Matthew Cox | Inside True Crime Podcast - North Korea’s Billion Dollar Scam on the U.S. Exposed
Episode Date: May 21, 2025An inside look into cyber scams and the lazarus groupKarim's Links https://www.linkedin.com/in/karimhijazihttps://www.youtube.com/@TheIntrovertedIconoclast Follow me on all socials!Instagram: h...ttps://www.instagram.com/insidetruecrime/TikTok: https://www.tiktok.com/@mattcoxinsidetruecrimeDo you want to be a guest? Fill out the form https://forms.gle/5H7FnhvMHKtUnq7k7Send me an email here: insidetruecrime@gmail.comDo you want a custom "con man" painting to shown up at your doorstep every month? Subscribe to my Patreon: https: //www.patreon.com/insidetruecrimeDo you want a custom painting done by me? Check out my Etsy Store: https://www.etsy.com/shop/coxpopartListen to my True Crime Podcasts anywhere: https://anchor.fm/mattcox Check out my true crime books! Shark in the Housing Pool: https://www.amazon.com/dp/B0851KBYCFBent: https://www.amazon.com/dp/B0BV4GC7TMIt's Insanity: https://www.amazon.com/dp/B08KFYXKK8Devil Exposed: https://www.amazon.com/dp/B08TH1WT5GDevil Exposed (The Abridgment): https://www.amazon.com/dp/1070682438The Program: https://www.amazon.com/dp/B0858W4G3KBailout: https://www.barnesandnoble.com/w/bailout-matthew-cox/1142275402Dude, Where's My Hand-Grenade?: https://www.amazon.com/dp/B0BXNFHBDF/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1678623676&sr=1-1Checkout my disturbingly twisted satiric novel!Stranger Danger: https://www.amazon.com/dp/B0BSWQP3WXIf you would like to support me directly, I accept donations here:Paypal: https://www.paypal.me/MattCox69Cashapp: $coxcon69
Transcript
Discussion (0)
The major players are looking at your house through Google Maps.
They're looking at what neighborhood you in.
They see what route you take to your job based on your cell phone connectivity to towers
because they can profile you for knowing exactly how much money you're worth
probably paying based on whatever scam might be appropriate.
I have a pretty unorthodox path started many years ago, mid-90s.
I was actually doing what
is, I guess, a watered-down version of what I was doing is called Competitive Intelligence,
otherwise known as corporate spy work or corporate espionage work, but I was doing it overseas.
And I was doing it well before there were any real laws wrapped around that kind of thing.
So my job really was if a large entity, whether it was a company or government,
needed information about a competitive environment, I would be the guy they would call with my team
to go get that.
So I lived a very similar life in a lot of ways to people that you probably interviewed quite a bit,
but I did it as a very high-end consultative practice for those companies.
And I got, I was very successful at it, decided to branch out and build a U.S. operation for it in the early 2000s.
And funny story is I brought my consultancy to the U.S.
I got my stationary created.
I got my business cards done.
I got the website going and I was ready to go and then 9-11 happened and I was like damn it
everyone did it was like wow that's a shock this is going to be bad and the economy took a head
and basically companies kind of clamped up on buying what they would consider more luxury like
capabilities and services which I never considered a luxury but unfortunately they were too
busy trying to do their day-to-day business rather than hire a spook like me to go figure out what was
going on with their competitors.
And so over a sushi lunch one day, a friend of mine who was in the end of cybersecurity industry
said, look, he goes, dude, who better in the world to call and ask how a guy like you would
hack into them than you?
So why don't you just offer counterintel capabilities?
I was like, that's actually not a bad idea.
So almost over the next like two and two and a half three weeks, I sort of pivoted my whole
firm from being a competitive intelligence company to being a counterintelligence company.
And so this is the early 2000s.
Cyber or what was called Infosec was just kind of burgeoning.
It was still an early nascent thing.
If you ask someone about information security or whatever, people would probably talk
about antiviruses at best, McAfee or Norton or Mantec, I think would probably be it.
Or firewalls, maybe that would be a word that people would know.
But that was about it.
And so little by little, I gained a pretty interesting.
customer base of organizations and mainly organizations at the time that wanted to make sure
their systems were up to snuff and able to be secured against threat actors.
And that carried on for about 15 years.
In that set of years, I built companies that actually built security and intelligence-based
products and sold those companies off, which made me even more money because you're selling
a whole organization that has an intellectual property.
And I still do that today.
So I still build companies that build security or cybersecurity like products or
intelligence-based products.
But I've gone back to my roots now and I actually do provide counterintelligence
consulting, but more to family offices and ultra high net worth individuals, groups that
have a lot to lose and that don't really understand what vectors of attack they may be subject
to or what kind of individuals or groups they might be interesting,
find them interesting to attack.
So I have a really interesting job where I have to think like the bad guys
and advise my client and customers on what they're likely in for.
So it's kind of a dream job.
You know, I should get into that too, right?
Like, didn't we mention that?
Like, yeah, you should.
But I don't know the, but I don't know the cyber part of it enough.
Well, Natalie, it doesn't, it, the cyber,
just a speed issue. It's not the actual tactic. So what you did, you're an innovator. I'm not sure
to praise the prime part of your job or whatever. I'm praising the skill. We're able to manifest
and the way you think is actually an asset. And, you know, if I get into that. I was going to say,
even if I was going to say, even now, like I mean, and I don't really have any knowledge on how
things work. But I mean, I get stuff all the time from, you know, let's say, you know, capital one
bank and I and I or capital one credit card like I have a couple capital one credit cards so I
get them you know they send it to me and I am I never click on it you know I never click on it I
think well I'll go to the app that's on my phone you know what I'm saying or I'll like I'm not
going to click on this thing because I don't know who this is I don't know it looks all right
or anything that I question I always go to the you know I always end up going to the you know
who sent it to me was it capital one was it the bank was it this
was it, you know, and then suddenly it's a bunch of numbers and letters.
It's like, okay, this is just some generated thing.
And it's like, you know, and I always tend to get, I just, I tend to have a great spidey sense.
You know, I'm super big on intuition.
I mean, I'm a big believer intuition.
So you're right on.
And well, this is what's interesting.
Those threat actors and the sophisticated ones, everything from, you know, the nation state
groups like before we got on the call, we talked about Lazarus, you know, from North
Korea, they thrive on duping people that are less discerning than you into doing things.
And they're looking to harvest everything from financial means, getting people to pay up in
crypto and all kinds of stuff and everything else. So I'd be curious about something. Did you get
taught that or did you naturally feel like you need to be more discerning and skeptical of what
you're getting? Was that just in you naturally to do that? I mean, obviously, from
just just growing up i think i've always been someone who's who's kind of thought how does that
work how would if i didn't want to do it that way how could i do it this like i've always been
very you know i was been very i'm going to say smart i was think of it as just being clever
you know i've always been super clever um and yeah i'm very i have a degree my degree's in fine arts
you know so like i don't have a normal degree and it always
And I remember my teachers were always explaining that, look, you know, if an artist designed this, then an artist can figure out how to replicate it or how to improve on or how to do something along those lines.
But I definitely think going to prison and meeting all of the various different types of criminals and hearing all the different types of scams.
And that definitely spiked my intuition at the very least because you very quickly.
question everything when someone approaches you. And I'm always very polite. I was raised by a strict
Catholic woman who was, you know, my mom was very, no matter what, you'd be polite. It doesn't matter.
You tell someone, you know, no matter how you do it, you do it politely. And so I've always been
very polite. But I can be very, very polite to you while internally thinking something's not right.
That doesn't sound right. You would never know I'm questioning you. But yeah, I'm not, I don't jump into
anything right away. And my dad had, there was just tons of things that he would mention to me.
Just, you know, he worked for State Farm insurance for, gosh, for like 50 years. I mean, he worked until
he was 70 something. Was it 50 or 40? Probably 40 years. Yeah, 40, 45 years. But he was very big on
on questioning people, asking questions about things, making phone calls. He was like,
nobody's ever going to not hire you because you called back two days later.
And they said, oh, okay, we'll let you know.
We'll give you a call within the week and calling back two days later.
It's like, they're not going to say, oh, you've called me twice.
And I told you, I'd call you back.
I'm not going to hire you.
He's like, that's not going to happen.
You know?
So, but yeah, there's lots of things along those lines.
But one of the things when you were talking about kind of like the, I don't know, I thought,
I thought of corporate espionage.
I remember I read a book called, and it was a novel.
It was called Paranoia.
I don't know if you ever read.
It was great.
It was about one company planting someone inside of another company to get into a,
and the guy worked there for six months or a year and became like a, he slowly got up to become a,
I don't know, some kind of vice president or something, but it was a, it was a great book.
And it was all.
to try and get, you know, corporate information.
And that's the evolution for me, because the, it started with getting information on a
personal level, person to person.
So social engineering and using those methods and tactics and collecting a little bit
information and then feeding it to another person that now is armed with that information
and then go meet that person in a, in a what would seem like a serendipitous way to then get
more information because now you've got some commonality.
and it was this sort of process to use a whole team to get this detail.
And usually it did include everything from people that might look like colleagues in the gym
that were just jogging in the treadmill next to you to beautiful women sitting at a bar
that probably shouldn't be the right.
You know, you'd have to like find the right type of woman that might be appropriate fit for that guy
because if it's a supermodel and he's not exactly the kind of guy to pull some woman like that,
it would never work.
But you get someone that is on par with that person,
then you've got armed her with information about some sort of trade show that,
you know, he went to and she'd be like,
oh, where she was at so-and-so trade show, you know, two years ago?
I think we ran into each other.
And of course he's going to say yes.
And so it was really interesting the way we would do that.
The evolution of that for me was it just simply went from a human or,
to use a government terminology,
human intelligence gather across to a cyber,
to signals intelligence ability to do it.
So that's kind of where I landed.
All these years later, it's sort of the same thing, just done electronically.
Do you know who Andrew Bustamante is?
God, that name sounds so familiar.
So he's a former, he is a former, he is a former,
CIA I want to say spy you know he said former CIA spy and I interviewed him the other day and he has he's one of the things he does is he meets with he does of course he does security he did do security but he also does and keep in mind he was he went under for you know three months six months nine months 18 months you know ended and he's got he does a podcast
called Everyday Spy,
but he also does talks and he does workshops.
And they're all kind of based on like things that spies do every day.
Like how do you become an everyday spy?
Like it seems hokey,
but it actually is he's he's an interesting,
interesting guy.
He was on Lex Friedman.
He was on like he's he's huge, right?
He's a super interesting guy.
But definitely somebody that maybe I was going to say,
if you're talking about high net individuals,
they would get a kick out of him.
Like he's very articulate,
obviously smart,
really interesting guy.
But I was going to say,
you know who Victor Lusting is?
No,
I don't think so.
He's a scam artist.
He's like,
he is the guy that I'm sure you've heard this.
He sold the Eiffel Tower for scrap twice.
That's awesome.
And he had,
he had a set of rules that he,
that he lived but like how to it was like how do you con someone right and one of the ways a lot of
people don't realize this is that initially what he did was he he rode or sailed cruise lines
interesting this is back prior to prior to world war one which is in the early teens uh 19 in
the teens so he and he did this for years back and forth back and forth and you know one of
things they asked, you know, he was asked later on in life was like, how did you, and he would
scam people out of money. He had a very, he had a very common story that he told people, and they
always wanted to invest. And by the time he got off the boat, he had multiple people that wanted
to invest in his place. He was in, you know, there weren't movies. So he was in production to make
plays. He had very successful plays. He's on this cruise that's super expensive to be on. He meets
he's now stuck with these high net individuals like you said and he tells him he's in a in a world
that they think is very sexy they've all been the plays they can all they're all doing the
calculations on how much money these things make and so he he would on the cruise he would go to
europe and back europe and every time he would get two three people it got so bad he had to keep
switching cruise lines because they were allowed to look for him but once again you don't have a
photo of him. This is back in, like I said, the early
teens.
And one of his, he had
a very basic set of rules.
And they were like,
you, you, if you,
if you should look him up, they're
great. There, it's basic, and they're so simple.
It's like,
don't,
um, like, don't talk.
First of it, don't talk a lot.
Yeah.
Uh, introduce a subject like, um,
religion.
Whatever you're,
whatever your mark says their religion is you be that religion you know if you like no matter what
they said you you never be disagreeable you always agree you always wait for them to to hint at
their political beliefs and you agree and you support those political beliefs right you
I mean he had a whole series of little and there was nothing there were nothing but it was
just being really being agreeable
We know you probably hit play to escape your business banking, not think about it.
But what if we told you there was a way to skip over the pressures of banking?
By matching with the TD Small Business Account Manager,
you can get the proactive business banking advice and support your business needs.
Ready to press play?
Get up to $2,700 when you open select Small Business Banking products.
Yep, that's $2,700 to turn up your business.
Visit TD.com slash Small Business Match to learn more.
conditions apply yeah well it's identification people all of a sudden feel like you're in you're you're you're in
you know birds of a feather flock together as they say right right and and if you have the means to
sort of predict what they want to hear based on what they've said you win i couldn't agree more that's
brilliant no i mean that's really cool especially from the era that he's coming from because and you know
what's so funny is that you know we we get wrapped up in the cyber thing that it's super technical right you know
people you know yeah yeah it is but but there it's back to common sense it's back to common
sense it's that you don't want to create this elaborate text message if you're trying to scan
someone through your through a cell phone right and get people you know like oh well that's not real
you know this is why things like the AI stuff scary because it's starting to make it simple again
it's starting to reduce it down something that sounds cute natural language like and yeah back to
common sense 100% yeah it's crazy i had washed a few videos with the uh um the Lazarus group and
and i guess that that you know the amount of the bitcoin that they'd stolen and they couldn't
quite track them you know well they can track the bitcoin but they you know because they can only
get laundered through these exchanges you know they ended up recovering something like
forget what it was 260 million or something out of 300 million or uh and
And it was like, wow, they got that that money back.
Well, they still ended up with like $40 something or close to $40 million.
And I was like, that's a nice lick.
So I was thinking, I mean, if your fallback position is $40 million, wow.
Not that those guys saw any of that.
I mean, it's all, you know, from my understanding, well, it's all state, you know,
sponsored.
Well, that's interesting.
And we'll get into this.
If you're interested, I just had this conversation five minutes before I jumped on
the show with you that people still bifurcate nation state with threat actors that are
independent or criminals or whatever, cyber criminals.
And they're actually very overlapping.
So a lot of nation state skilled actors like out of Russia or whatever or China or North
Korea, excuse me, they're working, their night, they're moonlighting as cybercriminals doing
this kind of stuff. Because they have the skills. Right. Well, I mean, they've got resources.
I can see that in China. I definitely see it in Russia. But I mean, in North Korea, I mean,
those, it, you know, you're not accessing the, it must be very difficult to access the internet,
if that's possible at all. So, I mean, these are guys that are, that, you know, it's, it's been proven that they're
working for the
North Koreans just to generate
money for the regime
right so
which to me
you know I well you know
it's funny too because unfortunately the whole time
I'm watching the program on
the Lazarus group and so
like well can you
basically give like a minute
or two explanation of what
happened
with that
well so there's just
the one thing I'm
Just to be clear, the specific ins that you're talking about is one of many.
So this group's still active.
So there's no shutting down of them, so to speak.
Oh, yeah, it's billions.
You're talking about billions.
Huge.
Huge.
And what's interesting is that, and just for context, you know, and I don't know how you want to kind of drive toward getting into this conversation.
We're kind of in it already, which is interesting.
The size of these, these points.
holes, as you put it, or licks as a good word for it, are massive. I mean, they absolutely
dwarf anything else that's kind of physically done where you're going into one location.
It's just unbelievable. What's really interesting and where I'm hoping we'll land in the
conversations around the ransomware operators that dwarf the Lazarus stuff too. But by the way,
just Lazarus for context to your viewership, this is a North Korean sponsored, we'll call it group,
at least the best of our abilities from an attribution standpoint. Attribution is really hard when it
comes to the internet stuff. You don't always know who's really behind it. A lot of what you do
technically is look for similarities in how some of the codes written, maybe the tactics they're
using to deploy what we'll call implants, right, which is malware. That usually is a pretty good
giveaway on who's doing it. There's a wrench in the system now, Matthew, which is that now with
things like the AI tools that we have, like chat GPT and all that, you can make your code look
like it was written by someone else entirely, and it'll send law enforcement on a
completely different scent than who you are. So this attribution of the process has gotten to
be very difficult. It's always been hard. It's even harder now. I guess it was the best way
to put it. But you're right. Back to what we talked about a little bit earlier, there was a very
big crypto scamming aspect to their operation, but that was sort of the smallest part of what
they're really up to, which is information stealing, other types of financial theft.
This was a good smokescreen in a lot of ways for everything else that they're up to.
And they're all learning from each other, too, as we get into the conversation.
There's massive syndicates of these guys, and they have different sort of roles,
responsibilities.
Some are access brokers.
They just simply get you access to what you want.
Then they affiliateize the access to others to get in that are a little more cavalier.
Sometimes they'll broker access to people that are bulls in a China shop and make a mess of things
so that it'll send everyone off on a wild goose chase to chase.
the affiliate they got in, but not the actual access broker.
So I'm getting into the weeds here, and I'm happy to define some of those concepts.
Yeah, what's the access broker?
You mean someone who, like, is working for the company?
No, access brokerage in the world of cyber or, you know, nation state sort of cyber activities
has to do with the, in human terms, it's the person with the key to the vault of the bank.
They give it out so people can go.
and do what they want to do in the vault. They don't actually go in themselves. They
simply get paid for the access to it. And they're the ones that build the more
sophisticated methods to get in to an environment electronically. And then what we call
maintain persistence. So they'll not only open the door, but then they'll leave something in there
that keeps the door open. They'll wedge it open with something so that then they can broker
that access to that environment to a bunch of people. So this is what makes this very difficult
is that it's not as clean cut as people might think.
It's not like hacker A goes and hacks and steals and does all this and then leaves.
Today, it's a gigantic, you know, organized business situation where there's the people that will get access to the environments.
Then they'll broker the access out on the dark web to the highest bidders or people that are lined up to sort of buy the access.
How is that?
I understand.
So how does that person get that access?
Like, for instance, I was watching one program that was talking about North – this was, once again, this was all kind of North Korea.
Sure.
But it was that apparently there was like an entire, you know, section or division in North Korea for hackers or, you know, sometimes it's espionage based also where they'll have some guy get –
a North Korean who's highly talented get a job working, you know, programming or doing whatever.
And he'll work there for six months or a year, however long it is, and become a valued employee.
And the, you know, the bank, some bank or financial institution or whatever it may be is in the UK or whatever, somewhere in Europe or maybe it's in the United States.
And they love this employee.
They think he's great.
They don't realize he's in North Korea.
They think maybe he's, who knows where they think he is, you know, Malaysia, you know, wherever.
And so they work with him and they think he's great.
And then eventually he gets to a point where he's gained access to their system.
And that's really his goal.
And he's getting a paycheck.
Like if he makes 150 or 200,000 a year, like that money goes into the North Korean coffers.
And he gets his $15,000 a year, which is still.
good money, and he's allowed to, of course, you know, work this job and then garner
information or maybe, you know, maybe put himself in a position where he can steal money
or give someone access. So that's why I thought when you meant an access broker, someone
who, that's absolutely a version of it. It's the slow, long-term, long-term kind of covert
deployment of a real person to social engineer their way in and do that, right? Absolutely, 100%.
What's more alarming is that you can do that exact thing with malware, spread out, like shotgun
approach to thousands of organizations, get that malware in there that starts to laterally move
and it literally, it's called blast radius. It lands on an HR lady's computer. Let's call it Martha's
computer who runs HR in Company X, she opens emails up and reads resumes every day. It's her job.
You weaponize one of those resumes and that resume gets opened by her to read it. It opens.
It's a real resume, but alongside that resume being opened is a piece of malware that gets deployed
on her computer. And then what it does is it looks for every other computer connected to hers and
it laterally moves and spreads itself out to the organization. And not only does it do that,
it reports back to its owner about where it is, what it's found, and everything else, just
like the guy you're talking about, but done in an electronic fashion, very streamlined, very
efficient. And then multiply that times thousands, if not hundreds of thousands of computers
times thousands of companies. You've got a really, really powerful intelligence collection
capability to then figure out who you're going to go and attack. Is that how the Lazarus Grooth
got access to that? Basically, it was like,
It was like $300 million with a Bitcoin, the one of the cases that I had seen.
And they moved it.
Like overnight, within like a week, there was something like the Chinese holiday or something.
And like they had like five or six days that they were able to do this.
And even when it was detected, they couldn't notice.
They couldn't get hold of anybody because all the banks were, it was a holiday.
Yep.
All that was planned.
All that was by design.
So it's just like good old school.
art of war, Matthew, where wait for a moonless night to do your attack.
Same thing.
I mean, it's funny how history repeats itself when it comes like military strategy or
espionized tactics or tradecraft.
They're always the same strategies, which is catch people off guard, wait until there's
some sort of political holiday or national holiday to get people when there's a skeleton
crew on staff where they really can't respond.
And the things like with crypto, just really quick, just to address that piece of it,
you know ironically it was bitcoin right which is something that now has proven to be quite
traceable like if you've got the right utilities and tools and talent you can figure out where
things are going but there's so many cryptocurrencies that are not traceable like that they have
really true anonymity and had they decided to simply shift the currency into a more anonymous
alt coin or whatever you want to call it they could have gone gone to ground and there was no
retrieving anything so it's kind of interesting that
You know, and this is old, right?
This is not a recent situation.
So these days, they've gotten a little smarter about hiding their tracks.
Well, they did switch a portion, you know, portions of it.
They could only switch, you know, so much.
And they knew they were being tracked.
The problem is they had to go through an exchange.
In order to launder it, they had to go through an exchange, which this is what killed me is that it's like,
okay, you have to go through an exchange to convert this to actual cash and get it into,
And they're trying to make it obviously, you know, completely anonymous, but it's being tracked thus far.
It was being tracked.
And right.
Eventually, they ended up moving like 80% of it to to an exchange that was extremely credible.
And, you know, they, you know, when I watched this, they were like, like, we have no idea why they thought that this exchange would do this for them.
Does that make sense?
Like, they were like, typically they'll go to a questionable exchange that does an ask.
a lot of confidence. And they were like, so we are fear, but you can only move so much through that.
And they said, for some reason, they moved it here. And we just contacted them. And they froze
the amount of the money. And they were like, so they got lucky. And they did it getting 40 million.
What, what I didn't understand was, you know, it was all, I don't know, it's North Korea.
I kept thinking like, why wouldn't you have already gone somewhere in Europe? And,
You could steal identities, get passports, go to Europe, establish accounts that would allow you to move that money very quickly.
And it would have become anonymous.
Like you can wire it into whatever, 40 or 50 or 100 different banks and then wire it again.
And you only need a fake identity to do that or steal someone's real identity.
You know, 10 people's real identities, multiple corporations, multiple bank accounts.
now it may take some time
but at least the people that were tracking
the Bitcoin would have been lost at that point
at that point they would have been like
okay this was just converted to cash
and placed in several
Romanian banks
you know and now it's been
and people are cashing it out
people are moving it to different corporate accounts
people are moving it throughout Europe
now we've got a problem
but for some reason we just
well you know
it's interesting, Matthew. So two things. One, in my entire career, the way we've generally
caught people, especially from a cyber perspective, is some failure along the way where they've
forgotten to cover something up or they've misstep in an area where they thought they were
being a little overzealous. Like, if I were to speculate, this is purely speculation about
why they maybe went to a very legitimate exchange, was to hide in plain sight, right? To have
something there because it's well known that these less savory exchanges maybe couldn't handle
the volume perhaps and are imminently under the watch of the Interpol or FBI or others,
right? So it's almost like, let's go where they're not going to necessarily look or expect
to go. Of course, the controls that were in place did catch it and they lost out big.
The other half of this is that it's an interesting concept because you're talking about the
final stages of the ex-fill of the money, no matter how sophisticated they might be,
this is still a fairly new thing, meaning crypto and using it as a utility for massive
harvesting of intelligence money and all that. It's still kind of new. So, you know,
we're kind of judging the opt in the armchair. You've heard that term before where we're sort
of saying, well, obviously they should have gone here. And it's like, but you'd be surprised how
many times people that are really sophisticated screw up. I mean, for example, some of the more
nation, state groups that I chase around, the ones that are government funded and have the
means, they don't cover their tracks in any way when they're doing kind of the setup of their
infrastructure sometimes completely. They just leave it wide open because they never, they make
assumption that no one's ever going to go dig there. They assume that we're going to track the
movement of the data or they're going to track the movement of the crypto, which is indeed what
normally happens. No one looks at the infrastructure, so therefore not worry, let's not worry
about it. And they learn from the pain of failing there. So you can bet your bottom dollar. Those
guys will probably never use a very good trustworthy exchange again. Right. Because it may have
been a miscalculation. It may have been something where they thought that this was going to be the
best place to keep something that was never going to be tangled with because it looks truly
legit. They still made 40, like a 40 million failure. Like I'm ready to like let me fail.
Like that's that's a hell of a failure. You know, that's an amazing. But you. But you.
You're right. I always, you know, I'll, I'll interview these guys that, you know, have been in prison and, you know, the running scams. And it's always something like you did, you know, you got the fake IDs. You got the credit cards. You got the passports. You, you set up the corporations. You open the bank accounts. You had people in between you and them. Nobody knew your location. You had all these drop phones. You had all of this. You did this. Like all of these things.
And then you went to a, you went and rented a room using a stolen credit card.
Like, you have half a million dollars in the bank account, a couple hundred thousand in cash.
And you used, you're in the middle of running a multi-million dollar scam.
And you used a stolen credit card for a $1,000 hotel room bill.
Yeah.
Yeah, 100%.
But it's the old, yeah, it's Al Capone's tax records story, right, the famous one.
It's the taillight out on the car in the getaway that gets it pulled over now because they're, I use that all the time.
I always say, listen, I'm not one of these guys that's going to be driving around with a stolen car and a broken taillight and a body in the trunk.
Like, that's not me.
I'm crossing all my T's dotting all my eyes.
Yep.
But I'm pretty patient.
so that's a key thing right the the genius is it's the obsessive the obsessive compulsiveness
that makes separates the men from the boys in that space even in cyber and I think it would
probably be very similar in your way in your world which is that the ones that are meticulous
usually when because they're they're really really obsessive about perfection and they're they're
really big on making sure that the the op is clean from the start and there's this there's this
It's an art form again.
Back to that concept.
I'm not trying to praise it per se.
I mean, you know, but you have to appreciate the sophistication of some of these groups that are perfect with their zero residual presence of things or how they're able to completely eradicate anything.
It's pretty amazing.
Well, I mean, and it takes a lot of effort.
You know, I think everything is kind of like that, though.
Look at like Steve Jobs is like, you know, this amazing visionary.
Horrible interpersonal relationships.
You know what I'm saying?
It's like same thing.
You know, you look at someone like, you know, CEOs or presidents, you know, just complete narcissists that make their way all the way up the chain.
But the fact is that, well, if he wasn't a narcissist, if he wasn't a narcissist, he would have never made it up the chain, you know.
And what makes some CEOs, amazing CEOs or entrepreneurs are the same things that make them detrimental to be around.
very much you know what it's like it's the same thing with like like committing you know any
type of crime like they you know or you know in the criminal world like you know these guys like
you're taking all these pains taking um precautions and then you make one little slip up because
you think i've i've done such an amazing job here that nobody's going to catch that yeah and
matth you're you're right i mean look victim of your own success is real in this space especially
with the volumes of money we're talking about, you know, it's not just one bank heist. It's
effectively thousands of bank heists all at once, right? And here's an interesting thing. I mean,
you start looking at some of the really, really sophisticated, you know, caucus region or Balkan,
maybe, you know, Russian-esque groups. And you saw the pictures of them sitting in Santrapay on these
massive yachts with like a freaking oscelot, right? It's like you're going to get caught doing that.
I mean, you know, there's no discretion after a while.
There's an over, there's a, there's a, there's a, there's a megalomaniac quality that kicks in with the ones that are a little less than disciplined and have the means to kind of win on a perpetual bit.
It's kind of like I was telling a friendlier day about watching world, world tour poker or world championship poker games, and it's always the same people that seem to end up at the last rounds of these things.
Yeah.
And there's a reason for that.
It's because they're very disciplined.
playing with that emotional I do it no it's not luck at all um it's not luck yeah I was just
when you were you were mentioning like I know I saw this one about these this Russian hacking
group that had stolen I forget how much cryptocurrency they'd stolen I mean it was it was
outrageous and they're you know because they're in Russia you know they're they're on social
media they're driving um these you know these outy that i forget what the outy a is it all right
r eight sports car doing donuts they're driving in ferrari's they're just they're talking they're
holding up stacks of money they're yeah you know look at us look at it and it's just like wow you're
like you're like you're gonna they end up going somewhere where they think eh you know we're
I'll pop into this country right here.
Nobody's paying attention.
Now, countries are patient.
They throw an indictment on a red notice out there and just wait.
Yeah, well, this is the thing that's funny is that, you know, you talk about, you know,
among the criminal underground from a cyber perspective, they look at the law enforcement
groups as slow and plotting and not that sharp and they're not going to hire the best talent
ever because it's the government.
It's the same story, right?
I think it holds true across all forms of, whether it's kinetic or cyber or whatever.
The problem is you nailed it.
You said exactly what I say all the time,
is that they have all the time and the money in the world.
There are no rush either.
That's what I was just thinking.
Yeah, but they have an inexhaustible budget, manpower, and time.
Yes.
You're always looking over your shoulder.
You're constantly running.
So in some ways, I think that psychology is what gets to these guys a bit.
I think they're kind of like, well, you know, the time will come.
and I won't be able to enjoy some of this.
They sort of throw caution to the win
and they get a little wild and crazy with their success.
I mean, it's just crazy.
But then there are the others that are very methodical,
like the ransomware operators.
And they've made out billions worth of winnings out of this stuff,
not millions anymore.
And the scary part is now they're figuring out
how to refine that process, Matthew,
where they're going to go after groups that are otherwise not normally targeted.
They'll go after the average individual or someone that can pay them $5,000.
You used to be go after big companies, get something on the inside of the network to encrypt
everything and then hold them hostage and say, I'll give you the key if you pay me X amount of money,
right? That's the classic that ransomware scheme, which was very successful.
And they made a ton of money.
And they even got it working where they knew a company had cyber insurance.
And they would actually intentionally hack that organization knowing that they had
a policy that would cover it.
So they had a really clean plan for saying, here's our premium list of what we're
going to hack into, here's our less than premium, here's our like kind of, we'll net them
and if we get them great, if not, who cares?
Because they're not actually the ones we know are going to pay.
So they figured out the situation here, which is it's frankly the same thing as any kind
of fraud in terms of insurance fraud.
If you know that there's going to be a payout, you do things in the exact way that you know
that the claim can be made and the money will be.
paid and and what's ironic is that you look at the stats online for ransomware uh over the last
i don't know four years pre-pandemic through the pandemic to now i mean matth you're talking about
a fraction of what's been reported i mean really like are that that's reported like the rest
that's happened no one's ever said anything about it's all brushing to the carpet so i don't
i think that the vast majority of organizations have probably had a brush with it paid
and not told anyone about it yeah what was it the same
Casino? Which casino was it?
And that was
in Vegas, and that was a
wasn't that a Russian based?
Was a Russian base? The Sands.
The Sands was Iranian, if I'm
remembering correctly. Yeah.
But, you know, you're talking
another situation that's not even
two and a half three weeks ago.
MGM was in the news.
That's right. I was going to say MGM was
that's the one I thought was Russian, because that was
recent. Yeah, that's, that's
likely, at least from an attribution with the
people I've talked to, it seems like it was probably Russian in origin.
Correct.
But they first hit another casino in Vegas a week or so beforehand, and they paid.
Yeah.
And that's what I heard.
Yeah.
And get this.
This is what's really interesting.
There's a high likelihood that they, what it's called island hopping, it's like a military term,
they've commandeered for cyber, which is, if I want to get to Matthew, I'm going to get his.
World War II, Pacific War.
I love World War.
Yeah, it's exactly what it is.
Totally, man.
So if I want to get to Matthew, I know he's really good at security, but his neighbor is not.
And he has really close ties with his neighbor.
In fact, Matthew lets his neighbor in the house every now and then if they need like something when he's not at home.
And so they have a key.
So if I go hack into the neighbor, I'll get into Matthew through a weak point of his operational security, which is his partner or his third party partner or his customer or something like that.
So what's fascinating about this is that now in the world that we're in today, everything's so intercalating.
connected, there's no way to really know whether you're buttoned up or not. You might have
all of it, but that doesn't mean all the partners that you work with that are usually smaller
and less capable, have it all buttoned up. And they have direct connectivity into your environment.
So it's a one-way ticket inward if you get into these smaller groups that are all the supply.
It's like the Target hack, the most famous one, probably one of the most famous hacks ever,
T.J. Max and Target from a cyber perspective, those are like legendary hacks, right? Because
the threat actor in Target got into Target's main network by hacking into the HVAC system
access, literally the air conditioner system vendor had access to the main network.
They got into those guys and then they bounced right through.
They essentially daisy chain themselves into the main network at Target.
So this is something as commonplace now.
And so it's becoming almost a whack-a-mole problem for,
for the law enforcement groups to go chase around because you can't secure everything.
You can't build a big enough, tall enough wall to secure everything.
What you have to do is now build things that become a deterrent for the threat actor to come after you.
You have to become a pain in the ass to hack, right, and let them move on to lower hanging fruit,
rather than trying to assume you're going to build something that's a better group.
I was going to say whenever I'll talk with people about, you know,
about fraud, and I do these, you know, these talks, you know, you, you tend to get the same
questions over and over again, you know, and one of those questions is always like, well,
how can we stop this from happening? And, you know, and the problem is they, they always think
that I'm going to be able to say, oh, well, you have to do this. First I'll be like,
well, is this, is this, are you able to stop this? Yeah, absolutely. You can stop it. It can be
stopped. You know, fraud can be stopped. Here's a problem. You now make it, but to do that,
you have to make it so difficult, you've eliminated normal people from obtaining loans.
So it's like there's that balance.
How do you still make the system manageable and usable and friendly enough to allow people to apply for loans and get loans and also eliminate as much fraud?
You know, it's a balancing, like, you can eliminate it.
If you want to go and make every phone call and check every, and order all those documents,
if you want to dump $1,500, if you want to change underwriting from being a $250 expense and
turn it into a $2,000 expense or $3,000 expense, you can do that.
But when they start doing the numbers, it's like, okay, well, now it's not worth, it's not worth doing the loan.
We lose more money on allowing the fraud to go through.
So it's so funny.
This is great.
So I have this story I used to tell, well, not a story, this concept that if you want to do ultimate security, I don't care if it's physical security or cyber, same concept, right?
Ultimate security is no windows, no doors, no lights, no life.
It's over because if you lock it up to the point where it actually is true.
truly quote unquote secure, it's just not functional to your point, just to kind of extra
double down on what you're saying, because you're completely correct. But then there's
another aspect here. So yes, it's all about risk tolerance and management, right, mainly with
these companies, whether it's a physical level of tolerance, because if you make it look like
Fort Knox, it might deter folks that you've talked to in your, you know, in the past that
would be like, oh, forget that one. But it's also going to deter the customer base. It feels
too imposing. It feels too intimidating. And you're right, you lose business. And if it becomes too
slow, because everything is slowed down to a crawl so it can be observed, nobody wants to work
with those types of organizations. They're too painful to kind of interact with. This is where the
government has such a challenge, because they have all these layers, and it makes it incredibly
difficult to kind of negotiate anything with them. But then there's another aspect here that's
interesting. And this has more to do with, it's both. It's cyber and physical, is compliance.
has gotten in the world in the way too now.
So what's really interesting is that in an attempt to get organizations to comply with having
a level of security that's good, federal regulations have imposed a set of compliance standards.
The thing is, Matthew, most of the time, the penalty for not being in compliance is lower
than the amount you pay for security.
So they just pay the fine.
They don't bother deploying all that and getting the hassle of buying all that.
and getting the hassle of buying all this crap that they don't know how to deploy or need a team to run.
But it's a fine of two million dollars when it would actually cost us three and a half or four
to really buy everything that would put us in compliance.
Just paid it fine.
And so that's kind of where it is now.
I watched,
I was watching some series the other day where they were, it was for pain management.
And there was a company and the company, they were like, you know, you know what a speaker
program is it's yeah yeah so they were running a speaker program where they you know they can't
pay the doctors to prescribe medication but if you prescribe for this much medication we'll put you on
our speaker program and you'll get it you'll get whatever $4,500 and you come and give a speech
at this little convention and you make this much whatever so they're paying them you know it's a
workaround so they were talking about the speaker program and then they were talking
about going off brand like saying we're going to start pushing these we're going to start pushing
these doctors to prescribe this not for cancer which it was designed for cancer and we've been pushing
cancer now we're going to tell them they can also prescribe it for other types of pain and
they were like listen that's that's going to come back on us and they sat there and their
actuaries in the boardroom doing the numbers and he's like okay well we're looking at a
a profit of a billion dollars and a fine at maximum at the max the fines half a billion
we just made a billion half a billion yeah that's right the worst scenario is we make half
a billion best case is if they catch us at all they they they it's a 200 million dollar fine
and we made yeah 800 million like you know what I mean it just it was like wow like it's
totally worth it to do that. And in so many cases, it is. It really is. And then, you know,
that kind of dovetails into another aspect around using the technology to your advantage
in ways that it's quite clever. So, so usually people think of hackers and they think they're
stealing either information or intellectual property or money or crypto, right? One of the same.
It's usually that's what people think. They think that there's a hooded kid or whatever.
somewhere in a basement it's the usual visual that Hollywood's great right yeah yeah and while
while there's elements of yeah exactly there's elements of that you know script kitties or skitties
will call them you know that do this kind of stuff it's fine you know they're they're playing around
and they're learning um it's not fine but you know what i mean they're they're not the threat the
threat the real threats and this is extremely clever is market manipulation with hacking and
what I mean by that is they're going and they're hacking into large public organizations.
We're talking about these very well-organized groups.
And they'll deploy malware that is intended to get caught, Matthew.
Like, it's not meant to hide that long.
It's meant to sort of stay like a little ticking time bomb until such time that it makes sense for it to sort of show itself.
And then magically, the press gets an anonymous tip that so-and-so public organizations hacked.
You might want to go check on it, report on it.
and what they've done in that timeline is they've bought short positions in the stock price
so that when it does get hacked, they make an incredible amount of money on the plummet
and then they make money on the correction on the way back up.
It's incredible.
You know, it's funny you saying that I specifically was talking to my buddy, Pete,
because the guy that I told you was like, oh, you got to check out this.
You got to ask him this, ask him about this.
And I was thinking to myself, like, the, I wonder why they don't buy up the stock and, and, and, and, you know, short sell it, you know, and create these, these situation.
If they can't move the crypto or that, you know, they can't move the Bitcoin, then why not go ahead and buy up as much of the, of the company and take, you know, short positions?
And I was actually, we talked about that. And he was like, you should mention that.
yeah that's that's that is insane it's funny there was something else when you were talking i was
gonna i wanted to um mention there was this i want to say it was called like solar sale or something
it was uh like they were solar winds solar winds and it's what they're the the big the big uh solar generators
oh different okay no so it could be two different things then so solar winds is that
IT firm that got hacked.
And in the way the hackers did it was they actually implanted a malicious code into one of the
updates that this company sent out to their entire constituency of users, which is a really
advanced way of getting yourself embedded, right?
They didn't deploy their own malware as like a separate kind of thing.
they actually baked in the compromise into an update that went out legitimately by the company.
Is that what you're talking about, solar winds?
Yeah, yeah.
I think I was thinking about two different things.
I know that in China, I know there was also an American company that was doing the windmills, you know, the solar.
Yeah.
Yeah.
And they actually, and this was an intellectual property theft from China where they had stolen a bunch of the software.
But anyway, you were saying for.
Yeah, that one is just kind of the poster child for supply chain hacking, the best way to put it.
Wasn't that a Russian company?
Well, Solar Winds is an American company, but it was believed to be a Russian actor behind the hack, right?
And then they, they, so in one go, like the way they were able to sort of scoop up a time,
they got into about 30,000 different organizations all in one.
so and they had access to these and yeah and so what are they taking from those organizations yeah
is this just well it depends because i think this is where this this is the weird murky area
between where geopolitical motivations that drive these more sophisticated government run groups
bleeds into the cyber criminals that are all financially motivated and sometimes those
governmental groups that have political motivations to destabilize or create influence campaigns.
We're getting into something much deeper and not quite per se true crime per year show.
But I think it is a massive, massive operation that uses things like criminal activity to their advantage.
It's almost like proxy militia, right?
You know, think of it that way.
When you have a hacker that's out there wreaking havoc by stealing millions of dollars in crypto or shorting stock,
I mean, what an incredible misdirection utility for a nation-state actor to leverage.
I mean, look, there's been no shortage in history, back to, you know, our history lesson
for the third one of this particular episode.
But, you know, Air America program where they were moving drugs in to the U.S.,
I mean, that's an operation facilitating criminal activities on the streets to facilitate
an agenda for a slush fund.
I mean, there's all these stories that are very, very much.
akin to what we're talking about here.
But anyway, we're getting into some big nuances.
But, yeah, solar winds was a really interesting one because it set the standard for how you
could go and hack into one place and get into many.
And yes, there is information or intellectual property theft.
There's PII, which is personally identifiable information like social security numbers,
birthdays, names, everything that you would have had a blast with in your past life,
getting a hold of it, because it would have given you a treasure trove of an unlimited
supply of identities that you could leverage.
So if you think about the force multiplication of technology, Matthew, they're doing
nothing different than what you created, pioneered, came up with when you were doing
what you were doing.
It's just done at a scale and a speed and a cadence and a frequency that's unprecedented.
That's the difference.
Yeah, I was going to say when you were talking more about the, you know, the organization
that are backed by nations, it's like, it's like a, you know, it's like a cyber war, right?
Like, you know, like we're spying on them. They're spying on us. But in the end, I always wonder, like,
let's say you've got North Korea or you've got China or you've got, you know, Russia. And the, you know,
the justice department will come out with these. I see, and I, you know, I remember watching something.
This was like, this was actually, I think, when I was like in prison, it was like 10 years ago.
And they had indicted a bunch of people in, like, in North Korea or China.
I forget which one.
And they actually had tracked them back to the where they, they knew where they worked.
They knew the name of the department.
They knew who was working in that department.
They said, because we can watch them go all the way.
We know when they show up within 20 minutes, there's a spike in activity.
Like, we know when this guy works.
There was a whole thing.
And they had indicted multiple nationals.
And but in the end, like, how do you prosecute those guys?
How do you, you're never going to get your hands on them.
Every once in a while.
Now, I know that I was locked up with a bunch of, a bunch of, you know, they weren't hackers, right?
Because I've really only been locked up with one or two guys that were ever charged with, actually charged with like hacking.
So, but I was charged with guys that.
were running, you know, like dark web forums, credit card for them.
I always say credit card forums, but they do other stuff.
They sell counterfeit credit cards.
They sell dumps of information, you know, a dump is.
They sell dumps.
They sell folds.
And then sometimes they have these tutorials on just how to run PayPal scams.
Just a very, you know, different scams that they got 45 minute video.
on how to scam PayPal out of X amount of dollars or different scams you can run.
So it's, I always say credit card, you know, forms, but they do other stuff.
So sure.
One is that I was locked up with a bunch of these guys.
And, you know, everybody would call them hackers, but they weren't hackers.
But, you know, and several of these guys were Russian or you or from Ukraine.
And they got got some of them.
And one or two of them were actually Russian.
And they only ended up getting this one guy.
because, like, Russia wouldn't hand him over.
He just happened to decide to go on vacation just outside of Russia.
Like, like, I don't know what he was thinking, like, ah, I'm 150 miles away, you know, from the border or something.
Like, I don't know what you're thinking.
Like, he went into Russia and they notified the FBI that he had entered.
I forget what country was it.
I'm going to say it was Moldova.
I was like, I forget.
Anyways, one of these little countries, probably one of the Baltic or the Eastern European bloc countries that used to be.
And he happened to go there on a vacation, like a skiing vacation or something.
I forget what it was.
And sure enough, he wasn't there more than like three days.
And the FBI flies in and they arrest him and they throw him on a plane.
And, you know, he's landing in New York and he's screaming the whole time.
You're kidnapping me.
And anyway, and he ended up, it's so funny, too, because he ended up getting, I still want to say he barely got any time.
You know, like some of these guys, they're an outrageous time, 15 years, 20 years.
This guy got like, I don't know if it was five or six or seven years.
For the amount of money he had stolen, it was not that much time.
And I always noticed that a lot of the international criminals tend to get less time than the U.S. would give.
one of their own citizens.
It's not always the case.
There's always an exception.
But yeah, it's...
Therein lies the frailty of the system
as it relates to international laws,
especially with cyber, right?
Because...
Right.
Like, how do you get a whole world?
Yeah, exactly.
And like in the beginning of the show,
we talked about how attribution is difficult, right?
It's very hard to sort of fingerprint an individual sometimes.
You know, you might know,
where the machine might be or a general sense of where the IP address is coming out of,
but it's still a far, far, far, far, far, it's still a million miles from the individual behind it
sometimes, right? I was speaking to a colleague there day that was fascinating. He was hugely
involved in the Zeus botnet takedown. Zeus is a banking trojanet, specifically there to
harvest banking credentials. And then they would run these whole teams to log in using those
For a limited time at McDonald's, enjoy the tasty breakfast trio.
Your choice of chicken or sausage McMuffin or McGrittles with a hash brown and a small iced coffee for five bucks plus tax.
Available until 11 a.m. at participating McDonald's restaurants, price excludes flavored iced coffee and delivery.
Potentials and then move money.
Literally just you're in the person's account.
You can send it wherever you want.
You can add an account.
You can do all kinds of stuff.
And they would do all kinds of stuff like grab the two-factor authentication code from the cell phone by conning
people into giving them the code where they would actually get the malware to do that and harvest
the information from the phone. I mean, it was incredibly sophisticated stuff. But all that to tell
you that it took exactly what you're talking about. It took them getting the individuals on video
going into the banks, doing the actual transaction where they could correlate the timestamp
of the video with the individual that was facially recognized, or at least now they can do
that kind of thing with the transaction happening at the at the you know the teller window to then
get the guy but even with that if the person did it in one bank and then zipped off somewhere else
or had a hoodie on or my gosh think about COVID with the mask situation it's like how are you
even forget it's over so you're right it's um even if you get an indictment how do you get
the guy like china's not handing over Russia's not handing over a national right yeah and
And, you know, the other thing about this is that back to kind of get to the theme of this particular episode.
I mean, you know, honestly, Matthew, most of these guys feel like it's a victimless crime.
Like, no one gets hurt.
There's no violence, at least from the perspective of a lot of these guys.
It's completely passive.
The money is going to get paid back somehow by some group.
It's not victimless.
Honestly, it isn't.
But from the perspective of the threat actor, they're like, look, nobody got hurt.
It was a painless way to get a lot of money.
Like you said, if a failure is 40 million bucks, come on.
Yeah.
It's not hard to sell me.
You don't have to sell me on.
Yeah.
Yeah.
Oh, yeah.
Listen, like I, you know, one of the reasons like my dollar amount isn't that high is because I was cautious.
You know, I like to me, if I was thinking, okay, so you're telling me.
that right now, I, nobody can, nobody's going to, like, as long as I don't leave Florida,
you're telling me you will allow me to run a scam in Georgia, but you will, you will not extradite
me to Georgia. And I just have to never go to Georgia again. I'm good. I'm good. Like,
I'll go sit in the Starbucks. You know, I, you know, because my crime now, just because of technology,
think about it
I used to have to make my own
W-2s and paystubs
now you can just go to
paystubs.com
they'll make your W-2s and pay-subs.
They'll calculate everything so it's perfect
per state like the whole thing.
I used to have to make my own bank statements.
I used to have to make my own
I would design my own bank websites.
I would make my own
I had to figure out how to get the
the software
to make my
own appraisals i had to go buy i had to buy a house like now i could and then you had to
actually physically had to go get i had to go get go into the dmv get them to issue me a driver's
license in the name of someone who doesn't exist or or maybe maybe someone who does exist maybe it's a
stolen identity you know i had to so i then have to i have to create this entire this entire
you know,
legend that isn't
real to support my person
to borrow money
and then I actually have to go into
a close physically go into
downtown to public records
and then I also have to go to
a closing.
I have to go into banks and open banking out.
Now you can sit in a Starbucks
I can make my pay subs
through a website.
You pay a few bucks. You make
pay stubs in W-2s.
You can open your
corporation online. You can open up the bank accounts online. You can rent an Airbnb. You can have
it appraised. They never have to see me. I can schedule a closing and I can close on my loans and
property and loans all remotely sitting at a Starbucks. And then wire the money wherever you
want to wire it. And the interesting thing about that is everybody involved in that transaction
now doesn't have to know what's going on. They don't have to know what scams going on because
they're just doing what they do on a regular basis. Tons of closings are done remotely.
Tons of bank accounts are opened online. Tons of all of these things. Appraiser show up.
They never meet the owner. You rent Airbnbs. You never see the tenant. All of these things happen
on a daily basis with no interaction. So if some guy sends you an email or you get a
phone call or a text and they transfer the money and you get the money then you're like yeah of course
sure i'll mail you the key or i'll put it under the mat or so you know my and if you said hey matt
you could do that it's just all that has to take place in georgia and if there is if you're ever
indicted don't worry we will not allow them to extradite you from florida like i'm i don't have to
leave florida right you know if i have to make things you
and poor to the rest of my life, it's not going to kill me.
And so that's what I'm saying like the North Koreans and stuff.
Like, yeah, exactly, exactly.
Yeah.
Well, think about, think about like the, you know, some of the lesser fortunate, you know,
areas of the world that, that, you know, where there's average poverty line is way
lower than that ours and Nigeria.
Yeah.
The Nigerians can.
A good example.
Totally.
The, you know, the Slovenians and, and, and that whole group of guys.
guys and gals that do it.
They're crazy talented.
I was going to say they're very sophisticated, very sophisticated.
Right.
And that's a living for them.
Like this is the thing that's really, and it's not advocating for it.
Obviously, like on this show, I'm sure you have plenty of people that talk about it.
Like, this is the best thing it's the slice bread to do.
It always comes back to the fact that that's a hard life looking over your shoulder.
But for people that live in a state of effectively fear and probably risk of what could happen
of them in their home countries, that would be probably worse than any prison here in the U.S.
They don't care.
They have no, there's no compunction to do what they're doing because it's just way more
motivating to see the kind of money they can make.
Like you said, sitting in some internet cafe, they may not have a Starbucks, but they
certainly have something that's equivalent to that that has anonymity all over the place for them.
They understand how to use technology better than the average does here.
And now with the advent of these tools to speak very fluently like,
Whether it's even text-based, like an email or an SMS message,
or now unbelievably audio with AI, well, you can sound like me and I can sound like you today.
You know, I could be an avatar that you're talking to right now.
I'm not even real.
I just, I joined, I subscribed, I think you subscribed for like a month for like a dollar.
And for this, this website.
And I dumped a 10-minute video of me.
and then I
dumped
an article
from Wired
that I downloaded
called the Art of the Steel
just to see
what it would sound like
it had me
I just read the
literally it's like 40
I'm going to say
it was 40 minutes
of me reading
a wired article
and
and it's
listen everybody
that I sent it to
even my
my wife was here in the walking through the kitchen when I was playing with it and I said I said how does that sound she is what do you mean I went how does that you know how's that sound that's I just generated that she's you didn't just read that I was like that's that's the and I was like yeah I played it she was like yeah that is insane if you listen to it it's perfect it pronounced one or two words incorrectly and you can there's a feature you can click on to to have it say it a couple of times you're like oh that's the one I want to
want that's the correct pronunciation it was it's amazing so um i had a guy on i was talking to the
other day we were talking about um fake uh facebook do you remember this scam which is still i'm sure
i'm sure probably used someone builds a fake a fake uh facebook page just you know they use your
picture the whole thing you know they take a bunch of your friends they they subscribe you know
they follow whatever so you know a cursory look at it looks like oh it's you and then they
contact you through messenger you know they would text you through messenger before and say oh my
gosh um you know kareem i i'm in i'm in budapest right now or and this actually happened to
my mother several times they would say i'm in budapest right now um you know my wallet was stolen
I have no money.
Can you please
Western Union me $1,000?
I'll be back in Florida next week.
I'll pay you back.
I am so sorry.
I've lost my passport.
I'm just in a desperate situation.
My mom was almost going to pay.
She was like, oh my gosh, I can't believe it.
Carol is in boot.
Oh, I can't believe this.
I had no idea she was even going.
She's ready to try and she's trying to figure out
had a Western Union money to Budapest.
And if she hadn't asked my sister, that woman would have got the money.
Now, what would have happened if Carol actually called her?
There was, if there was any question before, if my buddy, Zach called me on the phone
right now and said, bro, man, I'm in a bad spot, bro.
Can you cash at me 500 bucks, man?
Here's what happened.
This happened.
I'm getting two tires replaced.
I lost this.
I'll give you the money right back.
I'd been like, yeah, absolutely, bro.
Sure.
If it was in points.
Get this.
There's a story, and maybe for your show notes, I'll have to find the link to it.
I'll make sure I send it to you.
There's a story about a mother sitting down in her living room watching TV, and she gets a phone call.
And it's her daughter frantically crying, saying, mom, mom, they took me, they got me, please help.
And then she goes off in the distance, fades off kind of in the background whimpering.
And a voice gets on the phone.
saying, if you don't pay X amount of money to this account, you'll never see your daughter
again. Think about the sense of urgency they created right then, right? That's a big part of the
process, right? You've got to get that urgency built up. And then they created a motivation.
And then they basically told her exactly what to do. They even said, look, you're going to do it
Bitcoin. I think that's, I'm maybe adding a little bit to the story with the method of payment.
But I know for a fact, it was get it done, get it done now, or you're never going to see your
daughter again. The lady literally was on the verge of paying. Of course, they did the usual.
Don't call law enforcement. Don't call the cops. The worst thing you could possibly do, all the usual.
Had the daughter not walked down the stairs going, hey, mom, what are you up to? And she looked up and
she's like, I just got a phone call from me. She's like, what are you talking about? I've been
in my bedroom the whole time. They grabbed sound clips from her off her whatever social media
accounts and compiled enough of the voice nuances and cadence, everything you just said,
to create a perfect script that people fell for.
So, yeah, that's happened.
Like, that literally happened like two, three months ago.
And it was kind of hit the news pretty heavily.
And then it's now gone a little bit quiet on that kind of thing.
But because the next evolution of its video, right?
You're going to have audio and the video, right?
It's going to be a perfect mat.
It's going to be a perfect frame.
And there's not going to be much ability to discern it.
The authenticity is at stake now where you don't even know what's real anymore.
And it's a new bastion, man.
It's a whole new era for criminals.
Yeah, I was going to say, I remember reading an article about a Russian that spoke good English.
And there were a Russian, there's a Russian like hacking group or whatever where they were calling up.
They would call up and get like increases on people's credit cards or they would borrow money in their names.
And then the company would say, well, can you call us?
and so they paid him to call the company because he sound he had a good enough American accent
and he could get on the phone and explain yes I'm so and so and they would give him the
information my social security number is this my date of birth here's my address and they would
ask him a few questions and he said sometimes you know they would ask questions I didn't know and
I'd say I'm sorry like I can't recall or he'd give him the wrong answer and be like well I had several
roommates in college I mean not sure I mean I lived in a dorm.
And they go, okay, well, let me give you another one.
And, you know, they would pull what like a LexisNexis report and start asking questions.
And eventually he'd be able to get a few of them right.
And then boom, they just gave him $100,000 whatever, home equity line of credit on his, on his house.
And they immediately transfer the money.
And, you know, so you don't even need that guy.
And especially with the North Koreans and, you know, that sort of thing.
Like now they can, if they can get into an organization.
Yes.
And they can make a phone call from the, whatever, the CEO or president or whoever in that person's voice.
You know, once they get the lay of the land and know enough about the company, you know, Bob can call Jennifer and HR and or, you know, in bookkeeping or whatever.
I mean, who knows, like how.
Well, and, you know, mining the internet now is all been done forever.
And, you know, there's, there's practically nothing you can't get publicly, open source-wise, these days.
You know, like the good old days of having to use hoover's or nexus, they're kind of gone.
Everything's generally open-sourced at this point through social media and all that.
And now, you know, this idea that they're trying to train these machine learning models on data that's been curated, it's all sliced, diced, organized.
I had an interview not long ago about, it's a little off track,
but it's interesting because it does have to do with reconnaissance, right,
or casing an environment, if you want to call it that.
Now, I mean, the major players are looking at your house
through Google Maps and Google Earth.
Right.
And check what kind of car you have.
Stop.
Do you know how fast you were going?
I'm going to have to write you a ticket to my new movie, The Naked Gun.
Liam Nissan.
Buy your tickets now and get a free chili dog.
Chili dog, not included.
The naked guard.
Tickets on sale now.
August 1st.
They're looking at what neighborhood you're in.
They see what route you take to your job based on your cell phone, connectivity to towers.
And they see where you stop to have your coffee because they can profile you for knowing exactly how much money you're worth probably paying based on whatever scam might be appropriate.
So like they all that's kind of predigested.
and ready to rock for a lot of these threat actors.
And it's just, it's at a scale that's, it's unprecedented.
And there's really not much defense against that.
This is the thing that's interesting.
You're relying on people's wherewithal and spidey sense to kick in, if you will,
which I mean, I hate to say it, but the vast majority of people,
when it comes to these technical type scams, look, Matt, I would fall for a lot of this
AI generated voice stuff and video stuff.
If it wasn't absurd, like the funny ones that we see are pretty silly, right?
They're people saying the most off-the-wall things.
But if they see something slightly off from what they would normally say, I'd totally buy it.
Like what your wife did with your Art of the Steel reading that you didn't do,
but your avatar read or whatever you want to call it, right?
Right.
So, yeah, I mean, it's great.
It just, it all, you know, and it, I'm not going to say, it depends.
Like if somebody called up and said, oh, you know, we've got your, your wife and we need, you know, whatever, you know.
$30,000, I'd be like,
would you guys miscalculate?
You know, but somebody else may say, of course, you know,
you know, it has to be reasonable.
So, but yeah, I definitely, I hear you.
And yeah, with the, I was going to say, you can, gosh, you know,
you can, and you can track people so many different ways.
like there's so many different things you can do um what i i was wondering about is you you wrote a book
about like um about um cryptocurrency right uh no i was probably quoted in a few of those that i didn't
write a book on it specifically but which one are you referring to the the rise of the central bank
digital currencies?
Yeah.
So,
sorry,
that is my,
that is my substack stuff.
So yeah,
sorry,
I was thinking of a physical book
that was printed.
That was never printed.
That was an article I wrote about,
um,
yeah,
like,
BDCs is what you're referring to.
I thought it was like an ebook,
but okay,
no,
just a,
it's a publication,
but yeah,
it's on like substack.
Okay.
Yeah,
close enough.
Um,
yeah,
I did.
I definitely found it to be a very interesting,
utility we'll call it that
I don't know where you want to go with it
because there's a lot we can talk about
with CBDC
well here's what I
okay here's what I was thinking
because I know that there's like the
what is it Fed coin is that what
the so and I was thinking
if they moved
if the if the government moved
I mean obviously there's all the
conspiracy theories you know
they can just say hey
you know hey guess what
you can you buy you've been buying
too much gas lately
you can't do that anymore
you can't you got
only spend this much on this or oh you've been bad so you can only spend so much on food or
whatever it may be if you don't get the next vaccine we're not going to allow you to buy groceries
anymore you know whatever there's all these the worst case scenarios well what i was thinking is like
what does that do be and i only think i'm only wondering this is because of the the north korean
scam where they were tracking all the money and they got such a substantial amount back like for
types of organizations, drugs, for instance, even fraud. You know, you could track everything from
here on out. So even if it was a year and a half later, and they said, hey, we just found out
this loan was a fraud and it was whatever. It was, you know, identity theft or, hey, this was a
transaction that was made. And guess what? That was five kilos of cocaine. Like, you can now
track all that back.
So does that,
do you feel like that eliminates certain types of crimes?
And how does,
how do criminals get around that?
Yeah,
that's a really good point.
It will 100% in my opinion
create an obsolescence with existing methods,
right,
that you just can't do anymore
because the internet never forgets.
And you're 100% right.
They can always go and watch the tape
to use a sports analysis and do it.
Like you said,
said, however many years later, because they simply have the computing power to go dig through it and figure out what maybe happened and then go indict someone.
So you're right.
That will absolutely change the game for criminals to have to figure out how to overcome that.
However, the parallel to this is that cyber criminals are probably embracing that type of tech faster than the good guys are in some cases.
They're actually in classic fashion, they're finding the utility of things like the AI stuff we're talking about where they're truly anonymized.
And they, for example, when you had to create, or we talked about Frank Abagnale when we had our first conversation, when you had to create a fake check where you put the little logo on there.
Now you can have essentially a really well-tuned AI art program created for you better than you could ever do it.
You just need to have the printing facility.
Frankly, most things aren't even physical anymore anyway.
you know your boarding passes certainly are not to get on an airplane what would you bother you just need to make sure you have the record there and then you have the record here and you're good to go um so i think i think that we'll see and to not sound hyperbolic with the statement but i think we're going to see a new breed of of of sort of criminal slash hacker come about that don't need too much technical capability because it's all built to be run and operated so you don't even need to be really good at building
it anymore, just to operate it. And I think that's what we're going to see a shift towards.
But the surveillance state, just to kind of finish off on your question, I don't think that'll slow
down. I think you're 100% right. I mean, there's going to be a whole push using, we'll call it
fear tactics to say it's in everyone's the best interest for us to watch everything. And people
will capitulate to that because people will say, ah, what's a little privacy, giving up a little
privacy for security because that's the trade-off.
I think most people will probably give into that.
It'll be the criminals will probably be a little less willing to share.
Right.
I was going to say they'll come up with some kind of, I'm thinking they'll come up with some
kind of barter system or they'll trade in something else.
They'll, you know, they're going to figure out.
There'll be a shadow economy, just like anything else.
You know, it's kind of what I think that everyone thought or was worried that crypto would
sort of become, hence the regulatory.
push.
But see, this is what's so ironic about it all.
Cryptocurrency, just broadly speaking, not one or the other, not specifically
with Bitcoin or any of the others, the whole power of it and the value of it is it's
decentralized, right?
It's not meant to be controlled by one operator.
That's kind of the whole point.
So the minute you start to do that, like this Fed one, Fed Next or whatever they're calling
this TBDC, it's really just a recreation of the federal.
bank, but done in electronic fashion where the money's programmable to be different from that
than it is for me. That's all it is. But it's no more, it's not distributed. It's not a decentralized
system. It's still centralized. So it kind of defeats the purpose of something that's kind of
hard to hack. So it'll become a huge target, in my opinion. If they centralize it,
well now you can point your cannons at it that's where the bad act that's where the
well put this way that's where activists will probably target right because now
it's a lot harder a lot easier to hack than something that's you're going back to
castle mode strategy versus decentralized which the very nature of decentralization makes
it very difficult to hack when you centralize it it's a it's a target yeah I mean you can
as much as much of a like you just say like as much of a mode as you can put around it
it's like okay that's great and you centralize it but the truth is is all you
got to do is get through once you know that and that's the thing I always said about law
enforcement was I was like listen I like I can't make a mistake like the law enforcement only
has to be right they can make a thousand mistakes they only got to be right once they get their
hands on me so uh yeah that's um yeah that's frightening of course you know I I also my wife
is I was told in the comment section that I shouldn't say she's a conspiracy nut um she
She's, she, you know, she's very, listen, she'll get something in her head.
And for like a week, at least a week, I have to hear about it and watch shows on it.
And one of them was about the grid going down.
Yeah.
And I mean, and it's so bad that like I was in New York and I took a picture of the skyline and I sent it to her.
And it wasn't, it's beautiful.
Wow, that's amazing.
It was, God, I wouldn't want to be there if the grid goes down.
And I was like, that's.
But that's what you're, where your mind with.
But, um, oh, listen, no, we've got, I got dried beans.
I got top ramen soup.
We got a lot of water.
We've got, we have a three.
Your whole love for now.
Yeah.
Oh, yeah.
Yeah.
She's definitely.
She definitely.
She, she wants an acre way away from everybody because all we have to do is survive three
months until everybody kills each other off and 80% of them be gone.
Then we only have to deal with the 20% and that'll be, that's,
We can survive that.
And I'm just like, what are you doing?
You're a crazy person, right?
I don't know who you are.
But so, yeah, I watched the grid going down and about how I guess it's China was trying to hack the grid.
And China and Russia to try and kind of, I don't know what they were trying to get into,
but their big concern is how vulnerable the electrical grid is in the United States.
Yeah.
I mean, this is a big one.
That's semi-decentralized.
Semi, you're right.
There's a daisy chain cascading, like, effect or dominant effect is the problem.
They were like, if you take out, you only have to take out so much.
And then the whole thing with that, they were talking about Texas like a year or so, like a year ago.
Right.
Exactly.
Well, here's the thing.
This is one that we could probably do an entirely separate show on for like two hours on it.
Because here's the reason why there's so many layers to this.
The first layer is that your wife's not crazy about the fact that the power grid is indeed pretty vulnerable by the sheer nature of what it is.
And what I mean by that is it's old.
So it's running off incredibly old and obsolete software, basically.
And the problem is most things can't be retrofitted with new software because, again, it's this whole daisy chain effect.
If you can't fix one piece and not the other, if you fix this piece, the other parts don't work with it.
It's just this mess.
A lot of the companies that built this stuff, the software part of it, are out of business now.
They're gone.
And it's like you're going to the airport and you see them printing out the manifest for the plane.
They have the dot matrix printer.
Yeah.
That's because the software is written to work only with those printers.
they can't go plug in a nice laser printer to it anymore it just doesn't work so it's it's
it's funny i flew um like delta one time and it was the worst ticket it was his old thick ticket
that was a dot matrix and this was only like a couple years ago it was hard to read the whole thing
and i was like i don't understand i'm flying like like a value jet and i got a nice clean easy
to read ticket and this look at this thing yeah but yeah i didn't even think about that i just was like
why don't why won't they up why don't they upgrade i was like what's but yeah i didn't realize that
what you're they've been around forever they're still using this their whole systems based on this
this technology that doesn't that is difficult to upgrade that's the first problem the second
problem is the is the actual physical hardware um the big transformers that are country effectively
lives off of
these things. If they go
down, we don't have spares, which
sucks. And guess where
the spares would get made?
In China?
China. No.
China. And you know
how long it would take for them to do it if they even wanted
to do it for us? Like a year or two,
to get some of these things made? Yeah, I was
saying that. The turnaround time is
outrageous.
And then you're not ordering
one or two of them at that point. You'd have to order
you're trying to get them to make hundreds, thousands of them.
And nothing's worse for getting a backup, you know,
transformer than bad geopolitical relations with the country that makes it for you.
So there's some really scary propositions there.
And then lastly, you know, they, there's a daisy chain.
So, for example, why bother with the grid if you can go after water treatment?
Because if you can go after water treatment, which might be an easier target because it's not as high profile as the power grid is.
Now you make water, I'm not trying to make this a doom and gloom session here, but it is valuable.
No.
All of a sudden, the water is not drinkable, Matt, and you're drinking water that creates mass dysentery in a town that overruns the hospitals.
Now, all you have to do is pressurize a power grid.
You don't have to hack it.
You just pressurize it that much more when it's overburdened.
So, you know, just like the beginning of our conversation, we talked about attacking on a moonless night or waiting until there's a national holiday, wait for a harsh winner.
I mean, these are old strategy and tactics that aren't forgotten, right?
Art of war is alive and well in terms of military strategies for this.
So, yeah, there's just, there's a frailty here that's hard to fix.
And, you know, everyone kind of asks me that, but like, why don't they just fix it all?
It's like, well, there's this huge litany of things that are all interrelated and interrelated.
an interlaced that make it almost impossible to fix in any meaningful amount of time
for nothing less than billions of dollars of expenditure.
So sadly, we're in a bad place.
The government's also very, you know, reactive.
You very much so.
You know.
There's a big of some kind.
Yeah.
The only proactive thing that they do really is like the military.
You know, we may need this type of a jet in the few.
We have to stay ahead of the curve.
And so they're always pushing to be ahead, but in almost every other way, it's crisis legislation.
You know, even though you know this is an issue, I know, but it's manageable right now.
And I'm not going to get reelected if I start pushing for an agenda that nobody else thinks is an issue.
Let's wait for there to be a crisis.
The minute the politics play a part in this, it's all over pretty much, because it's not going to really address the urgency of something.
But, you know, and then, okay, I talked about water.
but there's even one probably even more concerning than even like water and energy and it's
communications. If you simply take down communications, everything else is now like you separated
the deer from the herd and it's fair game. I mean, this is what's scary about this idea of
a coordinated cyber warfare attack. Now, the reason it doesn't happen, I think, believe me,
I don't know 100%.
These are just speculations after 30 years of doing this or so
is because that would constitute an act of war.
And this has been the weird line that's been drawn in the sand
that no one quite knows where it is,
is that what hack by either a nation state group
or a cyber criminal group constitutes an act of war?
There's no clear rules of engagement with that.
You know what I mean?
That one would probably well step over the line
because it would be the equivalency of someone firing a missile into our power grids in the U.S.
It's the same equivalency.
So I think that's probably where they're sort of stepping back and saying, let's not push the limits.
That's kind of an act of war.
Let's play it cool.
Let's do recon.
Let's go sniff around.
Let's loiter.
Let's figure out where the flaws are.
But then let's not push the limits too much to where we actually incited an entire international incident that could move straight to a kinetic attack or war.
Right.
right yeah that's that's probably why it hasn't happened to be honest all right all right well
let's uh yeah well i mean i'll i don't think any of that helped uh it is going to help my
no your wife my wife's issue eat into that and you'll have two three weeks worth of
to listen i have i have a water if i have like a i had to buy this 150 dollar water filtration thing
it's got a pump and it's the whole thing i'm like what are you doing yeah
I keep telling her, you should try it out.
Usually, we've got a pond.
There's a pond over there.
I'm telling you, go drink, go take care of it.
Yeah.
And so I bought her a, you know, almost as a, as, I don't want to say as a joke,
because it's not, because it's not a joke.
But almost just to be, you know, ha, ha, I bought her this thick survival guide.
Right.
Love it.
She's about halfway through it.
Pretty cool, man.
She's totally into it.
She's totally, she's watching this guy Canadian prepper.
This guy, I don't know if you know who that is.
This guy, every day that is where we've been on the brink for, because I have a buddy who watches him.
And so I heard about him about two, two, three years ago.
So for two or three years, periodically I'll catch a, a five-minute clip here or a minute clip here.
It's always going under.
For two or three years now, he is on the, we are on the verge.
It's over.
you know it's this guy his whole his whole thing is doom and gloom you know i'm a i'm a
i'm on the other side i think it's going to be fine they know what they know they know what they're
you're also you're also a survivalist you know i think instinctively so so you know there's
there's preppers and then the survivalist and sometimes there's an overlap but the reality
is this that like look what this is an interesting thing to think about because if we went into a lawless
like environment for a while.
That's interesting, right?
I don't mean in a good way.
I mean, it's fascinating because guys like you and I and other folks that you've
interviewed were probably more equipped to think about the ramifications of what that
means than most.
Most are just so far as well.
Because look, the U.S., unless you've been in inner cities or big cities with some
of the crazy stuff that happened over the years, I live in suburbia and what I'm in the U.S.
And I don't see riots and looting and all that.
I've never seen it live.
Right.
But if it ever did happen where there was a true blackout, think about like the opportunistic,
think about the panic and then the groups that felt like they're underserved and the opportunity that it presents itself, it would be pretty crazy.
So I think the truth of the matter is that there are some really interesting concerns around these topics when it comes to where the psychology of the world.
world goes to when things like that happened.
Because, I mean, look, think about, you know, I don't, we haven't talked too much about where
you, how you went from where you were as a child to where you got to, where you went to prison
and now where you are today.
But there hadn't been a psychological shift somewhere.
You weren't just born ready to go do the stuff you did.
You got there due to something that compelled you to go there.
And I think certain activities like this, especially with the hackers, by the way, coming back
to that really quickly, those criminals feel like gods.
Oh, I'm sure.
Right.
And that's where they get cocky.
That's where they make mistakes, right?
So there's some of that.
But it's an interesting thing because crises like we're talking about will accelerate that behavior in by the droves of people.
And I think that's where that's really scary, right?
Because you know the damage you could have caused individually.
Imagine hundreds of you running around, scamming people.
I'm not talking about like firebombs and loitering and breaking windows.
I'm talking about now there's some desperation in the world and there's some like depressive
qualities because of the economies hit due to certain things.
That's going to engender and foster more of that behavior.
It just will.
Desperation will cause necessity will create that.
And then if there's a mother of invention is necessity.
Yeah.
And then you add success to that equation, Matt, and what happens then you get people
blood drunk on the success of it and they're ready to take the chances yeah i was i was going to say
when i i wrote my i probably rewrote my book like three times um but one of the things i had
i finally did was i ordered well i did i ordered a few books and but really it's probably the
best book i read was somebody actually just gave me this little book i bet you it wasn't a hundred
pages and it was written by a woman who had written three memoirs and i read that memoir and it or that
look and it was just great.
Like it was like she was so just, you know, she didn't sugarcoat anything.
And she explained all of these things that I thought was that really I was like,
wow.
And she was like, look, even if you don't think there are certain things in your, you know,
in your childhood that helped shape the person that you are, find those things,
you know, look for them, you know, because they're there.
You may not, they may not be, they may not be, you know, obvious to you.
But if you look for them, they are there.
And you need to find them and you need to include them in your book because the reader is going to want to point to certain situations in your past that helped, you know, shape a person that you are.
And, you know, even though some of the other books I had read had said similar types of things,
they had never been that clear and crisp and this woman talking about brevity like what a short book
but just every word was important and and i so i when i so i read that and after i read that i
rewrote my book and the difference between people reading my book after that rewrite and after
that rewrite was night and day i mean i had guys coming up to me with i had guys tell
telling me how amazing the book was with tears in their eyes, just like, bro, like that,
you know, that thing about your dad, like, and they're just in tears, their eyes welled up.
And I was just like, wow, this is amazing.
Like, so, you know, definitely, you know, the whole being able to point to things that
helped shape you, that was, that was, that was huge.
And the other thing is, I'm sorry, I was going to say, the other thing you mentioned, too,
which was crucial, is that you're right.
it's it she also explained to you know like how you felt why you felt that way why you felt
how you felt afterward what were the things that led up you know to making that decision or this
decision and one of the things you said was and i always say this is that like every time i got
away with something i became more and more emboldened by it yeah and and um when you said the
god thing like i used always i and i've said this on numerous podcast where i said there is no
better feeling in the world than walking into a bank, handing them a fake ID, a bunch of fake W2s,
fake paystubs, fake bank statements, you know, a fake, a fake ID, closing on a loan and having
them hand you a check for $250,000 and thank you for ripping them off.
I mean, you feel like James Bond.
You walk out of there feeling like I have everything's under control.
I can handle everything.
I'll never get caught.
I'm just that good.
And you walk out and you feel it's a feeling that's just, it's better than any drug.
It's amazing.
You know, it's so interesting you're saying that because the closest thing I've, so you know what's really interesting.
So the gentleman that introduced you and I, Arsnake, soon that show will be out, whether it's before this one or after this one comes out.
But nonetheless, it's really cool when guys like him, yourself and me coming in a world,
completely different paths, are able to have this intersection and have a meaningful conversation
about that kind of strategy and that rush, because that's the key thing that drives us all
in a similar way, whether we're the black out of the white hat in the equation or formerly black,
now white or maybe black now gray working for the government you name it's interesting because
there's the same motivation i spoke to a couple special operations guys that are not in a good
place they're suffering from PTSD from being out in Afghanistan and Iraq and all that but what's so
interesting with the you know people see that as a very binary thing they're like oh these poor guys
they're suffering from PTSD it's such a shame you know what they struggle with the most a lot of the guys
not everyone. I'm not trying to sugarcoat this, but a lot of the guys miss it.
Oh, yeah.
They miss the rush. The adrenaline from that is so high in like my career past,
it's been really fascinating. I get to chase extremely sophisticated threat actors everywhere,
and I get paid for that. It's pretty cool. You know, it's, yeah, it's like being in a,
you're an investigator. And how cool is it for you to, I can imagine, you get on a conference call,
you call up you're talking to all these IT guys that are panicking and if you're the guy that walks in
and you say okay well hold on I just looked at it here's what's happening here's this here's that
you need to do this and you just boom boom boom boom boom boom and everybody goes wow I never
oh my gosh so what if I do that and you just bam bam bam and you're the guy that's got all
the answers when there's five other guys that are experts that have panicked or are just in
complete panic mode and you walk in and boom boom boom boom boom boom boom here's what happens here's
how we fix it here's this here's this fix this call me back in an hour yeah you must you get off
that phone call you must feel like yeah that's that's good god i'm good no doubt that's the ego
explosion but then there's an interesting thing the parallel to your story about being at the teller
and getting that check for 250 000 that's when i've been pouring over some sort of data or
findings or telemetry or something and i'm looking for this performance
not even a needle in a haystack because I can't even use a magnet I'm looking for a
toothpick in a haystack right and I find it and I'm like that's where he slipped up it's it's kind
of like the movies we've seen where he gets this one little thing this one little break this one
thread that unravels the whole sweater that's the exhilaration from my side of the house and
it's probably very much shared with law enforcement groups that are really dedicated to their craft
is that when you finally get this one thing where he's like he finally or she finally made a mistake
that god complex got the better of him and now they just did that one thing they shouldn't have
done they took the chance to not bother setting up the VPN right or they didn't bother with
a proxy or they didn't you know something where they didn't cover their tracks or obfuscate
themselves there's that same location I was just like it's the it's it's the parking
ticket with uh you know Berkowitz you know son of Sam the parking ticket like there's there's
500 police officers who have scoured every single lead for the last six months.
And some guy said, let's check the parking tickets.
Like what if this guy, somebody got a parking ticket, the night of the murder that shouldn't
have been there that maybe lives someone else, maybe got a parking ticket.
I mean, how remote is that possibility?
And sure enough, Berkowitz got a parking ticket.
he doesn't live in this borough why is he in this borough they they check they call they call
the precinct they oh i know that guy he's a nut they make a few phone calls they watch him for a day or two
that's it's obvious it's him look look at all the you know he's been writing letters look he lives
on this street he mentioned this the name of this street here this like he just names them off
and it's like holy shit like what a random how did that guy feel how that detective feel
Exactly. No, you're right. And, you know, it's funny. It's either laziness or ego that is usually the catalyst for the failure when it comes to a criminal doing something. It's rarely bad process. I mean, you know, there's always the ones that get caught, like all the funny videos of criminals that do the stupidest heist heist ever. Those are obvious. But I'm talking about the ones that have really spent the time to figure out how to do it.
It's unfortunately, fortunately, depending on how you look at it, it's that one little slip-up.
You know what I'd be curious about?
You know, when it comes to like, I get people asking this question a lot.
They're like, so do you hire hackers, you know, that are bad and reform them and this and that?
And it's like, yes and no.
Many times I'll catch something in the process of being set up by maybe someone that's young and aspiring.
And I'll, it's not quite there yet, but it's like, that's.
some good work, but they're really, you know, they would do really well working on the good guy's
side, right? Like coming in, and by the way, when I say the good guy side, you know, we talked about
this several times in this chat. Good guy, the perk is you don't sleep looking over your shoulder
waiting for the feds to kick the door in. That's worth a lot of money, dude. Like,
that's worth, that's worth your life. Not only that, I don't think these guys realize how much
money there is in cyber security.
I mean, it's ridiculous.
I told, remember I told you there was like one guy I knew who had, had, um, uh, was actually
in prison for, uh, for hacking.
And talk about the, when I remember we said, talk about somebody who has a touch of
Asperger syndrome.
This guy, it was very difficult for him to even make eye contact.
He, um, uh, nicest guy.
So we started talking.
And he was 19 when he got indicted.
He ended up getting six years.
He did five years.
And he had been on heroin.
He was stealing information.
The crime that he ended up selling the dumps, I forget how many, whatever it was,
100,000 or 30,000 credit card profiles that he had sold.
He made 500 bucks on.
He had to do five years for that.
Had been arrested several times.
So he had a criminal record, but it was all for drug possession.
Sure.
So, you know, on the federal sentencing guidelines, you know, he was like a level four or five,
but they were all like possession or maybe sales, but minor sales.
Like these dudes were all probation.
He'd never been to prison.
So he ends up getting a chunk of time and had never had a driver's license.
So I remember he was about, we were, he was going to be out in,
five months, four, about less, probably less than six months.
And he used to come and talk to me all the time because he said I was interesting to talk to,
you know, the bar's low in prison.
So it's not, it's not me.
And, but I was always working on the on writing guys stories.
I wrote a bunch of true crime stories.
Just guys eventually, you're so many true crime stories every once in a while.
Here's one.
I'd be like, man, bro, I need to write.
I'm going to, do you mind if I, would you let me write a story about you, you know,
and it'd be nothing, it'd be 10,000 words or something.
And I'd order there, gave me something to do.
I'd order the Freedom of Information Act on the guy.
I'd order his transcripts.
All these things through the mail, by the way.
So I'd order all these.
So it gave me time.
You know, my name gets called at mail call.
I write letters.
I get, so, you know, really, I did that the last seven years, maybe, that I was there.
So I remember this guy, no father, you know.
And we were talking and I was like, well, what are you going to do when you get out?
He's like, oh, I don't know.
And I was like, okay, well, you're going to need, you know, and you start at the bottom.
You're going to need ID.
I know when I get the halfway house, I'll take care of that.
What do you mean get to halfway house?
You can do it now.
They had something called, they called it the flow bus.
I'm like, I'm getting my drive walking out here with a driver's license.
Yeah.
Well, I figure I'll do it in the halfway house.
I'm like, why would you do that?
You have all the time in the world right now.
So we do that.
So we help him get his driver's license.
And then he was like, I was like, what are you going to do for a living?
He's like, oh, I don't know.
I mean, I'm a felon now.
So I don't think I can really do anything.
And I was like, what do you like doing?
He's like, well, I mean, I like computers.
I like programming.
I like hacking.
I like this.
I go, well, aren't there's those guys.
Aren't they called like penetration specialists or something?
He's like, oh, I know.
But he's like, I'm a, I was locked up.
I'm a felon.
And he said, I can't do that.
I'm a, whoa, I said, listen, bro.
I said, you're making the common mistake that most of these guys make.
Like every con man that was in there was actively trying to figure out how to cover up his scams.
How do I cover up the news reports?
How do I cover up my name?
Can I change my name?
Can I get Reputation.com to bury my information?
Can I, like, to me, you're working on your next felony.
You're working on your next indictment by doing that.
And I was like, I was the only one in there who was saying, actively saying, oh, I'm telling everybody what I did.
Yeah.
I'm going to make sure.
And I was going to say, so for him, I told him, I said, you need to look at this as your calling card.
Yeah.
I've been locked up at that point, 12 years or something.
I was like, I've never met any hackers.
You know, you can turn this into something.
You know, we can get you a Wikipedia page.
We can start naming all the things you can do.
We can write your story.
We can rewrite your story.
We can.
And I said, you need to figure out how to get licensing because I think most of these guys get like
certificates. And I said, he's like, yeah, but I'm a felon. I go, yeah, but these aren't, the government
doesn't give you, the government isn't the person who's giving you the license. So I said,
these are just certificates by individual companies. So they're not going to care that you're a
felon. And I said, so I said, you need to order that stuff now. So he actually ordered
several books. He ordered, and within a few months, he was like, listen, there's like, I
forget what he had said. It was like there's five major major certificates you need.
This one, this one, this. By the time I got out of, and he was like, no company's going to hire me.
I said, no, no, most of these hacking companies and these penetration specialists and cybersecurity companies, most of them hire companies that do are subcontractors.
That company will probably hire you. This company will get certified to work for this company.
this company gets the contracts,
they don't even know that you work for them.
And so we were talking and by the time I got out and we spoke,
by this point I'd gotten out of the halfway house,
he got out before me.
He had four of like these five major certificates and he was going for the fifth one,
which was huge.
I mean,
we're talking about days of being of,
well, you know what they are, days of being tested.
Then he had to go in front of.
of a board that questioned him like he had passed them all flying because he was brilliant this is the
guy who would sit down for 20 hours straight in front of the and not eat and do nothing but but play
on the computer and design things and whatever they call anyway this guy's making he was making
over a hundred and fifty thousand dollars within two years of being out of prison because his
bosses were like you're you're insane like your like his bosses who had been doing it some of 10 15
20 years were like you're you're just better than me sure you know that's it you nailed it that
that's actually the key thing is that it's the natural proclivity to think that way so here's a
funny story so um and and uh you know other people you've interviewed in the same world that i'm in
that we all know each other would probably arguably say a very similar thing
thing. A lot of the folks that are, we call them Boy Scouts, the ones that work for the government
that have the perfect record, they get all the DSSC level clearances and all that. It's not that
they're bad, bad at what they do at all. This is not about an indictment of their skill. What's
funny is that they just can't think in a way that is applicable to the thing, the problem.
Like, in other words, when I'm on a hunt, I'm literally thinking like the criminal.
I'm not thinking like the investigator.
And a lot of people, you know, don't realize that that's part of the training that, you know, law enforcement goes through,
which is you have the profilers, really good example of the people that are, like, chasing around really scary people, like serial killers.
You know, there's a lot of shows that now.
Yeah, yeah.
But that's very much that.
that talent, what's so interesting is that people that listen to your show that maybe are in a state of either recovery from some of that world or they're upset with the world and they're contemplating going into it, you said it best. There's huge opportunities that are not apparent sometimes. They're not very clear that you could actually do something legitimate using those skills. It's not that you have to forego that you're doing exactly that now. You've literally taken, these are fascinating stories.
There's a lot of people that listen to this because they're really interested in how you think or how people like you think because it's something so foreign to them.
There's a lot of very innocent people in the world that can't even begin to conceive of how you would even start a scam.
They're like, how would you even get?
And it's like, well, it's pretty obvious to me.
It's pretty obvious to you, but it's not obvious to a lot of folks.
Well, I think, you know, it's like people saying, like, well, how could you get a driver's license?
in your name right right i don't know your social security number i don't know your date of birth i'm
probably don't even know you i don't think i know your your full name if you end up assuming you
have a mental name like how do you go about doing that and you know even if i knew that information
how do i order those documents well the moment they say oh we need a copy of your driver's license
they're like i i don't have his driver's license i can't get the doc yet i can't get his
his birth certificate i don't i don't have his driver's license it's like it's stop
how could he get it well he has his driver's license
what if his house burned down and he had nothing and he was naked standing outside of his house
he was in his underwear standing outside of his house watching everything he has burned
and both of his parents were deceased and everything's gone how would he get it why not guess you
wouldn't really he wouldn't get it you think that there's no vehicle out there that allows him to get
a copy of his driver's license from scratch uh well i guess uh and you go listen so you know
so to me i always started thinking immediately they only want a copy so it only has to look like a driver's
license you know they only want they don't know what he looks what doesn't have his picture on it they
don't know what he looks like yeah this is some woman sitting in a in the you know in the statistical
you know in the uh where the birth certificate office 15 you know 15 states away
if she gets a cashier's check for 25 dollars it says i want a certified copy of this driver's license
or his birth certificate and it has all the questions filled out correctly and it's got a copy of
a driver's license. She's sending you the first certificate. You know, so it was all these,
you know, to me, it was always like, there's a way. There's a way to get this. And I just had to
figure out that way. Once you get one or two documents, it's, you know, it's that you crack the door.
I can kick that door wide open. And now I have everything. And all those documents are start
being used to gather more documents. And before you know what, I'm you. And I'm walking.
into your bank account and your bank or I'm applying for a loan and your property or I'm doing
all these things that you people think aren't possible. It's like everybody has certain skill
sets and I used to teach the real estate class in prison. I taught it for 10 years. So I taught
it at a medium security prison for three years and seven years at the low security prison.
And I used to walk in because, you know, these guys like they, they, they're
you got a bunch of drug dealers in there and, you know, they have no education.
They don't have it.
Maybe they have a prison GED and they're sitting in there and they're trying to figure out,
these guys are getting out soon and they don't know what to do.
They're either they've decided they're going back to prison or they're going to be a rapper
or they're going to, you know, they don't know what to do.
And then some of them are like, well, maybe I could, you know, maybe I could do real estate or
something or fix up houses or something.
And I would go in there and I would, one of the first thing I'd,
say is like, are there anybody here for for drugs? And they raise their hand and I'd be like,
whew, this is the, this is probably one of the few, few chances or a few times in your life
that being a drug dealer is going to be a major advantage to you. You have a hustler mentality.
You're used to going into rough neighborhoods. You don't mind knocking on a door and being turned
down. You're this, like right now, you guys are about to shine. And listen.
I had guys walking out of that class stopping me at the door and shaking my hand.
Like, bro, that was amazing.
That was an amazing class.
And I would have guys come to me and I'd be in the chow hall or something.
And some guy would walk up.
He'd go, hey, bro, my sally is taking your class.
And I'm like, okay, he's like, I'm going to sign up next quarter.
And I go, okay, how come?
He'd go, listen, this dude just came in the other day.
And he said, I'm taking Matt Cox's real estate course.
he goes, I'm going to be a millionaire, bro.
Telling you right now, he said, all I got to do.
And he's like, and he's like, I've never seen this dude so excited about anything my whole life.
He's ordering real estate books from the street.
Like he's just from because it's true.
Like, and I used to say like, do you think that a 40 year old divorcey white woman is going to go into a neighborhood that you'll go into?
Right.
Like she doesn't have that hustler mentality.
She won't sit behind a desk.
wants to talk to other women like her and you know like like you guys can go get those deals you
guys can you know you just have to know you know how to you know how to talk you know correctly
you need to know you need to know how to how a how a closing takes place how um negotiations
take how to write a contract how to what a closing means you know what documents need to be
signed what so we go through all that and uh but yeah i think that most people
they don't play to their strengths.
A lot of times they think their strengths are weaknesses,
and that's another problem.
Very well said.
Very well said.
You know, it's funny, Matt.
So my day job, one of them,
several things that I do,
but one of them is actually helping ultra high net worth individuals
and family offices stay secure.
And it began very similar to the ways
that you were talking about that, a friend of yours,
that went into the world of penetration testing
and vulnerability assessments and all that.
And then it grew out from there,
and this is a long time ago.
This is in the late 90s,
so I'm ancient when it comes to this.
But as far as the way it evolved,
is I started to provide counterintelligence
and countermeasure services to my clients.
And what that is is predicting where the threat will be coming from,
and setting up essentially not traps because the goal isn't to necessarily
catch the adversary because that's like you said there's no point it's more just
deter them move along go find a lower hand for your easier target but it was
fascinating because a lot of these people that are uber successful and they
feel like God's in their own way because they've somehow either made money through
family means or there's a trust fund situation or maybe they're inventive and ingenious
with something and ultimately it manifested into huge wealth.
Whenever I tell them that we're going to have to do this, this, and this and this,
because this is probably a way that they're going to come at you,
they're gobsmacked.
They have no idea how the hell we came up with that as a risk.
And then we cite all the ways that they are exposed.
And they're like, oh my God, I had no idea that that was a way that I could be infiltrated.
And it's funny because it takes people that are inclined and have the proclivity or maybe, and he'd say it, maybe there's been a desperation in their lives to have to become that hustler, to have their mind and the synapses and their mind evolve in such a way that make them think that way.
And I mean, I'm sure you'd agree with me.
Once you think that way, you can never not think that way again.
Right.
You will always think like that, whether you act on or not beside the point, but you'll always think about it.
And it's cool because it's like, well, that's a superhero power, man.
Like, Matt, you've got a, you've got a superhero power.
And that's what you were bringing out with those guys in prison.
I think that's amazing because they're, look, they shouldn't be praised for the bad behavior,
but they should be absolutely encouraged for the skill that they've been able to engender to use it for something else.
Right.
I had folks that have worked for me that have been in a less than savory position and have done some time.
and they had a very similar story.
And look, for one, I've never had more loyal and capable folks work for me
than people that have probably been through a rough period.
Oh, yeah.
And I have a new opportunity presented to them where they get to use those skills,
but for something completely good.
And it's awesome, man.
I love those guys.
Yeah.
Well, first of all, I've been told in the comment section to thank my guests.
Listen, my comment section is nothing.
but just, you know, telling me how I should be doing things and things that I'm doing
badly, which, you know, it's fine. It's, it's, you know, constructive criticism. So, thank you
very much for taking the time to, you know, or spending this time with me.
My pleasure.
Hey, I appreciate you guys watching the interview. If you liked it, do me a favor and
subscribe to the channel, hit the bell so you get notified of videos just like this.
Leave me a comment in the comment section. Also, please consider joining my Patreon.
And I really appreciate you guys. See you.