Radiolab - Darkode
Episode Date: January 14, 2022It would seem that hackers today can do just about anything they want - from turning on the cellphone in your pocket to holding your life's work hostage. Cyber criminals today have more sophisticated ...tools, have learned to work collaboratively around the world and have found innovative ways to remain deep undercover in the internet's shadows. This episode, we shine a light into those shadows to see the world from the perspectives of both cybercrime victims and perpetrators. First we meet mother-daughter duo Alina and Inna Simone, who tell us about being held hostage by criminals who have burrowed into their lives from half a world away. Along the way we learn about the legally sticky spot that unwitting accomplices like Will Wheeler find themselves in. Then reporter and author Joseph Menn tells us about the surprisingly lucrative professional hacker structure in places throughout the former Soviet Union. Finally, the co-creator of one of the most notorious online marketplaces to ever exist speaks to us and NPR cyber-crime expert Dina Temple-Raston about how a young suburban Boy Scout can turn into a world renowned black hat hacker. Support Radiolab by becoming a member today at Radiolab.org/donate.Radiolab is on YouTube! Catch up with new episodes and hear classics from our archive. Plus, find other cool things we did in the past — like miniseries, music videos, short films and animations, behind-the-scenes features, Radiolab live shows, and more. Take a look, explore and subscribe!
Transcript
Discussion (0)
Wait, you're listening.
Okay.
Alright.
Okay.
Alright.
Door listening.
To radio lab.
Radio lab.
From WNYC.
See!
Yeah.
Hey, this is Radio Lab.
Last year?
A cyber attack disrupted the colonial pipeline.
It was a big year for cyber crime.
The FBI confirms it's investigating 100 different types
of ransomware attacks.
According to the FBI, the amount of money taken by ransomware
has gone up by more than 1,000% over the past five years.
And this has got us thinking about this episode we did
on this new kind of crime
way back in its relatively quaint early days in 2015 called Dark Code. Hey, I'm Chad
Abumrod. I'm Robert Krohwitch. This is Radio Lab and today. Well, today we're going to tell you
a story which we hope does not become your future, but it raises a simple question. We all have
computers. We love computers. We depend upon computers, but what if the cost
of using your computer becomes more than you're willing to pay?
Two stories today, which suggests that we might be at the very beginning of a nightmare.
The first comes from a journalist, Alina Simone, and her mother, Ena.
I mean, do you want to start with my mom because it really happened to her?
She only got in touch with me maybe on Day 6.
It took into me, yeah.
Okay, so what, yeah, day one,
what was the first thing that happened?
On day one, what happened that I called
Tufts University IT services
because my husband for the Tu accept that complaining that my computer is
unbearably unbearably slow. She tells IT, I don't know what's going on every time I try and open a window, it's like, click, click, click,
so practically stopped working. What do I do? They checked, whatever said, probably nothing, rebooted, so did nothing, basically then...
She went away for the weekend.
And when I came back, I turned the computer on, and like it was doing something.
And I saw many, many windows covering her screen and those windows multiplied
I cannot open any of them and I could not figure but it was very late at night so
She went to bed
Got up the next day called up again asking for help. They had no idea what was going on
No, she says at this point whatever the computer had been idea what was going on. No. Which says at this point, whatever the computer had been doing?
It was done. All windows disappeared.
Except now, anytime she tried to click any of her files.
The pictures, videos. I cannot open any of them.
Instead, every time this message would pop up.
And the message says...
What happened to your files?
All my files. All of your files? All my files!
All of your files have been protected with a strong encryption.
Encrypted?
Using cryptid wall, this means that the structure and data within your files have been irrevocably changed.
And in order to get them back?
To unlock files, you must pay 500 US dollars.
If you really value your data, then we suggest that
you do not waste valuable time searching for the solutions because they do not exist.
You're saying that somebody went into your computer and locked up all of your things?
Yeah, they gave me the exact count.
5,726 files encrypted.
Remember when you say they, did you have any image in your head of who?
My first thought was Russia or Ukraine, which is even better.
Why?
Because, you know, everybody talks about excellent, fantastic education there, especially
math.
I'm from there, I know.
You know, she's right, they surpassed the US
in educating their kids when it comes to math and science.
And they've got a severe under employment problem,
especially outside of the major cities,
which is where these viruses often trace down to.
Not Moscow and St. Petersburg,
but we're talking about, you know, backwater.
I was so positive that it comes from that part of the world that I wrote them in Russian.
Apparently, the criminal said, provided her a link to a website where she could send
them a message, you know, customer support.
I wrote them to Vysys Dochli.
I don't know how to translate it in English more accurately. Something like, I wish you all die or draw dead.
When you all die, in Russian language,
the receiver to die for humans or another bird for animals.
So you said use the animal one?
Yes, not a curse, but they got the message.
Now, Ina says she thought about just wiping the computer clean so that she wouldn't have to pay.
But then it occurred to her that her husband had all these files on there.
Which he needed.
You know, like business receipts that he hadn't filed yet.
Which he's lazy to do so he has to rent a hell.
And she's right that like, you know, she has this tax information, this reimbursement information.
And ultimately, it's worth more than $500.
My husband didn't want to pay a overall fee.
So, Ena decides to follow the instructions, basically.
One, download and install Torra Browser.
So she goes and installs this browser called Torra, which apparently is not traceable.
Two, run the browser and wait for
initialization.
She does that.
3.
Type in the address bar, Kpy7, YCR7, JXQ, then she's directed to a site where it basically
tells her, look, if you don't trust us.
We can decrypt one of your files for free.
As a sample that when you pay us, you would know that you could really get all
your files back. And I was curious I decided that I will try. So she clicked the button that
said yes and I got one file back. But as soon as I did, the clock's that ticking.
Literally she says it will clock appear to the top of the browser.
They give me exactly seven days.
167 hours, 59 minutes, 59 seconds.
Oh, so you decrypt the thing and then suddenly it's a countdown?
Yes, they say, if you won't pay by this day, then the fine will be double and if you won't
pay in one more week, then you will lose your files forever and you will never get it back.
Now in the message it had told Ena that she had to pay that $500 fine, not in dollars,
but in Bitcoin.
You know, this was the first time in my life ever.
I heard the term, Bitcoin.
So I found this website called Coincafe.
Where you can buy Bitcoin. And to buy this bitcoins is a nightmare. It's a torture
What you needed to do was exchange
500 bucks for the requisite amount of bitcoins and at the time
500 bucks equal 1.37 bitcoins
But before she could even make that exchange she had to fill it all these forms of these questions
What happened? What is the reason to buy Bitcoin?
The reasons were listed. One of them was ransom.
So they knew that's a category?
Yes, it was the first reason to pay ransom to the criminals.
Next, she says after you fill out all the forms.
You have to make a picture and send them a photograph through the internet, okay?
I did not have a camera because...
She says your camera happened to be in the shop.
Or, more than that, I have to make a picture of my husband holding a driver's license, send them this picture back.
Is this the bank or the criminals?
No, the people who sell you bitcoins in exchange for your money.
I told you that it's a touch is unbelievable.
But eventually she was able to find a neighbor bar of the camera, take the picture she needs to take.
Then she had to get the money she wanted to exchange two coin cafe.
And it turns out the preferred way to do it, the most secure way to do it, is not online, but through a money order.
This was the day right before the Thanksgiving, Wednesday.
She still had about six days before the deadline, so she thought, all right,
I'll just pop down with the post office,
get a money order.
But...
Live from Boston, WB store.
Lexington and the whole Massachusetts
had a terrible, terrible snow storm.
For a lot of us, this could be the biggest storm
so far this winter.
Undrivable road and significant snow,
a wet snow at that part.
But I had to go to the post office.
So she plows through the snow, almost kills herself, but gets there, gets everything
together, sends it off.
And it's like, alright.
So finally I send everything out.
The post office assured me that they will get it on Friday, which is the first working day after
the sales given.
Okay, so on Friday, they did not get it.
On Saturday, they did not get it.
On Monday in the morning, nothing was delivered and I was desperate because my deadline was Tuesday,
something like 12 o'clock.
And I started calling the post office, whatever, nobody knows anything.
They said yes to days, but there is no guarantee.
Finally.
Or clock in the afternoon on Monday.
But 24 hours before the deadline.
They got it.
Yeah. No, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, Because of the exchange. You gave me 400 and...
And I started calling them...
Basically the exchange rate had changed on her.
She had bought it at 500, now it was worth 487.
I asked them how often do they change the exchange rate?
And they said, every minute.
But it's not a joke.
Every minute I said, are you crazy?
I was a double victim. I was a a joke. Every minute I said, are you crazy? I was a double victim.
I was victim square or victim cube.
You see what I mean?
Because driving was terrible.
I have to stand on my head to get a camera.
And then I was struggling to send them.
That's the problem with this crime.
Like the criminals need a better way
to get money from the victim but everything else is
Traceable I'm on the edge of my sea here. So it's that you're $13 short
I'm calling a day. They said there is one more way
one more way and what is it we have a ATM machine
You said what yeah, We have an ATM machine. You said what? Yeah. We have an ATM machine.
Only one. And I said, where is it? It's in Brooklyn.
Brooklyn, New York?
Yeah.
Oh no. 200 miles away.
Wait a second. I don't understand this.
There is one ATM that is in the barrel of Brooklyn where you do not live.
Exactly.
But luckily her daughter, Al Alina lives in Brooklyn.
You ask me how my daughter got in the little bed.
So she calls Alina.
Yeah, my mom called me the night before the ransom was due.
Were you aware of any of this attack?
No, no.
I remember, you know, I was at night.
I had the TV on and I have a toddler.
You know, it's always all these things going on.
I was probably on my laptop too.
I was doing like 12 things,
and my mom called and she was like,
upset with a Capitol U.
She started ranting about criminals and ransom,
and I literally thought she was like talking in air quotes.
I'm like, oh yeah, I know, when I go to Texas her
and like, yeah, there's extortion.
And my mom was like, no, like, no, really,
a ransom, they're really criminals.
Her mom told her, Google Crypto Wall. And I was like, holy s like no, really, I ran some, they're really criminals. Mom told her Google crypto wall.
I was like, holy s**t, this is really a thing.
Plus, I started googling as she suggested I do
and found out that police departments had paid this,
that Sheriff's Department in Dix and Tennessee
had just paid it to unlock, like, you know, 70 plus thousand
case files and I was like yeah.
Oh, so these crooks go after police departments?
They've got after governments, universities, corporations, police departments.
And did the question ever come up in your mind like why my mom?
No, not at all.
Because like a million people in the US have been infected with
crippling.
With this very thing.
Yes.
Anyhow, next day, less than six hours left,
Ena says to Alina, please go to this ATM so we can just be done with this whole thing
You can cut it later, but I can tell you that in the morning she said I have a date for my granddaughter date
To play day. I won't be able to do it until 12 o'clock and they call again
I said I crazy I don't have time.
So I go out to Greenpoint this ATM and you know I just want to add that you have your
play date.
Well I canceled my book.
No but I didn't.
I called you.
You shorten it.
You make it a little more.
Okay.
I show.
Right. Okay so I cut my plate eight short.
Sorry, forget that crucial detail.
And I go out to Greenpoint and they have an ATM.
I'm just worried that there's gonna be 57 people
all lined up at this single ATM that you're getting.
There were totally not 57 people.
I mean, most people do take care of this remotely.
Like, there was no one at this ATM.
I mean, what was funny about the ATM is like,
I'm expecting like, yeah, I've been to an ATM.
Like I have a capital one account.
I know what an ATM is, you know,
but this is on like the second floor
of a work share space in Brooklyn.
It was like in the hallway,
there was like a bike hanging from a wall kind of blocking it
and there was like a paper sign taped to the wall
that just had a printout from a computer
that just said Bitcoin printout from a computer that just said
Bitcoin ATM all over case letters in an arrow to this phone booth. It looked very
Soviet. Like if you've seen photos of those phones with no buttons and there's
just a receiver and it's totally scary. It's like the red line. Yeah yeah like you
just pick it up and like somebody's always on the other line or something. It was
like that. It was just this box with a screen and no buttons and a camera eye.
Oh my god.
And what you do is you hold up your QVC code.
Is that what they're called?
QVC.
What are they called?
QRC.
The barcode thingy?
Yeah, yeah, it's like a barcode.
So there's this QRC code and my mom had emailed it to me.
It was like, you need to print this out.
And this is a scent.
This essentially gives you access to my account to top it off.
You know, and so I put this QR-C code up to the camera eye
and it kind of went,
boop, and then it was like,
we are accessing your account.
And then I got a spinny wheel.
You got the wheel of death?
Yeah.
No.
Spinny wheel.
Alina starts frantically dialing her mom, guys at Quinn Cafe. I called you know I left
like three phone messages and I I left five so finally they called me back like 20 minutes
later said okay we're sending a technician over to fix the machine which was very cool
I didn't think that would happen and so you, the technician was there and he fixed the machine and he helps me deposit
these $25.
And then he was talking and he was like, yeah, you know, he knew my mom.
Because, you know, he'd been talking to her on the phone.
He's like, I feel so bad for your mom.
We've been getting so many of these cases.
And I'm like, why are you, why are you?
They get a lot of these cases.
Yeah, I was like, why are you you guys getting so wise everyone coming to you?
And he's like, oh, I know why?
Because in the ransom note, they give a list of preferred vendors.
And we are number one or two.
What is the introduction?
What a bad introduction to Bitcoin.
Like, we're going to hold you ransom for all your information
until you use this new currency to pay us off.
I mean, that's so terrible.
This is Mike Hoats and John Ha,
they are the co-owners of Coin Cafe.
I had a few weeks back, a grandmother who was in tears.
She was gonna lose all of her family photos,
because the deadline was coming up,
you know, crying on the phone to me,
and it got it, it felt horrible.
Now, clearly, people who sell Bitcoin
just believe that there should be a digital currency
that is decentralized, that doesn't rely on the banks
But unfortunately it has become the currency of choice for ransom
And so they're in this weird position. So it's a tricky thing because like I can't sell Bitcoin to someone who I know is gonna
Do something illegal with it, right?
That's Will Wheeler who runs a Bitcoin exchange called Expresscoin
And he says he and the other exchanges are really worried right now that if they keep helping the
little guys pay the ransom in order to get their files back they are in effect making themselves
accessories to a crime. I finally got a call back from Finston which is the federal authority
for the financial crime enforcement network. They said that we could perceive paying a ransom
as unlawful activity, and so they might choose
to use that against the company who helps out, right?
And likely, until we get a straight answer
from Finzend, we'll take the overly cautious approach
and start declining these transactions.
Even though in your heart, you want to help.
Well, yeah, I mean, do I want to risk being indicted for helping you get your travel
receipt to reimburse from your company? And I mean, to me the answer is no.
In any case.
After Alina deposits the extra 25 bucks in her mom's Bitcoin account, Ena, the mom goes
online. Then I clicked and it was gone.
But then...
But an hour later.
I went to my computer and there was another message that you are late.
No.
It turns out that I was two and a half hours late.
You have to pay $1300 roughly.
I did not have anybody to tune to.
So she went to that same website where you can write them a message.
I wrote them that I was late but I mentioned the snowstorm, the things given, which they probably were not aware of.
And of course, the wonderful US mail service.
I said that I tried and I was only two hours late.
And then all of a sudden, I'm getting a message, you paid in full.
Without any explanation, nothing.
You paid, that's it.
And I got all my files back.
Do you think they took pity on her?
I... maybe.
I felt that it's over.
Finally, it's really over.
Does make you wonder, like, who these people are?
We have a story about that up next. Hey, I'm Chad Abumrod.
I'm Robert Kroelwich.
This is Radio Lab.
So here's the next obvious question.
Who did this to you?
Like, do we know anything about them?
Well, we put that question to Joseph Mann, investigative reporter for Reuters, who's done
a ton of work in this area.
And his hunch was that Ena is right.
We're talking people, Russian speaking folks, by and large.
You read a book called Fatal System Error, which is sort of a deep dive into the Russian
hacking scene.
And much of it is as you'd expect, you know, young guys.
Early 20s, kind of grubby.
By and large, they do not live a lavish lifestyle.
There are guys at the top of these criminal organizations
that are very flashy.
And they're like sort of top icon,
some of them, in the same way that rap stars are in the US.
There's a hacker magazine, which has guys with their sports cars
and the supermodels and whatever, you know,
buying bottle service at, you know,
discos at three in the morning.
Those are the guys who hire the 20 year olds?
They hire the 20 year olds or they're franchising.
And he says the 20 year old grunts work at office parks.
Yeah, and it's like a call center type of atmosphere.
So is there like, you know, it's like a call center type of atmosphere. So I is there like you know
That's producer Kelsey Paget Ivan in a cubicle at his computer board
He has a meeting later with Judy in HR and he's mad about it
Is that the kind of like environment that these people are in? I for the most part
I think so yes the larger point is that it's not just like your lone wolf pimply faced hacker anymore
Cybercrime is now super organized. It is often corporate. It is big business and the whole sort of economy
Seems to revolve around these secret sites where people come together to buy and sell things like that ransomware from our last story
There are these underground web forms and there there's a variety. Some are available.
You can reach on the open internet.
The more impressive ones are password protected.
You have to know somebody to get in.
They're really, really fancy ones.
You have to have a couple of people vouch for you.
You actually have to apply with your resume,
your hackers resume.
Here are the things I can bring.
These are the kinds of hacking exploits
that I've had.
And therefore, I should be part of your exclusive club.
Let's see an Attemptal Raston NPR's cybercrime correspondent.
She's been tracking the government's attempts
to shut down some of these sites, which she describes as
sort of a hacker's black market bizarre.
So let's say someone is looking for a bunch of credit card numbers
that have been stolen.
You can get it there.
There's one price if they're mastercard gold and another price for a higher level credit,
whatever.
Let's say you wanted to know about a boss or an employee or a girlfriend.
You can get this piece of software that allows you to turn on their phone at any time.
You could basically e-drop on them because you're in the pocket.
And for $300 a month, you would actually get customer service.
And the price is actually keep coming down. It's a very, very evolved fluid marketplace.
There's feedback and there's escrow. There are feedback forums.
That thief was not really, like, didn't do the thief the robbery right?
Absolutely. Particularly for something, you'll see it a lot for freshness of
credit cards. Because, you know because it's easy to say,
here are 10,000 credit card numbers.
But if their credit card numbers
have been out for a while,
and get declined, everybody,
you've just wasted your money.
And these people are called rippers,
and they're ripping you off,
and they will get banned from the forum.
Wow, so it's reputational, just like everywhere else.
Yeah, and it's as good as eBay.
If you feel safe doing business on eBay,
there's no reason you shouldn't feel safe doing business on eBay, there's no reason
you shouldn't feel safe doing business with the criminals.
Now, all of this, to me, frankly felt like just a sexy hacker talk. Until a couple of months ago,
Dina started telling us about this one particular site. Actually, the biggest of these kinds of
sites that's out there, it's called Dark Code. Yeah, the way it has been described by
law enforcement is sort of an Amazon.com for hackers.
Actually, here's specifically how US Attorney David Hicks and describes her in an interview.
Dark code is the largest English-speaking, criminal cybercrime forum in the world.
I think most people know Silk Road, and they know, for example, you could get a contract
hit from Silk Road and drugs and guns and everything else.
So would it be right for me to say that this was sort of a Silk Road for hackers?
Yeah, I wouldn't want to draw that direct comparison.
I think it's probably accurate.
I would say that all measure of cyber crime that you see and watch around the world was
in some form of fashion connected to it.
So we got really interested in this world of this site, Dark Coden, the people in it.
And so with Dina, we started calling around trying to find anyone that would talk.
And after weeks of searching and calling and loyering, we found a guy who agreed to go on
the record.
My name is Daniel Placic, and I am a reformed hacker.
And as far as we know, Dan has never talked about this publicly.
So how did you get involved with Dark Hood?
Well, I was one of the people who created it.
A very long time ago.
Daniel's story begins not in Russia, but in Milwaukee.
Sure, well let me start with a little bit of...
Small middle-class suburb, right outside of Milwaukee.
Do you have brothers and sisters?
Two younger brothers and two younger sisters, big family.
Did you have to share rooms with them
or were you in your own little kingdom?
I shared a room with both my brothers for a lot of years.
In fact, that sort of plays into the story
because he says what he would do to sort of escape.
He's go to the basement and play video games.
So yes, the stereotypical hacker and his parents' basement.
I know.
It's quite hilarious.
Densez, his hacking, began innocently enough when he would monkey with games like Age of Empires.
I changed the graphics, changed the artificial intelligence in the game, the way it plays,
rework it, create new maps, that type of thing. Something I enjoyed.
And slowly, throughout my teenage years, that developed into something more.
I did not get along well with a lot of my peers in grade and middle school, so I spent
a lot more time on the computer and by myself than I did socially, at least at that age.
And he says one day he was in a chat room,
and an internet chat room was called Game Search.
Talking with a bunch of other people out video games.
And at some point along the way,
you meet this guy.
You know, this particular guy was into, you know, botnets.
Oh, yes, botnets, we all cry.
Just remind us of what's going on there.
Botnets are malware viruses installed on computers.
And botnets are the way to centrally control
a whole lot of infected computers.
Just to put this in context for saying,
because I think it's totally fascinating.
Joseph Men says that this whole botnet situation.
It started with spam.
One of the easiest ways to make money on the internet back to 3000 was spam.
Spam is in an penis extensions and I'm in Nairobi and...
All that stuff.
What happened was that in the olden days most mailservers acted as open relays.
Meaning the male people wouldn't really pay attention to who was sending what.
So the spammers with spam with abandoned.
And then spam got to be enough of a problem that the techies of the world...
Decided that's it.
They started to block people.
Like if they found a guy who they thought was sending too many product emails or whatever,
they would block his IP address so that he couldn't send any more mail.
So what the spammers and their contractors then needed to do was to have a bunch of clean IP addresses
and send spam from that.
So what they did, which is totally genius, totally evil,
is they hired a bunch of programmers
to create a bunch of viruses.
Disseminated those viruses across the internet,
people would accidentally click or open something,
get them onto their computer,
and then suddenly
the spammers could now remote control our computers at a distance, whatever they wanted for maybe
just an hour or two a night, to send out their spam.
Because these were clean IP addresses.
Of course, what happened is that once the spammers had these botnets, they started thinking,
hey, I could do something else with this.
And the next thing that came along was denial of service attacks. You can have all of them try
to contact eBay.com at the same time and not go over eBay.
This first gentleman that I ran, so he had a botnet of well over a thousand computers,
which at the time was amazing to me. By today's standards, a thousand for a botnet is nothing.
Now they can get up into the millions. know back then it was quite incredible to me and because he says he was in this chatroom
this guy was there and this guy would get into fights with people anytime he did he'd point his
one thousand computer drone army at that enemy and that few man i'm gonna knock your internet
offline there's nothing you can do about it you know if it was something in a game he could knock
the game server that they were playing on offline, you know, stop their game, things like that.
It's like you can take away your ball back in 1935.
Yes.
That is exactly it.
Taking away someone else's ball over the internet.
So this for some reason intrigued you.
Yes, it was amazing to me.
I'm like, you have control of 1,000 computers, wow.
You know, how did you do this?
You know, at the time I had never heard of botnets. I didn't know about any of this stuff. Like, how did you, how did you do this? You know, I, at the time I had never heard a botnet,
so I didn't know about any of this stuff.
Like how did you, how did you get the software to do this?
How did you get it onto all these computers?
And he was quite happy to tell you all that.
Oh, he certainly was.
This, this particular gentleman had a very large ego.
And, and did you see him as a bad guy?
To be honest, I, I think at that age,
I didn't really, I think about it that deeply.
It's the internet.
It's a lot harder to quantify right and wrong there.
I mean, now it's easy to look back and then say, yeah, this is wrong, but it's not like
going up to someone and punching them in the face.
There's no human connection there.
You don't see these people or feel these people.
He says at the time it was just sheer curiosity. So he says he asked this Pied Piper guy to
send him some of the bot software that made the botnet go. And that really intrigued me.
You know, digging through the source code, trying to understand, what is this thing doing? How
does it work? How does it tick? This guy was he a good coder? Like, is he good at it? Was he good at it?
Yeah.
No, no, I would, you know, in hindsight now,
you know, he's what I would classify as a script kitty,
you know, someone who...
It's a script kitty.
I know what that is, but it's a whole new curse for that.
That's awful.
Script kitty.
So a script kitty is someone who has just enough
technical ability to kind of take
some tools and software that other people have created and just use them.
Now, to fast forward.
As Dan went, the opposite direction of the script kitties and got better and better and
started making these botnets that could literally spy on people as they were using their computers.
Interesting to see all the porn that people are watching, that type of thing.
He says he found himself in another chat room.
That was called Bot Talk.
It's kind of place where hackers swap tips, brag.
Like, hey, look what I did.
I had to face this website, take a look.
And he says one day he was talking
with a coder friend of his guy named Izardou.
We were talking, and why don't we set up a community
where we can really filter who gets to join.
And don't let all these scriptkitties and idiots in.
I actually chose the name. I came up with that nice lame name.
I actually think it's pretty good.
What's the name again? Dark code.
Dark code. With the K-R-K-O-D-E, I think, right?
It seemed cooler with the K.
Yeah, so we chose the name and started getting the site set up.
The rules were it would be invite only.
So you had to have an invite.
And each new person would be required to demonstrate their skill.
You know, here's a piece of software that I created.
Or here's a video of my botnet in action.
And at some point, I'm not too long after it was created.
It was decided for one reason or another that, you know,
hey, we got all these programmers on here, that's great.
But, you know, they also want to be able to Sell some of the stuff they're making so
Let's invite some people who would be willing to buy some of this stuff this now begins to sound like a fair
You say I have a
Burglish tool. Do you have a door you want to burgle and then you like I'll rent you my tool
That's a simplification, but yeah people would post and say I
am looking to buy X or
here's this piece of software I created, here's all the things it does, here's some screenshots
of it in action, and here's the price. Could be a certain type of botnet software, it could be
buying a botnet itself, you know, if you don't want to build one yourself, you want to buy one
that somebody else already created and has going. I mean, I can get you onto 200,000 or 20,000 computers.
Just give me a check.
Yeah.
What they called them were installs.
Installs?
You know, hey guys, I've got installs and they're $10 per 1000.
Something like that.
What?
Now, this is something that's sort of surprising to us
that when it comes to botnets,
that there's this whole rental market
that's frighteningly affordable.
Yeah, it's bargain basement.
In fact, we were talking with one reporter, Kelly Jackson Higgins,
who is the executive editor of darkreading.com,
which is a cyber security news site.
And she told us,
You can actually rent a botnet if you really wanted to.
You could rent a botnet for one hour,
for about $38 a month.
And so, in some cases,
it was always 20, yes, as low as $20 a month. I could rent a botnet for one hour for about $38 a month. In some cases, it was always 20, yes, as low as $20 a month.
I could rent a botnet for 20 bucks a month.
You could.
It's like renting space.
Here you want to use this to go do damage somewhere,
or you want to make a statement, or you have some plan for it.
Do you want to send some spam?
Here you go.
You could go online right now and probably find somewhere out there
on the net, somebody who will sell you access to computers
for a sense of peace.
And these are like people's computers, like your computer, my computer.
And Dan says, as Dark Code got bigger and bigger, he began to see more of this kind of
activity on the site.
Like some guy would have a botnet of 5,000 computers, another guy would have some software
like the ransomware.
Software guy would then rent the botnet from guy one, install his ransomware, ransom these
poor people, then move on you know some of the people were
You know doing some pretty unpleasant things, you know moving more into the kind of financial crimes territory
You know, which is you know something that I really never had a desire to be involved in and it was largely because of that
He says that in 2009 he decided to get out
But unfortunately the next year I got a lovely visit from the FBI of that, he says that in 2009, he decided to get out.
But unfortunately, the next year, I got a lovely visit from the FBI.
They promptly, uh, was it a, like, kick down in your door type situation?
They knocked.
They knocked.
So, okay.
What was that like?
Pretty terrifying, you know, what's, uh, what's going to happen to me, what's going to
happen next?
What did happen next? I don't know how much of that I can talk about, but I did cooperate with
the government, and I have cooperated with them for the last five plus years now. It was a kick
in the butts, you know, my parents kind of kicked me out. Not that kicked me out, but assisted me with a rapid move out.
And I've been living on my own since then and became gainfully employed, had a few jobs,
became a little bit more serious with my then girlfriend who was not my wife.
So it's given me an opportunity over the last five years to really make some serious changes to my wife. So, you know, it's given me an opportunity over the last five years to really make
some serious changes to my life. Meanwhile, over the same five years, Darkcode grew into this massive
cyber criminal swap me where tens of thousands of stolen social security numbers were bought and sold,
huge databases of personal information and emails were bought and sold, malware and software various kinds were bought and sold.
And this continued according to Dean of Temple Raston right up in July 15th of this year,
July 15th 2015.
Today marks a milestone in our efforts to bring to justice some of the most significant cyber
criminals in the world.
What ended up happening on July 15th is that the FBI had actually gotten into Darko with
a number of intelligence services from around the world, and they had an 18-month investigation
in which they took down, in the end, 28 people.
The FBI has effectively smashed the hornet's nest, and we are in the process of rounding
up and charging the hornets.
But here's what's amazing, right?
So they take down more than two dozen people.
Two weeks later, dark code is up again.
It just pop back up.
Just pop back up.
And then,
the
the
the
the
the
the the the the the the Our deep gratitude to NPR is Dean Atempo Raston, who's reporting really got us going
on this whole project.
Yep, props to Kelsey Fagget, who produced our first segment.
And emails, who produced our second segment.
Thanks also to Andrew Zali, Michael Shamos, Gunther Omen, Lin Levy, Kathy Roder, and the
whole crew at the Microsoft Cybercrimes Unit.
And to you Robert, thank you to you.
Hi, why me?
Because you're part of my botnix.
Because I'm Jada Bumroch.
I'm Robert Coolwich.
Thanks for listening.
Hello, this is Michelle from Kakaaka Hawaii.
Radio Lab is supported in part by the Alfred P. Sloan Foundation.
Enhancing public understanding of science and technology in the Alfred P. Sloan Foundation, enhancing public understanding of science and technology
in the modern world.
More information about Sloan at www.sloan.org.
Mahalo!
Science reporting on Radio Lab is supported in part by Science Sandbox, a Simon's Foundation
initiative dedicated to engaging everyone with the process of science.
Radio Lab was created by Jada Boomerod and is edited by Sauron Wheeler.
Lulumiller and La Tefnauser are our co-hosts Susie Lektenberg is our executive producer
and Dylan Keath is our director of sound design.
Our staff includes Simon Adler, German Bloom, Becca Brestler, Rachel Kusik, W. Harry Fortuna, David Gable, Maria Pascutietes,
Snderniana Sombendom, Mack Kilti, Annie McEwan,
Alex Niesen, Saurakari, Arian Wack, Pat Walters,
and Mollie Websterb.
With help from Tonya Chava and Sarah Sombok,
our fact checkers are Diane Kelly, Emily Krieger,
and Adam Chubo.
you