WEBVTT 00:00:00.099 --> 00:00:03.860 JACK: I remember this one time I really botched a job interview. 00:00:03.860 --> 00:00:10.430 I was young, in my early twenties, and I applied to do surveillance at a casino. 00:00:10.430 --> 00:00:15.040 You know, the eye in the sky; watch twenty monitor screens at once and try to find someone 00:00:15.040 --> 00:00:20.030 cheating or stealing things in the casino and then call the security guards on them? 00:00:20.030 --> 00:00:25.720 Well, I got an interview with the head of casino security, and things were going well. 00:00:25.720 --> 00:00:31.970 We hit it off and he liked my resume, but then he asked me one last question. 00:00:31.970 --> 00:00:37.160 [MUSIC] If you saw me stealing in the casino, would you turn me in? 00:00:37.160 --> 00:00:40.571 Now, I was dumbfounded by this question. 00:00:40.571 --> 00:00:42.630 What is this, some kind of ethics test? 00:00:42.630 --> 00:00:45.720 I mean, he’s the head of security. 00:00:45.720 --> 00:00:49.150 If I saw him stealing, who would I even report it to? 00:00:49.150 --> 00:00:52.530 I was baffled on how to answer this. 00:00:52.530 --> 00:00:57.780 But I wanted this job bad, and so, I did a whole bunch of mental gymnastics to try to 00:00:57.780 --> 00:01:01.120 read his face and see what answer he wanted. 00:01:01.120 --> 00:01:05.780 I mean, the first thing that popped into my mind was that quote from the Godfather. 00:01:05.780 --> 00:01:06.780 Here, listen. 00:01:06.780 --> 00:01:11.110 MICHAEL: You’re my older brother and I love you, but don’t ever take sides with anyone 00:01:11.110 --> 00:01:12.890 against the family again. 00:01:12.890 --> 00:01:15.909 JACK: Don’t take sides against the family. 00:01:15.909 --> 00:01:17.880 Who do you think started the whole casino business? 00:01:17.880 --> 00:01:18.880 It was mobsters. 00:01:18.880 --> 00:01:24.799 So, what did this head of security cherish more, family or the law? 00:01:24.799 --> 00:01:27.520 It’s an impossible thing to answer. 00:01:27.520 --> 00:01:33.360 I felt as if I was on the poker table going head-to-head with him, trying to read what 00:01:33.360 --> 00:01:36.909 cards he was holding, and my job was what was on the line. 00:01:36.909 --> 00:01:42.210 Well, I blurted out, of course I wouldn’t turn you in; you’re my boss. 00:01:42.210 --> 00:01:46.909 With that, he stood up and said, thanks for coming in, but we’re looking for someone 00:01:46.909 --> 00:01:48.909 else. Good luck. 00:01:48.909 --> 00:01:49.909 And he reached out to shake my hand. 00:01:49.909 --> 00:01:53.299 I quickly realized my mistake. 00:01:53.299 --> 00:01:55.549 Taking the family’s side was the wrong answer. 00:01:55.549 --> 00:01:58.440 It’s the definition of corruption. 00:01:58.440 --> 00:02:02.430 Even if he wanted me to always protect the family, this was just too soon of a test to 00:02:02.430 --> 00:02:04.360 ask me something like that. 00:02:04.360 --> 00:02:07.320 I wasn’t part of the family yet. 00:02:07.320 --> 00:02:12.989 Siding with him was taking sides against the casino itself, and if he was actually corrupt, 00:02:12.989 --> 00:02:16.690 he wouldn’t show his cards like that so early in the first interview with someone. 00:02:16.690 --> 00:02:18.459 So, I reversed my position. 00:02:18.459 --> 00:02:23.840 I shouted, no, no, no, I would definitely turn you in; the casino is who I work for, 00:02:23.840 --> 00:02:25.160 not you. 00:02:25.160 --> 00:02:30.580 He smiled and shook his head and walked me to the door, and said, better luck next time, 00:02:30.580 --> 00:02:31.610 kid. 00:02:31.610 --> 00:02:39.260 (INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. 00:02:39.260 --> 00:02:43.970 I’m Jack Rhysider. 00:02:43.970 --> 00:02:47.390 This is Darknet Diaries. 00:02:47.390 --> 00:02:54.260 [INTRO MUSIC ENDS] 00:02:54.260 --> 00:03:01.989 JACK: So, let’s start out with who you are. 00:03:01.989 --> 00:03:03.030 What do you do? 00:03:03.030 --> 00:03:05.180 CONNOR: Yeah, so, I’m Connor Tumbleson. 00:03:05.180 --> 00:03:08.540 I’m a engineer here in Tampa. 00:03:08.540 --> 00:03:10.760 Really gone up the steps over the years. 00:03:10.760 --> 00:03:15.930 I think I’m – I’m our Director of Engineering now, so I do a lot of tech stuff. 00:03:15.930 --> 00:03:20.040 JACK: The main thing to know about Connor is he spent years in the tech industry. 00:03:20.040 --> 00:03:24.940 He’s a great programmer, which has led him to become a director of engineering, and he’s 00:03:24.940 --> 00:03:26.480 content in his current role. 00:03:26.480 --> 00:03:28.129 He’s definitely not job-seeking. 00:03:28.129 --> 00:03:33.599 However, his resume is pretty nice and he’s got a whole list of skills under his belt, 00:03:33.599 --> 00:03:34.599 and he has a great GitHub. 00:03:34.599 --> 00:03:40.080 GitHub is a place where people go to share programming code they made, and Connor has 00:03:40.080 --> 00:03:45.030 wrote a lot of code, so Connor has published a lot of this code to GitHub for other people 00:03:45.030 --> 00:03:46.030 to see. 00:03:46.030 --> 00:03:49.310 If you go there, you can see what code he’s been writing since 2011. 00:03:49.310 --> 00:03:55.670 In fact, he’s posted new code 51,000 times over the last twelve years. 00:03:55.670 --> 00:04:00.239 What’s interesting about GitHub is you can go back through those years and see every 00:04:00.239 --> 00:04:04.079 line of code that he shared and what date he shared it. 00:04:04.079 --> 00:04:07.030 Okay, September 14, 2022, you get an e-mail. 00:04:07.030 --> 00:04:08.310 CONNOR: Yeah, it’s crazy. 00:04:08.310 --> 00:04:14.310 I’m sitting at lunch and – your phone goes off, and I get one of those weird subject 00:04:14.310 --> 00:04:16.820 titles that I think is just an easily deletable one. 00:04:16.820 --> 00:04:20.139 I think it word-for-word was something like, Connor, your identity is stolen. 00:04:20.139 --> 00:04:23.690 JACK: [MUSIC] It does have a spammy taste to it, doesn’t it? 00:04:23.690 --> 00:04:25.660 I think I’ve probably gotten spam like this before. 00:04:25.660 --> 00:04:28.389 You know, click here to see if my identity is stolen. 00:04:28.389 --> 00:04:33.289 CONNOR: I was like, yeah, this is probably spam because it came from an address I didn’t 00:04:33.289 --> 00:04:34.289 recognize. 00:04:34.289 --> 00:04:38.110 It looked like a bunch of foreign characters I didn’t recognize and I was like, alright, 00:04:38.110 --> 00:04:39.889 this is a delete. 00:04:39.889 --> 00:04:42.110 But then, before I deleted it, I saw it had an attachment. 00:04:42.110 --> 00:04:47.300 I was like, okay, I’m on my phone; this is a – I think probably an easy preview, 00:04:47.300 --> 00:04:50.770 especially since it was a suspect e-mail. 00:04:50.770 --> 00:04:54.540 But thankfully I could just preview it and I previewed it, and it was my resume, but 00:04:54.540 --> 00:04:55.610 it wasn’t. 00:04:55.610 --> 00:04:58.220 I was like, this is really odd. 00:04:58.220 --> 00:05:05.389 JACK: The e-mail was from a guy named Andrew, and Andrew was also a programmer, but he’s 00:05:05.389 --> 00:05:09.930 just starting out in college and has only posted a little bit to GitHub. 00:05:09.930 --> 00:05:14.740 Andrew said someone found him and messaged him on GitHub and offered him a job, but when 00:05:14.740 --> 00:05:20.009 Andrew asked more questions about the job, he was told he had to act like Connor to get 00:05:20.009 --> 00:05:21.009 the job. 00:05:21.009 --> 00:05:25.550 CONNOR: I kinda just quickly ate my lunch and ran back to my computer and jumped on 00:05:25.550 --> 00:05:27.300 to view it in Gmail. 00:05:27.300 --> 00:05:33.699 At that point, when I expanded it for real, I saw it was way more than my resume. 00:05:33.699 --> 00:05:39.979 It was an introduction of me from a – it was really rough reading it from the very 00:05:39.979 --> 00:05:44.940 first inspection ‘cause it was someone trying to pretend they were me. 00:05:44.940 --> 00:05:50.919 ‘Cause not only was the e-mail just clearly wrong, but the address was a address that 00:05:50.919 --> 00:05:54.900 was for sale on Zillow kind of right around where I live. 00:05:54.900 --> 00:05:59.039 Then it was my resume, then it was information about a company, and then it was information 00:05:59.039 --> 00:06:01.430 of a fake cover letter I wrote. 00:06:01.430 --> 00:06:05.940 [MUSIC] At this point, I’m thinking holy cow, what is going on here? 00:06:05.940 --> 00:06:10.300 ‘Cause now I think this is actually legitimate, because there’s someone that has put a great 00:06:10.300 --> 00:06:16.449 deal of effort into taking a lot of my true, earned achievements –whatever; school, everything 00:06:16.449 --> 00:06:20.590 – but then mixed it with a bunch of things that are lies, which I think, funny enough, 00:06:20.590 --> 00:06:22.630 boosted my resume in a way. 00:06:22.630 --> 00:06:24.110 But yeah, they weren’t true. 00:06:24.110 --> 00:06:28.590 It was just a mixture of lies and truth in a huge document. 00:06:28.590 --> 00:06:30.699 JACK: Okay, wow. 00:06:30.699 --> 00:06:35.770 They took Connor’s real resume but changed just a few things like the e-mail address, 00:06:35.770 --> 00:06:38.770 physical address, and few other accomplishments. 00:06:38.770 --> 00:06:40.319 But all this sounds really spooky. 00:06:40.319 --> 00:06:44.389 I mean, to get an e-mail from someone explaining all this? 00:06:44.389 --> 00:06:50.009 The person sending the e-mail could be trying to help or they could be trying to scam Connor 00:06:50.009 --> 00:06:53.960 into paying them to scrub this information off of some website or something. 00:06:53.960 --> 00:06:57.370 What was the real intention of this Andrew guy who e-mailed him? 00:06:57.370 --> 00:07:02.580 CONNOR: Yeah, so, it was weird; he was telling me that there was this guy, Maris, and this 00:07:02.580 --> 00:07:06.910 – a guy that was hiring him to be an engineer. 00:07:06.910 --> 00:07:09.150 I was like, okay, what does that have to do with me? 00:07:09.150 --> 00:07:13.810 Then he says in the next sentence in the e-mail – he’s like, it turns out I was supposed 00:07:13.810 --> 00:07:19.020 to pretend to be you and I didn’t feel comfortable with it, and sent me the doc. 00:07:19.020 --> 00:07:23.919 So, I read that, I read the doc, and I’m still thinking this is weird because as you 00:07:23.919 --> 00:07:28.500 just mentioned, I’m getting suspicious that the guy just wants me to sign into something, 00:07:28.500 --> 00:07:29.770 buy something. 00:07:29.770 --> 00:07:34.669 So, I just send a quick response and I said, so, to get this right, you were hired at a 00:07:34.669 --> 00:07:38.990 company and then paid to pretend to be me for an interview. 00:07:38.990 --> 00:07:44.110 He responds and goes, yeah, I’m about to go to class, but here’s a few log snippets 00:07:44.110 --> 00:07:45.509 of a Slack channel. 00:07:45.509 --> 00:07:50.270 JACK: It seems like this guy Andrew is responding to questions Connor has, but is equally as 00:07:50.270 --> 00:07:52.150 confused as Connor is about this. 00:07:52.150 --> 00:07:57.129 I mean, imagine someone messages you on GitHub, offers you some paid work, and when you say, 00:07:57.129 --> 00:08:00.090 yeah, that sounds great, then they ask you to pretend to be someone else. 00:08:00.090 --> 00:08:05.080 So, Andrew was sending more information over to Connor; screenshots of Slack chat that 00:08:05.080 --> 00:08:06.759 he had with this Maris person. 00:08:06.759 --> 00:08:12.949 CONNOR: At this point, I’m actually getting attached to this because in the screenshot 00:08:12.949 --> 00:08:18.620 he sends me, he’s talking about the interview – that’s supposed to be in a few hour’s 00:08:18.620 --> 00:08:24.370 time that I’m looking at – of me that he is no longer attending. 00:08:24.370 --> 00:08:28.159 This is crazy because I’m also talking to a co-worker next to me at this point; like, 00:08:28.159 --> 00:08:29.759 should I join this interview? 00:08:29.759 --> 00:08:30.759 What is going on? 00:08:30.759 --> 00:08:36.229 I feel like someone is pretending to be me in an interview later today. 00:08:36.229 --> 00:08:37.940 That is kinda crazy to think about. 00:08:37.940 --> 00:08:42.470 JACK: Oh, right, this is an online video interview and it’s all set up where the company is 00:08:42.470 --> 00:08:48.550 expecting Connor to join and be interviewed, and it was in a few hours. 00:08:48.550 --> 00:08:50.620 This just gets wilder and wilder. 00:08:50.620 --> 00:08:54.200 Connor starts wondering if he should join the interview and – just to see what’s 00:08:54.200 --> 00:08:55.200 going on. 00:08:55.200 --> 00:08:58.850 At the least, he can inform this other company that they shouldn’t hire him, because he’s 00:08:58.850 --> 00:09:00.870 not actually applying for the job. 00:09:00.870 --> 00:09:04.579 That’s gonna be awkward to explain to them, for sure. 00:09:04.579 --> 00:09:09.010 All the while, Connor is trying to figure out why they took his resume to copy. 00:09:09.010 --> 00:09:11.519 What was it about Connor that made his resume special? 00:09:11.519 --> 00:09:16.730 CONNOR: Yeah, and I think that’s what really sketched me out or made me feel a bit uneasy, 00:09:16.730 --> 00:09:21.090 ‘cause at the end of the day, I thought, why not just make some AI-generated random 00:09:21.090 --> 00:09:24.090 document if you’re trying to go out there and get jobs? 00:09:24.090 --> 00:09:27.570 JACK: [MUSIC] Connor still feels like he needs more details from Andrew. 00:09:27.570 --> 00:09:28.950 Something just isn’t adding up, still. 00:09:28.950 --> 00:09:30.750 CONNOR: I’m trying to actually e-mail him a lot. 00:09:30.750 --> 00:09:33.140 I’m saying, hey, I need more info here. 00:09:33.140 --> 00:09:36.610 I dug deeper into this and it’s more creepy than I thought. 00:09:36.610 --> 00:09:38.510 I was like, hey, what more can you give me? 00:09:38.510 --> 00:09:40.550 Can you give me all your e-mail communications? 00:09:40.550 --> 00:09:41.550 Can you tell me more? 00:09:41.550 --> 00:09:43.410 He was like, sorry, I’m going to class. 00:09:43.410 --> 00:09:44.780 I was like, oh. 00:09:44.780 --> 00:09:47.960 So, the person that’s helping me through this is no longer available. 00:09:47.960 --> 00:09:50.090 JACK: How did Andrew get involved in this? 00:09:50.090 --> 00:09:52.730 CONNOR: He mentioned that he just got cold e-mailed. 00:09:52.730 --> 00:09:57.589 Like, just a random e-mail presumably from his GitHub where someone reached out and said 00:09:57.589 --> 00:10:03.010 they were looking for a partner to join him and needed a bit of development experience. 00:10:03.010 --> 00:10:08.000 This was a guy that was a fresh developer right out of school that was looking for a 00:10:08.000 --> 00:10:10.940 place to work, and it seemed like a great chance. 00:10:10.940 --> 00:10:15.750 So, I think he continued moving forward with this employment as they said they needed a 00:10:15.750 --> 00:10:20.060 good English-speaking engineer, and he fit all those boxes. 00:10:20.060 --> 00:10:21.950 Andrew ends up joining this company. 00:10:21.950 --> 00:10:27.340 They get invited to a Slack channel, and the same day he joins the Slack channel, roughly 00:10:27.340 --> 00:10:31.730 a few hours later, he ends up getting a bunch of messages. 00:10:31.730 --> 00:10:36.730 JACK: Now, when Andrew joined the Slack chat, he was greeted by someone just named PND. 00:10:36.730 --> 00:10:40.350 CONNOR: This PND person is a acronym. 00:10:40.350 --> 00:10:45.589 Ends up posting to Andrew and says, hey, you’re gonna pretend to be this person, and it’s 00:10:45.589 --> 00:10:49.230 a lient that he ends up linking or sharing to me. 00:10:49.230 --> 00:10:54.329 That’s when Andrew realizes, I don’t really want to be part of this because Connor looks 00:10:54.329 --> 00:10:56.860 like an English-speaking engineer. 00:10:56.860 --> 00:11:01.200 Why am I pretending to be him? 00:11:01.200 --> 00:11:07.230 Maris or the PND, we don’t really know who this person is, says, yeah, Connor is one 00:11:07.230 --> 00:11:08.230 of our engineers. 00:11:08.230 --> 00:11:09.680 Is that gonna be a problem for you? 00:11:09.680 --> 00:11:17.710 He says, yeah, that violates his ethical behavior, and Andrew just ends up leaving and taking 00:11:17.710 --> 00:11:19.160 a bunch of information with him. 00:11:19.160 --> 00:11:22.130 So, I’m thinking to Andrew, this guy’s amazing. 00:11:22.130 --> 00:11:28.300 He just leaked a bunch of information to me from this whole thing and I guess lost a job 00:11:28.300 --> 00:11:29.320 in the process. 00:11:29.320 --> 00:11:33.740 Probably not the best job, but for someone looking for work, I guess a job was a job. 00:11:33.740 --> 00:11:39.150 JACK: Hm, I wonder how big of a decision this was for Andrew, a college kid looking for 00:11:39.150 --> 00:11:43.839 work, finding a job that pays, but having to turn it down because it violates his ethics. 00:11:43.839 --> 00:11:48.830 I bet there are quite a lot of college kids that would be up for it, you know? 00:11:48.830 --> 00:11:54.550 I wonder if this is a tactic, that this Maris person or PND person targets college kids 00:11:54.550 --> 00:12:00.320 because they need the experience and work and are more willing to take non-ethical jobs. 00:12:00.320 --> 00:12:01.579 I don’t know. 00:12:01.579 --> 00:12:06.740 [MUSIC] Anyway, for Connor to get an e-mail like this, it absolutely derailed his ability 00:12:06.740 --> 00:12:09.440 to concentrate on anything at work that day. 00:12:09.440 --> 00:12:14.209 I mean, he had to go to an interview that he did not set up, and how do you even prepare 00:12:14.209 --> 00:12:15.519 for something like that? 00:12:15.519 --> 00:12:18.970 Actually, it doesn’t matter, since there just wasn’t much time to prepare for it, 00:12:18.970 --> 00:12:19.970 anyway. 00:12:19.970 --> 00:12:20.970 CONNOR: Yep, exactly. 00:12:20.970 --> 00:12:24.760 So, I think I opened it around noon and the interview was at 4:00, 4:30. 00:12:24.760 --> 00:12:28.300 So, it was a pretty quick turnaround on all of this. 00:12:28.300 --> 00:12:31.600 JACK: Andrew sent Connor all the information to join the interview. 00:12:31.600 --> 00:12:36.610 CONNOR: It, of course, had the Zoom link and the time and the company and the meeting. 00:12:36.610 --> 00:12:37.740 I was like, oh, this is crazy. 00:12:37.740 --> 00:12:39.100 Well, I’m gonna use this for sure. 00:12:39.100 --> 00:12:44.520 So, then I join it, but I actually join the interview about five minutes before it starts, 00:12:44.520 --> 00:12:46.339 and I’m just kinda sitting in a Zoom channel. 00:12:46.339 --> 00:12:48.520 It’s the Zoom waiting room. 00:12:48.520 --> 00:12:50.399 I can’t really talk to anyone yet. 00:12:50.399 --> 00:12:51.699 I’m stuck there. 00:12:51.699 --> 00:12:57.760 My fear is I’m sitting in this meeting and someone is gonna join before me, like another 00:12:57.760 --> 00:13:00.890 person, and then I’m stuck in a debate. 00:13:00.890 --> 00:13:05.640 But thankfully, the interviewer, he shows up early and adds me. 00:13:05.640 --> 00:13:12.260 We both jump on video, sitting in the same spot I am now, and I say, hey, before we jump 00:13:12.260 --> 00:13:15.029 into the interviews, you’re not gonna believe anything I’m gonna tell you, so I’m gonna 00:13:15.029 --> 00:13:16.649 go really quick. 00:13:16.649 --> 00:13:21.199 I just proceed to tell this guy – and I think I just spew it out as quick I can, of 00:13:21.199 --> 00:13:26.250 saying I didn’t apply for this job, but I am indeed the person that you have all the 00:13:26.250 --> 00:13:28.290 documentation for. 00:13:28.290 --> 00:13:31.570 He starts getting really confused here trying to not – follow what’s going on. 00:13:31.570 --> 00:13:34.060 I think at first he thinks I’m pranking him. 00:13:34.060 --> 00:13:38.910 I’m trying to explain, no, this is legitimate. 00:13:38.910 --> 00:13:41.959 I’m the real Connor, but I did not apply for this job. 00:13:41.959 --> 00:13:44.590 He starts joking with me; well, your resume’s really good. 00:13:44.590 --> 00:13:49.389 We were hoping this was a real interview. 00:13:49.389 --> 00:13:52.540 While we’re talking, I’m trying to explain what happened from my perspective, that I 00:13:52.540 --> 00:13:53.540 got an e-mail. 00:13:53.540 --> 00:13:58.550 I’m asking him, can you share from your perspective who applied for the job? 00:13:58.550 --> 00:14:03.149 While we’re talking about this – because he lets me know that it was on Upwork that 00:14:03.149 --> 00:14:06.699 my fake self applied for the job. 00:14:06.699 --> 00:14:12.170 Then he tells me that there’s another Connor Tumbleson in the waiting room. 00:14:12.170 --> 00:14:19.020 At this point, I’m freaking out a bit because now another fake Connor has decided to join 00:14:19.020 --> 00:14:21.199 the call, and he’s trapped in the meeting room. 00:14:21.199 --> 00:14:25.770 This interview guy, he goes, hey, why don’t you change your name, turn off your camera, 00:14:25.770 --> 00:14:26.770 and just sit in this call? 00:14:26.770 --> 00:14:29.020 I was like, holy cow, that is amazing. 00:14:29.020 --> 00:14:30.370 It was your idea; I love it. 00:14:30.370 --> 00:14:32.660 I want to sit here and figure out what’s going on. 00:14:32.660 --> 00:14:39.550 So, I change my name, I turn off my Zoom camera, and I’m sitting in the call when he admits 00:14:39.550 --> 00:14:42.029 another Connor Tumbleson. 00:14:42.029 --> 00:14:48.579 This is where the story goes even crazier, is I then sit in a call and listen to a guy 00:14:48.579 --> 00:14:50.210 with this accent that I can’t place. 00:14:50.210 --> 00:14:54.910 I think I can safely say it’s probably not American, but I don’t know where. 00:14:54.910 --> 00:14:58.040 This guy then proceeds to say that he’s Connor Tumbleson. 00:14:58.040 --> 00:15:03.810 Not only that; he starts reading off all my accomplishes, even says his GitHub address, 00:15:03.810 --> 00:15:08.699 which is odd because I haven’t changed my alias on my – alias in like, twenty years, 00:15:08.699 --> 00:15:10.009 so iBotPeaches everywhere is me. 00:15:10.009 --> 00:15:14.420 So, to hear someone say that, it was just extremely upsetting. 00:15:14.420 --> 00:15:19.600 I’m just sitting in this call, listening to this guy proceed to just list things. 00:15:19.600 --> 00:15:23.449 I can tell he’s reading the sheet word-for-word that I’m looking at. 00:15:23.449 --> 00:15:28.139 JACK: Man, I can’t even imagine being in this scenario, listening in on an interview 00:15:28.139 --> 00:15:32.060 with someone else pretending to be you trying to get this job. 00:15:32.060 --> 00:15:33.060 What? 00:15:33.060 --> 00:15:36.950 All the time fake Connor is speaking, the real Connor is muted, listening. 00:15:36.950 --> 00:15:38.380 How does he respond to all this? 00:15:38.380 --> 00:15:41.449 How would you respond to this situation? 00:15:41.449 --> 00:15:45.690 If I were him, I’d be freaking out, wondering if I’m being pranked and wanting to know 00:15:45.690 --> 00:15:49.839 who this guy is that’s pretending to be me, and who put him up to this. 00:15:49.839 --> 00:15:51.009 CONNOR: Yep, definitely that. 00:15:51.009 --> 00:15:54.730 I’m talking to some co-workers at the same time during this, ‘cause we’re all sitting 00:15:54.730 --> 00:15:58.750 around, ‘cause they’re all – at this point – involved in the story. 00:15:58.750 --> 00:16:00.649 I couldn’t stay on mute any longer. 00:16:00.649 --> 00:16:02.279 It was just really, really rough. 00:16:02.279 --> 00:16:06.790 I thought I could sit there and just listen to information, but I turned my camera on 00:16:06.790 --> 00:16:08.500 and kinda just started talking. 00:16:08.500 --> 00:16:12.510 I said hey, I’m the real Connor Tumbleson, so who are you? 00:16:12.510 --> 00:16:16.279 I didn’t get, I think, more than five, ten words out of my mouth, and he just dropped 00:16:16.279 --> 00:16:21.930 the call, which was pretty sad ‘cause I really wanted to figure out if we could have 00:16:21.930 --> 00:16:26.589 just a candid conversation of why this was happening, but he left the call immediately. 00:16:26.589 --> 00:16:29.470 JACK: What was going through your mind after that interview? 00:16:29.470 --> 00:16:33.899 CONNOR: Just the fact that another Connor joined the call, a fake me. 00:16:33.899 --> 00:16:38.649 I was so confused because I was under the impression initially that this guy I was talking 00:16:38.649 --> 00:16:42.220 to, Andrew, had ended up joining the call and going forward with this. 00:16:42.220 --> 00:16:43.680 I was like, why would he do that? 00:16:43.680 --> 00:16:45.110 He just leaked it all to me. 00:16:45.110 --> 00:16:48.329 I couldn’t really figure out in my head how there was actually someone joining the 00:16:48.329 --> 00:16:49.329 call. 00:16:49.329 --> 00:16:54.130 JACK: So, this PND person set up this interview and asked Andrew to join it and pretend to 00:16:54.130 --> 00:16:55.470 be Connor. 00:16:55.470 --> 00:16:59.279 Andrew said no for ethical reasons, but then someone else pretending to be Connor did join 00:16:59.279 --> 00:17:00.279 the call. 00:17:00.279 --> 00:17:01.389 Who was that person? 00:17:01.389 --> 00:17:02.610 CONNOR: Yeah, exactly. 00:17:02.610 --> 00:17:08.179 So, at that point, I’m talking to the interviewer again ‘cause the other Connor has left the 00:17:08.179 --> 00:17:09.179 call. 00:17:09.179 --> 00:17:13.959 I was like, hey, do you mind just sending me everything you have? 00:17:13.959 --> 00:17:18.630 I was asking for who applied, how did he apply, et cetera. 00:17:18.630 --> 00:17:19.709 This guy goes, yeah, sure. 00:17:19.709 --> 00:17:21.000 Can I have your e-mail address? 00:17:21.000 --> 00:17:25.030 I was like, hey, just take the e-mail they gave you and take the 2 off the end of it, 00:17:25.030 --> 00:17:27.540 ‘cause it was such an embarrassingly copied e-mail. 00:17:27.540 --> 00:17:31.480 It was just my e-mail with a number 2 at the end. 00:17:31.480 --> 00:17:37.280 So, sure enough, this company, they then e-mail me and it’s just screenshots of Upwork. 00:17:37.280 --> 00:17:42.160 This is where I got way more creeped out, [MUSIC] is it was a fake Upwork of me. 00:17:42.160 --> 00:17:46.210 Once again, it was a highly-detailed resume’s accomplishment. 00:17:46.210 --> 00:17:51.160 They even had a random Laravel certification I got from a few years ago. 00:17:51.160 --> 00:17:53.850 I didn’t even put that anywhere except in a tweet. 00:17:53.850 --> 00:17:59.350 So, I was like, this is a crazy amount of detail that someone went to to make a real, 00:17:59.350 --> 00:18:04.410 truthful – but also exaggerated in a lot of regards – Upwork account of me. 00:18:04.410 --> 00:18:05.900 JACK: Stay with us. 00:18:05.900 --> 00:18:08.650 There’s more after the break. 00:18:08.650 --> 00:18:16.290 Okay, so, let’s recap. 00:18:16.290 --> 00:18:21.169 Someone made an Upwork profile using Connor’s resume and information, and they were using 00:18:21.169 --> 00:18:26.460 that fake profile to apply for real jobs, then getting someone else to act like Connor 00:18:26.460 --> 00:18:28.080 for the job. 00:18:28.080 --> 00:18:31.620 Then that person would sit in an interview and pretend to be Connor. 00:18:31.620 --> 00:18:38.559 Yeah, so, Upwork is a place that freelancers can go to look for jobs, anything from design 00:18:38.559 --> 00:18:41.429 to IT or legal professionals. 00:18:41.429 --> 00:18:44.690 Freelancers will make an account saying what skills they have and that they’re available 00:18:44.690 --> 00:18:47.120 to work on these projects. 00:18:47.120 --> 00:18:51.510 Either someone messages the freelancer about a job or a job gets posted on Upwork and freelancers 00:18:51.510 --> 00:18:53.340 can apply for it. 00:18:53.340 --> 00:18:59.260 Someone made an Upwork account using Connor’s details, some real, some fake, and applied 00:18:59.260 --> 00:19:03.250 for jobs, saying look how great my profile is; I want to come work for you. 00:19:03.250 --> 00:19:07.559 CONNOR: Yeah, and I think – I honestly had never really used Upwork or only slightly 00:19:07.559 --> 00:19:12.169 heard of it myself at the time, so I was also googling what is this thing, and, yeah, just 00:19:12.169 --> 00:19:19.169 as you described, it seemed like it was just an adhoc applying to a job as an individual 00:19:19.169 --> 00:19:21.100 using my fake information. 00:19:21.100 --> 00:19:26.280 So, at this point, now that I have screenshots of my fake Upwork account, including my real 00:19:26.280 --> 00:19:31.700 photo that was a recent work photo, I was like, okay, this is getting really crazy now. 00:19:31.700 --> 00:19:34.460 I thanked the interviewer for letting me sit on the call. 00:19:34.460 --> 00:19:40.140 I said, thanks for this info, and took all that info and then wrote another large e-mail 00:19:40.140 --> 00:19:43.429 to Andrew where I honestly asked him, was that you on the call? 00:19:43.429 --> 00:19:46.751 ‘Cause I really had no idea what was going on at this point, ‘cause I couldn’t really 00:19:46.751 --> 00:19:51.700 figure out how a third Connor joined the call. 00:19:51.700 --> 00:19:56.350 Andrew, after he gets back from class, actually responds and he gives me a ton of information. 00:19:56.350 --> 00:20:01.820 [MUSIC] He not only sends me every e-mail that he went back and forth with this Maris 00:20:01.820 --> 00:20:08.620 person to establish this fake employment, but he also sends me screenshots of all these 00:20:08.620 --> 00:20:16.350 Slack channels where he only joined that day as part of joining this kind of paid work. 00:20:16.350 --> 00:20:22.450 So, now I basically have Upwork screenshots, Slack screenshots, and e-mail screenshots. 00:20:22.450 --> 00:20:27.580 JACK: And as Connor looked through the information Andrew sent over, he realized that some of 00:20:27.580 --> 00:20:31.420 the people communicating to Andrew also seemed to be impersonators. 00:20:31.420 --> 00:20:36.850 Like, Maris, for instance, was a real person with a nice GitHub and stuff, but it was probably 00:20:36.850 --> 00:20:39.460 not the real Maris who was messaging Andrew. 00:20:39.460 --> 00:20:44.860 CONNOR: It’s like a neverending circle of bouncing between fake e-mails, and that’s 00:20:44.860 --> 00:20:50.870 where it gets crazy as I’m trying to follow this weirdness of – I can’t trust anything. 00:20:50.870 --> 00:20:52.010 Everyone’s fake. 00:20:52.010 --> 00:20:57.950 The person Andrew is talking to is not even Maris, because Maris is just another impersonated 00:20:57.950 --> 00:20:58.950 individual. 00:20:58.950 --> 00:21:02.500 So, I’m really losing track of who’s real or not. 00:21:02.500 --> 00:21:07.640 JACK: A lot of these trails seem to come back to the person in the Slack chat app calling 00:21:07.640 --> 00:21:09.110 themselves PND. 00:21:09.110 --> 00:21:14.150 PND is who told Andrew to impersonate Connor for the job, and he’s also telling everybody 00:21:14.150 --> 00:21:15.870 what to do in this chat room. 00:21:15.870 --> 00:21:17.289 PND might also be Maris. 00:21:17.289 --> 00:21:23.110 I don’t know, but it seems that PND has a website called PND Design, which offers 00:21:23.110 --> 00:21:28.120 coding and web design services, and this gives Connor a new thread to pull on. 00:21:28.120 --> 00:21:33.130 CONNOR: [MUSIC] PND – I find their website because they just explained it in their Slack 00:21:33.130 --> 00:21:34.600 channel, PND Design. 00:21:34.600 --> 00:21:39.120 I just start doing basic things, trying to figure out other websites PND Design built. 00:21:39.120 --> 00:21:42.150 I’m just trying to figure out who owns PND Design. 00:21:42.150 --> 00:21:44.679 I end up finding the person who owns it. 00:21:44.679 --> 00:21:47.440 I call them once or twice; no one ever picks up. 00:21:47.440 --> 00:21:49.539 I e-mail them; no one ever responds. 00:21:49.539 --> 00:21:50.860 I don’t know what to do. 00:21:50.860 --> 00:21:56.120 I just wanted to talk to someone who was associated with PND Design, and they just never respond 00:21:56.120 --> 00:21:57.309 to any of my – reaching out. 00:21:57.309 --> 00:22:01.750 I don’t remember if I put it in the blog post, but I called a lot of the numbers that 00:22:01.750 --> 00:22:07.710 were in the document that Andrew got from PND, and those numbers were these American 00:22:07.710 --> 00:22:09.580 embassies in foreign countries. 00:22:09.580 --> 00:22:10.730 I was like, this is crazy. 00:22:10.730 --> 00:22:14.920 I was like, I didn’t even mean to call these numbers, and here I am thinking it’s some 00:22:14.920 --> 00:22:18.980 official number for a business, and I’m calling embassies. 00:22:18.980 --> 00:22:21.030 It was just – it was strange. 00:22:21.030 --> 00:22:24.031 JACK: Giving a fake phone number; I love it. 00:22:24.031 --> 00:22:26.690 It reminds me of this scene from the classic movie, The Blues Brothers. 00:22:26.690 --> 00:22:28.760 JAKE: [BACKGROUND MUSIC] Those cops took your license away. 00:22:28.760 --> 00:22:31.570 They got your name, your address… 00:22:31.570 --> 00:22:34.840 ELWOOD: No, they don’t got my address. 00:22:34.840 --> 00:22:36.710 I falsified my renewal. 00:22:36.710 --> 00:22:39.049 Put down 1060 West Addison. 00:22:39.049 --> 00:22:40.919 JAKE: 1060 West Addison? 00:22:40.919 --> 00:22:42.330 That’s Wrigley Field. 00:22:42.330 --> 00:22:46.620 JACK: A good criminal will always throw people off with what looks like real information 00:22:46.620 --> 00:22:48.220 but is actually something bogus. 00:22:48.220 --> 00:22:52.190 CONNOR: Yeah, and I think at the same time, I’m trying to look at the websites that 00:22:52.190 --> 00:22:56.679 PND Design built, and they had this weird obsession about disabling right-click. 00:22:56.679 --> 00:23:00.750 It seems like such an old technique, to stop your right-click. 00:23:00.750 --> 00:23:05.600 I’m just finding all these sites, and I think they’re in the hundreds, of just all 00:23:05.600 --> 00:23:10.230 these sites – disable right-click, they had the same Google Analytics ID, and they 00:23:10.230 --> 00:23:14.580 have this weird footer where it’s like, hey, we created it, PND Design, but guess 00:23:14.580 --> 00:23:15.580 what? 00:23:15.580 --> 00:23:21.730 Our CEO’s by SEO Crunches, and our IT is by ITech Fixes, and the design was via Visible 00:23:21.730 --> 00:23:24.130 Dev, and all these companies are PND, basically. 00:23:24.130 --> 00:23:29.510 JACK: [MUSIC] That’s hilarious, a web design company boasting about how they can create 00:23:29.510 --> 00:23:32.870 great-looking websites, but they didn’t even create their own website. 00:23:32.870 --> 00:23:34.770 The footer says it was made by someone else. 00:23:34.770 --> 00:23:40.929 Connor wasn’t sure what was happening, but thought that maybe companies were hiring an 00:23:40.929 --> 00:23:45.600 individual to build their sites who then would turn the project over to PND Design to do 00:23:45.600 --> 00:23:46.600 the actual work. 00:23:46.600 --> 00:23:47.610 But he doesn’t know. 00:23:47.610 --> 00:23:51.410 It was just so frustrating to have all these puzzle pieces and have no idea what the finished 00:23:51.410 --> 00:23:52.919 picture looks like. 00:23:52.919 --> 00:23:57.740 But Connor does the only thing he can, by just start e-mailing companies who PND claimed 00:23:57.740 --> 00:23:59.000 to have worked with. 00:23:59.000 --> 00:24:00.240 He would write e-mails saying… 00:24:00.240 --> 00:24:04.450 CONNOR: Hey, this is gonna sound extremely strange, but I feel like I’m getting my 00:24:04.450 --> 00:24:08.670 identity – something impersonate – I don’t know how to explain it, but can you answer 00:24:08.670 --> 00:24:09.670 a simple question? 00:24:09.670 --> 00:24:12.640 Did a company, PND Design, build your website? 00:24:12.640 --> 00:24:14.810 I thought it was a pretty simple ask. 00:24:14.810 --> 00:24:20.510 Unfortunately, some people told me some very rough things, like to just mind my own business, 00:24:20.510 --> 00:24:25.510 ignored me, or refused to help me, except for one guy that I think after I talked – a 00:24:25.510 --> 00:24:29.950 few e-mails back and forth, understood I was a real person and then finally told me, yes, 00:24:29.950 --> 00:24:31.930 we had never worked with this company before. 00:24:31.930 --> 00:24:36.890 So, at this point I’m realizing that I don’t think I can trust a single thing that is going 00:24:36.890 --> 00:24:41.830 on in this Slack channel and this e-mail chain, and the story just continues to grow in these 00:24:41.830 --> 00:24:42.899 weird angles. 00:24:42.899 --> 00:24:45.789 JACK: Things are just so weird at this point. 00:24:45.789 --> 00:24:50.990 Was the PND person in the Slack channel actually affiliated with PND Design or were they just 00:24:50.990 --> 00:24:52.920 impersonating that company, too? 00:24:52.920 --> 00:24:57.580 So many layers of fakeness going on here and impersonations that it’s just really hard 00:24:57.580 --> 00:24:59.950 to know what’s real and who to trust here. 00:24:59.950 --> 00:25:03.320 CONNOR: So, at this point, I felt like I had done a good deal of research. 00:25:03.320 --> 00:25:09.980 I had tracked down who I thought was involved, what was going on, all thanks to Andrew leaking 00:25:09.980 --> 00:25:11.490 this information to me. 00:25:11.490 --> 00:25:17.070 I think, holy cow, I have a lot of information to finish my blog post and make a presentation. 00:25:17.070 --> 00:25:22.260 JACK: Connor has tried to reach out to so many people involved, but then realized hey, 00:25:22.260 --> 00:25:25.560 wait, why not reach out to Connor? 00:25:25.560 --> 00:25:29.480 Not the real Connor, but the fake Connor, the one who was impersonating him? 00:25:29.480 --> 00:25:32.890 So, he writes to it, why are you impersonating me? 00:25:32.890 --> 00:25:36.510 CONNOR: [MUSIC] I’m e-mailing myself, my fake e-mail. 00:25:36.510 --> 00:25:40.820 Sure enough, the e-mail account of my fake self responds and just tells me – I don’t 00:25:40.820 --> 00:25:46.130 remember exactly, but I think they said I look cute or something, which I think is the 00:25:46.130 --> 00:25:52.169 strangest thing, ‘cause I’m fuming at this point of why someone’s using my real 00:25:52.169 --> 00:25:54.830 name and everything, and they’re just joking around. 00:25:54.830 --> 00:25:58.800 Of course I add that screenshot to the blog post, and I think that’s what a lot of folks 00:25:58.800 --> 00:26:03.670 on Reddit and Twitter all liked the most, is just that random screenshot of me e-mailing 00:26:03.670 --> 00:26:04.670 myself. 00:26:04.670 --> 00:26:09.470 JACK: The full response he got back from the fake Connor was, sorry, but you have a great 00:26:09.470 --> 00:26:11.380 GitHub and you look cute. 00:26:11.380 --> 00:26:15.990 Of course, Connor’s first reaction is anger, but perhaps there’s a bit of information 00:26:15.990 --> 00:26:16.990 in there that’s helpful. 00:26:16.990 --> 00:26:20.730 CONNOR: Because then I finished that blog post, and I think that’s where the story 00:26:20.730 --> 00:26:26.860 gets even stranger, because that blog post just skyrockets to the top of Hacker News 00:26:26.860 --> 00:26:31.760 within I think an hour of me posting it, and my poor little Linode server falls over ‘cause 00:26:31.760 --> 00:26:35.960 it’s never had more than a thousand hits, and it’s getting twenty thousand at it. 00:26:35.960 --> 00:26:39.570 What I didn’t really recognize with getting to the top of Hacker News is how many people 00:26:39.570 --> 00:26:44.921 just offered to join your investigation and search. 00:26:44.921 --> 00:26:50.580 Then I had people everywhere just DMing me, messaging me, of other similar e-mails and 00:26:50.580 --> 00:26:55.029 similar Slacks and messages, but different names. 00:26:55.029 --> 00:27:01.030 I was like, this is a huge story because people are giving me personal examples where they 00:27:01.030 --> 00:27:03.100 were an interviewer. 00:27:03.100 --> 00:27:05.960 Someone was like, I jumped on a call with someone ‘cause they wanted to talk through 00:27:05.960 --> 00:27:10.640 it, and this one guy at a random company was like, we were talking to an interviewee who 00:27:10.640 --> 00:27:15.399 didn’t know anything of why he was on the call or who he was talking to. 00:27:15.399 --> 00:27:18.620 He was asking us questions of why he was there. 00:27:18.620 --> 00:27:22.190 I was thinking, that’s crazy, because that kinda rings a bell. 00:27:22.190 --> 00:27:26.140 If you don’t know anything of why you’re joining a call except given a document a couple 00:27:26.140 --> 00:27:29.760 minutes before you’re supposed to be there, I could see that happening. 00:27:29.760 --> 00:27:35.730 Then people are telling me, oh, I live kind of by where PND Design is, their headquarters. 00:27:35.730 --> 00:27:37.890 They’re like, we’ll go visit the office for you. 00:27:37.890 --> 00:27:39.279 I was like, well, thanks. 00:27:39.279 --> 00:27:41.720 [MUSIC] It starts piecing together some things. 00:27:41.720 --> 00:27:45.340 JACK: So, Connor starts learning all kinds of new things about this mystery from the 00:27:45.340 --> 00:27:47.140 help of people on the internet. 00:27:47.140 --> 00:27:50.620 It turns out there’s a story that Brian Krebs wrote a while ago which talks about 00:27:50.620 --> 00:27:52.240 faked LinkedIn profiles. 00:27:52.240 --> 00:27:58.910 CONNOR: I then get a link to Brian Krebs, of all of his investigative research. 00:27:58.910 --> 00:28:03.809 Someone links me to one of his articles where he was investigating all these fake LinkedIn 00:28:03.809 --> 00:28:06.559 profiles, of the upwards of 100,000, 200,000 of them. 00:28:06.559 --> 00:28:08.260 I’m thinking, this is insane. 00:28:08.260 --> 00:28:11.380 There’s people – all these fake profiles on LinkedIn. 00:28:11.380 --> 00:28:12.649 I know they’re on Upwork. 00:28:12.649 --> 00:28:14.940 I was like, this story is huge. 00:28:14.940 --> 00:28:19.519 I just unfortunately was one person that’s a bit more connected than, I think, of others 00:28:19.519 --> 00:28:26.330 that may have no idea they – their information was harvested to make a real-looking profile 00:28:26.330 --> 00:28:29.149 to then use to get a job from. 00:28:29.149 --> 00:28:31.269 JACK: So, this article is interesting. 00:28:31.269 --> 00:28:36.130 LinkedIn is where people go to look for jobs and network and do hiring, but there’s a 00:28:36.130 --> 00:28:40.940 huge amount of fake profiles being created every day, and these profiles are real tricky 00:28:40.940 --> 00:28:46.530 though, because they’re half-AI-generated and half-real, and they take some real information 00:28:46.530 --> 00:28:49.940 from certain LinkedIn accounts, but then change a few things on it. 00:28:49.940 --> 00:28:54.510 These fake accounts start creating connections and joining groups, and then the fake accounts 00:28:54.510 --> 00:28:59.590 start applying for jobs, real jobs, and it’s a real pain in the neck for LinkedIn to try 00:28:59.590 --> 00:29:02.460 to figure out who’s real and who’s fake on here. 00:29:02.460 --> 00:29:06.269 The comments on this article are filled with people saying how they’ve had a bunch of 00:29:06.269 --> 00:29:10.640 fake people apply for jobs at where they work, and recruiters have to do this extra step 00:29:10.640 --> 00:29:17.010 verifying people’s actual identity, which makes me think, how exactly can someone actually 00:29:17.010 --> 00:29:19.100 get a job using someone else’s name? 00:29:19.100 --> 00:29:23.820 In the US, you have to fill out tax documents and stuff that if you work there, you can’t 00:29:23.820 --> 00:29:25.630 forge this stuff. 00:29:25.630 --> 00:29:27.200 Where are the paychecks gonna be sent to? 00:29:27.200 --> 00:29:30.580 CONNOR: Yeah, it has to get crazy, because at that point you’re thinking – let’s 00:29:30.580 --> 00:29:34.690 say that it goes successfully and you end up hiring a fake me. 00:29:34.690 --> 00:29:40.140 We can tell from the Slack conversations that had Andrew successfully done this interview, 00:29:40.140 --> 00:29:44.200 he doesn’t need any technical experience at this point because they say all technical 00:29:44.200 --> 00:29:48.740 requirements should just be gathered and given back to this Slack channel, where presumably 00:29:48.740 --> 00:29:52.600 a lot of engineers are waiting to do whatever task is requested. 00:29:52.600 --> 00:29:58.760 So, then I’m thinking at this point, you are basically becoming maybe a project owner, 00:29:58.760 --> 00:30:05.390 manager, or someone to manage engineers behind you, but you’re just the front-facing, English-speaking 00:30:05.390 --> 00:30:06.390 person. 00:30:06.390 --> 00:30:12.190 I think that’s a motto in business design that happens and works everywhere. 00:30:12.190 --> 00:30:20.350 So, I’m thinking, why is this happening at a more malicious intent way of hiding that? 00:30:20.350 --> 00:30:24.320 I’m thinking, maybe this is some Upwork thing where it’s easier to hire an individual 00:30:24.320 --> 00:30:29.700 that’s maybe masquerading as a company behind it, and I’m getting confused ‘cause I’m 00:30:29.700 --> 00:30:31.399 thinking, how are you getting paid? 00:30:31.399 --> 00:30:38.330 What is the legal, what social numbers – social security numbers are getting used? 00:30:38.330 --> 00:30:40.210 This is just employment at the end of the day. 00:30:40.210 --> 00:30:43.250 I don’t think you can hide it or pay by Bitcoin forever. 00:30:43.250 --> 00:30:46.159 There has to be something or some real names come out. 00:30:46.159 --> 00:30:49.730 Then when I’m – this blog post is out there and more and more people are reporting 00:30:49.730 --> 00:30:54.049 this, I’m thinking, this must be working because so many people are telling me that 00:30:54.049 --> 00:30:58.909 they’re finding cold e-mails to them to be part of it, or it’s happened to them 00:30:58.909 --> 00:31:02.919 or they’ve interviewed people they suggest – guessed it happened to. 00:31:02.919 --> 00:31:05.910 JACK: [MUSIC] There was a time where I was trying to find someone on one of these freelance 00:31:05.910 --> 00:31:10.690 websites to make a video game for me, and they claimed to be American with great coding 00:31:10.690 --> 00:31:11.690 skills. 00:31:11.690 --> 00:31:14.909 But then when I asked for a phone call, the story quickly changed to be a person from 00:31:14.909 --> 00:31:19.679 India, and it was also not a single person but a whole team of people ready to work on 00:31:19.679 --> 00:31:20.679 my project. 00:31:20.679 --> 00:31:26.070 So, what Connor said may be what’s going on here; get Andrew to be the token American 00:31:26.070 --> 00:31:31.590 English-speaker, and then they can advertise themselves as American-based to ask for a 00:31:31.590 --> 00:31:32.590 higher rate. 00:31:32.590 --> 00:31:37.320 CONNOR: Sometimes people are hesitant to join with another company or work with them versus 00:31:37.320 --> 00:31:41.090 doing a quick contract job with a single individual. 00:31:41.090 --> 00:31:46.990 But what if you’re working with a single individual who’s hiding behind a company 00:31:46.990 --> 00:31:48.539 without your knowledge? 00:31:48.539 --> 00:31:54.460 I think that is maybe what’s an attraction on Upwork, is you get these individuals, even 00:31:54.460 --> 00:32:00.460 fake me profiles, that come in at really low offers of working and say, I’m a single 00:32:00.460 --> 00:32:01.460 individual. 00:32:01.460 --> 00:32:03.929 I can do all these tasks with a really great resume. 00:32:03.929 --> 00:32:08.610 But little do you know, if you hire that individual, that you might have an entire dev team behind 00:32:08.610 --> 00:32:12.080 you that you just never meet, know, or interact with. 00:32:12.080 --> 00:32:14.640 I think that’s my current running theory. 00:32:14.640 --> 00:32:20.590 JACK: Okay, but back to the e-mail the fake Connor sent the real Connor. 00:32:20.590 --> 00:32:23.650 It said, you have a great GitHub and you look cute. 00:32:23.650 --> 00:32:26.770 Okay, let’s put aside that ‘look cute’ part. 00:32:26.770 --> 00:32:30.169 The ‘great GitHub’ is the curious point for me. 00:32:30.169 --> 00:32:36.100 Like I said, Connor has contributed code 51,000 times to GitHub in the last twelve years. 00:32:36.100 --> 00:32:40.350 That, I think, is what is great about it, that alone. 00:32:40.350 --> 00:32:46.210 What I mean is, you can’t go back in time on GitHub and post code. 00:32:46.210 --> 00:32:50.679 That is, you can’t create an account that looks like the person has been there for twelve 00:32:50.679 --> 00:32:55.710 years and has all this coding experience unless you’re spending twelve years posting code 00:32:55.710 --> 00:32:56.710 on GitHub. 00:32:56.710 --> 00:33:02.230 So, the fact that Connor has been posting code there for twelve years does, in fact, 00:33:02.230 --> 00:33:07.580 make him look like a well-established veteran coder who knows his stuff, and that goes a 00:33:07.580 --> 00:33:09.510 long way with job recruiters. 00:33:09.510 --> 00:33:12.889 CONNOR: [MUSIC] I think, probably, on GitHub, it’s probably definitely harder to make 00:33:12.889 --> 00:33:16.399 fake ones ‘cause you can just look back, I think, on my profile, and see a couple of 00:33:16.399 --> 00:33:19.630 ten, fifteen years of commit history. 00:33:19.630 --> 00:33:23.090 I think definitely copying and pasting those, even if you took all the repos, you’re gonna 00:33:23.090 --> 00:33:27.720 have a pretty empty historic graph. 00:33:27.720 --> 00:33:31.789 Maybe that’s exactly why people just – it’s easier just to claim one as yours and talk 00:33:31.789 --> 00:33:32.830 about it. 00:33:32.830 --> 00:33:35.190 JACK: Yes, I think so, too. 00:33:35.190 --> 00:33:36.870 That’s something you can’t fake easily. 00:33:36.870 --> 00:33:41.559 A long-standing reputation of pushing code to GitHub is attractive to employers. 00:33:41.559 --> 00:33:45.980 So, that is exactly why I think Connor got his identity stolen. 00:33:45.980 --> 00:33:52.149 Someone, I don’t know, PND, Maris, saw Connor’s GitHub and liked it, and that’s why they 00:33:52.149 --> 00:33:53.890 took his identity. 00:33:53.890 --> 00:33:58.211 After Connor posted this blog post, he gave a talk at a conference in Tampa, and someone 00:33:58.211 --> 00:34:02.570 who read his blog post came up to him after the talk and told him another crazy story. 00:34:02.570 --> 00:34:03.570 He said… 00:34:03.570 --> 00:34:07.899 CONNOR: To be honest, I’ve had two jobs and I’m working two remotely, and the other 00:34:07.899 --> 00:34:09.240 companies don’t know. 00:34:09.240 --> 00:34:13.900 He had invested in all these switchers to jiggle a mouse and use two computers. 00:34:13.900 --> 00:34:17.500 [MUSIC] This guy’s saying, I don’t think I’m doing anything wrong. 00:34:17.500 --> 00:34:20.550 I’m just working two jobs at once, and neither of the companies know. 00:34:20.550 --> 00:34:25.460 I think, holy cow, this guy’s just dumping knowledge out to me. 00:34:25.460 --> 00:34:29.070 I was thinking, is this – this whole employment remote is crazy. 00:34:29.070 --> 00:34:31.419 JACK: I stumbled upon this same stuff, too. 00:34:31.419 --> 00:34:37.020 I recently found this subreddit called r/overemployed, and it’s all about people who are gaming 00:34:37.020 --> 00:34:41.950 the whole work-from-home thing, having two full-time jobs at the same time. 00:34:41.950 --> 00:34:45.679 That is, they go to work from 9 to 5, but are working at two different places at the 00:34:45.679 --> 00:34:49.850 same time, and neither company knows they’re actually spending half the time at some other 00:34:49.850 --> 00:34:50.850 company. 00:34:50.850 --> 00:34:56.310 Yeah, there’s articles on this r/overemployed subreddit that tell you things like how to 00:34:56.310 --> 00:35:00.730 look productive when you’re not at your keyboard and stuff, like having mouse-jigglers 00:35:00.730 --> 00:35:05.140 move your mouse around for you, or how to automate some of the tasks to look productive. 00:35:05.140 --> 00:35:09.300 They also have listings of which companies are over-employed-friendly. 00:35:09.300 --> 00:35:14.210 One of the top posts there is someone saying they now work five jobs, bringing in a total 00:35:14.210 --> 00:35:17.660 of $1.2 million a year, and here’s how I did it. 00:35:17.660 --> 00:35:18.660 Ask me anything. 00:35:18.660 --> 00:35:22.060 While that’s crazy, this gives me all kinds of business ideas. 00:35:22.060 --> 00:35:27.300 Like, let’s say I get a job working remotely somewhere, but then outsource my job to someone 00:35:27.300 --> 00:35:29.260 else who wants to do it for half the pay. 00:35:29.260 --> 00:35:33.619 Yeah, if I could do that, then why not get another job and outsource that to someone 00:35:33.619 --> 00:35:34.630 else? 00:35:34.630 --> 00:35:38.230 Now I’ve got all these jobs that I’m doing work for, but I’m actually not doing the 00:35:38.230 --> 00:35:40.450 work for; someone else is doing it for me. 00:35:40.450 --> 00:35:46.010 I mean, that is clearly unethical, but I guarantee with the wave of working-from-home jobs out 00:35:46.010 --> 00:35:47.740 there that it’s happening. 00:35:47.740 --> 00:35:50.020 Oh, and let’s not forget what happened to John Wu. 00:35:50.020 --> 00:35:55.160 I talked with him on Episode 119, and he thinks that someone from North Korea tried applying 00:35:55.160 --> 00:35:59.730 for a job where he works who could very well have been trying to get a job there just to 00:35:59.730 --> 00:36:01.680 steal the cryptocurrency from their company. 00:36:01.680 --> 00:36:03.750 CONNOR: Yeah, that’s a crazy one, too. 00:36:03.750 --> 00:36:08.160 I think one person tweeted me that one, of maybe it’s just a state-sponsored unlimited 00:36:08.160 --> 00:36:14.280 budget; just see how many companies you can join and then extract information. 00:36:14.280 --> 00:36:21.920 JACK: So, did you ever get to speak with PND or Maris or whoever and say, dude, what is 00:36:21.920 --> 00:36:22.920 going on here? 00:36:22.920 --> 00:36:24.250 CONNOR: No, unfortunately neither. 00:36:24.250 --> 00:36:29.540 I had sent many e-mails to Maris, the real Maris e-mail, and never got a response. 00:36:29.540 --> 00:36:32.480 I just gave up calling leaving voicemails with PND. 00:36:32.480 --> 00:36:35.240 I sent LinkedIn messages, I sent more. 00:36:35.240 --> 00:36:39.490 I kind of even worded things as I just want to have a good conversation. 00:36:39.490 --> 00:36:41.170 But just no response. 00:36:41.170 --> 00:36:45.200 JACK: [MUSIC] Is that where we are today? 00:36:45.200 --> 00:36:46.200 CONNOR: Yeah. 00:36:46.200 --> 00:36:51.450 Today, I think where I am now, is I continue to just research things people give me and 00:36:51.450 --> 00:36:56.120 go through this entirely large list of, I’d say, roughly a hundred websites. 00:36:56.120 --> 00:37:01.640 I’m continuing to reach out and find contact information for all of them to see if anyone 00:37:01.640 --> 00:37:06.410 is willing to talk to me on who built their website, how was the interaction, and all 00:37:06.410 --> 00:37:12.819 the communication between them and the company to figure out if I can find any more information 00:37:12.819 --> 00:37:14.560 besides what I continue to find. 00:37:14.560 --> 00:37:21.180 It’s just fake e-mails, generic documents, and any lack of true, real information. 00:37:21.180 --> 00:37:26.580 ‘Cause I think someone paid someone at some point, and some real, real info. 00:37:26.580 --> 00:37:31.560 JACK: What a weird time it’s becoming, isn’t it? 00:37:31.560 --> 00:37:36.359 This is just the modern world that we’re in now, where working from home is more popular 00:37:36.359 --> 00:37:39.870 than ever, and it seems to be ushering a whole new set of scams. 00:37:39.870 --> 00:37:41.650 Or are they even scams? 00:37:41.650 --> 00:37:46.079 I guess if you’re misrepresenting yourself, then it is a scam, even if you’re not trying 00:37:46.079 --> 00:37:48.650 to trick someone to give you money for nothing. 00:37:48.650 --> 00:37:52.079 Just lying to score a contract seems scammy to me. 00:37:52.079 --> 00:37:56.119 I think if you’re hiring today, you should be very cautious of the people who are applying 00:37:56.119 --> 00:37:59.050 for your position, because they might not be real. 00:37:59.050 --> 00:38:03.330 If they are claiming to be someone, maybe double-check with the person that they’re 00:38:03.330 --> 00:38:06.369 claiming to be by reaching out to them separately. 00:38:06.369 --> 00:38:12.760 Just be safe out there as our world keeps evolving and becomes more tricky to navigate. 00:38:12.760 --> 00:38:24.600 (OUTRO): [OUTRO MUSIC] A big thank-you to the real Connor Tumbleson for coming on the 00:38:24.600 --> 00:38:26.580 show and telling us his crazy story. 00:38:26.580 --> 00:38:30.240 You could see what he’s blogging about over at connortumbleson.com. 00:38:30.240 --> 00:38:35.230 Don’t forget, on the website darknetdiaries.com is a link to all the articles mentioned in 00:38:35.230 --> 00:38:39.430 these episodes, as well as full transcripts of every episode. 00:38:39.430 --> 00:38:42.589 This show is made by me, the cyber samurai, Jack Rhysider. 00:38:42.589 --> 00:38:46.609 This episode was written and produced and edited by the cheerful Tristan Ledger. 00:38:46.609 --> 00:38:50.260 Sound design was done by Garrett Tiedemann, mixing by Proximity Sound, and our theme music 00:38:50.260 --> 00:38:52.760 is by the mysterious Breakmaster Cylinder. 00:38:52.760 --> 00:38:56.530 I was once asked in an interview if I’m any good at Microsoft Office. 00:38:56.530 --> 00:38:59.760 I told them, I excel at it. 00:38:59.760 --> 00:39:02.920 The interviewer asked me, was that an Office pun? 00:39:02.920 --> 00:39:05.530 I said, Word! 00:39:05.530 --> 00:39:10.279 This is Darknet Diaries.