You could buy literally whatever else you wanted.
You could host things, drugs.
You could buy heroin right from Afghanistan,
the good stuff.
Hacking tools, you could hack for hire.
You could buy murders for hire.
The following is a conversation with Chris Tarbell,
a former FBI special agent and cyber crime specialist
who tracked down and arrested Russ Albrecht,
the leader of Silk Road, the billion dollar drug marketplace.
And he tracked down and arrested Hector Masagur,
AKA Sabu, of Lulsec and Anonymous,
which are some of the most influential hacker groups
in history.
He is co-founder of NACSO,
a complex cyber crime investigation firm
and is a co-host of a podcast called The Hacker and the Fed.
This conversation gives the perspective
of the FBI cyber crime investigator,
both the technical and the human story.
I would also like to interview people on the other side,
the cyber criminals who have been caught,
and perhaps the cyber criminals who have not been caught
and are still out there.
This is Alex Friedman podcast.
To support it, please check out our sponsors
in the description.
And now, dear friends, here's Chris Tarbell.
You are one of the most successful
cybersecurity law enforcement agents of all time.
You tracked and brought down Russ Albrecht,
AKA Dread Pirate Roberts, who ran Silk Road,
and Sabu of Lulsec and Anonymous,
who was one of the most influential hackers in the world.
So first, can you tell me the story
of tracking down Russ Albrecht and Silk Road?
Let's start from the very beginning.
And maybe let's start by explaining
what is the Silk Road?
It was really the first dark market website.
You literally could buy anything there.
Well, I'll take that back.
There's two things you couldn't buy there.
You couldn't buy guns because that was a different website.
And you couldn't buy fake degrees.
So no one could become a doctor,
but you could buy literally whatever else you wanted.
You could roast things, drugs.
You could buy heroin right from Afghanistan,
the good stuff.
Hacking tools, you could hack for hire.
You could buy murders for hire if you wanted someone killed.
Now, so when I was an FBI agent,
I had to kind of sell some of these cases.
And this was a big drug case.
That's the way people saw Silk Road.
So internally to the FBI, how I had to sell it,
I had to find the worst thing on there
that I could possibly find.
And I think one time I saw a posting for baby parts.
So let's say that you had a young child
and that needed a liver.
You could literally go on there and ask
for a six-month-old liver if you wanted to.
For surgical operations versus something darker?
Yeah, I'd never saw anything that dark
as far as people wanted to eat body parts.
I did interview a cannibal once when I was in the FBI.
That's another crazy story,
but that would actually weird me out.
So I just watched Jeffrey Dahmer document on Netflix
and it just changed the way I see human beings
because it's a portrayal of a normal-looking person
doing really dark things and doing,
so not out of a place of insanity, seemingly,
but just because he has almost like a fetish
for that kind of thing.
He's disturbing that people like that are out there.
So people like that would then be using silk road,
not like that necessarily,
but people of different walks of life
would be using silk road to primary.
What was the primary thing, drugs?
It was primary drugs.
And that's where it started.
It started off with Ross Ulbrich growing mushrooms
out in the wilderness of California and selling them.
But really his was more of a libertarian viewpoint.
I mean, it was like you choose
what you want to do for yourself and do it.
And the way silk road kind of had the anonymity
is it used what's called Tor, the onion router,
which is an anonymizing function on the deep web.
It was actually invented by the US Navy
back in the mid-90s or so.
But it also used cryptocurrency.
So it was the first time that we saw this birth
on the internet of mixing cryptocurrency
and an IP blocking software.
So in cyber crime, you go after one the IP address
and trace it through the network.
Or two, you go after the cash.
And this one kind of blocked both.
Cash meaning the flow of money, physical or digital.
And then IP is some kind of identifying thing
of the computer.
It's your telephone number on your computer.
So yeah, all computers have a unique four octet numbers.
So 123.123.123.123.
And the computer uses DNS or domain name services
to render that name.
So if you were looking for cnn.com,
your computer then translates that to that IP address
or that telephone number where it can find that information.
Didn't Silk Road used to have guns in the beginning?
Or was that considered to have guns?
Or did it naturally emerge?
And then Arras realized like this is not good.
It went back and forth.
I think there were guns on there.
And he tried to police it.
He told himself that the captain of the boat
so he had to follow his rules.
So I think he would took off those posts eventually
and moved guns elsewhere.
What was the system of censorship that he used
of selecting what is okay and not okay?
I mean-
Him alone, he's the captain of the boat.
Do you know by chance if there was a lot of debates
and criticisms internally amongst the criminals
of what is and isn't allowed?
I mean, it's interesting to see
a totally different moral code emerge
that's outside the legal code of society.
We did get the server and was able to read
all of the chat logs that happened.
I mean, all the records were there.
I don't remember big debates.
I mean, there was a clear leadership.
And that was the final decision.
That was the CEO of Silk Road.
And so primarily it was drugs
and primarily out of an ideology of freedom,
which is if you want to use drugs,
you should be able to use drugs.
You should put in your body what you wanna put in your body.
And when you were presenting a case
of why this should be investigated,
you're trying to find, as you mentioned,
the worst possible things on there
that we were saying.
So we had arrested a guy named Jeremy Hammond
and he hit himself, he was a hacker
and when we arrested him it was the second time
he had been arrested for hacking.
He used Tor.
And so that kind of brought us to a point,
the FBI has a computer system where you look up things,
you look up anything, I could look up your name
or whatever if you're associated with my case.
And we were finding at the time a lot of things in,
you look it up, a case would end and be like,
oh, this is Tor, it just stopped.
Like we couldn't get any further.
So we had just had this bigger rest of Sabu
and took down Anonymous.
And sometimes in the FBI, the way it used
to the old school FBI, when you had a big case
and you're working seven days a week
and 14 hours, 15 hours a day, you sort of take a break.
The boss kind of said, yeah, I'll see you in a few months.
Go get to know your family a little bit and come back.
But the group of guys I was with was like,
let's find the next big challenge.
And that's when we were finding case closed, it was Tor.
Case closed, it was Tor.
So I said, let's take a look at Tor
and let's see what we can do.
Maybe we'll take a different approach.
And Silk Road was being looked at
by other law enforcement,
but it was taking like a drug approach
where I'm going to find a drug buyer
who got drug sent to them in the mail
and let's arrest up, let's go up the chain.
But the buyers didn't know their dealers,
they never met them.
And so you were taking a cybersecurity approach.
Yeah, we were said, let's try to look at this
from a cyber approach and see if we can
gleam anything out of it.
So I'm actually indirectly connected.
Uh-oh.
To, I'm sure I'm not admitting anything
that's not already on my FBI file.
Oh, I can already tell you what you're gonna tell me though.
What's that?
That when you were at college,
you wrote a paper and you're connected
to the person that started.
You son of a bitch.
You clever son of a bitch.
I'm an FBI agent or a former FBI agent.
Well, how would I not have known that?
I could have told you other stuff.
No, that's exactly what you were about to tell me.
I was looking up his name because I forgot it.
So one of my advisors for my PhD was Rachel Greenstatt
and she is married to Roger Dingeldine,
which is the co-founder of The Tor Project.
And I actually reached out to him last night
to do a podcast together.
I don't know.
No, it was a good party trick.
I mean, it was cool that you know this
and the timing of it, it was just like beautiful.
But just to link around the Tor Project.
So we understand, so Tor is this black box
that people disappear in terms of like
the when you were tracking people.
Can you paint a picture of what Tor is used in general?
Other, it's like when you talk about Bitcoin,
for example, cryptocurrency, especially today,
much more people use it for legal activity
versus illegal activity.
What about Tor?
Tor was originally invented by the US Navy
so that like spies inside countries could talk to spies
and no one could find them.
There was no way of tracing them.
And then they released that information free to the world.
So Tor has two different versions of versions,
two different ways it can be utilized.
There's dot onion sites, which is like a normal website,
a dot com, but it's only found within the Tor browser.
You can only get there if you know the whole address
and get there.
The other way Tor is used is to go through the internet
and then come out the other side
if you want a different IP address.
If you're trying to hide your identity.
So if you were doing like, say cyber crime,
I would have the victim computer
and I would trace it back out to a Tor relay.
And then because you don't have an active connection
or what's called a circuit at the time,
I wouldn't be able to trace it back.
But even if you had an active circuit,
I would have to go to each machine physically live
and try to rebuild that, which is literally impossible.
So what do you feel about Tor ethically,
philosophically as a human being on this world
that spent quite a few years of your life
and still trying to protect people?
So part of my time in the FBI
was working on child exploitation,
kitty porn as they call it.
That really changed my life in a way.
And so anything that helps facilitate
the exploitation of children fucking pisses me off.
And that sort of jaded my opinion towards Tor
because that, because it helps facilitate those sites.
So this ideal of freedom that Russell,
Albrecht, for example, tried to embody
is something that you don't connect with anymore
because of what you've seen that ideal being used for.
I mean, the child exploitation is a specific example for,
you know, and it's easy for me to sit here
and say child exploitation, child porn,
because no one listening to this is ever gonna say
that I'm wrong and that we should allow child porn.
Should, because some people utilize it in a bad way,
should it go away?
No, I mean, I'm a technologist.
I want technology to move forward, you know,
people are gonna do bad things
and they're going to use technology
to help them do bad things.
Well, let me ask you then.
Oh, we'll jump around a little bit,
but the things you were able to do
in tracking down information and we'll get to it,
there is some suspicion that this was only possible
with mass surveillance, like with NSA, for example.
First of all, is there any truth to that?
And second of all, what do you feel
are the pros and cons of mass surveillance?
There is no truth to that.
And then my feelings on mass surveillance.
If there was, would you tell me?
Probably not, but.
Yeah.
I love this conversation so much.
But what do you feel about the,
given that you said child porn,
what are the pros and cons of surveillance
at a society level?
I mean, nobody wants to give up their privacy.
I say that, I say no one wants to give up their privacy,
but I mean, I used to have to get a search warrant
to look inside your house.
Or I can just log on to your Facebook
and you've got pictures of all inside your house
and what's going on.
I mean, it's not, you know, so people like the idea
of not giving up their privacy,
but they do it anyways.
They're giving away their freedoms all the time.
They're carrying watches that gives out their heartbeat
to a weight of companies that are storing that.
I mean, what's more personal than your heartbeat?
So I think people on mass really want
to protect their privacy.
And I would say most people don't really need
to protect their privacy.
But the case against mass surveillance
is that if you want to criticize the government
in a very difficult time, you should be able to do it.
So when you need the freedom, you should have it.
So when you wake up one day and realize
there's something going wrong with the country I love,
I want to be able to help.
And one of the great things about the United States of America
is there's that individual revolutionary spirit.
Like so that the government doesn't become too powerful.
You can always protest.
There's always the best of the ideal of freedom of speech.
You can always say, fuck you to the man.
And I think there's a concern of direct or indirect suppression
of that through mass surveillance.
You might not, is that that little subtle fear
that grows with time?
That why bother criticizing the government?
It's going to be a headache.
I'm going to get a ticket every time I say something bad,
that kind of thing.
So it can get out of hand.
The bureaucracy grows and the freedoms slip away.
That's the criticism.
I completely see your point and I agree with it.
But I mean, on the other side, people
criticize the government of the freedoms.
But I mean, tech companies are talking
about destroying your privacy and controlling what you can say.
I realize they're private platforms
and they can decide what's on their platform.
But they're taking away your freedoms of what you can say.
And we've heard some things where maybe government officials
were in line with tech companies to take away
some of that freedom.
I agree with you, that gets scary.
Yeah, there's something about government
that feels maybe because of the history of human civilization,
maybe because tech companies are a new thing,
but just knowing the history of abuses of government.
There's something about government
that enables the corrupting nature of power
to take hold at scale more than tech companies, at least
what we've seen so far.
I agree.
I agree.
But I mean, we haven't had a voice like we've had until recently.
I mean, anyone that has a Twitter account now
can speak and become a news article.
My parents didn't have that voice.
If they wanted to speak out against the government
or do something, they had to go to a protest
or organize a protest or do something along those lines.
So we have more of a place to put our voice out now.
Yeah, it's incredible.
But that's why it hurts.
And that's why you notice it when certain voices get
removed, the president of the United States of America
was removed from one such or all such platforms.
And that hurts.
Yeah, that's crazy to me.
That's insane.
That's insane that we took that away, but.
Let's return to Silk Road and Rosalbaic.
So how did your path with this very difficult, very fascinating
case cross?
We were looking to open a case against TOR
because it was a problem.
All the cases were closing because TOR.
So we went on TOR and we came up with 26 different onions
that we targeted.
We were looking for nexuses to hacking
because I was on a squad called CY2.
And we were like the premier squad in New York
that was working criminal cyber intrusions.
And so any website that was offered hackers for hire
or hacking tools for free or paid services,
now we're seeing ransomware for as a paid service
and phishing as a paid service, anything that offered that.
So we opened this case on, I think we called it,
we said you have to name cases.
One of the fun thing in the FBI is
when you start a case, you get to name it.
You would not believe how much time is spent
in coming up with the name.
Case goes by, I think we called this onion peeler.
So a little bit of humor, a little bit of wit,
and some profundity to the language.
Yeah, yeah.
Because you're going to have to work with this for quite a lot.
Yeah, this one had the potential of being a big one
because I think Silk Road was the sixth on the list
for that case, but we all knew that was the golden ring.
If you could make the splash that that onion site was going
down, then it would probably get some publicity.
And that's part of law enforcement,
is getting some publicity out of it that, you know,
that makes others think not to do it.
I wish to say that Tor is the name of the project,
the browser.
What is the onion technology behind Tor?
Let's say you want to go to a Dodd Onion site.
You'll put in the Dodd Onion you want to go to,
and your computer will build communications
with a Tor Relay, which are all publicly available out there.
But you'll encrypt it.
You'll put a package around your data,
and so it's encrypted.
So you can't read it.
It goes to that first relay.
That first relay knows about you,
and then knows about the next relay down the chain.
And so it takes your data and then encrypts that
on the outside and sends it to the relay number two.
Now, relay number two only knows about relay number one.
It doesn't know who you are asking for this.
And it goes through there, adding those layers on top,
the layers of encryption until it gets to where it is.
And then even the onion service doesn't know,
except for the relay it came from, who it's talking to.
And so it peels back that, gives the information,
puts another layer back on.
And so it's layers like you're peeling an onion
back of the different relays, and that encryption
protects who the sender is and what information they're sending.
The more layers there are, the more exponentially
difficult it is to decrypt it.
I mean, you get to a place where you don't
have to have so many layers because it doesn't matter anymore.
It's mathematically impossible to decrypt it.
But the more relays you have, the slower it is.
I mean, that's one of the big drawbacks on Tor
is how slow it operates.
So how do you peel the onion?
So what are the different methodologies
for trying to get some information from a cybersecurity
perspective on these operations like the Silk Road?
It's very difficult.
People have come up with different techniques.
There's been techniques to put out in the news media
about how they do it, running massive amounts of relays.
And you're controlling those relays, I think.
I think somebody tried that once.
So there's a technical solution.
And what about social engineering?
What about trying to infiltrate the actual humans
that are using the Silk Road and trying to get in that way?
Yeah, I mean, I definitely could see the way of doing that.
And in this case, in our takedown, we used that.
There was one of my partners, Jared Darraghan.
He was an HSI investigator.
And he had worked his way up to be a system admin on the site.
So that did glean quite a bit of information,
because he was inside and talking to, at that time,
we only know it as DPR or Dreadpire Roberts.
We didn't know who that was yet.
But we had that open communication.
And one of the things, the technical aspects on that
is there was a Jabber server.
That's a type of communication server that was being used.
And we knew that Ross had his Jabber set to Pacific Time.
So we had a pretty good idea what part of the country it was in.
I mean, isn't that, from DPR's perspective,
from Ross's perspective, isn't that clumsy?
He wasn't a big computer guy.
Do you notice that aspect of the technical savvy of some
of these guys doesn't seem to be quite?
Why weren't they good at this?
The real techy savvy ones, we don't arrest.
We don't get to them.
We don't find them.
You don't get to them.
Shout out to the techy criminals.
They're probably watching this.
I mean, yeah, we're getting the low hanging fruit.
I mean, we're getting the ones that can be caught.
I mean, they, you know, I'm sure we'll talk about it.
But the anonymous case, there was a guy named AV unit.
He's still, I lose sleep over him because we didn't catch him.
We caught everybody else.
We didn't catch him.
He's good, though.
He pops up two once in a while on the internet
and it pisses me off.
Yeah, what's his name again?
AV unit, that's all I know is his AV unit.
AV unit.
Yeah, I got a funny story about him
and what people think he is.
Can actually, can we go on that brief tangent?
Sure, I love tangents.
Well, let me ask you, since he's probably he or she,
do we know what's a he?
We have no idea.
OK.
I mean, that's another funny story about hackers,
the he-she issue.
What's the funny story there?
Well, one of the guys in Lulsec was a she,
was a 17-year-old girl.
And my source in the case, the guy at Sabu that I arrested
and part of it, we sat side by side for nine months
and then took down the case and all that.
He was convinced she was a girl.
And it was said, you know, and he was in love with her
almost at one point.
It turns out to be a 35-year-old guy
that lived in England.
Oh, so he was convinced it was a it.
Yes, he was absolutely convinced.
Based on what exactly?
By linguistic, like human-based linguistic analysis?
Or what?
She, he, whatever, you know, Kayla,
as we went, it ended up being like a modification
of his sister's name, the real guy's sister's name,
was so good at building the backstory.
All these guys, and it's funny,
like these guys are part of a hacking crew.
They social engineer the shit out of each other.
Just to build, if one of them ever gets caught,
they'll convince the everybody else that, you know,
they're a Brazilian, you know, ISP owner
or something like that.
And that's how I'm so powerful.
Well, yeah, that social engineering aspect
is part of living a life of cyber crime
or cybersecurity and the offensive or defensive.
So AV unit, Casca also just a tangent of a tangent first?
That's my favorite tangent.
Okay.
Is it possible for me to have a podcast conversation
with somebody who hasn't been caught yet
and because they have the conversation,
they still won't be caught?
And is that a good idea?
Meaning, is there a safe way for a criminal
to talk to me at a podcast?
I would think so.
I would think that someone could,
I mean, someone who has been living a double life
for long enough where you think they're not a criminal.
No, no, no, no, they would have to admit
that they would say I am AV unit.
Oh, you would want to have a conversation with AV unit?
Yes.
Is there a way?
I'm just speaking from an FBI perspective,
technically speaking,
because let me explain my motivation.
I think I would like to be able to talk to people
from all walks of life and understanding criminals,
understanding their mind, I think is very important.
And I think there's fundamentally something different
between a criminal who's still active
versus one that's been caught.
The mind, just from observing it,
changes completely once you're caught.
You have a big shift in your understanding of the world.
I mean, I do have a question about the ethics
of having such conversations,
but first, technically, is it possible?
If I was technically advising you,
I would say first off, don't advertise it.
The fewer people that you're gonna tell
that you're having this conversation with, the better.
And yeah, you could,
are you doing it in person or are you doing it in?
In person would be amazing, yeah,
but their face would not be shown.
Face would not be shown?
Yeah, I mean, you couldn't publish a show for a while.
They'd have to put a lot of trust in you
that you are not going to,
you're gonna have to alter those tapes.
I say tapes, because it's old school, the opto, you know.
It's a tape.
Exactly, I'm sure a lot of people just said that.
Like, oh, shit, this old guy just said tape.
I heard it VHS, it was in the 1800s, I think.
But yeah, yeah, you could do it.
They'd have to have complete faith and trust in you
that you destroy the originals after you've altered it.
What about if they don't have faith?
Is there a way for them to attain security?
So, like, for me to go through some kind of process
where I meet them somewhere where I'm...
I mean, you're not gonna do it without a bag over your head.
I don't know if that's the life you want to live.
I'm fine with a bag over my head.
That's gonna get taken out of context.
But I just, I think it's a worthy effort.
It's a worthy to go through the hardship of that
to understand the mind of somebody.
I think fundamentally conversations are a different thing
than the operation of law enforcement.
Understanding the mind of a criminal,
I think is really important.
I don't know if you're gonna have
the honest conversation that you're looking for.
I mean, it may sound honest, but it may not be the truth.
I found most times when I was talking to criminals,
it's lies mixed with half-truths.
And you kinda, if they're good,
they can keep that story going for long enough.
If they're not, you know, you kind of see the relief in them
when you finally break that wall down.
That's the job of an interviewer.
If the interviewer is good, then perhaps not directly,
but through the gaps, seeps out the truth of the human being.
So not necessarily the details
of how they do the operations and so on,
but just who they are as a human being,
what their motivations are, what their ethics are,
how they see the world, what is good, what is evil,
do they see themselves as good?
What do they see their motivation as?
Do they have resentment?
What do they think about love for the people
within their small community?
Do they have resentment for the government
or for other nations or for other people?
Do they have childhood issues that led
to a different view of the world than others perhaps have?
Do they have certain fetishes like sexual and otherwise
that led to the construction of the world?
They might be able to reveal some deep flaws
to the cybersecurity infrastructure of our world.
Not in detail, but like philosophically speaking,
they might have, I know you might say it's just a narrative,
but they might have a kind of ethical concern
for the well-being of the world that they're essentially
attacking the weakness of the cybersecurity infrastructure
because they believe ultimately
that would lead to a safer world.
So the attacks will reveal the weaknesses.
And if they're stealing a bunch of money, that's okay
because that's gonna enforce you
to invest a lot more money in defending things
that actually matter, nuclear warheads
and all those kinds of things.
I mean, I could see, it's fascinating to explore
the mind of a human being like that
because I think it will help people understand.
Now, of course, it's still a person that's creating
a lot of suffering in the world, which is a problem.
So do you think ethically it's a good thing to do?
I don't.
I mean, I feel like I have a fairly high ethical bar
that I have to put myself on.
And I don't think I have a problem with it.
I would love to listen to it.
Okay, great.
I mean, not that I'm your ethical coach or here.
Yeah, well, that's interesting.
I mean, because I thought you would have become jaded
and exhausted by the criminal mind.
It's funny, you know, I'm fast forward in our story.
I'm very good friends with Hector Montseguir,
the saboo, the guy I arrested.
And he tells stories of what he did in his past.
And I'm like, oh, that Hector, you know?
But then I listened to your episode with Brett Johnson
and I was like, ah, this guy stealing money
from the US government and welfare fraud
and all this sort of things.
He just pissed me off.
And I don't know why I have that differentiation in my head.
I don't know why.
I think one's just, oh, Hector will be Hector.
And then this guy just pissed me off.
Well, you didn't feel that way about Hector
until you probably met him.
Well, I didn't know Hector.
I knew saboo.
So I hunted down saboo
and I learned about Hector over those nine months.
We'll talk about it.
Let's finish with, let's return tangent to back to tangent.
Oh, run tangent up.
Who's AV unit?
I don't know.
That's interesting.
So he's at the core of Anonymous.
He's one of the critical people in Anonymous.
What is known about him?
There's what's known in public
and what was known because I sat with Hector
and he was sort of like the set things up guy.
So Lulsec had like their hackers,
which was saboo and Kayla.
And they had their media guy,
this guy Topiary.
He lived up in the Northern end of England.
And they had a few other guys,
but AV unit was the guy that set up infrastructure.
So if you need a VPN in Brazil
or something like that to pop through.
One of the first things Hector told me
after we arrested him is that
AV unit was a secret service agent.
And I was like, oh shit, just because
he kind of lived that lifestyle.
He'd be around for a bunch of days
and then all of a sudden gone for three weeks.
And I tried to get more out of Hector
and early on in that relationship.
You know, I'm sure he was a little bit guarded
maybe trying to social engineer me.
Maybe he wanted that, oh shit,
there's law enforcement involved in this.
And not to say, I mean, I was in over my head
with that case just the amount of work that was going on.
So to track them all down,
plus the 350 hacks that came in
about just military institutions,
it was swimming in the deep end.
So it was just at the end of the case,
I looked back and I was like,
AV unit, I could have had them all.
You know, maybe that's the perfectionist in me.
Oh man, well, reach out somehow.
I can't, I won't say how, right?
We'll have to figure out.
Would you have them on?
Yeah.
Oh my God.
Just let me know.
Just talk shit about you the whole time.
That's perfect.
He probably doesn't even care about me.
Well, now he will.
Oh, yeah.
Because there's a certain pleasure
of a guy who's extremely good at his job,
not catching another guy who's extremely good at his job.
Obviously better, he got away.
Better, there you go.
He's still eating it.
I love it.
He or she.
If I can meet that guy one day,
he or she, that'd be great.
I mean, I have no power.
So yes, Silk Road,
can you speak to the scale of this thing?
What, just for people who are not familiar,
how big was it?
And any other interesting things you understand
about its operation when it was active?
So it was when we finally got looking through the books
and the numbers came out
as about $1.2 billion in sales.
It's kind of hard with the fluctuation value
of Bitcoin at the time to come up with a real number.
So you kind of pick a daily average and go across.
Most of the operation was done in Bitcoin.
It was all done in Bitcoin.
You couldn't, you had escrow accounts on,
you came in and you put money in an escrow account
and the transaction wasn't done until the client
got the drugs or whatever they had bought
and then the drug dealers had sent it in.
There was some talk at the time
that the cartel was starting to sell on there.
So that started getting a little hairy there at the end.
What was the understanding of the relationship
between organized crime like the cartels
and this kind of more ad hoc new age market
that is the Silk Road?
I mean, it was all just chatter.
It was just, you know,
cause like I said, Jared was in the inside.
So we saw some of it from the admin sides
and Ross had a lot of private conversations
with the different people that he had advised him.
But no one knew each other.
And I mean, the only thing,
the only thing that they knew
with the admins had to send an ID to Ross.
Had to send a picture of their driver's license or passport,
which I always found very strange
because if you are an admin on a site that sells fake IDs,
why would you send your real ID?
And then why would the guy running the site
who profits from selling fake IDs believe that it was?
But fast forward, they were all real IDs.
All the IDs that we found on Ross's computer
as the admins were the real people's IDs.
What do you make of that? Just other clumsiness?
Yeah, low hanging fruit, I guess.
I guess that's what it is.
I mean, I would have bought, I mean,
even Ross bought fake IDs off the site.
He had federal evens knock on his door.
You know, and then he got a little cocky about it.
The landscape, the dynamics of trust is fascinating here.
So you trust certain ideas there.
Like who do you trust in that kind of market?
What was your understanding of the network of trust?
I don't think anyone trusts anybody, you know?
I mean, I think Ross had his advisors of trust,
but outside of that, I mean,
he required people to send their ID for their trust.
He, you know, people stalled from him.
There was, there's open cases of that.
It's a criminal world and you can't trust anybody.
What was his life like, you think?
Lonely.
Can you imagine being trapped in something like that
where you, the whole world focused on that
and you can't tell people what you do all day?
Could he have walked away?
Like someone else take over, the site just shut down.
Either one.
Just you putting yourself in his shoes,
the loneliness, the, the anxiety,
the just the growing immensity of it.
So walk away with some kind of financial stability.
I couldn't have made it past two days.
I don't like loneliness.
I mean, my, if my wife's away,
I'd probably call her 10, 12 times a day.
We just talk about things, you know,
I just, you know, something crossed my mind.
I want to talk about it.
And I'm sure she,
and you'd like to talk to her like honestly about everything.
So if you were running so crowded,
you wouldn't, you wouldn't be able to like,
hopefully I'd have a little protection.
I'd only mentioned to her when we were in bed
to have that marital connection, but, but who knows?
I mean, she's going to question why the Ferrari is outside
and things like that.
Yeah.
Well, I'm sure you can come up with something.
Why didn't he walk away?
It's another question of why don't criminals walk away
in these situations?
Well, I mean, I don't know every criminal mind in some do.
I mean, AV unit walked away.
I mean, I'm not to go back to that son of a bitch, but.
There's a theme to this.
But, you know, Ross started counting his dollars.
I mean, he really kept track of how much money he was making
and it started, you know, getting exponentially growth.
I mean, he, I mean, if he would have stayed at it,
he would have probably been one of the richest people
in the world.
And do you think he liked the actual money
or the fact of the number growing?
I mean, have you ever held a Bitcoin?
Yeah.
Oh, you have?
Well, he never did.
What do you mean held a Bitcoin?
You can't hold it.
It's not real.
It's not kind of like I can give you a brief case of Bitcoin
or like, you know, or something like that.
He liked the idea of it growing.
He liked the idea.
I mean, I think it started off as sharing this idea,
but then he really did turn to like,
I am the captain of the ship and that's what goes.
And he was making a lot of money.
And again, my interactions with Ross was about maybe five
or six hours over a, over a two day period.
I knew DPR because I read his words and all that.
I didn't really know Ross.
There was a journal found on his computer.
And so it sort of kind of gave me a little inside.
So I don't like to do a playbook for criminals,
but I'll tell you right now, don't write things down.
There was a big fad about people like,
remember kids going around shooting people with paintballs
and filming it.
I don't know why you would do that.
Why would you videotape yourself committing crime
and then publish it?
Like, if there's one thing I've taught my children,
don't record yourself doing bad things.
It never goes, but it goes well.
And you actually give advice in the other end of logs
being very useful for the defense perspective for,
you know, information is useful for being able to figure out
what the attacks were all about.
Logs are the only reason I found Hector Montsegur.
I mean, the one time his VPN dropped during a Fox hack.
And he says he did, it wasn't even hacking.
He just was sent a link and he clicked on it.
And in 10 million lines of logs,
there was one IP address that stuck out.
This is fascinating.
We'll explore several angles of that.
So what was the process of bringing down Ross
and the Silk Road?
All right, so that's a long story.
You want the whole thing and you want to break it up.
Let's start at the beginning.
Once we had the information of the chat logs
and all that from the server,
we found- What's the server?
What's the chat log?
So the DotOnion was running the website,
the Silk Road, was running on a server in Iceland.
How did you figure that out?
That was one of the claims that the NSA.
Yeah, that's the one that we said that,
yeah, I wouldn't tell you if it was.
It's on the internet.
I mean, the internet has their conspiracy theories
and all that, so.
But you figure out, that's the part of the thing you do.
It's puzzle pieces and you have to put them together
and look for different pieces of information
and figure out, okay, so you figure out the server
is in Iceland.
We get a copy of it and so we start getting clues off of that.
With the physical copy of the server?
Yeah, you fly over there.
So you go, if you've ever been to Iceland,
if you've never been, you should definitely go to Iceland.
Is it beautiful or- I love it.
I love it.
So I'll tell you this.
So, sorry, Tangents, I love this.
So I went to Iceland for the Anonymous case,
then I went to Iceland for the Silk Road case
and I was like, oh shit, all cyber crime goes to Iceland.
It was just my sort of thing.
And I was over there for like the third time
and I said, if I ever can bring my family here.
Like, so there's a place called Thingavar
and I'm sure I'm fucking up the name,
the Icelandics are pissed right now.
But it's where the North American continental plate
and the European continental plate are pulling apart
and it's being filled in with volcanic material
in the middle.
And it's so cool.
Like, I was like, one day I'll be able to afford
to bring my family here.
And once I left-
It's just like the humbling and the beauty of nature.
Just everything, man.
It was a different world.
It was insane how great Iceland is.
And so we went back and we rented a van
and we took friends and we drove around the entire country.
Absolutely, like a beautiful place.
Like Reykjavik's nice,
but get out of Reykjavik as quick as you can
and see the countryside.
How is this place even real?
Well, it's so new.
I mean, that's, so, you know, our rivers have been going
through here for millions of years
and flattened everything out and all that.
These are new, this is new land being carved by these rivers.
You can walk behind a waterfall in one place.
It's the most brutal place I've ever been.
You understand why this is a place
where a lot of hacking is being done?
Because the energy is free and it's cool.
So you have a lot of servers going on there.
Server farms, you know, they're,
the energy has come up out of the ground, geothermal.
And so, and then it keeps all the servers nice and cool.
So why not keep your computers there at a cheap rate?
Tangents.
I'll definitely visit for several reasons,
including to talk to AV unit.
Yeah, he'll be there.
Well, the servers are there,
but they don't probably live there.
I mean, that's interesting.
I mean, the Pacific, the PSE, the time zones,
there's so many fascinating things to explore here.
But so you got, sorry to add to that.
I mean, the European internet cable goes through there.
So, you know, across to the Greenland
and down through Canada and all that.
So they have backbone access with cheap energy
and free cold weather, you know.
And beautiful.
Oh, and beautiful, yes.
So chat logs on that server, what was in the chat logs?
Everything, he kept them all.
That's another issue.
If you're writing a criminal enterprise,
please don't keep all, again,
I'm not making a guidebook of how to commit
to your perfect crime.
But, you know, every chat he ever had,
and everyone's chat, it was like going into Facebook
of criminal activity.
Yeah, just looking at texts with Elon Musk
being part of the conversations.
I don't know if you're familiar,
but they've been made public
for the court cases going through,
who was going through, is going through,
was going through with Twitter.
I don't know where it is.
But it made me realize that, oh, okay.
I'm generally, that's my philosophy on life,
is like anything I text or email or say publicly
or privately, I should be proud of.
So I tried to kind of do that
because you basically, you say, don't keep chat logs,
but it's very difficult to erase chat logs from this world.
I guess if you're a criminal, that should be,
like you have to be exceptionally competent
at that kind of thing.
To erase your footprints is very, very difficult.
Can't make one mistake.
All it takes is one mistake of keeping it.
But yeah, I mean, not only do you have to be,
whatever you put in a chat log or whatever you put in an email,
it has to hold up and you have to stand behind it publicly
when it comes out.
But if it comes out 10 years from now,
you have to stand behind it.
I mean, we're seeing that now in today's society.
Yeah, but that's a responsibility.
You have to take it really, really seriously.
If I was a parent and advising teens,
like you kind of have to teach them that.
I know there's a sense like, no, we'll become more accustomed
to that kind of thing.
But in reality, no, I think in the future,
we'll still be held responsible for the weird shit we do.
Yeah, a friend of mine, his daughter got kicked out
of college because of something she posted in high school.
And the shittiest thing for him, but great for my kids,
great lesson, look over there
and you don't want that to happen to you.
Yeah, okay.
So in the chat logs was useful information,
like breadcrumbs of information that you can then pull out.
Yeah, great evidence and stuff, you know, I mean, obviously.
All evidence too.
Yeah, a lot of evidence.
Here's a sale of this much heroin
because Ross ended up getting charged
with a czar status on certain things.
And that's, it's a certain weight in each type of drug
that you had, like, I think it's four or five employees
of your empire and that you made more than $10 million.
And so it's, you know, it's just like the narco tractors
get charged with or, you know, anybody out of Columbia,
you know, and so.
And that was primarily what he was charged with
during when he was arrested, is the drug.
Yeah, and he got charged with some
of the hacking tools too.
Okay, like because he's in prison, what for?
Two life sentences plus 40 years.
And no possibility of parole.
In the federal system, there's no possibility of parole
when you have life.
The only way you get out is if the president pardons you.
There's always a chance.
There is, I think it was close.
I heard rumors there was close.
Well, right, so it depends.
Given it's fascinating, but given the political,
the ideological ideas that he represented and espoused,
it's not out of the realm of possibility.
Yeah, I mean, I've been asked before, who, you know,
does he get out of prison first
or does Snowden come back into America?
And I don't know.
I have no idea.
Snowden just became a Russian citizen.
I saw that, and I've heard a lot of weird theories
about that one.
Well, actually on another tangent, let me ask you,
do you think Snowden is a good or a bad person?
A bad person.
Can you make the case that he's a bad person?
There's ways of being a whistleblower
and there's rules set up on how to do that.
He didn't follow those rules.
I mean, they, you know, I'm red, white, and blue,
so I'm pretty, you know.
So you think his actions were anti-American?
I think the results of his actions were anti-American.
I don't know if his actions were anti-American.
Do you think he could have anticipated
the negative consequences of his action?
Should we judge him by the consequences
or the ideals of the intent of his actions?
I think we all get to judge him based our own beliefs,
but I believe what he did was wrong.
Can you still man the case that he's actually
a good person and good for this country,
for the United States of America,
as a flag bearer for the whistleblowers,
the check on the power of government?
Yeah, I mean, I'm not big government type guy, you know.
So, you know, even that sounds weird,
coming from a government guy for so many years.
But there's rules in place for a reason.
I mean, he put, you know, some of our best capabilities,
he made them publicly available.
It really kind of set us back in the,
and this isn't my world at all,
but the offensive side of cybersecurity.
Right, so he revealed stuff that he didn't need to reveal
in order to make the point.
Correct.
So, if you can imagine a world where he leaked stuff
that revealed the mass surveillance efforts
and not reveal other stuff.
Like, is the mass surveillance,
I mean, that's the thing that, of course,
in the interpretation of that, there's fear mongering,
but at the core, that was a real shock to people
that it's possible for government to collect data at scale.
It's surprising to me that people are that shocked by it.
Well, there's conspiracies,
and then there's like actual evidence
that that is happening.
I mean, it's a reality, there's a lot of reality
that people ignore, but when it hits you in the face,
you realize, holy shit, we're living in a new world.
This is the new reality, and we have to deal with that reality.
Just like you work in cybersecurity,
I think it really has a lot of value.
You work in cybersecurity, I think it really hasn't hit
most people, how fucked we all are
in terms of cybersecurity.
Okay, let me rephrase that.
How many dangers there are in a digital world,
how much under attack we all are,
and how more intensity attacks are getting,
and how difficult the defense is, and how important it is,
and how much we should value it,
and all the different things we should do
at the small and large scale to defend.
Like most people really haven't woken up.
They think about privacy from tech companies.
They don't think about cyber attacks.
People don't think they're a target,
and that message definitely has to get out there.
I mean, if you have a voice, you're a target,
if the place you work, you might be a target.
So your husband might work at some place,
because now people are working from home,
so they're gonna target you to get access
to his network in order to get in.
When that same way, the idea that the US government,
or any government could be doing mass surveillance
on its citizens is one that was a wake-up call,
because you could imagine the ways in which that could
like you could abuse the power of that
to control the citizenry for political reasons and purposes.
Absolutely, you know, you could abuse it.
I think during the part of the Snowden League
saw the two NSA guys moderating like their girlfriends,
and there's rules in place for that.
Those people should be punished for abusing that.
But how else are we going to hear about terrorists
that are in the country talking about birthday cakes?
And that was a case where that was the trip word
that we're gonna go bomb New York City's subway.
Yeah, it's complicated, but it just feels like
there should be some balance of transparency.
There should be a check in that power.
Because like, you know, in the name of the war on terror,
you can sort of sacrifice,
there is a trade opportunity and security and freedom,
but it just feels like there's a giant slippery slope
on the sacrificing of freedom in the name of security.
I hear you, and you know, we live in a world where,
well, I live in a world where I had to tell you exactly
when I arrested someone,
I had to write a 50-page document of how I arrested you,
and all the probable cause I have against you and all that.
Well, you know, bad guys are reading that.
They're reading how I caught you
and they're changing their way they're doing things.
They're changing their MO.
You know, they're doing it to be more secure.
If, you know, we tell people how we're monitoring,
you know, what we're surveilling, we're gonna lose that.
I mean, the terrorists are just gonna go a different way.
And I'm not trying to, again, I'm not big government.
I'm not trying to say that, you know, it's cool
that we're monitoring the US government's monitoring
everything, you know, big tech's monitoring everything.
They're just monetizing it
versus possibly using it against you.
But there is a balance.
In those 50 pages, they have a lot of value.
If they make your job harder,
but they prevent you from abusing the power of the job.
Yeah. There's a balance.
Yeah. That's a tricky balance.
So the chat logs in Iceland
gave you evidence of the heroin and all the large scale
czar level drug trading.
What else did it give you in terms of the how to catch?
It gave us infrastructure.
So the onion name was actually running on a server in France.
So if you like, it had only communicated
through a back channel of VPN
to connect to the Iceland server.
There was a Bitcoin like kind of vault server
that was also in Iceland.
And I think that was so that the admins
couldn't get into the Bitcoins.
The other admins that were hired to work on the site.
So you could get into the site,
but you couldn't touch the money.
Only Ross had access to that.
And then, you know, another big mistake on Ross's part
is he had the backups for everything
at a data center in Philadelphia.
So don't put your infrastructure in the United States.
I mean, again, let's not make a playbook, but you know.
Well, I think these are low hanging fruit
that people of competence would know already.
But it's interesting that he wasn't competent enough
to make, so he was incompetent in certain ways.
Yeah, I don't think he was a mastermind
of setting up an infrastructure that would protect
his online business because, you know, keeping chat logs,
keeping a diary, putting infrastructure
where it shouldn't be bad decisions.
How did you figure out that he's in San Francisco?
So we had that part with Jared
that he was on the West Coast.
And then-
Who again is Jared?
Jared Dagan was a, he was a partner in,
he was a DHS agent, worked for HSI,
Homeland Security Investigations in Chicago.
He started his Silk Road investigation
because he was working at O'Hare
and a weird package came in, come to find out.
He traced it back to Silk Road.
So he started working at a Silk Road investigation
long before I started my case.
And he made his way up undercover
all the way to be an admin on Silk Road.
So he was talking to Ross on a Jabra server,
the private Jabra server, private chat communication server.
And we noticed that Ross's time zone
on that Jabra server was set to the West Coast.
So we had Pacific time on there.
So we had a region, 1 24th of the world
was covered of where we thought he might be.
And from there, how do you get to San Francisco?
There was another guy, an IRS agent
that was part of the team.
And he used a powerful tool
to find his clue.
He used the world of Google.
He simply just went back and Googled around
for Silk Road at the time it was coming up
and found some posts on like some help forums
that this guy was starting an onion website
and wanted some cryptocurrency help.
And if you could help him, please reach out
to Ross.Albrick at gmail.com.
In my world, that's a clue.
So.
Okay, so that's as simple as that.
Yeah, and the name he used on that post was Frosty.
Yeah, so you had to connect Frosty
and other uses in Frosty and here's a Gmail
and the Gmail has the name.
The Gmail posted that I need help
under the name Frosty on this forum.
So what's the connection of Frosty elsewhere?
The person logging into the Philadelphia backup server,
the name of the computer was Frosty.
Yeah, another clue in my world.
And that's it.
The name is there, the connection to the Philadelphia server
and then to Iceland is there.
And so the rest is small details in terms of,
or is there interesting details?
No, I mean, there's some electronic surveillance
that find Ross Albrick living in a house
and is there, you know, is a computer at his house
attaching to, you know, does it have tour traffic
at the same time that DPR is on?
Another big clue that matched you up time frames.
Again, just putting your email out there,
putting your name out there like that.
Like what I see from that, just at the scale of that market,
what it just makes me wonder how many criminals are out there
that are not making these low hanging food mistakes
and are still successfully operating.
To me, it seems like you could be a criminal.
It's much easier to be a criminal on the internet.
What else to use interesting to understand about that case
of Ross and Silk Road and just the history of it
from your own relationship with it,
from a cyber security perspective,
from an ethical perspective, all that kind of stuff.
Like when you look back,
what's interesting to you about that case?
I think my views on the case have changed over time.
I mean, it was my job back then.
So I just looked at it as of, you know, I'm going after this.
I sort of made a name for myself in the bureau
for the anonymous case and then this one was just,
I mean, this was a bigger deal.
I mean, they flew me down to DC to meet with the director
about this case.
The president of the United States was going to announce
this case, the arrest.
Unfortunately, the government shut down two days before.
So it was just us.
And that's really the only reason I had any publicity out of it
is because the government shut down
and the only thing that went public was that affidavit
with my signature at the end.
Otherwise, it would have just been the attorney general
and the president announcing the rest of this big thing.
And you wouldn't have seen me.
Did you understand that this was a big case?
Yeah, I knew at the time.
Was it because of the scale of it or what it stood for?
I just knew that the public was going to react
in a big way like the media was.
Now, did I think that it was going to be on the front page
of every newspaper in the day after the arrest?
No, but I could sense it like I went like three or four days
without sleep when I was out in San Francisco to arrest Ross.
I had sent three guys to Iceland to.
So it was a three prong approach for the takedown.
It was get Ross, get the bitcoins and seize the site.
Like we didn't want someone else taking control of the site
and we wanted that big splash of that banner.
Like look, look, the government found this site.
Like you might not want to think about doing this again.
So. And you were able to pull off all three?
Maybe that's my superpower.
I'm really good about putting smarter people on than I am
together and on the right things.
You know, I've done.
The only way to do it.
In the business I formed.
That's what I did.
I hired only smarter people than me and I, you know,
I'm not that smart, but, you know,
smart enough to know who the smart people are.
The team was able to do all three.
Yeah, we were able to get all three done.
Yeah. And the one guy, one of the guys,
the main guys I sent to Iceland, man, he was so smart.
Like I sent another guy from the FBI to,
to France to get that part and he couldn't do it.
So the guy in Iceland did it from, from Iceland.
They had to pull some stuff out of memory on a computer.
You know, it's live process stuff.
I'm sure you've done that before, but.
I'm sure you did.
Look, look what you're doing.
You're, this is like a multi layer interrogation going on.
Was there a concern that somebody else would step in
and control the site?
Absolutely.
We didn't have insight on who exactly I control.
So it turns out that Russ had like dictatorial control.
So he, it wasn't easy to delegate to somebody else.
He hadn't.
I think he had some sort of ideas.
I mean, his diary talked about walking away
and giving it to somebody else, but he didn't,
he couldn't give up that control on anybody apparently.
Which makes you think that power corrupts
and his ideals were not as strong as he espoused about.
Because if it was about the,
the freedom of being able to buy drugs,
if you want to,
then he surely should have found ways to delegate that power.
We changed over time.
You could see it in his writings that he changed.
Like, so people argue back and forth
that there was never murders on Silk Road.
When we were doing the investigation to us, there were six murders.
So there, there was,
the way we see him saw him at the time
was Russ ordered people to be murdered.
You know, some people stole from him and all that.
It was sort of an evolution from,
oh man, I can't deal with this.
I can't do it.
It's too much to the last one was like,
the guy said, well, he's got three roommates.
It's like, oh, we'll kill them too.
Was that ever proven in court?
No, the murders never went forward
because there was some stuff, problems in that case.
So there was a separate case in Baltimore
that they had been working on for a lot longer.
And so, you know, during the investigation,
that caused a bunch of problems
because now we have multiple federal agencies
case against the same thing.
How do you decide not to push forward the murder investigations?
So there was a deconfliction meeting that happened in DC.
I didn't happen to go to that meeting,
but Jared went,
this is before I ever knew Jared.
And we have like,
televisions where we can just sit in a room
and sit in on the meeting.
But it's all, you know, secured network and all that.
So we can talk openly about secure things.
And we sat in on the meeting and people just kept saying
the term sweat equity.
I've got sweat equity,
meaning that they had worked on the case for so long
that they deserve to take them down.
And by this time, you know, no one knew about us,
but we told them at the meeting that,
well, we had found the server and we have a copy of it
and we have the infrastructure.
And these guys had just had communications under covers.
They didn't really know what was going on.
And this wasn't my first deconfliction meeting.
We had a huge deconfliction meeting
during the anonymous case.
What's the deconfliction mean?
Agents within your agency or other federal agencies
have an open investigation
that if you exposed your case or took down your case
would hurt their case or the other.
Oh, so you kind of have a,
it's like the rival gangs meet at the table
in a smoke filled room and...
Less bullets at the end, but yes.
Oh boy with the sweat equity.
Yeah.
I mean, there's careers at stake, right?
Yeah.
You hate that idea.
Yeah.
I mean, why would you, why is that a stake?
Just because you've worked on it long enough,
longer than I have,
that means you get, you did better.
That's insane to me.
That's rewarding bad behavior.
And so that one of the part of the sweat equity discussion
was about murder and this was,
here's a chance to actually bust them
given the data you have from Iceland
and all that kind of stuff.
So why...
Well, they wanted us just to turn the data over to them.
To them.
Yeah.
Thanks for getting us this far.
Here it is.
I mean, it came to the point where they sent us,
like they had a picture of what they thought Ross was.
And it was an internet meme.
It really was a meme.
It was a photo that we could look up.
Like it was insane.
All right.
So there's different degrees of competence
all across the world between different people.
Yes.
Okay.
Does part of you regret
because you pushed forward the heroin and the drug trade
and never got to the murder discussion?
I mean, the only regret is that the internet
doesn't seem to understand.
They just kind of blow that part off
that he literally paid people to have people murdered.
They didn't result in a murder
and I think God know and resulted in a murder.
But that's where his mind was.
His mind and where he wrote in his diary
was that I had people killed and here's the money.
He paid it.
He paid a large amount of bitcoins
for that murder.
He didn't just even think about it.
He actually took action,
but the murders never happened.
He took action by paying the money.
Correct.
And the people came back with results.
He thought they were murdered.
That said, can you understand and steal me on the case
for the drug trade on Silk Road?
Can you make the case that it's a net positive for society?
So there was a time period of when we found out
the infrastructure and when we built the case against Ross.
I don't remember exactly.
Six weeks, a month, two months,
I don't know, somewhere in there.
But then at Ross's sentencing,
there was a father that stood up and talked about his son dying.
And I went back and kind of did the math
and it was between those time periods of when we knew
we could shut it down.
We could have pulled the plug on the server and gone.
And when Ross was arrested,
his son died from buying drugs on Silk Road.
And I still think about that father a lot.
But if you look at the scale at the war on drugs,
let's just even outside of Silk Road,
do you think the war on drugs by the United States
has alleviated more suffering
or caused more suffering in the world?
That might be above my pay scale.
I mean, I understand the other side of the argument.
I mean, people said that I don't have to go down to the corner
to buy drugs.
I'm not going to get shot on the corner buying drugs
or something.
I can just have them sent to my house.
People are going to do drugs anyways.
I understand that argument
from my personal standpoint.
If I made it more difficult for my children to get drugs,
then I'm satisfied.
So your personal philosophy is that if we legalize all drugs,
including heroin and cocaine,
that that would not make for a better world.
No, personally, I don't believe legalizing all drugs
would make for a better world.
Can you imagine that it would?
Do you understand that argument?
Sure.
I mean, as I've gotten older,
I like to see both sides of an argument.
And when I can't see the other side,
that's when I really like to dive into it.
And I can see the other side.
I can see why people would say that.
But I don't want to be my raised children in a world
where drugs are just free for use.
Well, and then the other side of it is with Silk Road.
Did taking down Silk Road, did that increase
or decrease the number of drug trading criminals in the world?
It's unclear.
Online, I think it increased.
I think that's one of the things I think about a lot with Silk Road
was that no one really knew.
I mean, there was thousands of users.
But then after that, it was on the front page of the paper
and there was millions of people that knew about TOR
and Onion Sites.
It was an advertisement.
I thought crypto was going to crash right after that.
People will now see that bad people are doing bad things with crypto.
That'll crash.
Well, I'm obviously wrong on that one.
And I thought, you know,
Ross was sentenced to two life sentences plus 40 years.
No one's going to start up these.
Dark markets exploded after that.
Some of them started as opportunistic.
I'm going to take those escrow accounts
and I'm going to steal all the money that came in.
There were that.
But there were a lot of dark markets that popped up after that.
We put the playbook out there.
Yeah.
Yeah.
But and also there's a case for,
do you ever think about not taking down,
if you have not taken down Silk Road,
you could use it because it's a market.
It itself is not necessarily the primary criminal organization.
It's a market for criminals.
So it could be used to track down criminals in the physical world.
So if you don't take it down and given that it was,
you know, the central, how centralized it was,
it could be used as a place to find criminals.
Right.
So the dealers, the drug dealers.
Take down the drug dealers.
Yeah.
So if you have the cartels, start getting involved,
you go after the dealers.
It would have been very difficult.
Because of the tour.
Because of all the protections and anonymity.
Decloking all that would have been drastically more difficult.
And a lot of people in upper management,
the FBI didn't have the appetite of running something like that.
That would have been the FBI running a drug market.
How many, how many kids,
how many fathers would have to come in and said,
my kid bought while the FBI was running a site, a drug site.
My kid died.
So I didn't know anybody in the FBI in management,
they would have the appetite to let us run what was happening on Silk Road.
You know, because remember at that time,
we still believe in six people are dead.
We're still investigating, you know, where are all these bodies?
You know, that's pretty much why we took down Ross when we did.
I mean, we had to jump on it fast.
What else can you say about this complicated world that has grown of the dark web?
I don't understand it.
It would have been something for me.
I thought it was going to collapse,
but I mean, it's just gotten bigger in what's going out there.
Now, I'm really surprised that it hasn't grown into other networks,
or people haven't developed other networks, but Tor.
You mean like instead of Tor?
Yeah, Tor's still the main one out there.
I mean, there's a few others,
and I'm not going to put an advertisement out for them,
but you know, I thought that market would have grown.
Yeah, my sense was when I interacted with Tor,
it was that there's huge usability issues,
but that's for like legal activity.
Because like if you care about privacy,
it's just not as good of a browser.
Like to look at stuff.
No, it's way too slow.
It's way too slow.
I mean, you can't even like,
I know some people would use it to like view movies,
like Netflix, you can only view certain movies in certain countries.
You can use it for that, but it's too slow even for that.
Were you ever able to hold in your mind the landscape of the dark web?
Like what's going on out there?
To me as a human being,
it's just difficult to understand the digital world.
Like these anonymous usernames.
Like doing anonymous activity.
It's just, it's hard to, what am I trying to say?
It's hard to visualize it in the way I can visualize,
like I've been reading a lot about Hitler.
I can visualize meetings between people, military strategy,
deciding on certain evil atrocities, all that kind of stuff.
I can visualize the people.
There's agreements, hands, handshakes, stuff signed.
Groups built like in the digital space,
like with bots, with anonymity,
anyone human can be multiple people.
It's just, yeah, it's all lies.
It's all lies.
Like, yeah, it feels like I can't trust anything.
No, you can't, you honestly can't.
And like, you can talk to two different people
and it's the same person.
Like there's so many different, you know,
Hector had so many different identities online,
the, you know, of things that, you know,
the lies to each other.
I mean, he lied to people inside his group
just to use another name to spy on,
make sure what they, you know,
we're talking shit behind his back
or we're not doing anything.
It's all lies and people,
they can keep all those lies straight.
It's unbelievable to me.
Ross Albrecht represents the very early days of that.
That's why the competence wasn't there.
Just imagine how good the people are now,
the kids that grow up.
Oh, they've learned from his mistakes.
Just the extreme competence.
You just see how good people are at video games,
the level of play in terms of video games.
Like I used to think I sucked.
And now I'm not even like,
I'm not even in the like consideration
of calling myself shitty at video games.
I'm not even, I'm like non-existent.
I'm like the mold.
Yeah, I stopped playing because it's so embarrassing.
It's embarrassing.
It's like wrestling with your kid
and he finally beats you.
And he's like, well, fuck that.
I'm not wrestling with my kid anymore ever again.
Since hacking at its best and its worst is a kind of game.
And you can get exceptionally good at that kind of game.
And you get the accolations of it.
I mean, there's power that comes along.
If you have success,
look at the kid that was hacking into Uber and Rockstar Games.
He put it out there that he was doing it.
I mean, he used the name,
whatever hacked into Uber was a screen name.
He was very proud of it.
I mean, one building evidence against himself.
But, you know, he wanted that slap on the back.
Like, look at what a great hacker you are.
Yeah.
What do you think is in the mind of that guy?
What do you think is in the mind of Ross?
Do you think they see themselves as good people?
Do you think they acknowledge the bad they're doing
around to the world?
So that Uber hacker, I think that's just you thing,
not realizing what consequences are,
I mean, based on his actions.
Ross was a little bit older.
I think Ross truly is a libertarian.
He truly had his beliefs that he could provide
the gateway for other people to live that libertarian lifestyle
and put in their body what they want.
I don't think that was a front or a lie.
What's the difference between DPR and Ross?
He said, like, I have never met Ross until,
I have only had those two days of worth of interaction.
Yeah.
It's just interesting, given how long you've chased him
and then having met him,
what was the difference to you as a human being?
He was a human being.
He was an actual person.
He was nervous when we arrested him.
So one of the things that I learned through my law enforcement career
is if I'm going to be the case agent,
I'm going to be the one in charge of dealing with this person.
I'm not putting handcuffs on him.
Something else is going to do that.
Like, I'm going to be there to help him.
I'm going to conduit to help.
And so, you know, right after someone's arrested,
you obviously have had them down for weapons
to make sure for everybody's safety.
But then I just put my hand on their chest.
Just feel their heart, feel their breathing.
I'm sure it's the scariest day.
But then to have that human contact kind of settles people down
and you kind of like, let's start thinking about this.
I'm going to tell you, you know, I'm going to be open and honest with you.
You know, there's a lot of cops out there
and federal agents cops that just go to the hard ass tactic.
You don't get very far with that.
You don't get very far being a mean asshole to somebody.
You know, be compassionate, be human.
And it's going to go a lot further.
So, given everything he's done,
you're still able to have compassion for him?
Yeah.
We took him to the jail and we, so it was after hours.
So, he didn't get to see a judge that day.
So, we stuck him in the San Francisco jail.
I hadn't slept for about four days
because I was dealing with people in Iceland,
bosses in DC, bosses in New York.
So, and I was in San Francisco.
So, timeframe, like the Iceland people were calling me
when I was supposed to be sleeping.
It was insane.
But I still went out that night.
Well, Ross sat in jail and bought him breakfast.
I said, what do you want for breakfast?
I'll have a nice breakfast for you
because we picked him up in the morning
and took him over to the FBI to do the FBI booking,
the fingerprints and all that.
And I got him breakfast.
I mean, and you don't get paid back for that sort of thing.
I'm not looking by.
Did he make special requests for breakfast?
Yeah, he asked for certain things.
Can you mention, is that top secret FBI?
That's not top secret.
I think you wanted some granola bars.
And, you know, but, I mean, he already had a lawyer up.
So, we, you know, which is his right, he can do that.
So, I knew we were going to work together,
you know, like I did with Hector.
But I mean, this is the last day.
Most of the conversations have to be them with lawyers.
From that point on, I can't question him.
Yeah. When he asked for a lawyer.
Or if I did, it couldn't be used against him.
So, we just had conversations where I talked to him.
Yeah.
You know, he could, you know, could say things to me,
but then I would remind him that he asked for a lawyer
and he'd have to waive that and all that.
But we didn't talk about his case so much.
We just talked about, like, human beings.
Did he, with his eyes, with his words,
reveal any kind of regret?
Or did you see a human being changing,
understanding something about themselves
and the process of being caught?
No. I don't think that.
I mean, he did offer me $20 million to let him go
when we were driving to the jail.
Oh, no.
And I asked him what I was going to do with the agent
that sat in the front seat.
The money really broke him, huh?
I think so.
I think he kind of got caught up in how much money it was
and how, you know, when crypto started, it was pennies.
And by the time he got arrested, it was 120 bucks.
You know, 177,000 Bitcoins.
Even today, you know, that's a lot of Bitcoins.
So you really could have been, if you continued,
to be one of the richest people in the world.
I possibly could have been if I took that $20 million then.
I could have been a living, we could have this conversation
in Venezuela.
In a castle, in a palace.
Yeah, until it runs out and then the government
storms the castle.
Yeah.
Have you talked to Russ since?
No. No. I would, I'd be open to it.
I don't think he probably wants to hear from me.
And do you know where and in which prison he is?
I think he's somewhere out in Arizona.
I know he was in the one next to Supermax for a little while,
like the high security one that's like shares the fence
with Supermax, but I don't think he's there anymore.
I think he's out in Arizona.
I haven't seen him in a while.
I wonder if you can do interviews in prison.
That'd be nice.
Some people are allowed to, so I don't,
I've not seen an interview with him.
I know people have wanted to interview him about books
and that sort of thing.
Right. Because the story really blew up.
Did it surprise you?
How much the story and many elements of it blew up?
Movies.
It did surprise me.
Like my wife's uncle, who I didn't,
I've been married to my wife for 22 years now.
I don't think he knew my name and he was excited about that.
He reached out when Silk Road came out.
So he, you know, that was surprising to see.
Did you think the movie on the topic was good?
I didn't have anything to do with that movie.
I've watched it once.
It was kind of cool that Jimmy Simpson, you know,
was my name in the movie, but outside of that,
I thought it sort of missed the mark on some things.
When Hollywood, I don't think they understand
what's interesting about these kinds of stories.
And there's a lot of things that are interesting
and they missed all of them.
So for example, I recently talked to John Carmack,
who's a world-class developer and so on.
So Hollywood would think that the interesting thing
about John Carmack is some kind of like shitty,
like a parody of a hacker or something like that.
They would show like really crappy like emulation
of some kind of Linux terminal thing.
The reality is like the technical details
for five hours with him, for 10 hours with him,
is what people actually want to see,
even people that don't program.
They want to see a brilliant mind, the details that they're not,
even if they don't understand all the details,
they want to have an inkling of the genius there.
That's just one way I'm saying like,
that you want to reveal the genius,
the complexity of that world in interesting ways.
And to make a Hollywood almost parody caricature of it,
it just destroys the spirit of the thing.
So one, the Operation FBI is fascinating.
Just tracking down these people on the cyber security front
is fascinating.
The other is just how you run, tour,
how you run this kind of organization,
the trust issues of the different criminal entities involved,
the anonymity, the low hanging food,
the being shitty at certain parts on the technical front.
All of those are fascinating things.
That's what a movie should reveal.
It should probably be a series, honestly,
an ethnic series in the movie.
Yeah, one of the FX show or something like that,
kind of gritty, you know?
Yeah, gritty.
Exactly, gritty.
I mean, shows like Chernobyl from HBO made me realize,
okay, you can do a good job of a difficult story
and reveal the human side,
but also reveal the technical side
and have some deep, profound understanding on that case,
on the bureaucracy of a Soviet regime.
In this case, you could reveal the bureaucracy,
the chaos of a criminal organization,
of a law enforcement organization.
I mean, there's so much to explore.
It's fascinating.
I don't know.
Yeah, I like Chernobyl.
When I rewatch it, I can watch episode three, though,
the animal scene, the episode.
They go around shooting all the dogs and all that.
I got to skip that part.
You're a big softy, aren't you?
I really am.
Yeah.
I'm sure I'll probably cry at some point.
I love it.
I love it.
Listen, don't get me talking about that episode
you made about your grandmother.
Oh, my God, that was rough.
Just to linger on this ethical versus legal question,
what do you think about people like Aaron Schwartz?
I don't know if you're familiar with him,
but he was somebody who broke the law
in the name of an ethical ideal.
He downloaded and released academic publications
that were behind a paywall.
And he was arrested for that and then committed suicide.
And a lot of people see him certainly in the MIT community,
but throughout the world as a hero.
Because you look at the way scientific knowledge
is being put behind paywalls, it does seem somehow unethical.
And he basically broke the law to do the ethical thing.
Now you could challenge it, maybe it is unethical,
but there's a gray area and to me at least it is ethical.
To me at least he is a hero because I'm familiar with the paywall
created by the institutions that hold these publications.
They're adding very little value.
So it is basically holding hostage the work of millions
of brilliant scientists for some kind of honestly
a crappy capitalist institution.
Like they're not actually making that much money.
It doesn't make any sense to me.
To me it should all be open public access.
There's no reason it shouldn't be all publications should be.
So he stood for that ideal and it was punished harshly for it.
That's the other criticism, it's too harshly.
And of course deeply unfortunately that also led to a suicide
because he was also tormented on many levels.
Are you familiar with him?
What do you think about that line between what is legal
and what is ethical?
So it's a tough case.
I mean the outcome was tragic obviously.
Unfortunately when you're in law enforcement
your job is to enforce the laws.
If you're told that you have to do a certain case
and there is a violation of at the time 18 USC 1030
computer hacking, you have to press forward with that.
I mean you have to charge, you bring the case
to the Unistatarian Service Office
and whether they're going to press charges or not.
You can't really pick and choose what you press
and don't press forward.
I never felt that at least that flexibility
not in the FBI.
I mean maybe when you're a street cop
and you pull somebody over you can let them go with a warning.
So in the FBI you're sitting in a room
but you're also a human being, you have compassion.
You arrested Ross and the hand on the chest.
I mean that's a human thing.
So there's a...
But I can't be the jury for whether it was a good hack
or a bad hack.
It's all someone, a victim has come forward
and said we're the victim of this.
And I agree with you because again
the basis of the internet was to share academic thought.
I mean that's where the internet was born.
But it's not up to you.
So the role of the FBI is to enforce the law.
Correct.
And there's a limited number of tools
on our Batman belt that we can use.
Not to get into all the aspects of the Trump case
and Mar-a-Lago and the documents there.
I mean the FBI only has so many tools they can use
and a search warrant is the only way they could get in there.
I mean that's it.
There's no other legal document or legal way
to enter and get those documents.
What do you think about the FBI and Mar-a-Lago
and the FBI taking the documents for Donald Trump?
You know it's a tough spot.
It's a really tough spot.
The FBI's gotten a lot of black eyes recently.
And I don't know if it's the same FBI
that I remember when I was there.
Do you think they deserve it in part?
Was it done clumsily?
The rating of the former presidents, residents?
Yeah, it's tough.
Because again they're only limited
to what they're legally allowed to do
and a search warrant is the only legal way of doing it.
I have my personal and political views on certain things.
And I think it might be surprising to some
where those political points stand.
You told me offline that you're a hardcore communist.
That was very surprising to me.
Well that's only when you tried to bring me
into the Communist Party.
Yeah, exactly.
I was trying to recruit you.
I was giving you all kinds of flyers.
Okay, but you said like people in the FBI
are just following the law
but there's a chain of command and so on.
What do you think about the conspiracy theories
that some small number of people inside the FBI
conspired to undermine the presidency of Donald Trump?
If you were to ask me when I was inside
and before all this happened,
I would say it could never happen.
I don't believe in conspiracies.
There's too many people involved.
Some of these are going to come out
with some sort of information.
But I mean, from the more the stuff that comes out,
it's surprising that agents are being fired
because of certain actions they're taking inside
and being dismissed because of politically motivated actions.
So do you think it's explicit or just pressure?
Do you think there could exist just pressure
at the higher ups that has a political leaning
and you kind of maybe don't explicitly order
any kind of thing but just kind of pressure people
to lean one way or the other and then create a culture
that leans one way or the other based on political leanings?
You would really, really hope not,
but that seems to be the narrative that's being written.
But when you were operating,
you didn't feel that pressure?
Man, I was such at a low level.
I had no aspirations of being a boss.
I wanted to be a case agent my entire life.
So you love the puzzle of it, the chase?
I love solving things, yeah,
to be in management and manage people and all that
and no desire whatsoever.
What do you think about Mark Zuckerberg
on Joe Rogan's podcast saying that the FBI warned Facebook
about potential foreign interference?
And then Facebook inferred from that
that they're talking about Hunter Biden laptop story
and thereby censored it.
What do you think about that whole story?
Again, you asked me when I was in the FBI,
I wouldn't believed it from being on the inside
and I wouldn't believe these things,
but there's a certain narrative being written
that is surprising to me that the FBI is involved
in these stories.
So, but the interesting thing there is the FBI
is saying that they didn't really make that implication.
They're saying that there's interference activity happening.
Just watch out.
And it's a weird relationship between FBI and Facebook.
You could see from the best possible interpretation
that the FBI just wants Facebook to be aware
because it is a powerful platform,
a platform for viral spread of misinformation.
So in the best possible interpretation of it,
it makes sense for FBI to send some information saying
like we were seeing some shady activity.
Absolutely.
But it seems like all of that somehow escalated
to a political interpretation.
I mean, yeah, it sounded like there was a wink-wink with it.
I don't know if Mark meant for that to be that way.
Again, are we being social engineered
or was that a true expression that Mark had?
And I wonder if the wink-wink is direct or it's just culture.
It may be certain people responsible on the Facebook side
have a certain political lean.
And then certain people on the FBI side
have a political lean when they're interacting together.
And it literally has nothing to do with a giant conspiracy theory
but just with a culture that has a particular political lean
during a particular time in history.
And so maybe it could be a Hunter Biden laptop one time
and then it could be whoever, Donald Trump Jr.'s laptop.
Another time.
It's a tough job.
I mean, if you're the liaison,
if you're the FBI's liaison to Facebook,
you know, there are certain people
that I'm sure they were offered a position at some point.
It seems, you know, there's FBI agents that go,
I know a couple that's gone to Facebook.
This is a really good agent that now leads up
their child exploitation stuff.
Another squadmate runs their internal investigations,
both great investigators.
So, you know, there's good money,
especially when you're an FBI agent that's capped out at a,
you know, a 1310 or whatever pay scale you're capped out at.
It's alluring to be, you know, maybe want to please them
and be asked to join them.
Yeah.
And over time that corrupts,
I think there has to be an introspection in tech companies
about the culture that they develop,
about the political ideology, the bubble.
It's interesting to see that bubble.
Like, I've asked myself a lot of questions.
I've interviewed the Pfizer CEO,
which seems now a long time ago.
And I've gotten a lot of criticism,
the positive comments, but also criticism from that conversation.
And I did a lot of soul searching
about the kind of bubbles we have in this world.
And it makes me wonder, pharmaceutical companies,
they all believe they're doing good.
And I wonder, because the ideal they have is to create drugs
that help people and do so at scale.
And it's hard to know at which point that can be corrupted.
And it's hard to know when it was corrupted
and if it was corrupted and where,
which drugs and which companies and so on.
And I don't know.
I don't know that complicated.
It seems like inside a bubble you can convince yourself
if anything is good.
People inside the Third Reich regime
were able to convince themselves.
I'm sure many, just Bloodlands,
there's another book I've been recently reading about it.
And the ability of humans to convince
they're doing good when they're clearly murdering
and torturing people in front of their eyes is fascinating.
They're able to convince themselves they're doing good.
It's crazy.
There's not even an inkling of doubt.
I don't know what to make of that.
It has taught me to be a little bit more careful
when I enter into different bubbles
to be skeptical about what's taken as an assumption of truth.
You always have to be skeptical about what's assumed as true,
is it possible it's not true?
If you're talking about America,
it's assumed that in certain places that surveillance is good.
Well, let's question that assumption.
Yeah.
And also it inspired me to question my own assumptions
that I hold this true constantly.
Constantly. It's tough.
But you don't grow.
You're static and not grow.
You have to question yourself on some of these things
if you want to grow as a person.
Yeah, for sure.
Now, one of the tough things actually
of being a public personality when you speak publicly
is you get attacked all along the way as you're growing.
And in part, a big softie as well, if I may say.
And it hurts.
Do you pay attention to it?
Yeah.
Yeah, it's very hard.
I have two choices.
One, you can shut yourself off from the world and ignore it.
I never found that compelling, this kind of idea of
like, haters gonna hate.
This idea that anyone with a big platform
or anyone's ever done anything was always gotten hate.
Okay, maybe.
But I still want to be vulnerable where my heart and my sleeve
don't really show myself, like open myself to the world,
really listen to people.
And that means every once in a while, somebody will say something
that touches me in a way that's like, what if they're right?
Do you let that hate influence you?
I mean, can you be bullied into a different opinion
than you think you really are just because of that hate?
No, no, I believe not.
But it hurts in a way that's hard to explain.
Yeah, it gets to like, it shakes your faith in humanity
actually, is probably why it hurts.
Like people that call me a Putin apologist
or Zelensky apologist, which I'm currently getting
almost an equal amount of, but it hurts.
It hurts because it damages slightly my faith in humanity
to be able to see the love that connects us
and then to see that I'm trying to find that.
And that's I'm doing my best in the limited capabilities
I have to find that.
And so to call me something like a bad actor essentially
from whatever perspective, it just makes me realize,
well, people don't have empathy and compassion for each other.
And it makes me question that for a brief moment.
And that's like a crack and it hurts.
How many people do this to your face?
Very few.
It's online e-muscles, man.
I have to be honest, it happens.
Because I've hung around with Rogan enough,
when your platform grows, there's people that will come up to Joe
and say stuff to his face that they forget.
They still, they forget he's actually a real human being.
They'll make accusations about him.
So does that cause him to wall himself off more?
No, he's pretty gangster on that.
But yeah, it's still hurts.
If you're human, if you really feel others,
I think that's also the difference with Joe and me.
He has a family that he deeply loves
and that's an escape from the world for him.
There's a loneliness in me that I'm always longing
to connect with people and with regular people
just to learn their stories and so on.
And so if you open yourself up that way,
the things they tell you can really hurt in every way.
Like me going to Ukraine, just seeing so much loss and death,
some of it is like, I mean, unforgettably haunting.
Not in some kind of political way, activist way,
or who's right, who's wrong way,
but just like, man, so much pain.
You see it and it just stays with you.
When you see a human being bad to another human,
you can't get rid of that in your head.
You can't imagine that we can treat each other like that.
That's the hard part, I think.
I mean, for me it is.
When I saw parents, when I did the child exploitation stuff,
when they rented their children out,
they literally rented infant children out
to others for sexual gratification.
I don't know how a human being could do that
to another human being.
And that sounds like the kind of thing you're going through.
I mean, I went through a huge funk
when I did those cases afterwards.
I should have talked to somebody,
but in the FBI, you have to keep that machismo up
or they're going to take your gun away from you.
Well, I think that's examples of evil
that that's like the worst of human nature.
War is just as bad, I mean.
Somehow war, it's somehow understandable
given all the very intense propaganda that's happening.
So you can understand
that there is love in the heart of the soldiers on each side
given the information they're given.
There's a lot of people on the Russian side
believe they're saving these Ukrainian cities
from Nazi occupation.
Now, there is stories.
There is a lot of evidence of people for fun murdering civilians.
Now, that is closer to the things you've experienced
of like evil embodied.
And I haven't interacted with that directly
with people who for fun murder civilians.
But you know it's there in the world.
You're not naive to it.
Yes, but if you experience that directly,
if somebody shot somebody for fun in front of me,
that would probably break me.
Like seeing it yourself.
Knowing that it exists is different than seeing it yourself.
Now, I've interacted with the victims of that
and they tell me stories
and you see their homes destroyed.
Destroyed for no good military reason.
It's civilians with civilian homes being destroyed.
That really lingers with you.
Yeah, the people that are capable of that.
That goes with the propaganda.
I mean, if you were to build a story,
you have to have on the other side,
the homes are going to be destroyed.
The non-military targets are going to be destroyed.
To put it in perspective,
I'm not sure a lot of people understand the deep human side
or even the military strategy side of this war.
There's a lot of experts outside of the situation
that are commenting on it with certainty.
And that kind of hurts me
because I feel like there's a lot of uncertainty.
There's so much propaganda.
It's very difficult to know what is true.
Yeah, so my whole hope was to travel to Ukraine,
to travel to Russia, to talk to soldiers,
to talk to leaders, to talk to real people
that have lost homes, that have lost family members,
that who this war has divided,
who this war changed completely, how they see the world.
They have love or hate in their heart to understand their stories.
I've learned a lot on the human side of things
by having talked to a lot of people there.
But it has been on the Ukrainian side for me currently.
Traveling to the Russian side is more difficult.
Let me ask you about your now friend.
Can we go as far as to say his friend?
In Sabu in Hektor, Moscow.
What's the story?
What's the long story with him?
Can you tell me about what is Losek?
Who is Sabu?
And who's Anonymous?
What is Anonymous?
Where's the right place to start that story?
Probably Anonymous.
Anonymous is a decentralized organization.
They call themselves Headless.
But once you look into them a little ways,
they're not really headless.
The power struggle comes with whoever has a hacking ability.
That might be your good hacker,
or you have a giant botnet used for DDoS.
So you're going to wield more power if you can control where it goes.
Anonymous started doing their hacktivism stuff in 2010 or so.
The word hack was in the media all the time then.
Right around then, there was a federal contractor named HB Gary Federal.
Their CEO was Aaron Barr.
Aaron Barr said he was going to come out and de-anonymize Anonymous.
He's going to come out and talk at Black Hat or Def Con or one of those
and say who they are.
He figured it out based on when people were online,
when people were in IRC, when tweets came out.
There was no scientific proof behind it or anything.
So he's just going to falsely name people that were in Anonymous.
So Anonymous went on the attack.
They went and hacked in HB Gary Federal and they turned his life upside down.
They took over his Twitter account and all that stuff pretty quickly.
I have very mixed feelings about all of this.
Okay.
I get, like part of me admires the positive side of the hacktivism.
Okay.
Is there no room for admiration there of the fuck you to the man?
Not at the time.
Again, there was a violation, 18 USC 1030.
So it was my job.
So at the time, no, in retrospect, sure.
But what was the philosophy of the hacktivism?
The philosophically, were they at least expressing it for the good of humanity or no?
They outwardly said that they were going to go after people that they thought were corrupt.
So they were judging jury on corruption.
They were going to go after it.
Once you get inside and realize what they were doing, they were going after people that they had an opportunity to go after.
So maybe someone had a zero day and then they searched for servers running that zero day.
And then from there, let's find a target.
I mean, one time they went after a toilet paper company.
I still don't understand what that toilet paper company did, but it was an opportunity to make a splash.
Is there some way for the joke, for the lulls?
It developed into that.
So I think the hacktivism and the anonymous stuff wasn't so much for the lulls.
But from that HB Gary Federal hack, then there were six guys that worked well together and they formed a crew, a hacking crew.
And they kind of split off into their own private channels.
And that was lullsack or laughing at your security was their motto.
So that's LULZSEC, lullsack.
Of course it is.
Lullsack.
And who founded that organization?
So Kayla and Sabu were the hackers of the group.
And so they really did all the work on HB Gary.
These are code names.
Yeah, they're online names.
They're NICS.
And so, you know, that's all they knew each other as.
They talked as those names.
And they worked well together and so they formed a hacking crew.
And that's when they started the, at first they didn't name it this, but it was the 50 days of lulls where they would just release major, major breaches.
And it stirred up the media.
I mean, they put hacking in on the media every day.
They had 400 or 500,000 Twitter followers.
You know, and it was kind of interesting.
But then they started swinging at the beehive and they took out some FBI affiliated sites.
And then they started fuck FBI Fridays, where every, every Friday they would release something.
And we waited it for a bated breath.
I mean, they had us hookline and sinker pissed.
We were waiting to see what was going to be dropped every Friday.
It was, it's a little embarrassing looking back on it now.
And this is in their early 2010s.
Yeah, this was 2010, 2011 around there.
Who actually linger on anonymous?
What, do you still understand what the heck is anonymous?
It's just a place where you hang out.
I mean, it's just, it started on 4chan, 1daychan and then it's really just anyone.
You could be an anonymous right now if you wanted to.
Just you're in there hanging out in the channel now.
You're probably not going to get much cred until you work your way up and prove who you are or someone vouches for you.
But anybody can be an anonymous and you can leave anonymous.
What's the leadership of anonymous?
Do you have a sense that there is a leadership?
There's a power play.
Is that someone that says this is what we're doing?
I love the philosophical and the technical aspect of all of this.
But I think there is a slippery slope to where for the lulls, you can actually really hurt people.
That's the terrifying thing.
When you attach, I'm actually really terrified of the power of the lull.
The fun thing somehow becomes a slippery slope.
I haven't quite understood the dynamics of that.
But even in myself, if you just have fun with the thing, you lose track of the ethical grounding of the thing.
And so it feels like hacking for fun can just literally lead to nuclear war.
Like literally destabilize.
Yada, yada, yada nuclear war, I could say.
So I've been more careful with the lull.
Yeah, I've been more careful about that.
And I wonder about it because in internet speak, somehow ethics can be put aside through the slippery slope of language.
I don't know. Everything becomes a joke.
If everything's a joke, then everything's allowed and everything's allowed, then you don't have a sense of what is right and wrong.
You lose sense of what is right and wrong.
You still have victims.
I mean, you're laughing at someone.
It's the butt of this joke, you know, whether it's major corporations or the individuals.
I mean, some of the stuff they did was just, you know, releasing people's PII and their personal identifying information and stuff like that.
I mean, is it a big deal?
I don't know.
Maybe, maybe not.
But, you know, if you could choose to not have your information put out there, probably wouldn't.
We do have a sense of what anonymous is today.
Has it ever been one stable organization or is it a collection of hackers that kind of emerge for particular tasks, for particular, like, hacktivism tasks and that kind of stuff?
It's a collection of people that has some hackers in it.
There's not a lot of big hackers in it.
I mean, there's some that will come bouncing and bounce out.
Even back then, there was probably just as many reporters in it, people of the media in it, with the hackers at the time, just trying to get the inside scoop on things.
You know, some giving the inside scoop.
You know, we arrested a reporter that gave over the username and password to his newspaper and, you know, just so he could break the story.
He trusted him.
Speaking of trust, reporters, boy, there's good ones.
There's good ones.
There are.
There are.
But, boy, do I have a complicated relationship with them.
How many stories about you are completely true?
You can just make stuff up on the internet.
And one of the things that, I mean, there's so many fascinating psychological, sociological elements of the internet to me.
One of them is that you can say that Lex is a lizard, right?
And if it's not funny, so lizard is kind of funny, what should we say?
Lex has admitted to being an agent of the FBI.
Okay.
You can just say that, right?
All right.
And then the response that the internet would be like, oh, is that true?
I didn't realize that.
They won't go like provide evidence, please, right?
They'll just say like, oh, that's weird.
I kind of thought he might be kind of weird.
And then it piles on.
It's like, hey, hey, hey guys, like here's a random dude on the internet just said a random thing.
You can't just like pile up.
Johnny6969 is now a source that says.
And then like the thing is I'm a tiny guy, but when it grows, if you're like have a big platform,
I feel like newspapers will pick that up and then they'll like start to build on a story.
And you never know where that story really started.
It's so cool.
I mean, to me, actually, honestly, it's kind of cool that there's a viral nature of the internet that can just fabricate truth completely.
I think we have to accept that new reality and try to deal with it somehow.
You can't just like complain that Johnny69 can start a random thing.
But I think in the best possible world, it is the role of the journalist to be the adult in the room and put a stop to it versus look for the sexiest story so that there could be clickbait that can generate money.
Journalism should be about sort of slowing things down, thinking deeply through what is true and not and showing that to the world.
I think there's a lot of hunger for that.
And I think that would actually get the most clicks in the end.
I mean, it's that same pressure I think we're talking about with the FBI and with the tech companies about controllers.
I mean, the editors have to please and get those clicks.
I mean, they're measured by those clicks.
So, you know, I'm sure the journalists, the true journalists, the good ones out there want that, but they want to stay employed too.
Can I actually ask you really, as another tangent, the Jared and others, they're doing undercover.
In terms of the tools you have for catching cybersecurity criminals, how much of is undercover?
Undercover is a high bar to jump over.
You have to do a lot to start an undercover in the FBI.
There's a lot of thresholds.
So, it's not your first investigative tool step.
You have to identify a problem and then show that the lower steps can't get you there.
But I mean, I think we had an undercover going on in the squad about all times when one was being shut down or taken down.
We were spinning up another one.
So, it's a good tool to have, you know, and utilize.
There are a lot of work.
I don't think if you run one, you'll never run another one in your life.
So, it's like psychologically, there's a lot of work just technically, but also psychologically.
It's 24-7, you're inside that world.
You have to know what's going on and what's happening.
You have to remember who you are when you're, because you're a criminal online.
You have to go to a special school for it too.
Was that ever something compelling to you?
I went through the school, but I'm a pretty open and honest guy.
So, it's tough for me to build that wall of lies.
Maybe I'm just not smart enough to keep all the lies straight.
Yeah, but a guy who's good at building up a wall of lies would say that exact same thing.
Exactly.
It's so annoying the way truth works in this world.
It's like people have told me, like, because I'm trying to be honest and transparent, that's exactly what an agent would do, right?
But I feel like an agent would not wear a suit and tie.
I wear a suit and tie every day.
I was a suit and tie guy.
You wore?
Yeah, every day.
I remember one time I wore shorts in and the SAC came in.
And this was when I was a rock star at the time in the bureau.
And I had shorts in and I said, sorry, ma'am, I apologize for my attire.
And she goes, you could wear bike shorts in here.
I wouldn't care.
I was like, oh, shit.
That sounds nice.
I never wore the bike shorts, but...
Yeah.
But I see a suit and tie is constraining.
I think it's liberating in sorts.
It's like shows that you're taking the moment seriously.
Well, not just that, people wanted it.
I mean, people expected when you're not...
You are dressed like a perfect FBI agent.
When someone knocks on their door, that's what they want to see.
They want to see what Hollywood built up is what an FBI agent is.
You show up like my friend Ilwan.
He was dressed always in t-shirts and shorts.
People aren't going to take him serious.
They're not going to give him what they want.
I wonder how many places I can just show up and say I'm from the FBI and start interrogating them.
I could have barred.
Probably.
Definitely if they've had a few drinks.
You could definitely.
Well, but people are going to recognize you.
That's the only problem.
That's another thing.
You start taking out big cases.
You can't wear cases anymore in the FBI.
That's true.
Your face gets out there.
Your name too?
Yeah.
Yeah.
Well, actually, let me ask you about that before we return to our friend Sabu.
Okay.
You've tracked and worked on some of the most dangerous people in this world.
Have you ever feared for your life?
So, I had to make a really, really shitty phone call one time.
I was sitting in the bureau and this was right after Silk Road and Jared called me.
He was back in Chicago and he called me and said, hey, your name and your kid's name
were on a website for an assassination.
They're paying to have you guys killed.
Now, these things happen on the black market.
They come up and people debate whether they're real or not, but we have to take it serious.
Everyone's paying to have me killed.
So I had to call my wife and we have a word in that if I said this word and we only said
it one time to each other, if I said this word, this is serious.
Drop what you're doing and get to the kids.
So I had to drop the word to her.
I could feel the breath come out of her because she thought her kids were in danger at the
time they were.
I wasn't in a state of mind to drive myself, so an agent on the squad, a girl named Evelina,
she drove me.
Lights and sirens all the way to my kid's school and we had called the school.
We were in a lockdown.
Nobody should get in or out, especially someone with a gun.
The first thing they did was let me in the building with a gun.
So I was a little disappointed with that.
My kids were, I think kindergarten and fifth grade or somewhere around there, maybe they're
closer second year, I'm not sure where, but all hell broke loose and we had to from there
go move into a safe house.
I live in New York City, NYPD surrounded my house, the FBI put cameras outside my house.
You couldn't drive into my neighborhood without like your license plate being read.
Hey, why is this person here?
Why is that person there?
I got to watch my house on an iPad while I sat at my desk, but again, I put my family
through that and it scared the shit out of them.
And that's to be honest, I think that's sort of my mother-in-law's words were, I thought
you did cybercrime because during the road, I didn't tell my family what I was working
on.
I'll talk about that sort of.
I want to escape that.
I don't want to be there.
I remember that like so when I was in the FBI, like driving in, I used to go in at 4.30
every morning because I get to go to the gym before I go to the desk.
I'd be at the desk at seven, so in the gym at five, a couple hours and then go.
The best time I had was that drive-in in the morning where I could just be myself.
I listened to a sports podcast out of DC and we talked about sports and the nationals
and whatever it was, the capitals.
It was great to not think about Silk Road for 10 minutes.
But that was my best time.
But yeah, again.
Yeah, I've had that move into the safe house.
I left my MP5 at home.
That's the Bureau's machine gun, showed my wife to just pull and spray.
But how often did you live or work and live with fear in your heart?
It was only that time.
I mean, for actual physical security, then I mean, after the anonymous stuff, I really
tightened down to my cybersecurity, I don't have social media.
I don't have pictures of me and my kids online.
If I go to a wedding or something, I say, I don't take my picture with my kids if you're
going to post it someplace or something like that.
So that sort of security I have.
But just like everybody, you start to relax a little bit and security breaks down because
it's not convenient.
It's also part of your job, so you're much better at, let me do your job now and your
job before.
So you're probably much better at taking care of the little hanging fruit at least.
I understand the threat.
And I think that's what a lot of people don't understand is understanding what the threat
against them is.
So I'm aware of that and what possibly, and I think about it, I think about things.
I do remember, so you tripped a memory in my mind.
I remember a lot of times, and I had a gun on my head, but I still carry a gun to this
day, opening my front door and being concerned what was on the other side, walking out of
the house because I couldn't see it.
I remember those four o'clock's, heading to the car, I was literally scared.
Yeah.
I mean, having seen some of the things you've seen, it makes you perhaps question how much
evil there is out there in the world.
How many dangerous people are there out there?
Crazy people, even.
There's a lot of crazy, there's a lot of evil.
Most people, I think, get into cybercrime or just opportunistic, not necessarily evil.
They don't really know, maybe think about the victim, they just do, it's a crime of opportunity.
I don't label that as evil.
One of the things about America that I'm also very happy about is that rule of law, despite
everything we talk about, it's tough to be a criminal in the United States.
If you walk outside of your house, you're much safer than you are in most other places
in the world.
You're safer, and the system's tougher.
I mean, Losec, six guys, one guy in the United States, five guys other places, Hector was
facing 125 years.
Those guys got slapped on the wrist and went back to college.
Different laws, different places.
Who's Hector?
Tell me the story of Hector.
This Losec organization was started, so Hector was before that, he was in part anonymous,
he was doing all kinds of hacking stuff, but then he launched Losec.
He's an old school hacker.
He learned how to hack, and I don't want to tell his story, but he learned to hack because
he grew up in the Lower East Side of New York, and picked up some NYPD computers that were
left on the sidewalk for trash, taught himself how to hack.
He doesn't exactly look like a hacker.
For people who don't know, he looks, I don't know exactly what he looks like, but not like
a technical, not what you would imagine, but perhaps that's a Hollywood portrayal.
Yeah, I think you get in trouble these days saying that what a hacker looks like.
I don't know if they have a traditional look.
Just like I said, Hollywood has an idea, an FBI looks like, I don't think you can do
that anymore.
I don't think you can say that anymore.
Well, he certainly has a big personality and charisma and all that kind of stuff.
That's Sabu.
I can see him selling me anything.
That's Sabu.
That's convincing me of anything.
Two different people.
There's Sabu and there's Hector.
Hector is a sweet guy.
He likes to have intellectual conversations, and that's just the thing.
He'd rather just sit there and have a one-on-one conversation with you.
But Sabu, that's a ruthless motherfucker.
And you first met Sabu.
I was tracking Sabu.
That's all I knew was Sabu.
I didn't know Hector.
So when did your paths cross in terms of tracking?
When did you first take on the case?
The spring of 11.
So it was through Anonymous.
Through Anonymous.
Well, really kind of LowlSec.
LowlSec was a big thing, and it was pushed out to all the 56 field offices in the FBI.
Most of them have cyber squads or cyber units.
And so it was being pushed out there, and it was in the news every day, but it really
wasn't ours.
So we didn't have a lot of victims in our AOR area of responsibility.
And so we just kind of pay attention to it.
Then I got a tip that a local hacker in New York had broken into AOL.
And so Olivia Olson and I, she's another agent who she's still in.
She's a supervisor out in LA.
She's a great agent.
We went all around New York looking for this kid just to see what we can find and ended
up out in Staten Island at his grandmother's house.
She didn't know where he was, obviously.
Why would she?
But I left my card.
He gave me a call that night and started talking to me.
And I said, let's just meet up tomorrow at the McDonald's across from 26 Fed.
And he came in and three of us sat there and talked and gave me a stuff.
He started telling me about the felonies he was committing those days, including that
break in day O.L.
And then he finally says, I can give you Sabu.
And Sabu to us was the Kaiser Sozevagon.
He was our guy.
He was the guy that was in the news that was pissing us off.
So he was part of the FBI Fridays?
Sabu was, yeah.
Oh, he led it.
Yeah, he was the leader of fuck FBI Fridays.
So yeah.
Well, it was one of the more memorable F, the triple F's.
I said, how do you get, how and why do you go after the beehive?
That's kind of intense.
You get you on the news.
It gets you, it's the lulls.
It's funnier to go after the big ones.
You know, and they weren't getting like real FBI.
They weren't breaking into FBI mainframes or anything, but they, you know, they were,
you know, affiliate sites or anything that had to, a lot of law enforcement stuff was
coming out.
So, but, you know, we looked back.
And so if this kid knew that Sabu, we, maybe there was a chance we could use him to lure
Sabu out.
But we also said, well, maybe this kid knows Sabu in real life.
And so we went and looked through the IPs and 10 million IPs, we find one and it blogged
to him.
And that, that day Sabu, someone had doxxed Sabu and we were a little afraid he was going
to be on the run.
We had a surveillance team and FBI surveillance teams are awesome.
Like you cannot even tell their FBI agents, it's, it's, it's, they are really that good.
I mean, there's baby strollers and all, whatever you wouldn't expect an FBI agent to have.
So that's a little like the movies.
A little bit.
Yeah.
I mean, it is true, but, but they fit into the area.
So now they're on the Lower East side, which is, you know, a baby stroll might not fit
in there as well.
You know, somebody's laying on the ground or something like that.
They really get, play the character and get into it.
So now I can never trust a baby stroller.
Yeah.
Well, probably should.
Every, every baby.
I'm just like, look at, stare at them suspiciously.
Especially if the moms were in cargo pants while she pushes it.
So.
Yeah.
So if it's like a very stereotypical mom, stereotypical baby, I'm going to be very suspicious.
I'm going to question the baby.
He's wired, be careful.
You know, we raced out there and like our squad's not even full.
There's only a few guys there.
And like I said, I was, I was a suit guy, but that day I had shorts and a T-shirt on
and a white T-shirt on.
And I only bring it up cause Cebu makes fun of me to this day.
So I had a bulletproof vest and a white T-shirt on and that was it.
I shorts too and all that, but raced over to there.
We didn't have any equipment.
We brought our bosses, bosses, boss.
He stopped off at NYPD, got us like a ballistic shield and a, and a battering ram if we needed
it.
And then we get to Hector's house, Cebu's house and he's on the sixth floor.
And so normally, you know, we're the, the cyber dork squad will hop in the elevator.
Six floors is a long ways to go up and bulletproof vest and a ballistic shield, but, but we had
been caught in elevator before on a search.
So we, we, we didn't took the stairs.
We get to the top, a tad winded, but a knock on the door and this big towering guy opens
the door just slightly and he sees the green vest with big yellow letters, FBI and he steps
outside.
Can I help you?
You know, it tries to social engineer us, but eventually we get our way inside the house.
You know, I noticed a few things that are kind of out of place.
There's a laptop charger and a flashing modem and I said, well, do you have a computer here?
And he says, no, there's no computer here.
So we knew the, the, the truce and then the half lies and all that sort of thing.
So it took us about another two hours and finally gave up that he was Cebu.
He was the guy we were looking for.
So we sat there and we kind of showed him sort of the evidence we had against him.
And you know, from his words, we sat there and talked, talked like two grown adults and
you know, I gave him the options and he said, well, let's, let's talk about working together.
So he chose to become an informant.
I don't think he chose that night, but that's where it kind of went to.
So then we brought him down to the FBI that night, which was, it was a funny trip because
I'm sitting in the back seat of the car with him.
And I was getting calls from all over the US from different FBI agents saying that we
arrested the wrong guy.
And I was like, I don't think so.
And they're like, why do you think so?
I was like, because he says it's him.
And they still said, no, it's the wrong guy.
So I said, well, we'll see how it plays out.
It's interesting because it's such a strange world.
It's such a strange world because it's tough to, because you still have to prove it's the
same guy, right?
Because the anonymity.
Yeah.
I mean, we had his laptop by that, you know, that point.
Yeah, I know.
He was saying that helped.
Again, in my clue in my world.
Yeah.
Yeah.
But yeah, if he would have fought it, I mean, that definitely would have come in as evidence
that ever if the agents are saying it's not him, you have to disclose that.
That stuff.
So you had a lot of stuff on him.
What was he facing if he was facing 125 years 125 years in prison?
That's that.
No, that's if you took every charge we had against him and put him, you know, consecutively.
No, no one ever gets charged that.
But yeah, he had essentially it would have been 125 years.
You know, fast forward to the end.
He got thanked by the judge for service after nine months.
And he walked out of the court of free man.
But that's being while being an informant.
Yes.
Well, so the word informant here really isn't that good.
It's not fitting that technically, I guess that's what he was, but he didn't know the
other people was all and all.
He knew nicks and all that.
He really gave us the insight of what was happening in the hacker world.
Like I said, he was an old school hacker back when hackers didn't work together with anonymous.
You know, he was down, you know, a cult of dead cow and those type guys like way back.
He was around for that.
He's like an encyclopedia of hacking.
But you know, we just like his prime was in the nineties for terror hack.
But yeah, he kind of came back when, uh, when anonymous started going after MasterCard and
PayPal and all that to the WikiLeaks stuff.
But even even that little interaction being an informant, he probably made a lot of enemies.
This, how do you protect a guy like that?
He made enemies after it was revealed.
How does the FBI protect him?
Good luck.
Uh, I mean, perhaps I'll talk to him one day, uh, but, uh, is that guy afraid for his life?
I, again, I think he doesn't seem like it.
He has very good security, uh, for himself, cyber security.
Um, but you know, I, yeah, he doesn't like the negative things said about him online.
Uh, I don't think anybody does, um, but, you know, I think it's so many years of the
internet kind of bitching at you and all that.
You get callous to, it's just internet bitching.
And also the, the hacking world moves on very quickly.
He has kind of, um, yeah, like they're, they're, they have their own wars to fight now and
he's not part of those wars anymore.
There's still people out there that bitch and moan about him, but, but yeah, I think
it's less.
Um, I think, you know, and he, he has a good message out there of, you know, he, he, he
is trying to keep kids from making the same mistakes he made.
He tries to really preach that.
How do people get into this line of work?
Is there all kinds of ways being, uh, not, not, not your line of work, his line of work.
It's just all the stories you've seen of people that are in anonymous and lullsack and silk
road and all the cyber criminals you've interacted with, what's, uh, what's the profile of a
cyber criminal?
I don't think there's a profile anymore.
You know, I used to be able to say, you know, the kid in your mom's basement or something
like that, but it's not true anymore.
You know, like it's, it's, it's wide and it's like, I've arrested, I've arrested people
that you wouldn't expect would be cyber criminals and it's in the United States.
It's international.
It's everything.
Oh, it's international.
I mean, we're seeing a lot of the big hack hackers now, the big arrests for hackers in
England.
Surprisingly, you know, there's, you know, you're not going to see there's a lot of good
hackers like down in Brazil, but I don't think Brazil law enforcement is as good to
hunt them down.
So you're not going to see the big arrests.
How much state-sponsored, uh, cyber attacks are there, do you think?
More than you can imagine.
And what, wait a minute, what do you want to say an attack, a successful attack or just
a probing?
A probing for information, just like feeling, you know, testing that there's where the attack
factors are, trying to collect all the possible attack.
Put a Windows 7 machine on the internet, forward-facing and put a, put a packet sniffer
on there and look at where the traffic comes from.
I mean, in 24 hours, you were going to fill up a hard drive with packets just coming at
it.
Yeah.
I mean, it's, it's not hard to, to know.
I mean, it's just constantly probing for entry points into things, you know, you could,
you could go mad putting up honeypot, draws in intrusions, should I, should I see what
metatology is?
Just to see what's out there.
Yeah.
And it doesn't go anywhere.
It maybe has fake information and stuff like that.
You know, it's, it's kind of to, to see what's going on and judge what's happening on the
internet.
Get a, you know, like your finger and test the wind of what's happening these days.
The funny thing about like, because I'm at MIT, that attracted even more attention for
the, not for the laws, but for the technical challenge.
It seems like people enjoy hacking MIT.
Just the amount of traffic MIT was getting for that in terms of just the sheer number
of attacks from different places is crazy.
Yeah.
Like just like that, putting up on machine, seeing what comes.
NASA used to be the golden ring.
Now everybody got NASA.
That was like the early nineties.
If you can hack NASA, that was the, now, yeah, MIT is a big one.
Yeah.
It's fun.
It's fun to see.
Respect.
Cause I think in that case, it comes from a somewhat good place because, you know, they're
not getting any money from MIT.
It's more for the challenge.
Well, let me ask you about that.
About this world of cyber security.
How big of a threat are cyber attacks for companies and for individuals?
Like, let's lay out, where are we in this world?
What's out there?
It's the wild, wild West and it's, it's, it's, I mean, people want the idea of security,
but it's inconvenient so they don't, they push back on it.
And there are a lot of opportunistic nation state financially motivated hackers, hackers
for the walls.
You got three different tiers there and they're, they're on the prowl.
They have tools.
They have really good tools that are being used against us.
And at what scale?
So when you're thinking of, I don't know what's, let's talk about companies first.
So say you're, you're talking to a mid-tier, I wonder what the most interesting business
is.
So Google, let's, let's, we can look at large tech companies or we can look at medium size
tech companies and like you were sitting in a room with a CTO, with a CEO.
And the question is how fucked are we and what should we do?
What's the low hanging fruit?
What are the different strategies and those companies should consider?
I mean, the problem is they want to push button, they want to, they want to out of the box
solution that I'm secure, you know, they want to tell people they're secure, but
And that's very challenging to have.
It's impossible.
But if I could, if someone had it, they'd be a billionaire, you know, they'd be beyond
a billionaire, you know, because that's what everybody wants.
So it's, you know, you can buy all the tools you want.
It's configuring them the proper way.
And there's, if anyone's trying to tell you that there's one solution that fits all their
stakeholders' assessment, and there's a lot of people in cybersecurity that are staying
at their stakeholders' assessment.
Yeah.
And I feel like there's tools, if they're not configured correctly, they just introduce,
they don't increase security significantly and they introduce a lot of pain for the people.
They decrease efficiency of the actual work you have to do.
So like we had, I was a Google for a time and I think mostly I want to give props to
their security efforts, but user data, so like data that belongs to users is like the
holy, like the amount of security they have around that is incredible.
So most, anytime I had to work with anything even resembling user days, I never got a chance
to work with actual user data, anything resembling that, first of all, you have no access to
the internet.
It's impossible to even come close to the access to the internet.
And there's so much pain to actually like interact with that data where it, I mean,
it was extremely inefficient in places where I thought it didn't have to be that inefficient.
The security was too much, but I have to give respect to that because you, in that case,
you want to err on the side of security, but that's Google, they were doing a good job
with this.
The reputational harm, if it got out, I mean, Google, you know, why is Google drive free,
you know, because they want your data, they want you to park your data there.
So, you know, if they got hacked or leaked information, the reputational harm would be
tremendous.
But, you know, for a company that's not, it's really hard to do that, right?
And the company is not as big as Google or not as tech savvy as Google might have a lot
of trouble with doing that kind of stuff.
Instead of increasing security, they'll just decrease the efficiency.
Well, yeah, so there's a big difference between IT and security, and unfortunately, these
mid-side companies, they try to stack security into their IT department.
Your IT department is about business continuity, they're about trying to move business forward.
They want your users to get the data they need to do their job so the company can grow.
Security is not that, they don't want you to get the data, you know, but there's fine
tuning you can do to, you know, ensure that.
I mean, it's simple as like having good onboarding procedures for employees, like, you come
into my company, you don't need access to everything, maybe you need access to something
for one day, turn the access on, don't leave it on.
I mean, I was the victim of the OPM hack, the Office of Personnel Management, because
old credentials from a third-party vendor were sitting there and active, and the Chinese
government found those credentials and were able to log in and steal all my information.
So a lot could be helped if you just control the credentials, the access, the access control,
how long they last, and people who need access to a certain thing only get access to that
thing and not nothing else, and then it just gets refreshed like that.
Access control, you know, like we said, setting up, people leaving the company, get rid of
there, they don't need control, two-factor authentication, you know, that's a big thing,
you know.
I mean, I sound like a broken record because this isn't anything new, this isn't rocket
science, the problem is we're not implementing it, if we are, we're not doing it correctly,
because these guys are taking us.
Well, two-factor authentication is a good example of something that I just was annoyed
by for the longest time, because yes, it's very good, but like it seems that it's pretty
easy to implement horribly, to where it's like it's not convenient at all for the legitimate
user to use.
It should be trivial to do, like to authenticate yourself twice should be super easy.
If security is slightly inconvenient for you, it's thinking about how inconvenient it is
for a hacker and how they're just going to move on to the next person.
Yes, yes, in theory, when implemented extremely well, but I just don't think so.
I think actually if it's inconvenient, it shows that system hasn't been thought through
a lot.
Well, do you know why we need two-factor authentication?
People using the same password across the same site, so when one site is compromised, people
just take that username and password, it's called credential stuffing and just stuff
it across the internet.
So if 10 years ago, when we told everybody, don't use the same fucking password across
the internet, across the phoneable sites, maybe two-factor wouldn't be needed.
Yes, so you wouldn't need two-factor if everyone did a good job with passwords.
Yeah.
Right, but I'm saying like the two-factor authentication, it should be super easy to
authenticate myself with some other device really quickly.
There should be, it should be frictionless.
Like you just hit okay?
Okay and anything that belongs to me, yeah.
And like I should, it should very importantly be easy to set up what belongs to me.
I don't know the full complexity of the cyber attacks these platforms are under.
They're probably under insane amount of attacks.
You've got it right there that people have no idea, these large companies, how often
they're attacked, you know, on a per second basis and they have to fight all that off
and pick out the good traffic in there.
So yeah, there's no way I'd want to run a large tech company.
What about protecting individuals, for individuals?
What's good advice for to try to protect yourself from this increasingly dangerous world of
cyber attacks?
Again, educate yourself that you understand that there is a threat.
First you have to realize that, then you're going to step up and you're going to do stuff
a little bit more.
Because I guess I think I take that to a little bit extreme.
I remember one time my mom called me and she was screaming that I woke up this morning
and I just clicked on a link and now my phone is making weird noises.
And I was like, throw your phone in a glass of water.
Just put it in a glass of water right now and I made my mom cry.
It was not a pleasant thing.
So sometimes I go to a little extremes on those ones.
But understanding is a risk and making it a little bit more difficult to become a victim.
Just understanding certain things.
Simple things like, as we add more internet of the things to people's houses, how many
Wi-Fi networks do people have?
It certainly does one.
And you're bumping your phones and giving your password to people to come to visit.
Set up a guest network.
Set up something you can change every 30 days.
Simple little things like that.
I hate to remind you, but change your passwords.
I feel like I'm a broken record again, but just make it more difficult for others to
victimize you.
And then don't use the same password everywhere.
That, yes.
I mean, I still, I still know people that do that.
I mean, ask.fm.gotpopped last week, two weeks ago, and that's 350 million username and passwords
with connected Twitter accounts, Google accounts, you know, all the different social media accounts.
You know, that is a treasure trove for the next two and a half, three years of just using
those credentials everywhere, using, you'll learn, even if it's not the right password,
you'll learn people's passwords, styles, you know, bad guys are making portfolios out
of people.
You know, we're figuring out how people generate their passwords and kind of, you know, figuring
and then it's easier to crack their password.
You know, we're making a dossier in each person.
It's 350 million dossiers, just in that one hack.
Yahoo!
There was half a billion.
So the, the thing a hacker would do with that is try to find all the low hanging fruit,
like have some kind of program that, yeah, evaluates the strength of the passwords and
then finds the weak ones and that means that this person is probably the kind of person
that would use the same password across multiple.
Or even just write a program and do that.
Remember the ring hack a couple of years ago?
That's all it was, is credential stuffing.
So ring the security system by default, had two factor, but didn't turn it on.
And they also had don't try unlimited tries to log into my account.
You can lock it out after 10 by default, not turned on because it's not convenient for
people.
You know, ring, you know, it was like, I want people to stick these little things up and
have security in their house.
But you know, cybersecurity, don't make it inconvenient that people won't buy our product.
That's all they got hacked.
They, they want to say that it's insecure and got hacked into reputational harm right
there for ring, but they didn't.
It was just credential stuffing.
People bought username passwords on the black market and just wrote a bot that just went
through ring and used every one of them to maybe 1% hit, but that's a big hit to the
number of ring users.
You know, you can use also password managers to make, to make the changing of the passwords
easier and to make you can choose the difficulty, the number of special characters, the length
of it and all that.
My favorite things on websites yell at you for your password being too long or having
too many special care or like, uh, or yeah, you're not allowed to have this special character
or something.
You can only use these three special characters.
It's a, you know, do you understand how password cracking works?
If you specifically tell me which pass, what special characters I can use.
I want to, like, I honestly just want to have a one-on-one meeting like late at night with
the engineer that programmed that because that's, that's like an intern.
I just want to have a sit-down meeting.
Yeah.
I made my parents switch banks once because the security was so poor.
I was like, you just, you can't have money here.
But then there's also like the zero day attacks.
Like I mentioned, I mentioned before the, uh, the QNEP NAS that got hacked, uh, luckily
I didn't have anything private on there, um, but it really woke me up until like, okay.
So like, if you take everything extremely seriously.
Unfortunately for the end users, there's nothing you can do about a zero day.
It's, you know, there's this, you have no control over that.
I mean, it's a, it's a, the engineers that made the software don't even know about it.
Now let's talk about one days, um, so there's a patch now out there for the security.
So if you're not updating your system for these security badges, if it's just not on
you, um, my father law has such an old iPhone, you can't security patch it anymore.
So, you know, and I tell him, I say, you know, this is what you're missing out on.
This is what you're exposing yourself to because, um, you know, we talked about that
powerful tool that, uh, that how we found Ross Albrecht at gmail.com, well, bad guys
are using that too.
It's called, you know, we used to be called Google dorking.
Now it's, I think it's named kind of Google hacking by the community.
Um, you can go in, you know, and find a vulnerability, read about the white paper, what's wrong
with that, that software, and then you can go on the internet and find all of the computers
that are running that outdated software.
And there's your list, there's your target list.
Yeah.
I know the vulnerabilities that they're running.
Again, not making a playbook here, but you know, that's how easy it is to, to find your
targets.
And that's what, that's what the bad guys are doing.
Then the reverse is tough.
It's much tougher, but it's still doable, which is like first find the target.
Like if you have specific targets, uh, to, to, you know, hack into a Twitter account,
for example.
Much harder.
That's probably social engineering.
Right.
That's probably the best way.
If you wanted something specific to that, I mean, if you really want to go far, you
know, if you're targeting a specific person, you know, how hard is it to get into their
office and put a, you know, a little device, USB device in line with their mouse, who checks
how their mouse is plugged in and you can, for 40 bucks on the black market, you can
buy a key logger that just USB, then the mouse plugs right into it.
It looks like an extension on the mouse.
If you can even find it, you can buy the, the stuff with a mouse inside of it, uh, and
just plug it into somebody's computer and as there's a key logger that lives in there
and calls home and sends everything you want.
So I mean, and it's cheap.
Yeah.
In grad school, um, a program that built a bunch of key loggers, it was fascinating,
a tracking mouse just for, uh, what I was doing as part of the research, uh, I was doing
to, uh, uh, just see if by the dynamics of how you type and how you move the mouse, you
can tell who the person is.
Oh wow.
Um, this is called the active authentication or like, it's basically biometrics that's
not using bio, uh, just to see how identifiable that is.
So it's fascinating to study that, but it's also fascinating how damn easy it is to install
key loggers.
So I think it's, it's, it's in natural, what happens is you realize how many vulnerabilities
there are in this world.
You do that when you, uh, understand bacteria and viruses, you realize they're everywhere
in the same way with, um, I'm talking about biological ones.
And then you realize that all the vulnerabilities that are out there, one of the things I've
noticed quite a lot is how many people don't log out of their computers.
Just how easy physical access to systems actually is, uh, like in a lot of places in this world.
And I'm not talking about private homes.
I'm talking about companies, especially large companies.
It seems quite trivial in certain places that I've been to, to walk in and have physical
access to a system and that's depressing to me.
It is.
It just, I laugh because, uh, one of my, my partners at Nexo that I work at now, um,
he worked at a big company, like you would know the name as soon as I told you, I'm
not going to say it.
Um, but the guy who owned the company and the company has his name on it, um, didn't
want to ever log into a computer, just annoyed the shit out of him.
So they hired a person that stands next to his computer when he's not there.
And that's his physical security.
That's good.
That's pretty good.
Yeah, I mean, I guess if you could afford to do that, at least you're taking your security
seriously.
I feel like there's a lot of people in that case would just not have a login.
Yeah.
No, the security team there had to really work around to make that work, uh, non-compliant
with the company policy.
But that's, that's interesting.
The, the, the key log is there's, there's a lot of, there's just a lot of threats.
Yeah.
There's a lot of ways to get in.
Yeah.
I mean, so you can't sit around and worry about someone like physically gaining access.
Your computer with keylogger and stuff like that.
Um, you know, if you're traveling to a foreign country and you work for the FBI, then yeah,
you do.
You pick little, you know, sometimes some countries you would bring a fake laptop just
to see if they stole it or accessed it.
I really want, especially in this modern day to just create a lot of clones of myself that
generate Lex sounding things and just get put so much information out there.
I actually docs myself all across the world.
And then you're not a target, I guess.
Just put it out there.
I've always said that though.
Like we do these searches and FBI houses and stuff like that.
If someone just got like a box load of like 10 terabyte drives and just encrypted them.
Oh my God.
Do you know how long the FBI would spin their wheels trying to get that data off there?
Be insane.
Also, just give them, you don't even know which one you're looking for.
Yeah.
That's true.
That's true.
So it's like me printing like a treasure map to a random location, just get people to go
on Goosh.
Goosh.
Yeah.
What, what about operating system?
What have you found?
What's the most secure and what's the least secure operating system?
Windows, Linux?
Is there no universal?
There's no universal security.
I mean, it changed.
You people use anything max for the most secure just because they just weren't out there,
but now kids have had access to them.
So, you know, I know you're a Linux guy, I like Linux too, but you know, it's tough
to have run a business on, on, on Linux, you know, people want to move more towards the
Microsofts and the, and the Googles just because of the, you know, it's easier to communicate
with other people that maybe aren't computer guys.
So you have to just take what, what's best, what's easiest and then secure the shit out
of it as much as you can and just think about it.
What are you doing these days at Nexo?
So we just started Nexo's, so I left the government and went to a couple of consultancies and
I started working, really all the people I, I, I worked good in the government with,
I brought them out with me and now.
You used to work for the man and now you're the man.
Exactly.
So, but now we formed a partnership and it's just a, it's a new cyber security firm that
we, our launch party is actually on Thursday, so it's going to be exciting.
Do you want to give more details about the party so that somebody can hack into it?
No, I don't even tell you where it is.
You can come if you want, but don't, don't, don't bring the hackers.
So Hector will be there with us.
I can't believe you invited me because you also say insider threat is, is the, is the
biggest threat.
By the way, can you explain what the insider threat is?
The biggest insider threat in my life is my children.
My, my son's big into Minecraft and will download executables mindlessly and just run them
on the network.
So he is.
Do you recommend against marriage and family and kids?
No, no.
From a security perspective, from a security perspective, absolutely.
But no, I just segmentation.
I mean, we do it in all businesses for years, um, started setting back, segmenting networks,
different networks.
I just do it at home.
My kids on his own network, um, it makes it a little bit easier to see what they're doing
too.
You can monitor traffic and then also throttle bandwidth if, uh, if you're not, your Netflix
isn't playing fast enough or buffers or something.
So you can obviously change that a little too.
You know, they're going to listen to this, right?
They're going to get your tricks.
Yeah.
That's true.
They'll definitely will listen, but there's nothing more humbling than your family.
You think you've done something big and you go on a big podcast and talk to Les Riemann
and they don't, they don't care unless, unless you're on tiktok or you'll show up on a YouTube
feed or something like that.
And I'll be like, Oh, yeah.
This guy's boring.
Yeah.
My son does a podcast for his school and, um, it's still, I still can't get it into telling.
So one of the Hector and I just started a podcast talking about cybersecurity.
We do a podcast called hacker in the Fed.
It just came out yesterday.
So, uh, first episode.
Nice.
So yeah, we got 13, uh, 13 that 1300 downloads the first day.
So pretty, we were at the top of hacker news, which is a big website in our, our world.
So it's called hacker in the Fed hacker in the feds name it so go download and listen to
hacker in the fed.
I, I can't wait to see what, cause I don't think I've seen a video of YouTube together.
So I can't wait to see what the, the chemistry is like, we're, I mean, it's not weird that
you guys used to be enemies and now you're friends.
So yeah, I mean, we just did some, a trailer and all that and, uh, the, the, our producer,
we have a great producer guy named Phineas and he kind of pulls things out of me and
I've said, I said, okay, I got one.
My relationship with Hector is, you know, we're very close friends now.
And then I was like, Oh, I arrested one of my closest friends, which is a very strange
relationship.
Yeah.
It's weird.
Um, you know, but he, he says that I changed his life.
I mean, he was going down a very dark path and I gave him an option that one night and
he, he made the right choice.
I mean, he's, he now does penetration testing.
He does a lot of good work and, uh, you know, he's turned his life around.
Do you worry about cyber war in the 21st century?
Absolutely.
Yeah.
If there is a global war, it'll start with cyber, you know, if it's not already started.
Do you feel like there's a, like a boiling, like the, the drums of war are beating?
What's happening in Ukraine with Russia?
It feels like the United States is becoming more and more involved in the conflict in
that part of the world.
And China is watching very closely.
It's starting to get involved geopolitically and probably in terms of cyber.
Do you worry about this kind of thing happening in the next decade or two?
Like where it really escalates, you know, people in the, in the 1920s were completely
terrible at predicting the world war two.
Do you think we're at the precipice of war potentially?
I think we could be.
I mean, I, I would hate to just be, you know, just fear mongering out there, um, you know,
COVID's over.
So the next big thing in the media is war and all that.
But I mean, there's some, some flags going up that are, that are very strange to me.
Is there a way to avoid this?
I hope so.
I hope smarter people than I are figuring it out.
I hope people are playing their parts and talking to the right people, um, because that's,
the war is the last thing I want.
Well, there's two things to be concerned about on the cyber side.
One is the actual defense on the technical side of cyber.
And the other one is the panic that might happen when something like some dramatic event happened
because of cyber, some major hack that becomes public.
I'm honestly more concerned about the panic because I feel like if people don't think
about the stuff, the panic can hit harder.
Like if they, if they're not conscious about the fact that we're constantly under attack,
I feel like it'll come like a much harder surprise.
Yeah, I think people will be really shocked on things.
I mean, so we talked about Lollsec today and Lollsec was 2011.
They had access into a water, the water supply system of a major U.S. city.
They didn't do anything with it.
They were sitting on it in case someone got arrested and they were going to maybe just
expose that it's, that it's insecure.
Maybe they were going to do something to fuck with it.
I don't know.
But, you know, that, that's, that's 2011, you know, I don't think it's gotten a lot
better since then.
And there's probably nation states or major organizations that are sitting secretly on
hacks like this.
A hundred percent.
A hundred percent.
They are sitting seriously waiting to expose things.
I mean, I, again, I don't want to scare the shit out of people, but people have to understand
the cyber threat.
I mean, there are, you know, there are, there are thousands of nation state hackers in some
countries.
I mean, we have them too.
We have offensive hackers.
You know, the, the terrorist attacks of 9-11, there's planes that actually hit actual buildings
and it was visibly clear and you can trace the information with cyber attacks, say something
that would result in the major explosion in New York City.
How the hell do you trace that?
Like if it's well done, it's going to be extremely difficult.
The problem is there's so many problems.
One of which the U.S. government in that case has complete freedom to blame anybody they
want.
True.
And then to, to go start war with anybody, anybody that actually see, uh, that's, sorry,
that's one cynical take on it, of course.
No, but you're going down the right path.
I mean, the guys that the food planes in the buildings wanted attribution, they took credit
for it.
When we see the cyber attack, I doubt we're going to see attribution.
Maybe the victim side, the U.S. government on this side might come out and try to blame
somebody, but you know, like you've brought up, they could blame anybody they want.
There's no really a good way of verifying that.
Can I just ask for your advice?
So in my personal case, am I being tracked?
How do I know?
How do I protect myself?
Should I care?
You are being tracked.
Um, I wouldn't say you're being tracked by the government.
You're definitely being tracked by big tech.
Uh, they.
No, I mean, me personally, Lex and, and escalated level.
So like, uh, um, like you mentioned, there's an FBI file on people.
Sure.
I'd love to see what's in that file.
Uh, who did I have the argument for?
Oh, let me ask you FBI.
Yeah.
Um, how's the cafeteria food in FBI?
At the academy?
It's bad.
Yeah.
Um, what about like.
At headquarters?
Headquarters.
That's where the director, I mean, he, he eats up on the seventh floor.
Have you been like a Google?
Have you been to Silicon Valley?
Those cafeteria?
Like those?
I've been to the Google in Silicon Valley.
I've been to the Google in New York.
Yeah.
The food is incredible.
It is great.
So FBI is worse.
Well, when you're going through the academy, they don't let you outside of the building.
So you have to eat it.
Um, and I think that's the only reason people eat it.
Yeah.
Um, it's, it's, it's pretty bad.
I got it.
Okay.
But there's also a bar inside the FBI academy.
People don't know that.
Alcohol bar?
Yes.
Alcohol bar.
And if you, as long as you've passed your PT and, uh, in, in going well, you're allowed
to go to the bar.
Nice.
It, it feels like if I was a hacker, I'll be going after like celebrities cause they're
a little bit easier.
Like celebrity celebrities like Hollywood, the Hollywood nudes were a big thing there
for a long time.
But not even.
Yeah.
I guess.
That's what they went after.
They did, they, they social engineered Apple to get backups, to get the recoveries for
backups.
And then they just pulled all their nudes and I mean, whole websites were dedicated
to that.
Yeah.
See that.
See, I wouldn't do that kind of stuff.
It's very creepy.
I would go if I was a hacker, I would go after, um, like major like powerful people and like
tweet something from their account and like something that like positive, like loving,
but like for the, for the walls, the obvious that it's a troll.
God, you get busted so quick by a bad hacker.
What a bad hacker.
Really?
But why?
Because hackers never put things out about love.
Oh, you mean like, this is clearly, this is clearly Lex, he talks about love in every
podcast he does.
Oh, I would just be like, no, oh God damn it, now somebody's going to do it and you'll
blame me.
It wasn't me.
Looking back at your life, is there something you regret?
I'm only 44 years old.
I'm already looking back.
Is there stuff that, um, you regret?
AV unit.
Yeah.
Got away.
That was the one that got away.
Uh, yeah.
I mean, it took me a while into my law enforcement career to learn about like the compassionate
side and, and it took Hector Montseguir to make me realize that criminals aren't really
criminals.
They're human beings.
Um, that really humanized the whole thing for me sitting with him for, for nine months.
Um, I think that's maybe why I had a lot more compassion when I arrested Ross, um, probably
wouldn't have been so compassionate if it was before Hector.
But, but yeah, he changed my life and showed me that, that, that humanity side of things.
So would it be fair to say that all, that all the criminals or most criminals are, I
just, people that took a wrong turn at some point, they all have the capacity for, for
good and for evil in them.
Uh, I'd say 99% of the people, the criminals that I've interacted with, yes, uh, the people
with the child exploitation, no, I don't have any place in my heart for them.
What advice would you give to, to people in college, people in high school, trying to
figure out what they want to do with their life, how to have a life they can be proud
of, how to have a career they can be proud of, all that kind of stuff.
In the U S, um, budget that was just put forward, there's $18 billion for cybersecurity.
Uh, we're about a million people short of where we really should be in the industry,
if not more.
Um, if you have want job security and want to work and see exciting stuff, uh, head towards
cybersecurity, it's a, it's, it's a good career.
Um, and you know, one thing I dislike about like, uh, cybersecurity right now is they
expect you to come out of college and have 10 years experience in protecting and knowing
every different Python script out there and everything available.
Um, you know, the industry needs to change and let the lower people in, in order to,
to broaden and get the, those billion jobs filled.
Um, but as far as their personal security, just remember, it's all going to follow you.
I mean, uh, you know, there's laws out there now that you have to turn over your social
media accounts in order to have certain things.
Um, they just changed that in New York state.
If you want to carry a gun, you have to turn over your social media to, to figure if you're
a good social, uh, character.
Um, so hopefully you didn't say something strange in the last few years and it's going
to follow you forever.
Um, I bet Ross Albrecht would tell you the same thing when he not, don't put Ross Albrecht
at gmail.com on things cause it's going to last forever.
Yeah.
People sometimes, uh, for some, for some reason they interact on social media as if they're
talking to a couple of buddies, uh, like just shooting shit and mocking and, and like,
um, you know, what is that, busting each other's chops, like making fun of yourself,
like being, uh, especially gaming culture, uh, like people who stream that's not recorded.
Oh my God.
The things people say on those streams.
Yeah.
But a lot of them are recorded.
Yeah.
So there's, there's a whole Twitch thing where people stream for many hours a day.
And, uh, I mean, just outside of the very offensive things they say.
They just swear a lot.
They're not the kind of person that I would want to hire.
Yeah.
I want to want to work with.
Now I understand that some of us might be that way privately, I guess, when you're shooting
the shit with friends, like, uh, playing a video game and talking shit to each other,
maybe.
Yeah.
But like that's all out there.
You have to be conscious of the fact that that's all out there and it's just not, it's
not a good look.
It's not like you're, you should, it's, it's complicated because I'm like against hiding
who you are, but like an asshole, you should hide some of it.
Yeah.
But like, I just feel like it's going to be misinterpreted when you talk shit to your
friends while you're playing video games.
It doesn't mean you're an asshole because you're an asshole to your friend, but that's
how a lot of friends show love.
Yeah.
An outside person can't judge how I'm friends with you.
If I want to be, this is our relationship.
If that person can say that I'm an asshole to them, uh, then that's fine.
I'll take it, but you can't tell me I'm an asshole to them just because you saw my interaction.
I agree with that.
They'll take those words out of context and now that's, that's considered who you are.
It's dangerous and people take that very nonchalantly.
People treat their behavior on the internet very, very carelessly.
That's definitely something that you need to learn and take extremely seriously.
Also, I think that taking that seriously will help you figure out who you, what you really
stand for.
If you use your language carelessly, you'd never really ask, like, what do I stand for?
I feel like it's a good opportunity when you're young to ask, like, what are the things that
are okay to say?
What are the things, what are the ideas I stand behind?
Like, what are, especially if they're controversial and I'm willing to say them because I believe
in them versus just saying random shit for the, for the laws, because for the random
shit for the laws, keep that off the internet.
That said, man, I was an idiot for most of my life and I'm constantly learning and growing.
I'd hate to be responsible for the kind of person I was in my teens, in my 20s.
I didn't do anything offensive, but it just had changed as a person.
Like, I used to, I guess I'd probably still do, but I used to, you know, I used to read
so much existential literature.
That was a phase.
There's like phases.
Yeah.
You grow and evolve as a person.
That changes you in the future.
Yeah.
Thank God there wasn't social media when I was in high school.
Thank God.
Oh my God.
I would never be gotten the FBI.
Would you recommend that people consider a career at a place like the FBI?
I loved the FBI.
I never thought I would go anyplace else but the FBI.
I thought I was going to retire with the gold watch and everything from the FBI.
That was my plan.
You get a gold watch?
No, but you know what it is.
Oh, it's an expression.
It's an expression.
You get a gold badge.
You actually get your badge in the loo site and your creds and they put it in loo site
and all that.
Does it, by the way, just on a tangent since we like those, does it hurt you that the FBI
by certain people is distrusted or even hated?
100%.
It kills me.
I've never, until recently, sometimes been embarrassed about the FBI sometimes, which
is really, really hard for me to say because I love that place.
I love the people in it.
I love the brotherhood that you have with all the guys in your squad and the guys and
girls.
I just use guys.
I developed a real drinking problem there because we were so social of going out after
work and continuing on.
It really was a family.
I do miss that, but yeah, I mean, if someone can become an FBI agent, I mean, it's pretty
fucking cool, man.
The day you graduate and walk out of the academy with a gun and a badge and the power to charge
someone with a misdemeanor for flying on the United States flag at night, that's awesome.
So there is a part of representing and loving your country, and especially if you're doing
cybersecurity.
So there's a lot of technical savvy in different places in the FBI.
Yeah.
I mean, there's different pieces.
You'll see an older agent that's done not cybercrime, come over to cybercrime at the
end so he can get a job once he goes out, but there's also some guys that come in.
I won't name his name, but there was a guy, I mean, I think he was a hacker when he was
a kid.
Now he's an agent.
Now he's way up in management.
Great guy.
I love this guy.
He knows who he is if he's listening.
He had some skills, but we also lost a bunch of guys that had some skills because we had
one guy in the squad that he had to leave the FBI because his wife became a doctor and
she got her residency down in Houston and she couldn't move.
He wasn't allowed to transfer, so he decided to keep his family versus the FBI.
So there's some stringent rules in the FBI that need to be relaxed a little bit.
Yeah.
I love hackers turned like leaders.
Like one of my quickly becoming good friends is Mudge.
He was a big hack in the 90s and then now was recently Twitter chief security officer,
CSL, but he had a bunch of different leadership positions, including being my boss at Google.
But originally a hacker.
It's cool to see like hackers become like leaders.
I just wonder what would cause him to stop doing it?
Why he would then take like a managerial route for high tech companies first?
I think a lot of those guys, so this is like the 90s, they really were about like the freedom.
There's like a philosophy to it.
And when I think the hacking culture evolved over the years, and I think when it leaves
you behind, you start to realize like, oh, actually what I want to do is I want to help
the world and I can do that in legitimate routes and so on.
But that's the story that, yeah, I would love to talk to him one day, but I wonder how common
that is to like young hackers turn good.
You're saying it like pulls you in.
If you're not careful, it can really pull you in.
Yeah, you're good at it, you become powerful, you become, you know, everyone's slapping
you on the back and say, what a good job and all that, you know, at a very young age.
Yeah.
So, yeah, I would love to get into my buddy's mind on why he stopped hacking and moved on.
Oh, that's going to be a good conversation.
In his case, maybe it's always about a great woman involved, a family and so on that grounds
you because like we have, there is a danger to hacking that once you're in a relationship,
once you have family, maybe you're not willing to partake in.
What's your story?
What, from childhood, what are some fond memories you have?
Fond memories?
Where did you grow up?
Well, I don't give away that information.
In the United States?
Yeah.
Yeah.
Yeah.
In Virginia.
In Virginia.
Yeah.
What are some rough moments?
What are some beautiful moments that you remember?
I had a very good family growing up.
The, like rough moment and I'll tell you a story that just happened to me two days ago
and it fucked me up, man.
It really didn't.
You'll be the first one.
I've never told it.
I tried to tell my wife this two nights ago and I couldn't get it out.
So my father, he's a disabled veteran or he was a disabled veteran.
He was in the Army and got hurt and it was in a wheelchair his whole life.
All my growing up, he was my biggest fan.
He just wanted to know everything about, you know, what was going on in the FBI, my stories.
I was a local cop before the FBI and I got to a high speed car chase, you know, foot
chase and all that and kicking doors in.
He wanted to hear none of those stories and at some points I was kind of too cool for
school and, ah, dad, I just want to break and all that and things going on.
We lost my dad during COVID, not because of COVID, but it was around that time, but it
was right when COVID was kicking off and so he died in the hospital by himself and I didn't
get to see him then.
And then my mom had some people visiting her the other night and Tom and Karen Rogerberg
and I'll say they're my second biggest fans right behind my dad.
They always asking about me and my career and they've read the books and seen the movie.
They'll even tell you that Silk Road movie was good.
I fell a high D on that.
And so they came over and I helped them with something and my mom called me back a couple
days later and she said, I appreciate you helping them.
I know, you know, fixing someone's Apple phone over the phone really isn't what you
do for a living.
It's kind of beneath you and all that, but I appreciate it.
And she said, oh, they loved hearing the stories about Silk Road and all those things.
And she goes, you know, your dad, he loved those stories.
He just, I just wish he could have heard of me.
He even would tell me, he would say, you know, maybe Chris will come home and I'll get him
drunk and he'll tell me the stories.
But then she goes, maybe one day in heaven you can tell him those stories and I fucking
lost it.
I literally stood in my shower sobbing like a child, like just thinking about like all
my dad wanted was those stories.
And now I'm on a fucking podcast telling stories to the world and I didn't tell him.
Did you ever have like a long heart to heart with him about like, about such stories?
He was in the hospital one time and I went through and I want to know about his history,
his life, what he did.
And I think he may be sensationalized some of it, but that's what you want.
You're dad's a hero.
So you want to hear those things.
Is a good storyteller?
Um, yeah, again, I don't know what was true and not true, but you know, some of it was
really good.
Um, and it was just good to hear his life, but you know, we lost him and now those stories
are gone.
You miss him?
Yeah.
What did he teach you about what it means to be a man?
So my dad, um, he was an engineer and so part of his job, we worked for, um, Vermont power
and electric or whatever it was.
I mean, he, when he first got married to my mom and all that, um, like he flew around
in a helicopter checking out like power lines and dams, he used to swim inside to scuba
into dams to check to make sure that they were functioning properly and all that.
Pretty cool shit.
And then he couldn't walk anymore.
I probably would have killed myself if my life switched like that so bad.
And my dad probably went through some dark points, but he had that from me, maybe.
And so to, to get through that struggle, to teach me like, you know, you press on, you
have a family, people count on you, you do what you got to do, um, that was, that was
big.
Yeah.
Oh, I'm sure you're making proud, man.
I, I, I'm sure I do, but I don't think you knew that, that I knew that.
Well, you get to pass on that love to your kids now.
I try, I try, but I can't impress them as much as my dad impressed me.
I can try all I want, but.
Well, what do you think is the role of love?
Cause you, uh, you, you, you gave me some grief, you busted my balls a little bit for
talking about love a lot.
What do you think is the role of love in the human condition?
I think it's the greatest thing I think everyone should be searching for it.
If you don't have it, find it and get it as soon as you can.
Um, I love my wife.
I really do.
I had no idea what love was until my kids were born.
My son came out and, um, this is a funny story.
He came out and, uh, you know, I just wanted to be safe and be healthy and all that.
And I said to the doctor, I said, uh, 10 and 10 doc, you know, 10 fingers, 10 toes, everything
good.
And he goes, nine and nine.
I was like, what the fuck?
I was like, oh, this is going to suck.
Okay.
We'll deal with it and all that.
Uh, he was talking about the app in the car or some score about breathing and color and
all that.
And I, I was like, oh, shit, but I, no one told me this, um, but so I'm just sobbing.
I couldn't even cut the umbilical cord.
Like just fell in love with my kids when I saw them and, and that to me really is what,
what love is like just for them, man.
And I see that through your career, that love developed, which is awesome.
The, the, the, the being able to see the humanity in people.
I didn't when I was young, the, the, the foolishness of youth, you know, I, I needed to learn that
lesson hard.
I mean, you know, when I was young in my career, it was just about career goals and, you know,
when resting people became stats, you know, you rest on one, you get a good stat, you
get down out of a boy, you know, maybe, you know, the boss likes it and you get a better
job or you get, you move up the chain.
It took, it took a real change in my life to see that humanity.
And I can't wait to listen to, to your talk was just probably hilarious and insightful.
Um, given the life of the two of you lived and given how much you've changed each other's
lives, um, I can't wait to listen by them.
And thank you so much.
This is a huge honor to your amazing person with an amazing life.
This was an awesome conversation.
Dude, huge fan.
I love the podcast.
Glad I could be here.
Thanks for the invite.
So, uh, uh, the exercise in the brain too, it was great, a great conversation.
And the heart too.
Right.
Oh yeah.
Yeah.
You got, you got some tears there at the end.
Thanks for listening to this conversation with Chris Darbell to support this podcast.
Please check out our sponsors in the description.
And now let me leave you with some words from Benjamin Franklin, they can give up essential
liberty to obtain a little temporary safety, deserve neither liberty nor safety.
Thank you for listening and hope to see you next time.