Matthew Cox | Inside True Crime Podcast - Exposing Google's Billion Dollar Scam | Robert Hansen
Episode Date: December 4, 2023Exposing Google's Billion Dollar Scam | Robert Hansen ...
Transcript
Discussion (0)
The new Bimo V.I. Porter Mastercard is your ticket to more.
More perks. More points. More flights.
More of all the things you want in a travel rewards card.
And then some.
Get your ticket to more with the new Bimo V.I. Porter Mastercard.
And get up to $2,400 in value in your first 13 months.
Terms and conditions apply.
Visit Bimo.com slash Viporter to learn more.
eBay would be one example, and Google is another example.
They heavily, heavily make tons of money off of fraud.
Visa, MasterCard, they don't want any fraud.
They definitely do.
They make tens of billions of dollars out of that.
Why would I try and fix a system that we make billions of dollars on?
You can be really, really good at crime, and mostly how people get caught is...
There's a situation.
It's actually the very largest type of fraud on the internet that I'm aware of currently.
It's called surf fraud.
And it's basically, let's say I have a tax refund and on average it's going to be like
$3 or $4,000 from the government or something on average, right?
You know, some are huge, some small, none, you know.
But on average, let's say it's about $3,000 or $4,000.
Well, what these fraudsters do is they get enough information about an individual that they
can file the taxes on behalf of the victim.
And instead of that refund going to the victim, it goes to that.
And so, or a proxy or, you know, some dude in another country you can go pick it up.
So this turns out to be an enormous amount of money, about $4 billion a year.
And the only reason we really knew about it, I mean, I'm sure individuals knew about it.
And I'm sure the IRS knew about it.
But the reason why the kind of larger security community now knows about it is because
of these two whistleblowers who went after them.
And the reason they found out about it
is because one day, Intuit's going along,
and their chargeback ratios for people's swiping credit cards
is, you know, whatever it is, 0.1%.
What is Intuit? Inuit, runs TurboTax,
and QuickBooks Online, I think.
I think QuickBooks Online is the one
that I'm talking about specifically, though.
Um, but they own a bunch of stuff. At the time, they also owned a bunch of banks and stuff.
They're a pretty big, uh, financial company. But anyway, so at one day, they, uh, they noticed
their chargeback ratios. The amount of people who called in the visa master card and said,
hey, someone stole my credit card and used it at, uh, at QuickBooks, uh, went from whatever
it was 0.1%, which is typical, to like 10%, like some huge number. And typically when you hit
numbers over like, say, like six or seven percent, Visa MasterCard start finding you like crazy,
like hundreds of thousands of dollars a day, a minimum if you're a small company and maybe
millions if you're a big company. So is this noticeable amount of backlash from Visa MasterCard
because they want it to stop immediately. And so they'll punish the merchant for allowing that amount
of fraud to go through. So all of a sudden, all this fraud start happening. Why? Why are they
using fake credit cards on our site.
Well, it's because at some point,
some smart fraud guy
realized that instead of getting,
let's say it's $3,000 on average,
instead of taking like $100 out of the refund
and giving it into it,
you've used a stolen credit card instead,
pay the $100 out of that stolen credit card
for the utility of that of QuickBooks Online,
suddenly now you're making $3,000 instead of $2,900.
So that ends up being a sizable amount of cash
if you've got to have stolen credit cards
and it turns out there's tons stolen credit cards out there
that they can just buy in bulk, right?
So they're like, well, that's bad.
We've got to stop that immediately
because we're losing a ton of money.
So they went and did a whole bunch of research
to shut it down.
But really, all they really wanted to do
was shut down the fake credit card part.
They didn't want to stop the part
where they were actually still using
quickbooks online to
or turbotax online.
I think it's turbotax online.
A fraudulent transaction through the IRS.
Exactly.
So they went, and the reason for that is they went back and looked at what that meant to their bottom line.
If they were to remove all of that fraud, what would have meant.
And it's about $100 million to their bottom line a year and what they take home.
So this isn't small dollars to that.
You know, can you imagine being the security guy inside the company going, hey,
I'd like to shut off
a hundred million dollars
worth of revenue
like you just
no one's going to take you serious
like no that's not a good idea
we can't do that
so pretty
gnarly
but that's one use case
for stolen credit cards
I think that there's a whole
kind of like land
happened
it's still as far as I can tell
it's still happening
because they're
making the hundred million dollars a year
what are you going to do
you can't turn that tap off
so yeah the hell with those ethics
well and so now you're thinking well visa mastercard maybe they care about the problem
well so back a little bit earlier than that i'd say but maybe five to ten years earlier
they bought a company called cybersource and cybersource basically think of it kind of like
a um a knob that you can turn and so you can turn it all the way up and block uh all
of the
all of the fraud if you want
or you can turn it all the way up
and allow all the fraud
to go through basically, right?
So it's a tuning home.
So imagine
I basically was
telling my system
that I would like to stop all the fraud
for the first, call it six months,
four months, six months, something like that.
Because after about six months as a merchant,
you start seeing what you're
real fraud ratios are. It takes about six months before the fraud goes through the system far enough
that you'll see all of the chargebacks that will have happened. So six months is about the
magic number. It can go up or down fluctuating if you have new products or services or if you get
a ton more traffic or whatever, different kinds of traffic. That might change you. But on average,
it's around six months. So after about call it four months, you can start saying, well, my chargeback
ratios are very low. They're like 0.01% or something.
very, very low. Well, I will turn up the fraud. I will give myself more fraud. By doing that,
you're basically saying to Visa MasterCard, our charge rack ratios are low enough that I would
like to get enough more fraud in that I'm going to make more money. Because not every fraudulent
transaction gets a chargeback. Right. It's some small fraction of it. Most people do not look at
their credit cards. They do not notice an extra $100 here or there or whatever. And even six months
might go by and they don't notice it.
So as long as they're not racking up tens of thousands of dollars in their credit card bill,
no one really checks.
And so it kind of just sneaks through.
So,
uh,
so,
what's that?
I said,
don't I wish.
So imagine now like six months has gone,
gone by and my charge back for issues are still nice and low.
I'll turn up a little bit more and turn it up a little bit more.
Right.
And so Visa and MasterCard realized quite a few years back that,
really what they're most focused on, and they should be most focused on, is
retention of their users and how much their users are using Buster MasterCard.
So some of that comes down to most convenient places to use it.
And some of it comes down to making sure that people don't feel like they have to always call
credit card company and say, it's been stolen again.
It's to sell it again because that brings down the utility of the credit card to the point
where you're not going to use it for really anything that you don't have to,
because it just gets annoying to have to replace it all the time.
And that magic number turns out to be around 4, 5, 6% or so.
So when you start seeing chargeback ratios getting that high,
then they're like, well, this becomes a problem for us.
So they're going to start saying,
you need to start turning your fraud down, so they have cybersource.
So they're kind of in on it.
I mean, they know that this fraud's happening.
They could get the fraud to 0.01% back.
They could make it so it basically doesn't exist if they felt like it.
But they also make money on that fraud.
It's like the merchant makes money.
They make money.
And the average consumer just doesn't even notice a certain low rumble of fraud.
Yeah, I was going to say in like in mortgages, like they could make mortgages or applying for not just mortgages, but let's say applying for a credit card, applying for any type of a loan.
you could make it almost fraud-free.
You know, the problem is it makes it so difficult for the average person at that point.
Yeah.
It no longer, it no longer becomes something that people want to take part in.
It becomes, you know, so what they do instead is they said, look, we're going to, we're going to, you know, the actuaries end up saying, you know, we're going to include that in the, in the interest rate to cover that.
there's a certain amount, you know, banks do it, mortgage companies do it, you know, lenders and
general do it, credit card companies do it. You know, they incorporate that there's a certain
percentage of fraud that we're okay with that we account for. So it's not like they're losing
money. You know, it's not like they're losing huge amounts of money because they've accounted
for it and they've, it's like we've got it set aside. We're going to lose a billion dollars this
year. Well, guess what? We set aside a billion point one. We actually made money on the fraud
this year. You know what I mean?
Lock money.
Right. It's kind of a pain thing.
It's, yeah, and that IRS thing, the IRS, you know, scam, like the IRS, you know, they're trying
to kind of put a cap on it, right? And get it under control. But it, that was going on for
decades. Yeah, it's still going on. Yeah. It's strong. I mean, really bad. Like, it's still going,
it's still going on. They've, you know, they've done little things, you know, they put, they gave you
the pin number now. And there's a little.
things that they've they've done but what's really amazing is that you know if i get your social security
number and your you know your social security number your your address some basic information on you
and i file before you file i can get your tax return yep which is is you know is amazing a lot of
people it's funny guys that i talked to locked up about it and i've had extensive conversations where
they're like, listen, I'm talking about people that have never had jobs where we're applying for
their social security. I'm sorry, we're applying for their tax refund. And all I need is like,
this is some woman who's got three kids on welfare, hasn't had a job in 10 years. I'll go and
give her $300. She'll give me her full name and her social security number. And then I'll go
file saying that she made $65,000 last year for some
company that she didn't, has never worked for, and she's got a tax refund for $6,500.
And I'll get $6,500.
They'll put $6,500 on like a prepaid card.
Yeah.
They'll send them the money, and then they go and they cash it out, and they've given her
$300.
She's happy because she can always just say, that wasn't me.
What are you talking about?
I didn't do that.
Right.
And so these guys would be buying people's information from all kinds of people, from
employers when people fill out a paper application you know they've got their full name they write
all their information down they give it to an employer with it could be an any employer could take that
you could go on um indeed or or any of these websites and apply and have take applications or it could be
you know i used to run ads and you know anything you know the flyer or you know now it would
probably be you could run these ads in with Craig's list anywhere and say hey I'm taking free
mortgage applications you know there's government money government loans available you know
people would call up you know good credit bad credit no problem people would call up and give me
all their information you turn around and you file taxes so yep there's tons of ways you know
not just that obviously you can go and buy dumps you know on on the internet obviously too but you know
they got to the point
I remember this one guy
I had spoken with
I always remember his name
his name was
oh gosh
his name was
I don't remember
I know I can't remember
because he had a name of
it was it was
what was his name
oh shoot
it was a
it was like a famous
rapper's name at the time
he had the same name
as the guy
oh it was rush
something rush
because I remember
there was the rush
card that they'd come out with
And he had, he was talking about when he first started doing it, he said that, he said, you'd file 10 of them.
He said, nine of them would go through.
He said, now two years later, you'd file 10 of them and two would go through.
He was like, but what does it matter?
He was what, it didn't matter.
He said, and what's so funny is that sometimes they wouldn't go through and they would say, like, call the IRS.
And they'd send a letter and say, call the IRS.
he said, because he said, no fraudster's going to call the IRS.
They just forget about it.
He said, I call up.
Where's my tax refund?
He said, I'd argue with them, and they'd sit it.
They'd go, okay, we'll fix it, we'll take care of it.
He was because think about it, I have all the information.
So you'd argue with them.
A lot of people think this is this too, which is complete BS.
People don't understand how the system works.
if I open up a company and I hire you for $80,000 a year and I'm supposed to have withheld, let's say, $20,000 and then send that money to the IRS, right, for Social Security, Medicare, all these breakdowns, you know, your federal income tax withholdings, and I'm supposed to send that to the IRS. And then, of course, I notified the IRS, hey, I own this company. And I took, you know, $20,000 out of Roberts check and I sent it to you.
and then you apply for your tax refund saying,
hey,
I work for Matt's company.
He took $20,000 out.
After all my deductions,
I'm supposed to get,
you know,
he took $20,000 out,
but he only should have taken out.
15, you owe me $5,000.
That's your tax refund.
Well,
what's funny is people think the IRS
knows that I have a company
and that I took $20,000 out,
and that they've got a little account
somewhere with that.
20,000 so they can readily check your statement, your refund with what is in their little
coffers. But the truth is, they don't know that at all. Because no matter what, if you file
and say, look, Matt Cox withheld 20,000, you guys owe me five. They can't, let's say I never
filed at all. What if I never told them anything? I never sent any money to them. Do they still
have to give you the $5,000. Absolutely. They have to give you the $5,000. Just because I
withheld the money and didn't send it to them doesn't mean that you don't get the money. So even
if they said, look, we don't know who Matt Cox is and he never sent us 20. We're not giving you
five. They're not allowed to do that. By law, they owe you that money. They're their issues with
me. So a lot of people think, hey, why can't get a tax refund? I don't even work. So no, I'm not
I'm not in jeopardy of anybody claiming my tax refund because I don't work.
I never made $80,000.
Matt Cox never withheld 20 and he never sent it to the IRS.
So I'm not in jeopardy if someone gets my Social Security number and files.
But that's not true.
You're still in jeopardy.
They still will send you the money.
The system doesn't work the way people think, which is what made me made my crime.
easy to do
is because most people think that the left hand
knows what the right hand's doing
and they just they just don't
yeah so it you know
just like you know people they think
oh well visa visa master card you know credit cards
you know America's but they don't want any fraud
they definitely do
they make tens of billions of dollars
oh I'll bet you believe everything
same thing with the well
so back in my world
There's kind of two examples I use pretty regularly.
So eBay would be one example and Google is another example where they heavily, heavily make tons of money off of fraud.
So most fraud eBay does not make any money off of so they will try to stop it.
And for those who know nothing about eBay, their fraud systems are probably 10 years ahead of your bank.
They're way better than everybody else, like way better.
In fact, all the other companies like the Googles of the world, all those,
other companies, they all learned from eBay, all the employees who left, they taught them how to
do it. eBay was way ahead of everybody else. Well, they had the budget. They had the budget. It was one
third of the company was trust and safety. So it was an enormous amount of work put into it. So
their fraud systems were amazing. But there's one type of fraud as an example that there was basically
nothing. In fact, there was literally one, I think it was maybe one, maybe as many as five total lines of
code trying to protect this one type of fraud, which is one of the most common kinds of
fraud. You're like, well, why would that be? Why would they change? Everything else has tens
of thousands of lines of code trying to protect against it, many different some features and
different programs running and all kinds of things happening. And people dedicated to focus on
it. But why one of the most common is there just five lines of code that no one seems
particularly interested in fixing? And that particular piece of code only asks, uh,
Are you bidding on this item from the same IP address that you put the item up?
So let's say I put up a beanie baby back when those things were popular for like five bucks or something.
There's a kind of a nice beanie baby.
Maybe it typically goes for like seven bucks or something.
And I say my minimum bid is five.
And then I see that maybe I've got one person who bid on it for like, you know, $5.30 or something.
thing. Well, that person's interested. I know I've got someone who's interested. So I can bid on
myself and say, well, how about for 545 or something? And they're like, oh, someone, oh, I'm bidding on
the right up. Right. Yeah, it's called shill bidding as the actual technical term for it.
And you can do this programmatically. You don't need to do it with your hands. There's lots of
different tools out there to do it. But the simplest way is to do it on the same IP address. So you
log in eBay, and then you log out of eBay, you create another account, and you log into that
another account, and you're bidding on the item yourself. And if you accidentally buy the item,
you don't really spend particularly large amount of money because you're not actually using PayPal.
You're not actually wiring it to yourself. You're not shipping. So you don't have all,
you don't incur all those costs. You only incur the cost at eBay, uh, the listing cost,
which is tiny. So, uh, so you make tons of money if you succeed and you lose a tiny amount
if you fail.
So people are like, well, this is bullshit.
Like, obviously this person is the same person.
They're logging from the same IP address like 10 minutes afterwards, whatever.
So, and eBay had to say we have some control over this problem.
And so they put the absolute minimum amount of effort possible into it just to make sure that
it's been dealt with.
Because if you think about it from eBay's perspective, two things happen.
They make a percentage of the, of the upside on the PayPal side, if the actual deal goes
through and they make the listing
fees. So the more of these transactions
that go through at a higher rate
the better back when they owned PayPal.
They don't own PayPal anymore. Yeah, there's no real
downside. There's no downside from eBay's
perspective, but really out of all except
if what ends up happening
if you do this, if you play this game enough times,
pay it millions and millions of times.
What ends up happening is the
rough price for items
goes up by a market amount
especially
for commodity items. Not
so much for like stuff you might find in a swap meter, you know, a flea market or, you know,
antique store or something. Those one-off items that are super rare, they'll tend to always be
whatever they are. But the commodity items like toothbrushes or, you know, light bulbs or whatever
that you could buy on Amazon will start going up to what you'd expect them to go for on other
platforms. So there's no longer the cheap place to buy commodity. Right. Yeah, I can just go
Walmart and pick it up like yeah and and maybe for cheaper um whereas before eBay was
cheaper because I'd have like 10 extra light bulbs and I'm like I get selling some light bulbs
but now light bulbs in general are so overpriced and there's so much show bidding going on
um playing it playing this game out millions and millions of times that um yes there might be a couple
light bulbs I if I can just sneak it in or whatever but typically it's always going to be the
same price as everybody else or maybe even worse so not a great
not a great long-term strategy, but great in the short-term.
And then the other one is Google.
So Google has kind of a pretty, in my opinion, a pretty sneaky business model.
Most people are not aware.
They are not a search engine.
They're an ad engine.
If you go on Google and you search for like hotels in Miami or something,
there is virtually nothing on the page that is actually a search result.
It is all like links to other Google products.
There's maybe a map with a whole bunch of real properties
that they want to send people to that's theirs.
Maybe there's reviews.
You know, there's 20 things that aren't that thing.
A bunch of ads, you know, a bunch of stuff that isn't a search result.
So search results are actually so far down now.
People don't even realize that there are almost no search results on Google anymore.
Unless you really know what you're doing and you kind of scroll.
down and you get past all of that stuff at the top.
And even then, it's kind of hard to tell.
But if it's like a, like, what's, you know, what's my IP address or something or what's
a translation or whatever?
You may never, ever hit another website.
You're going to stay on Google and you're going to do the translation right there.
So they're getting, they're trying to keep people on Google as much as possible.
And the reason they're doing that is because you make a lot of money on ads.
And their, their ad engine represents, and I don't know the current numbers, but something
along the lines of $100 billion a year.
So that's a lot of ads.
That's a lot of ads.
And they make nothing on the search engine, zero.
There's no money to be made at all on it.
They make a little bit of money on their search.
They had a search appliance that they had for a while.
And some other minor products, really, it's YouTube ads and Google Ads,
AdSense and AdWords.
And so back one, this is probably about 20 years ago now.
I was on the advisory board of a coming call.
called Click Forensics.
And Click Forensics, their entire business model was,
we believe that there's a lot more fraud going on inside Google's ad engines,
than people realize.
And I knew that to be true because before that,
I had worked at a company called ValueClick.
And ValueClick was by far at the time had the best anti-fraud systems of any of those
companies, of all the double clicks and flycasses of the world,
anybody who's putting these advertisements on websites.
And the reason we were the best is because I infiltrated the click fraud groups.
And I was actually inside one of the guys trading codes and getting them to click on my ads and I click on their ads.
And you know, so you'd be making a good amount of money.
And so I knew that none of the other guys had anything close to what we were building.
Now, Google was slightly better than the average because they, through an acquisition of double click, owned part of value clicks.
So they actually got the anti-fraud engine that we had built.
So they were slightly better than everybody else.
But I knew that that system was still not very good and very heavily based on a guy like me,
infiltrating click fraud groups, which I knew that they weren't going to do after I left.
So when I joined Click Forensics, we think we can find a lot of fraud.
I'm like, oh, I know you will.
And I gave them some ideas and how to do it.
And they were finding massive amounts of fraud going through the systems.
So for example, there was a piece of code called ClickBond.
a and click about a would just click on ads all over the internet just you just surf the internet
clicking on ads all day and so you could never tell who's who what the original ad that they
wanted to click on was because enough ads were getting clicked on that you couldn't tell which
one was fraudulent which one wasn't so they couldn't just ban people outright uh that didn't
really work and from google's perspective they're also like well that's a whole bunch more revenue
for us because they make right a cash for every ad clicked um
And so, basically, they changed their name, Click Forensics, changed the name to Adometry.
And I'll give you one guess who bought Adometry.
I don't know.
Google?
Okay.
I thought we were talking about Google.
So Google bought the only company out there who was trying their best, and I wouldn't
say they were that good, but still pretty good at identifying fraudulent click fraud going
through the Google ecosystem.
We now estimate that, well, I'll tell you another quick story to give you some idea of why I know what I know.
So I was doing some research on something completely unrelated.
I was trying to figure out how likely it is that somebody will click on something in the browser.
So if you hide some feature deep in the browser, you have to file, settings, blah, blah,
how likely is it the click on the thing?
And in particular, I was interested in this one particular thing that would stop advertisers from tracking you.
And it was a kind of a failed idea from the beginning.
It was never going to work.
But it was an interesting use case because anyone who heard about it wanted to turn on to stop people from tracking them.
And so I knew that Internet Explorer was something like, I don't know, like five close.
clicks or four or five clicks or something like that, Firefox was three clicks, and Google was something like seven clicks. Of course, they wouldn't want anyone to stop tracking them because they make all their money on tracking people and advertising to them. So that was my conjecture, is that you're going to see Firefox was going to be a very high amount of people using this particular HP header. You know, we'd see Internet Explorer kind of middle of the pack and Chrome would be way dead last. And actually, actually,
exponentially less people turning on this particular feature.
So I contacted a banner advertising company that I know,
and I'm like, hey, I want all your locks.
And anyone else asking this question, they'd say, go to help.
But it's me.
And so they're like, okay, well, we'll give them to you.
And I'm like, I want this very specific slice of data.
I want to see a user agent and that this one particular header is turned on or not.
And it turned out that Internet Explorer was like 10%.
Like, all the others were really, really low.
Like, why is it 10%?
Like, that can't be right.
A number doesn't make sense.
Unless Microsoft itself had rolled out some patch to turn it on,
there's no way they would ever be that high.
It should be like 0.001%.
Like crazy flow.
Okay.
I was going to say, do people know this is even possible,
or you're saying, were they advertising it?
Well, I mean, the part of their advertising,
hey, you could do this, it's easy.
People who know, no, and that's the thing.
It's like, it's such a small group of people.
There's no chance.
Think about how many billions of people on the planet.
I think it's like at that time it was maybe three billion or no two billion or so internet
internet users on the planet are you telling me that you got what did it true I can't even do the
math uh was it 20 million is that right 20 million people to click on six buttons or whatever
was to get there like this is no way like no no no way to educate them to do it and to get them
to do it impossible never gonna never ever ever ever going to happen unless it was automated
somehow and I'm right so so it's one of two things happen this is either not true and their their logs
are somehow messed up or they're or Microsoft did something weird so I did a bunch of research
trying to figure out Microsoft's did something weird they didn't I know the guys over at internet
explorer I'm like did is there any reason this could be the case like nope um so it turns out
it kind of just came to me I'm like holy shit that's just how much fraud that this advertising
system is getting because what happened is and they might be getting more but at least 10%
of it somebody some hacker somewhere dumped their dump what their browser looks like when they're
legitimately doing a request and they had it turned on so like so they just copy pasted what their
what the request looked like and they're sending it out billions of times and clicking on a bunch of ads
and so that drove that number up so it drove that number up to like 10% or whatever
despite the fact that absolutely is impossible,
like truly impossible.
But now we finally had some real telemetry.
I'm like, that means that, I mean,
and that's the low bar.
That's just what we know from that one mistake
that that one hacker made,
at least 10% of the amount of clicks
going through the internet on ads are fraudulent.
That means if it's $100 million a year advertising business for Google,
That means $10 billion a year is being wasted on ad fraud.
Well, then I'm sure they immediately fixed it.
Well, ethically, we don't feel comfortable with this.
This isn't right.
Yeah.
I wonder why he had that on his browser.
Is it, I wonder if it helped.
He's a hacker. He's like me.
So he's trying to, I know, he's trying to hide his, his, you know,
area or you know whatever location but why did he include it you're saying it was a mistake but
is it possible that he did it because every time those bots were clicking he didn't want those
them to be located either like you like now suddenly you know all this information's coming from
this one area actually that's a really good theory uh that could have been the case you're right um
i suspect it was probably more likely to be uh just a flat out mistake um based on what i saw
but you never know.
Maybe there was some additional things there
where he's like maybe there's a possibility
that some of these ad engines
might actually respect this header
and stop tracking me.
And if that's the case,
great, it costs me nothing
to include this extra,
you know, a couple of bytes of information.
So either way, yeah,
I'm not saying that Google doesn't do anything
to stop fraud,
but I am saying that
whatever numbers they're reporting
are intentionally, as eBay's are,
they have no incentive to fix this problem, none.
And the only way that this gets bad is if enough companies realize they're wasting
a huge amount of money on these ads that are never going to supply them, real eyeballs
and real clicks to their brand or whatever, I think that might, if they start losing real
revenue, real revenue, like in the neighborhood of like $50 billion a year, that might cause
them to start reevaluating their fraud models.
It's funny, I do work for a company called Home Title Lock.
And what they do is they monitor people's home title, right?
So you're the title to your house.
And if there's any change in public records, it notifies you, hey, you know, did you just
transfer your deed or did you just, you know, refinance your house?
Did you, because what happens is someone like me could come in very easily and file,
I could take like one page and I can get rid of your mortgage.
I just file what's called a satisfaction of mortgage.
And I go downtown, I don't even have to go downtown.
You just file it online.
You know, I can go sit in, you can go sit in Starbucks and I can, you know, scan the document.
I can send it and it gets recorded.
So, and now with the poll, the title on your house, there's no mortgage on your house.
So, and then I can file another, you know, you wait two days, whatever, and you file a transfer of, of title.
So like a warrant, you know, there's different deeds, but a warranty deed showing that your deed to your house and your name has now been transferred to someone else.
Or I could just get a, I could just, I could just order a fake ID in your name, but and sell it directly in your name.
But so anyway, you know, then of course you can go online and I could, you know, do a sale or, or refiq.
or transfer the deed and sell the house, whatever case may be.
So this company protects against that.
What's funny is every time I'm interviewed about it, people are like, you know,
well, why doesn't the government, like, is this fixable?
And my God, it's absolutely fixable.
Why wouldn't the government fix it?
Why would they?
It costs the government nothing.
They're like, yeah, but it costs, what are you talking about?
It costs, you know, hundreds of millions of dollars.
This is done all the time and this is the, yeah, but it costs the government nothing.
the government didn't lend the money on your house the government doesn't care if your house gets transferred like it it's causing you a problem not the government so why would they change it they go okay well what about the title companies that insure your home they don't insure against this so once again it costs them nothing they ensure that the day of closing that title is in your own
name that there's no there's no encumbrances on your title and that and that it's clean your title's
clean today and we're putting it in your house your name today now if in two days from now
something happens that's it that's your problem so the day of the of the closing everything's
correct after that it's on you so once again if this problem were to be corrected so who is
Who's the fault in that taste?
Is it the buyer?
The buyer must, you know, beat it, right?
Yeah, they basically have to go out and get an attorney and try and fix this.
Now, if the house was sold, let's say the house was sold.
Let's say I, my house.
It's an arrow.
Well, well, let's say, let's say suddenly your house is sold from underneath you.
One day, some, you know, you start getting foreclosed on.
You're like, what's going on?
Oh, well, you're someone who sold your house, borrowed money on it, didn't make the payments.
and now the bank's foreclosing on your house.
You're like, the house is in my name.
They go, no, it's in the name John Smith.
It was transferred two months ago and half a million dollars was borrowed on it
and there's never been a payment and we're foreclosing.
What do you talk about?
You have to go get an attorney.
So is there an incentive?
Like, if you start looking down the chain of everybody that's involved in this,
nobody, it doesn't really cost anyone any money.
So there's no reason, there's no incentive to fix it.
In some cases, if you fix it, it would, like if the title companies, sorry, the
insurance, the title insurance companies were to go to the public records and let's say
devise some kind of a system or beg the government to fix the system and they fixed it,
you don't need title companies anymore.
So why would they go out of their way to fix it?
they would rather pay the claims because they make so there is so much money in title insurance
it is a cash cow so why would i try and fix a system that we make billions of dollars on
like that's just stupid the only person that this causes a problem is consumers or homeowners
everybody else makes money doing it or makes money in this in this whole thing i mean it's the same thing
It's like, it's like from the outside, you think you know the system.
And then you're, but once you're on the inside, you realize, wow, this is, this, this, this isn't correct at all.
Like, this is really very immoral and unethical, at the very least.
You remind me of a kind of a semi-related story, but sewing your house out from underneath you.
This isn't, this isn't the same kind of fraud.
but you'll see what I mean in a second.
So this is kind of a happen to a friend of a friend of friend sort of deal.
But apparently they knew that the CEO of the company,
as a smallish company, was leaving on a business trip
and he'd be on an international flight for like whatever, seven hours,
or 12 hours, whatever it was, right?
And so the night before,
they delivered a bunch of like those pod type things
filled with
carbure boxes, tape,
markers, that kind of stuff, right?
Packing materials.
And as soon as he was on the flight,
they sent an email spoofed from him
to the entire company and said,
okay, I'm sorry, I'm leaving on a flight.
I'm not going to be able to respond anything.
But this sort of emergency situation,
we had a problem with our lease.
We need to move everything into these pods
because we're going to have to move to a new location
don't worry. I got it all sorted. I'll let you know more details when I land. But for today, get all of the stuff, put it in these pods, pack everything up, tape it all up. And if somebody doesn't show up to work, make sure their stuff's packed up. It needs to be out of there by this time. We have some drivers coming and they'll take it away. But it needs to all be done by this time. Right. So everyone diligently packed everything up, taped it all up, who would belong to, whatever. Put it on these pods or whatever, and they drove them away.
and they never saw all that stuff
ever again
he got the employees
to burglarize
the business for them
yes
not he but
yeah
the the burglars
yeah
yeah
so I think
I think you know
losing all
every single asset
of your company
for a long time
I thought that's the worst
thing that can happen
but losing your entire house
underneath you I think might be the
might be worse
yeah
imagine all you did was you place and add the newspaper to to rent out your house you rent your house to someone who's very qualified they have the deposit they've got canceled checks showing they paid their rent on time for years they've got like just good credit across the board they move in they make three four months payments one day you don't get your payment so you swing by the house to put a three day notice on the front door and
And you go to check the mailbox because it's overflowing with mail.
You pull it out.
And there's all these, there are all of these collection notices addressed to you.
And you go, that's weird.
You open so clear.
Address to you, you open.
And it says that, you know, whatever, Bank of America is foreclosing on you, you know, SunTrust Bank, you know, Tennessee National Bank, you know, BB&T Bank.
like, what is going on? I got five banks foreclosing on my house. How can I have any banks foreclosing
on my house? I have two mortgages on my house. I have a first mortgage and a second mortgage.
Come to find out the person you rented the house to, moved in the house, created two satisfaction
of mortgages with Bank of America for your first and your second mortgage, went downtown,
filed those. Once the house was clear, made a fake ID in your name.
called up multiple banks and then borrowed $180,000 on your house at the same time
within a day or two closed on like five different loans on your house, borrowed a million
dollars on your house and pulled the money out over the next month or so and then just moved
and you didn't figure it out until you stopped getting your rent check.
And you come to find out of there's a million dollars worth of from there's five or six banks
foreclosing on your house to the tune of nearly a million dollars you didn't do anything wrong
except for live your life and run an ad in the paper and just the cross the wrong person
and that's you know that that that happens that happens god i was reading a reading one the other day
online it's funny too because i'll read these articles people send me these articles all the time
especially if it's real estate related and i'll read it and you read the article and i'm sure you you
you know this because you'll read an article differently than the average person than your buddy
who works your buddy who works at Home Depot you read that he reads that article he's like oh wow
that's crazy and he understands in a generalized sense but you read that article and you go oh wow
they did this and this and this and then they ended up and that's how they got the money and that's
why it worked your buddy's like i doesn't really understand but he knows something went wrong you know so
all get these real estate related ones where it's an article it basically says like a couple of
people made half a million dollars and you know by pretend and it says pretending to be a real
estate attorney and a title company well what really happened when you break it down is
they rented an Airbnb for a week they ran an ad in craigslist in multiple you know
multiple different publications, websites, saying that their house was for, that this house is
for sale. People called up, because it was under market value, people called up immediately,
came out to the house, and they said, well, I can give you a contract, but we've got another
contract pending. But if you were to put up $3,000 or $2,000 nonrefundable, then obviously
the owner would know, they're pretending to be a real estate agent. You know, the owner would
No, you were serious.
So people are giving $1,000, $2,000, $3,000.
They're writing up a contract right.
And then they do this for the whole week.
It ends up being half a million dollars.
You know, they're taking, you know, who knows how big these deposits are.
And they're depositing it into a bank account that they opened online in the name of a title company.
And they're depositing the money.
So everybody who's involved in this transaction thinks, I read an ad, I went and looked at
the house. It was slightly under market value. I was very excited. I gave him a $5,000 deposit.
Then I turned around and started screaming, where's my, you know, what happened? I haven't
heard from this person. Come to find out it's an Airbnb that had been rented for a week by a scam artist.
It's crazy. They didn't do it. What did they do wrong? You know, what did they like,
and where was their due diligence? I'm not sure. Like, how would they know anyway?
I mean, every time you're trolling all of the places you might advertise, I mean.
Right. And think about it. Every time you've ever sold a house, all you did was call a real estate agent or buy a house. You went to, you talked to a real estate agent. You went by the house. You met them. They gave you a business card. You didn't check to see if this was a real estate agent. You didn't call the owner to make sure he really had this real estate agent listing their house. You didn't do any of those things. You just went through the process.
scary yeah it is scary um i mean losing your livelihood is is right up there as well you know
the only thing really beyond there is starting to get to the point where people are actually
coming after you personally um and that does happen especially if you get involved with the cartels
or like some of these more organized uh criminal organizations or spooks obviously yeah buddy of
literally yesterday got swatted as a matter of fact and uh you know he's one of those one of those
guys who's just out there and just talking about stuff i wouldn't even say he's particularly
contentious but you know he pissed off the wrong group of people and suddenly they got to come
after him you know and so you know he's you know has a whole bunch of police show up at his house
the guns drawn you know like pretty pretty bad news say did you you know you know that one
swatting that went wrong, right?
The guy opened the door and they shot him.
Yeah.
It was just the wrong address.
It was just an wrong address completely.
Yeah.
Yeah.
In this case, they spoofed an email from him to the school district,
claiming he was going to go shoot it up, whatever, you know.
And so they shut down the school district and raided his house.
Horst, right?
And that, I mean, that was attempted murder.
and I mean there's a there's a lot of things kind of like that I mean there's some even
creepier stories we've had to take down some some pretty big groups like we took down an
entire town in Romania once and basically every male in the entire city went to jail
and I feel like this is I read I feel like I remember I told you I had read the
wired article they called it like scam town or something
something in the name of it where they were talking about the Western Union. There was like more Western Union per capital in that town than anywhere in the world. And they had, I remember in the article, sorry to interrupt you, but that they had two detectives on the busting scam artists. And they were like, there's two of us. Like there's only two of us. Like half the people in this in the town are committing scams. And the big thing. And the big thing.
was they weren't that concerned.
And keep mind, this was 10 years ago
I read the article. They were like, they weren't
at least 10 years. Honestly, it might have been
15 at this point. Yeah, that's funny.
So they were saying that
that they
weren't that concerned
because they weren't stealing
from their own people. It was all internet
based and they're stealing from foreigners
and they just weren't that concerned about it.
Right. Not that the detectives weren't concerned.
They were genuinely concerned.
Yeah. But they also said that, look,
there's there's so little money here that you know that the most of the police work with these guys
they'll call and tell them hey you're going to get raided yep you got about 12 hours before they
show up yep so but you were saying it was yeah that actually dovetails nicely into the story
um so we we actually sent a couple guys there um to investigate just to kind of get a lay the land
and um and they were just at a bar kind of just kind of chatting with the bartender and he's like
what do you do and you know for your spare time or whatever it's like oh internet fraud and uh you know
it's like even the bartender like even you know just some random studio like how like how is this
your other job you know um and so we we ended up raiding this town basically every male in the town
went to jail and uh the chief of police it wasn't the chief police involved in it was not
located in the town he was somewhere in the main city uh and so
about a couple weeks later he disappeared
and just literally never showed up again
and we're pretty sure
that that group of people you're talking about
the police that were informants
they needed to know how that happened
and so like you can't let that happen again
so you know go and torture this guy
until you figure out how we actually got caught
because that shouldn't have been possible
so that guy
we never did find him but yeah
So the world of internet security is like very closely related to organized crime.
A lot of overlap, which makes it incredibly dangerous for practitioners.
Yeah, I was going to say the Russians and, you know, Chinese and Russians and a lot of those organizations will pull off scams that the Italian mob, you know, they just don't, you know, they don't, they don't get that sophisticated.
but a lot of the companies, a lot of our, like the Russian mob and stuff,
will do really sophisticated types of frauds.
Not that they don't sell drugs and do, you know, other things too,
but it's they'll, they'll do pump and dump schemes.
They'll do, have massive credit card, you know,
groups going around Europe, you know, hitting credit cards,
doing credit card counterfeiting.
I wrote a book about a credit card counterfeiter that was working with the Russian mob.
And I mean, he's like, they were ordering 50,000 credit cards at a time, or, you know, I'm sorry,
yeah, $50,000 worth of a credit cards at a time, a hundred thousand.
He's like, that's, that's unheard of.
He's like, your typical credit card buyer or counterfeit credit card buyer, he's like,
they're ordering 10, you know, 10 cards at a time at five bucks a card or $10 a car.
He's like, they're not making huge orders.
He was working with one guy that was literally, he said, just ordering massive amounts.
he ended up having, I think he got two, I don't think he had three, I think he had two or three, you know, the thermal printers that the, the Fargo, 2,500 or whatever it was. It's like a three or $5,000 printer and, you know, had the embossers and everything. And so he's massively making, sending out these cards. And sometimes they give them the information to put on the track. And, yeah, and it was all, it was all Russian and, uh,
You know, Russians that were doing it.
And they had, they worked with teams that would go throughout Europe and just hit stores and just buy up a ton of stuff.
And then there's these guys that work actually with the store owners sometimes.
Yeah.
Periodically, they'll come in and buy out a, you know, run up a bunch of, a bunch of transactions that didn't actually happen.
Yeah.
I remember one story.
It was a, I forget how.
They originally found this guy, but effectively, they found a bunch of photos of the person that they were after.
And this guy's like high profile, you know, scam artist or whatever.
They really needed to find him.
And so they got a digital forensics expert to analyze the photos.
And so there's basically a photos of him and his girlfriend and some other guy on a vacation together.
So they flew from wherever it was in Europe down to.
Sharmal Sheikh and Egypt hung out there for a while and then flew back, basically.
So there's like a two or three day vacation or something.
And so, but it was just basically photos of the of the trip, right?
You know, him and his girlfriend sitting there taking photos in their seats, you know, at the hotel, whatever.
But they didn't know where exactly it happened.
They didn't know when.
They didn't know how long ago, et cetera.
And they really needed to find all this information.
So they were able to track what kind of airline,
what kind of airplane it was, rather,
by virtue of the photos on the inside.
So they could tell it was this type of layout,
so it was probably a Boeing, whatever, whatever, right?
And they were able to tell what seats they were in
by virtue of the photos.
Then they figured out what hotel they stayed in
because there was a photo of a bunch of drinks
and you could see underneath a napkin.
They could see the embossing of the name at the hotel.
And then they had a picture of them at night,
and in the night sky, you could tell one of the planets or something.
So they knew exactly when that occurred, like exactly.
And then they found, there was another photo of them departing
and part of the coastlines.
They knew what direction they had taken.
So they knew the flight path.
which was a correlating all that together.
They knew exactly the inbound flight and the outbound flight.
It must have been one of these five flights inbound.
And it was definitely this flight outbound so that who was on both flights.
And they were able to figure out exactly what these were.
And then they tied it back to a,
to a credit card that was used to buy two things or three things,
the flight of the flights,
a camera,
which matched to the XF data inside the photos
and a rental car,
a rental car, I think it was.
But then with a rental car,
they were able to figure out where he went with a rental car
because it had the GPS stuff built into it or whatever.
And that's how they nailed him.
That's insane.
Did you see the documentary Don't Fuck with Cats?
Yes.
I was going to say that's very,
that scenario you just gave me very sense.
similar. Although, you know, those, they were pretty bad at that, actually. They, they ended
getting somebody killed. I mean, it was pretty bad. Um, but you mean, the people that were
following them? Yeah. I mean, the first half, I don't think, I don't feel like they
contributed to the murder. Uh, the, the, rewatch that, man. The first half of it is them
accidentally getting someone else killed. Uh, it was pretty bad. Um, I mean, I'd have to
rewatch it because I, I thought they were just kind of track, because he had killed the, the, the,
kittens and so they were kind of just trying to figure out who yeah they they they went after the
wrong person oh that's right initially they had named the wrong person yeah you have to be really
really carefully you really have to know what you're doing you can't just be some internet
that that person didn't did that that person get killed or kill himself i think they committed
suicide but you know that's come on i don't know man i i don't i think i'm not thinking myself out
no matter how much of a problem.
Yeah, you have to be really, really careful with stuff like this.
You really do.
I've been involved with cases where everyone just got very excited about somebody
rather than having good evidence on it and, you know,
busted down doors and it turns out they were totally innocent.
I'm like, why are you doing?
Just because you get excited, you really have to follow the real evidence.
It's one of the reasons I'd make a terrible witness because I could caveat my way out of anything, you know, like, what is the possibility you got this wrong? Well, you know, statistically is very high.
Like, well, how could you, how could you ever like tamper with this data? Well, incredibly easily, actually.
So I don't. That's not what they want to hear when they're not what anyone wants to hear. They want to hear definitive. I saw with my own eyes. Yeah. I'm on a 100% positive. It was him. Even though eyewitness testimony is almost all.
It's always inaccurate.
Yeah.
So I remember I was going to say I actually saw two guys break into a car one time right in front of me.
But right there, like they're 20 feet away.
Saw both of them clearly.
When the cops showed up, they were like, could you tell us, you know, could you pick them out of a lineup?
I was like, no.
You know, he was like, well, how tall were they?
I was like, tall.
They were like, well, how tall?
I'm like, look, I'm five foot six.
Everybody's tall.
I couldn't tell you if he was five nine or six foot one he was 20 feet away he was a black guy
I don't know and I looked at the cop I remember the cop next to him was black guy I go it could
have been him I don't know he's 20 feet away my adrenaline shot up I couldn't pick the guy
it's not that I don't want to help I called the police like I want to help you I'm the one
that jumped out of the car and screamed at the guys what are you doing you know and they took off
running because they saw me and they yelled at me and I you know instead of walking away
I was like, no, bro, what's so?
That's not your car.
And they immediately just took off.
So I was, I'm ready to help.
But I'm also not going to stand there and point people out that I'm not positive that.
I don't know who those two guys were there,
but two young black guys.
Like, I'm not, I don't know.
I would actually rather as, you know, even if they are absolutely guilty, I'd rather them get away with it,
then get someone who is totally innocent and put them in.
Right.
I mean, I agree.
They'll be not some other way, some other time.
And, you know, one of my old scammer buddies used to say, and I think it was very, very wise.
He's like, you can be really, really good at crime, but you could only do one crime at a time.
And mostly how people get caught is they're doing two crimes at the same time.
You know, so they'll be speeding and they'll have drugs in the car.
They won't get caught for the drugs.
They get caught because they're speeding.
And then the cops will pull them over.
Like it was like weed in your car, whatever.
You know, or they'll be like, the drugs are very related.
Often, they'll be extremely high first crime and then they'll go rob something.
Well, then they make mistakes because they're high and they, you know, kind of forget what we're doing.
And even if drugs aren't involved, it's, it's criminals get cocky that every time I got away with something, I became emboldened by it.
And I got cockier and cockier and got even, you know, you would think, oh, he just got, listen, I've been handcuffed taken to a police station.
the I got the head of Wachovia's fraud department screaming at the cops this guy's committing
a shotgunning scam he has withdrawn multiple he's got multiple mortgages on this property he's
withdrawing the money it's a it's a scam he was absolutely right I talked my way out of it
the police let me go told him that there was a mistake at the bank loan officer must have
made a mistake my explanation seemed okay it was reasonable he let me go
I took off.
You would think I would have said, hey, I got away with it.
Absolutely not.
Absolutely.
Within a month or so, I was committing even more egregious crimes because I had just gotten away.
Because in my mind, it was, I'm just that good.
They'll never, even when they got me in handcuffs, I talked my way out of it.
And I know many, many people that are running multi, they're making millions of dollars a year.
And they do something, this is actually my buddy's at.
actually is in the middle of committing a mortgage,
a huge, not a mortgage scam, sorry, a huge scam.
He's making hundreds of thousands of dollars.
He's got half a million dollars in the bank.
And he and his wife are on a little vacation,
and they check into a hotel for a week,
and they use a stolen credit card.
You have half a million dollars in the bank.
You can't pay $1,500 to rent a place for,
five days.
Are you kidding me?
Are you kidding me?
Well,
he was like,
why would I have a stolen credit card?
I don't know.
Maybe because if they were to go through the stuff in your room,
they'd see that you're running a massive scam.
Maybe that person gets notified and checks.
Maybe like,
why risk it?
Those are the,
you know,
you get cocky and you think you're above it and the rules don't apply.
You're just that smart and you just.
And you do two grams.
That's exactly like that.
Right. You just grew up.
Yep.
I mean, if you really want to be the best bank robber in the world or best jewel thief in the world or whatever, you could totally do it.
Like, you really can do it.
I mean, I wouldn't recommend banks these days, but jewel theft, totally.
100%.
You could totally do that.
You would just have to be the absolute best, like, ninja stealth dude in the world and really know your shit and know exactly all these security systems work.
And it would be a full-time job.
and no breaks, no vacations, this is what you focus on
and getting the next big jewel stuff done.
This guy in Austin, just a couple of days ago,
he got held down at a bar and he got his watch stolen.
It's like a $300,000 watch or something, a crazy, expensive watch.
And they took an Uber home.
It took a fucking Uber home, you know?
Like, you got to be, you got to, if you're really going to be good at crime,
you really have to know what you're.
doing and you have to be truly professional. I think that's the problem is everyone wants to think
it's easy path. It's actually the hardest path. You actually have to be perfect. Yeah. Yeah, you can,
I always say, you know, the police can make a mistake over or no, they only have to, you know,
be right once. Like, they always catch you once. You know, they could keep making mistakes.
Right. You know, you really can't make mistakes. And that, and that's difficult to do. Because
let's face it, if you were that diligent and intelligent and hardworking, then you'd probably just go
get a regular job. Yeah, exactly. And probably make great money doing it. Uh, if you're that,
if you're that dedicated, you know, you're your craft, right. Yeah, yeah, exactly. I mean, most,
my thing, most of the guys, it's, it's, it's the, as a result of just, you know, of drugs and
poverty and just they don't know what else to do or have anything else to do. And it's certain things
get taught that tax scam we were talking about. A lot of the guys that I was locked up with,
like, they were taught that. Like, they don't have the ability to do anything other than work at, like,
a grocery store bagging groceries like they just they don't have an education they dropped out of high school they were raised in horrible areas they have nobody really mentoring them and but they've got a cousin that makes a lot of money committing fraud and he teaches them the step by step here's what you do you get this you go to your friends and get their social security numbers you do this you do and kind of lays it out with them over the course of a week or so teaches them how to do it they figure out how to do it it works well for six months to 18
months and then they get caught and then they go to jail for five years and they get out and they learn
even more stuff in jail and then they or prison sorry they get out and it just keeps going and
going and going and now it's a it's a that's just a part of it's a part of their life going in and out
of prison committing fraud because for them it's extremely lucrative and they don't have they
don't have any other there's no other avenue other than to go get a low paying job and you know
stick it out like so yeah i feel bad for him but uh it's not the life it really isn't
oh no it's in the with all the cameras these days and all this internet telemetry and
everything you have phoning home all the time like oof i just that mean it's it's rough i would
really not recommend it or if you're in it and you're doing well now's the time to think about
your retirement it's not going to get better it's going to get much much harder for you
you very soon and too.
I've read a few articles on the original Silk Road, right?
And Ross, Russ Ulbert.
Albrecht.
I mean, I know he got like a two or three life sentences or something and 30 years
plus five life sentences or something along those lines.
I mean, and I know that, you know, I know the basics of it out, you know,
what he was doing, why he was doing, which I always thought was weird.
By the way, because I've met, you know, just based on my past, I've met a bunch of guys like this that are super, super bright that for some reason they don't, like they have like they're bright, they should be able to live a normal life, be successful.
They have a couple of failures, which it seems to me like, like Ross had had a few failures.
And then he kind of just went off the grid.
Like he, he just, like, things didn't fall into place for him.
He didn't want to struggle in some way.
And he suddenly decided, hey, I'm going to do something completely illegal and lucrative,
even though he worked very hard at it.
But I think the payoff came pretty quickly.
He was also kind of one of those dudes who, uh, he just, maybe anarchists, you know,
maybe kind of like I feel like he's he was bright like what I think it's it's typically it's
always some guy who's pretty sharp you know that that kind of leans toward that and it's like
they're rebels but he also had several failed businesses too wasn't it and yeah I don't remember
those details but but I do recall he ended up moving from Austin to San Francisco to I think kind of
go out in his own and I suspect at least half of it because I actually know one of his roommates
he probably just wanted to be more isolated because he's starting to get the business is rolling
and he's having to do more and it's kind of hard to hide that if you've got roommates. So I think
that was at least part of what happened there. Was it a girlfriend at the time? I don't know about
that, but he was living with a girl, but I don't think that they were romantically involved.
Okay.
Well, I mean, I know eventually he ended up getting arrested.
I forget, was it the FBI or?
Well, it was a maybe it was sort of a customs deal.
He was importing a number of, you know, drugs and, you know, all kinds of stuff.
But how he actually got caught was he tried to import a passport, a legal, a set of legal
passports.
He wanted to create new identities.
Right.
So they hosed as the people who were shipping the thing.
So they were basically a sting operation.
And he ordered it from his own site.
And then they just basically followed it to his address.
And when they busted him,
he actually had his laptop open and logged in to Silk Road.
He had a notebook open with the passwords with his diary effectively,
like saying everything he had done.
And I mean, it was a very clear-cut case.
It was definitely him, you know?
It's like, I think he just didn't think they were going to be able to get to him, right?
He was using a server that was located in Iceland or something.
Like he really felt like he was insulated and it eventually wasn't.
Yeah.
So you, we had talked about Silk Road 2.
And the only thing I know about Silk Road 2 was that.
I thought it was just kind of a
I mean obviously you can name
your site whatever you want was it was kind of a
copycat site
that had started
but that's all I know like that's all I could
find really on it was so
there was a bunch of
there was a bunch of Silk Road 2s
a bunch of different people tried to
start it up over again and I don't think it went
anywhere but
so how I get involved in this story
was about
two months after
got pulled into jail, I would say, approximately, I started getting a series of emails
from, you know, cartel members who wanted to start Silk Road 2. And I'm like, let's, let's do it.
And I'm like, I don't, why, why are you thinking I would do anything to do with this at all?
And they said, well, we know that you're the real guy who ran the original Silk Road. And
Russell O'Brick was just your patsy. And why do they think that?
Exactly. And I'm like, well, my answer was, I'm not. Right. I'm not where you think I am. I didn't do that. Like, yeah. They said, sure. Sure. You're not. That's exactly what you'd say if you were the guys. Right. Well, that, how do I get out of it then? Right. So I'm like, okay, well, why, why do you think that I am the real guy? And like, well, you probably met him when he was living in Austin because you live in Austin. I'm like, okay, well, that sort of makes sense.
But you wrote your second to last blog post.
I wrote about 1,000 blog posts on my old website.
And the second to last one was sort of like,
if there was a possibility of ever taking over my security research that was doing,
maybe you'd use, like, my handles arsenic.
So you use like Dren Pirate Arsenic or something.
And you could kind of continue the research forward with using my name,
except for I didn't really feel like that was a good idea,
because I think the research should stand on its own.
I don't think you should tie it to any person.
So I said, I actually didn't think that was a good idea.
But he's the Dredd Pirate Roberts on the hacker on the Silk Road.
I was talking about the Dread Pirate R Snake, Roberts, and I'm Robert.
So that naming thing, there was confusion there.
I wrote some code a while back called Slow Loris.
And Slow Loris was what's called a denial of service attack tool.
And basically it was used to take down.
websites. And it got a lot of publicity because it was used during the Iranian Green
Revolution to take down leadership websites. And the people who were doing the other types of
attacks before my tool came out were taking down the entire country and causing all kinds
of problems. So my tool was very specifically designed to be low bandwidth. So it didn't
affect the rest of the country. So protesters could talk outside the country. Anyway, it got a lot
of publicity. And so
Ross Oldbrich used
Lloris to take down websites of
competitors.
So I wrote it, he used it.
So that, okay, so there is, I was just
going to say, so there is a connection there because
that was a lot of research. If there was no
connection, I was like, that's a lot of research for
a couple of, for some cartel guys to put
together. Yeah. Oh, yeah. But, but
there is actually, at least there
is a connection. There, there is
a connection, although slight.
also Silk Road was a very well-designed system. It was very secure. And it took advantage of something called web application security. It did a lot of things correctly to stop certain types of attacks. And my website was the web application security lab. So it stands to reason that he and I somehow were talking to each other all the time. And I was getting him advice on he might have been the developer, but I was the guy, you know, puppet master behind it all.
So not, if I didn't know me and I didn't know the situation, I go, and if I had read this in like the New York Times or Washington Post or something, I'd be like, ugh, that sounds like he is the guy. Right. Right. And so I'm like, well, that, that's pretty good. It's not correct, but it's pretty good. What would you do with it? Like, let's say, let's say I said, no, and I don't want to help you out. What would you do with it? Like, well, we'd ruin your life. We'd spread this out everywhere that you could think of and we would make your life a living hell and you basically would
never get a job and you know we follow you everywhere kind of deal I'm like okay it sounds pretty bad
so well okay what would you like me to do and I'm like well we'd like you to come and take over
Silk Road 2 for us and I'm like okay what does that entail I'm like well we already have a server set up
so you don't know where it is so we don't have to you don't have to we're not really risking anything
by doing this so just go ahead and log into the server over here and start building and when it when
you're done, just kind of let us know, and we'll, you know, start driving traffic to it.
So, so, I mean, at this point, you've got to be thinking, you got to, you got to contact the FBI.
I mean, you can't go forward with it.
Well, so here's what ends up happening.
So I go ahead and get access to the box.
And it's on a tour hidden service.
So it's designed to stop guys like me from figuring out where it's located.
and but one thing I think that they didn't really understand is one of my one of the things I'm very
good at is decloaking things figuring out where things are really located figuring out who people
really are it's it's a you know you can have many areas of specialties in computer security
that it just happens to be one of mine and I am also security researchers so I find net new
exploits things that no one's ever seen before and so I found an exploit in tour hidden services
and decloaked it and figure out where it really was.
With that information, I then handed that off to people
who cared about such things, namely Interpol.
And so a couple months goes by, and I don't hear anything.
I'm like, I mean, I gave these people to you on a silver platter.
I know exactly who they aren't.
They don't act real best.
And so I called up the people who care about such things,
and I said, hey, what the hell?
Like, what's going on?
Are you going to do something about this or what?
And they're like, oh, yeah, sorry about that, Robert.
We probably should have gotten back in touch with you quite a while back.
But don't worry about that guy anymore.
That guy has a job for the rest of his life.
So apparently that is a common tactic when they basically deliver somebody up like that.
Effectively, they become a full-time employee of whatever government jurisdiction they belong to.
and so they now have an insider so
so they
I understand they grabbed the guy
and now basically working for them
he's a he's a CI now
but still in the organization
presumably yeah
well because thus far he hadn't really
he had explored the possibility
but he hadn't actually done anything
you didn't build the site you didn't
well he did try to blackmail me
and I am sure
he had done many other things that once they
started investigating them. They put a bunch of pieces together. So that was enough to get going.
And now he works for them. So, yeah, I didn't end up building Silk Road, too. But it was a,
it was an interesting foray into that side of the world. I wouldn't recommend it. But,
yeah i interviewed a guy uh by the name of cold colby colby cop yeah k o p p i think and he had actually
what did he he he actually started a a website you know uh uh which is common and he he had he started a website
and was he starting the web
did he start the website
I think he no no that's wrong
he was just a vendor he was a vendor on the website
that's right and he was selling
he was selling different
variety of different types of drugs
and he did this for
forever and at some point
you know
getting the drugs is obviously an issue
so it started with him getting drugs
through a
friend's father and who was like a connected to a biker gang well those guys got busted a few of them
and so but in the meantime he'd been connected with a supplier out of Mexico and they were you know
cartel and then he eventually ends up meeting the guys from the cartel and they're they're helping
him they're providing the drugs which he's then he's got a reshipper um that's that's doing all the
shipping for them. And I forget how long this went on for 18 months or two years. He eventually
gets busted and he's in prison right now. But I interviewed him just before he was sentenced
and went to prison. So he pled guilty, but he hadn't been sentenced yet. And so he did
the interview with me. And then I told him I would not release it until after he was sentenced.
So he was then sentenced and had like a couple months to turn himself in and contacted me. He's
like, okay, I was sentenced. I got, I forget what.
he got four or five years and he said go ahead and release it so i released it but he had a
fascinating story i think it's it's very it was very interesting and he was great at telling the
story but it was the same thing it was well he also had um it was it was much it was a very long
it was probably an hour and a half two hour story but it was great it was a really super
interesting story so the the the security community does have
a lot of these kinds of stories in them, you know, you almost can't avoid the criminal
element because half of what we're doing is protecting against the criminal elements.
So half of the actors in computer security are the other side, right?
And that can take the form of nation states or can take the form of criminal actors,
but it's, it is the other half.
So when you go to computer security conferences, for instance, I would say, you know, you
walk around and you're you're gonna run into spooks and you're gonna run into criminals like it's just
kind of the nature of the beast and it's very hard to tell which one is which they all kind of look
just like sort of nerds running around just having a good time and drinking too much um but like one
example i think would be worth talking about with your group here um was the story of paula ru
um and so like this guy just a normal computer dork you know building some software um this
software was designed to basically protect people's computers using something called plausible
deniability encryption.
So the idea is, let's say you get busted by the cops and you really, really don't want
to give up your super secret plans and stuff.
Let's say you've got the nuclear codes in them or something, like something terrible, right?
Well, there's several different ways that that can go down.
Depending on where you're located, sometimes they'll just beat you up a bunch.
Sometimes they'll just put you in a hole and just, you know, wait it out until you get tired of being in there.
Sometimes they'll threaten you.
You know, there's a bunch of different ways that that can happen.
But basically what it comes down to is typically they just need to know that you either do have it or don't have it.
If they think you don't have it, then their gumption to continue to punish you kind of goes down significantly.
In many cases, they'll just let you go, especially the United States.
So, but how do you get them to believe that you don't have anything if you've got this encrypted drive?
Well, with plausible deniability encryption, you basically have this software that when someone comes beating you up, you can give them a different password than the main password, and it'll decrypt and turn into something completely different.
So instead of the nuclear codes, it's, you know, your nude photos or something that you obviously would not want out.
And so it makes sense why you defend that password to the point of getting beat up and whatever.
and it's plausible that you would want to use this software for such a purpose.
And so therefore, it is very likely that you will allow them to continue to beat you up
for a prolonged period of time before you finally give it up.
So you basically just hold out as long as you possibly can, give them the fake password to the other thing,
and you can do multiple levels of this thing, right?
So there can be many different levels of plausible metabit encryption.
So maybe you start off with your tax form.
You're like, oh, I got it's my tax forms.
That's why I use it.
And like, uh-huh, uh-huh.
And then like, a month later, like, fine, here's my nude photos.
And then maybe a month later, it's like, okay, well, yeah, I cheated on my taxes last year or something.
And like, oh, that's why you're holding out so much or whatever.
So you never give up the primary thing you're really, really trying to protect whatever at the very bottom of these layers of these onions.
Anyway, this Paul Leroux guy developed this software.
And it was pretty clear by his employer that he had more like.
stole it from them and was making it himself and, like, selling it on the side.
So they, they wanted to come after him and, and get, you know, extract their pound of flesh for
for intellectual property theft. And so he fled. He just left the country and, and, and kind of
just appeared. No one knew what happened to the guy. So years and years and years and years go
and where'd they go? No one else. Well, at the time, at that time, no one knows. So years and
to go by, and there's this piece of software that's on the internet called TrueCrypt.
And all security people kind of know it exists.
Many of us use it.
I use it.
A bunch of people use it.
I know if you're in my world, you're probably using it or something very similar.
And someone at some point said, where did this software come from?
Who wrote this thing?
Why are we all using this thing?
No one even knows who the author is.
Like, shouldn't we be asking this question?
Like, we're all using this thing.
what is that vulnerability is in it you know is it written by spooks like we got to find that like
someone do an audit on this thing so it was sort of all hands on deck because we kind of all
realized how vulnerable we were by virtue of not knowing anything about the software so we all
do this research and it turns out there's a couple small issues with it nothing really crazy
just like uh like you'd have to be like a local user on it to attack another local user so it's
really not a particularly big deal um but at the same time we're all like okay but we can't
rely on not knowing who this person is.
So the industry created a new one called Veracrips.
It's basically a copycat of the old one.
And silently, TrueCrypt said,
don't use TrueCrypt anymore.
Use Veracrpt.
It's like, okay, well, I guess whoever wrote it
agrees that the new version is better,
and they weren't a bad actor in this context.
Around the same time,
some investigative journalists are digging into this case
and trying to figure out, like,
what is going on with this software?
Like, it's so weird.
Well, they track it back to this guy named Paul Aruh, who they think is the guy.
Now, Paul is a very interesting character.
So grew up at, this is the guy who disappeared, right?
And so we know that this is, this guy has built similar software that does a similar thing.
And they start tying it to a bunch of murders of real estate agents in different countries, like the Philippines.
And it was kind of like unclear why anyone want to murder these,
these random Filipino, like, you know, real estate agents, these women.
Like, why, why is this happening?
Well, they track it back to these two guys who were hit men and who had fled the country
immediately afterwards.
They had spent multiple days with her, like, like going around, like checking out places
until they, I think they knew enough about her before they killed her.
The second one, Catherine.
Maybe they just got to know her.
Yeah, I don't know, but they definitely had it out.
You've known enough real estate agents.
So they basically tie it to another murder that's almost identical.
And they realize this is a serial thing.
They kind of figure out that the second murder, I think her name is Catherine Lee,
she was killed because there was another deal.
that happened with some of the some of that she introduced to Paula Rue's team who was supposed
to embezzle a bunch of money buy a piece of property for like 50 million euro or something um i forget
if that number's correct but whatever some very large sum of money the deal fell through that guy
fled the country with the money and so they're like they have to kill somebody uh to you know send a message
that isn't never going to happen again and so they killed her and so a similar kind of thing happened
with a previous real estate agent where she had done something hinky and they had to kill her as a
result. So this had been a group of real estate agents across these different island nations
or whatever. So then they start tracking it back to the hitman and who are these hitmen and
then where did they get their orders from and they kind of backtrack it to this army ranger,
as former army ranger that had had a lot of PTSD and sort of had joined up with this guy,
this dude
at Paula Root
and so
they realize
that this guy's been
like a hitman
for him for years
and so he does
contract killing
for him
and then they start
really investigating
this guy
they flip him
and they start
going after Paul
like through this guy
and it turns out
he's like
one of the biggest
arms dealer
and drug dealer
in the world
like he supplied
the Somalis
with a bunch of
guns and ammunition
he supplied Iran.
He had his own fishing boats
where he would like supply missions
to different regions,
a bunch of different arms deals
around the country,
around the world, rather.
Really fascinating story.
And he's just a computer guy.
You know what I mean?
So I think when you're thinking
about computer security,
you kind of have to kind of blur your eyes a little bit.
It's like, yes, computer security, yes,
but blur it to think about morality.
Like morality can flip
very easily depending on
circumstances in people's disposition
and the economic situation
and so on, which is why you see a lot more
of that kind of crime
in drug-related situations
where people are like hard up for cash
or in less economic friendly zones,
Middle Eastern
and Eastern European-type countries.
Yeah, I was going to say, you know,
it's so hands-off now
or it can be hands off now where, you know, dealing drugs or a lot of things, you know, just based on, as a result of the, the internet, it's, it's everything's like so remote.
Now you can be in the safety of another country.
Well, it seems, I was going to say, it seems like you can be in the safety.
But the truth is is all these guys are, oh, well, I use, you know, VPN or I use this or they don't know this.
They'll never figure this out.
And then they always end up grab, not always, but they end up tracking these guys down.
But it's not like they hacked into the computer system.
It's typically because they start following their email address or they use the same nickname and they start tracking all these different places and websites where this name has shown up and they read enough about it.
And they build a little dossier and before you know it, they're like, this guy lives in, you know, whatever, Dallas, Texas.
He's got to live in this area.
he you know we believe he goes to this barber you know what I'm saying you're like how did you figure this out it's like okay well there were these little you know bread crumbs left all over the internet that he never thought anybody would piece together and then next thing you know you they figure it out and there's there's there's your front door and you're like I don't understand I was I was using you know there was a the the server was in another country I used a different you know whatever you know different ads you know
a different this, a different this.
Yeah, but there's these little things that put it all together is really detective work.
I mean, super interesting detective work that typically gets these guys that feel like they're so safe.
Yeah, that is exactly how I broke one of the largest, I don't know how to use these words without using these words, but C-SAM group in the world, child pornographers.
I will try to say the story without actually using those words.
I don't want you to get demonetized.
Right.
That's fine.
You know, it's, you're good.
You want to just say, let's go with what, S-O's?
Sure.
Is that good, no?
Yeah, whatever.
So, effectively, there was this group that called themselves P, you know, that word,
you for university and it was sort of a dual entendre kind of met like there are young kids
that we're going to be doing bad things to but also we will teach you how to do it so it was a
pretty big organization like maybe a hundred or more different people in it and so we were
trying to track them that I had an anti that P word group it was called the HAPA
ethical hackers against that P word.
And so what we found,
we were basically monitoring the group forever.
And everything was encrypted,
so you can't really see anything,
or very rarely you could see anything.
Every once in a while something that sneak through.
But one of the guys, one of the main guys
who ran the whole thing,
there's a sort of initiation process
where they have to teach you how to use the tools.
So people come in and they're just like,
I don't know what hell I'm doing.
And so they kind of have to say,
okay, if you want to do this,
you're going to have to learn how to do this,
and you've got to start doing what you're doing over here
because we can tell who you are, blah, blah, blah, blah, blah,
and then you evolve into this thing
where you are much more difficult to track.
And so this one guy,
part of that is using proxies and hack machines
and that kind of stuff, so you're not coming from your own IP address.
So this one guy joins and he's new,
and so he's talking an unencrypted chat at this point,
which is pretty typical.
And one of the heads of the thing
posts and he's like whoa dude it's so weird you're like uh you probably like live on my street
hell you're probably my next door neighbor that's so weird or something like that and like wow
what is he talking about because he didn't say anything related to where he lived or whatever and
i'm just like what is going on i don't i don't understand how he would know that from looking at
this message and i was just you know bugging me for days i was thinking about it and then
i started looking at the mail headers like maybe there's something in the mail headers i missed
and I realized, oh, wait, that guy isn't using a proxy yet.
He's not using a hack machine yet.
And so at this point, he hasn't committed any crimes,
or at least not that I've seen,
but his IP address is a real IP address of a real person
that he hasn't been encrypted or hasn't, you know,
protected.
Or even if it has, it doesn't matter
because the other guy's looking at that IP address
and realizes it's probably almost identical to his IP address.
Maybe it's one number off or something.
Now you know the area that that now you know exactly where he is.
So all I need to do now is look for, you know, anybody who's connected to anything on that, you know, block or whatever, which is very easy to get a subpoena for and that's how we broke the case.
And then so we busted like over 30 dudes, like as you imagine, doctors and lawyers and all kinds of stuff.
They probably ended up in Coleman with me.
But you'd be, you would be shocked how many school teachers, principals, guys that work.
worked at NASA, that you would meet and you're just like, you know, wow.
How do you end up in here?
Right, right.
They always have a different reason that they're always, they always pick fraud.
They're always like, oh, I'm here for fraud.
It's like, come on, but don't, don't take my crime.
You know, because it always breaks down so quickly because once you say, well, what did you do?
They could never really quite tell you.
They could, you know, oh, I was, I was, I was, uh, it was credit.
Credit card fraud. They charge you with credit card fraud? Yeah. There is no crime. There's no credit card fraud crime. You know. And then they try and tell you, well, what they were doing with the fraud or the credit cards. And it never makes sense. Like it's like, stop it. You know, this is, you're clearly not here. They know they can't pull off drugs. You know, because they're not even going to come close to drugs. Right. Yeah. But.
Well, probably good one. I mean, there's lots of white color fraud out there. It's just amazing. These sites that are.
Like, there were guys that were paying four or $500 a month to be a part of a site, you know, to look at, you know, underage kids.
And it was like, like, that's a car payment.
Yeah, right.
You know, it's, it's like this is, there's a real issue here.
It's also, by the way, one of those things from the other side from actually trying to stop it.
It's one of those things you can not unsee.
Like, once you've, you know, I will, I will, I will, I will, I will, I will spare.
your listeners some of the more Macquarie details but you know but you're watching people like
pay-per-view rape type stuff you know right like you get to tell them what to do and you know it's it's
pretty unbelievable and these are not kids like you're thinking like maybe you know 12 years old 10
old something like that these some of them are not even walking yet you know what yeah and so it's
pretty pretty fucking horrifying but um yeah i mean they'll spend whatever uh they'll spend whatever uh
They'll spend whatever to do it.
And they'll put themselves in massive harm's way.
And there was another case I was involved with, this is years later, I had to take a, I had to distance myself from that organization.
It was just too much mental stuff on me personally.
Like it was, yeah, the amount of depression I experienced seeing this stuff is kind of off the charts.
But so a couple of years passed and I got a call from, or actually an email rather from, actually it was.
even weirder than that. It was a text message to a form that was logging a bunch of information
on this old hacking website that I had set up years and years earlier. And I thought it was gone.
I thought it didn't exist anymore, but it still worked. And so I got a text message and an associated
metadata about this person who basically said, hey, Robert, we need to be in touch with you. And it's
like, I, you know, we're from the FBI or Homeland Security. And I'm like, yeah, I'm right.
no way
full of shit
but sure enough
it really was
and so I was working at eBay at the time
and I'm like well
I don't have time to meet with you
or like no we need to meet sorry
like it's going to happen
like today kind of deal
I'm like well I'm at work
well we'll come to your work
I'm like well fuck so they
they show up at
eBay offices
and and eBay offices
for those of you are not familiar
with like big corporate environments
you know there's a there's a reception
There's 10,000 people walking around, like going different places and like, you know, coming in and coming out and and here's the FBI just like walking straight through the front door and I'm like, I'm like, I'm going to get you guys into a conference room right away. Like people are going to start asking questions. I mean, I worked in security.
You're saying your security. It's not like. Yeah, but on the product side of security, not on the investigative side. And so you say, I'm a big shot. That the FBI needs my help. Yeah. Yeah. At that time, I was new enough that they, I couldn't pull that off.
Like, you don't know anybody.
There's no reason for you to be talking about the eye.
At least not then.
Later on, yes.
But, um, so anyway, they come into my office, uh, in this conference room.
And, uh, they're like, they're like, we believe there this, there's this guy who may know he possibly.
And I'm like, okay, well, why, why do you think that?
Like, well, because we arrested him for this stuff.
And I'm like, okay, what does that have to do with me?
He's like, well, he claims that you told him to put malicious soft.
where inside images, something called the GDI Plus exploit.
And I'm like, okay, I definitely didn't do that.
That exploit had just came out, by the way.
I'm like, definitely didn't do that.
And he's like, well, he claims you did.
And so we're just curious if you, if this rings any bell.
I'm like, well, no, can you give me his name and his handle?
I'll go look at all my email because he never know.
I've talked to thousands of people.
So it's right.
So I'm like, give me a day or so to just go through all my old email and see if I can
find anything old chat messages or anything I can think of that might have the name in it and sure
enough nothing there was never anything about this guy so I call him again I'm like okay well let's meet up
again so they come back to the office shuffle them back to the same conference room I'm like okay
so I found out two interesting things first of all no I don't know the guy or at least not under
these two names maybe he's got a different alias or something but not anything you gave me but secondly
that GDI plus exploit when did you say you arrested him and they're like we arrested them two months ago
I'm like, well, that's funny because that exploit came out one month ago.
So he has been doing a ton of research trying to find his alibi, and he realized that, oh, there's this thing about exploits and images because it was just coming out 10, 15 years back.
And so he leveraged that to try to convince them that that was a plausible defense that I had told him.
And he didn't think anyone's going to get touch with me because I'm a hacker and there's no way.
and I was actually pretty stealthy back then.
And so I'm like, yeah, I'm happy to go to court and say this is impossible.
So either he came up with the exploit or someone that he knows came up for the exploit.
And I guarantee you they're going to, like, I can get in touch with those guys.
They're going to say that they didn't ever heard this guy either.
You know, they're not going to release it to some random guy.
And so they went off and I don't know, maybe a month or so goes by.
And I'm like, I call him up.
I'm like, what's going on?
And you never got in touch with me and like, oh, oh.
Another one of those.
We should have probably gotten to you about this.
Yeah.
So the second we told him that you were willing to testify against him, he flipped.
And immediately he's going to go after all of his friends.
And so the way I, what I understand, because he was, he was obviously trading CP.
Yep.
Right.
And then when they caught him, he was trying to say, no, no, I was working with someone.
And we were trying to bust the bad guys.
And we were, he, we were talking about him putting this in the images to help destroy them or track them or so I'm not involved in this.
I was trying to bust the organization and then they talked to you and you were like, that's that what happened.
Okay.
But, okay.
Exactly.
Yeah, I'm sure that there's a, yeah, I'm sure that the immediately trying to wiggle your way out of that.
Right.
I mean, anything you can think of at that.
point, but, I mean, it was a pretty plausible defense, not that it would have saved him,
which is the other kind of stupid thing about that defense, but at least, at least he could have
made it seem like he was not getting off on it. You know what I mean? There's a very
difference. You know what I mean? Yeah. Shoot, I was going to say these, uh, I knew a guy who'd
set up a server, um, and they were, they were trading images. And he was
charging for it. And it was supposed to be completely, you know, anonymous. And when they eventually
do, they track down the server. They catch the server. He had it in like a rented office in
someone else's name. All these things precautions he had taken. Well, they eventually track it back.
They still end up getting him. Yeah. And they grab him and everything. And his whole thing was like,
no, no, I was setting it up. But I didn't realize they were going to be using it for this reason.
And, you know, it's, it was too late.
He ended up getting like 15 years because, of course, what people don't realize is that, you know, one, it's like possession.
Like, you just have possession of it.
Like, you don't, you don't even have to, you know, it was, like, there's no defense at that point because the charge is, did you have possession of it?
Yes, I did.
You know, I didn't make it.
I didn't this, but I did have it on my computer.
You're done.
Like, I think the mandatory minimum.
like three or four years.
Yeah.
And then, of course, the images, all the different images, you get, can you get charged
with every single image.
Yep.
So.
And they're getting easier and easier to find because there's, uh, companies like Apple
out there if you use iMessage for instance, or sorry, ICloud rather, uh, all of your
images are uploaded in their servers and they're doing hashes on those things.
And so they have hashashes of, you know, hundreds of thousands, millions of images or
whatever that have been collected and, uh, cataloged.
So they don't have to store the original image.
But if they see that image crossing the wire,
they immediately let law enforcement know.
Facebook is doing something very similar.
They're actually the largest producer of reports on Earth.
And you wouldn't really think it's like Facebook, like why.
But they also own Instagram and a bunch of other properties.
And they do this something very similar.
They just look at these hashes.
So unless you're very,
very, very, very good at protecting yourself. You're pretty likely to get caught these days.
It's getting. And now, when we did our bust at EHAP, we had the largest bust in history that I'm
aware of, the first one I'd ever heard of at the time. But now, innocent images, they'll bust like
100 people at a time, and not 101 or 99, exactly 100 every single time. And I think there's a reason
for that. They need to make sure
that if you didn't
get busted, you could have been
100 once. You know, you could have been the next
one on the list. They just, you know,
they're just going down the list of the most
easy at first. That doesn't mean you're not
going to get busted next year when they go and they
start going the next hundred batch of 100.
They're busting 100 people
at a time now. And
yeah, I would
not, it's
there was a time when I think
you probably could have gotten away with that.
fairly easily and i think that time is quickly diminishing well listen i i i'm sure you have
other things to do a few so i i appreciate you giving me this much time i i really do like i
really enjoyed talking to you um thank you very much and uh um you have a book right
yeah i'm uh early stages of uh getting it through the editing process oh that's right we talked
that's right yeah yeah it'll be called AI's best friend and uh it's a pretty pretty crazy read
if you're into the idea of artificial channel general intelligence as opposed to artificial
intelligence the part where it becomes sentient or you know close enough to sentient we can't
tell the difference and uh therein lies some dragons my friend it is as a gnarly bit of business
when you start talking about hallucinations and something that's smarter than you are well when you
I mean, when it is actually going to come out,
we should do another episode.
Yeah, I love that.
I've got the book and hit you it.
Yeah, great.
Hey, I appreciate you guys watching.
If you like the interview,
do me a favor, hit the subscribe button,
hit the bell so you get notified of videos just like this.
Leave me a comment in the comment section.
Also, in the description box,
I have left Robert's YouTube channel.
And it is, I think it's the Arsnake Show.
and the link is in the description.
I really appreciate it.
Also, do me a favor.
You know, if you can swing it,
I would appreciate it if you would consider joining my Patreon
or possibly buying one of my true crime books.
Once again, I really appreciate you guys watching the show.
See ya.