WEBVTT 00:00:00.000 --> 00:00:02.520 JACK: Was this after you went to prison? 00:00:02.520 --> 00:00:04.340 DEFAULT: What was after when I went to prison? 00:00:04.340 --> 00:00:06.920 JACK: You had a million dollars in crypto? 00:00:06.920 --> 00:00:08.720 DEFAULT: No, that was before. 00:00:08.720 --> 00:00:11.080 JACK: Okay. Well, I want to get into all that. 00:00:11.080 --> 00:00:13.180 DEFAULT: Yeah. It’s honestly a lot. 00:00:13.180 --> 00:00:18.988 JACK: Okay, well, this is good. I’m glad that your story is strange — well, it’s — for a movie. 00:00:18.988 --> 00:00:24.360 DEFAULT: It is very long and strange, and honestly, for me, I lived it and told it 00:00:24.360 --> 00:00:32.800 so many times, that it’s so normalized, that I’m just like, yeah, I did this and that and I went to 00:00:32.800 --> 00:00:38.660 federal prison for five years. They’re like, holy shit. I’m like, yeah, I know. It’s crazy, right? 00:00:38.660 --> 00:00:39.480 JACK: Okay. 00:00:39.480 --> 00:00:40.040 DEFAULT: It’s… 00:00:40.040 --> 00:00:41.540 JACK: Well, then, I’m excited… 00:00:41.540 --> 00:00:42.560 DEFAULT: There’s a lot to cover. 00:00:42.560 --> 00:00:44.468 JACK: Yeah, I’m excited to do it. I want… 00:00:44.468 --> 00:00:46.840 DEFAULT: Do you want to start all the way — like, 00:00:46.840 --> 00:00:52.040 even give me any kind of reference for how you want to go about this. 00:00:52.040 --> 00:00:58.400 JACK: So, I just want to get a verbal confirmation for, I don’t know, legal reasons or whatever. 00:00:58.400 --> 00:01:02.760 Is it okay to record this call to use on the podcast Darknet Diaries? Is that okay with you? 00:01:02.760 --> 00:01:08.977 DEFAULT: Yeah, of course. 00:01:08.977 --> 00:01:11.320 (INTRO): [INTRO MUSIC] These are true stories from the dark side of 00:01:11.320 --> 00:01:33.100 the internet. I’m Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS] 00:01:33.100 --> 00:01:39.560 JACK: Explicit content warning; this episode has 00:01:39.560 --> 00:01:46.120 some language in it that might not be suitable for all audiences. Okay, 00:01:46.120 --> 00:01:52.840 hi. Welcome to the show. I want you to meet a fella named — well, let’s just call him Default. 00:01:52.840 --> 00:01:57.320 DEFAULT: As a teenager I was in Newport News, Virginia, 00:01:57.320 --> 00:02:01.200 with my dad. He worked for the government, so… 00:02:01.200 --> 00:02:05.000 JACK: So, as a teenager, what was your relationship with the government? Were 00:02:05.000 --> 00:02:09.080 you politically active? Was your dad politically active? 00:02:09.080 --> 00:02:13.280 DEFAULT: No, not whatsoever. I didn’t pay attention to that kind of stuff 00:02:13.280 --> 00:02:19.000 when I was younger. I was just a nerd, you know? I liked to play video games, 00:02:19.000 --> 00:02:24.440 was very active in sports. Very active in sports, actually; I used to play four soccer 00:02:24.440 --> 00:02:33.920 teams year-round and was big into competitive video games like Halo, Call of Duty, even Super 00:02:33.920 --> 00:02:42.760 Smash Bros. Eventually if you’re into gaming, you stumble down the rabbit hole of finding hacks 00:02:42.760 --> 00:02:53.146 to increase your experience in the game, whether it’s modding or J-tagging or whatever it may be. 00:02:53.146 --> 00:02:57.720 JACK: [MUSIC] So, as a teen he was playing RuneScape, and one day he got into an argument 00:02:57.720 --> 00:03:03.120 with someone in the game who threatened to hack him. Suddenly, his computer went to a 00:03:03.120 --> 00:03:09.040 blue screen and wouldn’t boot up after that. That’s what got him interested in hacking. 00:03:09.040 --> 00:03:14.520 DEFAULT: Since as far back as I can remember, I’ve always had a very inquisitive mindset, 00:03:14.520 --> 00:03:19.280 like extremely. I always questioned everything, and not just questioned everything; 00:03:19.280 --> 00:03:25.780 I wanted to know how things work. I’m like, why does this happen? How does this happen? 00:03:25.780 --> 00:03:31.320 JACK: This led him to understand that you can get computers to do things that you shouldn’t 00:03:31.320 --> 00:03:36.960 be allowed to do. He got curious and wanted to learn more about how they work. Then one day, 00:03:36.960 --> 00:03:44.160 his mom grounded him; banned from the internet for a week. Well, curious little Default tried 00:03:44.160 --> 00:03:49.720 to crack his neighbor’s WiFi, and sure enough, was able to do it, and he got back online. 00:03:49.720 --> 00:03:56.800 DEFAULT: That was — it opened my eyes to the possibilities that I’m not even 00:03:56.800 --> 00:04:01.200 aware of. I’m like, I want to know more about this. [MUSIC] My mom just 00:04:01.200 --> 00:04:05.880 took away my internet. I just downloaded this program, hacked my neighbor’s WiFi, 00:04:05.880 --> 00:04:15.200 and I’m back online within ten minutes. To me, that was so powerful. I took the power 00:04:15.200 --> 00:04:23.580 back from my parents or whatever. So, I started delving deep into this stuff. 00:04:23.580 --> 00:04:33.120 JACK: An AltaVista search about hacking might have led you to a message board, and the message board 00:04:33.120 --> 00:04:39.600 would have introduced you to hacker tools, and those tools might be made by a certain group of 00:04:39.600 --> 00:04:48.200 people, and those groups would be present on IRC, a chatroom. Getting in the chatroom might not be 00:04:48.200 --> 00:04:54.760 so easy, though. It might be invite-only. So, you gotta message the channel operators to ask 00:04:54.760 --> 00:05:02.440 permission to join, but they’ll deny you because they don’t know you. But you notice the person who 00:05:02.440 --> 00:05:10.000 denied you to get in is also in another chatroom, so you join that one to see what’s going on there, 00:05:10.000 --> 00:05:21.560 and you eventually find your way into some hacker chatrooms. Now, the year was 2008, and being on 00:05:21.560 --> 00:05:32.240 IRC and in hacker chatrooms in 2008 was a very, very special time and place to be. Those who were 00:05:32.240 --> 00:05:38.680 there will never forget those years. In fact, the whole world will never forget what happened 00:05:38.680 --> 00:05:48.760 then. This was the hay day of Anonymous, and Default found his way right into the heart of it. 00:05:48.760 --> 00:05:52.960 DEFAULT: Even when I look back now at quote, unquote, Anonymous, 00:05:52.960 --> 00:05:58.360 I still cringe, but I still feel like it was necessary. It was a necessary 00:05:58.360 --> 00:06:05.360 stepping stone in the hacking collective, conclave, whatever, 00:06:05.360 --> 00:06:13.560 to get to where we’re at today. It was necessary. It was people congregating 00:06:13.560 --> 00:06:23.266 for similar belief systems and standing up for something. It had its place and time. 00:06:23.266 --> 00:06:28.400 JACK: [MUSIC] The Anonymous chatroom was a hot mess, the biggest disaster of a chatroom you’ve 00:06:28.400 --> 00:06:35.000 ever seen. Whatever you can imagine is the most awful picture ever, double that and then spam it 00:06:35.000 --> 00:06:41.600 to the chatroom. That’s what was going on there; gore, brutality, pornography, vile and disgusting 00:06:41.600 --> 00:06:46.520 imagery. It was kind of a hazing experience that you had to get through in order to find your way 00:06:46.520 --> 00:06:52.040 deeper into Anonymous. Sometimes, new people would be asked to eat a stick of butter or a 00:06:52.040 --> 00:06:59.440 tube of toothpaste on camera to prove yourself. Because here’s the thing; cops, feds, journalists, 00:06:59.440 --> 00:07:04.720 security researchers, and normies would show up in these chatrooms, and if they pop in to see what’s 00:07:04.720 --> 00:07:11.440 going on and it’s just full of gory imagery, a lot of them can’t handle it. They might vomit, even, 00:07:11.440 --> 00:07:17.560 and then just nope right out of there. Spamming the most graphic and awful pictures was like a 00:07:17.560 --> 00:07:24.440 firewall of some kind, but if you could tolerate it, building calluses on your eyes and start 00:07:24.440 --> 00:07:30.240 talking with people through the noise, you might be welcomed deeper into the pockets of Anonymous. 00:07:30.240 --> 00:07:33.240 DEFAULT: It was a double-edged sword. Yeah, we’re all anonymous, 00:07:33.240 --> 00:07:38.680 but so are the feds that are infiltrating it that you don’t know about. So, 00:07:38.680 --> 00:07:46.520 that’s why all of the really elite programmers and hackers spawned off into their own little 00:07:46.520 --> 00:07:55.360 small groups where they can vet the members and make sure that they’re not feds. Like, oh, well, 00:07:55.360 --> 00:08:01.040 go hack this website and basically commit a crime to prove to me that you’re not a fed, 00:08:01.040 --> 00:08:04.700 whereas Anonymous is just like, you don’t know who’s in here. 00:08:04.700 --> 00:08:09.880 JACK: This made the edges of Anonymous even more fuzzy. New groups were forming out of it and 00:08:09.880 --> 00:08:15.640 they had their own ideas and agendas, and they’d look back at the Anonymous chatrooms and think, 00:08:15.640 --> 00:08:20.200 those cats are cringe. We don’t want to be affiliated with that stupid stuff. We’re our 00:08:20.200 --> 00:08:25.000 own group, and IRC hacking groups would come out of Anonymous. Some were loosely 00:08:25.000 --> 00:08:29.520 affiliated. Some were even anti-Anonymous themselves. There was infighting, too, 00:08:29.520 --> 00:08:34.760 doxxing people from other Anonymous groups and other hacking groups. It was a real mess. 00:08:34.760 --> 00:08:39.560 Some other groups that were springing up in that time coming out of Anonymous were like, LulzSec, 00:08:39.560 --> 00:08:46.600 Team Poison, UGNazi, HTP, and some people in these groups were getting arrested and then working with 00:08:46.600 --> 00:08:51.960 the feds to catch other hackers. [MUSIC] Things weren’t safe. You always had to be looking over 00:08:51.960 --> 00:08:56.148 your shoulders in these chatrooms. You just didn’t know who to trust in there. 00:08:56.148 --> 00:09:03.400 DEFAULT: It became very obvious; we need to move more underground and be a lot more selective with 00:09:03.400 --> 00:09:11.320 the individuals that we’re interacting with on a daily basis. So, I moved on to basically my — 00:09:11.320 --> 00:09:18.640 doing stuff myself and kind of becoming associates with other hacking groups. I started learning from 00:09:18.640 --> 00:09:26.260 Team Poison, MLT — I actually knew Trick, too. I don’t know if you’re aware of who Trick was. 00:09:26.260 --> 00:09:30.200 JACK: Yeah, in fact, I do know who Trick was very well. I did a whole episode about 00:09:30.200 --> 00:09:36.080 him called Team Poison. That’s Episode 109. But this scene was so hard to navigate to know who 00:09:36.080 --> 00:09:41.120 to trust. It almost became a thing that if you were hacking into stuff, breaking laws, 00:09:41.120 --> 00:09:46.280 then you were trusted. You must not be a fed if you’re able to break the law. Everyone else; 00:09:46.280 --> 00:09:52.720 keep them at arm’s length. Now, the thing is, at this little time and place in the world, 00:09:52.720 --> 00:09:58.240 hacks were happening everywhere you looked, some from Anonymous, some from Anonymous-adjacent, 00:09:58.240 --> 00:10:04.280 some from crews that were anti-Anonymous. But what was their motivation? Some were politically 00:10:04.280 --> 00:10:09.840 motivated. Some wanted to get revenge. Some wanted to amplify a cause or an idea, and if you deface 00:10:09.840 --> 00:10:14.040 a big website and write with big letters on the front page something about your cause, it 00:10:14.040 --> 00:10:20.340 brings more awareness to it. Default was hacking into stuff, too, but what was his motivation? 00:10:20.340 --> 00:10:26.720 DEFAULT: So, I didn’t really develop any kind of altruistic ideology for a little while. It was 00:10:26.720 --> 00:10:32.680 more just all curiosity-based and learning. I was obsessed with learning more and more, 00:10:32.680 --> 00:10:40.120 as much as I could, because I thought it was so intriguing. If I could shell this website, 00:10:40.120 --> 00:10:47.160 then if I can root it, and then if I can get access to all the other subdomains — it was 00:10:47.160 --> 00:10:54.060 really just a bunch of challenges. So, I always was just pushing myself to learn new things. 00:10:54.060 --> 00:11:00.720 JACK: Okay, I see; he’s interested in learning and his crime is curiosity. It 00:11:00.720 --> 00:11:05.629 reminds me of that scene from the movie Hackers, which came out in 1995. Listen. 00:11:05.629 --> 00:11:11.560 AGENT BOB: This is our world now, the world of the electron and the switch, the beauty of the 00:11:11.560 --> 00:11:19.880 baud. We exist without nationality, skin color, or religious bias. You wage wars, murder, cheat, 00:11:19.880 --> 00:11:24.960 lie to us and try to make us believe it’s for own own good, yet we’re the criminals. Yes, 00:11:24.960 --> 00:11:31.360 I am a criminal. My crime is that of curiosity. I am a hacker and this is 00:11:31.360 --> 00:11:40.380 my manifesto. Huh? Right? Manifesto? You may stop me, but you can’t stop us all. 00:11:40.380 --> 00:11:43.680 JACK: Now, even though that’s a scene from the ninetie’s movie Hackers, 00:11:43.680 --> 00:11:49.000 that manifesto was actually written in 1986, a full twenty years before Anonymous would start 00:11:49.000 --> 00:11:57.783 making a name for itself. Yet, it feels like that’s absolutely something Anonymous would say. 00:11:57.783 --> 00:12:04.160 DEFAULT: [MUSIC] So, I joined into a group called AnonGhost, which — there were some really 00:12:04.160 --> 00:12:12.240 competent people in there, but as time progressed, their leaders started becoming radicalized members 00:12:12.240 --> 00:12:19.600 supporting ISIS, so I had to diverge away from them. Then I joined a group called AnonSec, 00:12:19.600 --> 00:12:25.200 which people — I hated the name and wanted to change it because it got associated with 00:12:25.200 --> 00:12:33.320 Anonymous so much, and I had a disdain for Anonymous at that time, heavily, because 00:12:33.320 --> 00:12:40.960 that’s not where the most technologically advanced hackers were at. None of them are in Anonymous, 00:12:40.960 --> 00:12:48.120 and that really bothered me that some of our hacks got attributed to Anonymous. I 00:12:48.120 --> 00:12:55.200 eventually ended up taking over the group, but that’s — I think that’s where I started 00:12:55.200 --> 00:13:03.640 to get more politically motivated. Then we did a whole bunch of different operations. I think one 00:13:03.640 --> 00:13:13.240 of — our first one was Operation Detroit, where they were having — really similar to the Flint, 00:13:13.240 --> 00:13:19.720 Michigan issue with the water, but it had more to do with the corruption and the government there 00:13:19.720 --> 00:13:26.030 and the fact that they have a really messed up system for how their water is distributed. 00:13:26.030 --> 00:13:31.680 JACK: Okay, so, this was a big deal. Default and the crew he was in wanted to take out 00:13:31.680 --> 00:13:37.400 Detroit’s water payment system. Someone in the channel suggested they hit the site with LOIC, 00:13:37.400 --> 00:13:42.800 the Low Orbit Ion Cannon. This is a basic tool; you just point and shoot it, but it floods the 00:13:42.800 --> 00:13:48.080 target IP with loads of traffic, overwhelming it so it can’t handle legitimate customers. 00:13:48.080 --> 00:13:52.280 Sometimes it’ll even drop dead from the flood of connections. But then someone else is like, nah, 00:13:52.280 --> 00:13:57.800 screw LOIC. That’s lame and it isn’t safe. Let’s use Tor’s Hammer. So, someone started passing 00:13:57.800 --> 00:14:02.840 Tor’s Hammer around the chat, and this also floods the target with a whole bunch of traffic, 00:14:02.840 --> 00:14:07.600 but it uses Tor to route all the traffic through it, hiding where the attack is coming from. So, 00:14:07.600 --> 00:14:13.280 the members all fired this up and together launched an attack on Detroit’s water 00:14:13.280 --> 00:14:20.560 payment system, and immediately it went offline. No one could pay their water bill. 00:14:20.560 --> 00:14:28.120 DEFAULT: So, that was our first segue into politically-motivated stuff, because it pissed 00:14:28.120 --> 00:14:33.280 me off and it was like, I can — we can actually do something about this. It’s like, okay, well, now 00:14:33.280 --> 00:14:42.040 nobody’s gonna pay you, so you’re not getting any payments. So, what are you gonna do now? Honestly, 00:14:42.040 --> 00:14:49.480 we kept their — that part of their web server down for like, I think two months. So, I’m not 00:14:49.480 --> 00:14:56.400 really sure the equivalent of financial loss that they had for that, but it was significant 00:14:56.400 --> 00:15:02.280 enough for them to make announcements and changes and launch investigations into who 00:15:02.280 --> 00:15:09.780 was doing this. [MUSIC] Actually, one of the members of our group got arrested for this. 00:15:09.780 --> 00:15:18.120 JACK: There’s something empowering about pulling off something like this. You feel like the world 00:15:18.120 --> 00:15:28.600 bends to you and your whims. There’s a shift in control, and that control can become intoxicating. 00:15:28.600 --> 00:15:35.000 DEFAULT: It was kind of like, us sitting around in our IRC chatrooms and being like, 00:15:35.000 --> 00:15:42.040 well, what pisses you off or what do you hate? I remember somebody being like, 00:15:42.040 --> 00:15:47.320 I can’t stand pedophiles. I think they’re the scum of the Earth. I was like, yeah, 00:15:47.320 --> 00:15:51.320 I think any — I think everyone can agree with that. I think everyone can get on board with this. 00:15:51.320 --> 00:15:56.240 JACK: Hm, pedophiles have been sort of hated universally within Anonymous. In 00:15:56.240 --> 00:16:03.120 these chatrooms where anything was allowed and free speech rules, pedophilia was not allowed, 00:16:03.120 --> 00:16:09.080 which I’ve always been fascinated by that. That’s the common denominator that everyone agreed on? It 00:16:09.080 --> 00:16:13.800 didn’t matter what group you were in or political affiliation or cause that was important to you; 00:16:13.800 --> 00:16:20.240 pedophilia was wrong to everyone. Which, you might think, yeah, duh, of course that’s wrong. 00:16:20.240 --> 00:16:28.080 Draw that line. [MUSIC] But why there? Why not ban pictures of murdered people or pictures of people 00:16:28.080 --> 00:16:34.360 having sex with animals or pictures of torture? All that was approved. Hell, there was a video of 00:16:34.360 --> 00:16:39.400 two girls eating poo, which was a real big hit in these channels. Like, nothing you could possibly 00:16:39.400 --> 00:16:47.400 present to this crowd shocked them or made them care, except pedophilia. That was going too far. 00:16:47.400 --> 00:16:51.960 So, imagine, if you will, being a teenager, having these hacking skills, looking around for something 00:16:51.960 --> 00:16:57.200 to use it on, and seeing that everyone hated pedophiles. All the hackers on all the channels, 00:16:57.200 --> 00:17:02.360 the cops, even, the normies — there was even a TV show called Catch A Predator where they’d set up 00:17:02.360 --> 00:17:08.160 sting operations for pedophiles. It felt like if this was who you wanted to try to hack into 00:17:08.160 --> 00:17:14.680 or mess with, the universe was on your side. It felt like what you were doing was right in every 00:17:14.680 --> 00:17:22.440 way. It was helping the world, and nobody would say you’re wrong. Yet, at the same time, hacking 00:17:22.440 --> 00:17:30.920 feels so counter-culture and rebellious. This is a powerful cocktail to be mixing up as a teenager. 00:17:30.920 --> 00:17:38.280 DEFAULT: You can go into the forums where they don’t post and they just — it’s all text, 00:17:38.280 --> 00:17:46.320 and you find out, oh, where they’re messaging people, whether it’s on, 00:17:46.320 --> 00:17:51.680 I don’t know, AOL or whatever it may be. Then you get their handles, 00:17:51.680 --> 00:18:00.080 and then you go create alt accounts and then interact with them. Kind of set them up, 00:18:00.080 --> 00:18:09.080 basically. Then you send them a file. Like, hey, oh yeah, I would love to hang out, yadda, yadda, 00:18:09.080 --> 00:18:15.400 yadda. They’re all excited. Then you’re like, here’s a picture of me or here’s a video of me, 00:18:15.400 --> 00:18:23.040 and you put some malware in it. It could be very simplistic; just — I just need a port, 00:18:23.040 --> 00:18:29.000 I just need a back connection into this guy’s computer, and then just download everything 00:18:29.000 --> 00:18:36.560 that he has and get all of his location data and pretty much dox the guy, and then just send it to 00:18:36.560 --> 00:18:45.720 his local authorities. We would check up on these people, and a lot of them would get arrested. It 00:18:45.720 --> 00:18:52.160 felt good, you know? You’re making a change in the world. You’re making the world a better place. 00:18:52.160 --> 00:18:59.700 People preying on children is just — it’s one of the worst things that somebody could ever do. 00:18:59.700 --> 00:19:04.440 JACK: Getting pedophiles arrested meant getting respect among the hacker groups, 00:19:04.440 --> 00:19:09.360 which meant getting more members. Things were progressing for them, and their hacks got bigger. 00:19:09.360 --> 00:19:14.040 DEFAULT: This is one of the ones that I think I’m the most proud of, I could say, 00:19:14.040 --> 00:19:22.760 was Operation Denmark. [MUSIC] So, bestiality was not banned in Denmark, 00:19:22.760 --> 00:19:29.920 okay? That’s generally banned everywhere. So, I guess a lot of sickos were taking advantage of 00:19:29.920 --> 00:19:38.080 this lack of laws against bestiality there. There was literally dens and private places 00:19:38.080 --> 00:19:44.800 you could go — and people’s animals were going missing and they were ending up in these — they 00:19:44.800 --> 00:19:54.640 called them dog brothels. It’s so sick. It’s so crazy. I had a dog, so that really pissed me off 00:19:54.640 --> 00:20:00.080 just thinking about the fact — like, well, what if — being — trying to be objective and 00:20:00.080 --> 00:20:07.360 be like, well, what if someone took my dog and that happened to my dog? I would freak out. So, 00:20:07.360 --> 00:20:17.880 we — I think we took down the official Denmark government website and then we actually defaced 00:20:17.880 --> 00:20:27.440 it and said, did you know that your government allows bestiality and there’s bestiality dens 00:20:27.440 --> 00:20:35.480 where people can go and pay money to do these things to animals, and most of them are people’s 00:20:35.480 --> 00:20:41.200 pets? A lot of people weren’t even aware. The average person was not aware of that because 00:20:41.200 --> 00:20:49.280 they’re just going about their lives. So, everyone freaked out and it was like, all over the news. 00:20:49.280 --> 00:20:58.120 JACK: Geez, mate. You got me fact-checking the weirdest stuff in this episode. So, 00:20:58.120 --> 00:21:03.560 he’s right; in 2014, it was legal in Denmark to have sex with animals, 00:21:03.560 --> 00:21:08.480 and there was some weird-ass animal sex tourism going on over there. Because a year earlier, 00:21:08.480 --> 00:21:13.400 Sweden and Germany banned sex with animals, so it was a weird moment where some places it was 00:21:13.400 --> 00:21:20.160 illegal and some places it wasn’t. Yeah, shortly after this hack, Denmark changed 00:21:20.160 --> 00:21:27.560 the law. They made sex with animals illegal. I can’t tell if this hack had anything to do 00:21:27.560 --> 00:21:34.760 with the laws changing, but the timing is very coincidental. Now, stuff like this, 00:21:34.760 --> 00:21:40.180 hacking into places, making the news, and getting people arrested and stuff, is like a drug. 00:21:40.180 --> 00:21:45.640 DEFAULT: Yeah, the sleep schedule didn’t exist, and it is — I would be lying if I didn’t say it 00:21:45.640 --> 00:21:55.720 was exhilarating and gave you a sense of power. You start to crave that rush of serotonin. It’s 00:21:55.720 --> 00:22:06.400 just like, you get so worked up and you’re like, this is so awesome. This feels great. Not only 00:22:06.400 --> 00:22:15.560 are we doing something good, but it’s exciting and I want to do it again and again. Sometimes 00:22:15.560 --> 00:22:23.280 it’s like you’re — almost like you’re chasing a high, and that can lead you off the trail. 00:22:23.280 --> 00:22:30.400 JACK: Let’s take a quick ad break, but stay with us because when we come back, we’re going off the 00:22:30.400 --> 00:22:40.240 trail. Okay, so, Default was on a path. He didn’t know where the path was taking him, 00:22:40.240 --> 00:22:45.240 but he already made his way through Anonymous and into different hacker groups. AnonSec was 00:22:45.240 --> 00:22:49.840 the group where this first exciting stuff was happening. He kind of took over that group. But 00:22:49.840 --> 00:22:54.280 do you realize there’s a whole infrastructure to these hacker groups? There’s data stores to 00:22:54.280 --> 00:22:59.080 keep records of the stuff you collected or the passwords you’ve cracked, and there’s a tool 00:22:59.080 --> 00:23:05.120 shop to quickly grab hacking tools and how to use them. But to build on that infrastructure, 00:23:05.120 --> 00:23:10.560 they decided they needed to build a botnet. A botnet is just having control of a bunch 00:23:10.560 --> 00:23:16.360 of computers. You typically try to infect a huge swath of IPs and hope that a bunch of computers 00:23:16.360 --> 00:23:22.000 get infected and become under your control. But the reason why they wanted a botnet was 00:23:22.000 --> 00:23:27.360 to route their attacks through it. Instead of malicious traffic or connections coming 00:23:27.360 --> 00:23:33.800 from the AnonSec members themselves, they set up this botnet to pipe their traffic through 00:23:33.800 --> 00:23:39.760 someone else’s computer to get to their target. But when you infect a bunch of computers with 00:23:39.760 --> 00:23:46.360 a botnet, I start to get curious. What are these computers that are in our control now? 00:23:46.360 --> 00:23:52.960 DEFAULT: So, all these different devices that are part of the botnet — it’s like going through and 00:23:52.960 --> 00:24:00.440 seeing where they’re at or what they have access to. Some of the stuff that randomly 00:24:00.440 --> 00:24:09.920 would just get popped would be an Apple TV, an Iranian WiMAX base station for cell phones. 00:24:09.920 --> 00:24:16.600 JACK: One of these servers belonged to the Windsor University. This is a medical school. 00:24:16.600 --> 00:24:20.560 DEFAULT: You just pull it up, and I start looking. I’m like, 00:24:20.560 --> 00:24:27.200 oh, this is some kind of institution, university. [MUSIC] So, pull up the URL, 00:24:27.200 --> 00:24:38.400 check the domains, go to the home page, and can easily access admin panel. Once I log in, 00:24:38.400 --> 00:24:43.120 just pull up the finances of all the people and all the debt that they have. 00:24:43.120 --> 00:24:49.280 JACK: I saw a screenshot of this. He was in the admin panel of the university, 00:24:49.280 --> 00:24:56.400 and there in front of him was a list of all the students who owed money to the school. 00:24:56.400 --> 00:25:05.920 It all added up to $9 million. He started to think; could I, should I mess with this? 00:25:05.920 --> 00:25:12.720 DEFAULT: These people might really enjoy having their slate wiped clean, 00:25:12.720 --> 00:25:17.360 as it were. If you look, some of them owe a substantial amount of money, like, 00:25:17.360 --> 00:25:24.600 $70,000. I think some people owed upwards of over $100,000. It’s a lot of money, 00:25:24.600 --> 00:25:30.020 you know what I’m saying? It’s perpetual debt that sometimes just lasts for decades. 00:25:30.020 --> 00:25:37.280 JACK: There were 391 students listed here. He scrolled to the bottom of the page, and there 00:25:37.280 --> 00:25:45.800 was a button; Delete All. Why was there a Delete All button? I have no idea, but there it was. 00:25:45.800 --> 00:25:55.880 DEFAULT: So, I just deleted everything. I went into the PHP shell and just sent 00:25:55.880 --> 00:26:03.620 everything to dev/null and just shredded it. So, whatever I sent there is not coming back. 00:26:03.620 --> 00:26:07.480 JACK: Wow, crazy. How did you feel after that? 00:26:07.480 --> 00:26:17.600 DEFAULT: You feel good, you know? Whenever you can make a positive impact in people’s lives — and the 00:26:17.600 --> 00:26:26.680 power of doing that remotely from your house is — it’s almost intangible. The amount of power you 00:26:26.680 --> 00:26:39.026 can exert over the internet, it’s something that your average person just will never understand. 00:26:39.026 --> 00:26:43.840 JACK: [MUSIC] Default kept going further down this path, getting into place after place, 00:26:43.840 --> 00:26:47.760 and the places he was hitting were starting to really add up. 00:26:47.760 --> 00:26:54.880 DEFAULT: Literally, anything from banks, like I said, Apple TVs — we landed inside the Netherlands 00:26:54.880 --> 00:27:05.720 Defense Gateway. Like, what? Y’all have the default SSH password set? You just haven’t 00:27:05.720 --> 00:27:15.560 done anything with — okay, cool. More schools, School of Computer and Intelligent Systems, 00:27:15.560 --> 00:27:21.680 host providers; that was really cool. That was honestly a gold mine ‘cause we could 00:27:21.680 --> 00:27:28.000 literally just keep spinning up virtual private servers whenever we need. Just free web hosting, 00:27:28.000 --> 00:27:37.080 free storage space. We stumbled across a weird NSA SKYNET program on a Siris Aviture server by — also 00:27:37.080 --> 00:27:44.680 was co-hosted with the US Air Force. Super weird stuff. We’re sitting on a admin login panel for 00:27:44.680 --> 00:27:51.240 Coinbase, which had access to hot wallets. Very scary stuff. Thankfully we didn’t do anything 00:27:51.240 --> 00:27:59.300 with that. The Twitter and Facebook zero-days — it was both just a four-digit PIN reset. 00:27:59.300 --> 00:28:03.120 JACK: Now, each of these have their own story and I’ve listened to him tell me 00:28:03.120 --> 00:28:07.960 some of these himself, and they’re insane. I’m sorry I can’t include them all here, 00:28:07.960 --> 00:28:11.600 but I do want to stop at the Facebook login exploit he had. 00:28:11.600 --> 00:28:18.720 DEFAULT: I became kind of obsessed with having the tightest opsec that I could have because I 00:28:18.720 --> 00:28:26.480 didn’t ever want to get caught, obviously, and that kinda led to my arrogance, also, 00:28:26.480 --> 00:28:32.840 of being able to — literally, I got to the point where I thought I’d never be caught 00:28:32.840 --> 00:28:43.080 no matter what I did, and that just opened the door for doing anything hacking-wise. I didn’t 00:28:43.080 --> 00:28:52.380 care if it was Facebook or Twitter, which we had a zero-day on, and could access anyone’s account. 00:28:52.380 --> 00:28:58.200 JACK: What they did was get a Facebook username and then try to log in as them, but then say, 00:28:58.200 --> 00:29:03.200 oh, I forgot my password. At the time, Facebook would then send you a four-digit code to your 00:29:03.200 --> 00:29:06.960 e-mail that you had to type into the site to prove it was really you, because after all, 00:29:06.960 --> 00:29:11.120 if you had control of the e-mail that was registered to this user, it must really be you, 00:29:11.120 --> 00:29:17.200 right? Well, it was a four-digit code, which means there’s about 10,000 possibilities of 00:29:17.200 --> 00:29:21.600 what it could be. These guys learned that they could just keep submitting codes to 00:29:21.600 --> 00:29:25.960 Facebook over and over and over, cycling through all the possible four-digit codes, 00:29:25.960 --> 00:29:30.200 until they found the one that worked. They could do this pretty quickly, too, 00:29:30.200 --> 00:29:36.080 and just reset anyone’s password that way and then log into Facebook as them. 00:29:36.080 --> 00:29:42.440 DEFAULT: We got into big accounts. I got into Seth Rogen’s account, got his cell phone number, 00:29:42.440 --> 00:29:50.520 and called him just to tell him that I love his movies. He was like, who is this? I was like, 00:29:50.520 --> 00:29:56.800 I’m just a big fan. You’re hilarious. He was like, click. Completely deactivated 00:29:56.800 --> 00:30:03.680 his cell phone ten minutes later. Cardi B before she really blew up, Chief Keef, 00:30:03.680 --> 00:30:09.280 which he was honestly really cool about, ‘cause we gave him the account back. We gave all these 00:30:09.280 --> 00:30:19.226 people the accounts back. We had no malicious intent. It was just fun. It was a challenge. 00:30:19.226 --> 00:30:22.760 JACK: [MUSIC] So, while all this started out as fun and a challenge, 00:30:22.760 --> 00:30:28.320 over time it morphed. I mean, how can one feel this kind of power and then 00:30:28.320 --> 00:30:34.680 watch news and see everything wrong in the world and decide not to use this 00:30:34.680 --> 00:30:41.280 power to make change? It really is like a superpower to just topple over a computer 00:30:41.280 --> 00:30:48.300 or get inside a system that isn’t yours. With great power comes great responsibility, right? 00:30:48.300 --> 00:30:55.560 DEFAULT: I think it was the Snowden release that kinda set me off, where he was talking 00:30:55.560 --> 00:31:03.280 about the prison program and how literally it’s not a conspiracy that people have been saying 00:31:03.280 --> 00:31:07.760 the government is spying on everyone. They’re like, oh, you’re — it’s like, nope; actually, 00:31:07.760 --> 00:31:14.240 you could see here that these very classified documents — that they’re literally rag-netting 00:31:14.240 --> 00:31:20.000 every single packet in the United States and they’ve co-opted all of these companies through 00:31:20.000 --> 00:31:26.480 the prison program, and — all of your data is ours, and we’re building a giant storage 00:31:26.480 --> 00:31:31.320 facility to keep all this forever. So, if you ever become a potential threat to us, 00:31:31.320 --> 00:31:39.280 we’ll know everyone about you. So, it really just set us off and kinda gave us this mentality; like, 00:31:39.280 --> 00:31:48.000 okay, so, basically you’re hacking all of us, so we’re going to start targeting y’all and start 00:31:48.000 --> 00:31:56.080 showing that we can do to y’all what y’all are doing to us, also. Then nobody’s immutable. We 00:31:56.080 --> 00:32:04.680 drove that point home very hard. Like, literally sat around and came up with lists of high-level 00:32:04.680 --> 00:32:11.160 individuals in the intelligence community and then just started targeting them one by one. 00:32:11.160 --> 00:32:17.360 JACK: What? What the hell? They made a list of people to hack into that were 00:32:17.360 --> 00:32:25.640 high-profile members of the intelligence community? This just went up to 11. Okay, 00:32:25.640 --> 00:32:31.000 at this point — I mean, I’m fascinated by this because I’m always surprised how high-profile 00:32:31.000 --> 00:32:35.960 people in government pretty much dox themselves, right? They give their real name and talk on TV, 00:32:35.960 --> 00:32:39.360 and they have a phone number to their office, e-mail address, physical address. All this stuff 00:32:39.360 --> 00:32:44.120 is public information. We know who their boss is. Chances are, there’s a Wikipedia article 00:32:44.120 --> 00:32:49.040 on them listing all this, or there might even be a whole biography written about them. Yeah, 00:32:49.040 --> 00:32:56.520 I always wondered; doesn’t that make them extremely vulnerable targets for attacks? 00:32:56.520 --> 00:33:03.240 I am glued to this story right now. [MUSIC] Okay, let’s back up a second. At this point, 00:33:03.240 --> 00:33:08.440 Default has left AnonSec, which didn’t affiliate itself with Anonymous at all, and in fact, 00:33:08.440 --> 00:33:13.000 they were anti-Anonymous. But Anonymous seemed to get credit for everything they did, 00:33:13.000 --> 00:33:19.880 since it was called AnonSec. So, he was sick of that and left. But he knew people in this 00:33:19.880 --> 00:33:24.800 little pocket of the internet, and a group that he thought was doing some cool shit was 00:33:24.800 --> 00:33:32.440 CWA. This stood for Crackas With Attitude, and the head of CWA was a guy named Cracka. 00:33:32.440 --> 00:33:37.400 DEFAULT: Started talking to him and he just — we were on the same page about being really 00:33:37.400 --> 00:33:42.400 pissed off, about the government, and also a lot of the things going on in 00:33:42.400 --> 00:33:49.320 the Middle East. Just a lot of injustice in the world. Just kind of pissed off, 00:33:49.320 --> 00:33:56.960 you know? I wanted to direct that somewhere for a greater good, as it were. 00:33:56.960 --> 00:34:06.200 JACK: So, he starts hanging out with these folks from CWA and joins in on their hacktivism. 00:34:06.200 --> 00:34:17.360 DEFAULT: That ended up being exposing the lack of security within our own government. We are 00:34:17.360 --> 00:34:22.640 very vulnerable, and the people running the show are not practicing proper operational security 00:34:22.640 --> 00:34:33.120 whatsoever, either. So, we’re going to show the world this, and it was actually really easy. 00:34:33.120 --> 00:34:41.280 It was not super-advanced. Most of it was just social engineering and then taking that initial 00:34:41.280 --> 00:34:47.460 social engineering, information we gathered, and pivoting and leveraging that information. 00:34:47.460 --> 00:34:51.188 JACK: Who was one of the first ones you targeted? 00:34:51.188 --> 00:34:55.720 DEFAULT: It was James Clapper. Yeah, James Clapper was numero uno, 00:34:55.720 --> 00:34:58.420 and he’s the Director of National Intelligence. 00:34:58.420 --> 00:35:05.960 JACK: What the hell? This would be a strong ‘no’ for me. I would be out. You can’t attack 00:35:05.960 --> 00:35:11.440 the head of US’s intelligence agency like this and expect everything to be okay. 00:35:11.440 --> 00:35:16.200 I don’t care how good your opsec is; hide behind five VPNs, use your neighbor’s WiFi, 00:35:16.200 --> 00:35:21.000 use Tor, move to an underground bunker. It doesn’t matter. If you make it personal, 00:35:21.000 --> 00:35:29.040 they’ll make it personal. They will find you. But at the same time, 00:35:29.040 --> 00:35:33.920 Default was seeing stupid stuff on the news. Listen; this is James Clapper. 00:35:33.920 --> 00:35:37.320 JAMES: What we do not do is spy unlawfully on Americans, 00:35:37.320 --> 00:35:42.080 or for that matter, spy indiscriminately on the citizens of any country. We only 00:35:42.080 --> 00:35:46.360 spy for valid foreign intelligence purposes as authorized by law, 00:35:46.360 --> 00:35:50.740 with multiple layers of oversight to ensure we don’t abuse our authorities. 00:35:50.740 --> 00:36:00.800 JACK: The Snowden leaks clearly proved otherwise. The NSA was grabbing metadata off of millions of 00:36:00.800 --> 00:36:09.520 Americans’ phone calls. This is spying on regular, good-standing Americans. To hear James Clapper say 00:36:09.520 --> 00:36:20.240 otherwise meant that some were accusing him of criminal perjury, lying under oath. This enraged 00:36:20.240 --> 00:36:28.560 Default and Cracka. Our leaders were caught in a lie. What more can we find on them? But 00:36:28.560 --> 00:36:34.760 Cracka was the one who acted on this. I believe he acted alone, actually. Cracka got into the online 00:36:34.760 --> 00:36:40.360 account for James Clapper’s internet and phone service. Somehow from there, he was able to get 00:36:40.360 --> 00:36:47.000 Clapper’s wife’s social security number and posted that publicly. Then he routed all the calls coming 00:36:47.000 --> 00:36:53.320 into James’ phone to a free Palestine hotline. Cracka posted proof of all this to Twitter. 00:36:53.320 --> 00:37:01.240 DEFAULT: I gave him a head nod. Like, dude, that was a sick hack. Respect. Started talking to him; 00:37:01.240 --> 00:37:03.600 I was like, that was awesome. You really exposed this guy. 00:37:03.600 --> 00:37:07.480 JACK: James Clapper was actually not the first person from the intelligence community 00:37:07.480 --> 00:37:14.320 that CWA hacked into. Their first was Homeland Security Secretary, Jeh Johnson. Cracka got into 00:37:14.320 --> 00:37:19.760 his Comcast account somehow, and Default was seeing all this and chatting more with Cracka. 00:37:19.760 --> 00:37:29.340 DEFAULT: So, we just started to actually sit down and think of different people that we should hack. 00:37:29.340 --> 00:37:33.440 JACK: Together, they teamed up, and — well, 00:37:33.440 --> 00:37:37.024 you know what? I’ll just let Lester Holt from CBS News take it from here. 00:37:37.024 --> 00:37:40.640 LESTER: [MUSIC] Good evening. Did a high school student really manage to hack his way into the 00:37:40.640 --> 00:37:46.040 personal e-mail of one of this country’s top spy bosses? Federal agents are urgently trying to 00:37:46.040 --> 00:37:51.000 answer that question tonight after what appeared to be private and possibly sensitive information 00:37:51.000 --> 00:37:57.240 was posted online. Given the high profile of the target of the attack and the relatively low-tech 00:37:57.240 --> 00:38:04.460 method used, it’s both a disturbing and cautionary tale that NBC’s Pete Williams picks up from here. 00:38:04.460 --> 00:38:08.880 PETE: The apparent victim isn’t just any American or government official; 00:38:08.880 --> 00:38:14.560 it’s John Brennan, the CIA director since 2013, and a long-time key player in the US 00:38:14.560 --> 00:38:18.880 intelligence community. A man who says he’s an American high-school student claims he 00:38:18.880 --> 00:38:25.400 hacked his way into Brennan’s personal AOL e-mail account by fooling Verizon and AOL into revealing 00:38:25.400 --> 00:38:31.080 enough information to reset the account password. ‘Hello, guys. This Twitter account is going now’, 00:38:31.080 --> 00:38:36.440 the apparent hacker says, posting what appears to be an actual spreadsheet of names and e-mails 00:38:36.440 --> 00:38:41.080 of current and former intelligence officials. The hacker blanked out their social security 00:38:41.080 --> 00:38:45.200 numbers. The hacker also says he got into the Comcast billing account of the Homeland 00:38:45.200 --> 00:38:50.200 Security Secretary, Jeh Johnson. This was the personal e-mail account of Brennan, 00:38:50.200 --> 00:38:54.620 not his government account, and it appears no classified information was compromised. 00:38:54.620 --> 00:38:58.460 JACK: Okay, so, tell me how you got into John Brennan’s account. 00:38:58.460 --> 00:39:03.040 DEFAULT: John Brennan’s account, if I remember correctly… 00:39:03.040 --> 00:39:07.800 JACK: Okay, you know what? I’ll help you out. I mean, the year was 2015. Who remembers little 00:39:07.800 --> 00:39:13.160 details like this from eight years ago? My research shows that they first found John 00:39:13.160 --> 00:39:18.400 Brennan’s mobile phone number, and they did a mobile number lookup and discovered he was 00:39:18.400 --> 00:39:25.000 a Verizon user. So, time to put on the ruse. They were gonna call up Verizon, 00:39:25.000 --> 00:39:31.520 pose as a technician on-site trying to help out a customer, John Brennan, but for some reason were 00:39:31.520 --> 00:39:37.640 having trouble. So, they called Verizon asking for help on his account. Verizon is like, what’s your 00:39:37.640 --> 00:39:43.320 employee code? They made one up, and it worked. The support technician at Verizon asked, well, why 00:39:43.320 --> 00:39:47.480 can’t you just get into the account yourself? They said, uh, the tools are down and we need to get 00:39:47.480 --> 00:39:53.320 this going quick because the customer is waiting. So, the support technician was like, okay, sure, 00:39:53.320 --> 00:39:59.400 I’ll help. What do you need to know? This is how they got John Brennan’s Verizon account number, 00:39:59.400 --> 00:40:04.840 his four-digit PIN, a backup mobile number to his account, the e-mail associated to his 00:40:04.840 --> 00:40:11.080 account which was an AOL e-mail, and the last four digits of his bank card. Now that they 00:40:11.080 --> 00:40:18.480 had this extra information on him, how can they leverage that to take this a step further? Well, 00:40:18.480 --> 00:40:25.680 they know his AOL e-mail address, which when you log into AOL, the username is the e-mail. 00:40:25.680 --> 00:40:34.600 So, they had John Brennan’s e-mail username, but not the password. Well, time to call AOL. So, 00:40:34.600 --> 00:40:39.880 they called AOL, this time acting like John Brennan. Hi, I’ve been locked out of my e-mail 00:40:39.880 --> 00:40:45.640 account. Can you help me get back in? Sure, Mr. Brennan, but I’ll need to verify it’s you. 00:40:45.640 --> 00:40:54.680 Okay. Can you tell me the last four digits of your credit card number? Why, yes, yes I can, 00:40:54.680 --> 00:41:01.200 because they had this information from the data they got from Verizon. Clever, clever. So, when 00:41:01.200 --> 00:41:08.160 they gave this information to AOL, this let them reset his password and get into John Brennan’s AOL 00:41:08.160 --> 00:41:18.920 e-mail. On October 12, 2015, they gained access to the inbox of the Director of the CIA. Whoa. 00:41:18.920 --> 00:41:26.320 They started looking through his e-mails, reading one after another, looking at attachments sent. 00:41:26.320 --> 00:41:31.800 One attachment had a list of US intelligence officials, which included their social security 00:41:31.800 --> 00:41:38.200 numbers. Why in the world was John Brennan using his AOL account to send e-mails that included 00:41:38.200 --> 00:41:45.360 social security numbers of US intelligence officials? Ugh, this is such bad opsec. Why, 00:41:45.360 --> 00:41:52.080 Director of the CIA? Why? You know better. I think it just goes to show that no matter how much you 00:41:52.080 --> 00:41:58.680 know about privacy and security, we’re still human and screw up this whole security thing. 00:41:58.680 --> 00:42:07.520 DEFAULT: This AOL e-mail account had not only stuff about the war in Iraq 00:42:07.520 --> 00:42:15.120 and Afghanistan — I have no idea why — he also had his SF-86 form in there. 00:42:15.120 --> 00:42:23.640 JACK: Ooh, this is no good. The SF-86 form is the form that you fill out to apply for 00:42:23.640 --> 00:42:30.640 secret clearance, which means it has your entire background listed clearly in the form; 00:42:30.640 --> 00:42:35.800 social security number, e-mail address, telephone number, place of birth, aliases, passports used, 00:42:35.800 --> 00:42:40.400 prior addresses, names of your neighbors, what school you went to, your military history, 00:42:40.400 --> 00:42:46.920 past employers. It’s everything on a person, and now Default and Cracka had it all. 00:42:46.920 --> 00:42:51.320 DEFAULT: So, you call to reset the password and it does not matter if you sound like a 00:42:51.320 --> 00:42:58.200 fourteen-year-old girl on the phone. You got the CIA director’s social? You have 00:42:58.200 --> 00:43:06.146 to be him. I don’t really have a choice but to reset the password for you. It was over. 00:43:06.146 --> 00:43:10.080 JACK: [MUSIC] Unreal, and Cracka’s just posting this stuff straight up to Twitter 00:43:10.080 --> 00:43:13.880 as Cracka. It wasn’t just these two guys and CWA; there were some other 00:43:13.880 --> 00:43:19.040 members there for the ride, but Default was suspicious about one of the members in CWA. 00:43:19.040 --> 00:43:26.520 DEFAULT: He had somehow eluded capture when he was involved with other groups that mysteriously 00:43:26.520 --> 00:43:32.520 went down after he had joined them. Also, there was a lot of psychological flags, 00:43:32.520 --> 00:43:40.600 like red flags. Just like, trying really hard to befriend us. You know, it was kind of weird, 00:43:40.600 --> 00:43:47.000 kind of obvious. Then when I — I actually — I publicly called him out, he became a completely 00:43:47.000 --> 00:43:58.520 different person. That was just another confirmation. It is hard to understand 00:43:58.520 --> 00:44:07.520 fully my train of thought of thinking that we would get away with this, but after some time, 00:44:07.520 --> 00:44:16.840 we knew that we weren’t gonna get away with it. So, we just mashed the gas and we’re like, 00:44:16.840 --> 00:44:28.800 let’s hit as many as we can before it’s over. It did — really, they had to issue a memo because 00:44:28.800 --> 00:44:36.600 they were probably terrified ‘cause it was vast. It was upwards of ten or eleven people all within 00:44:36.600 --> 00:44:45.640 CIA, FBI, White House, DOJ, Department of Homeland Security, Quantico, and then defense contractors. 00:44:45.640 --> 00:44:57.280 So, that was — it was pervasive and far-reaching to all arms and subcontractors of the intelligence 00:44:57.280 --> 00:45:02.800 community. They were like, what is going on? Yeah, we were actually calling some of these people, 00:45:02.800 --> 00:45:09.120 too, by the way. I actually called — I called John Brennan on his cell phone. 00:45:09.120 --> 00:45:10.920 JACK: What did you say to him? 00:45:10.920 --> 00:45:14.600 DEFAULT: I told him he was a piece of shit. 00:45:14.600 --> 00:45:16.000 JACK: Wow. 00:45:16.000 --> 00:45:21.760 DEFAULT: He asked how much money I wanted. I said, I don’t want any money. I want you all to 00:45:21.760 --> 00:45:29.000 stop being so corrupt and committing crimes while prosecuting people for the same stuff y’all are 00:45:29.000 --> 00:45:39.120 doing. So hypocritical. Basically, y’all are awful people, really. You’re not doing any net-positive 00:45:39.120 --> 00:45:48.780 things for the world. You’re just not. He was audibly shaken up. I could hear it in his voice. 00:45:48.780 --> 00:45:53.840 JACK: Well, just a random phone call is not gonna be that big of a deal, 00:45:53.840 --> 00:45:55.880 but did you say I’ve also got… 00:45:55.880 --> 00:46:01.960 DEFAULT: It was his personal cell phone number. We read him his social security 00:46:01.960 --> 00:46:09.080 number to him. If you get a random phone call on your private cell phone number that nobody 00:46:09.080 --> 00:46:14.400 except for a select few people is supposed to know about and some random kid reading 00:46:14.400 --> 00:46:18.860 you your social security number, I would imagine that’s a pretty jarring experience. 00:46:18.860 --> 00:46:23.320 JACK: They were so relentless that people started going into hiding. 00:46:23.320 --> 00:46:27.880 DEFAULT: At the time, the threat level was literally unknown. He was very stressed 00:46:27.880 --> 00:46:33.520 out. It’s like, the extra security they had to hire to relocate the CIA director 00:46:33.520 --> 00:46:38.680 and then the deputy director of the FBI to a secure location because they didn’t 00:46:38.680 --> 00:46:43.440 know at the time what the threat level was. They had no idea who we are, what we were, 00:46:43.440 --> 00:46:47.280 what we were affiliated with, what our purpose was. We were some kids, 00:46:47.280 --> 00:46:51.320 literally, and — just pissed off at the government, but they didn’t know. 00:46:51.320 --> 00:46:55.920 JACK: At some point they got into Amy Hess’ account. She was the FBI 00:46:55.920 --> 00:46:59.400 Executive Assistant Director for Science and Technology. 00:46:59.400 --> 00:47:05.840 DEFAULT: Once you log into the portal, you can see the connected TVs. Honestly, 00:47:05.840 --> 00:47:09.920 it’s like — I think it’s hilarious ‘cause I think — it reminded me 00:47:09.920 --> 00:47:15.180 of something out of a movie, like Hackers. So, we played that movie. 00:47:15.180 --> 00:47:18.240 JACK: I think what they did here is they called up Comcast pretending to 00:47:18.240 --> 00:47:24.800 be her and get her password reset. Yeah, it worked. Once they got in her Comcast portal, 00:47:24.800 --> 00:47:32.080 they were able to control her TV at home, and they just started playing the movie Hackers on it. This 00:47:32.080 --> 00:47:36.800 is a problem with connected and smart devices; you’re not the only one who can control them. 00:47:36.800 --> 00:47:43.640 Amy claimed she suffered from psychological damage from this. [MUSIC] Once they got into 00:47:43.640 --> 00:47:47.280 someone’s account and messed around there, they just went down the list to the next person. 00:47:47.280 --> 00:47:52.960 DEFAULT: Jenny Psaki, the White House spokesperson. I literally just — I took 00:47:52.960 --> 00:48:02.000 that upon myself because she was calling Edward Snowden a traitor, and that triggered me so hard. 00:48:02.000 --> 00:48:09.120 I was like, I have to hack this lady. I know that maybe these aren’t her words and she might just be 00:48:09.120 --> 00:48:19.420 reading off of a sheet that they want her to say, but I couldn’t stand to hear that kind of stuff. 00:48:19.420 --> 00:48:25.480 JACK: So, these guys were just ripping through all these high-level people’s accounts. It was insane 00:48:25.480 --> 00:48:32.040 the people that they were able to breach. But at some point, the two started talking and realized, 00:48:32.040 --> 00:48:39.320 wait a minute, we have all this information on US intelligence members. What databases do 00:48:39.320 --> 00:48:45.420 they have access to? This turned their attention to LEEP, which stands for… 00:48:45.420 --> 00:48:50.000 DEFAULT: The Law Enforcement Enterprise Portal. It had the information on all FBI 00:48:50.000 --> 00:48:52.420 agents in the United States, like personal information. 00:48:52.420 --> 00:48:57.320 JACK: So, somewhere in all this, they hacked into Mark Giuliano’s accounts. He was the 00:48:57.320 --> 00:49:05.720 Deputy Director of the FBI. Using his information, they were able to leverage that to get into LEEP, 00:49:05.720 --> 00:49:10.080 which I think is really taking this to another level. To basically pose as the 00:49:10.080 --> 00:49:14.800 Deputy Director of the FBI, to access a database that only officials should have 00:49:14.800 --> 00:49:20.720 access to? I don’t know, this just seems crazy to me that this can even happen, 00:49:20.720 --> 00:49:24.480 because why is this LEEP database even accessible from the internet at all? 00:49:24.480 --> 00:49:30.320 DEFAULT: Yeah, and I think because they have agents all over, 00:49:30.320 --> 00:49:33.120 they could have taken security measures, but I think it would have 00:49:33.120 --> 00:49:39.200 been too much trouble for them. [MUSIC] I’m like, y’all just really don’t care. 00:49:39.200 --> 00:49:49.880 JACK: Mm-hm. That sentiment right there is what I think fueled Default to go further. This idea 00:49:49.880 --> 00:49:54.080 that the US government thinks that there’s some elite hacking force able to break into anything 00:49:54.080 --> 00:50:00.080 and steal anything yet has a database of FBI agents’ personal details on a public website 00:50:00.080 --> 00:50:05.640 which is vulnerable to a teenage social engineer to be able to get into it? They wanted to put 00:50:05.640 --> 00:50:11.240 their thumb right in the eye of the government and make it hurt. How can we trust you with our 00:50:11.240 --> 00:50:15.280 private data if you can’t even protect your federal agents’ data? Why is the Department 00:50:15.280 --> 00:50:19.600 of Defense hacking into things instead of defending their own network? On top of that, 00:50:19.600 --> 00:50:23.320 why is the world even like this at all? Why is security so bad everywhere that 00:50:23.320 --> 00:50:27.280 the intelligence community can’t even secure their own stuff? So, 00:50:27.280 --> 00:50:32.240 Default and Cracka got into the LEEP database and downloaded all the information they 00:50:32.240 --> 00:50:38.520 could on as many FBI agents as they could. Okay, but what are you gonna do with this? 00:50:38.520 --> 00:50:47.520 DEFAULT: Hit up Wikileaks and — it was Julian at the time running the account and he was very 00:50:47.520 --> 00:50:58.320 interested in it, obviously, as he always is. It happened very fast. Just hand it over and he 00:50:58.320 --> 00:51:09.040 published it all, including his SF-86 form and the documents about the war in Iraq and Afghanistan, 00:51:09.040 --> 00:51:13.100 along with the LEEP data. It’s still on the Wikileaks website if I’m not mistaken. 00:51:13.100 --> 00:51:16.280 HOST: The CIA Director’s personal e-mails posted by 00:51:16.280 --> 00:51:20.880 Wikileaks after a cyber-criminal said they’d broken into his AOL account… 00:51:20.880 --> 00:51:24.480 JACK: I don’t think Wikileaks posted any of the stuff on the LEEP database, 00:51:24.480 --> 00:51:30.120 but they sure did post John Brennan’s information. They got into other databases, too. 00:51:30.120 --> 00:51:33.400 DEFAULT: JABS, the Joint Agency Booking System; 00:51:33.400 --> 00:51:38.880 everyone that’s put into that from county, state, and federal level in the prison system. 00:51:38.880 --> 00:51:42.680 JACK: Yeah, okay, so any person who’s put in prison is in this system, 00:51:42.680 --> 00:51:46.480 and they found access to this very useful. They were doing things like looking up other 00:51:46.480 --> 00:51:50.480 hackers that were caught and keeping an eye on them. Like, trying to figure out, 00:51:50.480 --> 00:51:56.200 did they become informants? But also, they were suspicious of some of the other people in CWA, 00:51:56.200 --> 00:52:01.520 and there might be an informant within them. So, access to this system was kind of like a way to 00:52:01.520 --> 00:52:07.320 run a criminal report on anyone you wanted very quickly. So, they were just downloading stuff from 00:52:07.320 --> 00:52:12.520 these databases and looking through it, and that’s when they found in these databases, there was a 00:52:12.520 --> 00:52:18.720 bunch of information about the Miami Dade Police Department. Now, let’s talk about Miami Police. 00:52:18.720 --> 00:52:23.080 DEFAULT: Yeah, that was another one, the Miami Dade Police. At the time, 00:52:23.080 --> 00:52:27.480 I really didn’t care. I just — that was towards the end of the run and was just, 00:52:27.480 --> 00:52:31.400 like, all bets are off, you know? [MUSIC] It had gone all the way down the rabbit 00:52:31.400 --> 00:52:40.200 hole. I had just become very disillusioned with people’s complacency and their lack of care for 00:52:40.200 --> 00:52:47.000 what was going on. So, it’s like, we’re gonna bring attention to this with chaos and mayhem. 00:52:47.000 --> 00:52:55.080 JACK: So, what happened to the police department? Now we got your motive; what did you do? 00:52:55.080 --> 00:53:00.040 DEFAULT: Well, we dropped their dox, pretty much. 00:53:00.040 --> 00:53:04.720 JACK: This time it wasn’t Wikileaks, though. I’m looking at a tweet here 00:53:04.720 --> 00:53:10.760 which has a link to Pastebin, and in there is a list of eighty Miami police officers; 00:53:10.760 --> 00:53:14.120 their name, title, phone number, and e-mail address. 00:53:14.120 --> 00:53:21.400 DEFAULT: Me and Cracka are talking and we’re both physically shaking because it’s like, 00:53:21.400 --> 00:53:26.720 terror and excitement at the same time. We’re like, I’m accessing a top-secret database. 00:53:26.720 --> 00:53:34.040 Holy shit. I’m gonna get caught, but this is exhilarating. I don’t really like — it’s like, 00:53:34.040 --> 00:53:38.400 what do I do? It’s like, okay, we’re gonna drop this database. Okay, 00:53:38.400 --> 00:53:44.480 what else are we gonna do? It’s like, I’m about to get the fuck off this thing. 00:53:44.480 --> 00:53:52.380 JACK: At the time, Cracka was just a teenage high-schooler, but Default was in his twenties. 00:53:52.380 --> 00:53:56.120 DEFAULT: Yeah, I think I was like, twenty-three. 00:53:56.120 --> 00:53:58.200 JACK: What was home life like? 00:53:58.200 --> 00:54:08.400 DEFAULT: It was terrible, really toxic. I lived with my dad. Living there was really bad, 00:54:08.400 --> 00:54:17.400 which I think kind of fueled some of this. Just like, no oversight, no real father figure to tell 00:54:17.400 --> 00:54:25.320 me what to do and what not to do. So, just like, bets are off. I’ll do whatever I want. Really, 00:54:25.320 --> 00:54:31.920 it became my whole life. Hacking really did. It was like, go to work, come home, 00:54:31.920 --> 00:54:38.560 hack. Go to work, come home, hack. It was all it was. It got to the point where I estranged 00:54:38.560 --> 00:54:48.400 myself from all my friends, and they didn’t know why ‘cause I never told them. You can’t. 00:54:48.400 --> 00:54:57.400 That’s just part of it. It’s a very lonely existence, especially if you’re committing 00:54:57.400 --> 00:55:02.640 all these crimes. At that time, I had a significant amount of money in Bitcoin and 00:55:02.640 --> 00:55:08.720 I really just — that was actually a key factor in all of this. Money was no longer an issue, 00:55:08.720 --> 00:55:15.034 so now what? You’re twenty-two years old and you have several million dollars in crypto… 00:55:15.034 --> 00:55:18.840 JACK: Yeah, let’s talk about that, then. So, how’d you get the several million? 00:55:18.840 --> 00:55:27.120 DEFAULT: Literally mining and buying from — since 2011. I was so early to getting ASIX. I was like, 00:55:27.120 --> 00:55:31.920 oh my god. These things were like, thirty to forty times more powerful than the average 00:55:31.920 --> 00:55:39.000 graphics processing unit at mining Bitcoin. So, yeah, started mining a lot of Bitcoin. 00:55:39.000 --> 00:55:46.180 JACK: So, John Holdren — I have written down here that someone tried to swat him? 00:55:46.180 --> 00:55:52.640 DEFAULT: Yeah, not me. I have no — honestly, I don’t even remember him getting swatted. 00:55:52.640 --> 00:55:59.547 JACK: So, the idea was using — posing as him to call the police from his phone… 00:55:59.547 --> 00:56:00.874 DEFAULT: Oh, the police shit. Yeah, see, that was… 00:56:00.874 --> 00:56:02.480 JACK: …and then getting — saying there was a violent 00:56:02.480 --> 00:56:04.940 incident here and then them coming to his house. 00:56:04.940 --> 00:56:11.880 DEFAULT: Dude, that pissed me off so much that that even got attributed somewhat to me, 00:56:11.880 --> 00:56:17.480 because technically a conspiracy is if I know about someone committing the crime and don’t 00:56:17.480 --> 00:56:24.360 instantly go tell on them. I’m complicit. So, it’s like, because I was in the chatroom with 00:56:24.360 --> 00:56:30.480 one of the people while they did this, now I’m a party to the crime. I’m like, what the fuck? 00:56:30.480 --> 00:56:37.720 I don’t even want to be a part of the swatting. I hate that shit. People have died from that. 00:56:37.720 --> 00:56:43.920 JACK: There was some sort of current — there was an undercurrent of people online at the time, 00:56:43.920 --> 00:56:51.800 right, that you were mixed up in that was also very involved in this sort of thing. 00:56:51.800 --> 00:56:55.040 Talking about Anonymous, for example, right; Anonymous was always calling out 00:56:55.040 --> 00:56:59.680 injustices of the world and threatening this and that because people were just 00:56:59.680 --> 00:57:06.705 being evil. It felt like being part of that was the winning side, right? It felt like… 00:57:06.705 --> 00:57:09.360 DEFAULT: Yeah. You’re doing what’s morally right. 00:57:09.360 --> 00:57:11.360 JACK: Mm-hm, and I don’t know if that exists 00:57:11.360 --> 00:57:15.360 today. I think today we’ve kind of lost that pulse. 00:57:15.360 --> 00:57:21.880 DEFAULT: The empathy is at an all-time low, just like, caring for your fellow man and the 00:57:21.880 --> 00:57:30.520 bigger picture. But people have just become very complacent and would rather be content with the 00:57:30.520 --> 00:57:39.480 way things are, and that’s a dangerous road to go down because while that’s going on, I can assure 00:57:39.480 --> 00:57:47.920 you that the NSA and the Five Eyes and all these other people that are occluding together are not 00:57:47.920 --> 00:57:58.040 being complacent. They’re actually getting more aggressive with the spying and the hacking. I 00:57:58.040 --> 00:58:05.760 think it was Rule 41 pass, where it’s like, they can literally hack people now. They don’t need to 00:58:05.760 --> 00:58:12.880 go physically kick in your door. No, they can just hack you. I’m pretty sure that’s how I got caught, 00:58:12.880 --> 00:58:16.820 is that the NSA got involved, and I know I got hacked two days before I got raided. 00:58:16.820 --> 00:58:22.900 JACK: Well, let’s talk about that. So, how do you think the — how did they catch you? 00:58:22.900 --> 00:58:29.600 DEFAULT: It’s threefold. There’s three things that contributed to it. Because the official 00:58:29.600 --> 00:58:35.400 shit that they say is so fucking hilarious — because I never used my home IP address. 00:58:35.400 --> 00:58:42.120 I had a giant WiFi satellite dish that could reach up to a mile away, okay? So, 00:58:42.120 --> 00:58:47.360 I was usually using the Dairy Queen that was half a mile away. It had free WiFi. So, 00:58:47.360 --> 00:58:53.440 their bullshit answer of, oh, well, we pulled Twitter logs and he had his IP in there. No, 00:58:53.440 --> 00:58:59.520 I didn’t. I’ve never fucking used my home IP address on that Twitter account. That’s why 00:58:59.520 --> 00:59:07.680 I bought this, so I would never do that. I was so overkill on my opsec, it was a process. Literally, 00:59:07.680 --> 00:59:17.360 my hard drives for my desktops I had to completely de-encrypt which took thirty to forty minutes, and 00:59:17.360 --> 00:59:24.840 then I — I don’t have internal WiFi cards in my laptops or anything. I have to connect it to stuff 00:59:24.840 --> 00:59:32.920 so it’s not automatically connecting to anything around me. Super paranoid, dude. You kinda have to 00:59:32.920 --> 00:59:38.480 be. Then after that, I’m connecting through Tor nodes and my botnet. I think it was threefold. 00:59:38.480 --> 00:59:47.640 One I know was a contributing factor, 100%, because he told me. One of my friends, 00:59:47.640 --> 00:59:54.800 or I thought was my friend — and this is crazy, over a female, of course. What had happened was 00:59:54.800 --> 01:00:03.760 I ended up hooking up with a girl. I had asked him prior to this; I was like, do you mind? You dated 01:00:03.760 --> 01:00:09.800 her a while ago, whatever. Do you mind if I hook up with her, talk to her, whatever? He said, no. 01:00:09.800 --> 01:00:14.960 I was like, okay, well, I asked you, so speak now or forever hold your peace, bro, ‘cause I’m gonna 01:00:14.960 --> 01:00:23.720 do it. Literally, he got mad at me and I was like, why didn’t you be a man and tell me you still had 01:00:23.720 --> 01:00:32.480 feelings for her? I would have respected that. He was like, I don’t know. So, that kinda started it 01:00:32.480 --> 01:00:40.960 all. I didn’t know he had ill intentions toward me. So, whatever, we moved past that, and then the 01:00:40.960 --> 01:00:51.120 CWA thing happens. We’re drunk one night and we’re on Xbox Live or whatever. I slip up for the first 01:00:51.120 --> 01:01:00.120 time ever, being fucking arrogant and cocky. It comes on the news; CIA Director hack, blah, blah, 01:01:00.120 --> 01:01:08.080 blah, all this stuff. I’m like, oh, that was us, blah, blah. I was drunk, talking, and just totally 01:01:08.080 --> 01:01:15.040 gave myself away. But I didn’t think he would take me serious, I guess. I don’t know, I was drunk. 01:01:15.040 --> 01:01:22.880 But he did and he actually reported me to the FBI. Then he told me that he reported me to the 01:01:22.880 --> 01:01:33.080 FBI. I’m not gonna name-drop him but he knows who he is, and that’s some real scumbag stuff to do 01:01:33.080 --> 01:01:40.840 over that. I just could never imagine — I would never do something like that to another person, 01:01:40.840 --> 01:01:47.240 I guess is — I don’t know. So, that’s one prong. That’s definitely — maybe got them 01:01:47.240 --> 01:01:51.560 to look into me ‘cause of an anonymous tip. The other one is the person in our 01:01:51.560 --> 01:01:56.680 group that I know was a snitch, but on what information was he able to collect about me? 01:01:56.680 --> 01:02:03.880 I don’t know. He was always posting weird links in our chat, like a URL shortener, 01:02:03.880 --> 01:02:10.480 or could have done some sketchy stuff with that. I really did never click on those. The 01:02:10.480 --> 01:02:16.020 other one was Julian saying that the NSA got involved and me knowing that I got hacked. 01:02:16.020 --> 01:02:21.400 JACK: Yeah, so, when they gave John Brennan’s SF-86 form to Julian Assange at Wikileaks, 01:02:21.400 --> 01:02:26.200 this really angered the Department of Defense, and Julian somehow got word that the NSA was 01:02:26.200 --> 01:02:32.520 aiding in the investigation. So, Julian told Default to be careful. Then one day, Default’s 01:02:32.520 --> 01:02:38.960 computer started acting up. Something wasn’t right. It was crashing and glitchy. He looked 01:02:38.960 --> 01:02:43.860 at the network traffic and saw come connections to Langley, Virginia, where the CIA is based out of. 01:02:43.860 --> 01:02:47.960 DEFAULT: I knew I was hacked. My computer was acting crazy. It was having weird 01:02:47.960 --> 01:02:59.720 connections. I shut it off. I was like, fuck. So, I shut it off for a while, and a couple days go 01:02:59.720 --> 01:03:07.600 by. One day — and then the second day, I turn it back on. After I get home from school and start 01:03:07.600 --> 01:03:15.800 decrypting it, it takes thirty, forty minutes — okay, but I noticed when I got home, there was a 01:03:15.800 --> 01:03:23.040 black van or a suburban sitting across the street. [MUSIC] I didn’t think anything of it. Also, 01:03:23.040 --> 01:03:29.680 now that I remember, very, very sketchy people had moved in across the street, this little house, 01:03:29.680 --> 01:03:36.520 and they just sat on the front porch smoking cigarettes, looking at my house nonstop. So, 01:03:36.520 --> 01:03:45.120 literally, minutes after my desktop decrypted and came online, they came in. Like, what are 01:03:45.120 --> 01:03:50.600 the chances of that? Like, literally waited and waited. Usually they’d bum rush you right when 01:03:50.600 --> 01:03:56.200 you get home, or you’re in the house, or you’re somewhere they can confine you in a space. What 01:03:56.200 --> 01:04:02.840 it is, probably, is they waited for that to come on and ping whatever remote-controller they had, 01:04:02.840 --> 01:04:11.640 whatever server it was connecting back to, to verify that my desktop was unencrypted. 01:04:11.640 --> 01:04:15.060 JACK: What happened? They knock on the door? Tell me about that incident of… 01:04:15.060 --> 01:04:18.080 DEFAULT: No, dude. They definitely don’t knock on the door. 01:04:18.080 --> 01:04:19.960 JACK: Okay, what’d they do? 01:04:19.960 --> 01:04:23.040 DEFAULT: They definitely don’t knock on the door, bro. They kick that shit 01:04:23.040 --> 01:04:29.680 in. They hit it in with a fucking ram. All I heard was, ‘FBI, search warrant’. 01:04:29.680 --> 01:04:31.760 JACK: That’s your dad’s house, right? 01:04:31.760 --> 01:04:37.800 DEFAULT: Yeah. I just — before I could — all I had to do was pull 01:04:37.800 --> 01:04:46.080 the plug. They had sub-machine guns pointed at my face, and I blacked out. 01:04:46.080 --> 01:04:54.480 JACK: He had his computer set up in such a way that if he disconnected the power to it, 01:04:54.480 --> 01:05:01.760 it would re-encrypt his hard drive. He just needed to grab the cord and pull it. But when 01:05:01.760 --> 01:05:08.320 you’re sitting there at your computer with assault rifles pointed at you, I don’t think you’re gonna 01:05:08.320 --> 01:05:15.300 reach for that power cord. So, at gunpoint, he had no choice but to let them seize the computer. 01:05:15.300 --> 01:05:23.080 DEFAULT: They had it all, and I knew I was fucked. I was like, 01:05:23.080 --> 01:05:28.080 there’s so much data on there. They’re gonna have a field day. They don’t even 01:05:28.080 --> 01:05:36.100 know what they have yet, but I know. So, I pretty much knew it was over at that point. 01:05:36.100 --> 01:05:41.020 JACK: They pulled you out of that room and someone else went in there to start taking your computer. 01:05:41.020 --> 01:05:41.640 DEFAULT: Yeah. 01:05:41.640 --> 01:05:44.502 JACK: They can’t unplug it and take it; they know they’ve got to… 01:05:44.502 --> 01:05:52.680 DEFAULT: No, they immediately hooked up something to flash copy my hard drive. Secret Service was 01:05:52.680 --> 01:05:58.400 there as well, because I think someone hacked Donald Trump’s website or some shit, which I had 01:05:58.400 --> 01:06:04.080 no idea about. They were like — they assume you’re lying about everything. They’re like, come on, 01:06:04.080 --> 01:06:08.200 you know about that. I’m like, I honestly, literally have no idea what you’re talking 01:06:08.200 --> 01:06:15.160 about. Why would I hack Donald Trump’s website? I don’t give a shit about Donald Trump’s website, 01:06:15.160 --> 01:06:23.360 bro. But I guess Secret Service has got to get involved. So, I’m sitting across from BJ King 01:06:23.360 --> 01:06:34.080 and some very stereotypical tall, muscular Secret Service agent boding down on me, asking me if I’m 01:06:34.080 --> 01:06:42.920 part of HTP, and where’s Nack Hash? I’m like, dude, I don’t know what you think this is. It’s 01:06:42.920 --> 01:06:49.440 not gonna go down like this. I think they were doing a coordinated attack where they were raiding 01:06:49.440 --> 01:06:54.000 us all at the same time, because they didn’t want anyone to be able to notify each other. 01:06:54.000 --> 01:06:57.680 JACK: It’s true; around the same time, Cracka was also raided by the police, 01:06:57.680 --> 01:07:02.760 but it turned out he was living in the UK and he was a high-schooler. So, they took Default 01:07:02.760 --> 01:07:06.920 straight to jail. Police just weren’t sure how dangerous he was and they didn’t want to take 01:07:06.920 --> 01:07:13.160 changes. I think due to the nature of this, they likely did time it so that when his computer was 01:07:13.160 --> 01:07:18.400 online, that’s when they would raid him and capture as much evidence as they could. How 01:07:18.400 --> 01:07:24.440 they knew his computer was online is a mystery to me still. Were they looking through the window? 01:07:24.440 --> 01:07:30.360 Did they hack into his computer and wait for it to signal out or something? His theory is 01:07:30.360 --> 01:07:35.000 that they did hack him. His computer was now in the hands of federal authorities, 01:07:35.000 --> 01:07:40.600 completely unlocked and decrypted, and, well, the stuff they found on there was 01:07:40.600 --> 01:07:46.900 clearly enough to convict him of many crimes. Screenshots that you had taken, Bandicam videos… 01:07:46.900 --> 01:07:49.780 DEFAULT: Oh god, that was the dumbest thing I ever did. 01:07:49.780 --> 01:07:52.880 JACK: But how did they get the videos if you never posted them? 01:07:52.880 --> 01:08:00.320 DEFAULT: Because literally, like I said, I basically did all the heavy lifting for them 01:08:00.320 --> 01:08:09.000 because I’m obsessive-compulsive with archiving data, stuff that probably shouldn’t be archived. 01:08:09.000 --> 01:08:18.240 Like, oh, I think it would be cool to record me doing this crime and I’ll look back on it later, 01:08:18.240 --> 01:08:22.600 and it’ll be safe ‘cause it’ll be on my encrypted hard drive. Well, 01:08:22.600 --> 01:08:27.840 what if your hard drive’s not encrypted? Then, now they have literal, irrefutable proof that 01:08:27.840 --> 01:08:33.160 you recorded yourself committing a crime that they would have no idea you had anything to do with. 01:08:33.160 --> 01:08:39.040 JACK: There was one device in particular that he watched them take. He knew what was on it, 01:08:39.040 --> 01:08:45.600 something that was very important to him, so important that I just imagine as he watches 01:08:45.600 --> 01:08:52.880 them walk off with it, that his world just goes quiet and almost becomes slow motion. But 01:08:52.880 --> 01:08:58.340 he couldn’t say anything and just watched them take it, because this was a secret. 01:08:58.340 --> 01:09:01.760 DEFAULT: One of the things they took from me was one of my external hard drives, 01:09:01.760 --> 01:09:11.520 which I wanted back very, very much so. What it was was my Bitcoin wallet. 01:09:11.520 --> 01:09:15.760 I had a lot of Bitcoin on there, man, almost a thousand Bitcoin. 01:09:15.760 --> 01:09:18.800 JACK: They had all the evidence they needed to convict him. He 01:09:18.800 --> 01:09:24.360 knew it. There was no way to get out of this, so he pleaded guilty. 01:09:24.360 --> 01:09:30.700 The judge sentenced him to five years in prison. Was prison rock bottom for you? 01:09:30.700 --> 01:09:38.360 DEFAULT: Oh yeah, for sure. I got in trouble for exposing the prison that I was at and how they 01:09:38.360 --> 01:09:43.960 weren’t adhering to any Covid polices. It’s like open dorms. So, it’s like, if Covid gets 01:09:43.960 --> 01:09:49.280 in here through one of these guards, everyone’s gonna get Covid. People are gonna die, and y’all 01:09:49.280 --> 01:09:55.280 are still coming in our rooms and touching all of our shit and flipping everything upside-down. So, 01:09:55.280 --> 01:10:02.600 I recorded all of this with a phone I had and sent it to some reporters I knew. Of course, 01:10:02.600 --> 01:10:09.320 someone told on me the next day. SIS came and scooped me up and took me to the SHU, 01:10:09.320 --> 01:10:15.400 which is solitary confinement. From there, they weren’t letting me back on the compound 01:10:15.400 --> 01:10:21.120 and they weren’t shipping people because it was lockdown, full lockdown, ‘cause of Covid. So, 01:10:21.120 --> 01:10:25.920 I spent a year back there, a year in solitary confinement. It was the hardest thing I’ve ever 01:10:25.920 --> 01:10:35.600 done in my entire life. There was a lot of people back there that unfortunately killed themselves 01:10:35.600 --> 01:10:47.720 because it’s extremely psychologically testing to be locked in this tiny little cell, 24/7. You 01:10:47.720 --> 01:10:54.400 don’t get out at all. Even in the worst prisons in America, the penitentiaries, you have to let 01:10:54.400 --> 01:11:09.106 them out at least one hour at day. It’s called 23-in-1. We didn’t get that. It was 24/7 for 365. 01:11:09.106 --> 01:11:14.760 JACK: [MUSIC] He read a lot of books in prison, learned about the importance of morals from an 01:11:14.760 --> 01:11:21.040 Italian gang, and picked up stock market trading skills from a stockbroker. When he got out, 01:11:21.040 --> 01:11:26.680 he was banned from the internet entirely. It was part of his probation for a while. 01:11:26.680 --> 01:11:30.600 Same with Cracka; Cracka was banned from the internet for a while, too, and he ended up with 01:11:30.600 --> 01:11:37.560 a two-year prison sentence even though he was only sixteen. But all that time has passed now, 01:11:37.560 --> 01:11:43.400 and both of them are out and back online. Default struggled to get back on his feet. He couldn’t 01:11:43.400 --> 01:11:47.800 find a job, especially being banned from the internet, especially having a felony record, 01:11:47.800 --> 01:11:53.600 so he eventually got into trading stocks and cryptocurrencies. He still doing this now, 01:11:53.600 --> 01:11:56.060 and he feels like he’s good enough to make a living from it. 01:11:56.060 --> 01:12:01.880 DEFAULT: Just sharing my story with people I think is — not just because it’s an interesting 01:12:01.880 --> 01:12:07.520 story and people enjoy listening to it, but I think there’s a lot of net-positive results and 01:12:07.520 --> 01:12:13.720 things that people can learn from this that — maybe they’re not in prison or they’re not 01:12:13.720 --> 01:12:17.040 going to prison or whatever, but they’re at a low point in their life. It’s like, look, dude, 01:12:17.040 --> 01:12:23.640 it’s not the end of the world. Literally, you can bounce back from anything. You can change your 01:12:23.640 --> 01:12:29.200 life. You can change — you decide who you want to be every single day. Just ‘cause you made some 01:12:29.200 --> 01:12:37.626 mistakes doesn’t mean that that determines who you are and what your character is as a person. 01:12:37.626 --> 01:12:39.760 JACK: [MUSIC] You know, something I keep thinking about while listening to this 01:12:39.760 --> 01:12:44.920 story is well, digital privacy, and I’m not gonna go on another rant like I did in the 01:12:44.920 --> 01:12:49.760 last episode. But in this case, government officials were doxxed. These guys stole 01:12:49.760 --> 01:12:54.080 their information. They used it against them and then published it to Wikileaks. How does 01:12:54.080 --> 01:12:58.480 someone come back from getting their private information published to Wikileaks? I mean, 01:12:58.480 --> 01:13:03.680 I’m looking at John Brennan’s SF-86 form right now. It’s still there on Wikileaks, 01:13:03.680 --> 01:13:09.240 and it’s the very first hit on Google when you search for it. Everyone knows everything about 01:13:09.240 --> 01:13:14.880 him. It seems like anyone should just be able to do a password reset on him, you know? You could 01:13:14.880 --> 01:13:21.600 impersonate him over the phone because you have all his information. You can essentially be him, 01:13:21.600 --> 01:13:28.880 the Director of the CIA, because we all have all his information. It’s possible for someone to get 01:13:28.880 --> 01:13:33.760 a new social security number. It’s not easy; you really have to prove to the social security office 01:13:33.760 --> 01:13:38.880 that you’re in danger. I bet government officials at this level might be able to skate through that 01:13:38.880 --> 01:13:44.440 whole process easier, and I think it’s easy enough to get a new phone number and e-mail address. 01:13:44.440 --> 01:13:50.320 It’s not so easy to just up and move to a new house, though, but that’s doable. It’s possible 01:13:50.320 --> 01:13:54.680 to change your name, too, but what’s the point of that when you’re a public figure? That doesn’t fix 01:13:54.680 --> 01:13:59.360 any of the problems of knowing all your previous addresses and who your neighbors were or your past 01:13:59.360 --> 01:14:04.680 employers, your friends, date of birth, home town, height, eye color. See, I think with all 01:14:04.680 --> 01:14:09.760 the doxxing going on in the world, I wish there was a simple way to just burn your identity and 01:14:09.760 --> 01:14:14.720 start fresh. Hell, I’d even be interested in doing it yearly myself, just to always keep 01:14:14.720 --> 01:14:20.520 distance from whoever might be trying to track me out there, and everyone is trying to track us. 01:14:20.520 --> 01:14:25.360 I wish I knew what John Brennan did to recover from this. I didn’t reach out to him because I 01:14:25.360 --> 01:14:29.360 assume he wouldn’t want to talk about it because it would just be giving away more of his private 01:14:29.360 --> 01:14:34.720 information. But I feel like we need a better system to help us, the regular people out there, 01:14:34.720 --> 01:14:39.920 when we get in this situation. Private information is not a thing of the past. We still need our 01:14:39.920 --> 01:14:46.080 privacy. But I think what might help is just better tools to stay private in general. You want 01:14:46.080 --> 01:14:51.480 my address? Oh, sorry, I only give out my proxy address, a postbox that receives mail for me, 01:14:51.480 --> 01:14:56.000 opens the letters, and then sends me pictures of those letters. You want my phone number? 01:14:56.000 --> 01:15:02.440 Sorry, I only give out burner phone numbers. You want my social security number? No, I don’t give 01:15:02.440 --> 01:15:07.960 that out to anyone. What, it’s for my security clearance? Sorry, that’s not even a safe place to 01:15:07.960 --> 01:15:13.240 give it. Didn’t you hear about what happened to John Brennan? These pieces of information on us 01:15:13.240 --> 01:15:19.000 are important that they remain out of the public view, yet time and time again, they get into the 01:15:19.000 --> 01:15:24.520 public view, and it’s not just from doxxing; data breaches, companies sharing your data, or you just 01:15:24.520 --> 01:15:29.800 giving your information to the wrong people. For instance, I had to give my social security number 01:15:29.800 --> 01:15:36.280 to buy Bitcoin, and now the CEO of that company that I gave my social to is in prison. So, who 01:15:36.280 --> 01:15:41.960 knows where my data went? So, I think we’re way overdue for a better system to protect our most 01:15:41.960 --> 01:15:46.680 important data. I think we need to stop giving it out to just anyone who asks for it. I mean, I was 01:15:46.680 --> 01:15:50.240 at the store buying bananas the other day and they were asking for my phone number and my zip 01:15:50.240 --> 01:15:55.040 code and all this stuff. I think there needs to be fewer situations where we need to provide it. 01:15:55.040 --> 01:15:59.360 I think we need to be less reliant on our private information as a way to authenticate it’s really 01:15:59.360 --> 01:16:05.520 us, and I think we need a way to recover from situations where it’s been completely exposed. 01:16:05.520 --> 01:16:10.960 Which, I think with the Equifax breach, most of us Americans have had our private data completed 01:16:10.960 --> 01:16:16.040 exposed, anyway. I think this is a problem that needs to be solved, and while I think 01:16:16.040 --> 01:16:22.120 some solutions are out there, it’s piecemeal and complicated. I don’t see anyone doing it 01:16:22.120 --> 01:16:29.560 holistically right now. There’s something that still rattles around in my head from this story; 01:16:29.560 --> 01:16:35.880 that hard drive that the feds took. It still has his Bitcoin wallet on it. The feds never 01:16:35.880 --> 01:16:40.400 got access to that Bitcoin. It’s still sitting there, untouched, and they still have that 01:16:40.400 --> 01:16:46.240 hard drive and won’t give it back. The reason they kept it is because it has evidence on it, 01:16:46.240 --> 01:16:50.680 data that he stole from various places. He asked them, just take what you want 01:16:50.680 --> 01:16:58.400 off it and give me back the drive, but they refused. 1,000 Bitcoin still sits on that 01:16:58.400 --> 01:17:08.000 hard drive. 1,000 Bitcoin today is worth $25 million. Just imagine $25 million sitting in 01:17:08.000 --> 01:17:14.400 some storage locker in a federal building and the feds have no idea it’s there. So, 01:17:14.400 --> 01:17:22.984 it sits for years and will probably one day be destroyed by some lowly computer technician. 01:17:22.984 --> 01:17:36.240 (OUTRO): [OUTRO MUSIC] A big thank-you to Default for coming on the show and sharing 01:17:36.240 --> 01:17:42.400 this insane story with us. This one I was like, wait, what? So many times. It’s just 01:17:42.400 --> 01:17:45.960 unreal. If you liked this episode, you should probably check out Episode 109, 01:17:45.960 --> 01:17:50.840 called Team Poison. It’s another story that was sort of running alongside this one in parallel in 01:17:50.840 --> 01:17:56.280 sort of the same time and place of the internet. Okay, what housekeeping is…? Oh yeah, a lot of 01:17:56.280 --> 01:18:00.120 you are telling me you’re finally caught up and have listened to all the episodes. If that’s you, 01:18:00.120 --> 01:18:04.680 I want you to know there are ten bonus episodes on Patreon. You can support 01:18:04.680 --> 01:18:10.720 the show and hear more stuff if you want. Go to patreon.com/darknetdiaries. My favorite online 01:18:10.720 --> 01:18:16.400 hangout these days is the Darknet Diaries Discord. We have 17,000 members but I can squeeze you in, 01:18:16.400 --> 01:18:24.160 so come on. Just go to discord.gg/darknetdiaries, and come say hi. This episode was created by me, 01:18:24.160 --> 01:18:29.880 the slow loris, Jack Rhysider. It was assembled by the corpulent porpoise, Tristan Ledger, mixing 01:18:29.880 --> 01:18:34.160 done by Proximity Sound, and our theme music is by the mysterious Breakmaster Cylinder. I tried 01:18:34.160 --> 01:18:43.640 teaching my mom how to build a PC, but all we did was make my motherboard. This is Darknet Diaries.