thing
he had to
there's a sort of initiation process
where they have to teach you
how to use the tools
so people come in
and they're just like
I don't know what hell I'm doing
and so they kind of have to say
okay if you want to do this
you're the tools you need
you know, you're going to have to learn how to do this
and you've got to start doing what you're doing over here
because we can tell who you are, blah, blah, blah, blah, blah, blah.
And then you evolve into this thing
where you are much more difficult to track.
And so this one guy,
part of that is using proxies and hack machines and that kind of stuff,
so you're not coming from your own IP address.
So this one guy joins and he's new.
And so he's talking an unencrypted chat at this point,
which is pretty typical.
And one of the heads of the thing posts,
and he's like, whoa, dude,
it's so weird you're like uh you probably like live on my street hell you're probably my next door
neighbor that's so weird or something like that and i'm like wow what is he talking about because he
didn't say anything related to where he lived or whatever and i'm just what is going on i don't
i don't understand how he would know that from looking at the for this message and i was just
you know bugging me for days i was thinking about it and then i started looking at the mailheaders
like maybe there's something in the mail headers i missed and i realized oh wait that guy isn't
using a proxy yet. He's not using a hack machine yet.
And so at this point, he hasn't committed any crimes, but, or at least not that I've seen,
but his IP address is a real IP address of a real person that he hasn't been encrypted
or hasn't, you know, been protected. Or even if it has, it doesn't matter because the other
guys looking at that IP address and realizes it's probably almost identical to his IP address.
Maybe it's one number off or something.
Now you know the area that that now you know exactly where he is.
All I need to do now is look for, you know, anybody who's connected to anything on that, you know, block or whatever, which is very easy to get a subpoena for. And that's how we broke the kicks. And so we busted like over 30 dudes. Like, as you imagine, doctors and lawyers and all kinds of stuff.
They probably ended up in Coleman with me. You would be shocked how many school teachers, principals, guys that worked at NASA, that you would meet. And you're just like, you know,
Wow. How do you end up in here?
Right, right. They always have a different reason. They're always, they always pick fraud.
They're always like, oh, I'm here for fraud. It's like, come on, but don't, don't pick my crime.
You know, because it always breaks down so quickly because once you say, well, what did you do?
They could never really quite tell you. They can, oh, I was, I was, it was credit card fraud.
They charge you with credit card fraud? Yeah, there is no crime.
There's no credit card fraud crime.
You know, and then they try and tell you, well, what they were doing with the fraud
or the credit cards and it never makes sense.
Like, it's like, stop it.
You know, this is, you're clearly not here.
They know they can't pull off drugs, you know, because they're not even going to come
close to drugs.
Right.
Yeah.
But probably good one.
I mean, there's lots of white color fraud out there.
It's just amazing.
These sites that are, like, there were guys that were paying four or $500 a month to be.
a part of a site, you know, to look at, you know, underage kids. And it was like, like, that's a
car payment. Yeah, right. You know, it's, it's like, this is, there's a real issue here.
It's also, by the way, one of those things from the other side, from actually trying to stop it,
it's one of those things you can not unsee. Like, once you've, you know, I will, I will,
I will spare your listeners some of the more gory details, but, you know, but you're watching
people like pay-per-view rape type stuff you know right like you get to tell them what to do and
you know it's it's pretty unbelievable and these are not kids like you're thinking like maybe
you know 12 years old 10 years old something like that these some of them are not even walking yet
you know what yeah and so it's pretty pretty fucking horrifying but um yeah i mean they'll spend
whatever uh they'll spend whatever to to do it and they'll put themselves in massive harm's way
Um, there was another case I was involved with, this is years later. I had to take a, I had to distance myself from that organization. It was just too much mental stuff on me personally. Like it was, yeah, the amount of depression I experienced seeing this stuff is kind of off the charts. But, uh, so a couple of years passed and I got a call from, or actually an email rather from, actually it was even weirder than that. It was a text message to a form that was logging a bunch of information on the,
old hacking website that I had set up years and years earlier. And I thought it was gone. I thought
it didn't exist anymore, but it still worked. And so I got a text message and an associated metadata
about this person who basically said, hey, Robert, we need to get in touch with you. And it's like,
I, you know, we're from the FBI or Homeland Security. And I'm like, yeah, I'm right.
Oh, no way. Full of shit. But sure enough, it really was. And so I was working at eBay at the time.
And I'm like, well, I don't have time to meet with you.
You're like, no, we need to meet.
Sorry, like, it's going to happen.
Like today kind of deal.
I'm like, well, I'm at work.
I'm like, well, we'll come be your work.
Oh, fuck.
So they show up at eBay offices.
And eBay offices, for those of you are not familiar with, like, big corporate environments.
You know, there's a receptionist.
There's 10,000 people walking around, like, going different places and, like, you know,
coming in and coming out.
and here's the FBI just like walking straight through the front door and I'm like I'm going to get you guys into a conference room right away like people are going to start asking questions I mean I worked in security you're in security it's not like yeah but on the product side of security not on the investigative side and so you say I'm a big shot that the FBI needs my help yeah yeah I at that time I was new enough that they I couldn't pull that off like you don't know anybody there's no reason for you to be talking at the I at least not then later on yes but
So anyway, they come into my office, in this conference room, and they're like, we believe there's this guy who may know it, possibly.
And I'm like, okay, well, why do you think that?
Like, well, because we arrested him for this stuff.
And I'm like, okay, what does that have to do with me?
He's like, well, he claims that you told him to put malicious software inside images, something called the GDI Plus exploit.
And I'm like, okay, I definitely didn't do that.
That exploit had just came out, by the way.
I'm like, definitely didn't do that.
And he's like, well, he claims, you did.
And so we're just curious if you, this rings any bell.
I'm like, well, no, can you give me his name and his handle?
I'll go look at all my email because he never know.
I've talked to thousands of people.
So it's right.
All right.
So I'm like, give me a day or so to just go through all my old email and see if I can find
anything, old chat messages or anything I can think of that might have the name.
And sure enough, nothing.
There was never anything about this guy.
So I call him again.
I'm like, okay, well, let's meet up again.
So they come back to the office,
shuffle him back to the same conference room.
I'm like, okay, so I found out two interesting things.
First of all, no, I don't know the guy,
or at least not under these two names.
Maybe he's got a different alias or something,
but not anything you gave me.
But secondly, that GDI Plus exploit,
when did you say you arrested him?
And they're like, we arrested him two months ago.
I'm like, well, that's funny
because that exploit came out one month ago.
so he has been doing a ton of research trying to find his alibi and he realized that oh there's this thing about exploits and images because it was just kind of coming out 10 15 years back and and so he leveraged that to try to convince them that that was a plausible defense that I had told him and he didn't think anyone's going to go get touch with me because I'm at her and there's no way and and I was actually pretty stealthy back then and so I'm like I'm you know
Yeah, I'm happy to go to court and say this is impossible.
So either he came up with the exploit or someone that he knows came up for the exploit.
And I guarantee you they're going to, like, I can get in touch with those guys.
They're going to say that they didn't heard this guy either.
You know, they're not going to release it to some random guy.
And so they went off and I don't know, maybe a month or so goes by.
And I'm like, like, I call him up.
I'm like, what's going on?
And you never got in touch with me and like, oh, oh, another one of those.
We should have probably gotten interested to you about this.
Yeah.
So the second we told him that you were willing to testify.
against him be flipped and immediately is going to go after all of his friends and um so the way i
what i understand because he was he was obviously trading um CP yeah right and then when they
caught him he was trying to say no no i was working with someone and we were trying to bust the bad
guys and we were he we were talking about him putting this in the images to help
destroy them or track them or so i'm not involved in this right i was trying to bust the organization
and then they talked to you and you're like that's that what happened okay but okay exactly um
yeah i'm sure that there's uh yeah i'm sure that the immediately trying to wiggle your way out of that
right i mean anything you can think of at that point but uh i mean it was it was a pretty
plausible defense uh not that it would have saved him uh which is the other
kind of stupid thing about that defense, but at least, at least he could have made it seem like
he was not getting off on it. You know what I mean? There's a difference. You know what I mean?
Yeah. Shoot, I was going to say these, uh, uh, I knew a guy who'd set up a server, um, and they were,
they were trading images and he was charging for it. And it was supposed to be completely, um,
you know,
anonymous.
And when they eventually do,
they track down the server,
they catch the server.
They,
they,
he had it in like a rented office in someone else's name.
All these things precautions he had taken.
Well,
they eventually track it back.
They still end up getting him.
Yeah.
And they grab him and everything.
And his whole thing was like,
no,
no,
I was setting it up,
but I didn't realize
they were going to be using it for this reason.
And,
you know,
it was too late.
He ended up getting like 15 years.
Because, of course, what people don't realize is that, you know, one, it's like possession.
Like, you just have possession of it.
Like, you don't, you don't even have to, you know, it was, like, there's no defense at that point.
Because the charge is, did you have possession of it?
Yes, I did.
You know, I didn't make it.
I didn't this, but I did have it on my computer.
You're done.
Like, I think the mandatory minimum is like three or four years.
Yeah.
And then, of course, the images, all the different images.
all the different images.
You can get charged with every single image.
Yep.
And they're getting easier and easier to find
because there's companies like Apple out there.
If you use iMessage, for instance,
or sorry, ICloud, rather,
all of your images are uploaded in their servers.
And they're doing hashes on those things.
And so they have hashes of, you know,
hundreds of thousands, millions of images or whatever
that have been collected and cataloged.
So they don't have to store the original image.
But if they see that image crossing the wire,
they immediately let the law enforcement know.
Facebook is doing something very similar.
They're actually the largest producer of reports on Earth.
And you wouldn't really think it's like Facebook, like why.
But they also own Instagram and a bunch of other properties.
And they do this as something very similar.
They just look at these hashes.
So unless you're very, very, very good at protecting yourself,
you're pretty likely to get caught these days.
It's getting, and now, when we did our bust at EHAP,
we had the largest bust in history that I'm aware of,
the first one I'd ever heard of at the time.
But now, innocent images, they'll bust like 100 people at a time.
And not 101 or 99, exactly 100 every single time.
And I think there's a reason for that.
They need to make sure that if you didn't get busted,
there you could have been 100 and once you know you could have been the next one on the list they just
you know they're just going down the list of the most easy at first that doesn't mean you're not
going to get busted next year when they go and they start pulling the next hundred batch of 100
they're busting 100 people at a time now and uh yeah i would i would not it's there was a time
when i think you probably could have gotten away with that fairly easily and i think that time is
quickly diminishing well listen i i i'm sure you have other things to do a few so i i appreciate
you giving me this much time i really do like i really enjoy talking to you um thank you very much
and uh um you have a book right yeah i'm uh early stages of uh getting it through the editing
process oh that's right we talked about that's right yeah yeah it's it'll be called AI's best
friend. And it's a pretty, pretty crazy read if you're into the idea of artificial
general intelligence as opposed to artificial intelligence, the part where it becomes sentient
or, you know, close enough to sentient. We can't tell the difference. And therein lies some
dragons, my friend. It is as a gnarly bit of business when you start talking about hallucinations
and something that's smarter than you are. Well, when you, I mean, when it is actually going to come
Wow, you should, we should do another episode.
Yeah, I love that.
I got the book and get you.
Yeah, great.
Hey, I appreciate you guys watching.
If you like the interview, do me a favor.
Hit the subscribe button, hit the bell so you get notified of videos just like this.
Leave me a comment in the comment section.
Also, in the description box, I have left Robert's YouTube channel.
And it is, I think it's the R Snake show.
and the link is in the description.
I really appreciate it.
Also, do me a favor.
You know, if you can swing it,
I would appreciate it if you would consider joining my Patreon
or possibly buying one of my true crime books.
Once again, I really appreciate you guys watching the show.
See ya.