Sins & Survivors: A Las Vegas True Crime Podcast - Idriss Qibaa - The Stalker Who Sold Fear Online
Episode Date: November 4, 2025Most people in 2025 would never just leave their front door open, their credit cards, or identity information just lying around, but many times, that's what we’re doing online, sharing so much perso...nal information out on platforms like Facebook and Instagram, and we often don't give it a second thought.For many shady people on the internet, that’s an opportunity to take advantage of unsuspecting people, including those who are older or less tech-savvy, as well as influencers, small business owners, and celebrities who have come to depend on their social media and have it tied to their brand.These bad actors use their influence and skills to exert leverage and power over others, and in one recent case, use that power to threaten, humiliate, and destroy people’s reputations and livelihoods.https://sinspod.co/98https://sinspod.co/98sourceshttps://sinspod.co/98bloghttps://sinspod.co/98subhttps://sinspod.co/98transcriptWe also cover the case of Daniel Reza who has been missing since 2019 in the area of Mount Charleston. https://sinspod.co/98missinghttps://sinspod.co/DanielRezaBecome a supporter of this podcast: https://www.spreaker.com/podcast/sins-survivors-a-las-vegas-true-crime-podcast--6173686/support.Domestic Violence Resourceshttp://sinspod.co/resourcesClick here to become a member of our Patreon!https://sinspod.co/patreonVisit and join our Patreon now and access our ad-free episodes and exclusive bonus content & schwag! Get ad-free access for only $1 a month or ad-free and bonus episodes for $3 a monthApple Podcast Subscriptionshttps://sinspod.co/appleWe're now offering premium membership benefits on Apple Podcast Subscriptions! On your mobile deviceLet us know what you think about the episodehttps://www.buzzsprout.com/twilio/text_messages/2248640/open_sms
Transcript
Discussion (0)
Are you looking for a way to reward your employees this Christmas?
Ireland's Blue Book gift vouchers can be used in over 60 award-winning country houses,
historic hotels, and restaurants throughout Ireland.
Give the gift of relaxation this festive season.
For details and further information, visit Ireland's bluebook.com.
To listen ad-free, visit sinspod.com slash subscribe.
Starting at $2.99 a month, you'll also get access to our exclusive bonus content episodes
when you join through Patreon or Apple subscriptions.
Thanks for supporting the show.
Most people in 2025 would never just leave their front door open,
their credit cards or identity information just lying around.
But many times, that's what we're doing online,
sharing so much personal information out on platforms like Facebook and Instagram,
and we often don't give it a second thought.
For many shady people on the internet,
that's an opportunity to take advantage of unsuspecting people,
including those who are older or less.
tech savvy, as well as influencers, small business owners, and celebrities who have come to depend
on their social media and have it tied to their brand. These bad actors use their influence and
skills to exert leverage and power over others, and in one recent case, use that power to threaten,
humiliate, and destroy people's reputations and livelihoods.
and Survivors, a Las Vegas true crime podcast, where we focus on cases that deal with domestic
violence, as well as missing persons and unsolved cases. I'm your host, Sean. And I'm your co-host
John. This week, we are turning to an area of John's expertise, technology, and online safety.
We did some tech corner episodes in 2023 back in our first season, and we said we'd return to that
when there was good reason to. So today we're highlighting a particularly bad actor who trapped
unsuspecting people online with promises of account banning or unbanning on their social media,
lockout recovery services for folks who were locked out of their accounts, and reselling personal
information. So, John, why don't you get us started with what you're talking about this week?
The person we're talking about is Idris Danny Kiaba, who was involved in some pretty sketchy
activities. He was a 27-year-old Moroccan national living in Las Vegas, who in an interview
said that as recently as 2018, he was working construction,
living paycheck to paycheck, and kind of living out of his car.
And he just stumbled into this line of work,
although he wasn't really clear about how that happened.
He operated a business called Unlocked for Life under the name Unlocked for Life LLC,
and he had a slew of different aliases that he used online in these various platforms.
Danny is what his clients, or more accurately, his victims knew him by.
unlocked, unlocked for life on Instagram, and unlocked uncensored on Telegram.
It's worth noting that all of those IDs seem to be gone at this point, so you can't
really find them on Instagram anymore or Telegram.
You said Telegram. Can you explain what Telegram is for anyone out there listening who doesn't
know?
Telegram is a messaging app like WhatsApp or Signal. It's much less regulated than something
like Meta's Facebook Messenger. It has no content moderation. It's increasingly. It's increasingly
for end-to-end privacy, just like Signal is, anyone can create an anonymous telegram user with
no validation at all. You can create huge group chats and public channels to reach potentially
millions of people. It also allows for self-destructing messages like WhatsApp does, which
disappear after a preset time, allowing for people to remove evidence. So it's like a mix of chat
and a public feed. Legitimate businesses can use it too, but all of those features make it a popular
place for scammers who deal in stolen data and the kinds of account recovery schemes that Idris
was running. So Idris kind of fell into this work, as he called it. So some of the services
that his company unlocked for life offered included were things like account banning or unbanning
or recovering locked accounts on Instagram, Snapchat, or TikTok. And he said that he had special
tools that he had developed and he had access to insiders, whatever that means. I know that you
have some experience in losing an account, getting locked out of an account. So I thought that
would be an interesting story for you to share with everyone here. I got a text message, a DM in
Instagram from someone I knew. And the message said, hey, you know, I'm having a problem with my
account. Can you help me reset it? I need someone to read me the code after you click this link,
ostensibly to get their password reset because it had been hacked. Well, in reality,
what they did was they generated that link from my account.
So when I clicked it and I gave them that code,
it gave them the ability to reset my password,
which they did.
And then they changed my phone number to theirs,
which I didn't know.
So I couldn't reset it anymore
because it wasn't going to send me a message anymore.
And then when I messaged them from your account,
they changed my handle entirely,
so I didn't even know where it was.
My account was basically gone.
I had no idea where to find it
or how to contact this person anymore.
And for a while, it was just gone.
I never considered going to an unlock service or anything like that.
But his goal, which I learned later, was to just keep repeating that process.
So he would hack accounts like he did with my friend and then reach out to people who that person was friends with to try to hack other accounts.
And eventually, he was hoping that he would get someone that would pay him to give them their accounts back.
Or he would reach someone who had a large following that had monetized their posts and he could use the audience.
And I think looking back on it, it was easy for you as someone who works in tech and is known among your friends to be someone who's like an expert on some level in social media and IT stuff.
For someone to reach out to and ask for help with unlocking their account, like that was not, that was not something really uncommon.
No, it was really common actually that people ask me for help.
All the time, yeah.
And I felt so dumb.
When my account got hacked, I felt so dumb.
But it happens.
And it was someone that I knew.
And I actually ended up reaching.
out to that person afterwards and they were like, yeah, that person's collecting my
followers accounts now. I eventually did get the account back because I happened to know somebody
who worked at Meta and they walked down and spoke to a database administrator who could change
the ownership back to me after I sent them proof that I was actually me and I was vouched for by
this person who worked there. But that's really rare. You can't really depend on that. It's hard to
get in touch with somebody who works at meta. So you can't really depend on that at all. But that's
the only really official way to get an account back like that.
So these services that promise they can get your account back are called trappers.
And like I said, I didn't work with one of them, but they're very common and they're always
trying to gain access to accounts with large followings.
And I'm not anywhere near the level of someone who Keabo would have gone after.
He's more after celebrity accounts, things like that.
But he went after people with large Instagram audiences at large incomes from their social accounts,
people that it could afford to pay him his ransom to get their account back.
So for people who are older or not tech savvy and even small businesses who depend on their
online presence, losing their social media account can just be the beginning.
In many cases, the trapper turns out to be the one who hacked the account in the first place.
And then they're turning around and offering account recovery services to the people that they hacked.
So Idris went even further.
He offered a scam of ongoing account protection, which was just an ongoing monthly fee
to maintain account access.
The types of accounts that Idris dealt with were companies like dispensaries, people allegedly
involved in selling drugs, not just your average person.
And he would charge insane amounts like $7,500 for account recovery and even more for the ongoing
protection, which sounds to me like something you'd hear about the mafia doing to small
businesses.
Absolutely.
And around the time of April, between April and June of 2024, the FBI, Las Vegas violent
crimes task force was investigating multiple victim complaints about Idris or the person
who would turn out to be Idris because they didn't know who he was at the time.
They collected digital evidence, text threads, telegram posts, linking.
Kiaba to threats, extortion and doxing across several states, and that part's important for
later. We know all this because thankfully he was arrested on July 25, 2004, right here in Las Vegas,
by the FBI after a criminal complaint and arrest warrant were issued. That complaint, which
surprisingly just contains two counts of interstate threats, was filed in the U.S. District
Court for the District of Nevada. From there, he was taken into custody by the U.S. Marshals,
after a grand jury indicted him.
And if you're wondering how investigators finally caught him,
the answer is simple.
He told on himself.
So remember that interview we talked about earlier?
He went on a podcast called No Jumper with Adam 22.
If you're not familiar with No Jumper,
it's a podcast and a YouTube channel based out of L.A.,
hosted by Adam 22, like I said.
He's known for interviewing rappers,
internet personalities, and people from the corners of social media.
most of us kind of only ever hear about, sometimes controversial and sometimes just being
honest, just plain weird. This show has a huge following, mostly because the guests tend to say
things that they probably shouldn't say on camera. And that's what happened here. Idris went on
no jumper and essentially walked everyone through how his whole operation worked. He bragged about
the money he made, the people he controlled, and what he could do to their lives online. He talked
about how he charged people to restore their accounts, how he charged them protection fees,
how he ran a reseller and a mentor program to train others in how to do this.
You can listen to that whole interview and hear him spilling all of the beans, and we will link
that podcast episode in the show notes.
So, I mean, a huge shout out to Adam 22 for what he does in his interview with Kiaba.
Kiaba bragged that he was making $620,000 a month from his schemes, which was essentially extorting
money from Instagram and TikTok users.
He also talked about dealing in what's called TLOs, which were crucial in how he would
docks people online.
Will you please explain what a TLO is because I'm still not even sure what it is?
Yes.
So a TLO report is often called skip trace data.
TLO comes from the name of the company that originated it.
It's called the last one, TLO, the last one.
A data pioneer named Hank Asher started that company, TLO.
and he created a next-generation data platform,
which contained billions of public and proprietary records.
TransUnion, the Credit Union, bought that company in 2013 after Asher died,
and they kept and rebranded the platform to T-L-O-X-P,
which is now called TransUnion Locator Service Expert Platform.
It's a skip tracing tool that's used by debt collectors, investigators,
law enforcement, to locate people and verify identities and family relationships.
So if you ever get a call from a debt collector and wonder how they could possibly get to you
through your family, this is probably how.
They use credit bureau information, addresses, phone numbers, and public data.
And it's only supposed to be available to those with legitimate reasons for accessing it.
Kiaba did not have authorized access.
The FBI affidavit says that he had posted samples of what he called TLO files.
on the website. Agents compared all of that with law enforcement databases and confirmed that
that data was all real. That means that he either bought the reports on the dark web,
receive them from someone with legitimate access, or used someone's leaked credentials within those
systems, and we don't know which. So what did he do with that data? He resold it on his website
as intel packages or intel drops to other trappers for them to use, and that helped him build
his credibility and clout in those shady circles. He would also post or threaten to post his
victim's private data, like names, addresses, social security numbers, relatives' information,
either on the site or on his huge channel on telegram. And he would use them to validate his
threats. So he would send screenshots or PDFs of the information to prove to people that he knew
where they lived or what their social security number was before demanding money. He basically used
the files is leverage, proof that he could find you or ruin you or whatever it was if you didn't
pay him. So most people don't even know what a TLO is or that it even exists, but this definitely
blurs the line between losing an online account and perhaps being afraid for your life.
Absolutely. He was engaged in cyberstocking and I had no idea what a TLO was before I started doing
this research. So it's really likely that most people have no idea what that is or even that it exists,
like you said.
The criminal complaint had some examples of what he did to his victims, including screenshots
of the text messages.
All of his victims were only identified in the criminal complaint using their initials, and
we'll only mention their initials here to protect their privacy as well.
So here are a couple of examples from the criminal complaint.
JT was a well-known social media influencer who ran pages like Cali Plug and the Blacklist,
XYZ.
Kiyaba initially offered to sell him.
him a username for around $5,000.
When J.T. turned him down because of the price, JT's Instagram account was suddenly disabled,
and Kiaba demanded $10,000 to restore it.
J.T. eventually paid $8,500 in cash to get the account back, but he still continued to be threatened.
A.T., a businessman from San Diego, paid Kiaba $25,000 for the rights to the username at
ACE, but never got it.
When A.T. tried to get his money back, Kiaba demanded $100,000 instead. And the messages that followed
included direct threats to AT's daughter and other family members. And one final example,
E.H, a journalist and comedian, contacted Kiyaba about her blocked Instagram and then was
spammed with more than 2,000 SMS messages. Kiyaba told her that he had her social security number
and he would blast it out, demanding $20,000 to stop the attacks.
As we said, Kiyabo was tried in the district court here in Nevada.
There really wasn't a trial because he pleaded guilty to two felony counts of interstate threats.
One for a Beverly Hills dentist, he terrorized with hundreds of texts,
and another for a Las Vegas landlord and realtor that he harassed after a rental dispute.
Both involved threats that crossed interstate lines, which made them both federal crimes.
Note that there were other victims that we didn't mention in the list, but the government pursued
those that they had the most evidence for and referenced the other ones in the long list of
victims to help show intent and build the case. He was sentenced to 36 months in federal
prison at Victorville Federal Correctional Institution, a medium security facility in Adelanto,
California, and he will be released on February 14, 2007, and he will be around 31,000.
years old. He also had to pay a fine of $75,000 and pay $200,000 in restitution. We'll talk more
about that in our swing shift overtime episode, but for a person who's pulling down $620,000 a month
in income from this work, it seems really light. So if you want to hear that discussion, head over to
cinspod.com slash subscribe, and you can listen to that. The case here itself is interesting,
but in reality, our goal is to help people. And in this case, I want to talk through how this
can affect you potentially and how you can protect yourself.
There are a few simple things you can do to make yourself a harder target.
First up, though, I want to remind you how you might be targeted by unscrupulous people online.
You might be targeted by an account recovery or unlock scam
with people claiming that they can restore or somehow verify your social media accounts,
and oftentimes it's going to be the same person who may or may not have attacked your
account in the first place.
you might be the victim of fishing or spearfishing or smithing.
So those are fake emails or text messages that look like they're from banks or meta
or the state of California Department of Transportation asking you to pay your moving violation
or something like that.
For example, I saw one recently from the California toll road payment system, allegedly.
It was a scam text that sends a link that steals credit card information.
There's also social engineering DMs, that's the one that got me, so when a friend of yours asks for help resetting their account, you click the link and you lose your account.
There's also the family emergency or imposter call scam, where a scammer might call you and claim that a relative has been hurt or has been arrested or owes money or perhaps hit somebody with a car or something like that, and they will push you for payment in the form of credit card payment or something like that.
Sometimes they will even use AI-cloned voices for that, so beware of that.
And then, of course, there's doxing and data abuse.
Criminals can get personal data from leaks or skip-traced databases like the TLO-XP files that
Kiyaba used and use it to intimidate or extort.
So how can you protect yourself?
What I always tell people is never immediately click a link in an email or a text,
even if they look real unless you're 100% what the source is.
you have to look at the return address and hover over the link to make sure that the link is going
where you think it is. But instead, to be safe, what you can do is just open a new browser
window and type in the site directly. So, for example, if you get an email and you're not
sure it's real from Capital One, you can just open up a new browser window and go to Capital One.com
yourself and log in and see if it's real, or you can call Capital One and find out if it's real.
That applies to text messages, too. I very rarely click on a link.
that I get in a text message.
Another best practice is to get yourself an Authenticator app, like Google Authenticator
or Authenticator rather than using text message codes, because if someone steals your
password, they can't access your account without that code.
They could potentially clone your cell phone, though, and get those codes for you if you're
using just text message validation. It's always important to use complex passwords that are at least
12 characters long, mixing upper lower case, numbers and symbols, and change them frequently.
And you can use a password manager like one password or Bitwarden to keep them secure and unique.
If you're looking to recover your account, that recovery is only going to happen through the
official channels. So if it's a Facebook account or an Instagram account, that's only going to
happen through meta. So help.com, Facebook.com, slash hacked. And they have pretty good tools for that
these days. No legitimate meta-employee will DM you to fix your account, and no one can verify you
for a fee. We also recommend that you lock down your personal data. So we, for example, have all of
our credit bureaus frozen. So you can log into Experian, TransUnion, and Equifax,
recommend you have an account with all of them. And if you freeze your account, it's free,
reversible, and it stops new accounts from being opened in your name. We also use a data removal
service called Incogni, but you can use Delete Me or any other data removal service that is
reputable to reduce what data is available on public information sites like PeopleFinder and other
broker sites.
But essentially, just remember that if you're targeted by this sort of a scam, that fear and
urgency are your red flags and they're your enemy, you have to slow down, confirm all the
details, and verify through some other channel before acting.
If you are targeted by a scam like this, make sure you don't take.
just delete everything. Take screenshots of texts and URLs before deleting or blocking people
and report to the authorities. You can report to the FBI's Internet Crime Complaint Center at
IC3.gov. And for imposter or family emergency scams, you can report to reportfraud.fd.fdc.gov.
And you can forward spam texts to 7726 spam or just report them to your carrier.
And remember, don't pay or negotiate.
Extortionists are rarely going to stop coming after you for money after just one payment.
And it's important that you mentioned if your credit is locked and someone claims they have your
social number and they're going to make it public, if your credit's locked, is that something
that would scare you to make you pay urgently if you already know your credit is protected?
You should never pay urgently if someone tells you they have your social security number.
You should report that to the authorities. But yes, they can't open a new account in your
name of all of your credit is frozen. Absolutely. So you shouldn't act rashly if that happens.
All these scams rely on all that urgency and fear and panic. So you just have to slow down,
verify, and you're basically going to take away their power. Remember to think of your online accounts
like you think of your home. Block the doors, know who you let in, and don't trust strangers with
the spare key. Remember to harden the target. If you're a hard target, most attackers will move on
to someone easier. Those are really good tips, Sean. That's really helpful. And even though
Kiyaba is locked up.
We know that him just talking on that podcast
probably educated a lot more people
about how they could run scams like this.
And there are so many bad actors out there.
And it's not clear to me how many people
he got that information out to
because he was selling those TLO
Intel drops to other trappers.
So always be aware of that.
Yeah.
And I had never thought that before
that there were folks that would steal your account
simply so they could make you pay
so you could get it back.
and that there's a whole industry of that kind of account stealing out there.
I hadn't thought about that before we started talking about this case.
Before we conclude this episode, we're going to talk about missing person, Daniel Reza.
This year, as we mentioned in previous episodes, we're going to cover a missing person's case
on every one of our episodes this season and probably throughout this whole year.
The Las Vegas Metro Police earlier this year published a missing person's cold case website,
and we want to continue to highlight people on this list.
hopes that someone can come forward with a lead or any information to help these families.
Daniel Reza has been missing since August 25th, 2019. So just over six years. He was 35 years old
when he was last seen. Today, he would be 41. His parents' names are Fernando and Ida.
And they were first alerted that Daniel was missing by his roommate, who told Fernando that
Daniel had been missing for about two days. It was reported that he was last seen in the area of
Warm Springs in Decatur, which would be the southwest part of town. But according to Red Rock
Search and Rescue, he was actually last seen on a trail at Mount Charleston. They have said that he
was spotted on several trails during that week, which was the week leading up to Labor Day that
year. And his car was located at the Cathedral Trail Trailhead on Mount Charleston, but Daniel
never returned to it. Red Rock Search and Rescue and the Las Vegas Metro Police searched for him
along with the Air Force's 34th Weapons Squadron, which is based at Nellis Air Force Base,
along with multiple hikers and folks on ATVs, they used helicopters to try and find him.
But unfortunately, the families GoFundMe explained that search and rescue efforts were called off
after officials felt they had exhausted all measures available, which was approximately a week
after he went missing.
Rez is described as being a fair-skinned Hispanic male, 5'10, 180.
pounds with brown eyes and brown or black hair, and you can see photos of him on our social media
this week. On the day he disappeared, he was possibly wearing a long sleeve blue shirt and
blue jeans. Red Rock Search and Rescue posted photos of the gear Daniel was using or wearing,
including a blue backpack, a wooden hiking stick, a tan sun hat with a colorful logo of
mountains that says Spring Valley and a black hooded jacket. He was also known to be carrying a
blue battery operated lantern. If you have any information about Daniel, please contact the
LVMPD at Missing Persons at LvMPD.com. Thank you for listening as always and supporting the show.
We really appreciate it. And we remind you that what happens here happens everywhere.
Thanks for listening.
Visit Sinspod.com.
For exclusive bonus content and to listen ad-free.
Remember to like and follow us on Instagram, Facebook, TikTok, and Threads,
sins and survivors. If you're enjoying the podcast, please leave us a review on your podcast platform
of choice. You can contact us at Questions at Sins and Survivors.com. If you or someone you know
is affected by domestic violence or needs support, please reach out to local resources or the
National Domestic Violence Hotline. A list of resources is available on our website, Sins and Survivors.com.
Sins and Survivors, a Las Vegas true crime podcast, is researched written and produced by your
hosts, Sean and John. The information shared in this podcast is accurate at the time of
recording. If you have questions, concerns, or corrections, please email us. Links to
source material for this episode can be found on our website, sins and survivors.com.
The views and opinions expressed in this podcast are solely those of the podcast creators,
hosts, and their guests. All individuals are innocent until proven guilty. This content
does not constitute legal advice. Listeners are encouraged to consult with
legal professionals for guidance.