WEBVTT

00:00:00.000 --> 00:00:06.320
JACK: It always fascinates me how powerful a single computer is in someone’s bedroom.

00:00:06.320 --> 00:00:12.360
On a computer, a person can fall in love, get an education, get a job, do their job, and it gives

00:00:12.360 --> 00:00:18.720
us endless access to entertainment like movies and music. But what really intrigues me is that

00:00:18.720 --> 00:00:26.600
keyboard and mouse can be extremely dangerous; the right combinations of keystrokes are illegal, such

00:00:26.600 --> 00:00:32.120
as hacking into a bank and stealing money, which all can be done on a computer in your bedroom. You

00:00:32.120 --> 00:00:38.120
barely need to move your fingers much at all to make it happen, yet such a small physical movement

00:00:38.120 --> 00:00:44.120
can have a massive impact in the digital world. It’s asynchronous and logarithmic to the point

00:00:44.120 --> 00:00:51.400
that it’s hard to visualize. A push of a button can bring a whole country to a halt, and the wrong

00:00:51.400 --> 00:00:59.904
combination of keystrokes can have some serious consequences for whoever pushed the button.

00:00:59.904 --> 00:01:05.520
(INTRO): [INTRO MUSIC] These are true stories from the dark side of

00:01:05.520 --> 00:01:29.474
the internet. I’m Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS]

00:01:29.474 --> 00:01:33.920
JACK: This is a story that I’ve wanted to do for years, but I knew it was too complex for me to do

00:01:33.920 --> 00:01:39.720
on my own, so I waited to find the right person who could tell it. But then out of the blue,

00:01:39.720 --> 00:01:44.840
MLT messaged me on Twitter and we started talking about it. I asked if he wanted to

00:01:44.840 --> 00:01:50.378
tell his story on the show, and he said yeah. So, I sent him a microphone and we hit Record.

00:01:50.378 --> 00:01:54.400
MLT: [VOICE MODIFIED] Yeah, I’m just wondering about modifying my voice and masking it.

00:01:54.400 --> 00:01:58.920
JACK: Yeah, we’re going to alter his voice which might make it hard to understand him at faster

00:01:58.920 --> 00:02:03.840
speeds. If you’re having trouble following him, I encourage you to make sure you’re on 1X speed when

00:02:03.840 --> 00:02:08.480
listening, ‘cause you’ll be able to understand him better and you’ll enjoy the show longer,

00:02:08.480 --> 00:02:13.000
too. So, MLT is what he likes to be called online, but I believe that’s

00:02:13.000 --> 00:02:17.220
his initials. His real name is Matt, and he’s been around computers all his life.

00:02:17.220 --> 00:02:22.880
MLT: Yeah, I got my first computer when I was around four, maybe. So,

00:02:22.880 --> 00:02:25.320
yeah, I’ve pretty much grown up with computers.

00:02:25.320 --> 00:02:29.760
JACK: By the time he was twelve, he was taking more of an interest in computers. He was

00:02:29.760 --> 00:02:34.440
fascinated by how the computer is literally connected to the whole world, and millions

00:02:34.440 --> 00:02:41.360
of other computers and people out there are all available right on his screen, in his bedroom. He

00:02:41.360 --> 00:02:45.880
started exploring websites and seeing what’s out there. This fascinated him so much that he started

00:02:45.880 --> 00:02:51.080
learning how to make his own websites in HTML and taught himself how to program. [MUSIC] But while

00:02:51.080 --> 00:02:57.920
that’s fun and interesting, of course his main passion was video games, specifically Xbox games,

00:02:57.920 --> 00:03:01.700
and as he would play them, he was trying to find ways that he could cheat in the game.

00:03:01.700 --> 00:03:06.340
MLT: I’d prefer to just kinda try and break the game rather than play it normally.

00:03:06.340 --> 00:03:10.200
JACK: He found some cheat forums that he could download a cheat and

00:03:10.200 --> 00:03:13.240
do things in the game you weren’t supposed to do, and that was fun,

00:03:13.240 --> 00:03:15.920
but sometimes that would get him kicked out of certain online games.

00:03:15.920 --> 00:03:21.420
MLT: But then a while after that, I started getting into modding a little bit.

00:03:21.420 --> 00:03:23.800
JACK: He was just twelve years old at the time,

00:03:23.800 --> 00:03:28.640
but he was taking his Xbox apart and adding new code to it through the JTAG port on the

00:03:28.640 --> 00:03:33.040
bottom. This would enable it to do new things, things it wasn’t supposed to do.

00:03:33.040 --> 00:03:36.000
MLT: I was never technically competent at it or anything,

00:03:36.000 --> 00:03:38.360
but it was just kinda what I started out with.

00:03:38.360 --> 00:03:43.200
JACK: But he was learning, and he was only twelve when he was disassembling his Xbox and

00:03:43.200 --> 00:03:48.720
modifying it. While he’s becoming a teenager, he’s getting better at programming and making

00:03:48.720 --> 00:03:55.240
websites and finding some pretty interesting chat rooms online, because around this time,

00:03:55.240 --> 00:03:59.680
there was another group of people online [MUSIC] that were also coming of age.

00:03:59.680 --> 00:04:03.600
HOST1: Hacking group Anonymous has struck again,

00:04:03.600 --> 00:04:07.280
and this time claiming it has stolen thousands of credit cards.

00:04:07.280 --> 00:04:09.600
HOST2: Anonymous is one of the biggest online

00:04:09.600 --> 00:04:12.960
vigilante groups. Members hack into companies and governments.

00:04:12.960 --> 00:04:21.280
ANONYMOUS: We are Anonymous. We are legion. We do not forgive. We do not forget. Expect us.

00:04:21.280 --> 00:04:30.440
JACK: That’s a formative force for a teenager to be involved with. While MLT was going to school,

00:04:30.440 --> 00:04:34.660
he had a front-and-center view of what Anonymous was doing.

00:04:34.660 --> 00:04:38.980
MLT: I mean, I used to be in Ops IRC pretty often.

00:04:38.980 --> 00:04:43.600
JACK: The Anon Ops IRC chat room was where a lot of the Anonymous members would hang out,

00:04:43.600 --> 00:04:49.640
share memes, and formulate ideas. For a while, MLT felt loosely affiliated with Anonymous,

00:04:49.640 --> 00:04:54.320
at least curious enough to watch what they were doing and ask questions on how things were done,

00:04:54.320 --> 00:04:59.600
such as how a certain hack was done, or how did that person deface a website? The technical

00:04:59.600 --> 00:05:04.520
aspects of what Anonymous were doing were interesting to MLT, but the thing about Anonymous

00:05:04.520 --> 00:05:09.880
is that there’s much more noise than Signal. The Anon chat rooms are just filled with distractions

00:05:09.880 --> 00:05:16.440
and trolls. He liked the hacking stuff that was going on, but sometimes things didn’t make sense

00:05:16.440 --> 00:05:23.520
to him or align with what MLT thought was right or wrong. At the time, there were a lot of little

00:05:23.520 --> 00:05:29.760
satellite hacker collectives that sort of revolved around Anonymous. They were in the same space,

00:05:29.760 --> 00:05:35.440
but not necessarily affiliated. There was this one website that MLT seemed drawn to.

00:05:35.440 --> 00:05:40.040
MLT: There was a forum called poison.org which TriCk was the administrator of.

00:05:40.040 --> 00:05:46.560
JACK: So, here is where MLT first learned of TriCk. TriCk was the name of the founder and

00:05:46.560 --> 00:05:53.520
moderator of poison.org. [MUSIC] He seemed heavily involved with the black hat hacking scene and very

00:05:53.520 --> 00:05:59.880
knowledgeable about hacking. MLT thought TriCk’s poison.org forum was a interesting place, and

00:05:59.880 --> 00:06:04.740
he was learning a lot by going there and reading how people hacked into certain places and stuff.

00:06:04.740 --> 00:06:08.160
MLT: It’s just like a generic hacking forum, I think,

00:06:08.160 --> 00:06:12.360
like Hack Forums or Leakforums or one of those kind of websites.

00:06:12.360 --> 00:06:17.520
JACK: Some people were just posting screenshots of stuff they hacked into. Some people posted tips

00:06:17.520 --> 00:06:23.720
and tricks on how to exploit other things. MLT was drawn to the site and liked what he saw there,

00:06:23.720 --> 00:06:28.073
and was naturally curious about TriCk, the guy who ran the site.

00:06:28.073 --> 00:06:34.620
MLT: I knew other hackers on MSN Messenger who then eventually introduced me to TriCk.

00:06:34.620 --> 00:06:39.440
JACK: MLT and TriCk sort of hit it off together. They both got along pretty well. MLT

00:06:39.440 --> 00:06:44.720
was fascinated that TriCk had started this hacker forum, and TriCk liked that MLT knew some hacking

00:06:44.720 --> 00:06:51.800
skills and was curious to learn more. Do you remember the first thing you hacked with TriCk?

00:06:51.800 --> 00:07:00.620
MLT: The first major hack that I did with TriCk was the English Defense League.

00:07:00.620 --> 00:07:02.640
JACK: Now, I had to look up who the English

00:07:02.640 --> 00:07:05.960
Defense League was. Being American, I just was not aware of this group.

00:07:05.960 --> 00:07:08.480
HOST3: The English Defense League has become the most significant

00:07:08.480 --> 00:07:12.240
far-right street movement the UK has seen since the National Front in the 1970s.

00:07:12.240 --> 00:07:17.120
PROTESTER: God bless every single person in his country, of all religions, creeds, and cultures.

00:07:17.120 --> 00:07:22.040
You know what? Even God bless the Muslims. They’ll need it for when they’re burning in hell.

00:07:22.040 --> 00:07:25.480
JACK: From watching just a few videos about them,

00:07:25.480 --> 00:07:29.320
it seems to me that their mission is to spread hatred towards Muslims.

00:07:29.320 --> 00:07:35.880
MLT: Yeah, in the UK, they’re a very well-known right group that’s openly

00:07:35.880 --> 00:07:40.000
Islamophobic, so I’m assuming that’s probably why he wanted to target them.

00:07:40.000 --> 00:07:44.880
JACK: You see, both MLT and TriCk were from the UK, and while MLT didn’t really

00:07:44.880 --> 00:07:50.720
associate himself to a religion, TriCk was a devout Muslim and was not happy seeing people

00:07:50.720 --> 00:07:56.400
like the English Defense League on the telly spouting anti-Islamic slurs. TriCk didn’t want

00:07:56.400 --> 00:08:01.800
to physically confront these people, though. He could get hurt pretty bad. But TriCk was

00:08:01.800 --> 00:08:08.240
pretty good at computers and hacking, and found this group to be absolutely insufferable. So,

00:08:08.240 --> 00:08:12.320
TriCk told MLT this is the target, the English Defense League. Let’s see what we

00:08:12.320 --> 00:08:18.360
can do to them. MLT was in, because why not? The group seemed particularly mean, and MLT

00:08:18.360 --> 00:08:23.060
was wanting to learn how to hack and needed a good target. Might as well try to hack the EDL.

00:08:23.060 --> 00:08:29.280
MLT: Well, at the time, they used to run the website englishdefenseleague.org which was a

00:08:29.280 --> 00:08:37.680
forum board running MyBB which is a type of forum software. We actually

00:08:37.680 --> 00:08:44.120
developed a zero-day exploit at the time that allowed us to spawn a shell on MyBB,

00:08:44.120 --> 00:08:50.060
and then from there we just exfiltrated the database and dumped it online.

00:08:50.060 --> 00:08:52.960
JACK: Well, you say it so casually,

00:08:52.960 --> 00:08:59.800
but talk about that. Was it you that got the shell or was it TriCk?

00:08:59.800 --> 00:09:05.400
MLT: It was me that identified the vulnerability and it was

00:09:05.400 --> 00:09:09.280
TriCk that actually exploited the vulnerability to spawn the shell.

00:09:09.280 --> 00:09:16.280
JACK: Yeah. Yeah, I mean, that sounds exciting. What were you, like, thirteen, fourteen?

00:09:16.280 --> 00:09:20.960
MLT: I would have been around fifteen, sixteen then. Maybe fifteen.

00:09:20.960 --> 00:09:25.480
JACK: Okay, yeah. So, then you were going to school still, right?

00:09:25.480 --> 00:09:26.320
MLT: Yeah.

00:09:26.320 --> 00:09:30.600
JACK: This must have been probably late at night. You had a computer in your bedroom?

00:09:30.600 --> 00:09:32.480
MLT: Yeah.

00:09:32.480 --> 00:09:35.840
JACK: This was on the weekend or at night or something?

00:09:35.840 --> 00:09:40.280
MLT: Yeah, mostly weekends and night times.

00:09:40.280 --> 00:09:43.080
JACK: Yeah, that’s just exciting.

00:09:43.080 --> 00:09:46.136
MLT: Oh yeah, it was definitely fun at the time.

00:09:46.136 --> 00:09:48.880
HOST4: [MUSIC/SHOUTING] Individuals claiming to be part of the international

00:09:48.880 --> 00:09:53.360
internet sabotage group Anonymous have published phone numbers and addresses

00:09:53.360 --> 00:09:57.720
of supporters of the English Defense League as part of what Anonymous says

00:09:57.720 --> 00:10:01.580
is the first phase of a campaign to destroy the far-right group.

00:10:01.580 --> 00:10:06.640
JACK: Under the name of Anonymous, they made an online post with all the data they took. TriCk

00:10:06.640 --> 00:10:12.760
and MLT posted the whole database of everyone who’s ever donated to the EDL in the past,

00:10:12.760 --> 00:10:17.920
exposing some people who probably didn’t want to be exposed this way. But they didn’t stop there;

00:10:17.920 --> 00:10:19.980
they just carried right onto the next group.

00:10:19.980 --> 00:10:24.120
HOST4: Another far-right group, the British National Party, has also suffered its

00:10:24.120 --> 00:10:29.560
membership database being hacked, which led to the organization struggling to recruit new members,

00:10:29.560 --> 00:10:35.626
as they feared social ostracization as a result of being linked to the radical group.

00:10:35.626 --> 00:10:39.920
JACK: [MUSIC] Now, TriCk was the same age as MLT. They were both just teenagers,

00:10:39.920 --> 00:10:45.240
and these two attacks they just carried out made the news throughout the UK. Sky News had

00:10:45.240 --> 00:10:51.240
a story about it. BBC was running articles. It was wild for them to see how the UK reacted to

00:10:51.240 --> 00:10:56.840
a few teenagers screwing around on their computers on the weekend. But this kind

00:10:56.840 --> 00:11:03.000
of stuff is what fueled them to do more. That was cool. That was fun. A lot of people thought

00:11:03.000 --> 00:11:07.640
what they were doing was great and that the EDL deserved it. TriCk wanted to take it up

00:11:07.640 --> 00:11:14.160
a notch and decided to convert his poison.org website into a hacker group called TeaMp0isoN.

00:11:14.160 --> 00:11:19.720
MLT: TriCk asked a few of the more talented people from the forums if

00:11:19.720 --> 00:11:22.760
they’d be interested in joining TeaMp0isoN. I was one of those

00:11:22.760 --> 00:11:29.080
people. Then he went around to ask if I wanted to help co-lead the group with him.

00:11:29.080 --> 00:11:35.320
JACK: That’s how MLT became the co-leader of the TeaMp0isoN hacker group and became fully

00:11:35.320 --> 00:11:40.600
entrenched in the hacker scene. By this time, they’ve also separated themselves from Anonymous,

00:11:40.600 --> 00:11:45.040
sometimes only popping in the Anon IRC chat rooms just to try to take over the channel or

00:11:45.040 --> 00:11:50.320
cause a ruckus. By this point, MLT and TriCk have hacked into numerous websites and were

00:11:50.320 --> 00:11:55.920
learning quickly and eager to do more. So, TeaMp0isoN continued attacking more websites.

00:11:55.920 --> 00:12:00.200
Their early objectives were simply to try to deface their target websites. That is,

00:12:00.200 --> 00:12:04.960
to change what’s said on the site and write their own message up on there,

00:12:04.960 --> 00:12:10.040
to first prove that they were there and to second, send whatever message they wanted to send, sort

00:12:10.040 --> 00:12:16.000
of like digital graffiti on the internet. But as MLT saw what websites were being defaced, it made

00:12:16.000 --> 00:12:21.140
him think about his morals. What kind of website defacements are good and what aren’t?

00:12:21.140 --> 00:12:29.080
MLT: I guess it depends on a few different factors. Motivation, for one. For example,

00:12:29.080 --> 00:12:35.600
if it’s a perfectly legitimate website, then it’s probably immoral to do so,

00:12:35.600 --> 00:12:42.880
but if it was say, like, I don’t know, a terrorist organization or something

00:12:42.880 --> 00:12:47.080
along those lines, then I think it’s perfectly morally justified.

00:12:47.080 --> 00:12:53.640
JACK: I guess it is morally justified to attack a terrorist organization’s website. Okay, I guess

00:12:53.640 --> 00:12:59.680
I’m on board with that. But MLT thought Anonymous was attacking websites for no reason sometimes.

00:12:59.680 --> 00:13:04.720
MLT: Yeah, I feel like Anonymous are just honestly all over the place. A

00:13:04.720 --> 00:13:09.240
lot of the time they’ll just target some random low-hanging fruit and then come

00:13:09.240 --> 00:13:13.160
up with some moral explanation as to why it should be a target.

00:13:13.160 --> 00:13:18.760
JACK: Yeah, but I’m wondering if you had a strong moral outset to

00:13:18.760 --> 00:13:23.102
starting all this. Did you feel that governments were tyrannical?

00:13:23.102 --> 00:13:23.110
MLT: No.

00:13:23.110 --> 00:13:23.880
JACK: Did you feel like…?

00:13:23.880 --> 00:13:29.760
MLT: Definitely not. I’d say within TeaMp0isoN, I was probably the outlier in that respect,

00:13:29.760 --> 00:13:36.400
because TriCk was definitely politically motivated and was doing it for morals. But personally,

00:13:36.400 --> 00:13:43.080
I was just doing it just kinda to gain more skills and see whether I was capable

00:13:43.080 --> 00:13:48.480
of it. I was never really politically motivated or anything along those lines.

00:13:48.480 --> 00:13:54.760
JACK: Yeah, but there was something that – I mean, if you saw somebody doing something that’s like,

00:13:54.760 --> 00:14:00.360
wow, that’s actually hurting some people, small businesses or whatever that don’t deserve it,

00:14:00.360 --> 00:14:04.240
you would have stepped aside and said I’m not gonna be part of this. But something drew you

00:14:04.240 --> 00:14:08.480
to be part of TeaMp0isoN and I’m trying to figure out – what was it that you said;

00:14:08.480 --> 00:14:13.040
I want to – let’s create something. I want to be part of this. What was that thing?

00:14:13.040 --> 00:14:18.480
MLT: I feel like the main draw with it was when I got to learn with a group,

00:14:18.480 --> 00:14:23.880
I knew that I was – but at the time, I was nowhere near as skilled as TriCk,

00:14:23.880 --> 00:14:29.640
so I was just told that I wouldn’t be able to learn what – from what he was doing,

00:14:29.640 --> 00:14:34.940
really. [MUSIC] Yeah, it would take – it was never really about politics at all for me.

00:14:34.940 --> 00:14:40.520
JACK: I might go so far as to say MLT was there because of curiosity’s sake. At one

00:14:40.520 --> 00:14:44.520
point he told me he just wanted to see if he could do it, as in, here’s the target;

00:14:44.520 --> 00:14:50.400
could you get in? Okay, challenge accepted, kinda thing. MLT really wanted to learn more

00:14:50.400 --> 00:14:54.240
along the way. It doesn’t sound like he considered himself a hacktivist or

00:14:54.240 --> 00:15:00.400
anything. He was just poking at the world in his own curious way. But along the way,

00:15:00.400 --> 00:15:05.760
he was watching how fired up TriCk would get over different political causes and stuff.

00:15:05.760 --> 00:15:11.240
MLT: Yeah, I mean, during TeaMp0isoN, I chatted with him pretty much several

00:15:11.240 --> 00:15:16.120
hours a day, every day. I mean, he seemed like a pretty nice person.

00:15:16.120 --> 00:15:19.000
JACK: Yeah, what was he like just in those chats?

00:15:19.000 --> 00:15:24.600
MLT: Pretty normal for the most part. I mean, he was obviously politically motivated,

00:15:24.600 --> 00:15:33.120
but it didn’t seem like he was an extremist or anything like that. He’d have no problem

00:15:33.120 --> 00:15:38.880
talking to people from – like, talking to people who might necessarily respect

00:15:38.880 --> 00:15:43.120
his religion or anything like that. He just seemed indifferent to it.

00:15:43.120 --> 00:15:48.080
JACK: MLT was learning a ton about hacking from TriCk and other members of TeaMp0isoN.

00:15:48.080 --> 00:15:55.280
MLT: Yeah, but actual core members were me, TriCk, NC,

00:15:55.280 --> 00:16:04.120
and Hex. There was a few other people who were affiliated, but they weren’t directly involved.

00:16:04.120 --> 00:16:09.040
JACK: A lot of their targets were picked by TriCk, because TriCk really did feel strongly about

00:16:09.040 --> 00:16:13.960
certain things politically. He was Muslim, and at the time, there was a lot of tension between

00:16:13.960 --> 00:16:20.080
the West and Islamic extremism like Al-Qaeda and ISIS. So, there was a lot of emotion in the air,

00:16:20.080 --> 00:16:25.560
and it was easy to find targets that made TriCk mad. But sometimes they would just pick targets

00:16:25.560 --> 00:16:29.720
just to mess around with. Like, this one time, they decided to hack a celebrity.

00:16:29.720 --> 00:16:34.600
MLT: I wasn’t actually directly involved in this one, but I can tell you exactly how it

00:16:34.600 --> 00:16:40.560
happened. [MUSIC] Basically, it was done by TriCk and a few members of a group known as

00:16:40.560 --> 00:16:47.580
Z-Company Hacking Crew? Facebook used to use Facebook query language at the time.

00:16:47.580 --> 00:16:53.640
JACK: This other group called Z Hacking Crew also seemed focused on finding Islamophobic Facebook

00:16:53.640 --> 00:16:57.880
pages and trying to hack them or do something to them. While doing that, they were getting

00:16:57.880 --> 00:17:02.280
pretty familiar with how Facebook worked, and together with TriCk, they discovered a way to

00:17:02.280 --> 00:17:09.120
exploit the Facebook query language to make posts for any user they wanted. So, at first they used

00:17:09.120 --> 00:17:15.000
this exploit to attack racist and Islamophobic Facebook pages, which, that was their original

00:17:15.000 --> 00:17:22.040
intent. But when all that was done, they decided to aim higher on the target list, targeting the

00:17:22.040 --> 00:17:27.800
French president’s Facebook page, Nicholas Sarkozy, and they were able to post something

00:17:27.800 --> 00:17:35.200
to his page as the president. Then they shifted their attention to the head of Facebook itself.

00:17:35.200 --> 00:17:36.234
MLT: Mark Zuckerberg.

00:17:36.234 --> 00:17:42.120
JACK: They posted to Facebook as Mark Zuckerberg, saying something like, if Facebook is a social

00:17:42.120 --> 00:17:46.760
network, it should do some social good, too, instead of just being for profit. Yeah,

00:17:46.760 --> 00:17:52.040
once again, this was something that TeaMp0isoN did, which reverberated across the internet. For

00:17:52.040 --> 00:17:57.160
Mark Zuckerberg’s own account on Facebook to have an unauthorized posting, that’s an

00:17:57.160 --> 00:18:05.740
interesting news story, all done by a couple of teenagers. Okay, so let’s move on to Tony Blair.

00:18:05.740 --> 00:18:12.240
MLT: Yeah, so, with Tony Blair, that was TriCk again. That was one of the other attacks that

00:18:12.240 --> 00:18:19.000
I wasn’t directly involved in, but basically he used a zero-day exploit that affected the

00:18:19.000 --> 00:18:26.720
webmail service that – I don’t know if it was Tony Blair himself or one of Tony Blair’s staffers,

00:18:26.720 --> 00:18:35.160
but he used an exploit to gain access to the e-mails, and then within the e-mails,

00:18:35.160 --> 00:18:42.960
he found an address book which had a bunch of personal information on politicians and stuff,

00:18:42.960 --> 00:18:45.490
like phone numbers and that sort of thing.

00:18:45.490 --> 00:18:50.240
JACK: Okay, so TriCk used some kind of exploit to get the contacts list that Tony Blair had

00:18:50.240 --> 00:18:55.760
on his e-mail account. That’s interesting, but at first glance, this doesn’t seem that important to

00:18:55.760 --> 00:19:02.680
me. He wasn’t able to read Tony Blair’s e-mails or anything. He just saw Tony Blair’s contacts;

00:19:02.680 --> 00:19:07.680
names, phone numbers, e-mail addresses. [MUSIC] But this is actually a bit more serious than that.

00:19:07.680 --> 00:19:13.240
First of all, Tony Blair is the former Prime Minister of the UK, so this was a high-profile

00:19:13.240 --> 00:19:20.040
target. If Tony Blair gets compromised, you know the MI5 or GCHQ are gonna come in to investigate,

00:19:20.040 --> 00:19:25.680
and where does that investigative trail start? With some Twitter posts. TriCk himself was posting

00:19:25.680 --> 00:19:30.720
this all over Twitter, and while a regular person can’t see who owns a Twitter account,

00:19:30.720 --> 00:19:34.880
Twitter has some extra insight into this; they can see where the user connected from,

00:19:34.880 --> 00:19:38.200
what devices they used, what e-mails are registered to the account,

00:19:38.200 --> 00:19:42.280
and if the MI5 is involved, it’s probably pretty easy for them to get Twitter to

00:19:42.280 --> 00:19:46.960
turn over the information of whoever’s posting to the TeaMp0isoN Twitter account.

00:19:46.960 --> 00:19:53.320
But TriCk hid his tracks very well, always using a proxy or VPN or even a Tor client to connect to

00:19:53.320 --> 00:20:01.080
Twitter. But Twitter would only need him to mess up once for them to see his real IP. Internally,

00:20:01.080 --> 00:20:06.200
within TeaMp0isoN, this felt like a big win, hacking the former Prime Minister. What would

00:20:06.200 --> 00:20:12.960
be next, the Queen herself? Well, they don’t hack the Queen, but stay with us because when

00:20:12.960 --> 00:20:33.600
we come back, it gets much more serious. Now, while TeaMp0isoN sort of sprang out

00:20:33.600 --> 00:20:38.800
of Anonymous and was once loosely affiliated with them, they started doing things to upset

00:20:38.800 --> 00:20:44.160
Anonymous. There was another hacker group that came from Anonymous called LulzSec, and they

00:20:44.160 --> 00:20:48.580
were doing things like hacking PlayStation and the CIA and some other high-profile accounts.

00:20:48.580 --> 00:20:57.840
MLT: The situation with LulzSec, they made some threats over Twitter and then

00:20:57.840 --> 00:21:03.440
– I wasn’t even involved at this point, but TriCk was arguing with them over

00:21:03.440 --> 00:21:11.600
Twitter and stuff. Then Sabu from LulzSec, he started making up a bunch of lies about me.

00:21:11.600 --> 00:21:16.280
JACK: It’s not clear what started this Twitter spat, but Sabu, a member of LulzSec,

00:21:16.280 --> 00:21:21.080
and TeaMp0isoN weren’t getting along. MLT and the crew at TeaMp0isoN did some research

00:21:21.080 --> 00:21:25.440
on Sabu and found where he worked, and they broke into some computers where Sabu worked,

00:21:25.440 --> 00:21:30.240
and showed a screenshot of this to Sabu, proving they were in his work computers.

00:21:30.240 --> 00:21:33.160
MLT: At first he denied ever working for it,

00:21:33.160 --> 00:21:36.880
but if you look at his Twitter profile now, he’s admitted that he did.

00:21:36.880 --> 00:21:44.280
JACK: This, of course, escalated the situation. Next, LulzSec allegedly started DDossing the

00:21:44.280 --> 00:21:49.560
poison.org website and trying to deface it, or at least making spammy posts on it there,

00:21:49.560 --> 00:21:52.720
and Sabu continued to talk trash about TeaMp0isoN on Twitter.

00:21:52.720 --> 00:22:01.480
MLT: He started spreading a bunch of faked logs. Basically, he faked an entire IRC conversation,

00:22:01.480 --> 00:22:09.880
but made it look like TeaMp0isoN was some sort of PSYOP controlled by LulzSec. Like, he was trying

00:22:09.880 --> 00:22:16.080
to act like LulzSec was TeaMp0isoN all along to deflect away from the fact that he’d been hacked.

00:22:16.080 --> 00:22:20.520
JACK: Weird stuff going on for sure, but I actually see this all the time with these

00:22:20.520 --> 00:22:25.040
underground hacker groups; they often turn on each other and try to dox each other and attack each

00:22:25.040 --> 00:22:31.080
other. It’s weird. Did anybody at school know that this was some of the stuff you were into?

00:22:31.080 --> 00:22:35.120
MLT: Nobody in school knew anything about TeaMp0isoN,

00:22:35.120 --> 00:22:42.520
although I did get in trouble in school for hacking-related things a few times.

00:22:42.520 --> 00:22:45.640
JACK: Like the school’s computers and stuff?

00:22:45.640 --> 00:22:53.360
MLT: Yeah, like one time I SQL-injected the school’s website and defaced it. Then

00:22:53.360 --> 00:23:01.600
another time, I wrote an e-mail spoofer and I was sending spoofed e-mails from

00:23:01.600 --> 00:23:05.640
the principal’s e-mail address to some random student’s e-mail

00:23:05.640 --> 00:23:08.660
address and getting people put on detention and things like that.

00:23:08.660 --> 00:23:14.680
JACK: This hack on his school’s website resulted in him getting in trouble at school. His parents

00:23:14.680 --> 00:23:19.840
were not happy about this and they gave him a stern talking-to, and they grounded him from

00:23:19.840 --> 00:23:25.440
using computers for a while. Little did they know that the incident at the school was just

00:23:25.440 --> 00:23:34.000
a tiny blip on the long list of things that MLT was getting into. So, what happens with P. Diddy?

00:23:34.000 --> 00:23:43.000
MLT: The situation with P. Diddy was quite a crazy one. So, basically,

00:23:43.000 --> 00:23:49.146
we managed to get access to an internal machine in a hotel.

00:23:49.146 --> 00:23:54.000
JACK: [MUSIC] Okay, so, to get into this hotel’s network, it started with a phishing e-mail. They

00:23:54.000 --> 00:23:59.920
crafted an e-mail that looked like it was from another employee at that hotel, and it was asking

00:23:59.920 --> 00:24:06.080
this person to open the attached Zip file and run the app inside it. Well, the app was malware,

00:24:06.080 --> 00:24:12.100
so when the employee opened it, it gave TeaMp0isoN access to the computer in the hotel.

00:24:12.100 --> 00:24:17.160
MLT: From using that access, we performed some lateral movement and gained access to

00:24:17.160 --> 00:24:23.400
some other machines on the network. Some of those machines were security cameras,

00:24:23.400 --> 00:24:28.160
and literally as we are sitting watching these security cameras,

00:24:28.160 --> 00:24:32.040
P. Diddy casually walks into the hotel and checks in at the front desk.

00:24:32.040 --> 00:24:37.160
JACK: Well, it was complete chance that they saw this. P. Diddy is Sean Puffy Combs, a very popular

00:24:37.160 --> 00:24:43.040
rapper at the time. But seeing Puff Daddy himself on the camera was just a small thing, because

00:24:43.040 --> 00:24:50.280
TeaMp0isoN was in the computer at the front desk that he just checked into, and they watched the

00:24:50.280 --> 00:24:56.980
data go across the screen saying that Sean Puffy Combs has just checked in and paid for his room.

00:24:56.980 --> 00:25:02.000
MLT: He’s using his Amex Black card, which has an unlimited credit balance.

00:25:02.000 --> 00:25:07.920
JACK: They were able to see what Puff Daddy’s credit card number was, and snagged it.

00:25:07.920 --> 00:25:15.120
MLT: We basically just donated a few hundred thousand dollars to charity and then bought

00:25:15.120 --> 00:25:21.880
pizzas for anyone who asked on Twitter. [MUSIC] P. Diddy got extremely frustrated about it,

00:25:21.880 --> 00:25:29.480
like tried hiring a team of private detectives and all kinds of crazy stuff.

00:25:29.480 --> 00:25:38.560
JACK: Yeah, and so, did P. Diddy ever figure out who was behind this?

00:25:38.560 --> 00:25:43.480
MLT: No, he did not, but there’s quite a few articles that state he hired a

00:25:43.480 --> 00:25:49.400
team of private detectives to try and find out who the perpetrators were.

00:25:49.400 --> 00:25:53.280
JACK: How’d you feel about that? Did you feel like yeah, good luck,

00:25:53.280 --> 00:25:55.740
you’re never gonna find me, I’m better than that?

00:25:55.740 --> 00:25:58.560
MLT: Yeah, I mean, that’s how I felt at the time,

00:25:58.560 --> 00:26:02.100
but I feel like these days I probably would be a bit more paranoid.

00:26:02.100 --> 00:26:07.600
JACK: Were you feeling like you were untouchable, unstoppable?

00:26:07.600 --> 00:26:09.520
MLT: Yeah, pretty much. Back then,

00:26:09.520 --> 00:26:15.400
I definitely had a huge ego and just thought that I was never gonna get caught.

00:26:15.400 --> 00:26:20.160
JACK: Yeah, tell me about that ego. What was – describe it more.

00:26:20.160 --> 00:26:26.520
MLT: Well, it was just a case of thinking I was a lot more skilled than what I actually

00:26:26.520 --> 00:26:29.960
was and thinking I was a lot better at covering my tracks than what I actually

00:26:29.960 --> 00:26:37.460
was. Then soon enough, I found out that wasn’t the case at all.

00:26:37.460 --> 00:26:43.800
JACK: Okay, let’s see, what else do we got here? BlackBerry attack; were you part of that?

00:26:43.800 --> 00:26:45.400
MLT: Yes, I was.

00:26:45.400 --> 00:26:51.280
JACK: So, what was going on to even want to attack BlackBerry?

00:26:51.280 --> 00:26:56.440
MLT: Well, it was TriCk’s idea to attack it because it was during

00:26:56.440 --> 00:27:02.341
the London riots back in 2012 or 2011, maybe.

00:27:02.341 --> 00:27:02.360
JACK: August, 2011.

00:27:02.360 --> 00:27:10.320
MLT: Since BlackBerry was a huge phone provider at the time and BlackBerry Messenger was

00:27:10.320 --> 00:27:21.960
all the rage, BlackBerry agreed to cooperate with the police and hand over information on BBM users,

00:27:21.960 --> 00:27:27.520
like, who were taking part in the rioting. As a result, TriCk decided to attack BlackBerry.

00:27:27.520 --> 00:27:35.360
JACK: Okay, so, the target is acquired. Let’s go after BlackBerry, so what happened?

00:27:35.360 --> 00:27:39.720
MLT: Yeah, the method for gaining access to BlackBerry

00:27:39.720 --> 00:27:43.666
was totally different than our usual methods.

00:27:43.666 --> 00:27:47.200
JACK: [MUSIC] Okay, so, their method here is quite involved. First, they gathered a list of

00:27:47.200 --> 00:27:51.680
as many employee names as they could who worked at BlackBerry. Then they had a friend who had several

00:27:51.680 --> 00:27:55.960
database dumps of various breaches over the years, and they took these names of BlackBerry employees

00:27:55.960 --> 00:28:00.120
and searched the database dumps to try to find some matching names, and they found some, quite

00:28:00.120 --> 00:28:05.100
a few, actually. But from there, they looked to see if any of those employees had Gmail accounts.

00:28:05.100 --> 00:28:08.800
MLT: We called them all up, pretending to be from Google,

00:28:08.800 --> 00:28:16.000
and we told them that there’s been a brute force attempt on a Gmail account and that

00:28:16.000 --> 00:28:22.040
it’s been locked for security reasons. Then we would say that in order to unlock their account,

00:28:22.040 --> 00:28:27.720
we were gonna send them an unlock code. Then from there, we would just do a password reset

00:28:27.720 --> 00:28:35.200
request on their Gmail account and from there, they’d get a text message from Google with a

00:28:35.200 --> 00:28:40.160
code. Then they’d just read it aloud over the phone, pretty much, no questions asked.

00:28:40.160 --> 00:28:44.240
JACK: Now, once they got into some BlackBerry employees’ Gmail accounts,

00:28:44.240 --> 00:28:49.440
they looked to see if there were any e-mails regarding BlackBerry. That’s where they found

00:28:49.440 --> 00:28:57.720
that yeah, some peoples’ e-mails they got into had an account at blog.blackberry.com. Now, this

00:28:57.720 --> 00:29:03.040
BlackBerry blog was just a WordPress site, and so, they went to the WordPress admin panel and said,

00:29:03.040 --> 00:29:08.200
I forgot my password, and the WordPress site would e-mail them a link to make a new password. Well,

00:29:08.200 --> 00:29:13.160
they already had access to the Gmail account, and so, they just clicked the link and created a new

00:29:13.160 --> 00:29:18.160
password, and that’s how they got into blog.blackberry.com. TriCk crafted up a

00:29:18.160 --> 00:29:25.040
message to post to their blog. The message that looks like it was posted on the BlackBerry blog

00:29:25.040 --> 00:29:29.600
website is ‘Dear RIM, you will not assist the UK police because if you do, innocent members

00:29:29.600 --> 00:29:33.720
of the public who are at the wrong place at the wrong time and owned a BlackBerry will be

00:29:33.720 --> 00:29:41.240
charged for no reason at all.’ It goes on and on. It’s signed TriCk, TeaMp0isoN. Greets to Insane,

00:29:41.240 --> 00:29:48.120
Hex, MLT, Black Hacker, Knowledge is Power, Twitter, TeaMp0isoN, TriCk.

00:29:48.120 --> 00:29:55.520
MLT: There’s a lot of mixed feelings in regards to that particular hook. Like,

00:29:55.520 --> 00:29:59.480
a lot of people thought it was a good thing. Other people thought it was

00:29:59.480 --> 00:30:08.040
terrible and a really bad thing to do. But as for me personally, I don’t necessarily agree with it,

00:30:08.040 --> 00:30:12.460
but I was just curious to learn that particular method of social engineering.

00:30:12.460 --> 00:30:17.480
JACK: As you can hear, a lot of what went on at TeaMp0isoN was TriCk’s

00:30:17.480 --> 00:30:22.120
doing. Either he did it himself or told the team this is the target,

00:30:22.120 --> 00:30:26.800
and he crafted all the communications and messaging that TeaMp0isoN was putting out there,

00:30:26.800 --> 00:30:32.920
such as having strongly-worded messages to BlackBerry. Did you know where he lived?

00:30:32.920 --> 00:30:37.280
MLT: Small Heath, Birmingham. Other than that, I don’t know

00:30:37.280 --> 00:30:40.786
anything more specific, no address or anything.

00:30:40.786 --> 00:30:44.720
JACK: [MUSIC] TriCk was born in the UK, but his family was born in Pakistan,

00:30:44.720 --> 00:30:48.800
and they were Muslims and raised him to be Muslim, too. It sounds like TriCk was

00:30:48.800 --> 00:30:54.920
becoming more opinionated about who to hack based on his politics and culture. Together,

00:30:54.920 --> 00:31:02.000
TeaMp0isoN went on to hack so many more sites. The United Nations, NATO, and many more.

00:31:02.000 --> 00:31:07.080
If you were to put a number on it, how many things do you think you – TeaMp0isoN hacked?

00:31:07.080 --> 00:31:13.640
MLT: At least a few thousand. That 1,400 number,

00:31:13.640 --> 00:31:19.100
it’s just – that’s a list of mirror defaced pages from Zone-H.

00:31:19.100 --> 00:31:24.560
JACK: Okay, so, Zone-H; this is a website that hackers will post proof of what they’ve hacked

00:31:24.560 --> 00:31:28.320
into. This sort of shows your reputation and history of what your group has done

00:31:28.320 --> 00:31:35.640
over time. On this Zone-H website, TeaMp0isoN has over 1,400 different websites listed that

00:31:35.640 --> 00:31:40.840
they claim they hacked into between 2010 and 2013. But you can probably

00:31:40.840 --> 00:31:45.080
guess that if you hack into 1,400 different websites and deface them,

00:31:45.080 --> 00:31:50.200
it’s probably not all for political reasons. There were some wide nets that TeaMp0isoN would

00:31:50.200 --> 00:31:55.280
cast sometimes just to see if any of the websites on the internet were vulnerable to something. So,

00:31:55.280 --> 00:32:00.080
if they had a hit, they’d get in there and deface the front page, showing TeaMp0isoN was here,

00:32:00.080 --> 00:32:05.840
because the websites they got into were all over the place; DVD review sites, backpacking sites,

00:32:05.840 --> 00:32:11.420
antiques, Teddy Nation, poker review sites, catering sites, and so many more random sites.

00:32:11.420 --> 00:32:16.520
MLT: All of the Zone-H reports that are just like kinda random sites, that was

00:32:16.520 --> 00:32:23.080
before TeaMp0isoN came into the public limelight. So, most of the hacks we did after that point,

00:32:23.080 --> 00:32:28.600
we didn’t even bother to submit to Zone-H, but that’s when we specifically began to go after

00:32:28.600 --> 00:32:34.040
a target that we would choose between the team rather than just any random website.

00:32:34.040 --> 00:32:38.840
JACK: MLT says he wasn’t involved with these hacks because that was before TeaMp0isoN was

00:32:38.840 --> 00:32:45.631
formed. But now that TeaMp0isoN is here, he’s definitely involved now in a big way.

00:32:45.631 --> 00:32:52.680
MLT: For some of it, I was above and personally – UK Ministry of Defense, quite a few US

00:32:52.680 --> 00:33:00.400
government websites, every Australian government website, which was quite an interesting story,

00:33:00.400 --> 00:33:08.080
but that gave us access to hundreds of .gov, .au sites. Efnet was one of the last hacks I

00:33:08.080 --> 00:33:15.320
pulled off before I quit TeaMp0isoN. Probably one of the most difficult ones was when we

00:33:15.320 --> 00:33:21.240
gained access to F-Secure through about – a grand total of three minutes, maybe.

00:33:21.240 --> 00:33:29.520
JACK: Yeah, and what kept you doing it? Was it just a sense of friends hanging out or was

00:33:29.520 --> 00:33:34.200
there – what did you feel? You said it’s not really politically motivated, but did you feel

00:33:34.200 --> 00:33:38.240
that there was some sort of social justice that you wanted to make right in the world?

00:33:38.240 --> 00:33:43.400
MLT: It was honestly never really about that, for me. It’s just,

00:33:43.400 --> 00:33:48.520
I realized I was surrounded by people who knew more than me and I just wanted the opportunity

00:33:48.520 --> 00:33:53.500
to learn. It was probably a stupid idea because of all the repercussions it’s caused.

00:33:53.500 --> 00:33:58.600
JACK: Okay, but there’s a lot of work here. I don’t know, it just – that doesn’t – it’s not

00:33:58.600 --> 00:34:04.120
sitting right with me that that’s all you were there for, is just because oh, I want to learn

00:34:04.120 --> 00:34:09.120
more. I don’t mind breaking some laws. I don’t mind stealing a hundred thousand dollars from

00:34:09.120 --> 00:34:16.120
P. Diddy. I just want to learn. Like, it seems like a – there’s something more to it to me.

00:34:16.120 --> 00:34:21.520
MLT: Honestly, I don’t know what else to say other that I was just a dumb

00:34:21.520 --> 00:34:29.720
teenager at the time. I was curious more than anything. If I was ever in it for the money,

00:34:29.720 --> 00:34:33.020
I’m sure I could have definitely made some money.

00:34:33.020 --> 00:34:37.600
JACK: Well yeah, why didn’t you decide to do that?

00:34:37.600 --> 00:34:44.560
MLT: I feel like if I was black hat now rather than back then, then I would be

00:34:44.560 --> 00:34:52.580
deciding to do that, [MUSIC] but back then, it never really crossed my mind, probably.

00:34:52.580 --> 00:34:57.360
JACK: After talking with him a little more, I came to the conclusion that

00:34:57.360 --> 00:35:02.120
MLT did all this with TeaMp0isoN partly because he was a rebellious teenager,

00:35:02.120 --> 00:35:06.720
partly because he was curious, partly because he wanted to learn more,

00:35:06.720 --> 00:35:11.360
partly because these were his friends and he had been through a lot with them, and partly

00:35:11.360 --> 00:35:16.080
because it was an absolute adrenaline rush when you hack into something.

00:35:16.080 --> 00:35:22.200
MLT: I mean, I feel like that was also a big part of it, the adrenaline rush, ‘cause when you pop

00:35:22.200 --> 00:35:27.920
a shell on a government server, it’s just like, the rush you get is kind of addictive, in a way.

00:35:27.920 --> 00:35:31.200
JACK: Did TeaMp0isoN make money from any of this stuff?

00:35:31.200 --> 00:35:39.000
MLT: I know that I made no money personally and neither did TriCk. I’m not sure about

00:35:39.000 --> 00:35:47.500
Hex or Insane, but if he did make money, it was definitely not due to anything that I carried out.

00:35:47.500 --> 00:35:54.040
JACK: Was there anything that anyone did that you were like whoa, that’s too much,

00:35:54.040 --> 00:35:56.800
that’s going too far, I’m not feeling comfortable with that?

00:35:56.800 --> 00:36:02.700
MLT: That’s exactly how I felt when TriCk did the stuff at the anti-terror hotline.

00:36:02.700 --> 00:36:06.840
JACK: The Anti-Terrorist Hotline was set up by the UK government. It was

00:36:06.840 --> 00:36:09.260
set up for citizens to report suspected terrorism.

00:36:09.260 --> 00:36:12.800
HOST5: The Anti-Terrorist Hotline is confidential. It’s there just in

00:36:12.800 --> 00:36:16.600
case you see anything unusual. If you suspect it, report it.

00:36:16.600 --> 00:36:19.540
JACK: This was what TriCk wanted to attack.

00:36:19.540 --> 00:36:27.520
MLT: He compromised a PBX server that was based in the Philippines, and then he wrote a script

00:36:27.520 --> 00:36:38.440
using Asterisk, which spoofed caller IDs in a loop and randomly generated the caller IDs. So,

00:36:38.440 --> 00:36:43.840
essentially, they were just getting a call from a different phone number every second. So,

00:36:43.840 --> 00:36:48.680
no matter how many times they block the numbers, it – just continue calling. What

00:36:48.680 --> 00:36:54.720
didn’t sit well with me is the fact that it’s a denial-of-service against the anti-terror hotline.

00:36:54.720 --> 00:36:59.200
JACK: TriCk had been doing this out of protest. He wasn’t happy with how a few

00:36:59.200 --> 00:37:04.280
suspected terrorists who were Muslim were being treated. He wanted to do something about it,

00:37:04.280 --> 00:37:09.027
and he thought hitting the Anti-Terrorist Hotline was doing something about it.

00:37:09.027 --> 00:37:13.720
MLT: [MUSIC] When this actually happened, my first hearing of it,

00:37:13.720 --> 00:37:22.320
I was actually on vacation in Cyprus at the time. I was sitting in a bar and suddenly

00:37:22.320 --> 00:37:27.640
the news comes on, and it’s talking about TeaMp0isoN and the anti-terror hotline.

00:37:27.640 --> 00:37:31.080
I literally had no knowledge about the situation up until that point.

00:37:31.080 --> 00:37:34.960
HOST6: The details of these attacks usually take time to emerge, but in this case,

00:37:34.960 --> 00:37:39.560
they came in under twenty-four hours. Now, TeaMp0isoN is an anarchist,

00:37:39.560 --> 00:37:44.360
hacktivist group, and it began by jamming the UK’s counter-terrorism hotline with

00:37:44.360 --> 00:37:49.680
hundreds of computer-generated calls in what’s known as a denial-of-service attack. These

00:37:49.680 --> 00:37:54.440
have been seen lately crashing websites like the Home Office last weekend. Now,

00:37:54.440 --> 00:37:59.800
TeaMp0isoN was protesting over the extradition of alleged terror suspects from Britain to the

00:37:59.800 --> 00:38:06.160
US. The group then called the terror hotline to explain its actions and to mock officers,

00:38:06.160 --> 00:38:11.440
and who – the officers then warned them that they would be traced and reported to the FBI.

00:38:11.440 --> 00:38:16.000
MLT: Yeah, it’s pretty much panic by that point, ‘cause I mean,

00:38:16.000 --> 00:38:19.860
it was pretty obvious that that was going to be the final straw.

00:38:19.860 --> 00:38:21.360
JACK: Why?

00:38:21.360 --> 00:38:27.360
MLT: Well, I mean, it’s already been causing a bunch of problems for law enforcement,

00:38:27.360 --> 00:38:34.320
and then TriCk decides to go and attack the Met Police, out of all people.

00:38:34.320 --> 00:38:38.680
JACK: Yeah, but I mean, you’ve already – he’s already attacked Tony Blair and so,

00:38:38.680 --> 00:38:42.780
if you’re gonna get the prime minister, that’s gonna attract…

00:38:42.780 --> 00:38:48.960
MLT: Yeah, but I’m – I feel like the main difference between most of attacks though is

00:38:48.960 --> 00:38:56.520
that the reasoning for attacking the anti-terror hotline was basically in support of terrorism.

00:38:56.520 --> 00:38:58.640
JACK: What do you mean?

00:38:58.640 --> 00:39:03.680
MLT: Like, back then, he was complaining about terror suspects being extradited,

00:39:03.680 --> 00:39:09.600
or if you looked into the cases of who he was complaining about, it was like,

00:39:09.600 --> 00:39:16.640
one of them was bin Laden’s right-hand man, for example. It’s hardly like they were

00:39:16.640 --> 00:39:22.160
innocent people that he was protesting about. I told him at the time you’ve gone too far,

00:39:22.160 --> 00:39:31.640
and then I think it was maybe one day before I returned from Cyprus, there was a BBC article

00:39:31.640 --> 00:39:40.120
stating that a seventeen-year old TeaMp0isoN member had been arrested. There was only two

00:39:40.120 --> 00:39:45.680
members of TeaMp0isoN in the UK, both of who were seventeen, and he was one of them and

00:39:45.680 --> 00:39:54.000
I was the other. Obviously I knew I hadn’t been arrested, so I just assumed it must have been him.

00:39:54.000 --> 00:39:58.320
JACK: Right. So, what did you feel when you read that?

00:39:58.320 --> 00:40:01.940
MLT: I was pretty paranoid, panicking.

00:40:01.940 --> 00:40:05.280
JACK: You were in Cyprus with your parents?

00:40:05.280 --> 00:40:08.120
MLT: Yeah, yeah. I was at the time.

00:40:08.120 --> 00:40:12.320
JACK: Did they notice you being paranoid and panicking?

00:40:12.320 --> 00:40:20.040
MLT: Not that I’m aware of. In hindsight though, I think him getting arrested first

00:40:20.040 --> 00:40:26.360
was probably very beneficial for me because it gave me a chance to cover my tracks, at least.

00:40:26.360 --> 00:40:32.480
JACK: MLT starts going through the process of wiping his computer and phone, and not only

00:40:32.480 --> 00:40:36.960
was he wiping that, but he was also getting into any servers that he had access to, and there were

00:40:36.960 --> 00:40:41.760
a bunch that hosted various malware and phishing sites and stuff. He was getting into all those and

00:40:41.760 --> 00:40:47.880
destroying them, running tools like DBAN, making whatever data that was on there gone forever. He

00:40:47.880 --> 00:40:53.560
had his laptop with him, so that was easy to wipe, but his computer at home posed another challenge.

00:40:53.560 --> 00:40:57.280
MLT: I had a friend who had the key to my house at home at the time,

00:40:57.280 --> 00:41:04.200
‘cause he was feeding my cat, so I told him to install Darik’s Boot and Nuke onto

00:41:04.200 --> 00:41:10.260
a CD disc, and then got him to just wipe everything off my own computer as well.

00:41:10.260 --> 00:41:12.200
JACK: He had a suspicion that as soon as

00:41:12.200 --> 00:41:16.720
he gets home, he’ll be arrested. [MUSIC] Cyprus is an island in the Mediterranean

00:41:16.720 --> 00:41:23.280
Sea, and from the island, MLT could see Turkey just to the north, and the thought crossed

00:41:23.280 --> 00:41:30.640
his mind a few times that maybe he should just escape to Turkey and start a new life on the run.

00:41:30.640 --> 00:41:34.260
MLT: Yeah, I went home instead and faced the consequences.

00:41:34.260 --> 00:41:41.120
JACK: He went back home to the UK, half-expecting to be arrested at the airport, but nothing. He

00:41:41.120 --> 00:41:48.040
goes home, expecting the police to be there, but nothing. He spends a quiet night at home, erasing

00:41:48.040 --> 00:41:53.340
any last bits of evidence he could. It wasn’t until a few days later that the police came.

00:41:53.340 --> 00:41:56.080
MLT: It was pretty late at night, which was surprising,

00:41:56.080 --> 00:42:01.160
‘cause usually it’s early in the morning. Yeah, I was just lying in bed,

00:42:01.160 --> 00:42:05.440
pretty much drifting off, getting ready to fall asleep, and then all of a sudden,

00:42:05.440 --> 00:42:10.120
maybe fifteen plain-clothed officers come running into my bedroom.

00:42:10.120 --> 00:42:12.920
JACK: How’d they get in the house?

00:42:12.920 --> 00:42:15.226
MLT: Kicked the door down.

00:42:15.226 --> 00:42:18.200
JACK: [MUSIC] They rush into his room. He stands up to take a look at them;

00:42:18.200 --> 00:42:21.960
they grab him and push him against the wall and put his arms around his back and handcuff

00:42:21.960 --> 00:42:25.840
him. They confiscate all his computers in his home and take him down to the police

00:42:25.840 --> 00:42:30.420
station. They keep him in a holding cell for three days while they question him.

00:42:30.420 --> 00:42:35.680
MLT: Every thirty minutes they’d loudly bang on the door of my cell,

00:42:35.680 --> 00:42:40.280
throughout the entire night, and then each morning I’d have to do an interview. But

00:42:40.280 --> 00:42:44.980
obviously I’d be completely exhausted because they’ve intentionally kept me awake all night.

00:42:44.980 --> 00:42:48.320
JACK: While the police didn’t tell him how they found him,

00:42:48.320 --> 00:42:52.400
he had a lot of time to think about what were the possible ways they caught him.

00:42:52.400 --> 00:43:00.960
MLT: I’ve got a few different theories as to that, and the first being that when TriCk taught at MI6,

00:43:00.960 --> 00:43:05.920
a lot of sketchy things started happening there as if we were being hit with a private exploit

00:43:05.920 --> 00:43:13.800
or something. Or if it wasn’t that, then something else I became aware of is when

00:43:13.800 --> 00:43:21.200
they actually arrested TriCk, his computer was still switched on and his IRC client was open,

00:43:21.200 --> 00:43:27.720
and he was in the middle of a conversation with me where I was pasting him vulnerabilities and

00:43:27.720 --> 00:43:34.360
database information from the European Union port systems without realizing

00:43:34.360 --> 00:43:38.360
that there was a police officer stood right behind him at the time.

00:43:38.360 --> 00:43:43.200
JACK: They scheduled his court case for a few months out and let him go back home. TriCk was the

00:43:43.200 --> 00:43:49.320
first to have to go to court. TriCk’s real name is Junaid Hussain. Even though he was arrested

00:43:49.320 --> 00:43:53.720
when he was seventeen, they were trying him as an adult, and they were specifically upset with

00:43:53.720 --> 00:43:58.720
him for attacking the Anti-Terrorist Hotline. He pleaded guilty to it and they sentenced him

00:43:58.720 --> 00:44:06.320
to six months in prison for violating the Computer Misuse Act. MLT’s court case came after that, and

00:44:06.320 --> 00:44:11.120
he was still only seventeen when he went before the court, so they tried him as a minor. On top

00:44:11.120 --> 00:44:16.680
of that, they thought TriCk was the main person, so MLT should get less of a punishment than TriCk,

00:44:16.680 --> 00:44:21.920
right? As you may remember, MLT wasn’t even part of the Anti-Terrorist Hotline attack,

00:44:21.920 --> 00:44:26.160
so they didn’t charge him for that at all. Instead, they brought up his hacks that he

00:44:26.160 --> 00:44:32.800
did on the European court systems and some other targets. He pled guilty to that and they sentenced

00:44:32.800 --> 00:44:39.520
MLT to two years supervised release. That is, no prison time for him. It’s just kind of like

00:44:39.520 --> 00:44:44.920
two years of probation. TriCk was sentenced to six months in prison, but after serving a

00:44:44.920 --> 00:44:50.680
month and a half, they let him go. [MUSIC] When he came out of prison, MLT said TriCk changed.

00:44:50.680 --> 00:44:56.800
MLT: Yeah, definitely. He was – I mean, he was always maybe mildly extreme,

00:44:56.800 --> 00:45:01.820
but ever since getting out, it was like, just totally different.

00:45:01.820 --> 00:45:05.920
JACK: Yeah, and how was it different? What was he doing differently?

00:45:05.920 --> 00:45:11.360
MLT: Well, I mean, in the past he would always talk about hacktivism as a means

00:45:11.360 --> 00:45:17.120
of getting his political message across, but when he got out of prison, he was talking a

00:45:17.120 --> 00:45:24.680
lot more about direct action, saying people needed to die and kinds of things like that.

00:45:24.680 --> 00:45:28.240
JACK: What kind of people was he saying needed to die?

00:45:28.240 --> 00:45:34.120
MLT: Pretty much anyone who was a non-believer, which was kind of funny

00:45:34.120 --> 00:45:40.530
because he was chatting with me at the same time as if nothing was out of the ordinary.

00:45:40.530 --> 00:45:47.360
JACK: That is, TriCk was becoming aggressive to anyone who wasn’t Muslim. After prison,

00:45:47.360 --> 00:45:53.160
TriCk went back home to Birmingham, UK, and I believe that’s where he married his

00:45:53.160 --> 00:45:59.400
long-time girlfriend Sally Jones. Now, Sally was born in the UK and was raised Catholic,

00:45:59.400 --> 00:46:04.480
but she left the Catholic church as a teenager and joined an all-girl punk rock band. When the

00:46:04.480 --> 00:46:10.160
Iraq war took place, she sympathized with Muslims and became Muslim herself. Sally

00:46:10.160 --> 00:46:14.360
spent a lot of time online too, hanging out in chat rooms and being active on Twitter.

00:46:14.360 --> 00:46:21.120
MLT: Yeah, I’m pretty sure that her and TriCk met over Twitter,

00:46:21.120 --> 00:46:23.760
like, back when TeaMp0isoN was active.

00:46:23.760 --> 00:46:28.600
JACK: Sally and TriCk started chatting privately and getting to know each other. She would even

00:46:28.600 --> 00:46:32.780
join the TeaMp0isoN chat room sometimes and hang out with MLT and other members.

00:46:32.780 --> 00:46:38.360
MLT: Honestly, back when I used to talk to her, she was just relatively normal. Just a typical,

00:46:38.360 --> 00:46:41.600
normal person until she met TriCk. She was kinda like

00:46:41.600 --> 00:46:46.386
one of TriCk’s groupies. She just seemed kind of obsessed with him.

00:46:46.386 --> 00:46:51.600
JACK: [MUSIC] They really hit it off. Sally liked the rebel in TriCk. TriCk liked the Muslim in her,

00:46:51.600 --> 00:46:57.120
but there was an age difference. TriCk was eighteen and Sally was forty-four,

00:46:57.120 --> 00:47:02.680
more than twice his age. She had a few children too, and I believe her older son was just one year

00:47:02.680 --> 00:47:09.760
younger than TriCk. But she ultimately left her boyfriend to be with TriCk, AKA Junaid Hussain.

00:47:09.760 --> 00:47:15.720
After Junaid got out of prison, they decided to get married. But Junaid was different now.

00:47:15.720 --> 00:47:21.160
Junaid had become more radicalized while in prison, and after being out for a few months,

00:47:21.160 --> 00:47:26.840
he got into some trouble. He got into a fight with a police officer and was arrested again. They let

00:47:26.840 --> 00:47:32.920
him go and gave him a court date, but Junaid never planned on making a court appearance. Instead,

00:47:32.920 --> 00:47:39.040
he decided to move to Syria. He went alone, flying to Turkey, and then crossing over the border to

00:47:39.040 --> 00:47:46.080
Syria. Later, Sally Jones decided to go to Syria, too. She took her nine-year-old son, little Jojo

00:47:46.080 --> 00:47:53.480
from a previous relationship, with her. Together, she flew to Syria and reunited with Junaid.

00:47:53.480 --> 00:48:00.200
MLT: He would attempt to message me regularly, but I’d try and avoid any communications with him.

00:48:00.200 --> 00:48:08.400
Like, for one example, the first time he messaged me from Syria was – he linked me to a website;

00:48:08.400 --> 00:48:15.120
Raqqa Is Being Slaughtered Silently. Basically what he asked was if I was capable of hacking

00:48:15.120 --> 00:48:19.160
that website, finding out who was running it, and then passing back information onto

00:48:19.160 --> 00:48:25.640
ISIS. [MUSIC] He was also messaging me asking if I can get credit cards for ISIS to use.

00:48:25.640 --> 00:48:32.520
JACK: Yeah, Junaid Hussain had joined ISIS, a terrorist organization. ISIS loved him;

00:48:32.520 --> 00:48:37.320
he was particularly helpful at setting up computers and their online presence. He started

00:48:37.320 --> 00:48:42.180
a new hacker group called the Cyber Caliphate to carry out cyber attacks on behalf of ISIS.

00:48:42.180 --> 00:48:45.880
MLT: I know he hacked the International Business

00:48:45.880 --> 00:48:53.880
Times. He temporarily hacked the BBC, although he lost access very fast.

00:48:53.880 --> 00:48:58.240
JACK: Junaid quickly rose to be one of ISIS’ most prominent and influential English-speaking

00:48:58.240 --> 00:49:02.560
members, letting him run the English Twitter account and write articles. In fact, Junaid

00:49:02.560 --> 00:49:07.040
became one of the best international recruiters for ISIS, because he was able to connect with

00:49:07.040 --> 00:49:11.840
English-speaking teens over social media and online in ways that other ISIS members just

00:49:11.840 --> 00:49:17.280
couldn’t do. But it’s not like you could just go to Syria and join ISIS. There’s a rigorous

00:49:17.280 --> 00:49:23.320
recruitment process to prove you’re worthy. You have to change your name and become a citizen and

00:49:23.320 --> 00:49:29.000
have someone vouch for you, and you might even be told to kill someone, like a captured prisoner or

00:49:29.000 --> 00:49:36.560
something. Junaid changed his name to Abu Hussain al-Britani. Sally Jones changed her name to Umm

00:49:36.560 --> 00:49:42.560
Hussain al-Britani. Sally even began training her ten-year-old son to be part of ISIS, pushing him

00:49:42.560 --> 00:49:48.960
to become a child soldier. At one point, Junaid got on a video call with MLT and a few others.

00:49:48.960 --> 00:49:53.860
Junaid was holding up an AK-47 rifle in his hands and was waving it around, showing them.

00:49:53.860 --> 00:49:56.480
MLT: At first, nobody took him seriously. Everyone

00:49:56.480 --> 00:50:02.240
was saying it was an Airsoft rifle. Then he made it pretty clear that it

00:50:02.240 --> 00:50:10.220
wasn’t by showing everyone the magazine and the ammo for it and all that stuff.

00:50:10.220 --> 00:50:16.720
JACK: This didn’t sit well with MLT. What his old buddy TriCk was doing was wrong,

00:50:16.720 --> 00:50:19.760
and MLT wanted nothing to do with this.

00:50:19.760 --> 00:50:26.040
MLT: I was definitely against it. As soon as he told me the kind of things

00:50:26.040 --> 00:50:30.860
he was actually doing, I just tried to cut off contact as much as possible.

00:50:30.860 --> 00:50:37.640
JACK: Junaid would message him sometimes, but MLT just stopped responding altogether.

00:50:37.640 --> 00:50:41.840
As Junaid’s prominence and power rose within the ranks of ISIS,

00:50:41.840 --> 00:50:46.440
it also meant that he became a bigger target for US forces who were actively at

00:50:46.440 --> 00:50:51.000
war with ISIS. It became pretty clear that Junaid was a powerful recruiter for ISIS,

00:50:51.000 --> 00:50:55.680
and they wanted to stop him. The Sunday Times listed Junaid as the third ISIL target on the

00:50:55.680 --> 00:51:02.520
Pentagon’s kill list. I’ve got to say, it’s not easy to get on Central Command’s kill list,

00:51:02.520 --> 00:51:08.360
especially ranked Number 3. Just hacking stuff does not warrant that kind of attention. Look at

00:51:08.360 --> 00:51:12.600
all the hacks that have happened over the years, and while there’s an FBI’s Most Wanted list,

00:51:12.600 --> 00:51:17.280
none of the people on that list appear on CENTCOM’s kill list. What Junaid did was

00:51:17.280 --> 00:51:23.600
far more sinister than just hacking places. Junaid was not only a recruiter for ISIS, but he was also

00:51:23.600 --> 00:51:29.240
in communication with a lot of foreign members, instructing them to commit acts of violence. He

00:51:29.240 --> 00:51:34.560
would private message people on Twitter and then take that to more secure messaging platforms and

00:51:34.560 --> 00:51:40.120
begin feeding people information, such as what targets to attack, how to make bombs,

00:51:40.120 --> 00:51:45.980
how to use weapons, and how to make money. A few attacks that took place were linked to Junaid.

00:51:45.980 --> 00:51:51.360
HOST7: Hussain is accused of being linked to the shooting attack in Garland, Texas in May,

00:51:51.360 --> 00:51:56.480
where contest participants were asked to draw the prophet Muhammad. Investigators

00:51:56.480 --> 00:52:03.320
believe Hussain was messaging one of the gunmen to radicalize him and urge him to launch an attack,

00:52:03.320 --> 00:52:09.480
making it potentially the first ISIS-directed attack in the US.

00:52:09.480 --> 00:52:14.040
JACK: Not only that, but his wife, Sally Jones, was doing the same thing. Often,

00:52:14.040 --> 00:52:19.040
she would take over in the private messaging and offer to send new recruits manuals or books that

00:52:19.040 --> 00:52:23.080
would make someone more radicalized. Then she’d follow up and ask them, what kind of attack do

00:52:23.080 --> 00:52:29.120
you want to do? Then provide more help for them to carry it out. So, Junaid Hussain continued to

00:52:29.120 --> 00:52:35.200
help people conduct acts of terror. This is what drew the attention of the US military. Hacking is

00:52:35.200 --> 00:52:40.360
one thing, but urging people to commit acts of violence and helping them do it is an entirely

00:52:40.360 --> 00:52:47.240
different thing. Because he was an ISIS member, it meant he became the target of the US military,

00:52:47.240 --> 00:52:52.720
which is how he became Number 3 on CENTCOM’s kill list. When you get on their kill list,

00:52:52.720 --> 00:52:58.280
there’s only one way off. The only problem was they didn’t exactly know where he was.

00:52:58.280 --> 00:53:06.560
MLT: The rumor regarding that that I heard is that someone tricked him into downloading a malicious

00:53:06.560 --> 00:53:13.400
APK file onto his Android phone, and then they managed to get the geolocation from there.

00:53:13.400 --> 00:53:18.880
[MUSIC] I’m not 100% sure if that story’s true; it’s just what I’ve been told from a few people.

00:53:18.880 --> 00:53:24.120
JACK: I’m not sure how they got his location, either. However, once the US forces did learn the

00:53:24.120 --> 00:53:29.800
exact location of where Junaid Hussain was, they sent out an attack drone to fly over. They got

00:53:29.800 --> 00:53:35.880
a fix on his location and fired a rocket towards the location, and it hit a structure and exploded,

00:53:35.880 --> 00:53:42.720
killing three people, and none of those people were Junaid Hussain. They were just three regular

00:53:42.720 --> 00:53:52.080
Syrian civilians. Junaid knew the US was out to get him, so him and Sally reportedly always

00:53:52.080 --> 00:53:59.520
kept their ten-year-old son close by, to shield them from drone strikes. This seemed to work;

00:53:59.520 --> 00:54:05.720
drones did not attack while the boy was with them. But a few weeks go by,

00:54:05.720 --> 00:54:12.120
and Junaid went on a drive without the ten-year-old boy to a gas station. US

00:54:12.120 --> 00:54:17.760
forces got intel of his location and ordered another drone strike. The drone flew in fast;

00:54:17.760 --> 00:54:22.000
it was too quiet to hear it coming and it was too fast to find cover, and it fired a

00:54:22.000 --> 00:54:34.120
missile directly towards Junaid Hussain. Junaid Hussain was killed on August 25, 2015. He was

00:54:34.120 --> 00:54:41.820
twenty-one years old. To date, he’s the only known hacker to ever be killed by a US drone strike.

00:54:41.820 --> 00:54:47.600
HOST8: US spy drones followed and tracked notorious British-born ISIS hacker Junaid

00:54:47.600 --> 00:54:52.680
Hussain for days in the middle of heavily populated Raqqa, Syria,

00:54:52.680 --> 00:54:59.000
before finally launching the Hellfire missile off a drone to kill him as he stood in the street

00:54:59.000 --> 00:55:06.320
Monday. The US had to be sure it was him and to fire at him when civilians were not nearby.

00:55:06.320 --> 00:55:12.640
MLT: I feel like I’d be lying if I said that I felt sympathy for him. Obviously he was a friend

00:55:12.640 --> 00:55:20.140
at one point, but considering what he’s done since then, it’s hard to feel bad for him at all.

00:55:20.140 --> 00:55:24.200
JACK: What happened to Sally Jones, you might wonder. Well, she stayed in Syria

00:55:24.200 --> 00:55:28.920
and continued to train her boy to be a child soldier for ISIS. There’s even a video of a

00:55:28.920 --> 00:55:32.720
few kids killing some Kurdish soldiers, shooting them in the back of the head,

00:55:32.720 --> 00:55:38.240
and one of the kids looks like Sally Jones’ twelve-year-old son, Jojo. Sally denied it

00:55:38.240 --> 00:55:44.920
was her son in the video, though. Two years after Junaid’s death, we hear this on the nightly news.

00:55:44.920 --> 00:55:47.280
HOST9: News of a developing story here in the UK;

00:55:47.280 --> 00:55:52.040
we’re hearing from the government. They have confirmed to the BBC that a notorious

00:55:52.040 --> 00:55:59.500
female British Jihadist was actually killed in a drone strike in Syria. This is Sally Ann Jones.

00:55:59.500 --> 00:56:03.920
JACK: The report also said that her twelve-year-old son was killed in the drone

00:56:03.920 --> 00:56:09.000
strike, too. The details of this aren’t clear, because I’m not sure if the strike was intended

00:56:09.000 --> 00:56:14.360
for her or if she was just in a building that was hit with incoming shells. If it was a drone strike

00:56:14.360 --> 00:56:19.480
just for her, it would mean she’s the first woman ISIS member to be targeted by a drone like that,

00:56:19.480 --> 00:56:24.480
but it would also be questionable legally to attack a woman and a twelve-year-old boy who

00:56:24.480 --> 00:56:32.360
weren’t active combatants within ISIS. MLT was able to finish his supervised release

00:56:32.360 --> 00:56:38.260
without getting into any more trouble. Still, since his arrest, MLT has kept a clean record.

00:56:38.260 --> 00:56:42.920
MLT: For the last five years or so, I was doing a lot of bug bounty hunting,

00:56:42.920 --> 00:56:49.240
and I was pretty active on most of the major platforms. But I’ve kinda shifted my focus

00:56:49.240 --> 00:56:58.080
recently to zero-day exploit development. So like, I’ll just be ordered in say whether occasional

00:56:58.080 --> 00:57:04.920
– some IoT device for vulnerabilities, and then crafting an exploit based on that and selling it.

00:57:04.920 --> 00:57:09.120
JACK: Whoa, selling zero-days is a heavy thing to be involved with. I’ve done a few

00:57:09.120 --> 00:57:13.760
episodes on this alone. Basically, he’ll look at certain applications or devices to try to find

00:57:13.760 --> 00:57:18.600
vulnerabilities in them, but instead of telling the maker of the product about it, he’ll sell

00:57:18.600 --> 00:57:24.280
those to someone else, specifically Zerodium or Trend Micro’s Zero-Day Initiative. Now,

00:57:24.280 --> 00:57:29.520
these two companies will verify that this is an actual unpatched vulnerability and pay people who

00:57:29.520 --> 00:57:35.160
bring it to them. But they both do two totally different things with the exploits they get.

00:57:35.160 --> 00:57:42.280
Zerodium pays more, much more, but they’ll take the exploit and sell it to government entities

00:57:42.280 --> 00:57:48.480
who will use the exploit as a weapon to attack. You really don’t know what governments Zerodium is

00:57:48.480 --> 00:57:55.080
selling their exploits to. Trend Micro’s Zero-Day Initiative doesn’t pay as much but will take the

00:57:55.080 --> 00:58:00.600
exploit and develop anti-virus signatures for it and report it to the software maker so it can

00:58:00.600 --> 00:58:07.600
be fixed. Both of these are legal for someone to report bugs to, but MLT rather report bugs to the

00:58:07.600 --> 00:58:12.820
people who will work to get the vulnerabilities fixed, instead of using his exploits as weapons.

00:58:12.820 --> 00:58:17.940
MLT: Yeah, I’d rather just stick with lower payouts and have a clear conscience.

00:58:17.940 --> 00:58:20.880
JACK: That’s a tough decision though, isn’t it?

00:58:20.880 --> 00:58:22.520
MLT: Oh yeah, definitely.

00:58:22.520 --> 00:58:24.720
JACK: How hard is it for you to say well,

00:58:24.720 --> 00:58:30.320
I could make much more from this, but I;m gonna do the right thing?

00:58:30.320 --> 00:58:32.620
MLT: It’s sometimes a struggle.

00:58:32.620 --> 00:58:37.680
JACK: MLT has taken his interest in all this and recently started a new hacking

00:58:37.680 --> 00:58:44.240
group called 0xffff. The big difference with this group is that it’s legal. They develop

00:58:44.240 --> 00:58:50.120
zero-day vulnerabilities and sell them legally and ethically. They do bug bounty hunting and

00:58:50.120 --> 00:58:54.240
more. You can see what the group is up to by going to https://blog.0xffff.info/.

00:58:54.240 --> 00:59:07.040
(OUTRO): [OUTRO MUSIC] A big thank you to MLT for sharing this incredible story with us. I’ve

00:59:07.040 --> 00:59:10.840
been meaning to do a story on Junaid Hussain for years because it’s one of the most insane

00:59:10.840 --> 00:59:14.400
stories I’ve ever heard, but couldn’t tell it unless I had someone who was personally

00:59:14.400 --> 00:59:19.440
involved with him to tell the story, and I can’t think of anyone better to tell the story than MLT,

00:59:19.440 --> 00:59:25.760
so thanks for sharing this. Hey, you’re invited to the Darknet Diaries Discord. This is my

00:59:25.760 --> 00:59:30.000
favorite chat room on the entire internet and it’s where fans of the show hang out

00:59:30.000 --> 00:59:35.280
and ask questions and post funny memes. Come hang out with us. I want you there. To join,

00:59:35.280 --> 00:59:41.760
just go to discord.gg/darknetdiaries. This show is made by me, the crouching kitten,

00:59:41.760 --> 00:59:46.240
Jack Rhysider. Sound design by the hidden hawk, Andrew Meriwether, and our theme music is by

00:59:46.240 --> 00:59:51.280
the buzzing Breakmaster Cylinder. I went to a wedding the other day; both the bride and groom

00:59:51.280 --> 01:00:07.640
are Wi-Fi technicians and oh, let me tell you, the reception was great. This is Darknet Diaries.