for steal money from either so it is it also lends itself to that separation so the criminal act like when i broke the wall it was all about me stealing from people that i'd never met and never would meet and that allowed me the opportunity to be anonymous and also not have to face the people that i was ripping off not hurt that the most damaging cyber attacks that kompany is can face come from of bogus emails how come that after millions of dollars spent on sophisticated fire walls on workshops being held on elementary cyber security skills it still takes a single click on a babbling to send the whole enterprise down the river well the reason is the human factor the reason that that ninety two percent of every single breach begins with a phishing attack phishing attack is simply as a form of social engineering as a criminal you know that it's much easier to ask someone permission then it is to try to brute force your way into a system so the only thing you have to do is you have to send an e-mail that looks

legitimate enough to get someone to click on it once that happens it's game over for the company or the person or the or the government or whatever it is it you're trying to break into can you purchase a firewall to help prevent human curiosity. what i do these days i do a lot of consulting with companies groups law enforcement for individuals i recommend that they use the software firewall but for businesses it's important to use a physical firewall now that being said even if you're using the physical firewalls the human is still the weakest link in that cyber security chain so if a company is using the physical firewall if they still receive a phishing e-mail that looks like it comes from the company itself or or something that looks legitimate and that that employee clicks on that link it's still game over for that company that you've talked about working with a phone says that might be easier to get where you want to set a corporation with a phone call than with technical tools as social engineering more important in

cyber crime than the actual cyber part. the most important thing is to get information all right now it's easier to get information as i said before it's easier to get information by simply asking a person for that access and you do that by social engineering talking about phone calls for example i can bypass every piece of internet security that a company or government has simply by picking up a phone spoofing a phone number which is when i call in and it will appear on the offices side as someone else's number so i can spoof the phone call make it appear as if i'm a customer or a boss or anything else and convince that person that hey send me the money or give me access to your system and when that happens again it's game over the weakest link is always always the human being behind the software that's using it but i mean how do you deal with that you can't really fix a human error can you know you cannot fix the human error one of the things i say

in a lot of presentations is that there's no patch for human stupidity now that being said you can do a lot of training for people so i advise companies to do simulated phishing attacks companies to have people come in and constantly train not just the higher ups of the company but from the ground floor up it's important for a company these days that security is is part of the entire structure of the company so the person is sweeping the floor the lowest paid employee the most the lowest educated employee all the way up to the c.e.o. of the company the need to know about all these breaches that are going on about the avenues of attack about phishing about the dangers that lurk from cyber criminals like i used to be. companies often refuse to report a cyber crime because they don't want to be compromised they don't want to compromise their reputation a shop owner wouldn't think twice before calling the police if his place was broken into why don't business treat data out theft the same way that is the question of

the day right there why don't the large businesses share information and tell exactly what's going on and a lot of it has to do with liability a lot of it has to do is they they don't want to lose business they don't want to be sued they don't want their customers to think that they are not doing a proper job with security so what we see across the board with these larger companies whether it be a fax or a. target or anything else what we see with companies like that is they'll be breached and first they try to hide it and then when it comes out in the news they try to minimize it and it continues to go out that until maybe a year and a half later you start to see these new stories popping up of well no this breach was much worse than we initially thought and the thing is that nowadays breaches are so common that most people have gotten used to the idea of their information already being out there online for cell or to be used by criminals so individuals

are also less likely to go to the police after online crime not just corporations why is that because you're not physically killing someone or physically stilling money from someone's pocket what with when i was when i was breaking the law one of the first lessons that i learned was that people or companies they really don't report the crime now some of them do but a lot of companies and a lot of individuals once the ripped off whether it's embarrassment or they just think that the longer that law enforcement won't do anything about it that nothing's going to come of the investigation a lot of companies a lot of individuals tend not to report it to law enforcement the problem is that when you don't report it to law enforcement law enforcement doesn't know what's going on it and it doesn't aid in any type of ongoing investigations of the guy going on at the time so it's important it's really important that individuals reports law enforcement that companies report law enforcement that way this database that law enforcement keeps with all these breaches all these crimes that are going on they get more information more data and it will ultimately result in

a group like in fraud being shut down or a group like i used to roam the shadow crew being shut down and people going to prison because that's that's really what it's going to take is more investigations more legislation companies actually reporting and security as a whole being increased not only with companies but individuals do you feel less responsibility for committing a crime in cyberspace and so do victims still as her. by them as well i mean in essence the cyber crime feel unreal because it's in a virtual world i think it feels unreal in a virtual world for both of the criminals and the people there the victims or the companies that are victims and the reason is because of the separation you don't have to look your victim in the face and the victim doesn't see the criminal the criminals face either so there's that separation that takes place for example that the criminals that i know when one alphabet a was shut down in july of last year

they had a membership and that was the largest online criminal network they had a membership of two hundred forty thousand members so there were two hundred forty thousand people that were trying to rip people off every single day now if that were in the real world if that were two hundred forty thousand people if alfa bay were a group that you had to rip people off face to face you had to steal money from them by pointing a gun at them or whatever you wouldn't have that type of number but because it's online and because the criminal can hide behind that mask of anonymity you have these people that are joining up and they will even think about it they they they consider it well i'm not ripping off the person the bank will pay for it or the government is who i'm ripping off and they can afford it but the truth of the matter is is that everyone is a victim if you're if if a cyber criminal hits a bank or a government those costs are just passed on to the citizens or the customers of the business now you've said that cyber criminals often sidelined the negative consequences of their actions so they're anxious to share or there are too good to

be caught i mean when you were jailed for your online front schemes did you see that coming. we had in our case we did see it coming we had we were so sophisticated at that point in time that we had actually hacked into the secret service cell phone accounts and we had text messages about them investigating us on the server side we know saying that law enforcement was visiting our side we knew exactly what was going on and we knew things were going and what and badly force most criminals and i did the same thing so yes we comport my cart with compartmentalize everything so we justify or crimes by saying you know i didn't rip off people are rip off businesses and governments and not only that but we also say you know whatever's going to happen is going to happen so we tend to adopt this this philosophy of fatalism that in order to keep operating in order to keep breaking the law we know there's going to be a bad end but we continue on anyway thinking that ok it's already too late we need to go in and continue and maybe something will work in the favor of the criminal

the point is that for any cyber criminal it always ends badly always i've got friends associates that were engaged in those types of crimes and they ended up with life in prison or thirty years in prison and one guy ended up committing suicide instead of going to prison it always ends badly for. iraq where they take a short break right now and learn well back well continue talking to bright. former mentor a cyber criminal talking about the dangers of the rabbi and how they can be inverted stay with us.

i think more doogan is an outstanding person because he took on the most powerful agency in this county or you lead a state if you look at it from the analogy. marc was the day that when he was fighting the. mob do going to has been the sheriff's most contentious critics say he is the first time i noticed something wasn't right in fleece where pretty much when he first started the corruption in palm beach county is not something that you can smell a thing like that it's a nod and a wink it wasn't what i wanted to do. we've had more shootings in this county then some states have had collectively to gun went to his website began featuring the comments about guns his family the sheriff my dead man squash you like a bug you know i wish you'd stop then you should say and i'm left with stuff i

believe what i'm doing ok you know it's your funeral f.b.i. raided p.b.s. and critics in this house. i snuck out of the united states. into russia political asylum. men they know bad wolf. you know world of big. lot and conspiracies it's time to wake up to dig deeper to hit the stories that mainstream media refuses to tell more than ever we need to be smarter we need to stop slamming the door. and shouting past each other it's time for critical thinking it's time to fight for the middle for the troops the time is now we're watching closely watching the hawks.

best's drug where her cocaine was were four bucks for the under fifty so the everybody use cocaine crack cocaine you can smoke it this is worth fifteen thirty. twenty. k. to this is about a fifteen dollar big people smoke this one bigger second sweetie you can find these drugs in any city in the united states that you walk along as you want to get it about the. make money. and that's one of the every day. when lawmakers manufacture consent to stick to public wells. when the

ruling classes project themselves. in the final merry go round the sun we don't want to say. we can all middle of the room sick. i mean real news real world. and we're back with brats johnson former cyber criminal now cyber security expert

who is now helping others just. a safe a line brett i read a story about how you were teaching frot to the arian brotherhood when you were in prison i mean do you think the cyber criminals and you will live criminals are going to merge eventually and you know there will be no difference actually i think we are seeing that now now when i taught fraud or are how to commit fraud when i was in prison that was to remain safe i was i had to do that in order to to not be killed while i was in prison by a very and brotherhood or these other gangs that were around but what we see these days in cyber crime when i was so in gauged in cyber crime you had to do you had this clear line separated physical crime from online crime you didn't have gentlemen that were engaged in both now that's that's pretty much gone crimes today especially united states crimes today mix the two so today we've got people that

will still mail from people's mail boxes once that mel is stolen they'll go ahead and go online and they'll try to pull the social security numbers the dates of birth mother's maiden the complete identity profile of that person they've stolen the mail from once that's done they add an address on to the credit reported what's called a drop address so that they can receive new account cards a replacement cards order physical items and cash out like that as we continue to grow online with our online identities and personas you will continue to see this mixture of physical crime and internet crime and the two will meld to a point where they're almost indistinguishable if you can't really distinguish them at all so what a cyber crime a need for a more dangerous stuff like terrorism financing or laundering drug money for a cartel as does the internet make doing that a walk in the park it makes it much easier before if you if you were a group that needed to raise money without the internet it was very difficult you

had to engage in drug trafficking or anything else like that but these new terror. restore his ations that are out now they can engage in online crime they have they have people that they don't have to worry about brute forcing or attacking or using violence to steal money they can engage in bitcoin laundering. crypto currency stealing that you've got to several governments melba or terrorist organizations that try to steal crypto currency because of the value of it and they use that to finance their terrorist our operations or if there is a sanction against the government the government will try to steal bit coin or launder money with bitcoin we're going to continue to see that that's not going anywhere anytime soon because it's a much easier and more profitable avenue for terrorist groups or who have you to make money. so let's talk a bit of samurai comics here mean we're used to the fact that real organized crime

around has for all its lawbreaking own internal sattar rules what about cyber crimes that have its own should a code of honor i mean certain to lose like the mafia you do have taboos and cyber crime so realize that to engage in financial cyber crime there are three motivations it's either ideology it's status or it's cash most people do it for cash they do it to make money now when you start as a cyber criminal you don't really know a lot of how to commit crime you don't know or know or understand the dynamics of cyber crime so you start at the lowest rung possible you start by ripping off people now as you advance your craft as you become better and that career fraud you get to the point where you're ripping off governments or organizations companies things like that so what you see with cyber criminals is is there is this clear hierarchy of who thinks they're better than someone else so if you're beginning criminal you're looked down upon by these upper class people that are only ripping

off governments because they view themselves as better and that's that's part of this entire online. business or persona or ideology that takes place you the criminals have to justify and i did the same thing i had to justify my crimes by saying at least i'm better than these people so you'll see them engaged in crime you won't see a financial cyber criminal that really i have never met a financial cyber criminal that is engaged in child pornography they they all look down on that they all tend to look down on drug trafficking even though today if you're looking at financial cyber crime it is necessarily mixed with drug trafficking as well because are so much profit in that but even as such the guys who are stealing money still look down on the guys who are doing drugs so there's. always that that hierarchy of who thinks they're better than someone else and at the end of the day everyone still criminals so seeing how hackers don't go around

busting kneecaps on the streets or mugging anyone a gunpoint that kind of thing what does it make them i mean does it make them less tal's when facing the law. is certainly does one wire when i ran shadow crew when we were called everyone told everything they knew how soon as they were arrested i did the exact same thing and the reason was is that we were not we were not used to crime we were used to internet crime but not physical world crime now is shadow crew ended we started to see more mafia type groups being engaged in cyber crime and with that they brought violence with them as shuttle crew into there was one gentleman that he posted pictures of a guy who owed him money and he had had the guy kidnapped and he was torturing the individual so he posted that you start to see more of that coming into the cyber crime world because the profit potential is so high that that threat of violence

has to be there and we'll continue to see that advance you know you you're seeing now but people who have bitcoin they're being kidnapped and threatened with their lives in order to ransom up for money. i know that when you first start working for this errol government you also manage to live as a scammer at the same time all the while being under surveillance and supposedly under the control of the sat so how many hackers are double agents so to speak and how and play both teams at the same time i think that you're right when i when the secret service got me out of jail to work for them i started breaking a law the exact same day that i got out and i continue doing that for ten months until they found out about it how many. people do the exact same thing most if not all until they reach a point that they understand that it's not going to end well and that usually takes a lot of prison time and in my case it took being sentenced to seven and a half years of prison escaping prison and being called again and seen sent back to

prison so there was a story a little while back about the director of the f.b.i. complaining about a staff shortage in the cyber crime unit saying that all those who are capable of working there are slow by juana and therefore are banned from a federal law enforcement job so does the law enforcement mostly force hackers into cooperation like either you serve time or you work for us because you can't attract talent to come into for a voluntarily. for the united states there's a stigma with law enforcement of hiring ex criminals or ex hackers. or corporations and companies there's not as much of a stigma but still it's there even today i consult with fortune one hundred companies with security companies i think it's all today with the f.b.i. . there is still that mistrust because i was the guy that used to rip off a lot of people a lot of money and i even continue to commit crime when i worked for the federal

government before. the thing is is that for a criminal law enforcement security people they really don't understand that criminal minds they don't understand the the links that even i would go to to break the law and until you start to understand the human factor it's like with cyber criminals cyber criminals know that the most important part of breaking the law and getting money is the human being that's why fishing is so popular it's the same thing for law enforcement companies they they need to get to the point where they understand that we need to understand this criminal minds so when we find someone that has reformed and it took me a long time to reform but when you find someone that is reformed but still has that ability to to think as a criminal to explain that type of mindset to law enforcement groups organizations companies it has a lot of value to it and when i give a presentation today most companies groups know that fraud is a problem but they don't understand the face of fraud until you actually talked to a guy that used to rip them off so if the sads ran network of recruiters and

informants and the hacker community but i heard about a game called stop the fad during hacker conferences is it really that easy. undercover cop at a hacker convention i mean what gives it away it is it's not just the spot the feds at a hacker convention it's spot the feds on online criminal groups and communities it's everywhere and it's extremely easy to spot a law enforcement official it's easy to spot. security pro and a number of things for example online you've got several online carding forums or fraud forums and you'll have law enforcement people that will try to integrate themselves into these forums and what usually happens is they'll come on and they'll act like they're criminal but they'll ask the wrong type of questions or they'll want too much information too soon there are there's these tail tale signs that criminals they know that something's wrong they may not know that the guys of

the guys are law enforcement officer or a security pro but they know he's not a criminal and they have this bad feeling criminals are very good with intuition of being able to know that something is wrong so they automatically they may not know he's a cop but they automatically peg him as someone that's not like them and that becomes a huge huge problem for law enforcement that's why law enforcement tends to use a lot of informants and stuff like that in order to gain access to these communities now one of the articles you wrote that purchasing someone's credit card number along with their full identity information will set you back just about two hundred dollars i mean how come it's so cheap is everyone's identity absolutely unsafe. the way i took to the way i talk about it today and i use equifax as an example so everyone is scared to death of the equifax breach but the truth of the matter is is all of that information everyone's information has been out there and there have been so many breaches that your information is already for sale and

because of that deluge of information that so much information is out there it's pretty cheap for example i can buy a credit card for anywhere from six to twenty dollars ok and with that credit card i get the card number i get the card owner's name address phone number expiration date three digit security code on the back now that gives me they have the ability to start buying things online but i can also pull that car owners complete identity information and what i do is there's a website i can go to and pull the social security number and date of birth and address history for another two dollars and ninety cents once i do that i go over i start when background checks background checks run sixteen dollars so all of a sudden i've got a complete background check and i've got the social the date of birth for a post of twenty dollars then i pull the credit report the credit report is free once i have that i have a nuff information to really do whatever i want to commit whatever type of financial crime i want to with the victims of formation and that that's part of the

ease of cyber crime it's not rocket science anymore it's things are so easy for criminals these days that it doesn't take much money to get started doesn't take much knowledge to get started you can buy a tutorial you can take a class on how to commit crime all this stuff is pretty automated these days so just to wrap this up briefly what can an ordinary repair person do about all this i mean you can tell the government registries are big companies to beef up security yes but walk in and i personally do about my identity being traded on the internet and i think. sure so no no there are things you can do and what i what i try to tell people to do is to make sure you're not the low hanging fruit and the way to do that is first to freeze your credit all right and not just freeze your credit of you but every single person in the house because children are the number one victims of identity theft you can use a child's information to create entirely new identities so freeze the credit of

everyone in the house monitor every single account you've got and what i mean by that is bank accounts e-mail accounts credit cards everything monitor everything place alerts on every single account as well that way if a thief does have your information and they try to charge your credit card you get an alert to your phone that says hey something's going on so those are two things the third thing is to use a password manager we as humans we simply do not know how to best pick a secure password so we tend to use the exact same passwords across multiple websites it's important that we don't do that you do those three things those three easy things and the chances of you being ripped off or becoming a victim online is really really minimized at that point in time criminals tend to go for the easiest targets and you've just made yourself more difficult than eighty percent of the populace fred thank you so much for this wonderful insight and for this interview we're talking to brett johnson they original internet got father

former notorious cyber criminal turned digital security expert about the dark side of cyberspace well that's it for this edition of the enco i will see you next time . i do. so what we've got to do is identify the threats that we have it's crazy. let it be an arms race. only. use it.

for control of the libyan capital tripoli today the u.n. and the united states troops and. the general election. who faces a close race look at how much his relations with the u.s. play a role in the upcoming. will power struggle. an answer on what best to do with foreign fighters who joined i still in syria and iraq and now want to come back home again party is direct from some of those military. might be the biggest mistake of my life that we emigrated. that we made absolutely cannot be undone and for.