Chris Tarbell: FBI Agent Who Took Down Silk Road | Lex Fridman Podcast #340 | Transcription
Transcription for the video titled "Chris Tarbell: FBI Agent Who Took Down Silk Road | Lex Fridman Podcast #340".
Note: This transcription is split and grouped by topics and subtopics. You can navigate through the Table of Contents on the left. It's interactive. All paragraphs are timed to the original video. Click on the time (e.g., 01:53) to jump to the specific portion of the video.
You could buy literally whatever else you wanted. You could roast things, drugs. You could buy heroin right from Afghanistan, the good stuff, hacking tools, you could hack for hire. You could buy murders for hire. - The following is a conversation with Chris Tarbell, a former FBI special agent and cyber crime specialist who tracked down and arrested Russ Albert, the leader of Silk Road, the billion dollar drug marketplace, and he tracked down and arrested Hector Mansagur, AKA Sabu, of Lalsek and Anonymous, which are some of the most influential hacker groups in history. He is co-founder of Naxo, a complex cyber crime investigation firm and is a co-host of a podcast called The Hacker and the Fed. This conversation gives the perspective of the FBI cyber crime investigator, both the technical and the human story. I would also like to interview people on the other side, the cyber criminals who have been caught, and perhaps the cyber criminals who have not been caught and are still out there. This is the Lex Friedman podcast. To support it, please check out our sponsors in the description and now, dear friends, here's Chris Tarbell. You are one of the most successful cyber security law enforcement agents of all time.
Discussing Internet Privacy And Surveillance
Silk Road (01:16)
You tracked and brought down Russ Albrecht, AKA Dread Pirate Roberts, who ran Silk Road and Sabu of Lalsek and Anonymous, who was one of the most influential hackers in the world. So first, can you tell me the story of tracking down Russ Albrecht and Silk Road? Let's start from the very beginning. And maybe let's start by explaining what is the Silk Road? - It was really the first dark market website. You were literally, you could buy anything there. Well, let's take that back. There's two things you couldn't buy there. You couldn't buy guns because that was a different website. And you couldn't buy fake degrees. So no one could become a doctor. But you could buy literally whatever else you wanted. You could buy things, drugs. You could buy heroin right from Afghanistan, the good stuff, hacking tools, you could hack for hire. You could buy murders for hire if you wanted someone killed. Now, so when I was an FBI agent, I had to kind of sell some of these cases. And this was a big drug case. That's the way people saw Silk Road. So internally to the FBI, I had to sell it. I had to find the worst thing on there that I could possibly find. And I think one time I saw a posting for baby parts. So let's say that you had a young child and that needed a liver. You could literally go on there and ask for a six month old liver if you wanted to. - For like surgical operations versus something darker? - Yeah, I never saw anything that dark as far as people wanted to e-body parts. I did interview a cannibal once when I was in the FBI. That's another crazy story. But that one actually weirded me out. - Sorry, I just watched Jeffrey Dahmer, documentary on Netflix. And it just changed the way I see human beings because it's a portrayal of a normal looking person doing really dark things and doing so, not out of a place of insanity seemingly, but just because he has almost like a fetish for that kind of thing. It's disturbing that people like that are out there. So people like that would then be using Silk Road, not like that necessarily, but people of different walks of life would be using Silk Road to primarily, what was the primary thing, drugs? - It was primary drugs. And that's where it started. It started off with Ross Albrick growing mushrooms out in the wilderness of California and selling them. But really his was more of a libertarian viewpoint. I mean, he was like, you choose what you want to do for yourself and do it. And the way Silk Road kind of had the anonymity is it used what's called Tor, the onion router, which is an anonymizing function on the deep web. It was actually invented by the US Navy back in the mid 90s or so. But it also used cryptocurrency. So it was the first time that we saw this birth on the internet mixing cryptocurrency and an IP blocking software. So in cyber crime, you go after one, the IP address and trace it through the network. Or two, you go after the cache and this one kind of blocked both. - Cache meaning the flow of money, physical or digital. And then IP is some kind of identifying thing of the computer. - It's your telephone number on your computer. So yeah, all computers have a unique four octet numbers. So 188.8.131.52.123. And the computer uses DNS or domain name services to render that name. So if you were looking for CNN.com, your computer then translates that to that IP address or that telephone number where it can find that information. - Didn't Silk Road used to have guns in the beginning? Or was that considered to have guns? Or was the naturally emerging then or else realized like this is not good? - It went back and forth. I think there were guns on there and he tried to police it. You know, he told himself that the captain of the boat so he had to follow his rules. So you know, I think he took off those posts eventually and moved guns elsewhere. - What was the system of censorship that he used? Like of selecting what is okay and not okay. I mean, it's-- - Him alone, he's the captain of the boat. - Do you know by chance if there was a lot of debates and criticisms internally amongst the criminals or what isn't isn't allowed? I mean, it's interesting to see a totally different moral code emerge that's outside the legal code of society. - We did get the server and was able to read all of the chat logs that happened. I mean, all the records were there. I don't remember big debates. I mean, there was a clear leadership and that was the final decision. That was the CEO of Silk Road. - And so primarily was drugs and primarily out of an ideology of freedom, which is if you want to use drugs, you should be able to use drugs. - You should put in your body what you want to put in your body. - And when you were presenting a case of why this should be investigated, you're trying to find as you mentioned the worst possible things on there that we were saying. - So we had arrested a guy named Jeremy Hammond and he hit himself, he was a hacker and he, this would be arrested, it was the second time he had been arrested for hacking. He used Tor. And so that kind of brought us to a point, the FBI has a computer system where you look up things, you look up anything, I could look up your name or whatever if you're associated with my case. And we were finding at the time a lot of things in you look it up, the case would end, be like, oh, this is Tor, it just stopped. Like we didn't go any further. So, we had just had this bigger rest of Sabu and took down Anonymous. And sometimes in the FBI, the way it used the old school FBI, when you had a big case and you're working seven days a week and 14 hours, 15 hours a day, you sort of take a break. The boss kind of said, yeah, I'll see in a few months. Go get to know your family a little bit, you know, and come back. But the group of guys I was with was like, let's find the next big challenge. And that's when we were finding case closed, it was Tor. Case closed, it was Tor. So said, let's take a look at Tor and let's see what we can do. Maybe we'll take a different approach. And Silk Road was being looked at by other law enforcement, but it was taking like a drug approach where I'm going to find a drug buyer who got, you know, the drug sent to them in the mail and let's arrest up, let's go up the chain. But the buyers didn't know their dealers, they never met them. - And so you were taking a cybersecurity approach? - Yeah, we said, let's try to look at this from a cyber approach and see if we can gleam anything out of it. - So I'm actually indirectly connected. - Uh-oh. - I'm not, I'm sure I'm not admitting anything that's not already on my FBI file. - Oh, I can already tell you what you're gonna tell me though. - What's that? - That when you were at college, you wrote a paper and you're connected to the person that started. - You saw him a bitch. You clever son of a bitch. - I'm an FBI general, former FBI general. How would I not have known that? - No, but I could have told you other stuff. - No, it's exactly what you were about to tell me. - I was looking up his name because I forgot it. So one of my advisors for my PhD was Rachel Greenstad and she is married to Roger Dingell-Dine, which is the co-founder of the tour project and actually reached out to him last night to do a tour podcast together. I don't know. - No, it was a good party trick. I mean, it was just cool that you know this and the timing of it, it was just like beautiful. But just the link around the tour project. So we understand, so tour is this black box that people disappear in terms of like the when you're attracting people. Can you paint a picture of what tours used in general? Other, it's like when you talk about Bitcoin, for example, cryptocurrency, especially today, much more people use it for legal activity versus illegal activity. What about tour? - Tour was originally invented by the US Navy so that spies inside countries could talk to spies and no one could find them. There was no way of tracing them. And then they released that information free to the world. So tour has two different versions of, not versions, two different ways it can be utilized. There's dot onion sites, which is like a normal website, a dot com, but it's only found within the tour browser. You can only get there if you know the whole address and get there. The other way tours used is to go through the internet and then come out the other side if you want a different IP address. If you're trying to hide your identity. So if you were doing like say cyber crime, I would have the victim computer and I would trace it back out to a tour relay. And then because you don't have an active connection or what's called a circuit at the time, I wouldn't be able to trace it back. But even if you had an active circuit, I would have to go to each machine physically alive and try to rebuild that, which is literally impossible. - So what do you feel about tour ethically, philosophically as a human being on this world that spends quite a few years of your life and still trying to protect people? - So part of my time in the FBI was working on child exploitation, kiddie porn as I call it. That really changed my life in a way. And so anything that helps facilitate the exploitation of children fucking pisses me off. And that sort of jaded my opinion towards tour, because of that, because it helps facilitate those sites. So this ideal of freedom that Russell Albrecht, for example, tried to embody is something that you don't connect with anymore because of what you've seen that ideal being used for. - I mean, the child exploitation is a specific example for it. And it's easy for me to sit here and say child exploitation 'cause no one listening to this is ever gonna say that I'm wrong and that we should allow child porn. Should, because some people utilize it in a bad way, should it go away? No, I mean, I'm a technologist. I want technology to move forward. People are gonna do bad things and they're going to use technology to help them do bad things. - Well, let me ask you then, we'll jump around a little bit, but the things you were able to do in tracking down information and we'll get to it, there is some suspicion that this was only possible with mass surveillance, like with NSA, for example. First of all, is there any truth to that?
Mass surveillance (11:39)
And second of all, what do you feel are the pros and cons of mass surveillance? - There is no truth to that. And then my feelings on mass surveillance. - If there was, would you tell me? - Probably not. - I love this conversation so much. But what do you feel about the, given that you said child porn, what are the pros and cons of surveillance at a society level? - I mean, nobody wants to give up their privacy. I say that, I say no one wants to give up their privacy, but I mean, I used to have to get a search warrant to look inside your house. Or I can just log onto your Facebook and you've got pictures of all inside your house and what's going on. I mean, it's not, you know, so people like the idea of not giving up their privacy, but they do it anyways. They're giving away their freedoms all the time. They're carrying watches that gives out their heartbeat to a weight of companies that are storing that. I mean, what's more personal than your heartbeat? - So I think people on mass really want to protect their privacy. And I would say most people don't really need to protect their privacy. But the case against mass surveillance is that if you want to criticize the government in a very difficult time, you should be able to do it. So when you need the freedom, you should have it. So when you wake up one day and realize there's something going wrong with the country I love, I want to be able to help. And one of the great things about the United States of America is there's that individual revolutionary spirit. Like so that the government doesn't become too powerful. You can always protest. There's always the best of the ideal of freedom of speech. You can always say, fuck you to the man. And I think there's a concern of direct or indirect suppression of that through mass surveillance. You might not, is that little subtle fear that grows with time. That why bother criticizing the government? It's going to be a headache. I'm going to get a ticket every time I say something bad, that kind of thing. So it can get out of hand. The bureaucracy grows and the freedom slip away. So that's the criticism. I completely see your point and I agree with it. But on the other side, people criticize the government of these freedoms. But tech companies are talking about destroying your privacy and controlling what you can say. I realize they're private platforms and they can decide what's on their platform. But they're taking away your freedoms of what you can say. And we've heard some things where maybe government officials were in line with tech companies to take away some of that freedom. And I agree with it. That gets scary. Yeah, there's something about government that feels maybe because of the history of human civilization, maybe because tech companies are a new thing. But just knowing the history of abuses of government, there's something about government that enables the corrupting nature of power to take hold at scale more than tech companies, at least what we've seen so far. I agree, I agree. But we haven't had a voice like we've had until recently. I mean, anyone that has a Twitter account now can speak and become a news article. My parents didn't have that voice. If they wanted to speak out against the government or do something, they had to go to a protester, organize a protester, do something along those lines. So we have more of a place to put our voice out now. Yeah, it's incredible. But that's why it hurts. And that's why you notice it when certain voices get removed. The president of the United States of America was removed from one such or all such platforms. And that hurts. Yeah, that's crazy to me. That's insane. That's insane that we took that away. But let's return to still growth in our subject.
Operation Onion Peeler (15:50)
So how did your path with this very difficult, very fascinating case cross? We were looking to open a case against Tory because it was a problem. All the cases were closing because Tory. So we went on tour and we came up with 26 different onion, dog onions that we targeted. We were looking for next is to hacking 'cause I was on a squad called CY2. And we were like the premier squad in New York that was working criminal cyber intrusions. And so any website that was offered hackers for hire or hacking tools for free in our paid services, like now we're seeing ransomware for as a paid service and phishing as a paid service. Anything that offered that. So we opened this case on, I think we called it, we say you have to name cases. One of the fun thing in the FBI is when you start a case you get to name it. You would not believe how much time is spent in coming up with the name. You know, a case you go supply. I think we called this onion peeler because of the, yeah. So a little bit of humor, a little bit of wit and some profundity to language. Yeah, yeah. - Yeah, I'm gonna have to work with this one for quite a lot. So. - Yeah, this one had the potential of being a big one, you know, because I think, I think Silk Road was like the sixth on the list for that case, but we all knew that was sort of the golden ring. If you could make the splash that that onion site was going down, then it would probably get some publicity. And that's part of, you know, law enforcement is getting some publicity out of it that, you know, that makes others think not to do it. - I wish to say that Tor is the name of the project, the browser, what is the onion technology behind Tor? - Let's say you want to go to a dot onion site. You'll put in the dot onion you want to go to and your computer will build communications with a Tor relay, which are all publicly available out there. But you'll encrypt it. You'll put a package around your data. And so it's encrypted and so you can't read it. It goes to that first relay. That first relay knows about you and then knows about the next relay down the chain. And so it takes your data and then encrypts that on the outside and sends it to the relay number two. Now relay number two only knows about relay number one. It doesn't know who you are asking for this. And it goes through there adding those layers on top, a layers of encryption so it gets where it is. That, and then even the onion service doesn't know, except for the relay it came from, who it's talking to. And so it peels back that, gives the information, puts another layer back on. And so it's layers like you're peeling an onion back of the different relays and that encryption protects who the sender is and what information they're saying. - The more layers there are, the more exponentially difficult it is to decrypt it. - I mean, you get to a place where you don't have to have so many layers because it doesn't matter anymore. It's mathematically impossible to decrypt it. But the more relays you have, the slower it is. I mean, that's one of the big drawbacks on tour is how slow it operates. - So how do you peel the onion? So what are the different methodologies for trying to get some information from a cybersecurity perspective on these operations like the Silk Road? - It's very difficult. People have come up with different techniques. There's been techniques to put out in the news media about how they do it, running massive amounts of relays and you're controlling those relays. I think I've been trying that once. - So there's a technical solution and what about social engineering? What about trying to infiltrate the actual humans that are using the Silk Road and trying to get in that way? - Yeah, I mean, I definitely could see the way of doing that. And in this case, in our takedown, we use that. There was one of my partners, Jared Deregg and he was an HSI investigator and he had worked his way up to be a system admin on the site. So that did gleam quite a bit of information because he was inside and talking to, at that time, we only know it as DPR or Dreadfire Roberts. We didn't know who that was yet, but we had that open communication. And one of the things, the technical aspects on that is there was a Jabber server that's a type of communication server that was being used and we knew that Ross had his jabber set to a Pacific time. So we had a pretty good idea what part of the country was in. - I mean, isn't that from DPR's perspective, from Russ's perspective, isn't that clumsy? - He wasn't a big computer guy. - Do you notice that aspect of like the technical savvy of some of these guys doesn't seem to be quite, why weren't they good at this? - The real techie savvy ones, we don't get to them, we don't find them. - He gets them. - Shout out to the techie criminals. They're probably watching this.
Hacker Avunit (21:06)
- I mean, yeah, I mean, we're getting the low hanging fruit. I mean, we're getting the ones that can be caught. I mean, you know, I'm sure we'll talk about it, but the anonymous case, there was a guy named Avi Unit. He's still, I lose sleep over him 'cause we didn't catch him. We caught everybody else, we didn't catch him. He's good though. He pops up too once in a while on the internet and it pisses me off. - Yeah, what's his name again? - Avi Unit, that's all I know is his Avi Unit. - Avi Unit. - Yeah, I got a funny story about him and what people think he is. - Can I actually, can we go on that brief tangent? - Sure, I love tangents. - Well, let me ask you, since he's probably he or she, do we know it's a he? - We have no idea. - Okay. - Another funny story about hackers, the he/she issue. - What's the funny story there? - Well, one of the guys in Lolsec was a she, was a 17 year old girl. And my source in the case, the guy, Sabu, that I arrested and part of it, we sat side by side for nine months and then took down the case and all that. He was convinced she was a girl and he was in love with her almost at one point and turns out to be a 35 year old guy that lived in England. - Also, he was convinced it was a, - Yes, he was absolutely faced. - Based on what exactly, by a linguistic, like human based linguistic analysis or what? - She, he, whatever, you know, Kayla, is what ended up being like a modification of his sister's name, the real guy's sister's name, was so good at building the backstory. All these guys, and it's funny, like these guys are part of a hacking crew, they social engineer the shit out of each other. Just to build if one of them ever gets caught, they'll convince the everybody else that, you know, they're a Brazilian, you know, ISP owner or something like that, and that's how I'm so powerful. - Well, yeah, that social engineering aspect is part of living a life of cyber crime or cybersecurity and offensive or defensive. So AV unit, Casquet also just a tangent of a tangent first. - That's my favorite tangent. - Okay. Is it possible for me to have a podcast conversation with somebody who hasn't been caught yet, and because they have the conversation, they still won't be caught, and is that a good idea? Meaning, is there a safe way for criminal to talk to me at a podcast? - I would think so. I would think that someone could, I mean, someone who has been living a double life for long enough, where you think they're not a criminal? - No, no, no, no, no, they would have to admit that they would say I am AV unit. - Oh, you would want to have a conversation with AV unit? - Yes. Is there a way, I'm just speaking from an FBI perspective, technically speaking, because I, so let me explain my motivation. I think I would like to be able to talk to people from wall walks of life and understanding criminals, understanding their mind, I think is very important. And I think there's fundamentally something different between a criminal who's still active versus one that's been caught. The mind, just from observing it, changes completely once you're caught. You have a big shift in understanding of the world. I mean, I do have a question about the ethics of having such conversations, but first technically, is it possible? - If I was technically advising you, I would say, first off, don't advertise it. So fewer people that you're gonna tell that you're having this conversation with, the better. And yeah, you could, you're doing it in person? Are you doing it in person? - In person would be amazing, yeah. But their face would not be shown. - Face would not be shown? Yeah, I mean, you couldn't publish the show for a while. They'd have to put a lot of trust in you that you are not going to, you're gonna have to alter those tapes. I say tapes 'cause it's old school, the off to, you know? - It's a tape. - Exactly, I'm sure a lot of people just said that. Like, oh shit, this old guy just didn't tape. I heard of VHS, it was in 1800, I think. But yeah, yeah, you could do it. They'd have to have complete faith and trust in you that you destroy the originals after you've altered it. - What about if they don't have faith? Is there a way for them to attain security? So like, for me to go through some kind of process where I meet them somewhere where I'm. - I mean, you're not gonna do it without a bag over your head. I don't know if that's the life you wanna live. I'm fine with the bag over my head. That's gonna get taken out of context. But I just, I think it's a worthy effort. It's a worthy to go through the hardship of that to understand the mind of somebody. I think fundamentally conversations are a different thing than the operation of law enforcement. Understanding the mind of a criminal, I think is really important. - I don't know if you're gonna have the honest conversation that you're looking for. I mean, it may sound honest, but it may not be the truth. I found most times when I was talking to criminals that it's lies mixed with half-truths. And you kinda, if they're good, they can keep that story going for long enough. If they're not, you know, you kind of see the relief in them when you finally break that wall down. - That's the job of an interviewer. If the interviewer is good, then perhaps not directly, but through the gaps seeps out the truth of the human being. So not necessarily the details of how they do the operations and so on, but just who they are as a human being, what their motivations are, what their ethics are, how they see the world, what is good, what is evil, do they see themselves as good, what do they see their motivation as, do they have resentment, what do they think about, love for the people within their small community, do they have resentment for the government, or for other nations, or for other people, do they have childhood issues that led to a different view of the world than others perhaps have, do they have certain fetishes like sexual and otherwise that led to the construction of the world, they might be able to reveal some deep flaws to the cybersecurity infrastructure of our world, not in detail, but like philosophically speaking. They might have, I know you might say it's just a narrative, but they might have a kind of ethical concern for the wellbeing of the world. That they're essentially attacking the weakness of the cybersecurity infrastructure because they believe ultimately that would lead to a safer world. So the attacks will reveal the weaknesses. And if they're stealing a bunch of money, that's okay because that's gonna enforce you to invest a lot more money in defending, yeah, defending things that actually matter, you know, nuclear warheads and all those kinds of things. I mean, I could see, you know, it's fascinating to explore the mind of a human being like that because I think it will help people understand. Now, of course, it's still a person that's creating a lot of suffering in the world, which is a problem. So do you think ethically it's a good thing to do? - I don't, I mean, I feel like I have a fairly high ethical bar that I have to put myself on. And I don't think I have a problem with it. I would love to listen to it. - Okay, great. I mean, not that I'm your ethical coach here. - Yeah, well, that's interesting. I mean, so, 'cause I thought you would have become jaded and exhausted by the criminal mind. - It's funny. You know, I'm fast forward in our story. I'm very good friends with Hector Montserger, with the Sabu, the guy I arrested. And he tells stories of what he did in his past. And I'm like, "I'm that Hector." But then I listened to your episode with Brett Johnson. And I was like, "Ah, this guy stealing money from the US government and welfare fraud and all that sort of things, he just pissed me off. And I don't know why I have that differentiation in my head. I don't know why I think one's just, "Oh, Hector will be Hector." And then this guy just pissed me off. - Well, you didn't feel that way about Hector until you probably met him. - Well, I didn't know Hector, I knew Sabu. So I hunted down Sabu and I learned about Hector over those nine months. - We'll talk about this. Let's finish with-- - Yeah, sorry. - Let's return Tangent to back to Tangent. Oh, one Tangent up, who's AV unit? - I don't know. - Interesting. So he's at the core of Anonymous. He's one of the critical people in Anonymous. What is known about him? There's what's known in public and what was known because he was sat with Hector and he was sort of like the set things up guy. So if Losek had like their hackers, which was Sabu and Kayla, and they had their media guy, this guy Topiary, he lived up in Northern end of England. And they had a few other guys, but AV unit was the guy that set up infrastructure. So if you need a VPN in Brazil or something like that to pop through, one of the first things Hector told me after we arrested him is that AV unit was a secret service agent. And I was like, oh shit. Just because he kind of lived that lifestyle, he'd be around for a bunch of days and then all of a sudden gone for three weeks. And I tried to get more out of Hector and that early on in that relationship. I'm sure he was a little bit guarded. Maybe trying to social engineer me. Maybe he wanted that, oh shit, there's law enforcement involved in this. And not to say, I mean, I was, you know, over my head with that case, just the amount of work that was going on. So to track them all down, plus the 350 hacks that came in about just military institutions, you know, it was swimming in the deep end. So it was just at the end of the case, I looked back and I was like, oh fuck, AV unit, I could have had them all. You know, maybe that's the perfectionist in me. - Oh man, well, reach out somehow. I can't, I won't say how, right? We'll have to figure out. - Would you have him on? - Yeah. - Oh my God. - Just let me know. - Just talk shit about you the whole time. - That's perfect. He probably doesn't even care about me. - Well, now he will. Because there's a certain pleasure of a guy who's extremely good at his job, not catching another guy who's extremely good at his job. - Obviously better, he got away. - Better, there you go, he's still eating it. I love it. - Yeah, so I-- - You or she? - If I can meet that guy one day, or he or she, that'd be great. I mean, I have no power. - So yes, Silk Road, can you speak to the scale of this thing?
Ross Ulbricht and Silk Road (31:56)
Would it, just for people who are not familiar, how big was it? And any other interesting things you understand about its operation when it was active? - So it was, when we finally got looking through the books and the numbers came out as about $1.2 billion in sales, it's kind of hard with the fluctuation value of Bitcoin at the time to come up with a real number. So you kind of pick a daily average and go across. - So what's the operation was done in Bitcoin? - It's all done in Bitcoin. You had escrow accounts on, you know, you came in and you put money in an escrow account and the transaction wasn't done until the client got the drugs or whatever they had bought. And then the drug dealers had sent it in. There was some talk at the time that the cartel was starting to sell on there. So that started getting a little hairy there at the end. - What was the understanding of the relationship between organized crime like the cartels and this kind of more ad hoc new age market that is the Silk Road? - I mean, it was all just chatter. It was just, you know, 'cause like I said, Jared was on the inside. So we saw some of it from the admin sides. And Ross had a lot of private conversations with the different people that he advised him. But no one knew each other. I mean, the only thing that they knew with the admins had to send an ID to Ross. Had to send a picture of their driver's license or passport, which I always found very strange because if you are an admin on a site that sells fake IDs, why would you send your real ID? And then why would the guy running the site who profits from selling fake IDs, believe that it was. But fast forward, pay attention, they were all real IDs. All the IDs that we found on Ross's computer as the admins were the real people's IDs. - What do you make of that? Does he have other clumsiness? - Yeah, low hanging fruit, I guess. I guess that's what it is. I mean, I would have bought, I mean, even Ross bought fake IDs off the site. He had federal agents knock on his door. You know, and then he got a little cocky about it. - The landscape, the dynamics of trust is fascinating here. So you trust certain ideas are, like who do you trust in that kind of market? What was your understanding of the network of trust? - I don't think anyone trusts anybody. I mean, I think Ross had his advisors of trust, but outside of that, I mean, he required people to send their ID for their trust. He, you know, people stole from him. There's open cases of that. It's a criminal world. You can't trust anybody. - What was his life like, you think? - Lonely. Can you imagine me entrapped in something like that where you, the whole world focus on that? And you can't tell people what you do all day. - Could he have walked away? Like someone else take over the site, just shut down. - Either one. Just you putting yourself in his shoes, the loneliness, the anxiety, the, just the growing immensity of it. So walk away with some kind of financial stability. - I couldn't have made it past two days. I don't like loneliness. I mean, my wife's away. I probably call her 10, 12 times a day. We just talk about things. You know, I just, you know, something crossed my mind, I want to talk about it. And I'm sure she, - And you like to talk to her, like honestly about everything. So if you were running so crowded, you wouldn't be able to like, hopefully I have a little protection. I'd only mentioned to her when we were in bed to have that marital connection. But who knows? I mean, she's going to question why the Ferrari is outside and things like that. - Yeah. - I'm sure you can come up with something. Why didn't he walk away? It's another question of why don't criminals walk away in these situations? - Well, I mean, I don't know every criminal mind and some do, I mean, if you unit walked away, I mean, I'm not to go back to that son of a bitch, but there's a theme to this. - But, you know, Ross started counting his dollars. I mean, he really kept track of how much money he was making and it started, you know, getting exponentially growth. I mean, I mean, if he would have stayed at it, he would have probably been one of the richest people in the world. - And do you think he liked the actual money or the fact of the number growing? - I mean, have you ever held a Bitcoin? - Yeah. - Oh, you have? - Well, he never did. - He wouldn't even held a Bitcoin. - He can't hold it. It's not real. - Oh, oh. - It's not probably I can give you a brief case of Bitcoin, like, you know, or something like that. - He liked the idea of it growing. He liked the idea. I mean, I think it started off as sharing this idea, but then he really did turn to like, I am the captain of this ship and that's what goes. And he was making a lot of money. And again, my interactions with Ross was about maybe five or six hours over a two day period. I knew DPR 'cause I read his words and all that. I didn't really know Ross. There was a journal found on his computer and so it sort of kind of gave me a little insight. So I don't like to do a playbook for criminals, but I'll tell you right now, don't write things down. There was a big fad about people like, remember kids going around shooting people with paintballs and filming it? I don't know why you would do that. Why would you videotape yourself committing crime and then publish it? Like, if there's one thing I've taught my children, don't record yourself doing bad things. It never goes back to go as well. - And you actually give advice on the other end of logs being very useful for the defense perspective. You know, information is useful for being able to figure out what the attacks were all about. - Logs are the only reason I found Hector Montsegar. I mean, the one time his VPN dropped during a Fox hack and he says he didn't, he wasn't even hacking. He just was sent a link and he clicked on it. And in 10 million lines of logs, there was one IP address that stuck out. - This is fascinating. We'll explore several angles of that. So what was the process of bringing down Ross and the Silk Road? - All right, so that's a long story. You want the whole thing and you want to break it up? - Let's start at the beginning. - Once we had the information of the chat logs and all that from the server, we fast the server with the chat log. So the dot onion was running the website, the Silk Road, was running on a server in Iceland. - How did you figure that out? - That was one of the claims that the NSA. - Yeah, that's the one that we said that, yeah, I wouldn't tell you if it was. It's on the internet. I mean, the internet has their conspiracy theories and all that, so. - But you figure out, that's the part of the thing you do. It's puzzle pieces and you have to put them together and look for different pieces of information and figure out, okay, so you figure out the servers in Iceland. - We get a copy of it and so we start getting clues off of that. - Wait, the physical copy of the server? - Yeah, you fly over there. So you go, if you've been Iceland, if you've never been, you should definitely go to Iceland. - Is it beautiful? - I love it. I love it. So I'll tell you this. So, it's not tangents. - Yeah, I love this. - So I went to Iceland for the anonymous case, then I went to Iceland for the Silk Road case and I was like, oh shit, all cyber crime goes to Iceland. It was just my sort of thing. And I was over there for like the third time and I said, if I ever can bring my family here. Like, so there's a place called Thing of R and I'm sure I'm fucking up the name that Icelandics are pissed right now. But it's where the North American content will play and the European content will play and are pulling apart and it's being filled in with volcanic material in the middle. And it's so cool. Like, I was like, one day I'll be able to afford to bring my family here. And once I left, it's like the humbling and the beauty of nature. Just everything, man, it was a different world. It was insane how great Iceland is. And so we went back and we rented a van and we took friends and we drove around the entire country. Absolutely, like a beautiful place. Like Reykjavik's nice, but get out of Reykjavik as quick as you can and see the countryside. - How was this place even real? - Well, it's so new. I mean, that's, so you know, our rivers have been going through here for millions of years and flattened everything out and all that. These are new, this is new land being carved by these rivers. You can walk behind a waterfall in one place. It's the most brutal place I've ever been. - You understand why this is a place where a lot of hacking is being done? - Because the energy is free and it's cool. So you have a lot of servers going on there. Server farms, you know, the energy has come up out of the ground, geothermal. And so, and then it keeps all the servers nice and cool. So why not keep your computers there at a cheap rate? - I'll definitely visit for several reasons, including to talk to AV unit. - Yeah, who are there? - Well, the servers are there, but they don't probably live there. I mean, that's the interesting, I mean, the Pacific, the PSC of the time zones. There's so many fascinating things to explore here. - Well, but so you got-- - Sorry, to add to that, the European internet cable goes through there. So, you know, across to Greenland and down through Canada and all that. So they have backbone access with cheap energy and free cold weather, you know. - And beautiful. - Oh, and beautiful, yes. So, chat logs on that server. What was in the chat logs? - Everything, he kept them all. That's another issue if you're writing a criminal enterprise. Please don't keep out. Again, I'm not making a guidebook of how to commit your perfect crime. But, you know, every chat that you ever had, and everyone's chat, it was like going into Facebook of criminal activity. - Yeah, I'm just looking at texts with Elon Musk being part of the conversations. I don't know if you're familiar, but they've been made public for the court cases going through, was going through, is going through, was going through with Twitter. - I don't know where it is. - But it made me realize that, oh, okay. I'm generally, that's my philosophy on life, is like anything I text or email or say publicly or privately, I should be proud of. So I try to kind of do that because you basically, you say don't keep chat logs, but it's very difficult to erase chat logs from this world. I guess if you're a criminal, that should be like, you have to be exceptionally competent at that kind of thing, to erase your footprints. It's very, very difficult. - Can't make one mistake. All it takes is one mistake of keeping it. But yeah, I mean, not only do you have to be, whatever you put in a chat log or whatever you put in an email, it has to hold up and you have to be, stand behind it publicly when it comes out, but if it comes out 10 years from now, you have to stand behind it. I mean, we're seeing that now in today's society. - Yeah, but that's a responsibility. You have to take really, really seriously. If I was a parent and advising teens, like you kind of have to teach them that. I know there's a sense like, no, we'll become more accustomed to that kind of thing, but in reality, no, I think in the future we'll still be held responsible for the weird shit we do. - Yeah, a friend of mine, his daughter got kicked out of college because of something she posted in high school. And the shittiest thing for him, but great for my kids, great lesson. Look over there and you don't want that to happen to you. - Yeah, okay, so in the chat logs was useful information, like breadcrumbs of information that you can then pull at. - Yeah, great evidence and stuff, you know, I mean, obviously-- - Well, evidence too. - Yeah, a lot of evidence. I mean, here's a sale of this much heroin because Ross ended up getting charged with czar status on certain things. And that's a certain weight in each type of drug that you had, like, I think it's four or five employees of your empire and that you made more than $10 million. And so it's just like the Narco track feeders get charged with, you know, anybody out of Columbia, you know, and so. - And that was primarily what he was charged with doing when he was arrested, is the drug. - Yeah, and he got charged with some of the hacking tools too. - Okay, because he's in prison, what, for life-- - Two life sentences plus 40 years. - And no possibility of parole? - In the federal system, there's no possibility of parole when you have life. The only way you get out is if the president pardons you. - There's always a chance. - There is, I think it was close. I heard rumors that it was close. - Well, right, so it depends, given it's fascinating, but given the political, the ideological, ideas that he represented and espoused, it's not out of the realm of possibility. - Yeah, I mean, I've been asked before, who, you know, does he get out of prison first, or does Snowden come back in America, and I don't know?
Edward Snowden (44:39)
I have no idea. - So he just became a Russian citizen. - I saw that, and I just, yeah, I've heard a lot of good, weird theories about that one. - Well, actually, on another tangent, let me ask you, do you think Snowden is a good or a bad person? - A bad person. - Can you make the case that he's a bad person? - There's ways of being a whistleblower, and there's rules set up on how to do that. He didn't follow those rules. I mean, they, you know, I'm red, white, and blue, so I'm pretty, you know, I've-- - So you think his actions were anti-American? - I think the results of his actions were anti-American. I don't know if his actions were anti-American. - Do you think he could have anticipated the negative consequences of his action? - Should we judge him by the consequences or the ideals of the intent of his actions? - I think we all get to judge him by best our own beliefs, but I believe what he did was wrong. - Can you steal man the case that he's actually a good person and good for this country, for the United States of America, as a flag bearer for the whistleblowers, the check on the power of government? - Yeah, I mean, I'm not a big government type guy, you know, so, you know, even that sounds weird coming from a government guy for so many years, but there's rules in place for a reason. I mean, he put, you know, some of our best capabilities, he made them publicly available. They really kind of set us back in the, and this isn't my world at all, but the offensive side of cyber security. - Right, so he revealed stuff that he didn't need to reveal in order to make the point. - Correct. - So, so you, if you can imagine a world where he leaked stuff that revealed the mass surveillance efforts and not reveal other stuff. Like the surveillance, I mean, that's the thing that, of course, there's in the interpretation of that, there's fear mongering, but at the core, that was a real shock to people that it's possible for a government to collect data at scale.
NSA surveillance (46:44)
- It's surprising to me that people are that shocked by it. - Well, there's conspiracies, and then there's like actual evidence that that is happening. I mean, it's a, it's a reality. There's a lot of reality that people ignore, but when it hits you in the face, you realize, holy shit, we're living in a new world. This is, this is the new reality, and we have to deal with that reality. Just like you were in cyber security, I think it really hasn't hit most people. How fucked we all are in terms of cyber security. Okay, let me rephrase that. How many dangers there are in a digital world? How much under attack we all are, and how more intense the attacks are getting, and how difficult the defense is, and how important it is, and how much we should value it, and all the different things we should do at the small and large scale to defend. Like most people really haven't woken up. They think about privacy from tech companies. They don't think about attacks, cyber attacks. - People don't think they're a target, and that message definitely has to get out there. I mean, if you have a voice, you're a target. If the place you work, you might be a target. So your husband might work at some place, because now people are working from home. So they're gonna target you to get access to his network in order to get in. - In that same way, the idea that the US government or any government could be doing mass surveillance on its citizens is one that was a wake-up call, because you could imagine the ways in which that could like you could abuse the power of that to control the citizenry for political reasons and purposes. - Absolutely, you could abuse it. I think during the part of the Snowden league saw that two NSA guys were monitoring their girlfriends, and there's rules in place for that. Those people should be punished for abusing that. But how else are we going to hear about terrorists that are in the country talking about birthday cakes? And that was the case where that was the trip word that we're gonna go bomb New York City's subway. - Yeah, it's complicated, but it just feels like there should be some balance of transparency. There should be a check in that power. Because in the name of the war on terror, you can sort of sacrifice, there is a trade opportunity security and freedom, but it just feels like there's a giant slippery slope on the sacrificing of freedom in the name of security. - I hear you, and we live in a world where, well, I live in a world where I had to tell you exactly when I arrested someone, I had to write a 50 page document of how I arrested you, and all the probable cause I have against you and all that. Well, bad guys are reading that. They're reading how I caught you, and they're changing their way they're doing things. They're changing their ammo. They're doing it to be more secure. If we tell people how we're monitoring, what we're surveilling, we're gonna lose that. I mean, the terrorists are just gonna go a different way. And I'm not trying to, again, I'm not a big government. I'm not trying to say that it's cool that we're monitoring the US government's monitoring and everything, big tech's monitoring everything. They're just monetizing it versus possible using it against you. There is a balance, and those 50 pages, they have a lot of value. If they make your job harder, but they prevent you from abusing the power of the job, there's a balance. That's a tricky balance. So the chat logs in Iceland give you evidence of the heroin and all the large scale, the ZAR level drug trading, what else did it give you in terms of the how to catch? - I gave this infrastructure. So the onion name was actually running on a server in France. So if you like, and it only communicated through a back channel of VPN to connect to the Iceland server, there was a Bitcoin, like kind of vault server that was also in Iceland. And I think that was so that the admins couldn't get into the Bitcoins. The other admins that were hired to work on the site, so you could get into the site, but you couldn't touch the money. Only Ross had access to that. And then another big mistake on Ross's part is he had the backups for everything at a data center in Philadelphia. Don't put your infrastructure in the United States. I mean, again, let's not make a playbook, but you know. - Well, I think these are low hanging food that people of confidence would know already. - I agree. - But it's interesting that he wasn't competent enough to make. So he was incompetent in certain ways. - Yeah, I don't think he was a mastermind of setting up an infrastructure that would protect his online business because, you know, keeping chat logs, keeping a diary, putting infrastructure where it shouldn't be. Bad decisions. - How did you figure out that he's in San Francisco? - So we had that part with Jared that he was on the West Coast. And then-- - We're getting his Jared. - Jared Deyegen was a partner in, he was a DHS agent, worked for HSI Homeland Security Investigations in Chicago. He started his Silk Road investigation because he was working at O'Hare, and a weird package came in, couldn't have found out. He traced it back to Silk Road. So he started working at Silk Road investigation long before I started my case. And he made his way up undercover all the way to being an admin on Silk Road. So he was talking to Ross on a Jabra server, the private Jabra server, private chat communication server. And we noticed that Ross's time zone on that Jabra server was set to the West Coast. So we had Pacific time on there. So we had a region, 1/24 of the world was covered of where we thought it might be. And from there, how do you get this out of Cisco? - There was another guy, an IRS agent, that was part of the team. And he used a powerful tool to find his clue. He used the world of Google. He simply just went back and googled around for Silk Road at the time it was coming up and found some posts on some help forums that this guy was starting an onion website and wanted some cryptocurrency help. And if you could help him, please reach out to Ross.email@example.com in my world, that's a clue. So. - Okay, so that's as simple as that. - Yeah. And the name he used on that post was Frosty. - Yeah. So you have to connect Frosty and other uses in Frosty and here's a Gmail and the Gmail has the name. - The Gmail posted that I need help under the name Frosty on this forum. So what's the connection of Frosty elsewhere? - The person logging into the Philadelphia backup server, the name of the computer was Frosty. Another clue in my world. - And that's it. The name is there, the connection to the Philadelphia server and then to Iceland is there. And so the rest is small details in terms of, or is there interesting details? - No, I mean, there's some electronic surveillance that find Ross Albrick living in a house and is there, is a computer at his house attaching to, you know, does it have Tor traffic at the same time that DPR is on? Another big clue. Matching up timeframes. - Again, just putting your email out there, putting your name out there like that. Like what I see from that, just at the scale of that market, what just makes me wonder how many criminals are out there and not making these law-hanging food mistakes and are still successfully operating. To me, it seems like you could be a criminal, much easier to be a criminal on the internet. What else do you, as interesting to understand about that case of Ross and Silk Road and just the history of it from your own relationship with it, from a cybersecurity perspective, from an ethical perspective, all that kind of stuff? Like when you look back, what's interesting to you about that case? - I think my views on the case have changed over time. I mean, it was my job back then. So I just looked at it as of, you know, I'm going after this. I sort of made a name for myself in the Bureau for the anonymous case. And then this one was just, I mean, this was a bigger deal. I mean, they flew me down to DC to meet with the director about this case. The president of the United States was gonna announce this case, the arrest, unfortunately, the government shut down two days before. So it was just us. And that's really the only reason I had any publicity out of it is because the government shut down. And the only thing that went public was that affidavit with my signature at the end. Otherwise it would have just been the attorney general and the president announcing the arrest of this big thing. And you wouldn't have seen me. - Did you understand that this was a big case? - Yeah, I knew it the most. Yeah, the new design. - Was it because of the scale of it or what it stood for? - I just knew that the public was gonna react in a big way. Like the media was not, did I think that it was gonna be on the front page of every newspaper than the day after the arrest? No, but I could sense it. Like I went like three or four days without sleep. When I was out in San Francisco to arrest Ross, I had sent three guys to Iceland to, so it was a three-prong approach for the takedown. It was get Ross, get the Bitcoins and seize the site. Like we didn't want someone else taking control of the site and we wanted that big splash of that banner. Like look, the government found this site. Like you might not wanna think about doing this again. So. - And you were able to pull off all three? - Maybe that's my superpower. I'm really good about putting smarter people than I am together and on the right things. - The only way to do it. - In the business I formed, that's what I did. I hired only smarter people than me. And I'm not that smart, but smart enough to know who the smart people are. - The team was able to do all three. - Yeah, we were able to get all three done. Yeah, and the one guy, one of the guys, the main guys I sent to Iceland, man, he was so smart. Like I sent another guy from the FBI to France to get that part. And he couldn't do it. So the guy in Iceland did it from Iceland. They had to pull some stuff out of memory on a computer. You know, it's live process stuff. I'm sure you've done that before, but. I'm sure you did. Look at what you're doing. - Yeah, this is like a multi-layer interrogation going on. Was there a concern that somebody else would step in and control the site? - Absolutely. We didn't have insight on who exactly I control. - So it turns out that Ross had like dictatorial control. So it wasn't easy to delegate to somebody else. - He hadn't. I think he had some sort of ideas. I mean, his diary talked about walking away and giving it to somebody else, but he didn't, he couldn't give up that control to anybody apparently. - Which makes you think that power corrupts and his ideals were not as strong as he espoused about. Because if it was about the freedom of being able to buy drugs, if you want to, then he surely should have found ways to delegate that power. - Well, he changed over time. You could see it in his writings that he changed. Like, so people argue back and forth that there was never murders on Silk Road.
Silk Road murders (58:51)
When we were doing the investigation, to us there were six murders. So there was the way we see him, saw him at the time, was Ross ordered people to be murdered. Somebody, people stole from him and all that. It was sort of an evolution from, oh man, I can't deal with this, I can't do it. It's too much. To the last one was like, the guy said, well, he's got three roommates. And it's like, oh, we'll kill them too. Was that ever proven in court? - No, it needs to, the murders never went forward because there was some stuff problems in that case. So there was a separate case in Baltimore that they had been working on for a lot longer. And so during the investigation, that caused a bunch of problems because now we have multiple federal agencies, a case against the same thing. - How do you decide not to push forward the murder investigations? - So there was a deconfliction meeting that happened in DC. I didn't happen to go to that meeting, but Jared went, this is before I ever knew Jared, and we have like televisions where we can just sit in a room and sit in on the meeting, but it's all secured networking, all that. So we can talk openly about secure things. And we sat in on the meeting and people just kept saying the term sweat equity, I've got sweat equity, meaning that they had worked on the case for so long that they deserve to take them down. And by this time, no one knew about us, but we told them at the meeting that, well, we had found the server and we have a copy of it and we have the infrastructure. And these guys had just had communications under covers. They didn't really know what was going on. And this wasn't my first deconfliction meeting. We had a huge deconfliction meeting during the anonymous case. - What's the deconfliction meeting? - Agents within your agency or other federal agencies have an investigation that if you expose your case or took down your case, would hurt their case or the other case. - Oh, so you kind of have, it's like the rival gangs meet at the table in a smoke filled room and-- - Less bullets at the end, but yes. - Yes. - Boy, with the sweat equity. - Yeah. - I mean, there's careers at stake, right? Yeah. You hate that idea. - Yeah, I mean, why is that a stake? Just because you've worked on it long enough, longer than I have, that means you did better? - Yeah. - That's insane to me. That's rewarding bad behavior. - And so that one of the part of the sweat equity discussion was about murder. And this was, here's a chance to actually bust them and be given the date he had from Iceland and all that kind of stuff. So why, they wanted us just to turn the data over to them. - To them. - Yeah, thanks for getting this far. Here it is. I mean, it came to the point where they sent us, like they had a picture of what they thought Ross was, and it was an internet meme. It really was a meme. It was a photo that we could look up. Like, it was insane. - All right, so there's different degrees of competence all across the world between different people. Yes. Okay. Just part of you regret because you pushed forward the heroin and the drug trade. We never got to the murder discussion. - I mean, the only regret in the internet doesn't seem to understand. They just kind of blow that part off, that he literally paid people to have people murdered. It didn't result in the murder, and I think God, no one resulted in a murder. - But that's where his mind was. - His mind and where he wrote in his diary was that I had people killed and here's the money. He paid it. He paid a large amount of bitcoins for that murder. So he didn't just even think about it. He actually took action, but the murders never happened. He took action by paying the money. - Correct, and the people came back with results. He thought they were murdered. - That said, can you understand the steel man the case for the drug trade on Silk Road? Like can you make the case that it's a net positive for society? - So there was a time period of when we found out the infrastructure and when we built the case against Ross. I don't remember, he's at six weeks, a month, two months, I don't know, somewhere in there. But then at Ross's sentencing, there was a father that stood up and talked about his son dying. And I went back and kind of did the math and it was between those time periods of when we knew we could shut it down, we could have pulled the plug on the server and gone. And when Ross was arrested, his son died from buying drugs on Silk Road. And I still think about that father a lot. - But if we look at scale at the war on drugs, let's just even outside of Silk Road, do you think the war on drugs by the United States has alleviated more suffering or caused more suffering in the world? - That might be above my pay scale. I mean, I understand the other side of the argument. I mean, people said that I don't have to go down to the corner to buy drugs. I'm not gonna get shot on the corner buying drugs or something, I can just have them sent to my house. People are gonna do drugs anyways. I understand that argument. From my personal standpoint, if I made it more difficult for my children to get drugs, then I'm satisfied. - So your personal philosophy is that if we legalize all drugs, including heroin and cocaine, that would not make for a better world. - I don't, and now personally, I don't believe legalizing all drugs would make for a better world. - Can you imagine that it would? Do you understand that argument? - Sure, I mean, as I've gotten older, I like to see both sides of an argument, and when I can't see the other side, I literally like to dive into it. And I can see the other side. I can see why people would say that. But I don't wanna be my great children in a world where drugs are just free for use. - Well, and then the other side of it was Silk Road. Did, you know, taking down Silk Road, did that increase or decrease the number of drug trading criminals in the world? Sound clear. - Online, I think it increased. I think, you know, that's one of the things I think about a lot with Silk Road, was that no one really knew. I mean, there was thousands of users, but then after that, it was on the front page of the paper, and there was millions of people that knew about Tor and onion sites. It was an advertisement. You know, I would have thought, I thought crypto was gonna crash right after that. Like, I don't know, like, what people now see that bad people are doing bad things with crypto. That'll crash, well, I'm obviously wrong on that one. And I thought, you know, Ross was sentenced to two life sentences plus 40 years. No one's gonna start up these dark markets exploded after that. - Yeah. - You know, some of them started as opportunistic. I'm gonna, you know, take those escrow accounts and I'm gonna steal all the money that came in. You know, they were with that. But, you know, but there were a lot of dark markets that popped up after that. Now we put the playbook out there. - Yeah. Yeah. But, and also there's a case for, do you ever think about not taking down, if you have not taken down a silk road, you could use it because it's a market. It itself is not necessarily the primary criminal organization. It's a market for criminals. So it could be used to track down criminals in the physical world. So if you don't take it down, given that it was, you know, the central, how centralized it was, it could be used as a place to find criminals, right? - So the dealers, the drug dealers. - They take down the dealers. - Yeah. So if you have the card get, the cartels start get to involve, you go after the dealers. - It would have been very difficult. - Because of tour and all that. - Because all the productions anonymity, declocking all that would have been drastically more difficult. And a lot of people in upper management, the FBI didn't have the appetite of running something like that. That would have been the FBI running a drug market. How many kids, how many fathers would have to come in and said, my kid bought while the FBI was running a site, a drug site, my kid died. So I didn't know anybody in the FBI in management, they would have the appetite to let us run what was happening on silk road. You know, 'cause remember that time we still believe in six people are dead. We're still investigating, you know, where are all these bodies? You know, that's pretty much why we took down Ross when we did. I mean, we had to jump on it fast. - What else can you say about this complicated world that has grown in the dark web?
Dark web (01:07:37)
- I don't understand it. Like it would have been something for me. I thought I was gonna collapse, but I mean, it's just gotten bigger in what's going out there. Now, I'm really surprised that it hasn't grown into other networks or people haven't developed other networks, but more. - You mean, instead of Tor? - Yeah, Tor's still the main one out there. I mean, there's a few others and I'm not gonna put an advertisement out for them, but, you know, I thought that market would have grown. - Yeah, my sense was when I interacted with Tor, it was that there's huge usability issues, but that's for like legal activity. 'Cause like if you care about privacy, it's just not as good of a browser. Like it's too too, too, too, too, look at stuff. - No, it's way too slow. It's way too slow, but I mean, you can't even, like, I know some people would use it to like view movies, like Netflix, so you can only view certain movies in certain countries, you can use it for that, but it's too slow even for that, so. - Were you ever able to hold in your mind the landscape of the dark web? Like what's going on out there? It's to me as a human being, it's just difficult to understand the digital world. Like these anonymous usernames, like doing anonymous activity, it's hard to, what am I trying to say? It's hard to visualize it in the way I can visualize it, I've been reading a lot about Hitler. I can visualize meetings between people, military strategy, deciding on certain evil atrocities, all that kind of stuff. I can visualize the people, there's agreements, hands, the handshakes, stuff signed, groups built, like in the digital space, like with bots, with anonymity, anyone human can be multiple people. It's just. - Yeah, it's all lies, it's all lies. - Like, yeah, it feels like I can't trust anything. - No, you can't, you honestly can't. And like you can talk to two different people and it's the same person. Like there's so many different, Hector had so many different identities online, the, you know, of things that, you know, the lies to each other. I mean, he lied to people inside his group, just to use another name to spy on, make sure what they, you know, we're talking shit behind his back or we're not doing anything. It's all lies and people that can keep all those lies straight. It's unbelievable to me. - Ross Albrecht represents the very early days of that. That's why the, the competence wasn't there. Just imagine how good the people are now. The kids that grow up. - Oh, they've learned from his, his mistakes. - Just the extreme competence. You just see how good people are in video games, like the level of play in terms of video games. Like I used to think I sucked. Now I'm not even like, I'm not even in the like, consideration of calling myself shitty at video games. I'm not even, I'm like, nonexistent. I'm like the mold. - Yeah, I stopped playing this is so embarrassing. - It's embarrassing. - It's like wrestling with your kid and you finally beat you. He's like, well fuck that. I'm not wrestling with my kid any or whatever again. - And in some sense, hacking at its best and its worst is a kind of game. And you can get exceptionally good at that kind of game. - And you get the accolations of it. I mean, there's, you know, there's power that comes along. If you have success, look at the kid that was hacking into Uber and Rockstar games. He put it out there that he was doing it. I mean, he used the name, whatever hacked into Uber was his screen name. He was very proud of it. I mean, one building evidence against himself. But, you know, like he wanted that slap on the back. Like, look at what a great hacker you are. - Yeah. - What do you think is in the mind of that guy? What do you think is in the mind of Ross? Do you think they see themselves as good people? Do they, do you think they acknowledge the bad they're doing to the world? - So that Uber hacker, I think that's just you thing. Not realizing what consequences are. I mean, based on his actions.
Ross Ulbricht's arrest (01:11:39)
Ross was a little bit older. I think Ross truly is a libertarian. He was truly had his beliefs that he could provide the gateway for other people to live that libertarian lifestyle and put in their body what they want. I don't think that was a front or a lie. - What's the difference between DPR and Ross? He said, like, I have never met Ross until I have only had those two days of worth of interaction. It's just interesting, given how long you've chased him and then having met him, what was the difference to you as a human being? - He was a human being. He was, you know, he was an actual person. He was nervous when we arrested him. So one of the things that I learned through my law enforcement career is if I'm going to be the case agent, I'm going to be the one in charge of, you know, dealing with this person, I'm not putting handcuffs on him. Something else is going to do that. Like, I'm going to be there to help him. You know, you can't do it to help. And so, you know, right after someone's arrested, you obviously have had him down for weapons to make sure for every safety. But then I just put my hand on their chest. Just feel their heart, feel their breathing. You're going to, I'm sure it's the scariest day. But then to have that human contact kind of settles people down. And you can kind of, let's start thinking about this. I'm going to tell you, you know, I'm going to be opening honest with you. You know, there's a lot of cops out there and federal agents cops that just go to the hard-ass tactic. You don't get very far from that. You don't get very far being a mean asshole to somebody, you know, be compassionate, be human. And it's going to go a lot further. So given everything he's done, you were still able to have a compassion for him. Yeah. We took him to the jail and we, so he was after hours, so he didn't get to see a judge that day. So he stuck him in the San Francisco jail. I hadn't slept for about four days because I was dealing with people in Iceland, bosses in DC, bosses in New York. So, and I was in San Francisco, so timeframe. Like the Iceland people were calling me when I was supposed to be sleeping. It was insane. But I still went out that night, well, Ross sat in jail and bought him breakfast. I said, "What do you want for breakfast? "I'll have a nice breakfast for you." 'Cause we picked him up in the morning and took him over to the FBI to do the FBI booking, the fingerprints and all that. And I got him breakfast. I mean, and you don't get paid back for that sort of thing. I'm not looking, but out of my own-- Did he make special requests for breakfast? Yeah, he asked for certain things. Well, can you mention his top secret FBI? That was not top secret. I think he wanted some granola bars. Like, and you know, but he'd already had lawyer'd up. So, you know, which is his right, he can do that. So, I knew we were gonna work together, you know, like I did with Hector. But, I mean, this is-- It's the most of the conversation. That's the last day. Most of the conversations have to be them with lawyers. From that point on, I can't question him when he asks for a lawyer, or if I did, it couldn't be used against him. So, we just had a conversation where I talked to him. You know, he could, you know, could say things to me, but then I have to remind him that he asked for a lawyer and he'd have to wave that and all that. But, we didn't talk about his case so much. We just talked about human beings. Did he, with his eyes, with his words, reveal any kind of regret, or did you see a human being changing, understanding something about themselves and the process of being caught? No, I don't think that. I mean, he did offer me $20 million to let him go. When we were driving to the jail. Oh, no. And I asked him when I was gonna, we were gonna do with the agent that sat in the front seat. The money really broke him, huh? I think so. I think he kind of got caught up in how much money it was. And how, you know, when crypto started, it was pennies. And by the time he got arrested, it was $120 bucks. And the other, you know, $177,000 bitcoins. Even today, you know, that's a lot of bitcoins. So, you really could have been, if you continued, to be one of the richest people in the world. I possibly could have been, if I took that 20 million then, I could have been a living, we could have this conversation in Venezuela. In a castle in a palace. Yeah, until it runs out. And then the government storms the castle. Yeah. Have you talked to Russ since? No. No. I'd be open to it. I don't think he probably wants to hear from me. And do you know where in which prison he is? I think he's somewhere out in Arizona. I know he was in the one next to Supermax for a little while. Like the high security one that's like, shares the fence with Supermax, but I don't think he's there anymore. I think he's out in Arizona. I haven't seen it in a while. I wonder if you can do interviews in prison. That'd be nice. Some people are allowed to. So, I've not seen an interview with him. I know people have wanted to interview him about books and that sort of thing. Right, because the story really blew up. Did it surprise to you how much the story, and many elements of it blew up movies? It did surprise me. Like my wife's uncle, who I didn't, I've been married to my wife for 22 years now. I don't think he knew my name. And he was excited about that. He reached out when Silk Road came out. So, that was surprising to say. Did you think the movie was on the topic was good? I didn't have anything to do with that movie. I've watched it once. It was kind of cool that Jimmy Simpson, was my name in the movie. But outside of that, I thought it sort of missed the mark on some things. When Hollywood, I don't think they understand what's interesting about these kinds of stories. And there's a lot of things that are interesting and they missed all of them. So for example, I recently talked to John Carmack, who's a world class developer and so on. So Hollywood would think that the interesting thing about John Carmack is some kind of like, shitty like a parody of a hacker or something like that. They would show like really crappy like, emulation of some kind of Linux terminal thing. The reality is like the technical details for five hours with him, for 10 hours with him, is what people actually want to see. Even people that don't program. They want to see a brilliant mind. The details that they're not, even if they don't understand all the details, they want to have an inkling of the genius there. That's just one way I'm saying like, that you want to reveal the genius, the complexity of that world in interesting ways. And to make a Hollywood almost parody caricature of it, it just destroys the spirit of the thing. So one, the operation of BI is fascinating. Just tracking down these people, the on the side of security front is fascinating. The other is just how you run the tour, how you run this kind of organization, the trust issues of the different criminal entities involved, the anonymity, the low hanging food, the being shitty at certain parts on the technical front. All of those are fascinating things. That's what a movie should reveal. It should probably be a series, honestly, in that flick series in the movie. - Yeah, one of the FX show or something like that. It was kind of gritty, you know? - Yeah, yeah, gritty. Exactly, gritty. I mean, shows like Chernobyl from HBO made me realize, okay, you can do a good job of a difficult story and reveal the human side, but also reveal the technical side and have some deep profound understanding on that case on the bureaucracy of a Soviet regime. In this case, you could reveal the bureaucracy, the chaos of a criminal organization, of law enforcement organization. I mean, there's so much to like explore, it's fascinating. - Yeah, I like Chernobyl. When I re-watch it, I can't watch episode three though. The animals in the episode, they go around shooting all the dogs and all that. I gotta skip that point. - You're a big soft guy, aren't you? - I really am. I'm sure I'll probably cry at some point. - I love it. - I love it, listen. - Don't get me talking about that episode you made about your grandmother, oh my God, that was rough. - Just the lingon, this ethical versus legal question, what do you think about people like Aaron Schwartz?
Aaron Swartz (01:19:37)
I don't know if you're familiar with him, but he was somebody who broke the law in the name of an ethical ideal. He downloaded and released academic publications that were behind a paywall. And he was arrested for that and then committed suicide. And a lot of people see him, certainly in the MIT community, but throughout the world as a hero, because you look at the way knowledge, scientific knowledge is being put behind paywalls. It does seem somehow unethical. And he basically broke the law to do the ethical thing. Now you could challenge it, maybe it is unethical, but there's a gray area and to me at least, it is ethical, to me at least, he is a hero. Because I'm familiar with the paywall created by the institutions that hold these publications, they're adding very little value. So it is basically holding hostage the work of millions of brilliant scientists for some kind of, honestly, a crappy capitalist institution. Like they're not actually making that much money. It doesn't make any sense to me. It should, to me, it should all be open public access. There's no reason it shouldn't be all publications. So he stood for that ideal and it was punished harshly for it. That's the other criticism, it's too harshly. And of course, deeply unfortunately, that also led to a suicide because he was also tormented at many levels. I mean, are you familiar with him? What do you think about that line between what is legal and what is ethical? - So it's a tough case. I mean, the outcome was tragic, obviously. Unfortunately, when you're in law enforcement, your job is to enforce the laws. I mean, it's not if you're told that you have to do a certain case, and there is a violation of at the time, 18 USC 1030 computer hacking. You have to press forward with that. I mean, you have to charge, you bring the case to the Unist Adrian's office and whether they're gonna press charges or not. You can't really pick and choose what you press and don't press forward. I never felt that at least at flexibility not in the FBI. I mean, maybe when you're a street cop and you pull somebody over, you can let them go with a warning. - So in the FBI, you're standing in a room, but you're also human being. You have to have passion, you have arrested Ross and they hand on the chest. I mean, that's a human thing. - Sure. - So there's a... - But I can't be the jury for whether it was a good hack or a bad hack. It's all someone, a victim has come forward and said, "We're the victim of this." And I agree with you, 'cause again, the basis of the internet was to share academic thought. I mean, that's where the internet was born.
Donald Trump and the Mar-a-Lago raid (01:22:55)
- But it's not up to you. So the role of the FBI is to enforce the law. - Correct. And there's a limited number of tools on our Batman belt that we can use. Not to get into all the aspects of the Trump case and in Mar-a-Lago and the documents there. I mean, the FBI has so many tools they can use and a search warrant is the only way they could get in there. I mean, that's it. There's no other legal document or legal way to enter and get those documents. - What do you think about the FBI and Mar-a-Lago and the FBI taking the documents for Donald Trump? - It's a tough spot. It's a really tough spot. The FBI's gotten a lot of black eyes recently and I don't know if it's the same FBI that I remember when I was there. - Do you think they deserve it in part? Was it done clumsily? The rating of the former president's residence? - Yeah. It's tough. It's tough, you know, because again, they're only limited to what they're legally allowed to do and a search warrant is the only legal way of doing it. I have my personal and political views on certain things. And I think it might be surprising to some where those political points stand. But you told me offline that you're a hardcore communist. That was very surprising to me. - Well, that's only you try to bring me to the communist party. - Exactly. I was trying to recruit you. Giving you all kinds of flyers. Okay, but you said like, you know, people in the FBI just following the law, but there's a chain of command and so on. What do you think about the conspiracy theories that people, some small number of people inside the FBI conspired to undermine the presidency of Donald Trump? - If you would ask me when I was inside and before all this happened, I would say it could never happen. I don't believe in conspiracies. You know, there's too many people involved. Some of these are gonna come out with some sort of information. But I mean, from the more the stuff that comes out, it's surprising that, you know, agents are being fired because of certain actions that are taken inside and being dismissed because of politically motivated actions. - So do you think it's explicit or just pressure? Just do you think there could exist just pressure at the higher ups that has a political leaning and you kind of maybe don't explicitly order any kind of thing, but just kind of pressure people to lean one way or the other and then create a culture that leans one way or the other based on political leanings? - You would really, really hope not, but I mean, that seems to be the narrative that's being written. But when you were operating, you didn't feel that pressure. - Man, I was such a low level, you know. I had no aspirations of being a boss. I wanted to be a case agent my entire life. - So you love the puzzle of it, the chase? - I love solving things, yeah. To be management and manage people and all that and like, no desire whatsoever. - What do you think about Mark Zuckerberg on Joe Rogan's podcast saying that they have the FBI warned Facebook about potential foreign interference.
Role Of Tech Companies And Current Events
Tech companies and censorship (01:26:01)
And then Facebook inferred from that that they're talking about Hunter Biden, laptop story and thereby censored it. We think about that whole story. - Again, you asked me when I was in the FBI, I wouldn't believe that from being on the inside and I wouldn't believe these things, but there's a certain narrative being written that is surprising to me that the FBI is involved in these stories. - So but the interesting thing there is, the FBI is saying that they didn't really make that implication, they're saying that there's interference activity happening. Just watch out. And it's a weird relationship between the FBI and Facebook. You could see from the best possible interpretation that the FBI just wants Facebook to be aware. 'Cause it is a powerful platform, a platform for viral spread of misinformation. So in the best possible interpretation of it, it makes sense for the FBI to send some information saying like we were seeing some shady activity. - Absolutely. - But it seems like all of that somehow escalated to a political interpretation. - I mean, yeah, it sounded like there was a wink wink with it. The, I don't know if Mark met for that to be that way. You know, like again, are we being social engineered? Or was that a true, you know, expression that Mark had? - And I wonder if the wink wink is direct or is just culture or like, you know, maybe certain people responsible on the Facebook side and have a certain political lean. And then certain people on the FBI side have a political lean when they're interacting together. And it's like literally has nothing to do with a giant conspiracy theory, but just with a culture that has a particular political lean during a particular time in history. And so like maybe it could be a Hunter Biden laptop one time and then it could be whoever, Donald Trump, Jr's laptop another time. - It's a tough job. I mean, if you're the liaison, if you're the FBI's liaison to Facebook, there's certain people that I'm sure they were offered a position at some point. It seems, you know, there's FBI agents that go, I know, I know a couple that's gone to Facebook. There's a really good agent that now leads up their child exploitation stuff. Another squad mate runs their internal investigations, both great investigators. So, you know, there's good money, especially when you're an FBI agent that's capped out at a, you know, a 1310 or whatever, pay scale you're capped out at. It's alluring to be, you know, maybe want to please them and be asked to join them. - Yeah. And over time that corrupts. I think there has to be an introspection in tech companies about the culture that they develop, about the political ideology, the bubble. It's interesting to see that bubble. Like I've asked myself a lot of questions I've interviewed the Pfizer CEO, which seems now a long time ago. And I've gotten a lot of criticism, the positive comments, but also criticism from that conversation. And I did a lot of soul searching about the kind of bubbles we have in this world. And it makes me wonder pharmaceutical companies, they all believe they're doing good. And I wonder, because the ideal they have is to create drugs that help people and do so at scale. And it's hard to know at which point that can be corrupted. It's hard to know when it was corrupted and if it was corrupted and where, which drugs and which companies and so on. And I don't know, I don't know that complicated. It seems like inside a bubble, you can convince yourself of anything as good. People inside the third Reich regime were able to convince themselves, I'm sure many just bloodlands. There's another book I've been really recently reading about it and the ability of humans to convince they're doing good when they're clearly murdering and torturing people and firm their eyes is fascinating. They're able to convince themselves they're doing good. It's crazy. Like there's not even an inkling of doubt. Yeah, I don't know what to make of that. So it has taught me to be a little bit more careful when I enter into different bubbles to be skeptical about what's taken as an assumption of truth. Like you always have to be skeptical about like what's assumed is true, is it possible it's not true? You know, if you're doing, if you're talking about America, it's assumed that, you know, in certain places that surveillance is good. Well, let's question that assumption. Yeah. And I also, it inspired me to question my own assumptions that I hold this true constantly. Constantly, it's tough. It's tough. You know, grow. I mean, do you want to be just static and not grow? You have to question yourself on some of these things if you want to grow as a person. Yeah, for sure. Now, one of the tough things actually of being a public personality when you speak publicly is you get attacked all along the way as you're growing. And in part, big, softy as well, if I may say, and those hurts, it hurts, it hurts. Do you pay attention to it? Yeah, yeah, yeah, yeah. It's very hard. Like, I have two choices. One, you can shut yourself off from the world and then ignore it. I've never found that compelling. It's kind of idea of, like, haters gonna hate. Yeah. Like, this idea that anyone with a big platform or anyone's ever done anything was always gotten hate. You know, okay, maybe. But like, I still want to be vulnerable where my heart and my sleeve really show myself, like, open myself to the world, really listen to people. And that means every once in a while, somebody will say something that touches me in a way that's like, what if they're right? Do you let that hate influence you? I mean, can you be bullied into a different opinion than you think you really are just because of that hate? No, no, I believe not, but it hurts in a way that's hard to explain. Like, yeah, it just, it gets to like, it shakes your faith in humanity, actually, is probably why it hurts. Like, people that call me a Putin apologist or a Zelensky apologist, which I'm currently getting almost an equal amount of, by it hurts. It hurts because I, it hurts because it, like, it damages slightly my faith in humanity to be able to see the love that connects us. And then to see that I'm trying to find that. And that's, I'm doing my best in the limited capabilities that have to find that. And so to call me something like a bad actor, essentially, from whatever perspective, it just makes me realize, well, people don't have empathy and compassion for each other. And it makes me question that for a brief moment. And that's like a crack and it hurts. How many people do this to your face? Very few. It's online e-muscles, man. They're deflexing. I have to be honest, that it happens. Because I've hung around with, was broken enough. When your platform grows, there's people that will come up to Joe and say stuff to his face that they forget. They still, they forget he's actually a real human being. They'll make accusations about him. So does that cause him to wall himself off more? No, he's pretty gangster on that. But yeah, it still hurts. If you're human, if you really feel others, I think that's also the difference with Joe and me. He has a family that he deeply loves and that's an escape from the world for him. There's a loneliness in me that's always long into connect with people and with regular people and just to learn their stories and so on. And so if you open yourself up that way, the things they tell you can really hurt in every way. Like just me going to Ukraine, just seeing so much loss and death, some of it is like, I mean, unforgettably haunting.
War in Ukraine (01:35:00)
Not in some kind of political way, activist way or who's right, who's wrong way, but just like, man, like so much pain. And he just stays with you. When you see a human being bad to another human, you can't get rid of that in your head. You can't imagine that we can treat each other like that. That's the hard part, I think. I mean, for me it is. When I saw parents, like, when I did the child exploitation stuff, when they rented their children out, they literally rented infant children out to others for sexual gratification. Like, I don't know how a human being could do that to another human being. And that sounds like the kind of thing you're going through. I mean, I went through a huge funk when I did those cases afterwards. I should have talked to somebody, but in the FBI, you have to keep them and cheese them up or they're going to take your gun away from you. - Well, I think that's examples of evil that that's like the worst of human nature. But it's just because I have-- - War is just as bad. I mean, somehow war, it's somehow understandable, given all the very intense propaganda that's happening. So you can understand that there is love in the heart of the soldiers on each side, given the information they're given. There's a lot of people on the Russian side believe they're saving these Ukrainian cities from Nazi occupation. Now, there is stories, there is a lot of evidence of people for fun murdering civilians. Now, that is closer to the things you've experienced of evil embodied. And I haven't interacted with that directly with people who for fun murdered civilians. - But you know it's there in the world. I mean, you're not naive to it. - Yes, but if you experience that directly, if somebody shot somebody for fun in front of me, that would probably break me. Yeah. Like seeing it yourself, knowing that it exists is different than seeing it yourself. Now, I've interacted with the victims of that, and they tell me stories, and you see their homes destroyed, destroyed for no good military reason. It's civilians with civilian homes being destroyed. That really lingers with you. But yeah, the people that are capable of that. - That goes with the propaganda. I mean, if you were to build a story, you have to, you know, you have to have, on the other side, you know, the homes are gonna be destroyed, the non-military targets are gonna be destroyed. - To put it in perspective, I'm not sure a lot of people understand the deep human side, or even the military strategy side of this war. There's a lot of experts outside of the situation that are commenting on it with certainty. And that kind of hurts me because I feel like there's a lot of uncertainty. There's so much propaganda. It's very difficult to know what is true. - Yeah, so my whole hope was to travel to Ukraine, to travel to Russia, to talk to soldiers, to talk to leaders, to talk to real people that have lost homes, that have lost family members, that who this war has divided, who this war changed completely, how they see the world, whether they have love or hate in their heart to understand their stories. I've learned a lot on the human side of things by having talked to a lot of people there. But it has been on the Ukrainian side for me currently. Traveling to the Russian side is more difficult. Let me ask you about your now friend.
Anonymous and LulzSec (01:38:58)
Can we go as far as to say his friend in a Sabu, in Hector, Masagur? What's the story? What's your long story with him? Can you tell me about what is Lalsek? Who is Sabu? And who's anonymous? What is anonymous? Where's the right place to start that story? - Probably anonymous. Anonymous is a, it's still as I guess, a decentralized organization. They call themselves headless, but once you look into them a little ways and they're not really headless, the power struggle comes with whoever has a hacking ability. That might be you're a good hacker or you have a giant botnet used for DDoS. So you're gonna wield more power if you can control where it goes. Anonymous started doing their like hacktivism stuff in 2010 or so. The word hack was in the media all the time then. And then right around then there was a federal contractor named HB Gary Federal. The CEO is Aaron Barr. And Aaron Barr said he was gonna come out and de-anonymize anonymous. He's gonna come out and talk at Black Hat or Defcon or one of those and say, you know, who they are. He figured it out. So he figured it out by based on, you know, when people were online, when people were in IRC, when tweets came out, there was no scientific proof behind it or anything. So he's just gonna falsely name people that were anonymous. So anonymous went on the attack. They went and hacked in HB Gary Federal and they turned his life upside down. They took over his Twitter account and all that stuff pretty quickly. - So I have very mixed feelings about all of this. - Okay. - And I get like part of me admires the positive side of the hacktivism. - Okay. - Is there no room for admiration there of the fuck you to the man? - Not at the time. Again, there was a violation. 18 USC 1030. So it was my job. It's what I, you know, so at the time, no, in retrospect, sure. - But what was the philosophy of the hacktivism? Was it what the philosophically were they at least expressing it for the good of humanity or not? - They outrely said that they were gonna go after people that they thought were corrupt. So they were judging jury on corruption. They were gonna go after it. Once you get inside and realize what they were doing, they were going after people that they had an opportunity to go after. So maybe someone had a zero day and then they searched for servers running that zero day. And then from there, let's find a target. I mean, one time they went after a toilet paper company. I still don't understand what that toilet paper company did, but it was an opportunity to make a splash. - Is there some way for the joke, for the lulls? - It developed into that. So I think the hacktivism and the anonymous stuff wasn't so much for the lulls. But from that HP Gear Federal hack, then there were six guys that worked well together and they formed a crew, a hacking crew, and they kind of split off into their own private channels. And that was Lulsec or Laughing at Your Security, was their motto. So that's L-U-L-Z-S-E-C, Lulsec. - Of course it is. - Lulsec. And who founded that organization? - So Kayla and Sabu were the hackers of the group, and so they really did all the work on HP Geary. So they're-- - These are code names. - Yeah, they're online names. They're nicks. And so they saw they knew each other as. They talked as those names. And they worked well together and so they formed a hacking crew. And that's when they started the-- At first they didn't name it, this was the 50 Days of Lul's, where they would just release major, major breaches. And it stirred up the media. I mean, it put hacking in the media every day. They had 400 or 500,000 Twitter followers. It was kind of interesting. But then they started swinging at the beehive and they took out on some FBI affiliated sites. And then they started Fuck FBI Fridays, where every Friday they would release something. And we waited it for the baited breath. I mean, they had us decline in sinker pissed. We were waiting to see what was gonna be dropped every Friday. It was a little embarrassing looking back on it now. - And this is in the early 2010s. - Yeah, this was 2010, 2011, right there. - You actually linger on anonymous. What do you still understand? What the heck is anonymous? - Just a place where you hang out. I mean, it's just it started on 4chan, 1d8chan. And it's really just, anyone, you could be in an anonymous right now if you wanted to. Just you're in there hanging out in the channel. Now, you're probably not gonna get much cred until you work your way up and prove who you are, someone vouches for you. But anybody can be an anonymous. And you're gonna leave anonymous. - What's the leadership of anonymous? Do you have a sense that there is a leadership? - There's a power play. Now, there's not someone that says, this is what we're doing, all we're doing. - I love the philosophical and the technical aspect of all of this. But I think there is a slippery slope to where for the laws, you can actually really hurt people. That's the terrifying thing. When you attach, I'm actually really terrified of the power of the law. The fun thing somehow becomes a slippery slope. I haven't quite understood the dynamics of that, but even in myself, if you just have fun with a thing, you lose track of the ethical grounding of the thing. And so it feels like hacking for fun can just turn literally lead to nuclear war. Like literally destabilize. - Yeah, yada, yada, yada, nuclear war, I could say, yeah. - So I've been more careful with the law. I've been more careful about that. And I wonder about it because in an internet speak, somehow ethics can be put aside through the slippery slope of language. I don't know, everything becomes a joke. If everything's a joke, then everything's allowed, and everything's allowed, then you don't have a sense of what is right and wrong. You lose sense of what is right and wrong. - You still have victims. I mean, you're laughing at someone. Someone's the butt of this joke. You know, whether it's major corporations or the individuals, I mean, some of the stuff they did was just, you know, releasing people's PII and their personal identifying information and stuff like that. I mean, is it a big deal? I don't know, maybe, maybe not, but you know, if you could choose to not have your information put out there, probably wouldn't. - We do have a sense of what anonymous is today. Has it ever been one stable organization or is it a collection of hackers that kind of emerge for particular tasks, for particular, like a hacktivism task and that kind of stuff? - It's a collection of people that has some hackers in it. There's not a lot of big hackers in it. I mean, there'll something that'll come bounce in and bounce out. Even back then, there's probably just as many reporters in it. People of the media in it with the hackers at the time, just trying to get the inside scoop on things. You know, some giving the inside scoop, you know, we were arrested and got a reporter that gave over the username and password to his newspaper. And, you know, just so he could break the story. He trusted him. - Speaking of trust, reporters, boy, there's good ones. There's good ones. - There are. - There are. But boy, do I have a complicated relationship with them. - How many stories about you are completely true? - You can just make stuff up on the internet. And one of the things that, I mean, there's so many fascinating psychological, sociological elements of the internet, to me. One of them is that you can say that Lex is a lizard, right? And if it's not funny, so lizard is kind of funny, what should we say? Lex has admitted to being an agent of the FBI, okay? You can just say that, right? And then the response that the internet would be like, oh, is that true? I didn't realize that. They won't go like provide evidence, please, right? They'll just say like, oh, that's weird. I kind of thought he might be kind of weird. And then it piles on, it's like, hey, hey, hey, guys. Like, here's a random dude on the internet just said a random thing. You can't just like pile up as, and then Johnny 6969 is now a source that says, and then like, the thing is, I'm a tiny guy, but when it grows, if you're like, have a big platform, I feel like newspapers will pick that up, and then they'll like start to build on a story, and you never know where that story really started. It's so cool. I mean, to me, actually, honestly, it's kind of cool that there's a viral nature of the internet that can just fabricate truth completely. I think we have to accept that new reality and try to deal with it somehow. You can't just like complain that Johnny 69 can start a random thing, but I think in the best possible world, it is the role of the journalist to be the adult in the room and put a stop to it versus look for the sexiest story so that there could be click bait that can generate money. Journalism should be about sort of slowing things down, thinking deeply through what is true or not, and showing that to the world. I think there's a lot of hunger for that, and I think that would actually get the most clicks in the end. I mean, it's that same pressure I think we're talking about with the FBI and with the tech companies about controllers. I mean, the editors have to please and get those clicks. I mean, they're measured by those clicks. So, you know, I'm sure the journalists, the true journalists, the good ones out there want that, but they want to stay employed too. Ganyndesh asks you really as another tangent, the Jared and others, they're doing undercover.
In terms of the tools you have for catching cybersecurity criminals, how much of is undercover? Undercover is a high bar to jump over. You have to do a lot to start an undercover in the FBI. There's a lot of thresholds. So, it's not your first investigative tool step. You have to identify a problem and then show that the lower steps can't get you there. But I mean, I think we had an undercover going on in the squad about all the times. When one was being shut down or taken down, we were spitting up another one. So, it's a good tool to have and utilize. There are a lot of work. I don't think if you run one, you'll never run another one in your life. - Oh, so it's like psychologically, it's a lot of work just technically, but it also psychologically like if the really... - It's 24/7, you're inside that world, like you have to know what's going on and what's happening. You have to remember who you are when you're criminal online. You have to go to a special school for it too. - Was that ever something compelling to you? - I went through the school, but I'm a pretty open and honest guy. So, it's tough for me to build that wall of lies. Maybe I'm just not smart enough to keep all the lies straight. - Yeah, but a guy who's good at building up a wall of lies would say that exact same thing. - Exactly. - It's so annoying the way truth works in this world. - It's like people have told me, because I'm trying to be honest and transparent, that's exactly what an agent would do, right? But I feel like an agent would not wear a suit and tie it. - I wore a suit and tie every day. I was a suit and tie guy. - You were? - Yeah, every day. I remember one time I wore shorts and the SAC came in, and this was when I was a rock star at the time in the bureau and I had shorts and I said, "Sorry, ma'am, I apologize for my attire." And she goes, "You could wear a bike shorts in here, I wouldn't care." I was like, "Oh, shit, that sounds nice." - I never wore the bike shorts, but. - Yeah. - But see, I see a suit and tie as constraining. I think it's liberating and so it's like shows that you're taking the moment seriously. - Well, not just that people wanted it. I mean, people expected when you're not, you are dressed like the perfect FBI agent. When someone knocks in their door, that's what they want to see. They want to see what Hollywood built up is what an FBI agent is. You show up like my friend, Dylan, he was dressed always in t-shirts and shorts. People aren't going to take him serious, they're not going to give him what they want. I wonder how many police agents you show up and say I'm from the FBI and start interrogating them. I could have bar probably. I could have been. - Oh, definitely if they've had a few drinks, you can definitely. Well, but people are going to recognize you, that's the only problem. That's another thing. You started taking out big cases. You can't work cases anymore in the FBI. Your face gets out there. - And your name too? - Yeah, yeah. - Well, actually let me ask you about that before we return to our friend Sabu. - Okay. - You've tracked and worked on some of the most dangerous people in this world.
Personal threats (01:52:11)
Have you ever feared for your life? - So I had to make a really, really shitty phone call one time. I was sitting in the bureau and this was right after Silk Road and Jared called me. He was back in Chicago and he called me and said, "Hey, your name and your kid's name are on a website for an assassination. They're paying to have you guys killed." Now, these things happen on the black market. They come up and people debate whether they're real or not. But we have to take it serious. Someone's paying to have me killed me. So I had to call my wife and we have a word in that if I said this word and we only said it one time to each other, if I said this is serious, drop what you're doing and get to the kids. And so I had to drop the word to her. And I could feel the breath come out of her 'cause she thought her kids were in danger and then at the time they were. I wasn't in a state of mind to drive myself. So an agent on the squad, a girl named Evalina, she drove me lights and sirens all the way to my kid's school. And we had locked, I called the school. We were in a lockdown. Nobody should get in or out, especially someone with a gun. The first thing they did was let me in the building with a gun. So I was a little disappointed with that. My kids were, I think kindergarten in fifth grade or somewhere around there, maybe they're closer or second. I'm not sure where. But all hell broke loose. And we had to, from there, go move into a safe house. I live in New York City, NYPD surrounded my house. The FBI put cameras outside my house. You couldn't drive in my neighborhood without like your license plate being red. Hey, why is this person here? Why is that person there? I got to watch my house on an iPad while I sat at my desk. But, you know, again, I put my family through that and it scared the shit out of them. And that, to be honest, I think that's sort of my mother-in-law's words were, I thought you did cyber crime. And because during so road, I didn't tell my family what I was working on. I don't talk about that sort of thing. I wanna escape that. I don't wanna be there, you know? I remember that like, so when I was in the FBI, like, driving in, I used to go in at 4.30 every morning. 'Cause I got to go to the gym before I hit, go to the desk. I would be at the desk at seven. So in the gym at five, a couple hours and then go. The best time I had was that drive-in in the morning where I could just be myself. I listened to a sports podcast out of DC. And I talked about sports and, you know, the nationals and whatever it was, the capitals. You know, it was great to not think about Silk Road for 10 minutes. So, but that was my best time. But yeah, again, so yeah. I've had that move into the safe house. I left my MP5 at home. That's the Bureau's machine gun. Showed my wife to just pull and spray. So. - But how often did you live or work and live with fear in your heart? - It was only that time. I mean, for actual physical security, then I mean, after the anonymous stuff, I really tightened down to my cybersecurity. You know, I don't have social media. I don't have pictures of me and my kids online. I don't really, if I go to a wedding or something, I say, I don't take my picture with my kids, you know, if you're gonna post it someplace or something like that. So that sort of security I have. But, you know, just like everybody, you start to relax a little bit and security breaks down because it's not convenient. - But it's also part of your joust, you're much better at letting me your job now, you know, your job before. So you're probably much better taking care of the little hanging fruit, at least. - I understand the threat. And I think that's what a lot of people don't understand is understanding what the threat against them is. So I'm aware of that and what possibly. And I think about it, you know, I think about things. I do remember, so you tripped a memory in my mind. I remember a lot of times and I had a gun on my hip. I still carry a gun to this day, opening my front door and being concerned what was on the other side, leave walking out of the house. 'Cause I couldn't see it. I remember those four o'clocks, heading to the car, I was literally scared. - Yeah. I mean, having seen some of the things you've seen, it makes you perhaps question how much evil there's out there in the world. How many dangerous people there are out there? - Crazy people, even. - There's a lot of crazy, there's a lot of evil. Most people, I think, get into like cyber crime or just opportunistic, not necessarily evil. They don't really know, maybe think about the victim. It's a crime of opportunity, you know? I don't label that as evil. - And one of the things about America that I'm also very happy about is that rule of law, despite everything we talk about, there is, it's tough to be a criminal in the United States. So like, if you walk outside of your house, you're much safer than you are in most other places in the world. - You're safer and the system's tougher. I mean, Lolsec, six guys, one guy in the United States, five guys in other places. Hector was facing 125 years. Those guys got slapped on the wrist and went back to college. You know, different laws, different places.
Hector Monsegur a.k.a Sabu (01:57:57)
So who's Hector? Tell me the story of Hector. So this law, psych organization was started. So Hector was before that in, he was part and anonymous. He was doing all kinds of hacking stuff, but then he launched the law, psych. - He's old school hacker. I mean, he learned how to hack, and I don't wanna tell his story, but he learned to hack because he grew up in the Lower East Side of New York and picked up some NYPD computers that were left on the sidewalk for trash. Taught himself out of it. - He doesn't exactly look like a hacker. For people who don't know, he looks, I don't know exactly what he looks like, but it's not like a technical, not what you would imagine. But perhaps that's a Hollywood portrayal. - Yeah, I think you get in trouble these days saying that what a hacker looks like. I don't know if they have a traditional look. Just like I said, the Hollywood has an idea of an FBI looks like, I don't think you can do that anymore. I don't think you can say that anymore. - Well, he certainly has a big personality and charisma and all that kind of stuff. - That's Sabu. - I can see him selling me anything. That's Sabu convincing me of anything. - You know, there are two different people. There's Sabu, there's Hector. Hector is a sweet guy. He likes to have intellectual conversations, and that's just a thing. He'd rather just sit there and have a one-on-one conversation with you, but Sabu, that's a rule in his motherfucker. - I knew you first met Sabu. - I was tracking Sabu. - True, it's all I knew was Sabu. I didn't know Hector. - So when did your paths cross, when in terms of tracking? When did you first take on the case? - The spring of '11, it was through anonymous. - Through anonymous, but really kind of little sec. We were, little sec was a big thing, and it was pushed out to all the cyber, you know, 56 field offices in the FBI. Most of them have cyber squads or cyber units. And so, you know, it was being pushed out there, and it was in the news every day, but it really was in ours. So we didn't have a lot of victims in our AOR area of responsibility. And so we just kind of pay attention to it. Then I got a tip that a local hacker in New York had broken into AOL. And so Olivia, Olivia Olson and I, she's another agent who she's still in. She's a supervisor around LA. She's a great agent. We went all around New York looking for this kid just to see what we can find. And ended up out in Staten Island at his grandmother's house. She didn't know where he was, obviously. Why would she? But I left my card. He gave me a call that night, started talking to me. And I said, let's just meet up tomorrow at the McDonald's across from 26th Fed. And he came in and three of us sat there and talked and, you know, gave me a stuff. He started telling me about the felonies. He was committing those days, including that break in AOL. And then he finally says, you know, I can give you Sabu. Sabu to us was the Kaiser SoSave Hagen. He was our guy. He was the guy that was in the news that was pissing us off. So-- - So he was part of the FBI Fridays? - Sabu was, yeah. Oh, he let it. Yeah, he was the leader of F*ck FBI Fridays. So yeah. - Well, it was one of the more memorable F, the triple Fs. I said, how do you get, how and why do you go after the Beehive? That's kind of intense. - You get you on the news. It gets you, it's the lols. It's funnier to go after the big ones. You know, and they weren't getting like real FBI. They weren't breaking into FBI mainframes or anything, but they, you know, they were, you know, affiliate sites or anything that have to do. There are a lot of law enforcement stuff was coming out. So, but, you know, we looked back and so if this kid knew that Sabu, maybe there was a chance we could use him a little, a little, a little, a little lower Sabu out. But we also said, well, maybe this kid knows Sabu in real life. And so we went and looked through the IPs and 10 million IPs. We find one and it belonged to him. And so that day Sabu, someone had docked Sabu. And we were a little afraid he was going to be on the run. We had a surveillance team and FBI surveillance teams are awesome. Like you cannot even tell their FBI agents. It's, it's, it's, they are really that good. I mean, there's baby strollers and all, whatever you wouldn't expect an FBI agent to have. So that's a little like the movies. A little bit. Yeah. I mean, it is true, but, but they fit into the area. So now they're on the Lower East Side, which is, you know, a baby stroller might not fit in there as well. You know, somebody's laying on the ground or something like that. They really get, play the character and get into it. So now I can never trust a baby stroller. Yeah. Well, probably should. Every, every baby, I'm just like, look at stare at them suspicious. Especially if the moms were in cargo pants, well, she pushes it. So. Yeah. So if it's like a verse stereotypical, mom's stereotypical baby, I'm going to be very suspicious. I'm going to question the baby. The baby's wired. What do you know? Yeah. You know, we raced out there and like our squad's not even full. There's only a few guys there. And like I said, I was a suit guy, but that day I had shorts and a T-shirt on it, a white T-shirt on. And I only bring it up because Sabu makes fun of me to this day. So I had a bulletproof vest and a white T-shirt on. That was it. I shorts tuned and all that. But raced over to there. We didn't have any equipment. We brought our bosses, bosses, boss. He stopped off at NYPD, got us like a ballistic shield and a battery in Ram if we needed it. And then we get to Hector's house, Sabu's house, and he's on the sixth floor. And so normally, you know, we're the cyber dork squad. We'll hop in the elevator and six floors. It's a long ways to go up and bulletproof vest and a ballistic shield. But we had been caught in an elevator before on a search. So we didn't. Yeah. Took the stairs. We get to the top. Tadwind did, but knocking the door and this big towering guy opens the door just slightly. And he sees the green vest with big yellow letters, FBI. And he steps outside. Yeah, it can help you. You know, it tries to social engineer us. But eventually we get our way inside the house. You know, I noticed a few things that are kind of out of place. There's a laptop charger and a flashing modem. And I said, well, do you have a computer here? And he said, no, there's no computer here. So we knew the truce and then the half lies and all that sort of thing. So it took us about another two hours and finally gave up that he was Sabu. He was the guy we were looking for. So we sat there and we kind of showed him sort of the evidence we had against him. And, you know, from his words, we sat there and talked like two grown adults. And, you know, I gave him the options and he said, well, let's talk about working together. So he chose to become an informant. I don't think he chose that night, but that's where it kind of went to. So then we brought him down to the FBI that night, which was a funny trip because I'm sitting in the back seat of the car with him. And I was getting calls from all over the US, from different FBI agents saying that we arrested the wrong guy. And I was like, I don't think so. And they're like, why do you think so? I was like, 'cause he says it's him. And they still said, now it's the wrong guy. So I said, well, we'll see how it plays out. - That's so interesting 'cause it's a strange world. It's such a strange world 'cause it's tough to, 'cause you still have to prove it's the same guy, right? 'Cause the anonymity. - Yeah, I mean, we had his laptop at that point. - Yeah, I know. - And him saying, that helped again in my clue in my world. - Yeah, yeah. - But yeah, if he would have fought it, I mean, that definitely would have come in as evidence that every FBI agents are saying it's not him. You have to disclose that stuff. - So he had a lot of stuff on him. - What was he facing if he was facing 125 years? - 125 years in prison. - Now that's if you took every charge we had against him and put him consecutively. No one ever gets charged that, but yeah, he had, essentially, it would have been on her 25 years. You know, fast forward to the end, he got thanked by the judge for service after nine months and he walked out of the court of free men. - But that's being, while being an informant, yes. - Well, so the word informant here really isn't that good. It's not fitting that technically, I guess that's what he was, but he didn't know the other people. It was all an honor, he knew Nix and all that. He really gave us the insight of what was happening in the hacker world. Like I said, he was an old school hacker. He was back when hackers didn't work together with anonymous. He was down a cult of dead cow and those type guys, like way back, and he was around for that. He's like an encyclopedia of hacking. But, you know, we just-- - So like his prime was in the 90s. - For terror hack, but yeah, he kind of came back when anonymous started going after MasterCard and PayPal and all that, do the WikiLeaks stuff. - But even that little interaction, being an informant, he probably made a lot of enemies. How do you protect a guy like that? - He made enemies after it was revealed. - Yeah. - How does the FBI protect him? - Yeah. - Good luck. - I mean, perhaps I'll talk to him one day, but is that guy afraid for his life? - Again, I think-- - It doesn't seem like it. - He has very good security for himself, cybersecurity. But, you know, yeah, he doesn't like the negative things said about him online. I don't think anybody does. But, you know, I think it's so many years of the internet kind of bitching at you and all that, you get calloused though, it's just internet bitching. - And also the hacking world moves on very quickly. He is kind of-- - Yeah, like they have their own wars to fight now, and he's not part of those wars anymore. - There's still people out there that bitch and moan about him, but yeah, I think it's less. I think, you know, he has a good message out there of, you know, he trying to keep kids from making the same mistakes he made. He tries to really preach that. - How do people get into this line of work? Is there all kinds of ways being not your line of work, his line of work? Just all the stories you've seen of people that are in anonymous and lalsack and Silk Road and all the cyber criminals you've interacted with, what's the profile of a cyber criminal? - I don't think there's a profile anymore. You know, I used to be able to say, you know, the kid in your mom's basement or something like that, but it's not true anymore. You know, like it's wide. And it's like, I've arrested, I've arrested people that you wouldn't expect would be cyber criminals. - And it's in the United States, it's international, it's everything? - Oh, it's international. I mean, we're seeing a lot of the big hackers now. The bigger rest for hackers in England, so surprisingly, you know, there's, you know, you're not gonna see there's a lot of good hackers like down in Brazil, but I don't think Brazil law enforcement is as good as hunting them down. So you're not gonna see the bigger rest. - How much state sponsored cyber attacks are there? Do you think? - More than you can imagine. And it will, what do you wanna say an attack? You had a successful attack or just a probing? - Probing for information, just like feeling, you know, testing that there's where the attack factors are, trying to collect all the possible attack. - Put a Windows 7 machine on the internet forward-facing and put a packet sniffer on there and look at where the traffic comes from. I mean, in 24 hours, you were gonna fill up a hard drive with packets just coming at it. I mean, it's not hard to know. I mean, it's just constantly probing for entry points into things, you know. You could go mad putting up honeypot, draws in intrusions. Should I see what-- - Just to see what's out there. - Yeah, and it doesn't go anywhere. It maybe has fake information and stuff like that. You know, it's kind of to see what's going on and judge what's happening in the internet. You know, lick your finger and test the wind of what's happening these days. - The funny thing about, like, because I'm at MIT, that attracted even more attention for the, not for the laws, but for the technical challenge. It seems like people enjoy hacking MIT. It's just the amount of traffic MIT was getting for that in terms of just the sheer number of attacks from different places is crazy. Yeah, like just like that, putting up a machine seeing what comes. - NASA used to be the golden ring. Now everybody got NASA. Like the early 90s, if you could hack NASA, that was the, now MIT is a big one. - Yeah, it's fun. It's fun to see. Respect. 'Cause I think in that case, it comes from a somewhat good place. 'Cause you know, they're not getting any money for MIT. It's more for the challenge. Let me ask you about that. About this world of cybersecurity.
Cyber Security And Potential Threats
Cyber attack threats against civilians (02:11:07)
How big of a threat are cyber attacks for companies and for individuals? Like, let's lay out, where are we in this world? What's out there? - It's the Wild Wild West. And it's, it's, I mean, people want the idea of security, but it's inconvenient so they don't, they push back on it. And there are a lot of opportunistic nation state, financially motivated hackers, hackers for the lols. You got three different tiers there. And they're on the prowl. They have tools. They have really good tools that are being used against us. And at what scale? So when you're thinking of, I don't know what's, let's talk about companies first. So say you're talking to a mid tier. I wonder what the most interesting business is. So Google, let's look at large tech companies that we can look at medium size tech companies. And like you were sitting in a room with a CTO, with a CEO. And the question is, how fucked are we? And what should we do? What's the low hanging food? What are the different strategies and those companies should consider? - I mean, the problem is they want to push button. They want to, they want to, out of the box solution that they're insecure, you know, they want to tell people they're secure, but-- - And that's very challenging to have. - It's impossible. But like if I could, if someone had it, they'd be a billionaire. You know, they'd be beyond a billionaire, you know, because that's what everybody wants. So it's, you know, you can buy all the tools you want. It's configuring them the proper way. And there's, if anyone's trying to tell you that there's one solution that fits all, they're snake hole as husband. And there's a lot of people inside but security that are snake hole as husband. - Yeah, and I feel like there's tools if they're not configured correctly, they just introduce, they don't increase security significantly and they introduce a lot of pain for the people. They decrease efficiency of the actual work you have to do. So like we had, I was at Google for a time. And I think mostly I want to give props to their security efforts, but user data. So like data that belongs to users is like the holy, like the amount of security they have around that is incredible. So most, any time I had to work with anything even resembling user data. So I never got a chance to work with actual user data. Anything resembling that, first of all, you have no access to the internet. It's impossible to even come close to the access to the internet. And there's so much pain to actually like interact with that data. I mean, it was extremely inefficient. In places where I thought it didn't have to be that inefficient, the security was too much. But I have to give respect to that because in that case you want to err on the side of security. But that's Google. They were doing a good job of this. The reputation of harm, if it got out, I mean, Google, why is Google drive free? Because they want your data. They want you to park your data there. So if they got hacked or leaked information, the reputational harm would be tremendous. But for a company that's not, it's really hard to do that, right? And the company is not as big as Google or not as tech savvy as Google. Might have a lot of trouble doing that kind of stuff. Instead of increasing security, they'll just decrease the efficiency. Well, yeah. So there's a big difference between IT and security. And unfortunately, like these mid-side companies, they try to stack security into their IT department. Your IT department is about business continuity. They're about trying to move business forward. They want users to get the data they need to do their job so the company can grow. Security is not that. They don't want you to get the data. But there's fine tuning you can do to ensure that. I mean, it's as simple as having good onboarding procedures for employees. Like you come into my company, you don't need access to everything. Maybe you need access to something for one day. Turn the axes on, don't leave it on. I mean, I was the victim of the OPM hack, the Office of Personnel Management, because old credentials from a third party vendor were sitting there and active. And the Chinese government found those credentials and were able to log in and steal all my information. So a lot could be helped if you just control the credentials, the access, the access control, how long they last. And people who need access to a certain thing only get access to that thing and not nothing else. And then it just gets refreshed like that. Access control, like we said, setting up people leaving the company, get rid of their, they don't need control. Two-factor authentication, that's a big thing. I mean, I sound like a broken record because this isn't anything new. This isn't rocket science. The problem is we're not implementing it. If we are, we're not doing it correctly. Because these guys are taking us. Well, two-factor authentication is a good example of something that I just was annoyed by for the longest time. Because yes, it's very good, but like it seems that it's pretty easy to implement horribly, to where it's like, it's not convenient at all for the legitimate user to use. It should be trivial to do, like to authenticate yourself twice should be super easy. If security, if it's slightly inconvenient for you, it's thinking about how inconvenient it is for a hacker. And how you're just going to move on to the next person. Yes, yes. In theory, when it's implemented extremely well. Yeah. But I just don't think so. I think actually if it's inconvenient, it shows that system has been thought through a lot. Do you know why we need two-factor authentication? People using the same password across the same site. So when one site is compromised, people just take that username and password. It's called credential stuffing and just stuff it across the internet. So if 10 years ago when we told everybody, don't use the same fucking password across the internet, across the vulnerable sites, maybe two-factor wouldn't be needed. Yes, so you wouldn't need two-factor if everyone did good job with passwords. Yeah. Right. But I'm saying like, two-factor authentication, it should be super easy to authenticate myself with some other device really quickly. Like there should be, it should be frictionless. Like you just hit okay? Okay. And anything that belongs to me. Yeah. And like, it should very importantly be easy to set up what belongs to me. I don't know the full complexity of the cyber attacks these platforms are under. They're probably under insane amount of attacks. Yeah, you've got it right there. People have no idea these large companies, how often they're attacked on a per second basis. And they have to fight all that off and pick out the good traffic in there. So, yeah, I wouldn't, there's no way I'd want to run a large tech company. What about protecting individuals for individuals? What's good advice for to try to protect yourself from this increasingly dangerous world of cyber attacks? Again, educate yourself that you understand that there is a threat. First, you have to realize that then then you're going to step up and you're going to do stuff a little bit more. Sometimes I guess think I take that to a little bit extreme. I remember one time my mom called me and she was screaming that, yeah, I woke up this morning and I just clicked on a link and now my phone is making weird noises. And I was like, throw your phone in a glass of water. Just put it in a glass of water right now. And she's, I made my mom cry. It was not a pleasant thing. So, sometimes I go to a little extremes on those ones, but understanding as a risk and making it a little bit more difficult to become a victim. I mean, just understanding certain things. You know, simple things like, you know, as we add more internet of the things to people's houses, I mean, how many wifi networks do people have? And somebody does one and you're bumping your phones and giving your password to be able to come to visit. Set up a guest network, set up something you can change every 30 days. Simple little things like that. You know, I hate to remind you about change your passwords. I mean, I feel like I'm a broken record again. But just make it more difficult for others to victimize you. And then don't use the same password everywhere. That, that, yes. I mean, I still know people that do that. I mean, ask.fm.com got popped last week, two weeks ago. And that's 350 million username and passwords with connected Twitter accounts, Google accounts, you know, all the different social media accounts. You know, that is a treasure trove for the next two and a half, three years of just using those credentials everywhere. Using, you'll learn, even if it's not the right password, you'll learn people's passwords styles. You know, bad guys are making portfolios out of people. You know, we're figuring out how people generate their passwords and kind of, you know, figuring it in. It's easier to crack their password. You know, we're making a dossier on each person. It's 350 million dossiers just in that one hand. Yahoo, there was a hat, half a billion. So the, the thing a hacker would do with that is try to find all the low hanging fruit, like have some kind of program that, yeah, evaluates the strength of the passwords and then finds the weak ones. And that means that this person is probably the kind of person that would use the same password across multiple. Or even just write a program. Remember the ring hack a couple of year ago? That's all it was, it was credential stuffing. So ring the security system by default had two factor, but didn't turn it on. And they also had a don't try unlimited tries to log into my account. You can lock it out after 10 by default, not turned on. 'Cause it's not convenient for people. You know, ring, you know, it was like, I want people to stick these little things up and have security in their house. But you know, cyber security, don't make it inconvenient that people won't buy our product. That's all they got hacked. They would want to say that it's insecure and got hacked into a reputational harm right there for ring, but they didn't. It was just credential stuffing. People bought username and passwords on the black market and just wrote a bot that just went through ring and used every one of them to maybe 1% hit, but that's a big hit to the number of ring users. You know, you can use also password managers to make the changing of the passwords easier. And to make you can choose the difficulty. The number of special characters, the length of it and all that. My favorite thing is on websites. ELA-E for your password being too long or having too many special characters. Or like, yeah, you're not allowed to have this special character or something. You can only use these three special characters. It's a, you know. Do you understand how password cracking works if you specifically tell me which special characters I can use? I want to, I honestly just want to have a one-on-one meeting. Like late at night with the engineer that programmed that. Cause that's like an intern. I just want to have a sit-down meeting. Yeah, I made my parents switch banks once because the security was so poor. I was like, you just, you can't have money here. But then there's also like the zero-day attacks. Like I mentioned before the QNEP NAS, the CAT Act. Luckily I didn't have anything private on there. But it really woke me up until like, okay. So like, if you take everything extremely seriously. Unfortunately for the end users, there's just nothing you can do about Zero Day. You know, there's this, you have no control over that. I mean, it's the engineers that made the software don't even know about it. Now let's talk about one days. So there's a patch now out there for the security. So if you're not updating your systems for these security badges, if it's just not on you, my father-in-law has such an old iPhone, you can't security patch it anymore. So, you know, and I tell him, when he's like, you know, this is what you're missing out on. This is what you're exposing yourself to because, you know, we talked about that powerful tool that how we found Ross Alberk at gmail.com. Well, bad guys are using that too. It's called, you know, it used to be called Google Dorking. Now it's, I think it's named kind of Google hacking by the community. You can go, you know, and find a vulnerability, read about the white paper, what's wrong with that software. And then you can go on the internet and find all of the computers that are running that outdated software. And there's your list, there's your target list. - Yeah. - I know the vulnerabilities that are running. Again, not making a playbook here, but, you know, that's how easy it is to find your targets. And that's what the bad guys are doing. - Then the reverse is tough. It's much tougher, but it's still doable, which is like first find the target. If you have specific targets, to, you know, hack into a Twitter account, for example. - Much harder. - That's probably social engineering, right? That's probably the best way. - Probably if you wanted something specific to that, I mean, if you really want to go far, you know, if you're targeting a specific person, you know, how hard is it to get into their office and put a, you know, a little device, USB device in line with their mouse, who checks how their mouse is plugged in. And you can, for 40 bucks on the black market, you can buy a key logger that just USB, then the mouse plugs right into it. It looks like an extension on the mouse, if you can even find it. You can buy the stuff with a mouse inside of it and just plug it into somebody's computer. And as there's a key logger that lives in there and calls home and sends everything you want. So, I mean, and it's cheap. - Yeah. - So, that's a good school program that built a bunch of key loggers. It was fascinating, a tracking mouse. Just for, I was doing this part of the research. I was doing to see if by the dynamics of how you type and how you move the mouse, you can tell who the person is. - Oh, wow. - That's like, it's called the active authentication or like, basically biometrics, that's not using bio. It's just to see how identifiable that is. So, it's fascinating to study that, but it's also fascinating how damn easy it is to install key loggers. So, I think it's, is in natural, what happens is you realize how many vulnerabilities they're on this world. You do that when you understand bacteria and viruses, you realize they're everywhere. And the same way with, I'm talking about biological ones. And then you realize that all the vulnerabilities that are out there, one of the things I've noticed quite a lot is how many people don't log out of their computers. Just how easy physical access the system actually is. Like in a lot of places in this world, and I'm not talking about private homes, I'm talking about companies, especially large companies. It seems quite trivial in certain places that I've been to to walk in and have physical access to a system. And that's depressing to me. - It is. I laugh because one of my partners at NACCO that I work at now, he worked at a big company. Like you would know the name as soon as I told you, I'm not gonna say it. But the guy who owned the company, and the company has his name on it, didn't want to ever log into a computer, just annoyed the shit out of him. So they hired a person that stands next to his computer when he's not there. And that's his physical security. - It seems that's good. That's pretty good actually. - Yeah, I mean, I guess if you could afford to do that. - At least you're taking your security seriously. I feel like there's a lot of people in that case would just not have a login. - Yeah. - No, the security team there had to really work around to make that work. - Yeah. - Non-compliant with company policy. - But that's interesting. The key log, there's just a lot of threats. - Yeah, I mean, a lot of ways to get in. - Yeah, I mean, so you can't sit around and worry about someone physically gaining access to your computer with key log and stuff like that. If you're traveling to a foreign country and you work for the FBI, then yeah, you do. You pick little, sometimes some countries, you would bring a fake laptop just to see if they stole it or accessed it. - I really want, especially in this modern day, to just create a lot of clones of myself, that generate lex sounding things and just get put so much information out there. I actually dox myself all across the world. - And then you're not a target, I guess. Just put it out there. - I've always said that though. We do these searches in FBI houses and stuff like that. If someone just got like a box load of like 10 terabyte drives and just encrypted them. Oh my God, you know how long the FBI would spend their wheels trying to get that data off there? Be insane. - Also, just give them. - You don't even know which one you're looking for. - Yeah. That's true, that's true. So it's like me printing like a treasure map to a random location, just get people to go and go to spaces. Yeah, what about operating system?
Most secure operating system (02:27:55)
What have you found? What's the most secure? What's the least secure operating system? Windows, Linux? Is there no universal? - There's no universal security. I mean, it changed. You people used to think Macs were the most secure. Just 'cause they were just weren't out there, but now kids have had access to them. So, you know, I know you're a Linux guy. I like Linux too, but you know, it's tough to run a business on Linux. People wanna move more towards the Microsofts and the Googles just 'cause they don't. It's easier to communicate with other people that maybe aren't computer guys. So, you have to just take what's best, what's easiest, and secure the shit out of it as much as you can and just think about it. - What are you doing these days at NACCO? - So we just started NACCO. So I left the government and went to a couple of consultancies and I started working, really other people, I worked good in the government with. I brought them out with me. - And now? - You used to work for the man and now you're the man. - Exactly, but now we formed a partnership and it's just a new cybersecurity firm that our launch party is actually on Thursday. So it's gonna be exciting. - Do you wanna give more details about the parties that somebody can hack into it? - No, I don't know, they're gonna tell you where it is. You can come if you want, but don't bring the hackers. - Well, that's, Hector will be there with us. - I can't believe you invited me 'cause you also say insider threat is the biggest threat. By the way, can you explain what the insider threat is? - The biggest insider threat in my life is my children. My son's big into Minecraft and will download ex-utables mindlessly and just run them on the network. So he is-- - Do you recommend against marriage and family and kids? - Nope, nope, I think from a security perspective. From a security perspective, absolutely. But now I just segmentation. I mean, we do it in all businesses for years. Started segmenting networks, different networks. I just do it at home. My kid's on his own network. It makes it a little bit easier to see what they're doing too. You can monitor traffic and then also throttle bandwidth. If your Netflix isn't playing fast enough or buffers or something, so you can obviously change that a little too. - You know they're gonna listen to this, right? They're gonna get you tricks. - Yeah, that's true. They'll definitely well listen. But there's nothing more humbling than your family. You think you've done something big and you go on a big podcast and talk to less freemen and they don't fucking care. - Unless you're on TikTok or-- - You'll show up on a YouTube feed or something like that and they'll be like, "Oh yeah, this guy's boring." My son does a podcast for his school and it's still, I still can't get it from the telling. So, one of the, Hector and I just started a podcast. Talking about cybersecurity, we do a podcast called Hacker in the Fed. It just came out yesterday. So first episode. So yeah, we got 1,300 downloads the first day. So pretty, we were at the top of Hacker News, which is a big website in our world. So it's called Hacker in the Fed. - Hacker in the Fed's name is. So go download and listen to Hacker in the Fed. I can't wait to see what, 'cause I don't think I've seen a video of YouTube together. So I can't wait to see what the chemistry is like. - It's not weird that you guys used to be enemies and now you're friends. - So yeah, I mean, we just did some, a trailer and all that. And the art producer, we have a great producer got him finniest and he kind of pulls things out of me and I said, "Okay, I got one." My relationship with Hector, you know, we're very close friends now. And then he's like, "Oh, I arrested one of my closest friends." Which is a very strange relationship. - Yeah, it's weird. - You know, but he says that I changed his life. I mean, he was going down a very dark path and I gave him an option that one night and he made the right choice. I mean, he now does penetration testing. He does a lot of good work and, you know, he's turned his life around. - Do you worry about cyber war in the 21st century?
Cyber war (02:31:44)
- Absolutely. If there is a global war, it'll start with cyber, you know, if it's not already started. - Do you feel like there's a, like a boiling, like the drums of war beating? What's happening in Ukraine with Russia? It feels like the United States becoming more and more involved in the conflict in that part of the world and China is watching very closely. It's starting to get involved geopolitically and probably in terms of cyber. Do you worry about this kind of thing happening in the next decade or two, like where it really escalates? You know, people in the 1920s were completely terrible at predicting the World War II. Do you think we're at the precipice of war potentially? - I think we could be. I mean, I would hate to just be, you know, fear margarina out there, you know, COVID's over. So the next big thing in the media is war and all that. But I mean, there's some flags going up that are very strange to me. - Is there a way to avoid this? - I hope so. I hope some Barnard people than I are figuring it out. I hope people are playing their parts and talking to the right people because that's, the war is the last thing I want. - Well, there's two things to be concerned about in cyber side. One is the actual defense on the technical side of cyber. And the other one is the panic that might happen when something like some dramatic event happened because of cyber, some major hack that becomes public. I'm honestly more concerned about the panic because I feel like if people don't think about the stuff the panic can hit harder. Like if they're not conscious about the fact that we're constantly under attack, I feel like it'll come like a much harder surprise. - Yeah, I think people will be really shocked on things. I mean, so we talked about Lolsek today and Lolsek was 2011. They had access into a water supply system of a major U.S. city. They didn't do anything with it. They were sitting on it in case someone got arrested and they were gonna maybe just expose that it's insecure. Maybe they were gonna do something to fuck with it. I don't know. But that's 2011. I don't think it's gotten a lot better since then. - And there's probably nation states or major organizations that are sitting secretly on hacks. - 100%, 100%. They're sitting, secretly waiting to expose things. I mean, again, I don't wanna scare this shit out of people but people have to understand the cyber threat. I mean, there are thousands of nation state hackers in some countries. I mean, we happen to. We have offensive hackers. - You know, the terrorist attacks of 9/11, there's planes that actually hit actual buildings and it was visibly clear and you can trace the information. With cyber attacks, say that something that would result in the major explosion in New York City, how the hell do you trace that? Like, if it's well done, it's going to be extremely difficult. The problem is, there's so many problems. One of which the US government in that case has complete freedom to blame anybody they want. - True. - And then to start war with anybody, anybody that actually see, that's sorry, that's one cynical take on it, of course. - No, but you're going down the right path. I mean, the guys that the food planes and the buildings wanted attribution, they took credit for it. When we see the cyber attack, I doubt we're going to see attribution. Maybe the victim side, the US government on this side might come out and try to blame somebody, but you know, like you've brought up, they could blame anybody they want. There's no really a good way of verifying that. - Can I just ask for your advice? So in my personal case, am I being tracked? How do I know? How do I protect myself? Should I care? - You are being tracked. I wouldn't say you're being tracked by the government. You're definitely being tracked by big tech. - No, I mean, me personally, Lex and escalated level. So like, like you mentioned, there's an FBI file on people. - Sure. - I'd love to see what's in that file. Who did I have the argument for? Oh, let me ask you, FBI. - Yeah. - How's the cafeteria food and FBI? - At the academy, it's bad. - Yeah. - What about like-- - At headquarters? - At headquarters. - A little bit better 'cause that's what the director, I mean, he eats up on the seventh floor. - Have you been like at Google? Have you been at Silicon Valley, those cafeteria? Like those-- - I've been at the Google in Silicon Valley. I've been at the Google in New York. - Yeah. - The food is incredible. - It is great. - So FBI is worse. - Well, when you're going through the academy, they don't let you outside of the building, so you have to eat it. But I think that's the only reason people eat it. - Yeah. - And it's pretty bad. - I got it. - Okay, I don't know why it's-- - But there's also a bar inside the FBI academy. People don't know that. - Alcohol bar? - Yes, alcohol bar. And as long as you've passed your PT and going well, you're allowed to go to the bar. - Nice. It feels like if I was a hacker, I would be going after celebrities 'cause they're a little bit easier, like celebrity celebrities, like Hollywood. - Hollywood nudes were a big thing there for a long time. - But now, yeah, I guess news is-- - That's what they went after. I mean, all those guys, they socialized, they did the social engineer to Apple to get backups, to get the recoveries for backups, and then they just pulled all their news, and I mean, whole websites were dedicated to that. - Yeah, see that, see I wouldn't do that kind of stuff. It's very creepy. I would go, if I was a hacker, I would go after like major, like powerful people, and like tweet something from their account, and like something that, like positive, like loving, but like for the walls, that obviously is a troll. - God, you get busted so quick. - What a bad hacker. - Really, but why? - Because hackers never put things out about love. - Oh, you mean like, this is clearly, it's a clearly Lex, but the fuck. - That's about love at every podcast he does. - I would just be like, no, oh god, damn it, now somebody's gonna do it, you'll blame me. It wasn't me. - Looking back at your life, is there something you, - I'm only 44 years old, I'm already looking back. - Is there stuff that you regret? - Eevee unit, I still got away. - That was the one that got away. - Yeah, I mean, it took me a while into my law enforcement career to learn about like the compassionate side, and it took Hector Monsterger to make me realize that criminals aren't really criminals, they're human beings. That really humanized the whole thing for me, sitting with him for nine months. I think that's maybe why I had a lot more compassion when I arrested Ross, probably wouldn't have been so compassionate if it was before Hector, but yeah, he changed my life and showed me that humanity side of things. - So would it be fair to say that all the criminals, or most criminals are just people that took a wrong turn at some point, they all have the capacity for good and for evil in them? - I'd say 99% of the criminals that I've interacted with, yes, the people with the child exploitation, no, I don't have any place in my heart for them. - What advice would you give to people in college, people in high school, trying to figure out what they want to do with their life, how to have a life they can be proud of, how to have a career they can be proud of, all that kind of stuff?
Advice for young people (02:39:38)
- In the US budget that was just put forward, there's $18 billion for cybersecurity. We're about a million people short of where we really should be in the industry if not more. If you have want job security and want to work and see exciting stuff, head towards cybersecurity. It's a good career. And one thing I dislike about cybersecurity right now is they expect you to come out of college and have 10 years experience in protecting and knowing every different Python script out there and everything available. The industry needs to change and let the lower people in in order to broaden and get those billion jobs filled. But as far as their personal security, just remember it's all gonna follow you. I mean, there's laws out there now that you have to turn over your social media accounts in order to have certain things. They just changed that in New York state. If you want to carry a gun, you have to turn over your social media to figure if you're a good social character. So hopefully you didn't say something strange in the last few years and it's gonna follow you forever. I bet Ross Alberk would tell you the same thing when he not don't put Ross Alberk at gmail.com on things 'cause it's gonna last forever. - Yeah, people sometimes, for some reason, they interact on social media as if they're talking to a couple of buddies. Like just shooting shit and mocking and like, what is that? Busting each other's chops, making fun of yourself, like being, especially gaming culture, like people who stream. - Thank God, that's not recorded. Oh my God, the things people say on those streams. - Yeah, but a lot of them are recorded. This is, there's a whole Twitch thing where people stream for many hours a day. And I mean, just outside of the very offensive things they say, they just swear a lot. They're not the kind of person that I would wanna hire. I wanna wanna work with. Now, I understand that some of us might be that way privately, I guess, when you're shooting shit with friends, like playing a video game and talking shit to each other, maybe. - Yeah. - But like, that's all out there. You have to be conscious of the fact that that's all out there. And it's just not a good look. It's not like you're, it's complicated 'cause I'm like against hiding who you are. - But like an asshole, you should hide some of it. - Yeah, but like, I just feel like it's going to be misinterpreted. When you talk shit to your friends while you're playing video games, it doesn't mean you're an asshole. 'Cause you're an asshole to your friend, but that's how a lot of friends show love. - Yeah, an outside person can't judge how I'm friends with you. But if I wanna be, this is our relationship. If that person can say that I'm an asshole to them, then that's fine, I'll take it. But you can't tell me I'm an asshole to them just because you saw my interaction. - I agree with that. - They'll take those words out of context and that's considered who you are is dangerous. And people take that very natural entel, like people treat their behavior on the internet very, very carelessly. That's definitely something that you need to learn and take extremely seriously. Also, I think that taking that seriously will help you figure out what you really stand for. If you use your language carelessly, you'd never really ask like, what do I stand for? I feel like it's a good opportunity when you're young to ask like, what are the things that are okay to say? What are the ideas I stand behind? Especially if they're controversial and I'm willing to say them because I believe in them versus just saying random shift for the laws. Because for the random shift, the laws keep that off the internet. That said, man, I was an idiot for most of my life and I'm constantly learning and growing it. I hate to be responsible for the kind of person I was in my teens, in my twenties. I didn't do anything offensive, but it just changed as a person. Like I used to, I guess I probably still do, but I used to, I used to read so much existential literature. That was a phase. There's like phases. - Yeah, you grow and evolve as a person that changes you in the future. Yeah, thank God there wasn't social media when I was in high school. Thank God. Oh my God, I would never be gotten the FBI. - Would you recommend that people consider a career at a place like the FBI? - I loved the FBI. I never thought I would go anyplace else, but the FBI, I thought I was gonna retire with the gold watch and everything from the FBI. That was my plan. - Can't really watch. - No, but you know what I mean, it's an expression. - It's an exclamation. - All right. - You get a gold badge. You actually get your badge in the looseite and your creds, you put it in the looseite and all that. So does it, by the way, just on a tangent since we like those?
FBI's credibility (02:44:50)
Does it hurt you that the FBI by certain people is distrusted or even hated? - 100%, it kills me. I like, I've never until recently not, I sometimes be embarrassed about the FBI sometimes, which is really, really hard for me to say 'cause I love that place. I love the people in it. I love the, the brotherhood that you have with all the guys in your squad, the guys and girls, I just use the guys. You know, we, I developed a real drinking problem there because we were so social of going out after work and continuing on. It really was a family. So I do miss that. But yeah, I mean, if someone can become an FBI agent, I mean, it's pretty fucking cool, man. The day you graduate and walk out of the academy with a gun and a badge and the power to charge someone with a misdemeanor for flying in the United States flag at night, that's awesome. - So there is a part of like representing and loving your country and especially if you're doing cyber security. So there's a lot of technical savvy in there and different places in the FBI. - Yeah, I mean, there's different pieces. Sometimes you'll see an older agent that's done, not cyber crime, come over to cyber crime at the end so he can get a job once he goes out. But there's also some guys that come in. I won't name his name, but there was a guy, I mean, I think he was a hacker when he was a kid. And now he's an agent, now he's way up in management. Great guy, I love this guy. And he knows who he is if he's listening. You know, that, you know, he had some skills. But we also lost a bunch of guys that had some skills because because we had one guy in the squad that he had to leave the FBI because his wife became a doctor and she got her residency down in Houston and she couldn't move. He wasn't allowed to transfer so he decided to keep his family versus the FBI. So there's some stringent rules in the FBI that need to be relaxed a little bit. - Yeah, I love hackers turned like leaders. Like one of my quickly becoming good friends is Mudge. There was a big hack in the 90s and then now was recently Twitter, Chief Security Officer, CSO. But he had a bunch of different leadership positions including being my boss at Google. But originally a hacker. It's cool to see like hackers become like leaders. - I just wonder what would cause him to stop doing it. Why he would then take like a managerial route for high tech companies. - I think a lot of those guys, so this is like the 90s, they really were about like the freedom, there's like a philosophy to it. And when I think the hacking culture evolved over the years and I think when it leaves you behind you start to realize like, oh, actually what I wanna do is I wanna help the world and I can do that and legitimate routes and so on. But that's the story that, and yeah, I would love to talk to him one day. But I wonder how common that is too. Like young hackers turn good. You're saying it like pulls you in. It's if you're not careful, it can really pull you in. - Yeah, it's good at it. You become powerful, you become, you know, everyone's slapping you on the back and say, what a good job and all that. You know, at a very young age. - Yeah. - So yeah, I would love to get into my buddy's mind on why he stopped hacking and moved on. That's gonna be a good conversation. - In his case, maybe it's always about a great woman involved, a family and so on. - Yeah, that's true. - That grounds you. Because like we have, there is a danger to hacking that once you're in a relationship, once you have family, maybe you're not willing to partake in. What's your story? What, from childhood, what are some fond memories you have? - Fond memories? - What did you go up? - Well, I don't give away that information. - In the United States? - Yeah, yeah, yeah, in Virginia. - In Virginia, yeah. - What are some rough moments? What are some beautiful moments that you remember? - I had a very good family growing up. The, like, rough moment. And I'll tell you a story that just happened to me two days ago and it fucked me up, man, it really didn't. You'll be the first one. I've never told, I tried to tell my wife this two nights ago and I couldn't get it out. So, my father, he's a disabled veteran. He was a disabled veteran. He was in the army and got hurt. And it was in a wheelchair his whole life. For all my growing up. He was my biggest fan. He just wanted to know everything about, you know, what was going on in the FBI, my stories. I was a local cop before the FBI and I got to a high speed car chase, you know, foot chase and all that and kicking doors in. He wanted to hear none of those stories. And at some points, I was kind of too cool for school and, ah, dad, I just want to break and all that and things going on. We lost my dad during COVID. Not because of COVID, but it was around that time, but it was right when COVID was kicking off. And so he died in a hospital by himself. And I didn't get to see him then. And then my mom had some people visiting her the other night and the Tom and Karen Roggerberg, and I'll say they're my second biggest fans, right behind my dad. They always asking about me and my career and they've read the books and seen the movie. They'll even tell you that Silk Road movie was good. I felt a lot of the idea on that. But, and so they came over and I helped them with something and my mom was that called me back a couple days later and she said, "I appreciate you helping them. "I know fixing someone's Apple phone over the phone "really isn't what you do for a living." It's kind of beneath you and all that, but I appreciate it. And she said, "Oh, they loved hearing the stories "about Silk Road and all those things." And she goes, "Your dad, he loved those stories. "I just wish you could have heard of him." And he even would tell me, he would say, "Maybe Chris will come home and I'll get him drunk "and he'll tell me the stories." But, and then she goes, "Maybe one day in heaven, "you can tell him those stories." And I fucking lost it. I literally stood in my shower sobbing like a child. Just thinking about all my dad wanted was those stories. - Yeah. - And now I'm on a fucking podcast telling stories to the world and I did tell him. - Yeah. So, did you ever have a long heart to heart with him about like, about such stories? - He was in the hospital one time and I went through and I wanna know about his history, like his life, what he did. And I think he may be sensationalized, some of it, but that's what you want. You're a dad's a hero, so you wanna hear those things. - It's a good storyteller. - Yeah, again, I don't know what was true and not true, but you know, some of it was really good. And it was just good to hear his life, but you know, we lost him and now those stories are gone. - You miss him? - Yeah. - What did he teach you about? What it means to be a man? - So my dad, he was an engineer. And so part of his job, we worked for Vermont, power and electric or whatever it was. I mean, when he first got married to my mom and all that, he flew around an helicopter, checking out like power lines and dams. He used to swim inside the scuba into dams to check to make sure they were functioning properly and all that. - Nice. - Pretty cool shit. - Yeah. - And then he couldn't walk anymore. I probably would have killed myself if my life switched like that so bad. And my dad probably went through some dark points, but he had that from me maybe. And so to get through that struggle, to teach me, like, you know, you pre-press on, you have a family, people counting you, you do what you gotta do, that was big. - Yeah. - Oh, I'm sure you make him proud, man. - I'm sure I do, but I don't think he knew that. That I knew that. - Well, you get to pass on that love to your kids now. - I try, I try, but I can't impress them as much as my dad impressed me. - I can try all I want, but. - Well, what do you think is the role of love?
'Cause you gave me some grief, you busted my balls a little bit for talking about love a lot. What do you think is the role of love in the human condition? - I think it's the greatest thing, I think everyone should be searching for it. If you don't have it, find it, get it as soon as you can. I love my wife, I really do. I had no idea what love was until my kids were born. My son came out and this is a funny story. He came out and I just wanted him to be safe and be healthy and all that. And I said to the doctor, I said, 10 and 10 doc, 10 fingers, 10 toes, everything good. And he goes, nine and nine. I was like, what the fuck? I was like, oh, this is gonna suck. Okay, we'll deal with it and all that. He was talking about the Appencard cord, or some score about breathing and color and all that. And I was like, oh shit, but no one told me this. But so I'm just sobbing, I couldn't even cut the umbilical cord. Just fell in love with my kids when I saw them and that to me really is what love is, just for them, man. - And I see that through your career that love developed, which is awesome, being able to see the humanity in people. - I did when I was young, the foolishness of youth. I needed to learn that lesson hard. I mean, when I was young in my career, it was just about career goals and resting people became stats. You rest on one, you get a good stat, you get done out of a boy. Maybe the boss likes it and you get a better job or you move up the chain. It took a real change in my life to see that humanity. - And I can't wait to listen to your talk, which is probably hilarious and insightful. Given the life of the two you lived and given how much you've changed each other's lives, I can't wait to listen brother. And thank you so much. This is a huge honor of your amazing person with an amazing life. This was an awesome conversation. - Dude, huge fan. I love the podcast. Glad I could be here. Thanks for the invite. So, exercising the brain too. It was great. It was a great conversation. - And the heart too, right? - Oh, yeah, yeah. You got some tears there at the end. - Thanks for listening to this conversation with Chris Starbald. To support this podcast, please check out our sponsors in the description. And now, let me leave you with some words from Benjamin Franklin. They can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety. Thank you for listening. And hope to see you next time.