Author: Denis Ring

Libsyn:

https://sites.libsyn.com/488183/episode-14-spam-lord-genius-elusivity-and-mystery

YouTube:

https://youtu.be/JTUuPz7srWo

Rumble

Libsyn:

https://sites.libsyn.com/488183/episode-13-i-spy-with-my-little-eye-spyeye-and-the-smiling-hacker

YouTube:

https://youtu.be/CltJQxEfxaY

Rumble

https://rumble.com/v4hic4r-episode-13-i-spy-with-my-little-eye…-spyeye-and-the-smiling-hacker.html

Transcript Begins:

Jim Brangenberg: Welcome to the Digital Desperados podcast featuring Dark Tales from the Web. Patrick McMurphy is here today to tell us our dark tales. He’s joined by Brad Hawkins, founder and CEO of SaferNetVPN. And I’m Jim Brangenberg and I’ll serve as your story guide. I’ll do the best to keep these guys under control. This podcast, of course, is brought to you by SaferNetVPN.

Any more going online can be scary every time you click on a link. Join the mission to stay secure online with SaferNet vpn, perfect for small to medium sized businesses and families. This cyber security app provides a vpn, internet controls, virus protection, and keeping your work and family life in harmony, with 84 website filters keeping distractions away. Get secured now. Sign up at SaferNet. com. That’s SaferNet. com

Patrick, which dark tale are you telling us about today?

Patrick McMurphy: Today, Jim, I want to talk about Hamza Bendelladj, also known as BX1, the Smiling Hacker, or even the Robin Hood of Hackers, which is quite a title, as you can imagine.

Jim Brangenberg: He wears tights?

Patrick McMurphy: Maybe not, but hopefully not. So with Hamza, really, there’s not a lot known about his early childhood or even his early career. He’s born in 1988 in Algeria, and what’s known about Hamza as a young child is that he’s a genius. He has a profound interest in linguistics. And so later on, this actually comes up in life quite a bit because he becomes a polygot, as in he was able to speak five different languages all fluently, which is incredible.

And yeah it’s incredible. And we really see this later on in the story, how it affects his career. So Hamza growing up, he studied computer science in the University of Science and Technology in Algeria. And this was really his first formal brush with the whole world of cyber security and cyber crime.

And really just, it goes without saying that Hamza is great with computers. He’s great with technology, and he begins browsing hacking forums like a lot of these guys do. And so he gains the name BX1, that’s his first hacking name. And it was on these forums that Hamza became very close friends with a Russian guy by the name of Aleksandr Andreevich Panin, also known as, and wait for this for a hack in title, Gribodemon. So I don’t know why you’re gonna call yourself Gribodemon, but this is what Aleksandr’s going with.

Jim Brangenberg: I’m gonna go with Gribodemon, just cause it sounds better. Gribodemon. Have to say with a little bit of a Russian accent. Gribodemon!

(laughter)

Patrick McMurphy: Even better. I love that. Hamza and Gribodemon, they start off on what we would consider small scale stuff. They’re mostly doing minor phishing and wire fraud. However, what Hamza is doing is that

Brad Hawkins: Patrick, run through, just so that everybody gets caught up, minor phishing and wire fraud. What are they doing?

Patrick McMurphy: They’re really sending out emails to people in a number of languages, and this is the big one, they’re sending it all around the globe because Hamza can speak everything fluently. And so he’s sending out these emails saying, oh, this is your bank called, I know, X, Y, or Z.

Brad Hawkins: And that fluently is important because you can tell some of those phishing emails come in. This is somebody from Algeria or some crazy, some place that does not speak any English.

Jim Brangenberg: He was from Algeria. But he was from Algeria, Brad.

Brad Hawkins: But if he’s fluent, he knows English and you can’t get by that. So that’s, yeah, because I know a lot of people that say I can tell phishing emails because yeah, they’re just not clear.

Patrick McMurphy: But yeah, exactly. Maybe 70 percent of phishing emails are, have been translated with AI badly. But this guy is speaking in the targets exact language. And so he’s getting them to sign up to these services as a bank and commence wire fraud, basically wire transfers that they shouldn’t be committing, etc.

I know I said that small scale, but on how far this goes, you can see where this starts off on the small scale of things. So when they’re doing this Gribodemon and Hamza, they create their own malware called SpyeEye. And SpyEye at the time was created to compete with the Zeus malware.

Excuse me, so Zeus malware, you guys might remember, this was the biggest malware in the world at the time. Sorry guys, one second there, okay?

Jim Brangenberg: Alright, no problem. As as Brad takes, no Brad’s not taking a drink, how about Patrick’s taking a drink, we want to just talk about SaferNet.

You wouldn’t want to live in a metropolitan area without a house security system.

Why would you explore the internet without internet protection? Discover SaferNet VPN, your ultimate cybersecurity solution. Defend your work and home with ease. SaferNet offers a VPN, internet controls, virus protection for businesses and families. And I especially like the blocking of certain websites and the allowing of certain websites.

Take control with 84 website. filters, get secured now, control your internet access, control your internet usage, sign up at SaferNet. com. It’s reasonable, affordable, and it’s extraordinarily powerful. SaferNet. com. That’s SaferNet. com.

All right. So you’re saying that spy eye is the same powerful, Patrick, as Zeus.

Patrick McMurphy: Exactly. It’s on the same thing. Now, the thing is that the FBI we’re already looking at Zeus at this point. And by 2011 Zeus collapsed in itself and they re-released their, so their source code into the world. And so when this happens, it became huge for Hamza and Gribodemon. ’cause what happens, they can now disassemble Zeus code and augment it into SpyEye.

Jim Brangenberg: So they didn’t wanna have to do something all on their own. They just went and took somebody else’s software and modified it for themselves. Patrick, that’s what you’re saying?

Patrick McMurphy: Yeah, that’s exactly it. So they assume this way with phishing again, so they’re back in phishing, trying to spread SpyEye through phishing, using this mastery of languages that Hamza has. And yeah, this was incredible because once it was installed, it operated completely silently. The geo had engineered it so well that the antivirus of the day could not catch it at all.

Jim Brangenberg: Wow.

Brad Hawkins: Roughly, what year was this when they got this new software out?

Patrick McMurphy: This would have been after 2011. So probably close to 2012 once it was engineered with Zeus. And there was really two functions that SpyEye had. The first was it Keystroke log. Now if you’re not familiar with that, if malware is resting on your computer, it just examines what you’re typing. It’s called keystroke logging. It’s a very subtle way, but it’s actually quite hard to get down well.

The other thing was something called web injects, and this is where we get serious. So let’s say you have SpyEye on your computer. You log on to your bank. Let’s say you log on to chase. com. What happens is instead of seeing a normal chase, you actually get a fake chase page and you enter all your login details.

It never goes to chase. It goes back to the hackers then relays to chase, and you’re put forward as normal, but the whole time your entire page is overtaken by this web inject, basically.

Brad Hawkins: Wow, so basically it gives them the ability to be able to see and do anything they want to on your account.

Patrick McMurphy: Exactly. And so this information can be used to authorize bank transactions, steal money, or even sell off that information to other criminals.

Jim Brangenberg: Isn’t that called spoofing today? Don’t they call it spoofing, or is that not spoofing?

Patrick McMurphy: It is, but this was a time when web injections weren’t that well off as they are now. This was early time in what we see now. Okay. Now this was massively successful and massively, it infected millions of computers across the U. S. and across Europe. It infected more than 200 financial institutes in both regions also.

Brad Hawkins: It comes in just by somebody either in your business or somebody in your family, but usually your business, even any kind of an employee that just clicks on a link on a phishing email that it, that might not even go any further than that, but the software gets uploaded into their system and then they have access. Is that right?

Patrick McMurphy: That’s exactly it. It gets in through phishing and you cannot detect it. Even with a good anti virus, you can’t detect it.

Jim Brangenberg: You’re still clicking on a link though in order to activate it?

Patrick McMurphy: That’s exactly it. Yeah. Yeah. And it’s doing that drive by like download, or it could be another link, but it’s getting into your system that way.

Jim Brangenberg: That’s why I say that’s so powerful, Brad, because you keep people like me from clicking links like that to go to places that they say they’re going, but they’re really not.

Brad Hawkins: Yeah those phishing emails are so creative in the way that, that they send it. As a matter of fact, I got one. The electricity went out in our home yesterday and I got an apology email from my electric company that said, everything’s up and running.

And I looked at where it was coming from. It was not coming from my electric company. And it’s absolutely amazing how easy and clear, and they’re up on the fact that we just lost electricity. So these people are very creative. It would have been really easy to be able to click on that and see what else they had to say.

You might even think they’re going to give you a little discount for next month or something like that. But no, they’re, they just want to snag your information. So Patrick that’s amazing.

Jim Brangenberg: Patrick, how much money do these guys steal?

Patrick McMurphy: This is the thing. It’s actually unclear, but we’re, we are from anywhere from hundreds of millions to several billion.

And not only are these guys using SpyEye, they’re actually selling it to other hackers. So there’s multiple people using SpyEye during this one time. Now, the thing is, with Hamza, this ends up giving him a list in the, sorry guys, can I just take a break there for one second?

Jim Brangenberg: Absolutely. Brad, when you look at software hackers like this and you look at how they’re always changing things up all the time, how does SaferNet stay ahead of that stuff? Because all this stuff is coming up new all the time.

Brad Hawkins: Oh, one of the beautiful things that we do and it annoys developers a little bit because what we do is we block all brand new websites and we’ve got to be able to crawl them first to be able to determine if they’re a good website or a bad website.

And if we don’t have time to crawl it first, which may take a day or two, then we have to, then we just block anything new. And that’s where a lot of these hackers are crafty is they throw up a website and it might be up for two or three days, but so they don’t get tracked and they don’t get found out, they dump that one and start up another one. And so as long as, if we have not had time to

crawl it and determine what it is, we’re gonna block it. So even off the beginning of their website search that you’re gonna be operating in a safe zone.

Jim Brangenberg: All right, Patrick you were saying Hamza started selling copies. Is he distributing them on diskettes then, or what’s he doing?

Patrick McMurphy: Yeah it’s going around, it’s going around hacking forums and things like this. All the circles they run in. But he’s given a name by the FBI as he’s in the 10 most wanted list, as they’ll be saying. And so not only is he now pursued by the FBI, but also Interpol.

But straight away, we come across guys in this kind of case and, they lie low. Didn’t happen with Hamza. The money goes straight to his head. So now Hamza is going, staying in five star hotels. He’s renting Lamborghinis. The guy is just living it up. This is a great way, by the way, to get noticed by Interpol.

Do not stay in five star hotels if you’re followed by the FBI or anyone. So in 2013 he actually gets arrested in Bangkok in Thailand in the airport. Interpol, as I said, had been tracking him for some time at this point. And so it’s here, at the airport, he actually earns the nickname the Smiling Hacker.

And this is a very funny photo if you guys ever want to check it out. The photo of him getting arrested, he’s smiling ear to ear. And the guy arresting him is laughing for some reason. Never found out why. It’s a brilliant photo, but the guy is a mass criminal. It’s a messy one.

Brad Hawkins: At least he can be happy as he goes to jail.

(laughter)

Patrick McMurphy: Gotta be optimistic.

Brad Hawkins: It’s a life lesson right there, just no matter what happens in your life. Just keep smiling.

Jim Brangenberg: Just smile. That’s right.

Patrick McMurphy: I think so. I think so. But following his arrest, Hamza is extradited to the US to face charges, which is, pretty big business at this point.

Jim Brangenberg: So he is back in, he’s back in the US. They didn’t ship him to Russia this time, so he doesn’t get to be hired by the Russian government. So in the U. S., what happens to him?

Patrick McMurphy: Yeah it’s a weird one because, we do talk about these Russian guys a lot of the time. They’re shipped off to Russia. There’s some international incident, but straight away he just starts getting charged. There’s computer fraud. There’s electronic fraud, wire fraud, conspiracy to commit fraud. Basically, if it has the word fraud in it, probably guilty of it. Now the thing is, the odd thing, that around this time Hamza gets a ton of sympathy on social media, but especially from his home nation of Algeria.

Brad Hawkins: It’s because he’s smiling. People like smiling people.

Patrick McMurphy: It’s because, I’m telling you, it’s because of the smiling photo. It’s all because of the smiling photo. Now, I plan never to get arrested in my life, but if I ever come across that position, I will smile as broadly as humanly possible because this guy does. But on this whole, this social media move, there’s claims that he’s donated millions to charities. And so along with this smile, he gets the nickname Robin Hood, because this guy apparently took from everyone, was donated to charities, all these kind of things. Now, in my own research doing this, I can verify that there is actually exactly zero evidence that there was any donations ever taking place. It’s all made up. He was in hotels and Lamborghinis. That’s all it was. That’s where the money was.

Brad Hawkins: Donating to high end hotels instead of charities, huh?

Patrick McMurphy: Yeah, maybe to the Hilton, but that’s about it. Yeah, it’s incredible. And then furthermore, across this whole social media run, there’s rumors that the U. S. will sentence him to death. Now let me tell you something. I don’t know a whole lot about how exactly how some U. S. laws work, but I can tell you, you cannot be sentenced to death in the U. S. for computer crime. It doesn’t actually work like that at all. And in fact, the U. S. ambassador in Algeria needed to go on record to clarify that it was not possible in the United States to get this done.

Brad Hawkins: Wow. So is he in jail now?

Patrick McMurphy: He’s still in jail, but I do need to mention that our good buddy Gribodemon had some, for some reason, made the great decision to travel through Atlanta, where the cops immediately arrested him, and he got nine years in prison.

(laughter)

Brad Hawkins: I thought we said this guy was smart.

Patrick McMurphy: You would think so. You would think so, right? But no, Atlanta, Georgia is where you go.

Jim Brangenberg: They figured it was such a big airport, there’s no way he’d get noticed.

Patrick McMurphy: Once you have a name tag saying, Hi, I’m Gribodemon, I think the police are just all over you.

Jim Brangenberg: I wonder if that could still happen today.

Brad Hawkins: They’ve got this, they’ve got this face identity software out there. Matter of fact, I got on an airplane just a little bit ago. You don’t even have to show your identification, they just took a picture of you and your name popped up on the screen. That is, it is absolutely incredible what these cameras can do nowadays.

Jim Brangenberg: Twilight Zone.

Patrick McMurphy: Now, in terms of Gribodemon, he was sentenced to nine years. However, he’s already out and he’s deported. So the next time we get on to a Russian state sponsored hacker, Grigodemon is probably working for them, just so we’re clear on that one. He probably has a great Russian job right now.

In terms of Hamza, he went through, as you can imagine, a lot of sentencing. It began in late 2013, and eventually in 2016, he was sentenced to 15 years in prison and three years of probation, and according to that, he would be out quite soon. Now, if you look at these sentences there’s 15 years and 9 years.

That’s actually quite short for a couple of guys who may have stolen a couple of hundred billion dollars. And so look, realistically, when you’re looking at this, these guys made a deal. They sold out all their hackers. They would have had to to get short sentences like this. You always see this time and time again.

Realistically, when we look at Hamza, you can call him Robin Hood, but what he did, he stole money from innocent people, and he sold out a lot of his old allies. And really just to close out with Hamza’s story, I’ll quote Sally Yates here, who’s the U. S. attorney, she spoke about him. And she said, “In a cyber netherworld, he commercialized the wholesale theft of financial and personal information through the virus, which he sold to other cybercriminals. So this guy wasn’t Robin Hood, this guy was a crook. End of story.”

Brad Hawkins: It’s amazing to me that he got 14 years, which really means in our society, that they serve maybe half that. And I know people, as a matter of fact just recently I was hearing a story about a guy that, that stole I think it was like 6 million dollars and he got 28 years, 28 years for 6 million.

And what did this guy do with billions? And he got 14, which maybe means he served seven. So it’s, yeah I’ll never understand those things, but there might be other things that, that are tied into that but it’s just amazing to me.

Jim Brangenberg: To me, the amazing thing is that cyber crime is I mean it affects everybody and so many people are unaware of what’s going on around them and the banking thing. I’m, amazed at how many people that I go to that they have their banking password saved on their computer, so all you gotta do is click on the website, goes right in, they’re logged in. Like that’s not smart! I don’t get it. I don’t why do you do that?

We all need to be careful. But thank you to Patrick McMurphy for the story today about Hamza and really the Robin Hood of cyber criminals Thanks to Brad Hawkins from SaferNet for helping to bring us these compelling stories and give them the exposure that they need. Listeners, you heard it here – the internet and everything digital can have a dark side with many dark players like Hamza and Gribodemon.

It’s why you need SaferNet by your side. VPN, antivirus, 84 web filters, and so much more. Please, for your own online security, check out SaferNet. com and get secured today. Till next time, click only on the attachments you trust from those you trust and delete the rest or you may become the next victim of a digital desperado.

Transcript Ends.

As we wrap up this episode of “Digital Desperados,” it’s clear that the world of cybercrime is not just about the dark corners of the internet; it’s also about the light we can bring into our digital lives with tools like VPNs for privacy. Hamza Bendelladj’s story isn’t just a cautionary tale—it’s a call to action for each of us to take our online safety seriously.

Remember, whether it’s the story of a hacker with a penchant for lavish lifestyles or the daily risks we navigate through every email and click, the need for robust online protection remains constant. SaferNetVPN is more than just a service; it’s a commitment to privacy, to security, and to the peace of mind that comes from knowing you’re not alone in the fight against cyber threats.

So, as you close this tab or lock your phone, take a moment to consider your digital footprint. Are you protected? Is your privacy assured? Don’t wait for the answer to come in the form of a compromised account or a stolen identity. Take the helm of your online life with SaferNetVPN—your trusted shield in an unpredictable digital world.

Join us again for the next episode, where we’ll continue to shine a light on the shadowy tales of the web, and remember, with SaferNetVPN, you’re not just surfing the net; you’re surfing safely. Until next time, navigate wisely, stay alert, and safeguard your digital journey with VPN for privacy. Visit SaferNet.com to secure your online world today.

Libsyn:

https://sites.libsyn.com/488183/episode-12-sea-the-power-of-state-sponsored-hacking

YouTube:

https://youtu.be/d1YEezJdquw

Rumble

https://rumble.com/v4ad0p0-episode-12-sea-the-power-of-state-sponsored-hacking.html

In today’s digital-first world, where most of our lives unfold across a series of screens and keystrokes, the need to protect against ransomware has never been more pressing. It’s not just about securing data; it’s about safeguarding our daily routines, our privacy, and our peace of mind. With cyber threats evolving faster than ever, how can we keep our digital doors locked tight against the insidious creep of online bandits? The answer lies not just in robust cybersecurity solutions but also in staying informed, alert, and one step ahead.

In our latest episode of the Digital Desperados Podcast, we’ve spun a web of dark tales from the deepest corners of the internet—a space where the unwary find themselves outmaneuvered and outclassed by cybercriminal masterminds. But here’s the twist: while our tales may chill you to the bone, they’re also peppered with practical advice on how to protect against ransomware.

Join Jim Brangenberg, Patrick McMurphy, and Brad Hawkins, the founder and CEO of SaferNet Online, as they unravel a story that’s less about doom and gloom and more about empowering you to take charge of your digital safety. SaferNet.com isn’t just our sponsor; it’s your ally in the fight against cybercrime. Offering an easy-to-use cybersecurity app that provides VPN protection, internet controls, virus barriers, and a staggering 84 website filters, SaferNet stands as a bulwark against the relentless tide of digital threats.

So, buckle up as we dive into the murky waters of the Syrian Electronic Army’s cyber escapades, with stories that underscore the importance of cybersecurity without sending you running for the hills. Remember, knowledge is power, and by the end of this blog post, you’ll be armed with not just spine-tingling stories but the means to fortify your digital domain.

Transcript Begins:

Jim Brangenberg: Welcome to the Digital Desperados Podcast featuring Dark Tales from the Web. Patrick McMurphy is here today and he’s promised us that today’s Dark Tale will at least be a little fun. He’s joined by Brad Hawkins, founder and CEO of SaferNet Online at SaferNet. com. And I’m Jim Brangenberg and I’ll serve as your story guide. But I usually don’t know all the details of the stories until Patrick tells us that.

But remember that this is brought to you by SaferNet, because someone’s always watching you when you’re on the internet. How else would they know what to advertise on the side of your screen? That just is so freaky.

Get rid of that Amazon Echo in your office or in your home. Stay safe all of the places that you go with SaferNet. It’s easy. It’s an easy to use cyber security app that keeps businesses and families protected. Experience VPN. That’s a virtual private network, internet controls and virus protection, and 84 website filters for a distraction free productive online environment. SaferNet. com. That’s SaferNet. com

Patrick McMurphy, you have promised us that today’s story will be a little happier because the last one you, actually the last two guys, you killed off at the end. I hope this is better. Patrick, who do you have for us today?

Patrick McMurphy: No one dies here, but again, it depends on your definition of fun. But today we are talking about the Syrian , . Already doesn’t sound fun.

So the Syrian Electronic Army, also known as SEA. I may just refer to them as the Syrians because it’s a mouthful. So the Syrians, they’re a state sponsored hacker.

Jim Brangenberg: Now I think you better say it’s the Syrian Electronic Army or the Syrians will be calling us pretty soon about this podcast.

(laughter)

Patrick McMurphy: So the Electronic Army, they’re state sponsored hackers. And so what a state sponsored hacker is – so you have to understand. So every country that has a competent and large somewhat military, physical military, will have a digital version of it. Much smaller, but they’re called state sponsored

hackers. And normally what they will do in times of war, in times of warfare especially, they will destabilize the enemy state.

That’s their whole purpose. They’re just like a normal army, except it’s a load of nerds in the basement. So what makes the Syrian Electronic Army a little bit different is that they’re not focused on financial gain for their country. What they’re really focused on is propaganda and destabilization.

They are one of the most active state sponsored hackers in the world. They’re really just noted for their high frequency of attacks. As of January 2024, they’ve been involved in 35 major attacks receiving media attention and a lot of numerous minor ones. Now they were founded in 2011. If you guys can remember 2011, it was the Arab Spring.

And specifically in Syria’s case, it was the Syrian Civil War. They were founded to basically counter Syrian opposition narratives, as well as Western media, or anyone who attacked the Assad regime. These guys, I can’t understate this enough. They have a near religious level of loyalty to President Assad.

Assad, unlike a lot of other presidents, he has actually a very deep technical background. And he actually introduced the internet in Syria. He headed the Syrian Computer Society, which have been the country’s sole ISP. So these guys love Assad.

Brad Hawkins: So what do they do? Just attack people or countries that say anything bad about Syria? Is that the agenda?

Patrick McMurphy: Yeah, which is most of the world. The target board is quite big here.

Jim Brangenberg: But you have to look back. I’m not sure that Syria is a whole lot better since we started bashing Bashar al Assad back in 2011. Syria was a lot more stable before we started doing that.

Patrick McMurphy: True, and to be fair to Assad, he has outlived nearly all of his opponents, so he’s doing something in terms of their attack vectors, as in how they hack people. What they, their main two are phishing and spear phishing. They’re also known for DDOS attacks and deploying malware via phishing.

Jim Brangenberg: Alright, hang on, come on. We got people listening, they’re actually trying to have a good time.

Patrick McMurphy: I’m sorry, I’m reversing.

Jim Brangenberg: Okay, phishing versus spear phishing. I know what phishing is and I know what spear phishing is, but you’re not talking about either of those things.

Patrick McMurphy: Okay, let me take it from the top. So phishing is when you send out mass e mails to people being like, Hey, you should click this link because we’re your bank, or you have a package to collect. You click the link. It’s actually malware or something. You’re hacked.

Brad Hawkins: And what’s amazing about those emails that you get, they look completely legitimate. Absolutely completely legitimate. With the technology today, somebody can create an email that looks exactly like one of your vendors, one of your maybe your electric company or maybe your maybe your own personal company. You get an email from somebody that is in your company and you click on it and whoops, it’s a phishing.

Jim Brangenberg: Yes. But if you click on it and you have SaferNet, it says you don’t want to go here because that’s what my computer says.

Brad Hawkins: That’s what I love about what SaferNet does is it will block phishing attacks.

Jim Brangenberg: All right. So phishing versus spear phishing then.

Patrick McMurphy: Yeah, and so spear phishing is really what kind of Brad touched upon there at the end. Spear phishing is when you’re a hacker and you know your target, so you know this guy is in charge of this company so you’re going to pose as his maybe CFO or accountant or something similar and you email him being like hey boss can you sign off on these documents that are totally real but they’re not at all? And I suppose the last unknown I mentioned there were DDoS attacks and this is really when you have a network and it gets targeted all at once by a larger network of thousands of computers and so it brings the network down just through oversimulation effectively.

And so they’re really using a lot of the kind of common tricks found with most hacking groups. They also engage in less harmful activities, but they do that quite a bit in defacing media websites with pro Assad or pro Syria messages. That’s one of their mainstays. That’s their bread and butter.

Jim Brangenberg: I just, it’s important that we recognize and understand that, these people are out there. This is not a group that’s disbanded. This is a group that’s out there today. So we’re being cautious what we say here today, because we, Patrick hasn’t told us whether they’re black hat, gray hat, white hat, or red hat yet.

So we’re not sure where they’re at, but one thing we can assume is that if you had safenet.com on your, on all your devices, you got a better chance against these guys than if you didn’t. And SafeNet should be, you need a VPN.

You need website filters to protect yourself. You need antivirus and SaferNet is the solution. You should check out. It’s so easy to control for your whole company. Just check it out. Safe net.com.

Patrick McMurphy: So looking back at when the Electronic Army started, they were initially funded by a man by the name of Rami Makhlouf.

So Makhlouf is Assad’s cousin. He’s also a very prominent businessman. He owned the entire cell network in Syria. He operated all of them. It’s because his cousin is Assad basically. But Makhlouf and Assad had a falling out in 2020. Has gone missing permanently, shall we say? And the group has now been funded directly from Assad’s regime. So this is how tight these guys are.

Now, unlike other state sponsored hacking groups, which are full of shadows, you don’t know the members, a lot of the Electronic Army members are known, and in fact have been mentioned by Assad in speeches where he thanks them personally. If you look at the demographics of the Electronic Army members, it can be surprising.

So they’re predominantly Syrian as you can imagine. A lot of them live in Dubai, however, and this is a little bit troubling, recent years have seen the inclusion of first generation Syrian immigrants from countries like Germany and other countries within Europe that have a high population of Syrian migrants.

Brad Hawkins: Now, is this a little bit like we’ve seen the Russians going out and hiring black hat hackers that have gotten caught and somehow they, they end up not going to jail, they end up showing up in Russia doing some Russian work?

Patrick McMurphy: It’s more so that these guys remain operating in countries like Germany. So we’ll say that you’re the child of this first, of first generation

immigrants. The Syrian Electronic Army would reach out to you and convince you to work for them while you remain a good European citizen, quote unquote within your host country. So two of the most well known members currently are Ahmad Umar Ayka, he’s 22.

He’s known online as the pro. And Firas Dardar, 27 years of age, known online as the shadow. So they’re charged with quite a few things. Just for example, engaging in a hoax regarding a terrorist attack, attempting to cause mutiny of the U. S. armed forces, illicit possession of authentication features, access device fraud, unauthorized access to and damage of computers, and unlawful access to stored communications.

Just on the pro and the shadow alone, the FBI have a bounty of 100, 000. And that’s just two members. So you can see the level of people we’re dealing with here.

Jim Brangenberg: There was a presidential candidate that had a lot of those same things that that presidential candidate had done. So I’m not going to say any more, I just thought I’d say it.

Patrick McMurphy: I know another well known member, and this is what I touched upon a while ago, is Peter Romar. So Peter Romar was born in Germany to Syrian parents. He actually was extradited from Germany to the U. S. to face charges for, and I’m quoting here, a multi year criminal conspiracy to conduct computer intrusions against perceived detractors of President Assad, including media entities, the White House, and foreign governments. So these are serious guys we’re dealing with.

Wow. And the FBI chasing any of these people? They’re trying

to, not very well.

Jim Brangenberg: Not very well. All right. So are you worried about your online security? If they can’t see you, they can’t follow you. For online security look no further than SaferNet VPN, offers seamless protection for businesses.

Stay productive and safe with SaferNet. It’s easy to use app and robust internet filters. I love using them every day. Embrace cybersecurity without complexity. SaferNet, your guardian in the digital world. Sign up at SaferNet. com.

Patrick McMurphy: So the Syrian Electronic Army, these guys have five known attacks as we said, but look, there’s not the time in the day to go over

every single one of these attacks. So I’m just gonna, I’m gonna just list off a couple of those. So the big hacks on high profile universities in the U. S., including Harvard, University of California, they were basically defacing the websites to put pro Syrian propaganda on them.

Like I said earlier, they were always doing things like this. Even in 2012, if you guys logged into LinkedIn in 2012, you just got redirected to a pro Assad website.

Brad Hawkins: So just trying to drive a a message. They’re trying to deliver a message to the world?

Patrick McMurphy: Yeah it’s propaganda and chaos. For example, with chaos they, what they love doing is providing fake information to the media. For example, the Associated Press Twitter account a couple of years ago, falsely claimed the White House had been bombed and then President Obama injured. And because of that tweet there was a 136.5 billion decline in the value of the s and p that day.

Yeah. , these are serious guys.

Jim Brangenberg: I don’t remember that LinkedIn thing. I’m on LinkedIn all the time. I don’t ever remember getting a redirected because I would have remembered that. ’cause I’m on LinkedIn all the time.

Patrick McMurphy: Were you there 2012?

Jim Brangenberg: Oh, I’ve been on LinkedIn since the late 90s. Oh yeah, absolutely.

I’m thinking, one other thing I was thinking about, this is a political comment, but I’m not sure that the Syrians would need to hack into some of those big Ivy League universities anymore because they already agree with them. They got their own login now! .

Patrick McMurphy: And even without getting too political on it, if you look at the way these universities are leaning these days, and if you look at the work that the SEA have been doing for the last decade, you can actually start drawing connections in terms of spreading propaganda and things like that. It’s there plain as day.

Jim Brangenberg: And maybe they’re still doing it today with all the wars going on. It’s interesting.

Patrick McMurphy: Yeah. Yeah. And they also hacked the U. S. Marines websites. They changed all the text to appeal to American citizens that it would be morally incorrect to follow any orders from Washington that would harm Syria.

In terms of media websites and social media websites that have been hacked for propaganda or to spread chaos or just sent offline, I’m going to run through this list really quickly. I’m going to try not run out of breath. You’ll see how long it is. New York Times, Huffington Post, Sky News, ITV London, BBC News, Facebook, Forbes, Twitter, eBay, PayPal, Microsoft Office, Skype. The Sun, the Sunday Times, CNN, London Evening Standard, the Telegraph, NBC, and the National Hockey League, which I take a lot of offense to, as Brad can tell you, because I’m a rocket hockey fan. I’m actually stopping the list there, but it continues. These guys are just, they’re professionals.

Brad Hawkins: It’s another group of hackers or people that are probably really good at marketing. Oh yeah. Can you imagine the skill sets of these guys, if they would just do it in a right way, in a positive way, in a, in an encouraging way, you could, these people could make who knows how much money in just being an expert marketer. So we’re always looking for good marketers for SaferNet.

Jim Brangenberg: And in this case, and in this case, they’re not doing it for money. They’re doing it for an agenda, and they have succeeded in this, getting this agenda out there. We are living that today.

Patrick McMurphy: Yeah, absolutely. Absolutely.

And now in a more kind of blunt, and I suppose darker in terms of crimes that they’ve done, they’ve conducted a lot of surveillance that’s led to the identification and execution of Syrian Rebels and anyone who’s anti regime. So it’s not all just propaganda. People are seriously dying from this.

In the last 12 months, they’ve developed this new malware called Silverhawk. It’s on Android specifically. It’s targeting people who use WhatsApp, Signal, and Telegram. And so it, it sends it via phishing link on these messaging apps. It’s a spyware. So Silverhawk, it accesses your microphone, camera, contacts, messages, everything and sends all the information back to the Electronic Army.

So from their point of view, they are saying that they are fighting fabricated news, quote unquote, spread by the Arab and Western media on what is happening in Syria. And now a number of years ago, voice. com, which I think they’re actually, voice might be gone now, I was reading recently, but they had an, it got an interview with one of the members of the Syrian Electronic Army and I’ll quote him.

He said, we’re all Syrian youths who each have our specialized computer skills such as hacking and graphic design. Our mission is to defend our proud and beloved country, Syria, against a bloody media war that has been raged against our controlled media. Certain countries continue to publish lies and fabricate news about Syria.

So yeah, that is the Syrian Electronic Army, and they’re incredibly successful.

Brad Hawkins: Patrick, do you have any idea how many people are in the SEA?

Patrick McMurphy: I would say at least a thousand. These guys, if you look at some other bigger, some of the other country hacking groups, it’s normally crack squads of 20 guys.

But these guys truly are an army. These guys, these are regimented guys. It’s, they’re pledging. It’s a culture war is what they’re getting involved in in a lot of ways as well, and they’re being quite successful out of it.

Brad Hawkins: Oh, yeah, that’s exactly right. They, truly, they have been very successful. They have influenced the world in regards to how they’re viewed.

Jim Brangenberg: Yeah. You have to wonder, what is it that they’re saying that is true? That we don’t know? Some of what they say may be true, may not be true, but what is it that they’re saying that’s true that we don’t know because our own media won’t cover it? That’s a story for another day.

Just remember that you heard it here – the internet and everything digital does have a dark side and it has many dark players. Sometimes a thousand of em in one army. It’s why you need SaferNet by your side with their VPN, their antivirus and website filters and their controls.

It’s just, it’s so powerful. Thanks to SaferNet for supporting our efforts to bring these stories to your ears. A little spooked out today. I don’t know if that really

qualified as a fun story, Patrick. I think you blew that deal. Next time we want laughter on the show!

For your own safety and security and the security of those you love and you work with, check out SaferNet. com and get secured today. Until the next time, click only on the news sites that you know will provide the truth and aren’t being influenced by an army. And for those links that you get sent from the people that you think are maybe your co workers, only click on the links of, from, and the documents of people that you know and trust and make sure that they actually sent it to you or you might become the victim of a digital desperado.

 

Transcript Ends.

 

As we log off from this latest digital odyssey, it’s clear that the shadowy realms of cybercrime are no match for the empowered, informed, and vigilant netizen. The stories shared in today’s episode aren’t just tales of cyber woes; they’re potent reminders that in the age of information, the best defense is a good offense. Protecting against ransomware isn’t a one-time deal—it’s a commitment to continuous vigilance and education.

At SaferNet.com, the commitment to your online safety never wavers. Like a digital guardian angel, SaferNet’s suite of tools works tirelessly to shield you from the omnipresent threats that lurk behind every virtual corner. Whether it’s securing your data against the siege of ransomware or ensuring your online experience is as clean as a whistle, SaferNet’s cybersecurity app is your steadfast protector.

Remember, every click counts, and with SaferNet by your side, each click leads to a safer, more secure digital landscape. Don’t let your guard down—fortify your defenses, educate your loved ones, and let’s create a cyber-safe community together. Until next time, keep your software updated, your passwords complex, and your digital footprint minimal. Stay savvy, stay secure, and above all, stay safe.

Check out SaferNet.com to not just protect against ransomware but to become a champion of your own cyber sanctuary. Because when it comes to the digital desperadoes, the best victory is the one where you never see them coming.

Libsyn:

https://sites.libsyn.com/488183/episode-11-the-gray-legacy-of-adrian-lamo

YouTube:

https://youtu.be/pRDxIiD_1nY

Rumble

https://rumble.com/v494im6-episode-11-the-gray-legacy-of-adrian-lamo.html

Hey there, digital defenders and keyboard warriors! Are you tired of hearing the same old advice on staying safe online? Want to dive deeper into the nitty-gritty of what keeps our digital world ticking and, more importantly, ticking safely? Well, you’ve landed in the perfect cyber spot. Welcome to our blog — a companion to our wildly insightful ‘Digital Desperadoes’ podcast, where we unravel the web’s darkest tales and bring you the down-low on the need-to-know of cybersecurity solutions.

In our latest episode, we peel back the layers of cyberspace and its unsung heroes (and villains). With the omnipresent threats lurking in the digital shadows, it’s more crucial than ever to gear up with robust cybersecurity solutions. But what goes on behind the screens? Who are these mysterious figures typing away in the dim light, and how do their minds work? Buckle up, as we take a rollercoaster ride through the alleys of the internet with our color commentary maverick, Brad Hawkins of SaferNet, and our story guide, Jim Brangenberg, who promises to keep us all in check.

As you weave through this wild tale with us, remember that cybersecurity isn’t just for the IT crowd. It’s the armor for your everyday digital life. Our sponsor, SaferNet, provides exactly that armor, ensuring you’re wrapped in the warm, secure blanket of internet safety no matter where you roam online. So, let’s jump right into the cyber saga of Adrian Lamo, the Homeless Hacker — a story of intrigue, ethical conundrums, and a journey through the complexities of cybersecurity solutions that shape our understanding of the internet today.

Transcript Begins:

Jim Brangenberg: Welcome to the Digital Desperadoes podcast featuring dark tales from the web. Patrick McMurphy back here today to tell us another dark tale and he’s joined by Brad Hawkins founder and CEO of SaferNet, but he’s our color commentary guy.

He’s always asking those tough questions about who these cyber criminals are. I’m Jim Brangenberger and I’ll serve as your story guide. I’m really just a, I’m the referee of this whole match. This podcast is brought to you by SaferNet online at SaferNet. com. You know, it’s great to have an app controlling your phone internet time, but how do you control time and access on your computer or tablet? Wouldn’t you like to just be able to set a timer and say, I’m only going to work eight hours today? And you set the timer and eight hours later, it shuts off. SaferNet can shield you against online threats, but it can also limit the time on your computer. SaferNet provides simplified cybersecurity for businesses and families with a VPN, internet controls, virus protection, 84 website filters. Everywhere you go, you’re secure online. Get secured now. Sign up at SaferNet. com. That’s SaferNet. com.

Patrick, which dark, hideous tale are you telling us about today? Which naughty guy do we cover the story of today?

Patrick McMurphy: So today, Jim, we’re looking at Adrian Lamo, aka the Homeless Hacker. He is one of the most divisive figures in the hacking world. He really blurred the lines in terms of morality. A lot of his life kind of gets into conspiracy, but you’ll find out why in a bit. So Lamo was born on February 20th, 1981 in Boston, Massachusetts. His parents, his father’s Colombian, Mario, and his mother, Mary Ashwood, is of Colombian descent, but she is a U. S. citizen. And so despite being born in Boston, he does spend his childhood years in Colombia.

Jim Brangenberg: Oh, so we’re wondering why this guy got corrupted. I mean, we’ve all seen romancing the stone. We’ve all seen romancing the stone. We know Bogota, Colombia, not a great place to do legitimate things. I mean, we all saw it in the movies.

(laughter)

Patrick McMurphy: So Adrian, from a very, very early age, he has a strong interest in computers, like really nearly everyone we’ve covered. He’s learning

about computer networks, programming, and the internet, just really on his own. Now, when he was a teenager, he moved to San Francisco, California, and he attended high schools in the area.

He never graduated. His, his fascination with computers, he had no interest in formal studies. He just wanted to get into computers. And so, his initial hacking activities began with what is known as grey hat hacking. And just to kind of look at what grey hat hacking is, again, it’s – So we have black, black hat hacking, which is the stereotypical criminal hacker.

We have a white hat hacker who is someone who’s with law enforcement. They hack things for law enforcement. They track down other black hat hackers. But right in the dead center, you have grey. And it is what it sounds like. They’re kind of blurring the lines, stepping between both worlds.

Brad Hawkins: I’ll pretend like I’m helping you, but I’ll, I’ll rob you blind in the middle of it. Is that right?

Patrick McMurphy: Exactly. Oftentimes, yeah, oftentimes they can be political, very political individuals. Often what they do is illegal but not necessarily always harmful. They do a lot of vandalizing, things like that.

And so. Adrian wanted to start it as a grey hat hacker and he began with that and his main goal at that point in his life, he wanted to highlight internet security flaws because he saw massive flaws in the internet. As the rise of the World Wide Web happened, as we knew it, he felt that many overlooked a lot of the glaring security issues that he saw within networks.

And so what he would do, he began something called non destructive hacking. So he would break into corporate systems around California, but he would never cause damage to them. What he would do is that he offered to fix security flaws for free. And if the company ignored him, he would alert the media. That was his whole MO at this point.

Brad Hawkins: So that’s, that’s how he made money, is he just basically blackmailed them?

Patrick McMurphy: Well, it’s not, it’s not, not necessarily because a lot of companies, even today Microsoft has something called a bulk bounty program where people hack Microsoft products, like even things like Excel. And if you find a security flaw and you go to Microsoft, there’s rewards up to 50, 000

dollars. So it can be a legitimate lifestyle, but if you’re going into corporate networks and doing it, that’s definitely illegal.

Jim Brangenberg: Gotcha, but he’s helping. He’s trying to help. He’s doing it out of the goodness of his heart. He’s like you guys have an issue, let me just tell you here’s the issue, and if you don’t fix the issue I’m going to tell everybody you got an issue so that you’ll really have an issue. I mean, that’s what he’s saying. He’s just helping, right?

Patrick McMurphy: Exactly. Yeah, he’s a nice guy. What Adrian wants is that he wants a corporation to hire him to a red team. Now a red team is also called a red hat hacker. Now not to overwhelm with hackers at this point, but what a red hat is, it’s just a white hat that works for a company with a specific goal of penetration, testing of systems, to make sure they’re watertight. That’s all he wants. He wants to be recruited at this point.

Jim Brangenberg: So apparently hackers have no real flavor for color. So they got white hats and black hats and gray hats and red hats, but what about blue and yellow and green? I mean, I just don’t understand this. You know, it’s a matter of time. It’s a matter of time. We’ll have a different kind of, we’ll have different color hackers.

Just remind you that this podcast brought to you by SaferNet, check it out online, SaferNet. com, SaferNet. com. It will change your life and make working on your computer, your phone, your tablet, everywhere you go, a lot safer. You could even use that hotel wifi if you’ve got SaferNet on your devices. Back to you, Patrick.

Patrick McMurphy: So Adrian at this point moves out of California and he adopts a transient lifestyle and earns the nickname in the hacking community, the Homeless Hacker, which is where we know him by his moniker. So he travels across the U. S. using buses. He only uses the internet, like public Wi Fi, and continues hacking this whole time.

So he’s hacking corporate networks. And he’s notifying companies of vulnerabilities. Most of them are just getting angry with him because there’s, there’s not really bug bounties in place as there is now. He attacks Reuters, he attacks Yahoo News, he gets into Microsoft networks, again, all offering big security holes, or saying that he’ll report to the media.

And so, what happens here with Adrian is that he actually becomes media famous because he starts reporting all these flaws to various news outlets. So he

appears, there was a show they made called Hackers Wanted, he’s on that. He appeared on Good Morning America. He appeared on NBC. The funniest thing about the NBC or not skit, but the NBC appearance is that it had to be removed from the airway because during the segment, he hacked the NBC network to show how easy it was to do for him. So they couldn’t show it live, or they couldn’t show it at all.

Brad Hawkins: Ha ha ha. Shows the vulnerability right in the middle of an on air conversation.

Patrick McMurphy: Exactly. Exactly. Drops off.

Jim Brangenberg: That’s hilarious. I just, you know, and the people, it was, was it a Good Morning America? What show was he on in the morning?

Patrick McMurphy: He was, he was on Good Morning America and some NBC, another NBC segment.

Jim Brangenberg: Oh my word, that’s hilarious. I would have loved to have seen that episode. We need to find that episode and watch that one.

Patrick McMurphy: Absolutely. And so he really gets into bad people’s bad books around February 2002. He got into the New York Times network and he added himself to their expert sources database, which basically allowed him to use their LexisNexis account, which is an account for, effectively, it’s for data analytics.

So he could just siphon all their data analytics. So he told New York Times, look, this is how vulnerable you are. I’m an expert source according to your database. New York Times called the cops, there’s a warrant issued for his arrest, and he eventually surrenders in September 2003. And so, 2004, he pleads guilty to a number of computer offense, this includes, it’s basically just hacking into networks, more or less. But he gets two years probation, six months of home detention, and a 65, 000 fine.

Brad Hawkins: How do you get home detention when you have no home?

Patrick McMurphy: That’s a good question. I have no idea. That’s a great question, Brad. I do not know.

Jim Brangenberg: You’re doing the research. I mean, go on. Where, where was his home?

Patrick McMurphy: Yeah. Do you know what?

I never noticed that in the research.

Jim Brangenberg: He probably has to go live with his mom in her basement. That’s where all hackers go.

Patrick McMurphy: He lived on a Greyhound bus for six months.

Jim Brangenberg: Wow. Wow. That’s incredible.

Patrick McMurphy: So he gets convicted. Yeah, convicted for Compromise and Security at basically multiple large corporations.

Jim Brangenberg: Bunch of chickens. He was trying to help them out!

Brad Hawkins: At, at, at the same time, is he making money through that process? So does he have plenty of money at that point?

Patrick McMurphy: Not really. He would get every SWOT and he would get a bug bounty, but mostly it’s just people saying that no, we’re not going to pay you anything. And then he goes to the media and I’m sure he’s getting paid for his media appearances.

Then of course not by NBC anymore.

Jim Brangenberg: At that point, I assume for those of you listening, struggling with Patrick’s accent, what he’s saying is a bug bounty. So he’s gone in and found a bug in their software, not a literal bug, but a software bug, and he’s offering to fix it for a fee. Now, in today’s world, there are bug bounties out there where people, if you find a flaw, they’ll pay you to find out where that flaw is so they can get it fixed.

Bug bounty just, that was the interpretation there here in English.

(laughter)

Jim Brangenberg: Podcast brought to you by SaferNet. When you have a VPN on your internet access speed, your internet speeds up dramatically. Introducing SaferNet VPN to our great audience out here. SaferNetVPN. com, your ultimate cybersecurity solution.

Protect your business with ease. Enjoy the power of a virtual private network with internet controls, virus protection, website filters, all in one app. An app for your phone, your laptop, your desktops, your tablets, everywhere you go. Stay safe online, try SaferNet VPN online, and surf safely. Sign up at SaferNet. com, that’s SaferNet. com.

Patrick McMurphy: Right, so yeah, so post prison life this is where we get into the muck, and a bit of the conspiracy as well. So, after prison Lamo decided that, you know, he did not want to go back to prison, so he kinda, he’s still grey hat hacking but he does it very quietly. He’s not informing media, things like that.

And what he becomes is that he becomes a significant contributor to Wikileaks. And so eventually you guys may remember was that Chelsea Manning released a list of Wikileaks donors. Now, no one knew at the, at that point, it was Chelsea Manning leaking them. But Lamo gets leaked as a donor and he’s so furious that he turns in Chelsea Manning for being, for being the one who leaked the list.

Brad Hawkins: So Patrick, about what, what year is this?

Patrick McMurphy: So this is, this would have been, that would have been what, 2012?

Jim Brangenberg: I was going to say, I was going to say 12 or 13. Yeah.

Patrick McMurphy: Yeah. 12 or 13, I believe. Yeah. And so, I mean, people will mostly know Chelsea Manning for leaking the collateral murder video that was infamous at the time. So you really have two people who are leaking documents the whole time, pitted against each other. So really, when Lamo was asked about why he informed on Manning, he cited potential dangers to lives. However, he did face a lot of backlash and accusations of treason even from the hacking community. So it was really split down the middle here in the hacking community.

It’s probably one of the most divisive arguments they’ve ever had. Now at this time I always laugh at this point, so Lamo said he got really into body hacking. And what body hacking is known to, as the rest of us, is drug addiction. He basically experimented with a bunch of drugs and called it body hacking.

His main one was Kratom which is kind of known for one of the big drugs that ripped up San Francisco and is still ripping up San Francisco. It’s an absolutely

poison drug. But after the Manning incident, when really a lot of his peers have turned his back on him, his drug use escalates. And he claims that at this point his life has changed.

He went into psychiatric, he had psychiatric help and all this. Now, in my opinion, it was probably the drugs is why he needed psychiatric help. You can’t blame the other people at that point. You know, you’re taking Kratom. It’s gonna do something to you. And so, March 14th, 2018, in Kansas, he passed away, age 37.

The cause of death is unclear. It’s reported as suicide. There’s also suggestions of drug abuse. There’s a lot of multiple pill bottles found around his body. However, a lot of people in and out of the hacking community don’t think it was an accidental death. A lot of people think he was killed by either people in the hacking community or some contacts of Banning.

So it’s a very murky ending for a guy whose life was, I think he started with the right idea, but the more he got into things like Wikileaks and this boy versus boy, you know, who’s the good guy, who’s the bad guy, it just went downhill. And of course, the body hacking didn’t help at all.

Brad Hawkins: Wow. Seems like a very gray life.

Patrick McMurphy: Very, very, very

Jim Brangenberg: gray. It just said, and we don’t know, you know, he starts off, you know, with a little bit of Colombian in him. Maybe the Colombian mob took him out because he was pushing the wrong kind of drugs. You just never know. But it’s just sad though. I mean, all these people just – like the the purposeless. He didn’t even get a chance to make money working for the FBI. I mean a lot of our hackers at the end of their lives got to make money working for the FBI. He didn’t get it done, but I’ve seen videos of the people in San Francisco on these crazy drugs. It’s like they’re zombies walking down the street.

Yeah, they’re sitting still. I mean, it’s… poor San Francisco’s a hot mess Yeah, it’s absolutely – and the whole Chelsea Manning thing, that goes in a whole bunch of different directions we won’t go today on today’s Digital Desperado show.

But, Brad, my Windows computer updates security all the time. In fact, it’s quite annoying because they update when I’m trying to use my computer like, Hey,

you need to do this update all the time. Is it enough? I mean, is it, can Windows stay ahead of all the cyber security threats out there, Brad?

Brad Hawkins: Oh my gosh, there’s absolutely no way Windows or Apple can stay ahead of all the

cyber security.

Jim Brangenberg: Wait a minute, I thought, I thought Macs never got hacked because they were hackless.

Brad Hawkins: Yeah, that’s, that’s one of their wonderful marketing ploys. Yes, I, now truthfully they do have one up on Windows because they have a closed network and it is a safer environment. But it is not a safe environment.

I mean, you’re still at threat by having an Apple as well as a Windows. But yes, it is absolutely not, it’s always a good idea to stay up on your, you know, your updates and you do the proper things that you need to do, but it’s not enough. You have to do more than what these platforms just provide.

Jim Brangenberg: Absolutely! And just for you listeners in case you’re one of those people that says I know I got an update but i’m just going to postpone that till tomorrow.

I ran into a guy earlier this week. He hadn’t done one in six months, you know windows slows your computer down if you don’t do the update. They just intentionally throttle your computer down until you do the update. Just do the updates. It’s for your own good. They’re looking out for you. Anyway, they’re watching everything you do. Anyway, you might as well just update it, make it easier for em. .

But you know, you got to stay ahead of cyber threats and you need to do it with SaferNet. Businesses seeking top notch security without complexity, SaferNet is your solution. They’ve got you covered there. Go online, SaferNet. com, SaferNet. com.

Patrick, I’m kind of sad about this conversation today. This, this homeless hacker, it was kind of, it kind of ended sad. And I’m, I don’t know, I hope the next one you get for us is a little more positive.

Patrick McMurphy: Yeah, I wouldn’t say positive. It’s fun though. The next one is fun.

Jim Brangenberg: All right. Well, you heard it here. The internet and everything digital has a dark side. And so many dark players, but some white players and gray players and red players too. That’s what we’ve learned here today. It’s why you need SaferNet by your side with its VPN, its antiviruses, and website filters and so much more. Check them out online, SaferNet. com.

Thanks to SaferNet for supporting our efforts to bring the Digital Desperado podcast to your ears and giving these stories the exposure that they need. And for your own security and the security of those you love and those you work with, only click on the attachments from those that you trust and delete the rest, or you may become the next victim of a Digital Desperado!

Transcript Ends.

And that’s a wrap on another gripping chapter from the chronicles of cyber notoriety on ‘Digital Desperadoes.’ As we log off from the saga of Adrian Lamo, the ‘Homeless Hacker,’ and ponder over the thin line between right and wrong in the digital realm, let’s not forget the crucial takeaways for our own cyber-safety.

Today’s digital desperadoes don’t ride into sunsets; they ride the waves of the internet, leaving us with valuable lessons on the importance of cybersecurity solutions. Whether it’s safeguarding our networks or securing our personal cyber-frontiers, the role of cybersecurity solutions like SaferNet can’t be overstated. It’s our digital shield, guarding against the unseen battles raging in the binary underbelly of the web.

As you navigate the vast expanse of the internet, arm yourself with knowledge and the right tools. Check out SaferNet.com for top-tier cybersecurity solutions that stand guard when you venture into the virtual world. Remember, in the age of constant connectivity, staying secure isn’t a one-time affair; it’s a continuous journey.

Keep your friends close and your antivirus closer, and never click on that shady link! Stay vigilant, stay informed, and tune in next time for another deep dive into the cyber abyss. Don’t just be another internet user; be a savvy cyber citizen with a knack for spotting the digital desperadoes.

For now, disconnect from our tales but stay connected with SaferNet. Until our next digital adventure, this is your sign-off reminder: Stay safe, stay secure, and keep your data locked down tighter than Alcatraz. See you in the cyber field, folks!

Libsyn:

https://sites.libsyn.com/488183/episode-10-condor-the-legendary-fugitive

YouTube:

https://youtu.be/1OszBihkyDs

Rumble

https://rumble.com/v47ehji-episode-10-condor-the-legendary-fugitive.html

 

Welcome to the cutting edge of cybersecurity conversation, where we untangle the complex web of digital protection, particularly when it comes to secure remote work. In an era where our offices extend beyond the four walls to the vastness of the internet, safeguarding our digital footprint isn’t just optional; it’s imperative.

In today’s Digital Desperados podcast recap, we’re not just traversing the shadowy alleys of cybercrime; we’re equipping you with the shield of SaferNet. Imagine a workspace without the lurking dread of digital threats, where each click isn’t a potential misstep into the abyss of cyberattacks. That’s the peace of mind secure remote work can offer.

In this episode, we’re dissecting the tales of online outlaws and the legendary hackers who have danced on the fine line between infamy and ingenuity. But as we do, let’s not forget the heroes of this narrative: the secure solutions like SaferNet that empower us to lock down our virtual fortresses, be it our home offices or coffee shop corners. With tools designed to encase your online environment in a cocoon of security, including VPNs, internet controls, and a robust array of website filters, the narrative shifts from vulnerability to empowerment.

So, buckle up as we dive deep into a dark tale from the web, with a guiding light waiting to lead us back to safety. Let’s explore together how secure remote work doesn’t just protect us; it propels us forward into a future where we command our digital destinies!

Transcript Begins:

Jim Brangenberg: Hey, welcome to the Digital Desperados Podcast featuring Dark Tales from the web. Patrick McMurphy’s here today to tell us our dark tale and he’s joined by Brad Hawkins, founder and CEO of SaferNet. I’m Jim Brangenberg and I’ll serve as your story guide and just remember, this broadcast, this podcast is brought to you by SaferNet online at SaferNet. com.

You know, cyber criminals are trying to get into your computer all the time. All the time. Protect your computer, protect your workplace, your home place effortlessly with SaferNet, cyber security made simple for businesses and families. It includes a VPN, internet controls, virus protection, plus 84 website filters for a focused online experience.

Your safety is SaferNet’s priority. Get secured now. Sign up at SaferNet. com. That’s SaferNet. com. All right, Patrick, which dark tale are you telling us today?

Patrick McMurphy: So today guys, I want to talk about a legendary figure and fugitive in the hacking world. His name is Kevin Mitnick, also known as The Condor. He was extremely skilled at both social engineering and technical hacking. So The Condor Kevin Mitnick, he was born on August 6th, 1963 in California. Kevin had a fairly normal childhood, but he did show a pretty worrying interest in social engineering at a young age. So if you look at Kevin, by age 12, he convinced a bus driver to reveal where he could purchase the ticket punch machines.

He told the bus drivers for his school project. And so he went out and bought one, and this allowed him to ride any bus in the greater Los Angeles area for free. He would use transfer slips he found in dumpsters and punched them, so, just right off the bat, the guy is socially hacking. And so, he went on to attend James Monroe High School in Norris Hills. He was very interested also in licensed amateur radio and so he got a license there and he chose the nickname, The Condor, which is how he got his hacking name, The Condor.

It was because he’d watched a movie. I don’t know. Have you guys seen it, called three days of The Condor? That’s where he got it.

Jim Brangenberg: I missed that one. Must have been asleep that weekend or something Did you want to tell us about that movie, Patrick? I mean three days of The Condor – I don’t don’t know.

Patrick McMurphy: I mean, I mean if paramount will come to me with a check, i’ll talk about their movies, but you know, otherwise…

Jim Brangenberg: Okay. All right. You draw the line there. Okay. Brad did you see that one?

Brad Hawkins: No never have, never even heard of it.

Jim Brangenberg: Bummer. Okay. Sorry. We don’t have the context. So you keep going then.

Patrick McMurphy: So age 16, 1979, this is where The Condor starts technically hacking. And so he gains unauthorized access to something called the Arc.

And so the arc was owned by DC. Now DC are actually not really in business as such anymore. They got absorbed absorbed by HP, and so they were developing an operating system called RSTSE, which is one of the very early operating systems. And so he infiltrated that network through social engineering and technical skill.

He basically would kind of call in as a network administrator, even though he wasn’t. He was a 16 year old kid. And so he copied the company’s software and started selling it on the site. Now this is obviously, you know, the 80s, not a lot of computer crime. The FBI got involved. And so, he was convicted for that crime in 1988, and he was sentenced to 12 months in prison, followed by 3 years of supervised release.

And so, once the Condor got out of

Brad Hawkins: How old was he then?

Patrick McMurphy: He, he would have been between anywhere around between 16 and 20, I believe. So a kid, really. A kid.

Jim Brangenberg: Yeah, seriously, yeah. Not to correct you, because you’re telling the story, but if he was 16 got convicted in 1988, he would have been 25.

Patrick McMurphy: Oh, yeah. My apologies.

You’re correct. You’re correct. That’s, that’s how good at mathematics I am, obviously.

Brad Hawkins: He’s, he’s on top of it. Yeah. So there’s, there’s real punishment at that point.

Patrick McMurphy: So, yeah, yeah, exactly. And so once he gets out of prison and he’s on supervised released, he’s not initially doing anything, but toward the end, he decides he’s going to start hacking again. And so his first target is Pacific Bells voicemail computers.

Jim Brangenberg: You guys remember those? I can remember the voices on Pacific Bells voicemail when you listen to it. She had a great voice. I always want to meet the lady that did that stuff.

You know, we just need to remind everybody, Hey, this podcast is brought to you by SaferNet. We really encourage you to go online to SaferNet.com, check out all the different things they can do for you. I personally have been using SaferNet for months for not only for our businesses but personally. What I love is that when I tell SaferNet that I don’t want to go to a website because I just don’t think I should be going to that website, it blocks it. I can program it to block it and and the other day I was clicking on a link that I thought was a legitimate link and SaferNet says yeah, I don’t think you want to go there and it says Don’t go there. This is dangerous. I love that about SaferNet. Check it out online. SaferNet. com. Patrick, back to you.

Patrick McMurphy: So yeah, after this hack anyway, he gets a warrant issued for his arrest again, but Condor says, not this time guys. So he flees, he becomes a fugitive and he remains a fugitive from 92 to 95. And so this is really where

Brad Hawkins: So Patrick, help me understand. You know, everybody seems to have reasons for what they’re doing. And we’ve talked about that on, on other stories that you’ve so eloquently brought to us. What is it that, that you think he was trying to get to in hacking the voicemails? Is he, is he just trying to, to hear what other people are up to or, or economic value to him?

Patrick McMurphy: I think it’s a mix. So it’s not just voicemails. He, he was hacking into a lot of stuff at this time, but it’s a mix of – he just wants that, you know, that knowledge is power idea. He wants to kind of spread his legend as this hacker. And yeah, there’s definitely a financial side to it as well. You’ll see later, he gets into a lot more financial stuff, but

Brad Hawkins: So a lot of, at least his starting was trying to get a name for himself and maybe a little bit of economic value, but trying to get accolades from his hacking community.

And I find that fascinating that that’s how a lot of a lot of these people get started is just trying to get, get known for themselves in the hacking community. It’s like a community of, not buddies, but you know, rivals, but you get, you get accolades for doing it. So anyway…

Patrick McMurphy: Yeah, I mean, it’s like that in the hacking community. It’s kind of your name is your currency. So how much is the name of The Condor worth in terms of notoriety? And it’s trying to build up that reputation within the cyber underworld, I suppose. And so, as I said, yeah, so he’s fled and he’s on the run for nearly three years, but this is really, this is where it gets very interesting to me.

So as a fugitive, he started basically, he started using false identities. He would create counterfeit IDs, counterfeit social security numbers. He kept hacking during the whole time he was on the run. He was involved in wire fraud. He would sell Dublin company software, like he would have started out with.

He never left electronic traces. He would never use credit cards or cell phones. So the guy was just, he was completely clued in. And this is where the hacking community really started to notice, because the FBI’s pursuit intensified, and he became one of the most wanted criminals in the U. S. at the time.

Jim Brangenberg: That’s back when the FBI used to pursue criminals, you mean.

Patrick McMurphy: Exactly. Ah, yeah.

Jim Brangenberg: Okay, got it.

Patrick McMurphy: But I mean, if you think about it, how can you, you know, it was their early cyber crime division trying to pursue this guy who doesn’t leave an electrical trace. You know, it’s nearly impossible.

Brad Hawkins: And think about, you know, even now or today doing that without a cell phone. I mean, we live on our cell phones, and he’s out there just bouncing around, probably public Wi Fi’s and a laptop or something.

Jim Brangenberg: Well, in the mid 90s, there were still pay phones.

Patrick McMurphy: Yeah, just trying to plug it to a cable wherever he could find it, you know, real urban hacking stuff. But his hubris kind of does get the better of him because at the time there’s this pretty famous cyber security researcher called Tsutomu Shimomura.

And so he’s Japanese American. He’s a very well known name in the white hat hacker community. He’s a good guy. And so The Condor, he wants to clown him. That’s what I’m going to say. He wants to embarrass Shimomura. So what he does is that he hacks into Shimomura’s personal computer. And for no other reason than just to say, I hacked into this guy’s computer.

And so Shimomura takes this with great offense. As you can imagine, I mean, these guys, this is a battle of titans here. You have one of the most notorious hackers at the time and one of the most notorious well, yeah, notorious security guys at the time. And so, Shimomura immediately goes to the FBI and says to the FBI I’m going to assist you in tracking him down.

We are going to track down this guy. So Shimomura just has this righteous indignation about him. He’s going to track him down. And so eventually he does. He captures him. The FBI with Shimomura on February 15th, 1995.

Jim Brangenberg: So they let him have his Valentine’s date with his girlfriend before they arrested him. Got it. That was nice. I mean, it’s good that they did that. I mean, you know, Hey, we’ll let him have his date tonight. We’ll get him tomorrow.

All right. It’s important to understand businesses and families, you need to stay secure when you’re in the internet. And SaferNet can provide that security. It’s so important that you are protecting those that you love and those that you work with.

The cloud connected cyber security app SaferNet will defend against online security threats effortlessly with their 84 internet filters, and they can help safeguard your data, your devices, and your loved ones. Everywhere I go, I got SaferNet walking with me. Get peace of mind with SaferNet VPN, simplifying your cybersecurity for all of your people, for all of your devices.

Sign up at SaferNet. com. That’s SaferNet. com.

Brad Hawkins: Nice.

Patrick McMurphy: So rolling around to 1998, he was, you know, he’s captured at this point and he’s facing a lot of charges, charges like wire fraud, unauthorized access to computers. Eventually he gets about, he gets sentenced to about five years in prison. However, he, at this time, has the entire hacking community on his side.

He’s become, as I said earlier, this legend in the hacking community. So there’s a huge amount of hacking incidents around the time of his arrest all related to, we’ll say, cyber vandalism. So, they hacked, for example, Yahoo. And replace all the banners with the banners that just says Free The Condor. So in 1997 you will go around to various websites and all the banners you would see are Free The Condor.

Jim Brangenberg: Did you check that? Did you verify that point? Did you go out and try to find one of those to see what it looked like?

Patrick McMurphy: Yeah, but I broke the time machine on the way back, you know. So, and here’s the thing I’m just going to just cast light on how little authorities really understood about cybersecurity at the time.

So, The Condor is sent to 8 months in solitary confinement, initially. This is because the law enforcement officials thought that he could start a nuclear war by whistling into a payphone. This is how big this guy’s mythos had grown out of that. He could launch nukes with a whistle if there was a payphone on him somewhere.

So it was, I mean, if you think about it, this is just kind of around Y2K, so that’s the kind of mindset of people you’re dealing with, you know, it was, it was panic.

Brad Hawkins: Now Patrick, was he really that good or did he just create this persona around him that kind of freak people out?

Patrick McMurphy: He was incredibly gifted and he was also gifted in creating that persona. So yeah, to your latter points, he was amazingly talented, but no one, I don’t think anyone’s that good. You can’t start a war with an icon.

Brad Hawkins: So not only is he good at hacking, but he’s also very good at marketing, which probably would have been a better career choice.

Patrick McMurphy: Absolutely, 100 percent better career choice, I think.

Jim Brangenberg: Which one pays better though? But when you look at what he really was, he was a great relationship guy.

Patrick McMurphy: Exactly. social engineer. Yeah. Yeah. Yeah. He knew, he knew people. He knew, knew how to work people and he knew how to kind of, you know, change people’s views. And so, eventually the Condor does get released from prison and then, during his supervised release for the first three years, he’s only allowed to use a landline telephone.

So, at this point, they’re now aware that he can’t start a nuclear war by whistling into a telephone, which is, which is something. So, I think, at this point, Condor is, I don’t know, has he seen, you know, the damage his crimes have done, but he’s kind of sick of prison at this point, so, he decides to flip.

He starts his own company basically called Mitnick Security Consulting. And they kind of want to shine the light on his own case. So, you know, how it tested new computer laws, how it raised public awareness of networks and computer security, things like that. He becomes a cybersecurity consultant as well, public speaker, an author.

He founds another company called KnowBe4 and he was a frequent guest at both White Hat and Black Hat conventions. So it’s very funny if you’re looking at photos of The Condor online, he’s often with these guys smiling who are on like the fbi’s most wanted list.

Brad Hawkins: So wait a minute. They actually have real live in person black hat hacking conventions?

Patrick McMurphy: Yeah, defcon is the biggest one and it goes on in las vegas every year. It’s very funny. You’re told not to bring your atm card to it because it’s nearly immediately you lose your money, immediately walking into the arena. So it’s cash only. And people bring burner phones and everything. I would never go. It just sounds like a disaster

Jim Brangenberg: I’m just trying to think, I’m guessing that may be infiltrated by some security officials.

Patrick McMurphy: Oh, yeah. Entirely. Entirely. But yeah, so, I mean, this guy still is, at this point, is still just such a legend that people in the white hat community love him because of all the information he’s bringing. And people in the black hat community know him as the Fugitive Condor and they look up to him as a legend.

And in fact, his legend was so inspiring to a lot of people that they actually made a movie about it called Trackdown, which is about the change between him and Shimomura. And now him and Shimomura have actually met since. They became pretty good friends after his release. I’m sure he apologized for hacking his computer and Etc.

Brad Hawkins: Jim, did you catch that movie?

Jim Brangenberg: I missed that one too.

Patrick McMurphy: I’ll have to say guys. It’s not great. It’s it’s not great.

Jim Brangenberg: Oh, well, it’s good Patrick watched it. So that’s, we’re okay.

Patrick McMurphy: Yeah, it was for research purposes. But yeah, it’s interesting, historically speaking, but you know, it’s a little bit dramatic. It’s a bit like that fugitive film with Harrison Ford, you know, maybe.

Jim Brangenberg: Oh, I have seen that one multiple times.

Patrick McMurphy: Yeah, like there is no, there is no scene with Kevin Mitnick jumping out of a dam or anything like that, but you know, they get pretty close. Now, sadly, the story doesn’t end too well. So, you know, The Condor, he did contribute great things to the white hat community, but sadly, July 16th, last year, he actually passed away at the age of 59 due to pancreatic cancer.

At the time of his death, he was married, and his wife was pregnant with their first child. But yeah, it was a really short but very interesting life for probably the only figure that I know of who has endeared both the white and black hat hacking communities.

Brad Hawkins: So going back to his, his style of hacking you know, we talked a little bit about his desire to become a well known hacker. How did he end up making money through his hacking? What was he doing to generate a cash flow?

Patrick McMurphy: The biggest thing during his, especially on the run years, was wire fraud. And secondary to that he would break into, we’ll say companies that were selling software. SaaS companies basically. He would break into their systems, steal their software and then sell it on the black market or kind of legitimately at a discount.

Brad Hawkins: So he was just getting access to code and selling the code.

Patrick McMurphy: He would. He would get into their database and then, you know, find the compiling code, take it, and then, you know, sell it as, as a finished product.

Jim Brangenberg: So he was a wholesaler and a retailer.

Patrick McMurphy: Excellent.

Brad Hawkins: Maybe not a wholesaler, but a retailer.

Jim Brangenberg: And he didn’t get a chance to be a dad. That’s just sad. I’m guessing his wife was younger than him when he died.

Patrick McMurphy: Surely,

Jim Brangenberg: Which means he had some money.

Patrick McMurphy: Oh, for sure. Come on. Who wouldn’t want to date the legendary fugitive? You know, come on.

(laughter)

Jim Brangenberg: So Brad, when you think about how SaferNet would have helped in any of these areas, could SaferNet have helped Simamura, the Japanese guy that he attacked? How would SaferNet have helped prevent half of these disasters that that Condor wreaked on other people?

Brad Hawkins: Well, it really depends on how he was getting into the businesses. And, you know, in, in most cases, somebody will find a weak link with a business, you know. A sales guy that goes to Starbucks and uses his laptop to, to access the network and never turns on a VPN and never protects himself from the network and those are easy ways of getting into a network so that then you can crawl through the network and, find whatever you want to find.

And so it really depends on how they were breaking in. But yes, if somebody, if a business owner made sure that all of their employees were operating with the proper cybersecurity on every endpoint device or every computer, cell phone, whatever it is yeah, you’re, you’re going to be much safer than if you’re just

going rogue and and believing that your virus protection is somehow everything you need. So yes.

Jim Brangenberg: You heard it there from the founder of SaferNet! If you had SaferNet The Condor would have had a lot more difficulty. Maybe that Japanese guy – say his name again for me.

Patrick McMurphy: Shimomura.

Jim Brangenberg: He should have had SaferNet on his computer.

Patrick McMurphy: Absolutely.

Jim Brangenberg: Well, you heard it here. The Internet and everything digital can have a dark side, but also a bright side because it seems like these guys play both side of the aisle. Many dark players out there. It’s why you need SaferNet by your side – VPN, antivirus, 84 website filters, and so much more. The ability to track, block, allow. It’s power at your fingertips and safety everywhere you go.

Thanks to SaferNet for supporting our efforts to bring these stories to your ears and giving them the exposure that they need. It’s also a lot of fun to talk about them and for your own security and the security of those you love and those you work with, check out SaferNet. com and get secured today. Till next time, click only on the links that people send you that you trust and delete the rest, or you may become the next victim of a digital desperado.

Transcript Ends.

And just like that, we close the chapter on another enthralling saga from the cyber frontier. While the story of The Condor, Kevin Mitnick, is a captivating journey through the twists and turns of early cybercrime, it’s also a powerful reminder of the ever-evolving challenge of securing our digital lives, particularly in the realm of remote work.

As we sign off today, let’s take a moment to reflect on the resilience we can forge through secure remote work practices. SaferNet isn’t just a service; it’s a sentinel in our pursuit to remain both vigilant and victorious against the backdrop of digital desperados. The internet is our office, and we must defend it with the most robust tools at our disposal.

Remember, whether you’re diving into databases or simply sending emails from your kitchen table, the mantle of security is yours to don. With the right protections in place, like those offered by SaferNet, we’re not only shielding our work; we’re safeguarding our future.

Until next time, keep your connections secure, your data protected, and your digital life safeguarded. Here’s to mastering secure remote work and remaining steadfast in the face of the virtual unknown. Stay safe, stay connected, and most importantly, stay secure.

For more tips, tricks, and tales from the digital age, keep tuning in to Digital Desperados. And for peace of mind as you navigate the internet, check out SaferNet.com and step into a more secure tomorrow.

Jim Brangenberg: Hey, welcome to the Digital Desperados Podcast featuring Dark Tales from the Web. Patrick McMurphy’s here today to tell us our dark tale. He’s joined by Brad Hawkins, founder and CEO of SaferNet VPN. I’m Jim Brangenberg and I’ll serve as your story guide. And of course, this podcast is brought to you by SaferNet because we really want you to check SaferNet out.

Every time you go online, your heart and soul are under attack. Secure your soul. With SaferNet VPN. Simplified cybersecurity for businesses and families. Just give yourself a chance to not have your mind be destroyed by the garbage on the internet. Check out SaferNet with its VPN, internet controls, virus protection, and so much more.

Like 84 website filters. Stay safe and productive. Get secured now. SaferNet. com. That’s SaferNet. com. All right. Patrick, which dark tale is today’s highlighted? Who are you highlighting today? Why can’t we get it out today? Just tell us who’s the bad guy.

Patrick McMurphy: Well, Jim, today I’m very excited because today it’s a little bit different. We were talking about one of the many state sponsored hacker groups. And so you might ask, you know, what is state sponsored hacking?

Jim Brangenberg: You mean like Michigan or Chicago or Illinois or New York? What state sponsored?

Patrick McMurphy: No, sir. I mean state as in a nation state. And so it really refers to cyber attacks carried out on behalf or by a national government.

And these attacks are not small fry things. These are espionage, massive disruption, influencing foreign or domestic affairs. We get into real James Bond level stuff when we get into state sponsored hacking. And today, we’re looking at the Lazarus Group. One of the most notorious state sponsored hacking groups on the planet.

They’re also known as Hidden Cobra. They call themselves the Guardians of Peace. You’ll find out soon that’s completely untrue. But they are North Korea’s state sponsored hacker. So, the best way to consider state sponsored hackers is that every country Who has any military interest has a state sponsored hacker group.

So it’s quite a few of them. There’s a lot, a lot of people, a lot of players in this game.

Jim Brangenberg: Wow. I mean, I really wish I had some James Bond music to play in the background.

Patrick McMurphy: I know we should. Yeah, like the little, you know, piano from Dr. No at the start. That’s right.

Jim Brangenberg: We’ll have to work on that next time.

Patrick McMurphy: Now, as you can imagine, there’s not a lot known about them.

We do know that, so for example, there’s a North Korean defector by the name of Kim Kuk Sung. And he tells us that within North Korea, the group are known as the 414 Liaison Office within the government, which doesn’t sound like what you would call an international hacking outfit, but, so

Brad Hawkins: Before we get started, what, what is the intent of a state sponsored hacker?

Patrick McMurphy: What is the intent of an army?

Brad Hawkins: So they’re going at their, their enemies to try to gather or

Patrick McMurphy: Exactly.

Brad Hawkins: Collect data to determine how they might be able to penetrate.

Patrick McMurphy: They attack their nation’s enemy. They’re a picture of them as a very aggressive army, but they are underground. They’re digital. I mean, it’s, it’s very easy to tell if there’s a standing army walking across your border, right?

It’s obvious. When that army is in your fiber optic cables, it’s pretty hard to tell.

Jim Brangenberg: I don’t know, we seem to have some politicians that don’t see that standing army coming across our borders, so

Patrick McMurphy: That’s a good point.

Jim Brangenberg: Yeah, but what you’re saying, that these are, these are countries that are just wanting to get at us in any and all ways.

Patrick McMurphy: Yeah, they’re, they’re effectively the military and as time goes on, these kind of groups get larger and larger because things are more and more digital, right? And so the Lazarus group, they’ve been around for over a decade. We’ve seen them go from, you know, they really didn’t, didn’t have a great idea of what they were doing at the start in terms of how sophisticated they were, but they have become incredibly dangerous and sophisticated.

So the Lazarus group initially, the hackers within them are sent to Shenyang in China. So there’s a special university in Shenyang that trains hackers in terms of creating malware, deploying malware. And if anyone’s surprised that China has a hacking university, I mean, you, you should not be surprised with this.

So following this, they’re sent back to North Korea and they’re sent to the top universities. There’s Kimche University of Technology. There’s the Kim Il Sung University, where they go through a following six years of specialized education. So we’re talking about a decade worth of university level education for these guys.

So these aren’t, these aren’t dumb individuals. These are pretty smart guys. And so, Lazarus, Lazarus first attack was called Operation Troy, and it took place from 2009 to 2012. And as you know, look, they’re North Korean. Their number one target is going to be South Korea. And so, what this attack was, it was, in retrospect, kind of basic DDoS attacks, which is Distributed Denial of Service attacks, against the South Korean government.

That’s what it was initially. However, they then went on to create something called the Dozer Malware. Which was then used to launch additional attacks against South Korean websites. But this was the time they also started experimenting with, could we also attack the U. S.? And so, during Operation Troy, there was a small amount of attacks against US websites, enough for the U. S. to notice, but not enough for them to really get worried about.

Brad Hawkins: Now, when you say US based website, are you talking about US as in government or US as in individual businesses?

Patrick McMurphy: I would say private. Yeah, kind of small price stuff, but I mean enough to kind of get out. I mean, if anyone in authority of the US sees any kind of attack coming from North Korea, whether it’s against a private

individual with a blog or a small business, you know, they’re going to make note of it.

Jim Brangenberg: Wow. 10 years of training. Wow. That’s a doctorate in, you know, cybercrime. That’s unbelievable.

So, have you had one place to monitor all the internet activity of everyone in your workplace? Protect your business and family with SaferNet, the simple cybersecurity app. Shield your online presence with a VPN, internet controls, virus protection, and 84 website filters. Stay focused on your mission at work – transforming your workplace into a safe place no matter where people are going and monitor that activity, and help people be secure. Sign up at Safernet.com, that’s safer net. com. As I use it for our organization, the console of watching where all the activity is going on all of the devices, it’s so great to be able to see it. And it’s keeping us safe. It’s keeping us protected. I just love it. Safer net. com.

Patrick McMurphy: And so, you know, over time, especially from Operation Troy, Lazarus really starts learning how to get things done. So following Troy, there’s two campaigns. One is called the 10 days of rain. And the second is called the dark soul attack. Both are just targeting South Korean broadcast companies, financial institutes, ISP. They’re all into ISP blackouts in South Korea, everything within South Korea, basically they’re fully committed to just Messing up South Korea and what a lot of people a lot of commentators look back in this time I kind of feel that Lazarus are actually just training. They were using South Korea as training dummies, basically because what they go on to do is much more global in its scope.

So the biggest the first big outside of South Korea attack was the Sony pictures hack. And so this is the motivation behind this – always cracks me up because I’ve seen the movie. So I don’t know – this is in 2014. And can you remember there was a movie coming out called The Interview?

It was a comedy movie and it depicted two guys trying to get an interview off Kim Jong Un, two Americans, James Franco and Seth Rogan. And they go to, they go to North Korea in the movie and the whole movie is just a mockery of North Korea. And as you can imagine, Kim Jong Un did not like this at all.

He did not because his family have always been big fans of movies, American movies. So now they see American movies taking the fun out of them. And so he has a meltdown, he has a temper tantrum. And so he directs Lazarus group to breach Sony Pictures. So there’s a lot, a lot released here. So there’s, you know,

as you can imagine, there’s unreleased movies, there’s personal employee information, future film plans, executive salaries, and their emails, internal emails, and altogether personal data of about 4, 000 employees.

So it’s a pretty, it’s a significant breach. And so at this point, people kind of know Lazarus aren’t, you know, they’re not messing around. Their big attacks following the Sony pictures hack was something you would see a lot with North Korean hackers. It was a test. It was a heist.

And this is how actually North Korea get a lot of their money. It’s true. Cyber heist. So effectively Lazarus used the SWIFT network to issue 35 fraudulent transactions, aiming to transfer nearly 1 billion from the Federal Reserve in New York to an account belonging to Bangladesh Bank.

Brad Hawkins: Now you’re talking about, you’re talking about the SWIFT network as in international money transferring, correct?

Patrick McMurphy: Yeah, exactly, exactly. They did not get the full 1 billion at all. They made off at roughly about 101 million though. The Federal Reserve actually managed to stop about upwards of 850 million, but all that money, that’s just getting funded back into the North Korean government. That’s the whole thing.

That’s, I mean, when you always look at what’s North Korea’s source of income, because you know, they get popped up by a number of other countries, including China, right? And hacking is, is actually a huge money getter for them.

Jim Brangenberg: I just I love it when you say that king kim jong un you know through a temper tantrum He was like 15.

I mean, I mean literally he became he became the ruler when kim jong il died And he was like a little kid. I mean he was literally, I don’t even think he was shaving yet when he became the you know, the evil dictator. It was just like Oh one million dollar, I mean just seriously It’s crazy.

All right world war three started on your computer when Al Gore unleashed the internet In 1994. We want to fortify your business against cyber attacks. Well, we need to do it with SaferNet. SaferNet is the answer. It’s the cybersecurity app that protects your enterprise on all fronts, including internet filters, VPN, antivirus, website filters. It has got so much! Go to safer net. com. That’s safer

net. com You’re tired of hearing me talk about it. You got to go check it out. It’s going to change your life.

Patrick McMurphy: So, you know, Lazarus made off with their a hundred million for the dictator and they then started planning what is probably today, one of the biggest hacks that’s ever happened in terms of just destruction. I can remember the day it happened. I was monitoring everything.

It was, I was writing a lot of cybersecurity blogs at the time. And I remember, I think Twitter and like five other websites started exploding with notifications over this thing. But it was called the WannaCry Ransomware Attack. It was May 12th, 2017. It was a global cyber attack that lasted 7 hours and 19 minutes.

It impacted institutes across the globe, even Chinese institute. So this is how powerful Lazarus were getting. They were turning on the Chinese. One of the biggest services, it was the National Health Service to NHS in Britain. They crippled it entirely. Europol estimated that it impacted 200, 000 computers in 150 countries, all universities, hospitals, everything.

And so what WannaCry ransomware did is that it targeted a Windows operating system vulnerability called Eternal Blue. Now Eternal Blue, I won’t get deep into what Eternal Blue was, but it was actually found by another state sponsored hacking group about a year previous, and it was then leaked on the dark web.

And Microsoft, I’m not even sure they were aware that it was leaked. It’s a vulnerability that allowed the ransomware to get into a machine and it would encrypt all the data on the machine and demand Bitcoin for decryption. But here’s the thing about WannaCry, this is how beautifully it was written. WannaCry is art, I don’t care what anyone says, this is how beautifully it was written.

That, unlike typical ransomware that, you know, can spread through, you know, one person gets an email and then they email someone else. All it takes is one machine in the network. WannaCry infects one machine in a hospital. That’s all it needs. And it spreads like a worm across networks, jumps through printers, jumps through phones, it jumps through everything without a single bit of user interaction. All it takes is one infection and the whole institute is locked down by WannaCry.

Brad Hawkins: Oh my word. And you’re talking about the entire network. So anything

Patrick McMurphy: Like a hospital network, a university network,

Brad Hawkins: Anything within a network is going to be affected without anything other than one probably, what, a phishing attempt?

Patrick McMurphy: It was a spear phishing attack, yeah. Yeah. Yeah. But yeah, that’s all it takes. The actual economic impact of WannaCry, it cost four billion in damages.

There was car manufacturers that had to stop, semiconductor factories had to close. And I mean, even if you look at the disruption of the NHS in England, I mean, there’s people to get major surgery, they couldn’t. People died, you know. It was, it was an incredibly devastating attack. Now, the resolution was almost like something from a movie.

There was a security researcher, now perhaps we’ll do an episode about him one day, he was a black hat turned white hat by the name of Marcus Hutchins. Now, these days, the FBI still treats Marcus like he’s a black hat, but what he actually did that at the end of this seven hours, he’d gone into the, he’d gotten the code for WannaCry and deployed it on a virtual machine in a closed environment and studied it.

And he actually found that Lazarus had left a kill switch inside the virus that if you hit, it would release all of the machines that are infected, which is, which is a crazy thing to leave in your very sophisticated virus. But Marcus Hutchins had found this, hit it, and the machines basically were released from the attack. But it was, it was huge. It was absolutely huge. But yeah, you know, as you said, for WannaCry and really for other attacks, spear phishing is one of Lazarus big moves. So spear phishing, unlike normal phishing, where you can email a thousand people, spear phishing is that you know the email of the CEO of a company or the dean of a university and you email them specifically with information for them.

And that’s how you get through it. Now in terms of membership there’s only one known member called Park Jin Hyuk. The thing with Park Jin Hyuk is that North Korea claims that he does not exist. So he’s definitely a member, I think. If North Korea says you’re not real, you’re probably, they’re big.

You’re probably real. But they’re, they’re still at large, you know, they’re still working. Yeah, I mean, they haven’t had a huge, they’ve had minor attacks against South Korea, but nothing huge since. They’re probably a little embarrassed for leaving that kill switch in, to be honest with you.

Jim Brangenberg: But, well, I mean, so they blew their whole deal to make money that day. I mean, they caused damages, but they didn’t make any money. ’cause nobody had to pay ’em any ransom?

Patrick McMurphy: No. No one made money. No one made money. But there, there was a ton of damages. But, you know, you know what, Jim, maybe there may have been a couple of individual companies that paid straight away or something, but anyone who held out during that would have had to pay nothing and got their machines released.

Jim Brangenberg: Wow, well, I wonder if that guy that left that kill switch in there, I wonder if he’s still alive today.

Patrick McMurphy: No, I’d say him and his bloodline are gone off the face of the earth.

Jim Brangenberg: That’s not very cool.

Wow should we be learning something here? I mean this ransomware stuff is it’s – what should we be learning?

Patrick McMurphy: You know, Jim, I think you kind of need to take a step back and look at state sponsored hackers as a whole. So every day, the last maybe two, three years, we turn on the news, there’s been a war on the news.

We see it. But in reality, for the last decade, there’s been a digital war going on underground. And, you know, if you see on the news there’s a war, you may say to yourself, Oh, thank goodness I’m not on the front line. Boy, being on the internet, you’re on the front line of that digital war, by the nature of your statehood. If you’re American, Canadian, European, Australian, you’re a valid target to state sponsored hackers. And you know, the thing is like, you know, in traditional warfare, you can wear a bulletproof vest, which you would have to, you need to be proactive about cyber security as well, and not reactive.

I mean, there’s very little point of crying foul when you’ve been hacked, when you didn’t wear any bulletproof vest at all to begin with, so.

Brad Hawkins: That’s such a, that’s a, such a great point. Patrick, I think it’s so important to be able to realize that we are in the middle of this. It is a real thing. So many people that I know even my good friends feel like, well hacking only happens to those people that are very wealthy or very important or, you know, whatever it is, but it’s happening everywhere all the time.

And you know, these ransomwares, is just so destructive. One of the exciting things that I feel is great is is with SaferNet, it isolates a computer. It keeps that computer to the place where it will not allow something to hop through the network and violate the entire network. Now that computer might end up being trashed if somebody clicks on a email, but it doesn’t allow it to go through the network and connect to all the other devices in the, in the network.

And so I think it’s so critical to understand we have to wear our bulletproof vest in the middle of a war. We just have to. And that’s what SaferNet’s all about, is how do we help people protect their businesses, protect their families, and make sure that they’re not going to be part of these these different attacks?

Jim Brangenberg: You heard it here. You’re on the front line of the digital war, the internet and everything digital has a dark side and many dark players. And you’re learning about them here on the Digital Desperados podcast. It’s why you need SaferNet by your side, go to safer net. com and get downloaded today. And so until the next time, click only on the attachments that you trust from those you trust and don’t forward them to anybody else and delete the rest.

Or you may become the next victim of a digital desperado, maybe even a state sponsored terrorism on your internet. Get SaferNet, and we’ll see you on the next episode.

Jim Brangenberg: Hey, welcome to the Digital Desperados Podcast featuring Dark Tales from the Web. Patrick McMurphy is here today to tell us our dark tale. And it’s a good one. He’s joined by Brad Hawkins, founder and CEO of SaferNet VPN. And I’m Jim Brangenberg and I’ll serve as your story guide.

This broadcast is brought to you by SaferNet VPN. You wouldn’t live in a metropolitan area without a home security system. Why would you explore the internet without internet protection? Discover SaferNet VPN, your ultimate cybersecurity solution. Defend your work, your home with ease. We offer a VPN internet controls, virus protection for businesses and families.

And we take control with 84 website filters, protecting everywhere you go. And everywhere you try to surf on the internet. Sign up now at safer net. com. That’s safer net. com. You gotta check it out because you’ll never regret it. Safer net. com.

All right, Patrick, which dark tale are you telling us today?

Patrick McMurphy: Today, Jim, we’re going to talk about one of my favorites, Max Butler, a. k. a. the Iceman. And he was known as the Iceman because of both of his cool demeanor and he used to freeze his victims assets through credit card fraud. So, you know, salt of the earth type individual straight off the bat. So the Iceman was born on the, on July 10th, 1972 in Meridian, Idaho.

He was the youngest. Not sure how many siblings he had, but he had quite a few. His parents divorced quite young, he was just 14. His father was a Vietnam veteran and he owned a computer store. And so, you know, you can imagine, look, if your father’s owning a computer store, you’re immediately exposed to the digital world.

I mean, most people wouldn’t see that as getting into hacking, but, you know, it’s there from a very early age. And so, when he was a teenager, Iceman got into the internet, bulletin boards, if either of you can remember those online, and of course, hacking. And so, he was, he was kind of a rough kid. He, I mean, this guy just had, has had a long life of crime.

So, as a kid, in high school, he stole chemicals from the Meridian High School, just for notoriety amongst his peers. But he got caught doing it. And they kind of, the courts came down pretty hard on him. He was just a kid, but the charges were malicious injury to property, first degree burglary, grand theft, and he basically got probation out of all this.

And so after this incident, Iceman was sent to live with his father, his parents, you know, as I said, they were divorced, and he continued, he continued high school here, but you can see, this is a really, you know, this, we’re not off to a good start with this dude, you know, this guy’s stealing chemicals and things.

It’s not looking good.

Jim Brangenberg: I’m just getting over the fact that Brad and I have a lot of friends in Meridian, Idaho. I’m like, is this still going on? I mean, there’s a lot of incredible companies who you deal with on a daily basis in Meridian, Idaho. We should maybe make sure they listen to this episode, Brad. I

Patrick McMurphy: think so. If they’ve ever had their assets frozen, it’s the Iceman. He almost sounds like the boogie man, the way I’m talking about him. But so the Iceman eventually went to college. Freshman year, he gets arrested for assault. So this guy’s not playing around. He tried to appeal it. It actually, the appeal failed due to procedural issues.

They didn’t basically raise the appeal in time. And so he, he gets sent to prison and it’s probably one of the few guys we’ve dealt with who gets sent to prison for a non hacking crime, right? This guy just assaulted someone. Normally we deal with people who steal, you know, X amount of .

Brad Hawkins: Well, I was just thinking that. You got a hacker that we’re here talking about being a hacker, and so far he’s been busted for stealing chemicals and for beating somebody up. So, you look at that and say, this guy’s all around not, not a healthy minded person, so.

Patrick McMurphy: Yeah, exactly. And so he gets, he gets out of the Idaho State Penitentiary on April 26th, 95.

And so at that time, Iceman, he relocates, he lives with his father near Seattle. And so he secures a few different part time jobs, mostly in technical support, because the guy is really good with computers. And at the time, he’s involved with IRC, Internet Relay Chat, which was a really, I think one of the first forms of chatroom.

It’s still kind of popular in some circles today. But he gets involved in downloading warez . And when I say warez , I mean I’m spelling it W A R E Z. Which, and warez refers to pirated software and media. Very popular nowadays, but not as popular back then. So at the time ISPs, Internet Service Providers, are looking out for people sharing any warez at all. Like, all over the country.

And so an ISP in Littleton, in Colorado detected that Iceman is uploading warez to an unsecured server. They effectively saw he was using an intense amount of bandwidth and thought to themselves who could be using that much bandwidth. And so the uploads are traced back to where Iceman was working, which were corporate offices of CompuServe in Washington.

Jim Brangenberg: Which they were a huge player back in the late 80s, early 90s. They were a huge player on the internet.

Patrick McMurphy: Right, exactly, yeah, it’s, it was crazy, and so I mean, they fire him. They fire him, you know. It’s, that’s just how it is.

Brad Hawkins: Wow, so, so what, what exactly is a warez?

Patrick McMurphy: Really Brad, these days you would be referring to it, if you were like to, these days people pirate movies, and they also might pirate software, things like photoshop, and so what happens is that You would download it off something, actually, I won’t go into how you would do it.

Brad Hawkins: Good idea.

Jim Brangenberg: There’s an instruction manual by Patrick on how to steal software.

Brad Hawkins: So, so explain.

Patrick McMurphy: In very vague terms, there’s certain websites where one could download products that you would normally have to buy with money. However, they download them illegally and then they then host them illegally so others can download from them.

It’s the same then as it was, as it is now.

Brad Hawkins: So he was not in Littleton, Colorado, but he, he got busted from downloading in Littleton, Colorado. Can you explain how that happens?

Patrick McMurphy: The ISP was, the internet service provider was in Littleton, Colorado, and saw that his bandwidth was excessive. So the ISP for a CompuServe were likely a company based out of Littleton, Colorado.

Brad Hawkins: Hmm. Gotcha.

Jim Brangenberg: Oh, but you know, just like you said, someone’s always watching as we see in this great story. How else would they know how to advertise what’s on the side of your screen? That’s what I want to know. How come when you have a conversation in your living room, all of a sudden we pull up your phone and Facebook, the ads have to do with exactly that?

No, they’re not listening at all. No, they’re not. No. So you need to stay safe. Wherever you are on the internet and SaferNet is the way to get that done. It’s an easy to use cybersecurity app on all of your devices. It keeps your business and your family protected. Experience your VPN with internet controls, virus protection, 84 website filters for a distraction free and safe online environment.

Get secured now. It’s going to change your life and it’s going to make it so you don’t ever have to worry about, should I be clicking on this link or not? Well, you probably should still be worried about that, but safer net’s going to be your back up. Safe for net. com. That’s safer net. com. Back to you, Patrick.

Patrick McMurphy: Right. So not only was Iceman fired, he was also now facing a 300, 000 dollar lawsuit from the software publishers association for unauthorized software distribution. So in a somewhat unusual move, he settled the lawsuit for 3, 500 dollars as long as he provided free computer consulting. So it’s a bit of an odd move.

Why would you settle and then get consulting off this individual? And so Iceman has this idea that he’s going to, he’s going to make it this computer security consultancy and he adopts this new alias called Max Vision. He’s a very dramatic individual. That’s part of the reason why I like him. It’s just stupid names all the way through.

So his intention here is to kind of pivot away from his past and into this white hat hacker role, focusing on defensive cyber security measures. Now, you probably know what I’m going to say next, because this did not last at all. While Iceman or Max Vision was going around fixing security leaks, he installed a backdoor on every single system he fixed.

So he could go in there for later access. The guy was just, he was relentless. Unfortunately, he kind of poked the wrong bear because he was working with one company who were a client for the Department of Defense and he decided it would be a fantastic idea to install a backdoor on a DoD system. And so due to this, the, whatever investigators they have in the DoD are there sitting at their computers and they get a pop up that says, Oh yeah, by the way, someone just installed a backdoor on one of our systems, buddy.

And so the DoD immediately find him, he gets arrested, and on the 25th of September 2000, he pleads guilty to gaining unauthorized access to Department of Defense computers. They send him for 18 months into a federal prison. And so, most people here would probably learn their lesson, right? In a federal prison.

But, you know, Iceman gets out after 18 months. He’s released in 2003. And he begins exploring Wi Fi for anonymous cyber attacks with an accomplice called Chris Aragon. And so, him and Aragon are a duo to be reckoned with, really. They actually start creating their own malware, including rewriting something called the Bifrost Trojan.

And what the Bifrost Trojan was excellent at back in the day was bypassing antivirus. Back then it was all Norton McAfee. I mean it’s still kind of, a lot of it is today, but Bifrost just strolled right past either of those applications. He also used HTML applications and capabilities on Internet Explorer, which a lot of people were still using for some reason to steal American Express credit card data.

Jim Brangenberg: Well, in 2003, Internet Explorer was like – Nobody else had anything else. I mean, there were very, there were very few options. I mean, the Google was out there then, but Internet Explorer and Google, that was it. That’s all you had.

Patrick McMurphy: There was like early Firefox. There was a couple, there was definitely, there was a few options.

Jim Brangenberg: I wouldn’t have used early Firefox. Late Firefox and even in the late 2009, 10 was still a little rough. I use it today, but anyway, sorry, I interrupted you. I know you’re getting all the really good stuff, but it’s just like. There weren’t a lot of choices. Internet Explorer, if you had a PC, it’s what you’re going to use. That’s what you had.

Patrick McMurphy: Yeah, I know, but man, I just, I could never be caught with it. Even when I was that age, not a chance. And so, what he did with Bifrost, he targets Citibank basically using Bifrost to steal credit card information. He would then funnel the PINs over to Aragon, his accomplice. And so Aragon would coordinate cash withdrawals from ATMs.

He would get blank debit cards and load up the debit cards with the numbers that the Iceman was stealing. He would go to the ATMs and basically just drain them dry.

Brad Hawkins: So, so basically, what he’s doing is every time he gets busted, he just gets more sophisticated and more aggressive in what it is that he’s trying to do.

Patrick McMurphy: Yeah, if you actually trace every time he gets arrested, when he gets out of prison, he gets more aggressive, basically.

Brad Hawkins: It’s like he’s in there saying, I got to do this better next time. And you’re giving him a timeout to analyze and figure out a better strategy.

Patrick McMurphy: I mean, if they talk about prison being for rehabilitation, it was not. It just made the guy angrier.

Brad Hawkins: Yeah, he’s super aggressive in this growth strategy. Yeah, unbelievable.

Jim Brangenberg: I think pretty sure that prisons have become a breeding ground for further criminal activity except in a few certain states, but most… prison is not a place to go and you know, just relax for several years.

Business owners, you gotta listen up. I mean, it’s criminals, search engines. They do not need to know everything you do on the internet. Safer net ensures your company’s safety with its powerful cyber security defenses like their VPN, their internet filters, their web, their website filters, their internet controls, and their antivirus.

You gotta trust safer net, get it on your computer now so you can have worry free online operations. Safer net. com that’s safer net. com. Back to Iceman.

Patrick McMurphy: Yeah, so, you know, as I was saying, Iceman, I mean, the name comes from the cool demeanor, but it’s here, you see. So when he was using the Bifrost Trojan it actually, he ended up freezing people’s assets because there was so much credit card theft involved. He was eventually arrested again in 2007 for running something called carders market.

And now, things like carders markets are very popular to this day. And what the website carders market was is that, you would steal credit cards, and you know, obviously it’s kind of hot. You want to get rid of it as soon as possible. You go to the carders market, and then you sell on that information to people.

And you have to ensure that the credit cards are working, you can’t just go in with any old numbers, or you, you, you lose your credibility. But the authorities

had found he was the guy behind it. And so what happened is that he eventually pled guilty to wire fraud for stealing close to 2 million credit card numbers.

His use of credit card details, just between him and Aragon, resulted in 86 million dollars worth of fraudulent transactions. And so, he was sentenced to 13 years in prison, which was at that time the longest hacking prison sentence in the U. S. He’s been released. He was released in 2021. He’s under five years of supervised release, and he also has to pay back 27. 5 million dollars to his victims. So right now, as we’re talking, he has three years left before he’s unsupervised. Will he go back to hacking? Without an absolute doubt, the iceman will be back freezing your credit cards. You heard it here first. .

Brad Hawkins: Wow. So obviously that’s a lucrative business. Right. To, to hack on those credit cards.

How do they get ’em?

Patrick McMurphy: Mostly through various means like the Bifrost, Bifrost Trojan, which, you know, in itself could deploy botnets, get involved in phishing. It’s really, it’s the same old story, Brad. They’re using just different methods that all, all come back to the same attack vectors.

Brad Hawkins: Hmm. So those people listening, what kind of strategies would, can you think of that would help them not give up their credit card information?

Patrick McMurphy: I would say the biggest one is phishing. It’s always going to be phishing. That is the number one cybercrime attack vector for just about anyone. You get the dodgy email about pay your bill, and you go in and all you need, or maybe you get an email about all your packages here, what you need to pay for it, can you give us 10 dollars ? And you put in your credit card information and it’s gone. It’s always going to be phishing.

Jim Brangenberg: The Post office, sending you an email going, Hey, we’ve got a package for you, but we, we can’t deliver it to you. Give us your address. And then we’re like, well, how’d they get my email address? People seriously. Or UPS or FedEx. But what I find is that I get constant emails on my hotmail account that they have real people’s names, but when you look at the email address, they’re not real people.

And so you just, I’m constantly deleting. I mean, I get 500 junk emails on my Hotmail account every day. I’m like, really? Yeah, I wasn’t born yesterday. Patrick, is there a moral to this story? You got any morals to the story? I think we should come up with a moral to the story.

Patrick McMurphy: I think the moral to the story here, Jim, is quit while you’re ahead if you’re a hacker. Quit while you’re ahead. It’s a story of, I suppose, an individual who’s been a career criminal and despite his past, he was always allowed near the sensitive computing system. It’s ridiculous that time and time again, I mean, the guy gets caught for pirating and then they’re like, okay, we’ll leave you off if you come work for us.

And then, and then they get surprised when he starts hacking them. But it kind of goes, and as well, you know, it goes to show you just never know how much cybercrime there is out there in relation to things like card theft until. You don’t know you’re a victim until, you know, your assets get frozen by the Iceman, so.

Brad Hawkins: Right, right.

Jim Brangenberg: Well, you heard it here. The internet and everything digital can have a dark side with many dark players like Iceman. It’s why you need SaferNet by your side. VPN, antivirus, 84 web filters, so much more. Listen, I’ve installed it in all of my company computers, on all of my personal computers, and It’s fantastic.

The other day I had an email and I thought it was legit. And I clicked on it and, and safer net said, yeah, I don’t think you want to go there people. And, and I just said, well, I guess this isn’t legit. So thanks to safer net for always supporting our efforts, for bringing these stories to your ears and giving them the exposure they need.

Really iceman needs to be exposed to a big hot flame. Please for your own security and the security of those you love and those you work with, check out safer net. com and get secured today. Till the next time, click only on the links you trust from those you trust and delete the rest or you may become the victim of a digital desperado.

Note: If you would like to listen to this podcast instead of reading the transcript, here are the links!

Libsyn:

https://sites.libsyn.com/488183/episode-7-sabu-hacktivist-informant-cybersecurity-advocate

YouTube:

https://youtu.be/XRF0TlBv0Ak

Rumble:

Hey there, digital defenders and internet enthusiasts!

Diving into the boundless ocean of the web can be a wild ride. There are thrills, chills, and, unfortunately, a fair share of digital sharks lurking in the depths, ready to turn your peaceful online swim into a desperate fight against cyber threats. That’s where solid cybersecurity solutions come into play, making sure you can surf, stream, and socialize without the ominous shadow of a cyber attack.

In today’s story time, we’re not just chatting about any cybersecurity solution; we’re talking about the best VPN service out there that acts like your personal internet lifeguard—SaferNet. This isn’t just another tall tale; it’s a narrative that could make you rethink every click and password you’ve ever set loose in the digital wilds.

Grab your digital popcorn, because you’re about to dive into a real-life cyber saga featuring the infamous hacker Sabu. His journey from a shadowy online figure to a white-hat hero reveals the stark reality of internet vulnerabilities and why safeguarding our digital lives with reliable cybersecurity solutions isn’t just smart—it’s essential.

So buckle up, set your browsers to incognito, and let’s get the lowdown on why even the sneakiest of cyber threats can’t outsmart a top-notch VPN service.

Transcript begins:

Jim Brangenberg: Hey, welcome to the Digital Desperados podcast featuring Dark Tales from the Web. Patrick McMurphy’s here today to tell us our dark tales and he’s joined by Brad Hawkins, founder and CEO of SaferNet. I’m Jim Brangenberg and I’ll serve as your story guide. This podcast is brought to you by SaferNet.

Anymore going online can be scary every time you click on a link. You don’t know where that link’s gonna go. Join the mission to stay secure online with SaferNet. Perfect for small to medium sized businesses and families as well. Our cybersecurity app provides a VPN, internet controls, virus protection, and it can help your work and family life to operate in harmony with 84 web filters, keeping distractions away.

Hey, get secured now. Sign up at SaferNet. com. That’s SaferNet. com. Patrick, which dark tale are you telling us about today?

Patrick McMurphy: Well, Jim, today we’re going to talk about an individual called Hector Xavier Monsegur, AKA Sabu. Now Sabu is one of my favorite go to guys these days for information about hacking.

And you, you’ll see why by the end of the episode, but So Sabu, Sabu was born in 1983 in Puerto Rico to a very, very young father. His father’s only 16 years old. Now there’s no, there’s no talk of where his mother is. That’s, that’s kind of unknown information. But he lived with his father who was 16 and his grandmother who was 40.

So two pretty young people to be a parent and a grandparent, right? Yeah, so it was a pretty challenging upbringing. His father actually ended up being arrested. He was dealing drugs. And so him and his grandmother moved to the projects in New York City, where he kind of spent most of his childhood.

And so Sabu became pretty interested in computers, computing and hacking from a young age. When he was, when Sabu was about 14 in the news at the time, there was a Puerto Rican person who was accidentally killed by the Marine Corps. Essentially he was out, he was near a test range and they were testing bombing campaigns basically, and this individual was killed.

And Sabu kind of took that as some kind of attack against the Puerto Rican people. And so he began to hack into various websites protesting what he felt was the U. S. government’s mistreatment of Puerto Ricans. So he would deface, he even managed to face a couple of military websites and he just left messages.

One, one notable message he left was just a single line and which said, Hello, I am Sabu, I am no one special for now. Which was kind of telling because he goes on to be someone pretty special in the hacking world.

Brad Hawkins: You know, you know, Patrick, this is really interesting because it’s, it’s the first time I’ve heard you tell a story about somebody that was at least starting out with the attitude of justice.

Patrick McMurphy: Yeah, and that’s, that, that definitely, that feeds into Sabu’s life and this idea of justice. Now, some may say later it’s, you know, he was, he was seeking justice in all the wrong ways, but Kind of the tools that Sabu was looking at, he was looking at exploring vulnerabilities on websites, phishing attacks, which we’ve talked about a bit, social engineering and cross site scripting, which is also known as XSS.

And so what cross site scripting is, is that it’s injecting malicious scripts into webpages. And that may be through like online forms and whatnot, where if you type in a certain string of characters, it might actually breach the form. And then you can go ahead and do whatever you want to the website. So it’s pretty nasty stuff.

Jim Brangenberg: When you say social engineering, I mean, I’m thinking they’re doing genetic engineering. What do you mean social engineering?

Patrick McMurphy: I wish it was that cool. No, social engineering, it happens regularly even today. It’s effectively just talking to people and by talking to them, getting their password.

So, you know, we’ll say you’re, you’re, you befriend someone and you get to know them well, and you know, you get talking about family and they’re like, Oh yeah, so what about your mother’s family? And they might drop their mother’s maiden name, for example. Boom, that’s access to most people’s email because.

The recovery question for 90 percent of emails is, what is your mother’s maiden name? So social engineering is almost like physical hacking. You’re just speaking to people, trying to get their details without actually being at a computer, so it’s a level of charisma that’s required there, I think.

Jim Brangenberg: Well, and I’ve seen a lot of stuff on Facebook where people are asking, Hey, answer these questions and they’re always questions that would be like answers to your passwords or to your, the, the, the questions. I mean, are they doing that stuff on purpose?

Patrick McMurphy: Yeah, that’s Facebook is a breeding ground for social engineering at the moment.

Back in, back in the early 2000s, the big one was, it’s actually hilarious to think about was that going around chat rooms that if you, that you were told if you got your parents credit card numbers and typed in XXX then followed by your parents credit card number the numbers would be obscured because of the X’s.

And so, you know, hundreds of people would post these numbers, which would just appear by the actual number trailed by X’s at the front. So, you know, it’s, it’s very easy to catch out people, but Facebook is huge for it. It’s a social, like, that’s a social engineer’s dream come true.

Jim Brangenberg: All right. So Sabu is, he’s exploiting vulnerabilities on websites. He’s doing phishing attacks and phishing is not with a pole and a, and a hook. He’s doing cross site scripting, which maybe I ought to describe that too as well. What do you mean by that?

Patrick McMurphy: So we’ll say you have a website. We’ll say you have a contact form on a website, and normally, as you would expect, that contact form would take English, but it also takes a programming language called SQL. Which really isn’t used as an end user, but you can, on certain unsecured forms, you can put in malicious SQL and hijack the form, and by hijacking the form, hijack the website effectively, and gain control of that website.

Jim Brangenberg: So really what they’re doing is trying to get the information that people are entering into the form. That’s what you’re saying?

Patrick McMurphy: Yeah, yeah. Exactly, exactly. And so while all this is happening I mean, Sabu’s still in high school at this point. But he’s in high school and he’s actually trying to fix his high school computers, and he’s walking around with a screwdriver, and it’s seen as a perceived threat. And he gets expelled for walking around school with a screwdriver, as you know you would expect.

Jim Brangenberg: Did he ever say why he was walking around school with a screwdriver?

Patrick McMurphy: He said he was fixing the school’s computers, which he actually was, but you know, I mean keep the screwdriver in a bag or something, man, you know, don’t walk around, you know, gripping a screwdriver down the hallways, you know, I mean.

Brad Hawkins: They take that zero tolerance seriously, yes.

Patrick McMurphy: It’s understandable, you know, come on.

Jim Brangenberg: No, no it’s not! No it’s not.

Patrick McMurphy: But sadly in 2010 Sabu’s grandmother died and he actually became a foster parent and he at this point had to turn to hacking full time for income.

Jim Brangenberg: Wow Speaking of hacking so many apps out there for just grabbing your information. Would you like an app to help control your Internet time, controlling your phone internet time? I know I’d like to some days just turn Martha’s internet off about 8 o’clock at night so we can have more conversations, but how do you control time on your computer and your tablet? Well SaferNet has a solution there. Your shield against online threats simplified cyber security for businesses and families. It’s it’s all of that and more! Explore having a VPN to protect when you’re online, to protect you to have internet controls like controlling how much time you have on the internet.

It’s great for your family. It’s also probably great to have at work as well – virus protection, 84 website filters. Just making everywhere you go a secure online place to be. Get secured now at SaferNet. com. SaferNet. com.

You know, I just want to know for those things, Patrick, you’re talking about – would SaferNet help us protect against? Or maybe, Brad, you answer this question. Would SaferNet help us protect against that stuff where a website’s been hacked and it’s going somewhere it’s not supposed to go?

Brad Hawkins: Well, it’ll, it’ll certainly protect you from anybody that’s trying to get your information, and that’s what’s key is that you know, he’s using phishing attacks to be able to get in there and snag your information. If you go in there and click on something that, that is the bait that they’re using trying to gather that information.

It is so fun to be able to realize, Oh my gosh, I just clicked on something that is not, SaferNet won’t let me go any further. It just saved me from a nightmare. And I gotta tell ya, it did me. I was doing a little bit of international travel here last week, and I wasn’t paying attention, and I just clicked on an email, and SaferNet popped up and said, you don’t want to do that. And so

Jim Brangenberg: I do too. I do too want to do it!

Brad Hawkins: I am always grateful that I have SaferNet on all my devices. And that was, that was my iPad. That was just I was just traveling in a car, hitting a button and sure enough, it said no. So yeah, I am eternally grateful for what it is that we’re able to stop.

So Patrick, I want to ask you a question. How did this young kid… obviously he’s young. He’s in foster families at this point. How did he figure out how to make money on doing phishing attacks or gathering data off of somebody’s contact list, off somebody’s website? What was he doing to make money? How did he do that?

Patrick McMurphy: Well, really with any kind of phishing attack, especially this thing, Sabu. I mean, Sabu wasn’t working for a major hacking corporation. He was working for himself. You’re really looking at kind of small time credit cards small time credit cards from phishing and things like that.

But, you know, Sabu, kind of, as we said at the start, he had some sense of justice. And so, while Sabu was hacking for profit, this actually eventually turned into hacktivism. Hacktivism, very controversial subject, but it effectively means that you’re kind of hacking for justice, where that might be, you know, there could be environmentalist hackers trying to hack some oil website or something like that, you know, or hacking a government website if you disagree with x, y, and z.

But it, you walk on very blurred lines with hacktivism and the main hacktivist group since probably 2006 are called anonymous. And he joined anonymous and became a very prominent member. Now anonymous doesn’t have a leader. That’s its point but it’s it’s kind of its direction is dictated by a collective of individuals, very small number, who have both high technical skill and they’re very domineering personalities. And Sabu actually had both of these. So Sabu establishes himself as one of the main members of Anonymous, within Anonymous, because from the outside, no one knows who’s a member.

And they actually operate within a cell structure as well. So they’re very much clouded in mystery. but from within Anonymous Sabu led something called LOLZSEC which did hacks for the LOLs . And now that sentence may, may not make. Much sense right now, but what the lulz are, the lulz was kind of this concept devised in the mid 2000s.

Jim Brangenberg: I was going to say, for people that, you know, maybe having a struggle with Patrick’s Irish accent, lulz, l u l z, s e c, lulz, lulzsec. There you go.

Patrick McMurphy: Yeah, and so the word lulz itself is a corruption of LOL , which is laugh out loud, and so you could probably gather if you did something for the lolz , it means you did it because It was purely out of mischief or you and your friends found it funny.

So it’s kind of a chaotic way of hacking. It’s not really for the money. It’s just for saying, hey, I did that. This is funny. We we made these guys look like fools. It was for the lolz basically as well.

Brad Hawkins: Is what that means. Is that something that Anonymous works on together or is it how does Anonymous play into that situation? Do they just motivate each other? Do they educate each other?

Patrick McMurphy: Yeah, they would orchestrate a lot of the, a lot of attacks like these and carry them out. But I mean, Anonymous was so chaotic that there was people who would say that they’re members and they’ve not talked to anyone else on it. I mean, it was a really chaotic movement. It’s still around but it’s not like it used to be anymore.

But LulzSec was one of the known movements within it and they were really high profile guys. They ended up targeting news corporations. They even got into the CIA’s official website. All they were doing were just defacing websites. They weren’t actually stealing much stuff. They were just saying, Oh, by the way, this group of teenagers are better at cybersecurity than, you know, your secret agents.

Jim Brangenberg: So reassuring.

Patrick McMurphy: Oh, very reassuring. Yeah. Just some kid with a laptop is, you know, better than the CIA. Now there was at the time, if you guys can remember Occupy Wall Street, Anonymous were very active during this time and Sabu was actually at it in person.

He was met by an anthropologist called Gabrielle Coleman, who wrote about it extensively. And when she was describing Sabu, she said that he was both respected and feared. So it kind of says a lot about the kind of guy he was. He wasn’t just some, you know, skinny kids with a laptop. He was, you know, he must have kind of, he was quite a presence in real life as well.

And so, I mean, like with any group, there’s going to be splinters and there was one splinter from anonymous called backtrace security. And really backtrace had grown critical of vigilante activism. Once when they were asked to explain

their motives, they stated that one cannot fight for justice and democracy by using unjust, anti democratic tactics.

So they were actually all about ousting members of Anonymous who they felt weren’t pursuing justice in the correct way. And eventually they found Sabu, they found his exact details and they ousted him to the FBI. And so on the 7th of June, 2011 Sabu was arrested by the FBI and the next day he became an FBI informant.

Yeah, so, he, he was, this is where his story really takes off There’s been a lot said about his cooperation since his arrest. For example, one U. S. attorney noted that the defendant was cooperating like from the get go effectively. He would stay up all night in conversations with whole conspirators, affect the o other anonymous members to try help the government to build cases against them. Now, as for what the FBI had on Sabu, they had him on 12 charges, including hacking and fraud. But he had a potential prison sentence of a hundred twenty five, twenty four years, so several lifetimes.

So during his time he enabled the arrest of a lot of people. A lot of people from Anonymous, LulzSec, Antisec, which is very similar to LulzSec. Notably there was two UK hackers who we’ll cover in a much future episode called James Jeffery and Ryan Cleary. They were both arrested because of his information.

He did attempt to entrap author of ransomware called CryptoCat. However that failed, but he was, he was actively doing this for until March 6, 2012. Basically appearing to oppose the government online, but actually collecting all this information on people he was working with.

Jim Brangenberg: Well, I’m waiting for you to say, Hey, and then the Russians came in and they hired him. And so he left the country. Oh, maybe that’s coming up. I don’t know. That’s coming of the future, but I don’t want to spoil the rest of the story, but you know, if you’re an entrepreneur out there, you need to understand that you need, we got to use the internet to do work. We have to use the internet to do work, but you’ve got to do it in a safe way.

You need SaferNet by your side everywhere you go on the internet, whether it’s on your phone, on your tablet, on your laptop, on your desktop. You need SaferNet to protect you. So when you’re out there, people aren’t getting into where you are and SaferNets protecting your, not only your eyes from going places you shouldn’t go, but it’s protecting your keystrokes from going where you shouldn’t go as well.

Protect your business environment from cyber threats. Go to SaferNet. com that’s SaferNet. com. You’ll find that this is extraordinarily reasonably priced and very, very powerful. It’s got an incredible console for managing your entire organization. Go to SaferNet. com.

All right, Patrick, finish this up. What happened as you, you laid it up pretty good for us as of March the six. What was that?

Patrick McMurphy: Sorry. I think I just lost you there for a second, Jim.

Jim Brangenberg: No, no problem. But so, but you got to march 6th. You said he, up to then, he appeared to be working for the government.

Patrick McMurphy: Yeah, and so by March 6th, the FBI had arrested kind of the five main hackers within Anonymous. And Anonymous at this point realized it was Sabu that was, you know, snitching on them.

Brad Hawkins: Now were these, these the same guys that ended up turning him into the FBI?

Patrick McMurphy: It was, it was Backtrace that turned them into the FBI. Backtrace were a splinter group from Anonymous.

Brad Hawkins: So, so, it was, it was a little bit of revenge as well as keeping himself out of jail.

Patrick McMurphy: Oh yeah, yeah, yeah, completely, yeah. But I mean, so when Anonymous found out that it was Sabu who was betraying them, I mean, their official Twitter account tweeted that, Anonymous is a Hydra. Cut off one head and we grow two back. Now, that’s not strictly true as it turned out because since Sabu’s work with the FBI, Anonymous haven’t been half the machine they used to be.

But as it turned out, when they looked over all of Sabu’s work, he’d actually prevented 300 cyber attacks including planned attacks on NASA, the U. S. military, and a number of media companies. He only did seven months in prison the rest was time served, and of course, his work with the FBI. And so these days, he’s a white hat hacker. He’s actually a director for a penetration testing company.

So if you’re unsure about your cyber security, you give Sabu’s company a call and he hacks you and tells you how good your security is. And really these days he’s involved in a lot of advocated for safe security awareness and education.

Also heavily emphasized the importance of ethical behavior in the digital domain and within hacking. Still works with the

Jim Brangenberg: Okay, I don’t know. It, that seems hard to believe. I don’t know. Brad, are you believing that?

Brad Hawkins: Well, you know, the stories that we’ve heard there’s several guys that ended up doing that. And then on the, on the dark side, behind the curtain, in the background, they’re, they’re you know, up to their old tricks.

You know, I’m an eternal optimist. I, I would love to hear a great story about somebody that said You know what? I turned myself around and I started making some better changes and now I’m operating 100 percent as a white hat hacker. I would love to hear that. And actually, truthfully, I know a couple of them you know, I don’t know what they do in the evenings, but I know a couple of them that are white hat hackers from the dark side.

So I certainly hope so, but there’s, there’s always that element of you know, pay close attention.

Patrick McMurphy: Yeah, yeah. I mean, a lot of these guys we come across, they’re double agents, they’re triple agents, quadruple agents, you know, it’s kind of, it’s hard to tell a lot of the time. As you said, Brad, what do they do at night when they go home?

You know?

Brad Hawkins: Yeah, you know, honestly, I would absolutely love to hear a story about something like that that says, you know what, now they’re 100% on the clean side and all they do is show people what they need to do to keep themselves safe.

Patrick McMurphy: I mean, I fully believe that Sabu, I mean, so that’s really all he’s doing these days. He’s doing, he does a lot of conferences also. So his latest was called Exposure 2023. That was just two months ago. I watched that. It’s definitely worth the watch. He’s the kind of guest of honor on it. But one of the things he talks about at length this year was that how modern financial cybercrime is so easy. The dumbest person you know could carry out a financial cybercrime. He says because due to the advent of how prevalent cryptocurrency is, he said it’s so easy.

And he kind of lamented the fact, you know, that if he was back in his day, you know, if it was that easy, he probably would be a millionaire.

Brad Hawkins: Patrick, you know, I, I believe that totally. I mean, I talk to people all the time about the fact that, oh yeah. Cybercrimes are for the big companies, you know, people are, they’re never going to hack a little, a little person like me that’s kind of meaningless or, or whatever the case is. They don’t care about anything small, like my small company or my, you know, my life.

All they care about is the big company and they do the dumbest things. I listened to some of their stories and I’m like, you’ve got to be kidding me. You, you don’t run your cybersecurity all the time. You don’t have it on all the time. I mean, there’s those kinds of things that I look at saying: you know, some people just deserve to be hacked because they are foolish in their thinking.

Jim Brangenberg: That was a little harsh, but you heard it here. The internet and everything digital can have a dark side and many dark players. It’s why you need SaferNet by your side, VPN, antivirus, 84 web filters, and so much more. Thanks to SaferNet for supporting our efforts to bring you these stories and giving them the exposure that they need, even if we remain a little skeptical.

Please, for your own security and safety of those you love and those you work with, check out SaferNet.com and get secured today. Till the next time, click only on the attachments you trust. From those you trust. And delete the rest, or you may become the next victim of a digital desperado.

Transcript ends.

And that’s a wrap on today’s digital odyssey! We’ve ridden the rollercoaster of cyber exploits, witnessed the highs and lows of hacktivism, and seen the redemption arc of a notorious hacker turned cybersecurity champion. If this doesn’t scream the need for iron-clad digital protection, I don’t know what does!

In the vast wilderness of the web, it’s not just about staying safe; it’s about thriving without fear. Whether you’re a start-up maverick, a remote work warrior, or a family safeguarding your home network, there’s one cybersecurity solution that stands out: SaferNet’s VPN service.

Think of SaferNet as your personal cybersecurity squad, armed with the tools you need to keep those sneaky cyber threats at bay. It’s the best VPN service to have by your side, whether you’re battling malicious malware or dodging digital desperados.

So don’t leave your digital doors unlocked. Fortify your internet experience with SaferNet, and become the hero in your own cyber safety story. Remember, a secure online world is not just a possibility; with SaferNet, it’s a promise.

Until next time, keep your data locked down and your spirits up. Stay savvy, stay secure, and let’s keep the conversation going. Don’t forget to protect your digital life with the best VPN service out there—visit SaferNet.com and take control of your online safety today!