Matthew Cox | Inside True Crime Podcast - PAYPAL SCAMMER REVEALS HIS MILLION DOLLAR SCHEME
Episode Date: June 23, 2025Josh Moses reveals how he stole million with a PayPal phishing scam.Josh's Channel https://www.youtube.com/@insider-threat Follow me on all socials!Instagram: https://www.instagram.com/insidetruec...rime/TikTok: https://www.tiktok.com/@matthewcoxtruecrimeDo you want to be a guest? Fill out the form https://forms.gle/5H7FnhvMHKtUnq7k7Send me an email here: insidetruecrime@gmail.comDo you want a custom "con man" painting to shown up at your doorstep every month? Subscribe to my Patreon: https: //www.patreon.com/insidetruecrimeDo you want a custom painting done by me? Check out my Etsy Store: https://www.etsy.com/shop/coxpopartListen to my True Crime Podcasts anywhere: https://anchor.fm/mattcox Check out my true crime books! Shark in the Housing Pool: https://www.amazon.com/dp/B0851KBYCFBent: https://www.amazon.com/dp/B0BV4GC7TMIt's Insanity: https://www.amazon.com/dp/B08KFYXKK8Devil Exposed: https://www.amazon.com/dp/B08TH1WT5GDevil Exposed (The Abridgment): https://www.amazon.com/dp/1070682438The Program: https://www.amazon.com/dp/B0858W4G3KBailout: https://www.barnesandnoble.com/w/bailout-matthew-cox/1142275402Dude, Where's My Hand-Grenade?: https://www.amazon.com/dp/B0BXNFHBDF/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1678623676&sr=1-1Checkout my disturbingly twisted satiric novel!Stranger Danger: https://www.amazon.com/dp/B0BSWQP3WXIf you would like to support me directly, I accept donations here:Paypal: https://www.paypal.me/MattCox69Cashapp: $coxcon69
Transcript
Discussion (0)
For a limited time at McDonald's, enjoy the tasty breakfast trio.
Your choice of chicken or sausage McMuffin or McGrittles with a hash brown and a small iced coffee for five bucks plus tax.
Available until 11 a.m. at participating McDonald's restaurants.
Price excludes flavored iced coffee and delivery.
I created this email and it looked like it came from PayPal.
It said you owe processing fees for your PayPal transactions.
It submit to pay them.
It charges $9.99.
It sounds like a legit processing fee.
Then I send the email blast out to these accounts.
The way I looked at it was like, they're willingly sending me this money.
They're not willing.
How much?
Never forget this.
Yeah, I was born in southeast Missouri, town called Farmington, Missouri.
Okay.
Parents, I mean, were they, you know, into tech or?
No.
I'm assuming you're, how old are you?
I am, I just turned 50.
Okay.
Yeah, no, my parents were, and still.
are not into tech at all. It's sort of frightening how not into tech they are. But my, my
parent, they divorced when I was a year old. It was, and I guess for a divorced kid, it was a pretty
typical childhood. But, you know, my dad, when I was young, he went to college. He worked
construction during the day and went to college at night. And my mom, she,
she worked in a factory most of her life you know both of them worked hard you know um so no they were
not technical at all okay and was your dad kind of still in your in your life now no even then growing up
actually yeah i lived with my dad um when my parents divorced um my dad fought my mom for custody
and won custody somehow back then yeah so any so you were an only child
or were your, their brothers or sisters?
So I wasn't only child until I was about 21, and I found out that my dad had had another
two children with someone else.
So, but growing up, I was basically an only child.
But you had no idea growing up that there were no idea, no.
So was he seeing them or was he keeping it from you or just kind of?
he when i was i guess three or four he had a relationship with this person and i somewhat remember
her but i didn't know that you know that they had kids together um so she was in my life a very
short time and then they broke up and then i didn't really you know i didn't hear anything about it
until i about turned 18 i guess and i remember my dad getting the phone call from her and i
yes, she was going to take him to court for child support at that point.
And, you know, so he was really angry.
I just remember the explosion of anger.
And, you know, then subsequently eventually I met her or met one of the sisters.
The other one I still haven't met.
Okay.
That's kind of an interesting side note, you know?
Yeah.
So, so you went to, you were, were you good?
student high school?
High school, no.
I was, throughout elementary school and all that, I guess I was, I was pretty good kid.
I got to very little trouble.
When I got into high school, so living with my dad was, I had a great deal of freedom because
like I said, he worked construction through the day, went to college in the evening,
and then studied when he got home.
And so, you know, construction workers, they go to work at like 4 a.m.
And, you know, so he would work till, you know, four or five in the afternoon,
then go to college.
And so I'm there.
My whole childhood by myself had to get myself up, get myself ready for school, feed
myself, do all that stuff.
And so naturally, there's, he's never there.
I had a ton of freedom.
So, you know, you get into those rebellious, you know,
years and, um, you know, you, you start taking things in your own hands and I start skipping
school. I, I, I actually started stealing my dad's cars and driving them before I had my license,
um, which is a funny story in itself. But, uh, yeah. How, how old was this? I was 15. Um,
my dad had, he had a van and he had a Porsche and he loved the Porsche. I'm sure. And, and
So, yeah, one time I decided to take that Porsche to school and I was backing it out of the driveway and we had on each side of the driveway was this culvert that dropped off and I cut the the turn too sharp when I was backing out and the axle went over that culvert and stuck right there on the edge and I freaked out, right?
I mean, who wouldn't?
And so I try everything.
I get out and I'm like trying to get this thing unstuck because he's going to kill me, you know.
And I did everything I could.
And the funny part of this is that my principal lived right across the street.
And so I try everything.
I can't get this thing unstuck.
And so I literally finally get a hold of a friend of mine who is leaving for school just then.
And so he comes down and we ended up missing the first half of the day pulling my dad's Porsche off in a way that doesn't damage it, you know, and doesn't, you know, so we had to be very careful.
We spent several hours doing this.
We finally get the thing back in the garage and I'm like, crisis averted, but there's still, I've torn up part of the driveway where the axle got stuck.
So I got to fix that.
Luckily, my dad was in construction.
So there was, you know, sealer.
in the garage. And so I spent time fixing that. I missed pretty much the whole day of school,
but I got the car back in there and I fixed the driveway to where you couldn't tell.
For some reason, the principal never called, you know, to ask why I wasn't in school.
And I think I get away with this. Right. Well, fast forward to graduation. I'm sitting
in graduation. I'm in my chair. I'm like daydreaming. And
All of a sudden, my principal goes into this story about how when I stole my dad's car
and get it stuck in my driveway, and I start freaking out because my dad's in the back.
And I'm like, oh, shit.
Like, I've got to do something.
I'm like, I got to get out of here.
Like my flight or fight mode, just like, I'm freaking out.
I'm losing it.
And he continues telling the story, and he finally gets to the part to where he
called my dad that night and had told him what I did and I was like oh shit wait he knew and so my dad
apparently he told him and my dad got mad at first I guess and he was so impressed that I had
handled a situation and put it back and fixed the driveway he never said a word and so yeah it was
interesting but that's pretty good yeah i never stole his cars after that again though yeah it was
it was pretty weird but yeah in high school is when i really got interested in technology
we um i don't know how old you are but if you're old bro i'm 54 okay so you remember we had
party lines back in the day right so i used to dial into party lines and they the ones that i
connected to had techy kind of guys. And at the same time, I had been taking these computer science
courses at our vocational school and our high school. They weren't really computer science. It was
like word processing and, you know, there were some educational games and stuff, but I learned a lot
from it. And I, through that, it taught you things like directory structure and computers and
everything. And so rather than doing this in the game, I'm like, I'm on a computer. I'm
just going to fuck with it. So I start messing with the computer based on what the thing's
teaching me. And so I started real, I realized that I could mess with the games. I could actually
alter the programs. And I could, what I thought was cool was replacing the names in the games with
people I knew. And at the time, I actually, there was a girl that took a class, the same class
right after I did.
And so I would change the names to her name and my name and everything.
I was flirting with her.
But so, you know, I'm basically editing these games, changing them.
And I realized that really got me interesting because I'm like, I'm breaking them down
and making changes that, you know, I really shouldn't be.
And at the same time, I'm, you know, home, I'm dialing into these party lines.
And there was something called phone freaking at the time.
and you could phone freaking was a way to basically hack a phone system so a lot of people don't know
especially our old phone analog phone systems when you dialed numbers it would make tones right
and so your numbers sent you to you know specific locations you had area codes with those tones
are what told the phone switches where to send your call how to route it there are also codes in there
sequences and numbers and the little pound sign and star that you could use to like get free
long distance or whatever you know you could it's basically hacking the phone system because you're
manipulating its ability to to do something so i'm these guys are teaching me how to do this
and i start utilizing it and so at same time i'm learning how to edit games at school and i'm also
hacking a phone system and that's really what got me interested in this so you know that time
we always referred to it as computers you know you're going into computers or whatever but that was
kind of what where i saw my trajectory going from early on oddly enough at the time i was a big jock though
i ran track and cross country so my primary focus was running i whenever i get interested in something
And I'd dive 200% into it.
And at that time, it was running.
It wasn't technology.
I was going to go to college for technology, but that was just, you know, what I was going to go to school for whenever I was running, basically.
Right.
So you graduate, you ended up, I mean, you graduated high school.
And, I mean, did you, were your grades good enough to get, like, a scholarship or?
So I got offered track scholarships.
and I went to college.
I started school, and that didn't last very long because...
Where'd you go?
I went to the University of Miami.
Oh, okay.
And...
Oh, that's a trek?
Yeah.
And so I got, you know, here's a kid from southeast Missouri
and going to Florida for the first time ever.
And there's a lot of partying going on.
right and so i did more partying than i did running that didn't last very long so i came home
basically um and i got kicked out you know so i i partied too much got kicked out i had to come
home and tell the family but lost my scholarship can't do that anymore i need to figure something
else out. Well, my dad, when I was a kid, whenever he needed to talk to me, he always took
me on a drive. We would go basically get in his vehicle. We'd go grab a soda and we would drive
around, you know, the countryside in southeast Missouri, and we'd talk. And I remember this so, so
vividly because I was still in the mind that I was going to go to another college or something
like that. And I grabbed some of my music. It was the first time I ever did this. And we had tapes back
then. I remember cassettes. So I grabbed a couple of cassettes. And I wanted to play this one song for him because
my dad loved the Beatles. And there was this one band that they covered a Beatles song. So we get in there
and we're driving down the road. And he starts talking to me about my future and what I'm going to do.
and he's getting real serious and I'm like, you know, not there mentally.
I pop this cassette in and it was Winger.
She's only 17.
And so my dad immediately gets mad because I'm not taking the conversation seriously.
He ejects that tape, throws it out the window as we're going.
And he gets mad and immediately just starts, you know, going into this, you know, you've got a chance.
you're thinking and that was always this thing you got to change your thinking and you know
think about what you're going to do next and everything because you know you're not coming home and
staying here now after you know not trying you're given an opportunity and and you you lost that
opportunity and so I realized after we're talking for some time and I had shut up at that point
that we had passed the Air Force recruiter's office a few times
And so I got the hint at that point.
And within a week, I had signed up for the Air Force.
So, yeah, it changed my trajectory to trajectory altogether.
But looking back on it, it really kind of put me in the path now to where I am now.
Because I went in and ultimately ended up in intelligence after, you know, I tried a few things.
and then ended up there and really got put into technology, you know,
and that's, you know, where it really started taking off.
Right. So what is it? You take an aptitude test when you first go in, right?
Yeah. So what I did, I chose a specific job when I signed up.
and that job in particular, it did end up working out.
So things didn't work out for me, and they put me in this other position that I didn't like at first.
And then, you know, I end up getting out.
And you're right.
They have you take the, it's the ASVAB, Armed Forces Vocational Battery Test, I think is what it's called.
and it the idea is that they can measure your skills what you're good at and they put you in a job that matches those those skills and so ultimately i'm you know i'm working with computers at the end and so i at that point i left the military um how long how long were you in the military a few years what were you working on nothing important i mean you know at i that time yeah i
I didn't even have a really a high, high security clearance or anything.
It was nothing, just average stuff.
So after I get out, I messed around for a little while and realized that those skills that I learned, the computer skills and what I knew there could be useful.
And so I answered an ad for a contractor agency.
And ultimately, I got a job within.
Actually, I think I went to, I got a, yeah, I got a job, a three-month contract at first doing open source intelligence, which is, so there's different kinds of intelligence.
You've got human intelligence, which is humint, Ocent is open source intelligence.
It's gathering information, gathering data.
Um, there's, uh, signals intelligence, which is the, um, you know, intelligence gathering through a computer, through information systems, that sort of thing these days, anyway, used to back in the old days, they used flags, but it's passing data, right?
Okay. Um, passing information is what it is. Um, so I had found this job that introduced me to the civilian world of, you know,
intelligence with computers and so though I had worked a little bit in the military honestly
I had not had this sort of access you know until now and so I worked a short contract and
then what were they asking you to do at the time I actually don't remember a lot about that
one in particular because it it was just a three month contract it was gathering information seems
like I was putting information in databases yeah and it was just you pull information you put
them in databases and basically validate the data and you pass it on okay um that one wasn't that
important but it together with you know what I had done before then I had these skills that
made me a little bit marketable. So even though it was a three-month contract, another
opportunity came along, and that ended up being the Defense Intelligence Agency, the DIA.
And that was, so that one required a security clearance, a heavy security clearance.
So I ended up getting that. I went to the, what was it, the joint military intelligence
training center i think is what was called um you learn intelligence collection and analysis
what year was this uh roughly you know late 90s okay yeah um okay so there's all kinds of things
going on in the uh in the world in the late 90s right like they're still trying to put together the
fragments of the
Soviet or the old Soviet Union and
there's all kinds of upheavals and
at the time there was a shift between
the Soviet era to Middle East
so we were starting to pay a lot more attention to
Middle Eastern activities
yeah so but we we had a
great deal of emphasis on
that area
of the world. So Middle East, Russia, just starting to get a little bit of China and then
France, oddly enough. France has been an intelligence powerhouse for some time. And that was
another one. But yeah. I don't think of them as particularly adept at. Actually, you would be
surprised. I would be. But then again, I was going to say, well, that's probably because they
don't make movies about it right there's no james bond there's no you know jason born so you know
if you're not if it's there's not movies about it then i'm not sure why i would know anything
or periodically like the um gosh the uh musad you know getting caught right executing somebody
or breaking into you know going through a what was that hotel where they didn't they kill
the guy in the hotel and they were changing mustaches and hats and the
disguises and got caught on the video camera and still amazing right you know um but so maybe
there's just that good you're not supposed to know they are yeah so you were so you were
that's what you were uh you went into the um uh was it the defense department what was it
dia yeah the i a yeah yeah so i stand for i'm sorry defense intelligence agency yeah okay okay
sorry yeah it when I explain it to people I always explain it as sort of the military side of the CIA but it's technically not it has its own you know they they collect intelligence for the defense department that filters down to the military what sounds like yeah I was going to say sounds like the you know sounds like you're doing it for the defense department but yeah and just not the same mission of CIA CIA is
more overt and they do more clandestine and you know they have much broader without talking
bad about CIA they have a much broader mission yeah I interviewed Andrew Bustamante I've heard
of him yeah yeah he's he's an interesting guy he's been on a bunch of a podcast and stuff I've known
him for a few years actually I interviewed him for a book that I wrote and and I and I
I mean, I also interviewed him on the podcast, but so what were you doing, what were you doing for the, you know?
So I managed the privileged accounts and a lot of applications.
So in the intelligence and technical intelligence, what we do, it's sort of a thing everywhere you go.
You manage their information systems or information security applications.
So you'll be assigned to a group.
of programs that you manage.
I specifically had this special type of access from early on, and I'm not sure how it
happened because it's a very rare.
You're very young.
It sounds like you don't have a ton of experience, and you're super young.
Yeah.
And yeah, so I was put in charge of privileged accounts, and privileged accounts are your
administrators of any network.
So the guys that hold the highest access.
there has to be somebody that manages their accounts.
And so that was me.
I sort of happened upon it.
I don't know how it happened.
But since then, everywhere I've gone, I've managed privileged accounts.
To this day, I still have an expertise in privileged accounts.
And it just sort of happened by accident there.
And that's where it started.
So I was managing their access.
And with that, you have an extraordinary amount of clearance and access.
You have access to everything.
So you can technically look at everything on the network, you know,
and, you know, because you're managing these people, their access.
That's incidentally what Edward Snowden had, you know, at the NSA,
which we worked there at the same time.
But, yeah.
Do you recall him or?
I'm sorry?
Do you recall meeting Snowden or you just have to meet?
No, we worked in different locations.
We had the same job.
at the same time he was in Hawaii I was here in Missouri didn't meet him I just I'm very aware of the you know the whole situation right you can see you can see how he had access to that privileged information yeah I see how he had access what he did was yeah not right um so what happened I mean so this is the the the end of the story you've worked there
You've been working there ever since, and that's it.
We're done.
No.
So at the same time, you know, I'm learning all these, these, I'm gathering all this
information skills, and I'm starting to learn how to really, well, we gathered information
and it was whatever means necessary at the time.
So you learn how to get information, whether,
whether it's legal or not, quite honestly.
And when it's on behalf of the Defense Department, it's however you need to get it.
So I remember specifically them asking us to do something, you know, whether you hack, borrow, steal, whatever, we need this.
And so we're learning these skills.
And at the same time, you know, this is the internet boom.
Everybody's on AOL and, you know, the you've got mail.
You know, it's in its infancy and I would go home at night and I would spend a lot of time on the internet on AOL and I would get in these chat rooms.
There were Yahoo chat rooms and AOL chat rooms and you like with the party lines, you can meet like-minded individuals.
And so with learning this stuff at work and going home and spend.
spending most nights, you know, up till 3 a.m. learning more because I'm talking to other techies.
I gained an immense amount of knowledge, you know, learning different things. And it, you know, it just,
I really grew my, my abilities, you know, quite a bit. My skills just grew immensely.
More so in the chat rooms than actually on-job training. Is that what you're-
Yeah. Yeah. So there was a there was a group that I spoke with probably every night. We got on and we we hung out, traded secrets and everything. And they would, some of those guys would eventually go on to be a very popular hacktivist group later in time. And but we, there was, at the time, they called themselves Alt-2,600. And so they were a group of guys. And there were these, there's a program.
called IRC as internet relay chat, I believe is what it means.
And it was a text-based chat program where we would all meet.
It was, I would say it was kind of precursor to the dark web now because we could get on there.
We could all chat.
We could share information.
And they created channels to where you could share things like software, you know,
licensed software that you weren't supposed to share, obviously.
Right.
You know, pirated stuff.
We'd share movies.
We'd share music, all kinds of things.
along with hacking abilities.
You know, they had channels for learning how to hacking,
learn how to hack databases,
learn how to hack websites,
hacking phone systems, all that stuff.
And so I spent my time, my evenings on that.
And that's, so, you know, great big nerd.
I'd work, go home, do that.
And so at the same time, I had injured my back previously.
And so I started taking painkillers for my back and over time, you know, you get addicted to that stuff.
So I'm working during the day, hacking at night, taking painkillers, and I start developing this immense, you know, addiction.
And I started at that point moonlighting and.
developing my skills. So I was doing things on the side. And I started selling things on eBay.
And it started with selling software licensing. And believe it or not, back in the day, that was
pretty lucrative because you could get a hold of software licenses pretty easy. People didn't
know the value of it. They would throw it away. They'd just buy a software. Throw the license
away once they installed it. And here you have a fresh license.
that's worth, you know, quite a bit because people who actually went by the law would want to buy that license.
So I would take that stuff, sell it on eBay, and we used PayPal to pay for it.
PayPal was in its infancy.
Well, I figured out or got this bright idea, and I created this fake account for PayPal.
And I created an email address.
I think it was online processing fee at gmail.com.
And I created the PayPal account with the same name.
Nowadays, you couldn't do that.
They had, you know, validation, or they have validation now that won't let you do this sort of thing.
But at the time, it was pretty early.
Right.
So I had an email account.
They're still working.
They're still working out the kinks at that time.
Yeah.
Yeah.
it was very they hadn't been bought yet and I believe I can't remember what year it was but
they got bought by a bigger organization and at that time then PayPal became huge and they were
a lot more secure at that point but so I created this account and I went and got a
was a secure bank card debit card back then you could get those in pretty much
anybody's name. You know, you get these offers in the mail, and all you have to do is fill it out,
send it in, and they'd send you a card back with whoever's name that you put on the application
and an account. And so I linked that account to the PayPal account, and I created this email
to bulk send, and it looked like it came from PayPal, and it said, you know, hey, this
PayPal, you know, your, your PayPal account, you're something about, you know, you owe processing
fees for your PayPal transactions, you know, hit submit to pay them. And I set it up. I wrote a little
script in the background so that it, it charged in $9.99, which, you know, everything ends in $0.99. So,
like, it sounds like a legit processing fee. Well, and this is in at this point, it's, you know,
the internet is so new and and you know PayPal is so new like nobody has any idea right of
these types of scams because you know obviously I get these every day uh-huh yeah so yeah and so
I'm the last piece of it was well not the last piece but the next piece I went on Google and so
you can there are things called Google dorks I know it sounds funny but they are commands that you
can use to manipulate the search engine to bring you more specific information. So I would
point, basically, I would focus on eBay.com because that's where most people use PayPal,
right? And I was looking for any email address that had a PayPal account attached to it on
eBay. So I would run through the search and it comes up with all these results and it's about
filtering out the information that you get. So I copy all of it out. I filtered out to just get the
email addresses and that pretty much consists of, you know, writing some scripts that just pull out
the email address or the phone number or whatever you need. And so I did that for a good month
or so until I had like 500,000 accounts. And it was an enormous amount. And so here I've got,
I've got the account set up. I've got the email ready to go. I've got all these accounts that
have PayPal accounts that I know, right? So then I send the email blast out to these accounts.
And so all they have to do is get this email and click on the button to submit.
And they've paid me $9.99.
The way I looked at it was like, you know,
they're willingly sending me this money, you know?
They're not willing.
Right.
So, but, but it's also, it's, it's $9.99.
Like nobody's going to lose it.
You're not, you're not pulling money out of people's retirement funds here, you know?
Right.
Right.
So by now, obviously, I've grown some skills, you know, and I'm starting to think of
more nefarious ways to use this. And so at the time, I'm like, okay, I need to wait a while.
I need to give this time to see how many people actually click on this. It was kind of,
it was half an experiment and half fundraising, you know. So let's be honest. So it was really
early form of fishing is basically what it was. And I waited and it killed. And it killed.
me to wait because it was driving me crazy. I'm like wanting to check this thing every day,
but I'm like, first of all, the security aspect of it, I know that I can't, I got to be
careful as far as accessing that account. So if PayPal caught it, you know, I'm going to be
given my IP address away the next time I log back in. But I didn't realize at the time I wasn't
thinking was it probably already had it anyway if they caught this. But I rationalize it like,
you know they're these people are they voluntarily sent me the money so i can't get in too much
trouble right and so yes you can and the worst part is it's funny because based on the federal
sentencing guidelines um well one of course it's that should be federal i'm assuming um and the
second thing is is that every one of those people you know people will say oh well that's just
person for $10, you know, every one of those people is a victim.
Right.
And what's so funny, so you're, so you end up getting, you know, more than 25 victims,
more than 50, more than 500, more than a thousand victims.
And you're like, I have a thousand victims for $10 a pop.
Like that's, that's a joke.
But if I had stolen, you know, a million dollars from one person, that'd be one victim.
And you'd have, you'd get less time.
Really?
And you would for, yeah, because the more victim.
the more you're you get enhanced you get more and more points added on to your um onto your
your sentencing calculation based on the more you know oh more than 10 victims well that might be
one extra level oh wait more than 25 well that's two more than 50 more than 200 more than 500 more
and you know very quick and the thing is you're sitting here thinking I've done no damage these
people you could hardly even consider them victims yeah and the funny part was that at the time
you know computer crimes were in their infancy the feds had they had stiff computer crime laws
obviously but a lot of the local jurisdictions didn't and they right so they and so a lot of them
if this wasn't picked up by the FBI then it you know that would rely on the other jurisdictions so
I'm like, I was thinking that, you know, I'm probably going to get away with this and, you know.
And who's technical, who locally has the, the, you know, the skill set to even track this type of a crime down?
Well, they did.
Yeah.
So, well, it gets better.
So I waited and I waited.
And the plan was going to be to wait.
30 days and it was you weren't even going to check the account for 30 days no no i didn't i
didn't tell 28 days i couldn't at 28 days i couldn't wait another day and so i logged in
on the 28th day and you know i was going to be thrilled with like 20 grand like right i couldn't
believe i i wasn't prepared for what i've logged in
how how much never forget this one million seven hundred ninety five thousand three hundred
twenty three dollars and sixty nine cents so you had to know you were in trouble yeah well
it's it it's a combination of excitement and fear at the same time i'm sure you can relate yeah it's
like holy cow what what and and then my mind goes to what am i going to do with this because you can't
just withdraw what you know and so i'm like oh my god what do i do and so now it's there and so
now my rationale is well i haven't stolen it yet because i haven't put it in an account you know
and so I'm so naive yeah yeah so I had to formulate a plan and how to get this money out of there
and so I spent a great deal of time researching how much money I can transfer how I can do this
and obviously this account that I had set up was not going to work because it was a prepaid account
you can't transfer a million dollars to right 1.7 million dollars to and so it's I really I spend a great
deal of time just researching and trying to figure out if if I should you know at this point and so on so many
levels I mean am I going to get caught you know should I do this you know and I wrestle with the
morality of it believe it or not even still at that point I'm still wrestling with the morality and
it's a little late yeah i know right these are all you know these are all internal discussions
you should have had before the money was sitting in right so i for good three months i'm
trying to figure because i just you know i miss a lot money it's hard to walk away from
at the same time it's also hard to do because the prison time the fact i'm stealing all this
money. I'm, you know, I wrestle with all of it. And so at one point, I like, I gave up. And I'm like,
I can't, I can't do this, you know, I'm going to get, I'm going to go to prison for a very
long time. And at the time I was married and I had told my wife and, you know, she thought
was fucking crazy, you know, and I showed her. And to this day, she still remembers that she's
X now, but she remembers the amount, too, very vividly. And it just, you know, but you have to
remember, I had a serious addiction at this point, too. I mean, it had grown to the point to where
it was a job every day finding painkillers. And, you know, this had consumed my life. So, you know,
this is a dangerous thing to have for an addict, somebody that can pull money out of the internet like
that, right? Those kind of skills. And, you know, $1.7 million is going to go a long way.
So I have a question. What? Yeah. Did PayPal at that time, I mean, weren't you thinking maybe
open additional account, slowly move the money? Because I doubt anybody's contacted PayPal or they're
even looking into anything for $10?
Like it's, you know, maybe slow, and if you don't hit all these people again, maybe you've slipped through the, through the cracks and you can slowly start removing this money.
Yeah.
There were so many ideas, so many ideas.
I thought of that, but finding accounts, because you have to, you have to create an account, you have to create an email address to assign it to.
You have to attach it to a bank account.
my problem was that I was too afraid to go put a bank account in my name right and attach it to this and I didn't you know I didn't know any criminal masterminds to help me you know so it was it was all just me trying to figure this out and listen I got you here here's what we're going to do right you and I would have been dangerous to get we're getting that much we're not leaving that money okay right that's that's kind of how I felt about it and
I kept, you know, I kept going back to it.
I would quit and then, you know, I'm like, no, no, no, I can't leave it.
And then ultimately, I was like, you know, I just, I can't do that much time as what I decided.
And but at that point, I had queued this money up to transfer it.
And I was like, I got to a point where I'm trying to convince myself to do it.
ultimately talked myself out of it, I walked away.
Problem was, I left that money set up to transfer, okay?
So that was a very bad move.
To transfer where, though?
To an account, to a bank account.
And bank account, the same one you opened?
Yeah, I was just going to try a lower increment.
Okay.
Um, you know, something that wouldn't be so obvious. Um, so I, I queued it up and all I had to do is press submit, but, you know, I ended up talking myself out of it. And that night, I, I had probably sat and looked at that computer screen for a good five hours, you know, working, doing things and, and kept going back to it. And I ultimately, I'm just like, I can't. I just cannot do this. And so I left it. I walked away. And, um, about a
month later, I get this email in the, so when you create these accounts, you have to create a
recovery email, which is a backup email in case like you lose your password or whatever.
Right.
So the account that I set up as the recovery email, I got a message that says your account needs
to be verified or something like that and made it out like I hadn't verified that PayPal account.
And I'm like, crap, I got to make sure that that doesn't, you know, something doesn't happen in the account or I lose access to it.
So I need to go verify it.
Obviously, that was a bad idea.
I logged in and as soon as I verified it, I got that sinking feeling, you know, and I knew that I was sort of caught right there.
And a couple days later, the PayPal fraud department reaches out to me personally, which, you know,
I wasn't attached to this this account and so they had tracked me right right and basically laid
it out they wanted proof of the services that I had provided to you know get the the money
obviously you mean for that that for the processing that I work for Google I don't I can't provide
that I right so obviously I'm I'm in trouble there and
I get off the phone with them, and I remember my mind racing, and I'm like, okay, I figured out how to do this.
Surely I can figure out how to come up with some kind of BS story of how I can, you know, provide services.
And about an hour later, there was a knock on the door, and it's the police.
And I'm like, oh, my God.
And so they had, it was a detective who had, he had instructions to call PayPal fraud department.
and I guess PayPal Fraud Department was intending on having them arrest me, right?
So they were, I don't know what the deal was, but the thing was was there's that jurisdictional issue, right?
So locally, we didn't have any computer crime laws on the books.
And so he gets on the phone, the detective gets on the phone with PayPal, and they're talking back and forth.
And so I remember hearing him say, so he didn't actually take any.
money. And I'm like, no way. You know, he's, he's actually, I'm like, holy cow. And I can literally
hear them arguing back and forth. And they're explaining the whole situation and what, you know,
what, what, what, right. And so I'm like to charge him with. And then he says, so he was thinking
about stealing $1.7 million, but he didn't. And then, and then all of a sudden he goes, well,
if he didn't take anything, then no crime was committed.
And I'm just like, like, is this real?
Like, holy cow.
And I'm shaking, I'll never forget that feeling, man.
Like, I'm like sweating on the inside and cold on the outside, like, just about to pass out because I think I'm going to jail forever.
And they left.
And I'm like, holy cow.
And so that afternoon, I get emails that said my.
PayPal accounts had all been shut down.
And that was it.
That was it.
I never heard from the police again and or PayPal and it just sort of went away.
But I'm sure they were able to just reverse all those charges and give everybody their money back.
They did.
Yeah.
It was it was essentially a refund.
And I had thought about doing that too, especially whenever, you know, I knew I was caught.
I'm like, oh, I'm just going to go.
in there and send it all back to everybody and refund it because i thought well if i could send it
you know then they can't get me for taking money i don't have um right or at least they would
at least they would take that even if they you know you'd been charged they're they're certainly
going to take that into consideration saying you know your honor look i was thinking i was going to
get a few thousand dollars one point seven shows up you know i returned it immediately that was never
my intention so i'm sure that they may or may not have taken that into consideration at the very
least the problem is in the federal system there's something called potential fraud which is you
know potentially the the victims could have lost this much money and they'll charge you with that you're
like yeah but they didn't yeah but potentially they could have potentially you know that's like you
go in the bank and you go up to the teller you say you know give me two thousand dollars and she
give you two thousand dollars and they go yeah but potentially you could have gone in the vault
and gotten two million but i didn't right you could have you know right right
It doesn't make sense.
That's all I felt about it.
Yeah.
Right.
So what ends up happening after this?
Is your employer notified?
No.
I am.
It just sort of went away.
And you know, for a while, I, like, I didn't touch my computer, like, after work.
You know, I was like, I'm just going to do my job and, and, you know, forget this.
but you know again I had an addiction and when you when you have these skills and it's like all
that you know it's what you come back to right and so right about then I had
gotten an idea to start port scanning bulk IP addresses and so I'm not sure how much
you know about it, but each connection, you know, to the internet has an IP address. Everybody has
an IP address. Right. And I got really interested in how your IP address correlates to your
location. It's called IPGO location. And so when you're assigned an IP address from your internet
service provider, you know, that IP address has something to do with where you're at. And
I got interested in how that that all worked.
And I started scanning ports.
Back then, we had to, if you wanted to hack a system,
you had to actually get, you know, find the IP address,
and then you physically scanned everything on that IP address
to find open ports.
And ports are services.
So if I run a web server from that I,
IP address, you're going to have port 80 and port 443 open.
You know, if I run an email server, it's going to have port 25 open because it sends emails.
So when you find open ports, you know what they're doing, right?
Right.
And so based on that, it gives you a head start on finding the vulnerability that you can
use to get access into that network.
And so at the same time,
time, you know, we used lime wire and bear share and all those to share files back in the day.
Right.
And so there's this tool called NMAP.
And I still use it to this day, actually, but you can use it to scan, find open ports, and help find the vulnerabilities because it will give you information back, like what operating system they're running, what, you know, what just all kinds of details about this device.
and then you take that information and you have to find the vulnerabilities.
But I would scan the ports a lot of times,
and I would find those specific applications.
The ports were open because they were sharing files.
And now that wasn't illegal, really,
because once I found they were running it,
I would focus on searching that IP address in that application,
basically take all the files that I wanted.
They're sharing them.
So, you know, that's not illegal.
But then I got the idea that at the time there was something called file transfer protocol.
We still use it today, just not very much.
It ran on port 21.
And used to, it's how people transferred files back and forth.
Nowadays, we have much easier methods.
But web servers specifically use them, like if you wanted to update your website and upload the updates.
like a new web page or something, to the web server you used FTP.
And so most web servers had an FTP server.
So I would scan for Port 21 and find all these web servers
or all these file transfer protocols servers that housed all this information.
A lot of people would store their information on these servers
and they had access them remotely from somewhere else.
and I started finding that there was information there that was worth money.
You know, I found, oh, my gosh, you could find all kinds of stuff.
You could find things like birth certificates.
You could find passports, you know, all digitally scan because this time everybody's getting scanners and they scanned everything.
Credit cards, application, social security number.
All kinds of stuff.
And so, yeah, then I start finding.
And so then it's all about getting into the.
FTP server pulling this information down.
And so at the same time, I had run back into some of the guys from the old Alt-2,600 group.
And a couple of them wanted to start their own hacktivist group.
And they, at the time, they were saying, you're saying hacktivist.
Hactivist, yeah.
Okay.
So first I thought that's what you said.
And then I thought she said activist.
And I thought, no, I don't think that's what he said.
Okay.
Well, it's a activist hacker.
So a hacktivist is what we call it.
So a good example of a hacktivist group is anonymous.
I'm sure you've heard of anonymous.
Okay.
So it's a group of hackers that are working towards kind of a common goal.
Supposedly.
Yeah.
So.
Okay.
And so the guys that are talking about from back in the day that created the group I was talking about,
that's anonymous, okay?
Right.
So the few guys I was talking to at the time,
they wanted to create one and they were focusing on,
this one person was really mad at Catholic priests.
I think he had been abused when he was younger.
So he was focusing on, you know, the whole,
um, that,
that subject.
And I was just sort of, I'm always there for the skills, you know,
the actual,
action of doing this and so after you know mess around with that for a little while they realized
that there was this other group called anonymous out there and they were specifically at the time
they were just getting ready to go after Scientology and so they were they were you know
planning all this and um so they they had met on 4chan and
they were doing all that stuff. So we started talking and I learned something called SQL
injection, which SQL injection is where you take SQL as a, it's a programming language.
And so when you look at a website that has form fields in it where you fill out information like
your name, so that connects to a database, right? Because you're putting
information into a database from a website. Well, SQL is a database, SQL. And so the computer language
using SQL, you can take that and using SQL injection, you can use that programming language
inside the fields, the form fields. And if you do it right, you can manipulate and pull out
information. Okay. So I had at that point,
I had been, you know, pulling information and doing all this stuff.
And I, for whatever, I think it was my birthday, actually, that year.
And I'm like, I'm going to get a cell phone because cell phones are starting to become increasingly popular.
And, you know, everybody wants one, right?
And so I went and I applied for one online.
And for some reason I got declined.
And I was not happy about it.
And it probably had something to the fact that I was an addict at that time.
Probably had depleted all my accounts and didn't have very good credit.
But I'm not somebody that usually, you know, if somebody like that told me, no, I stop at the no, right?
So I was looking for other ways around it.
So I get declined and I'm looking at this.
And someone from one of those groups had just taught me some of this, the SQL injection.
And I'm like, oh, I'm going to try this.
And I start playing with it.
I play with it and play with it.
And all of a sudden, I start getting information back.
And, you know, it's never a lot of information.
It's just tidbits.
But so much about what we do is about collecting information.
One of the most common misconceptions about hacking is that you do this quickly.
know in the movies they're like they sit down and you you dig into a server and swordfish yeah
like the movie swordfish exactly so crazy and but so what it what it's actually like is collecting
little pieces of information that you save and eventually you you store enough information that you
can do something with it and so a good example is PII personal like personal identifiable information right so
your name, your social security number, your address, birthday, all that stuff.
So, you know, a hacker, it can take them sometimes months to pull enough information
to be able to use that stuff, you know.
And so that's what I was doing.
I'm pulling information out of the mobile phone provider database on the website.
And but there are other means that you can use to get that kind of
of information once you get a little bit of it.
So if you take part of a phone number, you know, then you can go to another site.
And if you figure out somebody's like name, then you got part of their phone number.
And then you can do a search and get the rest of the phone number, you know?
Right.
And so it's, like I said, it's about piecing that information together.
So eventually I piece it enough information together that I input it in this form field.
And it says success.
And I'm like, in order complete, I'm like, did that just work?
And like, it didn't email me.
It didn't do anything.
Like normally when you buy a phone, you know, you get all this activation information.
Nothing happened.
So I was like, oh, it looks like I did something, but I don't think I did.
And so I'm like, well, all this work, it didn't, you know, it didn't pan out like I thought it would.
Two days later, I get a cell phone in the mail.
Right.
And I'm like, oh, wow.
Okay.
So I've stumbled on to something here.
And so I repeated it.
And another one comes.
Who is the carrier?
Is this like?
AT&T.
Oh, AT&T.
Okay.
And so I've repeated it several times and I start getting them over and over.
Problem is, you know, obviously you're using other people's accounts.
So when they figure out.
those people are probably getting notified on their email saying you just got a phone it was mailed
i think what happened i don't think they were notified by email yet i think i don't think it was
that mature yet but i think something in the mail they get their bill and there's another account
attached to it and they're like what's this for you know so i would get a a phone and it would work you know
you got free free service for like a month or two and then all of a sudden they get shut off so either
the customers figuring out are AT&T.
And so if anybody knows me and they wondered why I was switching phone numbers like every
couple months back there, I told everybody it was because of security, but that's actually
not true.
Right.
It was because I was getting a different phone and the others were getting shut off.
The phone number I have now is actually, this is the longest I've ever had a phone number
because of that but so yeah i mean it
you and of course again i go back to having this addiction and you you have a
you have something that's worth something to somebody and just say did you go on to these uh these
forums or and share this information or where you did you provide a service i provided a service
okay yeah i got you a phone for 45 days right well i didn't tell them how long i just
said look you know it could be active for a couple days it could be for you know months i don't
know i don't know it's going to happen this because it really you know it all depended on the
the person that you know the account right tied to so you had no idea you know um but yeah so
i did that for a while um and that eventually stopped working um but you know
Again, it was one of those situations where nothing came of it.
And I'm quite certain because of the computer crimes laws at the time.
Right.
So I'm really kind of getting away with this.
And you're becoming, I would, I would assume, I mean, just from personal
experience, every time you get away with something, you just become more and more emboldened by it.
Yeah.
So, you know, your risk, you're, you're.
aversion to risk is you know getting it's smaller and smaller so you're becoming you're taking
bigger and bigger risk because I keep getting away with it and I you know in my personal experience
I just started thinking well I'm just that good that's what it is that does feel it catches up with
you um I did I developed an attitude where I was invincible and I did not think I could be caught at all um
and I'm not a very boisterous person, but I was bragging, you know.
I was, you know, here I am.
The people close to me knew me knew that I could do a lot of this stuff.
They didn't know exactly what I was doing, but, you know, I thought I was the best there was at hacking,
not realizing there are other people out there in the world that were pretty much doing the same thing.
But, you know, so yeah.
But that security flaw actually gave me an idea.
So I got it in my head that I could make extra money by finding flaws in other networks
and notifying the organization about it.
And so there was a certain bank that was starting to use an imaging system with their checks.
So when somebody deposited checks, they scanned the check.
so there was a picture of it and then they put that in a storage you know it was basically a big
hard drive right um so they stored it away and i started doing some research on one one that one bank
and specific um and i would i'd rather not go into which one that was because i don't think
anybody still knows the entire details of this yet.
But, yeah, so I gained, I found out that they, they stored these checks, these images on what
they're called EMC sand storage devices.
And it's basically a big computer that has a huge hard drive on it.
And that's all it does.
It just stores information.
And so I, again, you see.
scan it, you find vulnerabilities. And I realized that this device in particular, it has a database
on it. It's a user database that provides the access, the permissions, and everything.
That database was in plain text, which means it has a file somewhere that has all the information
that you need to get into it. I worked on that for a while, gained access to it. And I'm like,
great i've got access to all these checks millions of them i mean imagine having a check you know
you've got their personal information account number routing number all that stuff i i can't
imagine what you would do with it i was going to say that's another paypal event right so i'm like
okay i reach out to the information security team for that particular bank and they didn't believe me
literally denied the possibility until I provided them, you know, a couple redacted checks.
And then, of course, then they got very hostile. So I was like, I was trying to be helpful in the
way that, you know, because ultimately my plan was to get paid from this, right? Yeah. I mean,
I'm trying to fix an issue for you for 10 grand, for 20 grand. I can, I can.
could, I could make a hundred grand easily just dump it on the, by going and selling it to this group of guys that I know that would, you know, whatever, one of these credit card forums or, you know, the different forums that are out there, these fraud forums, I can make a ton of money selling people's checking information. Yeah. Then you'd have a problem. Then you'd be, you'd be begging to pay 10 or 20 grand. Yeah. That's, that's exactly what I thought too. But they weren't interested. They,
So at that point, then again, you get, you know, the scenario where you get visited by a detective and everything.
And it comes down to the fact that I hadn't stolen anything.
And I'm trying to explain it to him, you know, like I'm trying to help.
And ultimately, after, you know, this one lasted much longer as far as negotiating what's going to happen.
But again, no computer crime laws in my jurisdiction there.
And, you know, the detectives were getting to know me for this, you know.
And so eventually I had to sign an NDA.
And it had a time period where I couldn't discuss what I did and how I did it, of course.
That was a really interesting scenario.
Were you eventually caught for any of these things?
Well, yeah. Again, the police came and...
I mean, caught and prosecuted.
No, no.
Oh, okay.
No.
I mean, yeah.
That's the stupid luck about this whole, you know, my entire career was that somehow each and every time I'm caught doing this stuff, there was some little thing, you know, whether it was the, you know, whether it was the,
um the jurisdictional laws or whatever the lack thereof you know they they didn't charge me and
i i hadn't taken anything in the detective's eyes so you know a detective takes it and refers it to
a prosecutor they're they're like well he didn't steal anything so we you know we can't and right
well especially in that in that situation so how do you eventually turn this into you know a business
Well, to be honest with you, I didn't.
So at that point, I realize in penetration testing, there really is no money.
I mean, so the way, you know, the way it works with penetration testing is you get a company that
hires you that says, we want you to come and test our network and show us the vulnerabilities.
Well, by that time, they've already secured their network and you're sort of coming in and doing due diligence.
This isn't real, real world vulnerabilities, you know, from an actual threat.
So, I mean, I'm like, I found that, I still find that boring, like, you know, for myself.
You know, I know people that love doing it and, you know, I'll refer those people all day long.
Right.
But going out and finding something that's real out there, you know, where you have to actually go.
find that vulnerability, that's the fun part. I was always one thing that when I worked
in intelligence for the intelligence agency, it taught us was the gathering of information. So
there's, and when you hack, there's several stages of what we call the attack life cycle. And
in the very beginning, it's gathering the information. And it's called footprinting. So it's,
you know, gathering the intelligence on your target.
And that was the part that I always loved, and I still do.
So going out and getting that information, finding it to where it's useful, that's, that's the amazing part of it to me.
It's exciting.
And so that's called open source intelligence.
I was talking about that earlier.
So that's what I started doing, really.
I also realize at that time that I could make more money contracting because contractors, they work, especially when you contract for the government, they don't pay you benefits.
They don't pay you sick time or any of that stuff.
You don't get paid vacation.
If you work, you get paid.
If you don't, you don't.
There's no requirement, no government retirement.
you're paying into. Exactly. So right then, um, I, I basically went back to contracting. And that's
whenever I took the job at the NSA. Um, it was a, it was a position that was listed as being
intelligence in intelligence, but it was ultimately a system administrator position. Um,
this was the one that I mentioned was it's, you know, when basically the same time that, that Snowden was
working there. In fact, it was the same timing. And I had that privileged access again,
you know, so I'm managing privileged accounts, which was really interesting to me. You have an
immense amount of access. And to say I didn't look up things that I probably shouldn't, you know,
obviously I did you know I wanted to know who killed JFK I want to know there were aliens that kind of thing you know and you know there aren't but yeah no true story but I am yeah so it I started working there and by this time I'm really really unhappy with myself and the way I was living because you know I've got to
out this addiction that has been going on for some time now. And the way I see it, I'm taking food
from my children and I'm putting poison in my body and I couldn't stop. I, every time I tried,
you know, you go through the withdrawal and you get sick and it's just easier to give up and go back
to it than to keep fighting it. Not to mention I was a miserable human being when I was going
through withdrawal and doing that to the family was, you know, it just, it was easier to go back.
But I was at work one day, and I was in a meeting with my boss, and I remember catching him
look at me really funny, and it struck me funny at the time, and I still remember it.
And then afterwards, he pulled me aside and asked me if I was okay.
And it became really clear right then that the addiction was really taking its toll on me.
And so, like, and I look at pictures of myself back then now, man, I looked horrible.
But were you dozing off at a meeting or what were you or nodding out or what do they call it, you know, when you start to.
Yeah. Yeah. In fact, that's, that's what he noticed. He noticed signs like that.
And I would, man, by that time I graduated to fentanyl, you know, there was fentanyl patches that you could get.
And we would cut those up and suck on them of all things, which sounds disgusting, but it did the trick, right?
And I would, there were a couple of times driving home that I fell asleep.
Book club on Monday.
Gym on Tuesday.
Date night on Wednesday.
out on the town on Thursday
Quiet night in on Friday
It's good to have a routine
And it's good for your eyes too
Because with regular comprehensive eye exams at Specsavers
You'll know just how healthy they are
Visit Spexavers.cavers.cai to book your next eye exam
Eye exams provided by independent optometrists
And would wake up driving through an intersection
Running over a sign or something
You know, just ridiculous stuff.
I mean, I'm so lucky that between the hacking, I didn't go to prison and the drug abuse, I didn't like kill somebody.
I don't know how that didn't happen.
So now I'm starting to get to where I need to get help.
I know I need to get help.
And it didn't help that at the time, you know, my mother-in-law was also an addict and my wife at the time had become an addict because
you know she was around her mom and myself and so she's developed this you know addiction and
right about that time i think i or well it's about the time i finished the uh the contract at the
NSA um the agency that i've been working with basically put me on the bench which means that
they kept me working doing other contracts back to back to short term
And I was deciding to get treatment, looking it up, doing some research.
And I'm sitting there one night and all of a sudden my internet just starts fluctuating.
And it goes up and down and knowing the signs of someone, a hacker, getting in your network,
I started doing some, you know, looking in my logs and everything.
And so I had set up what we call a honeypot, which was a server that lures other hackers in.
Right.
So, you know, whenever they scan my network, they look for certain ports.
And they're like, oh, I'm going to go after that server.
And I had set something up that was really obvious.
And so this guy, this kid, had got caught in my honeypot.
and he basically got mad because he was trying to get root on this Linux server,
which is root is the highest level of administrator access.
He's trying to basically compromise my server, and then he gets locked out.
So when he got locked out, and I had set all that up that way, he got mad.
And when he got mad, he starts flooding my network with packets of data.
It's called denial of service.
and it literally does that you can send packets of data at a certain connection and it overwhelms it right
right that's why my internet connection was fluctuating and so i obviously i've got his
information in my logs and i go after him i'm not going to let that slide by any means and so
i figure out that he's a gamer very quickly i am one of the things i realize is that he's
He, I scanned his IP address.
I find an open port.
I realize he's got a certain type of router.
And so a good, just a little lesson for everybody is that when you go to your ISP and you ask them to set up a connection, they come out or they hand you the equipment and they say plug it in, right?
They set it up.
They walk away.
Your ISP does not secure that network equipment, okay?
So I probably better not name the one I use,
but it's one of the biggest in the United States,
and they still do this to this day.
If you hire them, they'll come out, plug it up, and it's ready to go.
It works great, but that means that anybody that can connect to your,
can fit your router or your firewall, they can see what model it is,
and if they could see what model it is by the login page, which is what I did, I connected to him.
There was a certain port open on his IP address, and I could see the login page to his router.
So I get there.
It's got, you know, username password, and then it says what brand it was and what model.
So I go to Google, and I look up the branded model of that, knowing that ISPs never secure their equipment.
And in the manual, it has the default username and password.
So I tried it.
Log right on in.
So now I've got control of his network.
I can literally create access for myself strictly into his network or anybody else if I wanted to.
So I did, you know, and I taught him a lesson.
Problem was he was the son of a mayor of some town in Pennsylvania.
and that mayor got pretty angry with what I did and so now this gets reported um so his son
doesn't explain that he had started the process of well I told them obviously so I get
visited again by a detective again and I explained the situation to them and like you know I was just
retaliating. He connected to me and I
even showed them how. I'm like
this is what he did.
This is evidence. He did
this to me first. You can see
it in the logs. The time stands.
They didn't care, obviously.
And
but
he's
what he does have is
he's got computer crime laws on the
books and he's got me
dead to rights. He's got evidence
showing me. He's showing
me printouts. Everything
I did. And I'm starting to get scared again. I'm starting to get that feeling, the sweating on the
inside, the cold, the one to pass out, thinking about jail time. And then, you know, I'm like,
my God, I was just, I'm at the same time, I'm like, I need to quit, you know, I need to clean
my life up and I need to stop doing all this. And, you know, that was a very profound moment.
but at the same time, I don't know what made me think of it, but I was like, well, how do you know it was me?
And he's like, what do you mean?
You just said, I said, yeah, but you can't prove in court that that was me.
Anybody could have used my connection.
And so, but I basically told him just now because I'm showing him everything.
Right.
But I didn't really say I actually connected.
And so I'm like, you know, anybody could connect to my Wi-Fi and do this.
You don't know that it was me.
Obviously, he knows it's me.
I know he knows it's me, but he can't prove that in court.
So again, I'm sort of skating that line of getting caught, you know.
But now I had to be really careful because I'm, you know, this one is very close.
I'm there's a good possibility that he could make a jury believe that I did this fair
right because I did and so they filed the charges and so now now I'm scared and I'm starting to
be convinced that I can't beat this and I've got to do something and so at the same time I'm
like, you know, I got to do something about the addiction, if not for me, just for my kids,
you know, because still I feel like I'm spending all this money on painkillers that I should be
spinning on my children. And they're starting to get to an age where, you know, they're going
to realize what's going on pretty soon. Right. And it just, um,
And, you know, so ultimately, the charges were dropped, basically because they couldn't prove that it was me that did it.
But that was enough.
The scare was enough for me to step away from the hacking.
And I realized, you know, I'm, you know, this stuff's really, it was sort of fueling the addiction.
and addiction was fueling the hacking at the same time and I you know so I remember the day
really well because I had a few hurdles to overcome I mean I was working contracting work so
again I had no benefits so getting treatment was going to be hard because you know no insurance
and I couldn't take time off and go to like an inpatient treatment place because I had to work.
I had to pay bills.
And at the same time, while I was an addict, I had got myself banned from a couple of the medical facilities in that area because when, you know, pain pill addicts, they go to the doctor allowed or go to the ER to try to get stuff often, right?
right and one of the things about that is you sit in those rooms for a long period of time and it's maddening well you ever been to an er you get in one of those rooms there's always a computer on the side of the wall so i took it upon myself to you know move myself up in the queue a few times um and then i got caught doing that so i got banned from a couple facilities because
I had manipulated myself, my place in line to get, you know, it's not have to wait very long.
And so again, you know, I'm messing with things I shouldn't be.
And so I had that problem, no insurance.
I couldn't take time off.
Some of those facilities wouldn't allow me to even walk in the front door because I had, you know, basically got myself trespassed from the property.
but yeah it just ultimately I found I got online I believe is what I ended up doing because I didn't have any other choice and I reached out to a group
at that point in time we were my wife and I were consuming enough oxycontin and Xanax to kill a small elephant every day
and there shoot there even things to this day I don't remember
from that time because of that.
Those are two things you just don't mix.
But I found a group that invited me to a meeting,
narcotics anonymous.
And my intentions were to go and check it out and then by myself and then come back.
And then if I liked it, I was going to tell my wife.
And I went, I came back that night and I was going to tell her.
and she was gone and didn't come back to like 3 a.m.
And I found that really suspicious.
But keep in mind that I spent a lot of my nights hacking.
So for the previous several years or the whole time we were married,
I rarely went to bed with her because I was on the computer, right?
I was hacking.
Right.
And that she wasn't happy with that.
So eventually, obviously, she started going out with her friends and, you know, long story short, she was cheating that night.
And, you know, I've got a broad skill set and I started checking cell phone records and things like that and figured it out.
And so I never told her that I went to the meeting.
I went back the next week to that meeting and, you know, basically they assigned me a sponsor.
and I started, you know, the painstaking road of getting clean, and I basically confided in them.
And that person told me, basically, I had to cut myself off from all these people that, you know, in my life that I influenced the use of pills, right?
and even the hacking because the hacking was an addiction also and so at that point I'm trying to figure out how to do that well my wife at the time had a problem of shoplifting and I hated it even though it benefited us at times you know with the addiction it drove me nuts because you couldn't go anywhere with her everywhere she went she had to steal something it drove me crazy
And so she got caught right about then and got arrested and went to jail.
And so that was my, my aha moment.
I've got an opportunity here.
I can quit.
I can quit pills.
I can quit hacking and quit breaking the law.
And, you know, I can clean my life up for both me and my children.
And the way I looked at it was, like, you know, I've got these skills and I've got this
education that I can, you know, I can get a job making really good money. And so I did. I started
the process of getting clean at that point. And, you know, I ended up getting custody of my kids
not long after that because they wanted to be in an environment where, you know, obviously where
somebody wasn't using drugs and and all that stuff.
Um, yeah, it just, um, it started, and it started snowballing from there.
Um, so when did you leave the NSA?
I had already at that point. Um, I,
I, I got really bored there. The, the NSA, at least the job that I had, um, um,
it was so it was a system administrator job and it was something that was created for somebody
probably decades before that so all the the duties that we had the thing that your job responsibilities
were were written 10 years prior to me working there all the things that we had to do could
be automated at this point and so being someone who is always looking for a
a better way or a different way, you know, outside of the box thinking, I scripted things and
I automated it. So the manual processes that they used to do, I had shortcuts for. So it created
a great deal of free time for me, which was detrimental because I'm a hacker, right? I'm somebody
that's got to be learning all the time. And though it was great for that, because,
I could get online and I could learn new stuff, I've also, you know, I'm starting to stop the hacking
because, you know, I needed to. And so I couldn't do that. I couldn't do it at work because if I'd
done it at work, I'd have been arrested at that point. But yeah, so there's, I got bored long
short of it. I got really bored. And that's what took Snowden down, actually. But, you know,
it's, he was doing word searches on the network. He called him dirty word searches. So part of your
system administrator's job is to, you know, we look for files that aren't supposed to be there on the
network or whatnot. And I can't tell you how many people I found with porn on their laptops or, you know,
things that weren't supposed to be there.
And so he claims that he was doing dirty word searches on the network.
And he found these programs that were intrusive on the privacy of average citizens,
which is somewhat true, but I would argue what were you doing looking through the network
in the first place.
I mean, he had privileged access like I did.
And when you do that,
you're managing the people with the most amount of access,
but just because you're managing their access doesn't give you the right to go
digging through everything that's on the network.
And that's pretty much what he did, you know.
So, yeah, so he got bored.
I got bored.
That's why I left.
And at that point, I was working.
I had got a contract job with just a regular company.
It was a telecommunications company at that point.
and was just doing my thing and living the way I should.
I got clean, got custody my kids, and started growing as a human, you know, finally.
So, okay.
And that, so what are you doing now?
Right now?
Yeah, for work.
I mean.
I actually can't talk about what I do.
right now.
I can in a few years.
I'll leave it at that.
I've written a book most recently on AI and cybersecurity.
AI is both scary and exciting at the same time.
A lot of people don't use or realize how much we use AI every day.
Just in the things, you know, you got Siri on your iPhone.
phone. You use it in your navigation with, you know, your maps on your phone or in your car. It's in medical devices at the hospital. It's in your manufacturing. We use AI so much already and people don't really realize it. It's exciting in that aspect, but it's also dangerous because depending on what data set that you point,
it at. So when I say that, I mean like, so it pulls, for instance, chat GPT. If you get on chat
GPT and you look something up using chat GPT, it's pulling information from the internet.
And as you well know, you don't, you don't have, you could put anything on the internet. That doesn't
mean it's true, right? So the data set is the internet as far as chat GPT is concerned. And it does
very little data validation whenever it's pulling the information. So it could, if you asked
it who won the last election, it may or may not tell you who actually won the last election.
It may be because somebody had said they won it, you know, it could pull that information.
So there's, you know, so it's dangerous in that aspect. And there, there's a lot greater concerns as far
as that goes. That's just an example.
But yeah,
it's really interesting. But it's
also at the same time not going to cause
the apocalypse, you know.
It's that
we call that artificial
general intelligence,
which is AI
would become like a human being,
you know, knowledgeable.
It's not going to do that.
It's not going to turn into sky net.
No, no.
If that happened,
okay if something like that happened it was programmed to do so and therefore not
AI right somebody programmed it to do so but yeah it can't develop emotions and
decide that human beings are are its enemy because it doesn't know what a human being is
and you know it just I could get in go so far into the computer programming but if
anybody's ever written like a basic computer programming class or basic program and like a
programming class in college they would understand why AI can't do that it you have to tell a
computer everything you want it to do and so for it to be able to accumulate enough knowledge to
decide to you know do something to humans it's just ridiculous but so
why did you write this book well for one AI there's it's it's a powerful tool and you can use it
for hacking so it's starting to be used in that fashion if you've noticed in the news
there's this thing called vishing that they use much like fishing which is what the emails
like bulk emails that are sent out like what i did to pay to the paypal users right
So vishing is voice fishing using AI.
And AI will, you can have it mimic your voice.
So an attacker will call you.
And as soon as you say hello, they get a sample of your voice.
And then they'll, they can actually infiltrate your phone.
They can call your contacts and pretend it's you, you know, like you've been on a car accident or something.
and that you need money right away, they'll have you send it to them.
And they mostly prey on, you know, elderly because they're the most susceptible to that now.
But yeah, it's, it's a very dangerous tool.
So in cybersecurity, there are things that we can do to help mitigate those risks.
And that's basically what the book is about.
Okay.
Yeah, I had a guy on a podcast.
like a month or two ago and we were talking about exactly that how using um using AI they're
able to take these old scams that you know these old Facebook scams where they they text
you on messenger and say exactly oh gosh you know Jennifer I'm I'm in you know whatever I'm
currently in Budapest and we lost our passport and we need $500 you know sent immediately I'll
give it back as soon as we get back to the states and you know can you Western Union it or can
you you know whatever the case may be you know Venmo or whatever and so you know you think it
you know if you're 70 years old and you think it's your friend you know Jennifer you send it
but you know but then it was questionable you know it was questionable because I don't
remember she was going there or I haven't spoken with this person in six months why would
they contact me but now if now you know Jennifer calls you or you know what
or Teresa or whatever her name is now she can actually same same scenario but she calls you on the
phone you know and it's like and you recognize her voice immediately and she's asking for money and
she's in trouble and i don't have anybody's contacts i just happen to have you on messenger and i
you know was able to dial you're the only person that answered and i'm in a real bind and it's
for you it's 300 bucks or 500 bucks and that's not a big deal here but if you're living in
Nigeria right that's a ton of money yep you know and you only have to get a couple of
people a week if you can get one or two a day it's even better you get two or three of those
people a week you're making you're you're living like a multi-millionaire right so you know for us
it's not that huge of a deal but for them it's it's a lot yeah um so okay so what how long go
so when did you come up with it when did you release the book
Um, it's actually not released yet. We're getting, we're working on the release date at the moment. Um, what's the name of it? Um, so it's safeguarding AI, um, and in the cybersecurity world. Um, it's, I want to say March, April. Um, I ran into just one issue with releasing because I mentioned a certain software in it and had to get their approval. But, um, yeah.
that was otherwise it would have been out by now um is there a a publisher did you self publish or
el severe yeah is the publisher yeah okay well is there anything else you feel like you want to go
over uh we're getting ready to i'm looking at the plan
is to start a podcast basically what I call it a podcast but it's actually a YouTube channel it's a
podcast it's uh I had in the last few years I volunteered with the Innocent Lives Foundation on human
trafficking um so those open source intelligence skills that I mentioned we use that we used an
intelligence work it it's it's very useful in the investigation of human trafficking and missing
persons. And so I did some work with the Innocent Lives Foundation in the past, and we're looking at
launching a YouTube channel to both highlight the need for human trafficking investigations and
also share tools on how you can do that. There are tons of cyber sleuths out there who get
involved in that sort of thing and um so that's one of the things that we're doing with the
youtube channel but um yeah and then as well there's going to be a a section on there for hacking tools
and everything showing people how to use them yeah you you should talk to um i think i mentioned this
um brett johnson did you did you ever look him up i did yeah i hadn't heard of him but
yeah that was interesting um i i hadn't
I've heard of him specifically.
I've heard of the godfather.
I was it godfather of cybercrime, I believe.
Right.
Yeah.
I had heard of that.
I had actually gone to,
there's all kinds of conferences,
cybersecurity conferences,
all over the United States.
And some years back,
I had went to one in Las Vegas,
and I met a guy named Kevin Mittnick.
He was,
you probably heard of him.
Yeah, of course.
Good guy just passed away.
way a few months ago. But I remember the godfather of cyber crime. I think that's what he went by
back then because Kevin talked about him. So I hadn't actually, I didn't know who he was until
you mentioned his name. Yeah, he's got a podcast. I'm sure he'd be very interested in talking
with you. Yeah. I was actually on hit. He just started it again because he had started a podcast
and it was doing well. And then he was interviewing a woman.
who had run an escort service, an online escort service.
And he was, as he's talking to her, and they're talking about her story, he started going
through, you know, he pulled up on the screen the different sites, and he's going through
it, not realizing naked pictures were on the side.
So the algorithm, like it released, maybe four hours later, the algorithm caught it and realized
like, oh, no, remove took the entire channel down.
out. Oh. Didn't take the video down. Didn't give him a warning. Just boom, your channel's done. And, um, you know, which was really not what they should have done. They should have just taken the video down. He clearly, anybody who had watched the video knew that he had no idea. He wasn't even paying attention. Didn't realize it was there. But regardless, so he, he had to restart his channel months and months later. He just started again. I was actually just did an interview with him. Um,
Gosh, a couple days ago.
I don't even think he's yet.
He hasn't even put it up yet.
But I'm sure he'd been interested in talking with it.
Yeah, I'll write his thing down again.
Yeah, I'll shoot you his contact information too.
Yeah, thank you.
Sure.
Yeah.
But hey, are you, we're good.
You want to wrap this up?
Yeah.
All right.
Well, listen, I appreciate you coming on and talking to me.
Yeah.
Thanks for having me.
I appreciate it.
Yeah, I will, I'll put your, the link to your book in the description and the YouTube.
You know, if you, you know, if you start, you know, if you, when you start the YouTube channel or you get the link for the book or whatever, I'll put all of those in the, in the description box.
Okay.
Yeah, I can, I can go, I can give you the YouTube channel.
I don't have the link for the book just yet.
It's going to be a couple months.
But, yeah, I just got to get to work.
That's what we're doing now.
is between the interviews, you know, that they're starting to set up,
which I just after, after you called me, I started getting more, you know, request.
But finding time to do, I got to, I still have the day job that I can't mention, of course.
And then the, you know, between the interviews and trying to film content for the YouTube channel,
I got to find time to do that.
But yeah.
Hey, you guys. I really appreciate you watching. I hope you enjoyed the interview. Do me a favor if you liked it. Please share the video. Please subscribe to the channel if you haven't already. Hit the bell so you get notified of videos like this. Check the description box for the books and the YouTube channel that we were just talking about. Really appreciate it. Also, please consider joining my Patreon. It's $10 a month and it really does help and I do appreciate it. Thank you very much. See you.