Author: Denis Ring

Welcome to the digital frontier where the quest for cybersecurity never sleeps. If you’ve ever found yourself wondering about the mysteries lurking in the corners of the web or how to shield your digital life from prying eyes, you’re not alone. Here at Digital Desperados, we’re all about diving into the untold stories of the web, served with a side of savvy tech insights and a dash of humor.

Before we unspool today’s tale of cyber intrigue, let’s talk about staying secure in a world that’s increasingly online. Whether you’re a family man trying to safeguard your kids’ online adventures, a small business owner guarding precious data, or just someone who likes to keep their digital footprint neat and untraceable, the Best VPN Service out there isn’t just a nice-to-have—it’s a necessity.

That’s where SaferNet comes in, your ally in the fight against cyber threats. With SaferNet’s VPN, you’re not just getting another layer of encryption—you’re enrolling in a complete cybersecurity program. Think of it as the digital equivalent of a Swiss Army knife: it’s versatile, reliable, and always ready to protect you from the unseen dangers of the internet.

So, as we gear up to explore the shadowy world of Gary McKinnon—Solo, the infamous NASA Hacker—let’s not forget that the web’s wild west days are far from over. But fear not, with services like SaferNet, you can roam the digital plains with the confidence of a sheriff in a lawless town.

Now, grab your virtual hats and join us as we unravel the enigma of a man who looked beyond the stars and left the world’s superpowers grappling with ghosts in their machines. This is the Digital Desperados Podcast and we’re ready to take you on a journey through the darkest alleys of the internet—safely, of course, thanks to the Best VPN Service you could ask for. Let’s get started.

 

Jim: Hey, welcome to the Digital Desperados Podcast, featuring dark tales from the web. Patrick McMurphy is here today once again to tell us our dark tales. He’s joined by Brad Hawkins, founder of and CEO of SaferNet. SaferNet, VPN online at SaferNet.com.. I’m Jim Brangenberg And I’ll, serve as your story guide, and of course, our podcast is brought to you by SaferNet.

They’re bringing the best stories for us to hear. You know, anywhere going online can be scary every time you click on a cotton picking link. You just don’t know where you’re going. Join the mission to stay secure online with SaferNet VPN. Perfect for small to medium sized businesses and families. Ah, the cybersecurity app from SaferNet provides VPN, internet controls, virus protection, and web controls.

Work and family life can be in harmony with these. 84 filters keeping distractions away get secured now protect your family, protect your business, protect your office, protect your organization, protect your church, protect your local lions club, whatever it is, sign up at SaferNet. com. That’s SaferNet.

com. All right, Patrick McMurphy, who’s dark tail are you telling about? Tell us about today.

Patrick: Well, today’s episode is one that I’ve been looking forward to since we started because this guy is probably my favorite of the Digital Desperados. His name’s Gary McKinnon, also known as Solo or the NASA Hacker.

And so in previous episodes, you know, people have been motivated by finances, government pressure, or employment, or notoriety. Gary’s motivations were completely extraterrestrial. He was looking for evidence of aliens. So Gary, the NASA hacker, Solo, let’s call him Solo, he was born in Scotland in 1966. So a cousin of mine, really, in many ways.

In the early 70s, he moved to London with his mother and his stepfather. So his stepfather was a science fiction fan and had a keen interest in UFOs. As you can imagine, this rubbed off on Gary quite a lot, and he developed his own interest and obsession in UFOs. And so because him and his stepfather are, you know, they’re pretty close, they get on well they also developed this interest in household computing.

And so the stepfather buys a PC for their home when Gary’s aged 14. And so. Gary spends the next couple of years really just learning the ins and outs of computing around software around hardware He’s not as not as adept as Mafia boy, but he’s he’s pretty tech savvy. Around this time, there was a movie released called Wargames, I don’t know if you guys have seen that, and it was released in the early 80s.

Yeah, it’s brilliant, it’s brilliant, and it created a generation of hackers, including Gary, but when Gary saw that movie, it had a huge influence on him. the movie that gave him the first desire to become a hacker. And he’d also, just around this time, because of the movie, Bought a book called The Hacker’s Handbook by Hugo Cornwall.

This is kind of a now famous, old almost bible type book for hacking back in the day, which really kind of gave you a set defined path on how to, how to become a hacker. So despite, you know, these probably not so great aspirations he went on to earn an IT degree and actually worked several above the board jobs in the coming years.

Brad: I personally cannot believe that there’s a book teaching kids how to hack I mean, I, I, I shouldn’t be surprised at anything, but

Jim: They got books teaching kids to do all kinds of stuff today. It seems like one of the most harmless things that you can do is a hacker’s book. I

Patrick: was going to say, I was like, look, hacking at this point is pretty, you know, Pretty innocuous.

But so yeah, Gary, Gary’s working odd jobs, but what’s always at the back of Gary’s mind are two things. He wants to be a hacker. And where are the aliens? Because remember, he’s obsessed with UFOs. And so, he gets this idea from various kind of websites and different places that the USA is hiding information about UFOs and also possibly extraterrestrial weaponry.

So he kind of, he’s like, okay, I need, he just gets this idea. I need to hack the U. S. government, which is a big idea to have. It’s a pretty lofty ambition.

Brad: I, I get it. I thought you were going to say that he was thinking that the UFOs were hiding in the internet. But now, now I get it. Now I get it.

Patrick: I mean, they might be, honestly.

So Gary decides to, you know, start off with. So much smaller fish and by smaller fish I mean Oxford University in the UK. He decides he’s going to try to hack Oxford University. And so what he does is that he scans the ports around Oxford University and finds that they lead to a lot of computers that just do not have any passwords whatsoever associated to them.

So what he does is that he devises a strategy. And so the Gary McKinnon strategy is a three stage attack. And he… Kind of becomes a bit famous for it. But in the first stage, all he does is that he scans to identify any computer on a network that’s Microsoft Windows. Then in the second stage, he scans to see is there open communication.

And then on the third stage, he would look for systems that communicate with him that don’t have any password. And as it turns out…

Jim: What do you mean by open…

Brad: Yeah, go ahead. What do you mean by open communication?

Patrick: That they’re not closed off as in that they have an ex like, you know There may be internal computers within like a university are gonna have internal computers within a network Okay, it’s gonna be computers like facing out into the

Jim: it’s a port thing, too I mean if you look at how computers are set up they have ports on how you get access to the the you know The LPT one port was for your old LPT computers and now that the ports are available for assigning extra external devices to them.

I mean, the port is the communication. There’s communication ports, multiple communication ports within any computer. What I love about the fact is he said, yeah, I’m not going to worry about the Apple computers cause those are too hard. Let me just find some window windows computers because that’s so much easier.

I also noticed that he didn’t say I’m looking for Linux computers or Unix operating system computers. No, just windows computers because that’s such great software. I can hack into that. I love it. And that’s, that’s what’s sad about our world. That’s why you need SaferNet VPN because every time you go online, your heart and your soul are under attack and so was your computer.

You got to secure your computer, you got to secure your workplace, your family place with SaferNet. Simplified cyber security for businesses and families. They got. A VPN, which we will have Brad describe that on one of these episodes. What is a VPN anyway? Internet controls, virus protection, website filters, get secured.

Now stop trying to think you could do it with windows security security because that’s what the cyber security criminals are looking for is windows. SaferNet. com. That’s SaferNet. com. All right, Patrick, you just told us the most disconcerting thing and he was running windows computers. That’s what hackers are looking for.

Patrick: Yeah, yeah. And the thing is that the majority of computers that Gary looked at, they all had no password. And so… In terms from the network side. And so he made use of a legitimate program called remote, remote anywhere, which allows someone to remotely access a computer now that just, and so he uses that

Jim: just so you know, PC anywhere and remote anywhere.

Literally it just, once you were connected to a computer, you could control that computer from anywhere in the world. ’cause I used that software and it had no security features at all, .

Patrick: And so really what Gary is doing. This actually isn’t complex hacking by any means, this isn’t your game over Zeus, bank in Trojan, deploy Cryptolocker.

It’s very simplistic, but that’s, it’s so effective, that’s what kind of makes it genius. It’s simple stuff, but all the doors are open to them. So if it works, it works. And so this, Gary employs a strategy over the next 13 months, all done from a couch in his girlfriend’s living room using a 56K dial up modem.

His main objective over these 13 months is to find evidence of UFOs, free energy technologies, and technologies that are potentially being kept hidden from the public by the USA. So, in these 13 months, Gary uses the three stage strategy. And he hacks into NASA, U. S. Army, U. S. Navy, the Air Force, and the Department of Defense, all successively.

Brad: Oh my god, with the simplest technology?

Patrick: Yeah, with the most simple method he could devise. And so this period is later called the biggest military computer hack of all time, which it was. Wow. And so Gary was kind of playful. He would leave calling cards on systems, just kind of messages, mocking system this admins as in system administrators, calling them out for bad security.

He also signed his name as Solo. Which is more than likely a Star Wars tribute because we know he was a sight point nerd and he liked aliens. So, and this is where Gary begins to find what he’s looking for. Now, when I was writing these notes, I was like, am I going to go deeply into what Gary found? Or are we going to, like, we’re going to become InfoWars real quick if I get deep into this.

So I won’t go too deep into what, into what Gary found, but and I’m unsure how much,

Brad: did he find evidence of Martians on NASA’s computer?

Patrick: Well, given what, what the Pentagon findings have revealed in the last 12 months or so, I’ll, I’ll, I’ll let you jub, judge. When he claims to, he claims to have found object of UFOs, he said he’s found satellite imagery of unknown objects, which he calls silvery cigar shaped objects with geo, geodesic spheres on either side.

He found all these images. Now, here’s the, here’s the kicker. He said he couldn’t download them due to the file size. On a 56k modem and as someone who’s grown up with a 56k modem, completely understand Gary. Totally get that, oh yeah. Now entering more probably into the realm of science fiction, Gary claims to have found Excel spreadsheets named non terrestrial officers.

Which he claims lists US Air Force staff who are not born on Earth. But you know, you can take that or leave it. Now the thing was, Gary was really damaging a lot of the computers at the time, and this was right after 9 11 as well, which is not a great time to be making military attacks in the U. S.

A lot of the systems were crashed, he would delete, like, operating system critical files. There was 2, 000 computers across the board shut down entirely, I mean, 2, 000 within those government bodies we spoke of. The U. S. later claimed… It was a million dollars in damages. I feel that’s probably, that’s probably higher.

Brad: Now, what was, what was his motivation? Do you know that would cause him to want to destroy or crash the computers that he just got into? What, what, what was that to him?

Patrick: Probably just kind of a. I’ve been of an up yours to people for not telling the public about UFOs in his mind.

Brad: I understand. Now, Patrick, let me take you back. So he had a three stage approach to break into these computer systems. You know, breaking into the military computer systems with a, with a simple approach is just fascinating to me, but do you have any idea how he got in in the first place? I understand once he got in to be able to, to analyze whether or not they’re Windows computers or not, or, you know, but how did he actually get into it?

Do you know?

Patrick: As in, I mean, you can scan ports legitimately like right now, if you want, you know, it’s not. But as in to actually access them when he had scanned them he just checked for ones without passwords, which turned out to be most. Yeah, it’s, it’s, it’s, it’s so simplistic, it sounds silly, but that’s, that’s, that’s what security was like in 2004.

Brad: How, how critical is it to have a password, even if it’s a simple password, but to have a password on your computer?

Patrick: Yeah, yeah, on your network, at least, if you’re, you know. Especially if you work for the government and have evidence of UFOs in your computer.

Jim: Oh, if he could have only downloaded those files.

Patrick: Ah, look. Yeah.

Jim: I’d like to know if one of those military officers eventually got elected to office. Do you know what?

Patrick: It wouldn’t surprise me. It wouldn’t surprise Gary McKinnon either.

Jim: I want it noted I’m being quiet.

Patrick: Now, for all Gary’s deeds he really did not hide his tracks at all. He was tracked down nearly immediately and he was arrested by the national high

tech crime unit. Which are the UK authorities on the morning of March 19th, 2002. And so, Gary learns, if expedited, he faces 17, a 70 year long prison sentence in the U. S. Which is kind of understandable, you just hacked all of their government computers. And so we kind of get into the murky waters of geopolitical ramifications, everyone’s favorite subject at the moment. So the extradition, extradition. twice, went on actually for a decade. He was always using court hearings.

He was always appealing them in the late 2000s. He was actually diagnosed with Asperger’s syndrome. And so that really got the public onto it, especially the British public onto his side a lot. There was a belief he would be treated as a terrorist. He might face, you know, special administrative measures, which could lead to things like prolonged solitary confinement, but there was mass protests against Gary’s extradition, celebrities got involved.

I think, I think Floyd even recorded a song with Gary, I haven’t listened to it. It’s probably about aliens, to be fair. Could be like one of Bowie’s alien songs, you know, but so.

Brad: Now I’m just curious, is there a less charge or a less penalty for breaking into the military if they leave it wide open with no passwords?

Patrick: No, you just get 70 years.

Jim: And I just, for the audience listening and can’t understand Patrick’s accent, he’s not saying 17 years, he’s saying 7 0 years, 70 years, 70 years, that’s, that’s a lifetime.

Patrick: Yeah, it’s, it’s a very long death sentence is what it is. So yeah, in 2012, after seven years of legal battles, the UK Home Secretary, Theresa May, announced that MacKinnon’s extradition would be blocked, citing concerns about his mental health.

So that, that’s actually pretty unique in US UK relations who have always been close allies to get something like this blocked. And so Gary McKinnon, he was free, he is free. He should probably never, ever even think about looking toward the general direction of America. But he is free. He’s a system administrator.

He works in an SEO startup. And so, you know, we look at this story and I know it kind of sounds silly. It’s a guy looking for aliens. It sounds just kind of like a fun novel story, but his actions were highly influential, not just on government security, but security as a whole. Things like, things like employee

education, extra precautions being taken for privileged accounts, detection systems, all these things are implemented.

So much so, that Forbes put Gary in him, put Gary in the list of top 20 hackers who shaped cybersecurity landscape forever. So again, you know, look, we can look at Gary’s actions with, it’s a bit of entertainment value, but it’s, it’s important to keep in mind that if he did not carry out his search for extraterrestrial life, it’s very likely that another hacker would have come along with much more malicious intentions, reach those same US systems and could have done.

Who knows what. So, in a sense, I feel we, we also owe some debt of gratitude.

Jim: Thank you, sir. I’m sure he got a letter from the government thanking him for drawing attention to all of their deficiencies.

Patrick: Oh, yeah. I’m sure they were very gracious about it.

Jim: Imagine what they would pay today for that expertise.

Brad: I know, that’s the thing. He could consider himself a white hat hacker. Yeah. Although he did destroy the system while he was in there.

Patrick: Yeah, he probably should.

Brad: That might have, might have been a little bit of a…

Jim: If he had just left it alone, we might have been able to download those pictures. Once he got an upgrade, he could have got a 128, you know, K,

Patrick: Yeah, he could have come in a good faith, but, you know, he had to kick over the trash cans when he was there.

Jim: But how many of us have done that? You’re like, yeah. Well, I mean, I, I was just watching a, i, I was watching, I was reading a book where the villain every time left AAAA A signal where he was this like, I’ve been here, and he left a little.

I’m like, why do that? Just get outta there anonymously. Doesn’t make sense. Exactly.

Brad: I’d, I’d really like to see that spreadsheet, though. That’d be a lot of fun too. I don’t see all the yeah. Named or unnamed aliens that are, part of that.

Patrick: Yeah. I don’t know. He, he has actually, he has released a few of those names, by the way.

He did. He did download a lot of those Excel files. And when people have searched for the names, they do not show up anywhere as if they don’t exist. So make it that what you will.

Jim: But none of those names are released here on the digital Desperados podcast because Patrick’s afraid for his life.

Patrick: It’s the aliens.

Jim: Wow. you know, and in the last 12 months, honestly, I think Gary McKinnon. He’s been proven. I think he’s been exonerated a little bit a little they got video Yeah, you heard it here the internet and everything digital can have a dark side with many dark players like Gary McKinnon Or solo or the NASA hacker.

It’s why you need SaferNet by your side VPN just to keep your your where you are private and boy antivirus Web filters. Thanks so much to SaferNet for supporting our efforts to bring these stories to your ears and giving them the exposure that they need. And for your own security and the security of those you love and those you work with, check out SaferNet. com. Get secured today. It’s ridiculous if you don’t.

Till the next time, click only on the attachments that you trust and the links that you trust from those that you get emails from that you trust. And delete the rest. Clean out your trash can, reboot your computer, or you may become the next victim of a digital desperado.

 

And that, dear listeners, brings us to the end of another gripping episode of the Digital Desperados Podcast. Today, we’ve navigated through the labyrinthine saga of Gary McKinnon, Solo, who shook the world from a dial-up connection. It’s tales like these that remind us of the fragility of our online existence and the paramount importance of fortifying our digital defenses.

As we log off and unplug from this story, let’s carry with us the understanding that the internet—while a realm of infinite possibilities—is also a playground for the modern rogue. And in this playground, the best offense is a robust defense. Enter SaferNet, the Best VPN Service out there, designed to shield you from the cyber outlaws lurking in the shadows.

With SaferNet’s VPN, you’re not just browsing; you’re cloaking yourself in a mantle of invincibility that cyber threats can’t penetrate. Think of it as your personal digital guardian, standing vigilant between you and the chaotic churn of the world wide web.

So whether you’re a digital entrepreneur, a remote worker, or someone who values their online privacy, remember that securing your internet connection is not just about dodging digital desperados; it’s about ensuring peace of mind in a world that’s constantly connected.

Don’t wait until the next episode to take action. Head over to SaferNet.com and arm yourself with the Best VPN Service available. Secure your digital life and surf with confidence, knowing that SaferNet is your partner in this endless cyberspace odyssey.

Until next time, keep your passwords strong, your connections secure, and your spirits unbreakable. This has been the Digital Desperados Podcast, brought to you by SaferNet – your beacon of safety in the vast digital ocean. Stay safe, stay secure, and stay tuned.

Libsyn:

https://sites.libsyn.com/488183/episode-5-mafia-boy-a-hacker-prodigys-redemption-story

YouTube:

https://youtu.be/H1KE855u8DU

Rumble

https://rumble.com/v3y8pf4-episode-5-mafia-boy-a-hacker-prodigys-redemption-story.html

In today’s interconnected world, where digital threats lurk behind every click, the need for robust cybersecurity solutions has never been more pressing. Whether you’re a seasoned netizen or a newcomer to the digital landscape, the tales of cyber threats are as compelling as they are cautionary. That’s where we step in with our podcast, ‘Digital Desperados,’ bringing to light the harrowing stories from the digital frontier while showcasing how SaferNet VPN stands as your guard in this relentless cyber battle.

In our latest episode, we unmask the enigmatic world of hacking through the eyes of those who dare to navigate its murky waters. Join us as we delve into the dark tale of ‘Mafia Boy’ – not to instill fear, but to arm you with the knowledge that today’s cybersecurity solutions, like SaferNet VPN, are designed to shield you against such ingenuity turned rogue. It’s not just about safeguarding data; it’s about empowering you, the user, to claim your rightful place in the digital realm – secure, confident, and protected.

With SaferNet VPN, we’re not just offering a service; we’re delivering peace of mind. Our easy-to-use app is your ticket to a world where cybersecurity solutions are accessible, effective, and unfailingly vigilant. As you read through this gripping episode transcript, remember that each line echoes the importance of cybersecurity – a field where SaferNet is your stalwart ally.

So, buckle up and prepare to be both entertained and educated. Our digital desperados await to take you through the shadowy paths of the internet, all the while reminding you of the bright beacon of security that is SaferNet VPN.

Jim: Welcome to the Digital Desperados Podcast featuring Dark Tales from the Web. Patrick McMurphy is here today, once again, to tell us our dark tale. He’s joined by Brad Hawkins, founder and CEO of SaferNet VPN, and I’m Jim Brangenberg, and I’ll serve as your story guide. And this podcast is, of course, brought to you by SaferNet VPN.

Someone’s always watching. How else would they know how to advertise on the side of your screen for stuff you’ve just talked about in the living room? Stay safe in your Family room, stay safe in your business with SaferNet VPN. Our easy to use cyber security app keeps businesses and families protected.

They got VPN with internet controls and virus protection and 84 web web filters for distraction free. Online environment get secured now sign up at SaferNet. com. That’s SaferNet. com Okay, patrick, who do you have for us today? What dark tale are you bestowing upon us today?

Patrick: Well today I shall bestow on the the dark tale of michael calshay aka mafia boy And so michael’s actually a first for us because we know about michael’s childhood He’s that he wasn’t born in darkness like the rest of them.

So michael is from canada And his parents were separated, and so he would spend every second week with his father. And now when he spent those weeks with his father, his father was always very busy with work. And so he kept Michael occupied with Rubik’s Cubes, Lego, problem solving toys. Immediately as a kid, he was into problem solving and just logic problems.

But at the same time, you know, he felt isolated from his friends back in his mother’s neighborhood and things like this. So his father would eventually purchase his own computer for him at the age of six. And Michael was obsessed with this computer and at the age of six, he was reading coding books and hardware books.

So straight out the gate, right? We see this kid who’s extraordinarily gifted. The guy is probably a better coding at six. Then I am at like 30, 30 something, you know, so Michael had a 30 day trial for AOL. And I don’t know if you guys remember when AOL had these 30 day trials and you, you would have to basically pay with a credit card if you want to extend it.

But, you know, at an early age, I mean, they don’t give kids credit cards, is what I’m trying to say here. And so Michael finds this program called AOL, right? And I won’t get too deep into this, but what AOL was, was that it was a scripting tool that would allow you to basically perform different acts on a, on a AOL that you shouldn’t have been able to do.

For example, it allowed him to appear as an admin in the AOL chat rooms.

Brad: And so this is him at six years old?

Patrick: He’s actually nine at this point. So he started on in the years, you know, nine years old with his first scripting tool. And so what Michael discovers at age of nine with AOL, AOL is that he discovers social engineering.

And so because Michael is only ever able to find 30 day trials from magazines and things, he actually social engineers the other users. On AOL chat, he appears as an admin and gets their login details and then just takes their accounts off them so he can keep going back online the whole time. He said in later interviews that this, what he was doing here, that was the beginning of the rabbit hole for him.

Jim: And so Michael eventually That reference, of course, to Alice in Wonderland. For those of you that are listening to this who have not watched that, that incredibly twisted tale or read it either. Yeah, the rabbit hole. Sucked in.

Patrick: Absolutely. And so Michael finds IRC, which is Internet Relay Chat, which was very, very popular back in the day, back in the nineties especially.

And IRC is really just a collection of chat rooms. It’s easiest way to explain it. And so Michael was an avid gamer, but he couldn’t afford to buy games. So I mean, he was at maybe about 10 or 11 at this point, but he did find an IIRC channel that’s distributing pirate at games. And there was a hacking channel, a hacking group running this channel, and they were recruiting.

And so Michael applied, and the hackers being, you know, sound, moral sense, they told him that he’s too young to become a hacker. And, so, Michael takes

Jim: So it’s good to know, Brad, that the hackers have some moral compass, and you gotta be older in order to steal from people.

Patrick: Yeah, exactly. If you can buy cigarettes, then you can hack someone. If you can’t buy cigarettes, you’re too young.

Brad: Good to know.

Patrick: And so Michael kind of takes a bit, takes it as a bit of a challenge. And so the first thing he does, he hacks into a game developer’s website and basically starts stealing the game files and distributing them. And so the hacking group are like, okay, this kid’s onto something. Let’s recruit him.

And so Michael and his group begin just hacking anything they can, they’re stealing more games they’re breaking into university networks, any early business websites that are around. Michael described this period as he felt like hacking was intoxicating him. Anytime he breached the network, he said it was like a drug.

And so, Michael eventually turns age 13. So, we’re still in the formative years here. But Michael has, has built up this just, Very good reputation as this wonder kid, basically, he’s this wonder kid who can hack anything. And so, he gets recruited by a group called TNT. Who are known as being one of the most elite hacking groups in that circle at the time.

This is when DDoS attacks become popular around those years. And that is when you basically take a ton of different computers, or just kind of network connections, and target one server all at the same time. You overwhelm the target on it’s taken. It’s basically taken offline.

Brad: So, so, so if, if, if I was to look at that as a as understand what that is, is a DDS attack is for the purpose of putting a website down.

It’s taking, taking it out of its game, right? So if somebody wanted to attack a company, they could do a DDS attack against the company and just make it so that that. Website is obsolete. Is that? Yeah.

Jim: And why would they do that? Why do you want to take somebody’s website down? What’s the advantage?

Patrick: Why, why do people spray graffiti on the walls of cities?

Jim: Because it’s pretty. I mean, graffiti can be pretty. But why do you take so little?

Patrick: It’s, it’s, it’s a statement for these guys. I think it is that kind of just saying because, because they can.

Brad: And that’s kind of been his M. O. all along, is he just gets excited about the fact that he has the power to go and steal the gaming…

Code or or he has the power. He’s he can go back to his dad and say look what I did. No, I’m just kidding.

Jim: Mafia boy finally gets leg hair and he’s all of a sudden, you know a premier hacker. I love that You know, you know, so what you know, what if you have one place to monitor? All the activity of everyone in your business.

I just, that’s incredible. Protect your business and your family with SaferNet, simple cybersecurity, an app that helps shield your online presence with VPN, internet controls, virus protection, and website filters. And stay focused on what you’re supposed to be focused on at work and transform your workplace by making sure that everybody knows, you know, where everybody’s going.

And you can make sure that people are staying safe on the internet. You just gotta, and to be able to be able to see every one of your computers in your, on your network. And see where they’re going and see the activity. Make sure somebody’s not reading a newspaper while they’re supposed to be working. Do people even read newspapers anymore? I don’t know. Get secured. Now go to SaferNet. com. That’s SaferNet. com.

Okay. So we finally have this kid who’s getting a leg hair, maybe some armpit hair. That’s what I was thinking, actually. And he’s part of TNT, a hacking group.

Patrick: Exactly. And now just for kind of some time control context here, this is. Around the year 2000. It is the year 2000. So it’s the height of the e commerce boom. E commerce stocks are trading high. And so, Mafia Boy, within TNT, establishes these teams, little departments, to write their own DDoS scripts. And he has plans for a project, and he calls this project Revolta, which means revolution in Italian.

And so, Revolta is to last over 8 days, and it is… The plan of Revolta is just to be this DDoS storm across the e commerce internet. The first target would be Yahoo. And so what Michael did, what Mafia Boy did I should say, is that when he went to school, he left all these DDoS tools running. And so while this guy is

doing calculus, his computers back home are targeting e commerce as the world knows it then.

So, over the following 8 days, Revolta takes down eBay, CNN, Amazon, Dell, Yahoo, and a number of other websites, and then it causes 1. 7 billion dollars worth of damage. I don’t know what that is adjusted for inflation, but

Jim: in today’s world, it’s at least 50 percent more than that. But okay. So he took down these sites and so where does the 1. 7, are they saying in lost sales? Are they saying this, how much it costs them to rebuild everything? Where, where, where does this damage has come from?

Patrick: I think it’s a mix of both, Jim. Yeah, there’s definitely the, the, the last cost there but there is actually rebuilding. Things like servers and getting people in to fix servers, because there was really no DDoS protection back then so, you know, you’re getting engineers getting the call at 2 in the morning, hey, your website’s gone, you know, so.

Yeah, there, there’s both the hardware, there’s the labor cost, and there’s the lost cost of e-commerce itself.

Jim: Well, and back then Amazon just sold books, so it wasn’t so bad. But , I mean, but what’s funny is, so you’re saying that was 2000, so that was AY two K, you know, that was when the, the world was gonna come to an end on computers, and he obviously figured out it wasn’t gonna bother them, so they just kept going.

Patrick: Yeah, exactly. and. Clinton, the president Clinton at the time even addressed the attacks in the address. So it made headlines. And so the FBI were using a number of different tactics. They’d plant in IRC rooms, for example. They were trying to get in with TNT. There was 16 different task forces to track down Mafia Boy.

Who’s at this point still like 13, 14 years old. They had assistance from the Mounties in Canada as well. They eventually caught him for something that would embarrass most hackers and that’s reusing a username across multiple sources. So he had mafia boy on like one of his old AOL accounts or something, you know, so they could trace him immediately.

Brad: Well, what’s a 14 year old kid know about? Hi, exactly. Yeah.

Patrick: There was 50 charges brought against him, and he pleaded guilty to all of them. So, the Montreal Youth Court sentenced him actually on September 12th, 2001. Eight months of open custody, one years of probation, restricted use of the internet, and a small fine.

Now the 1. 7 billion dollars I mentioned a while ago, that actually wasn’t known at the time. At the time of the sentencing, they thought it was 7. 5 million, but they just didn’t know the actual extent of the damage yet. Now, a lot happened. Around this time after, after Mafia Boy got arrested. So there was a hearing before members of the United States Congress.

There was a computer expert by the name of Winn Sharto, and he had said government and commercial computer systems are so poorly protected today that essentially can be considered defenseless. An electronic Pearl Harbor waiting to happen. And former CIA agent Craig Quint goes on to credit Mafia Boy for the significant increase in online security that took place between, we’ll say, 2001 and 2011.

Brad: And so, So if I understand it correctly, he, his, his role or his, his objective was just to be known. He wasn’t trying to make money somewhere. He wasn’t trying to steal. He wasn’t, he wasn’t trying to do anything other than shut down or access.

Patrick: Yeah, which to me actually makes him more dangerous because he doesn’t have a financial motivation.

He just does it for, you know, like that Batman line. Some men just want to see, watch the world burn, you know?

Jim: So, so after he gets convicted, have we ever heard from him? I know you got more stuff you want to tell me, but have we ever heard from him again?

Patrick: Yeah, we have quite a bit. So Michael’s actually out and about now and he’s become a spokesperson and consultant for cyber security, and he works as a freelance white hat hacker.

So you can hire Michael Kalshay, Mafia Boy, today to get him to break your system and see if it’s secure. He did release a book a few years ago called Mafia Boy, How I Cracked the Internet and Why It’s Still Broken.

Brad: So, so explain White Hat Hacker. I think that’s fascinating and highly intriguing.

Patrick: It is.

So, most White Hat Hackers are actually a bit like Mafia Boy. They’re hackers who get arrested and then serve their time and get rehabilitated. And so what a White Hat Hacker will do is that they sell their services. A company will employ a White Hat Hacker. The test to see if their security good, good enough.

So what Masi boy will do now, he’ll hack into your company’s website, and if he can get in, he’ll give you a list of recommendations. He’ll tell you how he got in, and then he’ll give you recommendations on how to secure your systems, and then he’ll keep trying until you’re 100 percent secure.

Brad: Yeah, I, I just, I just love that.

You know, these hackers will change their hat and go from black to white. And yeah, we’ve, we’ve done that. We’ve, we’ve had a group of six white hats that have just beat the tar out of, of our, our product. And then, and then checked it out, made sure that we’re, we’re operating the way that it should operate and, and they’re thrilled, but every once in a while they’ll come in and do their best to, to destroy things and reveal holes.

Jim: So what you’re saying, SaferNet has been tried and tested by some of the best trying to destroy you. That’s how you make it better.

Brad: Well, they I, I believe they’re some of the best, although they did get caught. So, but but they, they were very, very good and, and they’ve done a tremendous job for us.

Jim: So, yes, maybe you should look up this mafia boy. All right, Patrick, but, but since SaferNet is, I mean, you just gave a great plug, Brad for SaferNet. You understood this and you made sure that you’re brought in people like mafia boy. to check out SaferNet to make sure that it is as solid as you say it is, because you want to have a product that is reputable and it’s fantastic. SaferNet. com. Check it out. Okay. Patrick finishes up.

Patrick: Yeah. And so, you know, I’ve skimmed through his book. I’ve looked at interviews with him. He has a lot to say about the current state of the internet. He really emphasizes that security, not only is it still sketchy, he actually thinks it’s worse. And one of the reasons he thinks it’s worse is because programs, websites, apps, everything have become more complex and have more lines of code.

Increasing complexity means there’s more mistakes that can appear. There’s more doorways into a system. He feels that the market, the software market nowadays only cares about getting things released as soon as possible. They’re developed quickly, they’re not structurally sound. He calls the current internet a hacker’s paradise.

He believes everybody’s a target. And he feels that phishing is the natural successor to what he did with social engineering on AOL. You know, getting the accountant of, accountant of a big company to click a link, etc. He’s also warned a lot about public Wi Fi. And he said the real exploit is the human being.

And just to kind of finish it off, he said what the reason why people don’t consider digital security versus physical security, you know, if you get mugged on the street, you feel that it’s a physical act. If someone’s hacking your computer, you don’t feel it. So mentally, you don’t equate it to, you know, you’re actually getting robbed or that it’s a crime.

Yeah, there we go. So Mafia Boy, the exploit is the human being.

Jim: You may not feel it physically, but I have known friends who have been robbed on the internet by hackers and they feel it and it’s, it’s, they feel violated. It’s very similar to the feeling of being mugged on the streets of New York City or any of those other great cities where they don’t support crime anymore, or they do support crime, they don’t support justice anymore. Brad Mafia boy, can we stop him today? We’re SaferNet?

Brad: Absolutely. Absolutely. And that’s the thing is that a lot of these guys, you know, we, we study and we learn about, we understand, you know, their, their whole drive or mission is to be able to do something that will give them a name.

And and I think it’s obvious. I think if Mafia boy wouldn’t have gotten caught, he probably would have ended up in the place of saying, Okay, you know, I’ve got enough a name. Now I got to start making some money. And then he starts stealing or doing whatever. But the the intent is to be able to access and then start capitalizing on that.

And somehow he got caught before that, which is Fantastic. But I, I gotta say, I think there’s a ton of mafia boys out there. I think there’s tons of them just hacking into people’s computers networks of businesses and, and truthfully, a

lot of businesses will do their best to hide it because they don’t want to reveal the fact that they’ve been exposed.

They don’t want to put themselves into a vulnerable spot. I think that’s where most small businesses need to pay close attention to what it is that’s going on. Most businesses will go out of business after they’re a, a major hack and that’s, that’s pretty scary.

Jim: Yeah, it is scary. You heard it here. The internet and everything digital can have a dark side with many dark players like mafia boy.

It’s why you need SaferNet buyer side, VPN, antivirus, you know, it’s. Website filters. It’s just got it all. Thanks to SaferNet for supporting our efforts to bring these stories to your ears and giving them Exposure the exposure that they need Please for your own security the security of those you love and those you work with check out SaferNet.

com That’s SaferNet. com and get secured today till the next time Click only on the attachments and the links that you trust from those you trust and delete the rest Or you may become the next victim of a digital desperado.

As our digital odyssey draws to a close and the echoes of Mafia Boy’s story fade, we’re left with a profound understanding of the virtual battleground we navigate daily. It’s clear that the tales from the digital underbelly serve as a stark reminder of our vulnerabilities online. But fear not, for every story of cyber chaos is also a testament to the power of proactive defense with cutting-edge cybersecurity solutions.

SaferNet VPN emerges as the unsung hero in this narrative, offering more than just a shield—it is a fortress for the digital soul, steadfast against the onslaught of cyber threats. By embracing such robust cybersecurity solutions, we can each become digital warriors in our own right, equipped to protect not just our data, but our peace of mind.

Remember, the realm of cybersecurity is ever-evolving, and staying ahead means choosing solutions that evolve with it. SaferNet VPN is dedicated to ensuring that your digital journey is secure, seamless, and safe from the prowling eyes of the modern-day desperados.

So as you step back into the boundless realms of the internet, carry with you the insights from today’s tale and let SaferNet VPN be your guide and guardian. For it is not just a tool, but a companion in the vast, often wild digital landscape. Explore with confidence, secure in the knowledge that you have the best of cybersecurity solutions at your service.

Until next time, stay vigilant, stay informed, and stay secure with SaferNet VPN—where your cybersecurity is our highest mission.

Libsyn: https://sites.libsyn.com/488183/episode-4-game-over-zeus-slaviks-cybercrime-dark-tale

YouTube: https://youtu.be/RbBthjIFMc0

Rumble: https://rumble.com/v3vrdag-episode-4-game-over-zeus-slaviks-cybercrime-dark-tale.html

In today’s hyper-connected world, where threats lurk in every corner of the digital space, safeguarding your online presence is not just a choice but a necessity. Enter the realm of Affordable VPN Services—your digital shield against the onslaught of cyber threats. And when it comes to protecting your data without breaking the bank, SaferNet VPN stands out as the paragon of both security and economy.

Imagine you’re settling in for another episode of “Digital Desperados,” ready to dive into the chilling realities of cybercrime. But before we unravel the dark tales from the web, let’s talk about how SaferNet VPN fortifies your online safety without imposing hefty costs. With SaferNet, you’re not just purchasing a VPN; you’re investing in peace of mind for your business and family. Affordable VPN Services are no longer a thing of the past, but a practical reality with SaferNet, where comprehensive cybersecurity meets user-friendly budgets.

Whether you’re a small business owner stretching every dollar, a family safeguarding their online activities, or a remote employee fortifying their digital workspace, SaferNet’s VPN service offers a cost-effective solution to your cybersecurity woes. No need to compromise on quality when you can have top-tier protection at a price that respects your finances.

Now, let’s gear up to explore the eerie pathways of the internet with our hosts, where the stakes are high, and the dangers are real. But remember, with SaferNet’s Affordable VPN Services, you’re never alone in the fight against cybercrime.

JIm: Welcome to the Digital Desperados podcast featuring Dark Tales from the Web. Patrick McMurphy is here today to tell us our dark tales. He’s joined today by Brad Hawkins, founder and CEO of SaferNet VPN.

I’m Jim Brangenberg, and I’ll serve as your story guide. And remember, this podcast is brought to you by SaferNet VPN. Every time you go online, your heart and soul are under attack. Secure your mission field with the safer net VPN, whatever that mission field may look like simplified cyber security for I’m going to stop for a second.

I didn’t mean to have that mission field line in there. Sorry. I forgot about that. We’re going to start over the show again in five. I’m allowed to make one mistake a year. There you go. That’s my mistake. Here we go. And five, four, three, two, one. Welcome to the Digital Desperados Podcast featuring Dark Tales from the Web.

Patrick McMurphy is here today to tell us our dark tale. He’s joined by Brad Hawkins, founder and CEO of SaferNet. VPN. I’m Jim Brangenberg and I’ll serve as your story guide. This podcast is brought to you by SaferNet, online at safernet. com. You know, every time you go online, your heart and soul are under attack.

Simplified cybersecurity for businesses and families is available. That’s safer net VPN. Explore VPN Internet controls and virus protection in one app. Keep distractions at bay with 84 website filters. Stay safe and productive. Get secured now. Sign [email protected]. That’s safer net.com. So Patrick, what Dark Tale you telling us today?

Patrick: Well, today, Jim, I want to talk about a man called Evgeny Mikhailovich Bogachev, also known as Slavik. I cannot believe I got his name pronounced correctly on the first try there, but, like we would know?

JIm: Like we would know.

Patrick: That was awesome. I could have just said anything, actually. Yeah, I’ll keep that in mind for the next Russian we find.

So, Slavik, also known as Slavik. So, Slavik is really known in history as the botnet mastermind, so… David Hickton, who’s a former US attorney in

Pittsburgh, calls Slavik the most prophilic, most dangerous, and most notorious cybercriminal in history. So, Slavik is born in Russia. More than likely, he was born in a town called Anapa, which he currently resides in.

Anapa is a tourist town on the Black Sea. If you ever Google photos of it, it’s a gorgeous place. Now Slavik’s early life and even his early hacking career are really a mystery. His name first shows up in around 2010. The name was pretty big in hacking circles. He was running a modified version of the Zeus Banking Trojan.

Now you might remember Zeus from our first episode where we covered Yakubets, aka Aqua. The Zeus Banking Trojan was just the big name in banking malware at the time. Now in 2010 he actually announced he was retiring. Hackers will do this every so often. They say they’re retiring. What they really mean is that I’m, I’m getting too much heat, I’m going underground, and I’m probably going to be back in a year’s time with something better.

And lo and behold, 2011, Slavik shows back up in the scene with now, he has developed a more advanced and modified version of Zeus called Game Over Zeus, also just known as GOZ, G O Z. So, with Slavik coming back into work, he also brought with him a new hacking group called Business Club. And the Business Club were the, really the most high profile hackers at the time as members.

And so Slavik and this Business Club were about to wreak havoc with GOZ. But before we talk about what they did with GOZ, let’s, let’s talk about what GOZ can do. Alright, let’s, let’s do that. Yeah. Absolutely. So GoZ first infects a computer through phishing. We’ve talked about phishing again and again.

It’s just, it is so common. It is one of the best attack factors. The spam link is sent to a bogus website.

Brad: Patrick, Patrick, can you, can you just, I know, I know we’ve talked about it before, but just for anybody that’s listening, that’s brand new, just give a quick little definition or, or explanation of phishing.

Patrick: Yeah. So you get an email normally with some sense of urgency to us. Then, oh, you know, you need to click here, you need to pay a bill, or I don’t know, you have some outstanding charge, or something like that, some kind of, it gives the user some sense of urgency, and they click on the link, and usually…

Brad: I’ve gotten those before, and it’s amazing, because it looks just like a bill that I would have. That’s what amazes me. I mean, it’s, it’s… They, they do a little bit of homework to figure out how to make that work. So anyway,

JIm: I think the old reference behind phishing is that they get them hook, line, and sinker.

Patrick: That is it. That is it.

And so through these phishing links he sends he did something called driveway downloads. And that’s simply where if you click on that link and the browser loads the page, the file is actually directly loaded onto your computer. And so GoZ’s was basically deploying malware. Being deployed by these phishing links and drive, drive by downloads.

Now, unlike its predecessor, unlike ordinary Zeus, what GOZ did, it used a decentralized peer to peer system. And so what that really means is that GOZ is not being controlled from one place. It’s being controlled from several places at once. And then this makes it very resilient against takedown efforts.

And so when GOZ is deployed on a machine, it’s most simple function is to deploy Cryptolocker ransomware. And so ransomware, I’m sure you guys know, is when your computer effectively just locks up entirely and it says you have to send Bitcoin to this address and we’ll give you a decryption key. Now if this happened to you and you’re on an old computer, your best bet is just to toss the computer out the window.

If this happens to a business, you need those files. And a lot of times you’re in trouble. Yeah. And the particular brand that they use, Cryptolocker, that was the most advanced. Ransomware at that time.

JIm: So, so is this a, when, when the Zeus guys or the game over Zeus guys or the guys guys are then working with the Cryptolocker guys, is this like, you know, mass syndicate, is this like the mob of the internet?

They’re all working together to tear people apart. Or, I mean, Do they have to pay in CryptoLocker in order to be able to, you know, be able to use it?

Patrick: That’s exactly it. So what’s happening is that GoZ is going to the CryptoLocker distributors, buying licensing off them, and then getting their own branded version of CryptoLocker.

So when you get infected with CryptoLocker from GoZ, The guys guys are getting paid, but then in turn, they’re giving maybe 10 percent of the court to the guys who developed CryptoLocker in the first place.

JIm: So, so guys becomes an affiliate marketer for CryptoLocker and they’re, and they’re paying those franchise fee.

Brad: So, so basically they send out an email, that email gets clicked on and it looks like a legitimate bill, a legitimate some kind of an email, somebody in a business or, or at home or whatever it is, you click on it, see what it is. It downloads a software onto that, that device or possibly even that network.

And, and now they have control over turning allowing accessor. We’re not allowing access to that entire network or that computer. And then they can say, Hey, send out, you need to send me X dollars or X crypto or, or whatever it is, and I’ll release it. So, yeah, and, and it’s a simple, I mean, but, and, and, and nobody can hack it because they’re decentralized, meaning that they’ve got access to it from multiple different locations.

So they might shut down one, but they’re not going to get all of them. Am I understanding that correctly?

Patrick: Yep. Yep. That’s a hundred percent. The only thing is that this CryptoLocker, that was actually just the basic functionality of Guzz. That was just the smallest thing it can do. GoZ’s had a lot more, had a lot more.

JIm: How much worse can it be? Every, every law, every file on your entire computer locked up and you can’t do anything. You know, what’s incredible to me is the cyber criminals are trying to get into our computers all the time. We’ve got we’ve. Got to step in front of this. We’ve got to protect our businesses, our families with SaferNet.

Cybersecurity made simple for businesses and families. We got to enjoy the VPN within SaferNet, the internet controls, the virus protection, and the 84 web filters. that are for a focused online experience. That’s some of the safer net brings to the table. Your safety is our priority here at safer net gets secured.

Now sign up as safer net. com. That’s safer net. com. I did it for all of our business locations, our family locations. It has made such a huge difference. The other day I was traveling and I signed onto the hotel wifi and I wasn’t worried because I had safer net on my computer in this instance, this instance, Brad Hawkins, when.

The cyber criminals are trying to get me to click on some link that’s going to take me to some bad place is safer net going to help me?

Brad: Oh, absolutely. And that’s what that’s what’s so exciting about it is that you know, I was describing earlier about getting a phishing email. I have been tricked. Now I’m watching for this all the time, but I’ve been tricked and I have an electric company and I got an email from the electric company.

And I thought, I wonder what that is. And I click on it and safer net pops up and says, I don’t think you want to do this. And it just stopped me dead in my tracks. And I just had to laugh at myself thinking I was tricked. But yes, we will we have the ability to be able to stop those phishing attacks that are so surprising.

And they’re so stinking good at being able to fool you.

JIm: Is there a way to actually add the voice to that warning? Cause when I, I’ve gotten that warning a couple of times. Can it be, can we actually get the voice? Can you program it in there? I don’t think you want to do this.

Brad: Wouldn’t that be nice?

JIm: I’d be willing to record the voice if that’s what you want. I mean, I don’t think you want to do that.

All right. All right, Patrick. Let’s go back and let’s, so. They’ve got this beautiful partnership. International partnership with CryptoLocker. That’s just fantastic and not concerning at all.

Patrick: We haven’t even scratched the surface here on GOZ guys. So another thing GOZ could do was that it could spy, if it decided not to infect you with CryptoLocker, it would just spy on your computer activity, looking to steal banking credentials, which you might remember as one of the original Zeus’s main functions.

It did use a tiered system for tests. So this meant that smaller amounts were automatically siphoned off. It would just scan for banking details. automatically take money out. But for larger accounts, especially for businesses, this is where Slavic would get hands on with the approach and just to maximize the amount stolen.

And the glue that held all of this together with GoZ was that any device that was added to GoZ, whether it was being spied on or was used as it was crypto

lockered, it would be added to Slavic’s personal botnest network. So he, the users had no idea that this was occurring when they were added to a botnest.

It was the largest botnet of its time, with over 1 million computers infected. And so what Slavik did is that he would use his botnet to conduct DDOS attacks, basically as either a distraction during a theft or retaliation if he knew, you know, certain law enforcement agencies were looking at him. He would just take down all of their online resources in a couple of seconds.

Brad: So, so, Patrick, what do you mean by a botnet, his personal botnet network?

Patrick: So, what a botnet is, is, let’s say a computer is infected with a bot, something that would add it to a botnet. A botnet is simply just a network, a joint linked network of computers, all under the control of one master system. Often the person, the person, if a person has a device in a botnet, they’re not aware of it.

They just might seem like they have a slower connection or something like that. But the master system can then use all of all of the computers at once. So for example, if I had a million computers in my botnet and I targeted one web address and said, every all systems hit this web address at the same time, it’s gonna bring down the whole website.

So you can use that as a, as a weapon to take down really any organization that you have the web address for.

Brad: But he’s basically connecting all of the computers that he’s attacked. He’s connecting them all together to use the, the congruent. Group of computer technology to be able to use it as a weapon against, say, for example, NASA or, or government or whatever it is, it has that computer power to be able to attack.

Is that, is that, am I understanding that correct? Yeah, that is exactly it.

JIm: And you may not know you’re one of those part of the bot network until the FBI shows up at your front door and going, Hey, what are you doing? We checked your IP address. It’s coming from your house. And you’re like, what are you talking about?

Patrick: Exactly. And so during these early years, during the early 2010s, I should say guys stole over a hundred million dollars just in the U S and Dave Hickman, that attorney I was talking about was. that they actually stopped

counting at a hundred million and to quote him he says I really think the answer is he stole as much as you can count so this guy was just making bank with GoZ And him in the business club.

You can see why they’re called the business club now. They’re, you know, they know what they’re doing.

Brad: Well, they’ve connected all the business computers together into one. Exactly. Yeah.

Patrick: Better than any better, better than any system administrator I know, you know.

So the feds in the U. S. were doing, obviously, look, everything to stop them. They recruited anyone who could help, most notably Microsoft. And what Microsoft did here was they created honey pot computers. So they would intentionally get infected by GoZ. become a part of the botnet and then try to track the data and traffic within that botnet.

So they were effectively trying to reverse engineer the botnet while being inside it. They had no idea they, they knew who the business club was. They had no idea who Slavic was. They know, like, they didn’t know who the leader was. The feds also made another mistake, which we’ve, we’ve, which we’ve come across here before, which is that they made the mistake of asking Russia for help.

And so. Yeah, we, we see this time and time again. So Russia. immediately knew it was Slavic, went to Slavic, didn’t tell the U. S. and then recruited Slavic.

Brad: Well, how many times has Russia done that? I mean, that’s like the theme.

Patrick: Yeah, you don’t need to be a recruiter for them. They will find you if they need you and give you a job.

Brad: So we, we gave him a promotion.

Patrick: Yeah, exactly. Like he needed it. Yeah. And so an anonymous tip eventually made its way to the U. S. authorities. That informed the feds about tracking certain emails, which helped the feds identify Slavik as being the one in charge of the business club, even though it didn’t make a huge difference at this point.

And so they’re looking through Slavik’s kind of digital records. They found search queries from him about they were, he was trying to find information to compromise certain, compromise FBI agents. So this guy was deeply embedded in industrial espionage, or not industrial espionage, just espionage in general at this point.

So, the, basically the feds, Microsoft, a few other companies, including FireEye and Fox, it were able to track down most of the GoZ command servers so they could actually stop the botnet. Because of the, the original Microsoft 20 pots, you know, I told you it was decentralized. They found every network that was part, that was a kind of leader in that decentralized network and then caught them.

At the time. They also engineered something called decrypt CryptoLocker, which. If you had CryptoLocker infected on your computer, you could ask this company for their software and that would then release CryptoLocker from your computer. So they really took down Goz, or at least they thought they did because five weeks later, something emerged called New Goz.

And so, just to put this into perspective, today, New Goz still makes up 28 percent of all banking malware. And this is like, this is 10 years ago. Now it is, it is, that number falls frequently because there’s just newer malware coming out all the time. Now, and back to Slavik, Slavik, he’s working for, he’s still working for the Russians.

He’s shadowy, but the guy posts to social media non stop. You can actually find them online. He always, he’s showing off his huge apartment. He has a yacht. He goes on these luxury trips with his pet bobcat. And he’s always dressing in like leopard print with like, you know, huge chains and stuff.

Yeah, he’s still at large. The FBI have a 3 million bounty on his head, but he’s protected by the Russians. So, not much anyone can do.

Brad: He’s never been caught.

Patrick: No, no, he got the money and he’s living the life with his Bobcat now.

Brad: But he’s still doing his work under the protection of the Russians.

Patrick: Exactly, yes.

I’m still using New Cause. I’m sure he’s working on a new New Cause as well at the same time.

JIm: What motivation does he have though? If you took in a hundred million dollars in a year, why do you keep working? That’s what I’m trying to figure out. What keeps these guys going? Is it just, what do you think it is, Patrick?

Patrick: It’s got to be the thrill. And we’re going to see this with a later guy as well in the next episode. I think it’s the thrill and the intoxication of it. I mean, it’s the same, you know, it’s the same if you look at, we’ll say, I The big fighters like Conor McGregor, right? Conor McGregor could have retired about seven years ago and being a multimillionaire, but he keeps going back to the ring.

He doesn’t need to fight and he’s often losing, but he doesn’t need the money, but he’s going back probably for that thrill, you know, of that fight of being, you know, the guy who could, you know, annoy the FBI or something.

Brad: So, and I think sometimes it’s, it’s the fact that they can, I mean, it’s like, it’s like, you know, I, I can outsmart it.

And I know with the maybe younger. Hacker guys that, you know, they want to be able to do something big that hits the news so that they can just tell their, they may not even make any money on it, but they just want to be able to tell their buddies, Hey, man, that was me that I did that. Yeah, no, it’s just that, you know, that, that feed that you get to say, gosh, I just got to go to the next level.

Patrick: Yeah, exactly. That’s what it is. It’s a, it’s yeah. And they’re chasing that the whole time, I think.

JIm: Unbelievable. Just remember, you heard it here on the Digital Desperados podcast. And before we close out, you know, it’s just, it’s It’s just great to have an app controlling phone internet time. But how do you control time and access on your computer or tablet to for your family, for the people in your business?

SaferNet, that’s the answer. SaferNet can get it done. It’s SaferNet, it’s your shield against online threats. And it’s simplified cybersecurity for businesses and families. It just makes it so easy. Explore a VPN from SaferNet, which includes internet controls and virus protection and 84 website filters to secure your.

business place, your family place. Get secured now. Safer net. com. That’s safer net. com. The internet and everything digital definitely has a dark side with

many dark players, Slavic being one of them. It’s why you need safer net by your side. Don’t forget that. And for your own security and security, those you’d love and those you work with check out safer net.

dot com and get secured today. Till the next time, click only on the attachments or the links that you trust from those you trust and delete the rest and then empty your deleted or you may become the next victim of a digital desperado.

 

As we conclude another gripping episode of “Digital Desperados,” where the cyber threats are as real as they get, it’s time to take stock of our digital defenses. While the online world may be riddled with digital desperados lurking in the shadows, there’s a beacon of hope for the budget-conscious among us. SaferNet VPN’s Affordable VPN Services remind us that robust cybersecurity doesn’t have to come with an exorbitant price tag.

Today, we delved into the murky waters of internet crime, dissected the mechanics of malicious botnets, and learned about the cyber rogues of our era. But beyond the cautionary tales and the dark allure of cyber villainy, lies the empowering reality that SaferNet VPN is here to fortify your digital life. And it does so without demanding a treasure chest in return.

As you log off and step away from the podcast’s echoes, don’t leave your online safety to chance. Consider SaferNet’s Affordable VPN Services—a smart financial move and a strategic shield against the cyber onslaught. Whether it’s securing your business transactions, keeping your family’s online experiences safe, or ensuring your remote work is a fortress, SaferNet VPN is your steadfast ally.

Remember, in the fight against cybercrime, vigilance is paramount, but so is accessibility. SaferNet VPN is proud to provide that balance, wrapping top-notch security in a package that respects your budget.

Until our next digital adventure, stay safe, stay savvy, and stay secured with SaferNet VPN, where affordability meets security.

Libsyn:https://sites.libsyn.com/488183/episode-3-the-thrill-of-cybercrime-alberto-gonzalezs-digital-desperado-story

YouTube:https://youtu.be/HeM_pxPeFvw

Rumble: https://rumble.com/v3qg3em-episode-3-the-thrill-of-cybercrime-alberto-gonzalezs-digital-desperado-stor.html

Welcome to the digital frontier, where the line between security and vulnerability can be as thin as a misplaced click or an unsecured connection. For the savvy entrepreneurs and the diligent dreamers running the backbone of our economy—small businesses—navigating this landscape is not just about staying connected; it’s about staying protected. Enter the world of VPN for Small Businesses, a realm where SaferNet becomes your trusted shield, your silent guardian in the ceaseless battle against cyber threats.

In this week’s podcast, we dive deep into the chilling narratives that unfold in the darker corners of the web, tales that underscore the critical importance of cybersecurity. As small business owners, you’re not just managing operations; you’re safeguarding livelihoods, protecting dreams, and preserving legacies. That’s where a robust VPN service like SaferNet steps in—transforming your cyber defense from an afterthought into a fortress.

Our story today isn’t just a cautionary tale; it’s a wake-up call. We’re showcasing the pivotal role that a dedicated VPN for Small Businesses plays in fortifying your digital domain against the ever-evolving threats that lurk behind every byte and pixel. So, pull up a chair, plug in, and let’s explore how SaferNet VPN isn’t just a tool but an ally for businesses refusing to be the next cautionary headline.

Stay tuned as we unravel a ‘Digital Desperado’s’ journey—a reminder that no business is too small for big security with SaferNet VPN.

Intro: This episode of the Digital Desperados podcast is brought to you by SaferNet VPN, found online at SaferNet. com.

Jim Brangenberg: Hey, welcome to the Digital Desperados podcast featuring Dark Tales from the Web. Patrick McMurphy is here today to tell us our dark tale. I’m Jim Brangenberg, and I’ll serve as your story guide, and of course we got Brad Hawkins here with us from SaferNet to tell us how they can save the day in many and most situations, SaferNet. com. In fact, here’s a commercial. It is highlighting what SaferNet can do for you.

Intro: If it’s easy to use, you will use it. What if you had one place to monitor all the internet activity of everyone in your family? Attention iWork4Him listeners! Safeguard your business and family with SaferNet VPN. We deliver top notch cybersecurity with a user friendly approach.

Protect sensitive data with a virtual private network and shield loved ones from harmful content with 84 internet filters. Choose SaferNet VPN for peace of mind. Get secured now. Sign up at SaferNet. com. That’s SaferNet. com.

Jim Brangenberg: All right, Patrick, which dark tale are you telling us about today?

Patrick McMurphy: Yeah, so today I want to talk about Alberto Gonzalez.

He was the mastermind behind several major credit card heists. And now Alberto was born in 1981. He grew up in Miami. One of the worst things about Miami is that they beat Broncos 70 20 last night, but that’s the last we’ll talk about that because it’s an awful memory and I never want to revisit it. So alberto,

Jim Brangenberg: and it couldn’t be any more embarrassing than having Miami beat your team any time because Miami really hasn’t been very good for a long time and for them to beat your team, it is humiliating.

Patrick McMurphy: I agree. It’s awful. And my friend just, just kept doing impressions of Ace Ventura because you know, they had the Miami Dolphins, but it was just an all, they didn’t want to revisit that night. So Alberto was a kind of funny Parentage. So his, his, his father, Alberto senior, he was Cuban and he actually fled from Cuba on a raft.

He made himself to the United States. The raft got totaled in a storm and the Coast Guard actually picked him up and shipped him over to Miami. So Alberto was always kind of, he was, he was a tech kid. You know, he was always really interested in tech. So his, his father bought a PC when he was age 12, and he nearly immediately caught a virus.

He immediately got a virus on the PC. So, you know, his father gets a technician over to fix the PC, and Alberto does not leave the technician alone. He’s just asking him like 20 questions. He just questioned him constantly, like how he got the virus, what viruses are, you know, how could you prevent it?

And it just, it took over Alberto’s mind. He was just so interested with this thing called a virus, you know, how can this happen? So, you know, Alberto’s, he’s going to high school and he kind of finds like minded individuals. He tells them about the virus, about hacking. And they actually end up hacking into NASA from their high school computers, which is just insane to think about.

The guys were brainiacs. The guys were actually brainiacs.

Brad Hawkins: Gosh, insane. And it actually happened in high school, in high school.

Patrick McMurphy: Yeah. And about a week after the event, the FBI show up in the high school. Who hacked Nazi? It took him a week to get there. I mean, he was pretty good. He was pretty good. But you know, Alberto just kind of, he brushed it off.

He thought it was pretty cool that the FBI came looking to him, looking for him. So he just kind of continued with more or less minor cybercrime because he didn’t want to get on their radar again. So he just kind of self educated himself in systems engineering, you know, how networks worked, all this kind of thing.

He specifically became very good at SQL injections. SQL injections are a funny thing. You’re really if you take any online form, any online form kind of, it uses, most of them use SQL, which is a programming language, but if you put in certain commands, you can start manipulating that form. And so what it allows you to do, It can actually open up back doors and into core systems.

And so this is what he was, this is what he was doing. Now he’s going to play him Albert.

Brad Hawkins: So Patrick, how does he inject the SQL? How does he get to that point? Now, I mean, there’s got to be some, I mean, we know about phishing, but how does he get that?

Patrick McMurphy: So, I mean, so he had been reading all these manuals and things, he’d been studying SQL and how you would commit an SQL attack.

Now, it’s not as easy anymore because, you know, system engineers have kind of caught out, caught on to how easy it was to do. But, so, we’ll say, you know, a login form, like, on a bank or something. You know, you enter your username and your password, but he would put in something like you know, and I’m going to start talking about programming here, so I’ll try not to get too bogged down in it, but he would say, like, You know, quote, username equals true, or something like that.

And so the system would then accept it as being a valid username. Whereas in fact, it’s not. He’s just manipulating the form itself. You don’t see it a lot anymore. It does still happen, by the way. SQL injections are still popular. But, it just kind of used to be Wild West back then. There was some great security on things.

Brad Hawkins: Yeah, that’s what, that’s what I think is amazing is you’ve got, you’ve got these young kids who from, from my perspective, they, they start out with just trying to get a little notoriety to be able to show their friends that, that they did something and then they start realizing that they can make some money and it just kind of, it kind of grows from there the simplicity that, that is out there, what’s, what’s amazing is you can go onto YouTube and, and learn some of this stuff because it’s so, it’s so simple and, you know, these guys are just sharing their knowledge and so we wonder, oh, we think we’re really safe going online and doing.

You know, doing our banking at Starbucks or whatever the case is, having no idea that there’s somebody sitting you know, five blocks away or five chairs away snagging all your banking data because you didn’t, you didn’t run your VPN or whatever the case is. So, but anyway,

Jim Brangenberg: back to the SQL injections. And Alberto Gonzales, but what’s he doing with this thing? What does he do? Go ahead.

Patrick McMurphy: Yeah, he’s making a ton of money. He’s just a teenager making a ton of money at this point with the SQL injections. And so he finishes up high school.

Jim Brangenberg: How’s he making money? How’s he making money?

Patrick McMurphy: Well, one of the things he’s doing with the SQL injections is specifically getting into people’s bank accounts.

So he’s getting a lot of their credit card information. Again, banking back then, online banking was in its infancy and the security was shockingly poor. So he’s just getting people’s online bank information as effectively. But when he finishes up high school, you know, a lot of people, you know, they might go to university, they might take up a trade.

What, what Alberto does is that he moves to New Jersey and he founds a hacking group on a website called Shadow Crew. And you know, time and time again, we come across these edgy names in the hacking world. They all love shadow and darkness and all this, you know, they’re teenagers, but they’re very dangerous teenagers.

And so ShadowCrew actually ends up having 4, 000 registered members on the website and what’s happening on ShadowCrew is that Gonzalez and his inner circle, they would hack websites, get credit card information, and then he would sell that information on the ShadowCrew website. And he’s, Alberto is actually a really fair businessman, he has very strict policies on the website.

For example, if you brought a credit card information on the website, and it proved to be invalid, he would give you a full refund. You don’t see that a lot in the hacking world, people kind of take your money and run, but Alberto has a reputation to keep, so he’s quite fair with it. I mean, it probably sounds like I’m stoling the great virtues of hackers here, but genuinely, he was… What he was doing was good stuff, if you remember.

Brad Hawkins: Comparatively, he’s amazing.

Patrick McMurphy: Yeah. And so, kind of fast forward to 2003. So what Gonzalez is doing at this point is that he would have blank debit cards. And he would load up these debit cards with information he’s stolen online. And so Alberto would go up to an ATM near midnight, okay, because after midnight, the daily limit on debit cards resets, you know, maybe you can withdraw, I don’t know, we’ll say 1, 000 a day, but after midnight, it resets, and so he’s going up to all these ATMs at about, I don’t know, five minutes to midnight, take out the withdrawal amount, and then do it again five minutes after, and so he’s doing this in Manhattan, and And a detective is investigating car thefts, and he sees this suspicious individual wearing a wig, and a kind of long jacket, and he’s like,

okay, that’s very clearly a man in a woman’s wig, at an ATM card, or at an ATM machine, looking very shifty.

And so, he goes up, he arrests him, and he arrests him, and, you know, they take him in for questioning. Alberto cracks immediately under questioning and the police realize they’re dealing with a really big fish. He’s a big hacker. You know, he’s got all this credit card information, debit card information.

And so what the authorities do is that they call in I believe it’s actually the secret service. They, they call it in the secret service. And they enlist Alberto in this thing called Operation Firewall. And Operation Firewall is effectively about exposing other hackers, specifically those from ShadowCrew.

And they’ve got the biggest fish from ShadowCrew in their custody. So, yeah, they start working together. The Secret Service in their reports, a lot of it’s declassified now. They say that he’s actually very, he’s a very nice guy, really easy to get on with, very smart. Just a great intellect for like fraud and network systems.

So He kind of reveals how he contacts ShadowCrew. They use a very specific VPN. It’s not SaferNet, thankfully, but they use a very specific VPN when contacting each other, so, you know, use, use SaferNet if you want to be a hacker, maybe VPN for you, but… So, he basically, he rats out his friends is what he does.

There was 19 ShadowCrew members were arrested. They had found out that there was 4. 3 million dollars had, had been stolen by ShadowCrew over the few years. And so at the end, Alberto, he avoids jail and he goes back to Miami. And the story doesn’t end there.

Jim Brangenberg: Okay, well, before we get to the rest of the story, before we get to the rest of the story…

I need to see Brad Hawkins, where SaferNet could have helped save the day in here, because to me, if somebody is getting a hold of my credit card information, if somebody is trying to get into my computer, is SaferNet going to keep those people from getting onto my computer to watch what I’m doing?

Brad Hawkins: Oh, we’re absolutely stopping them from getting onto your computer.

If you’re running SaferNet 24 7 like it’s designed to run you’re not, you’re, They’re, what we do is we make it extremely difficult for someone to be able to access the computer. If you make an error and you click on a phishing email or something like that, where you’re opening the door to, to your own demise.

But well, actually, if you turn it off, you’re opening your door. But if you click on it, we’re going to stop you. We got this pretty little door that pops up on your computer screen with a. With a desert scene saying, you’re not going here. It stops you right there. You’re not allowed to go any further.

But the key is, is that you are running it when you’re operating within SaferNet, you’re running into a VPN tunnel 24 seven, and you can navigate the web wherever you want to go. And not get access. If you might drop onto a website with a virus, just like you know, the beginning of this story, he got a virus.

If you stop into a website, we’ve got a V we got virus protection inside our VPN. So it stops you from being able to bring a virus onto your computer. So yes, we are doing. Amazing work. Our, our, our developers have done an absolutely amazing job of, of creating this VPN tunnel that keeps you safe.

Jim Brangenberg: SaferNet. com. Get protected now. SaferNet. com. Alright, so, Alberto Gonzalez goes down to Miami. He gets to go back to the lavish lifestyle on South Beach.

Patrick McMurphy: Yeah, I’ve been a Dolphins fan. Sadly, but yeah, so I mean, as I said, the story could have ended there, but it didn’t. So, what the Secret Service later learned, was that Alberto Gonzalez is the master of deception.

So the whole time he worked as a government informant, he was actually moonlighting as just an insanely successful hacker. He was playing the secret service the whole time. He was living this lavish lifestyle. So he actually had this very tough drug habit. He was taking ecstasy, ketamine, a lot of cocaine.

He was so tal well, okay, maybe not that he was so talented, but he was his work ethic was so intense that he took anti narcoleptics to stay awake while he was hacking, so the guy just didn’t sleep, he just hacked people all day and night. Yeah, he’s driving luxury cars, he’s staying in high end hotels, he actually threw a birthday party for himself that cost 75, 000.

He was making so much money, and if you ever watch that show Narcos, this will sound familiar, but he was making so much money that he had to bury the

dollars in his back garden to avoid suspicion because he didn’t want it going through the banks. So he was just digging holes and We have an address! We have an address to where he lives!

Jim, I scoped it out earlier. It’s all gone, by the way. I’ll have a new laptop next week. Now one of the biggest attacks Gonzales did during this time, what Alberto Gonzales did during this time was the, the TJX companies which is TJ Maxx in the U. S. called TK, TK Maxx in Europe, if we’ve any European listeners.

So that, that attack was actually over the course two years. And during that time, he stole 45 million credit card and debit card numbers, which is insane. It is insane. He sold all that information on the dark web. He made millions. He made absolute millions out of this. And I kind of, I don’t want to get too much into his, all his attacks here because the list is as long as my arm.

But he was, he was attacking OfficeMax, Barnes and Nobles, Dave and Buster’s, most notably the Heartland payment systems he attacked. He used the old SQL injections on this, and he compromised 130 million credit, credit and debit card numbers out of that. But that one specifically put him back on the radar, and he kind of made some mistakes that the, you know, the authorities were on to him again.

And so in March 2010, Alborosie was arrested. He’s sentenced to 20 years in prison. And actually gets another 20 year sentence later on when they can pin another crime on him. They’re basically running concurrently he’s like, in Narragansett prison. So right now he’s in the Federal Medical Center.

He’s there because it’s actually for, I suppose how do I say this, high risk prisoners with, who have some mental illness. So he’s believed to have Asperger’s syndrome. I don’t think he’s been officially diagnosed, but that’s, that’s kind of the common thought on it.

Jim Brangenberg: He’s super brilliant.

Patrick McMurphy: Yeah. Yeah, exactly.

I mean, look, yeah, sorry. Go ahead Brad.

Brad Hawkins: So, so how old is this guy now? I mean, has he, has he been doing this for a long time or? He said

Jim Brangenberg: he was born in 81, so, oh, 81. Okay. So think I’m 42 years old.

Patrick McMurphy: Yeah, so he’s, yeah, 42 now. One, one of the interesting things about him though his time in prison, he’s very, very open to the journalists.

So he, he’s actually talked a lot about hacking about the lifestyle. And so I have some great quotes from so he degraded for a couple of years ago, and he said that whatever morality I should have been feeling was trumped by the thrill. So he actually did. He doesn’t actually didn’t really seem to care about the money.

It’s just having the knowledge that he was smarter than whoever he was hacking that that was his thing. That was his drug. And so he said that he. Well, the exact quote is, I should have just done my time in 2003, that’s after the TJ Maxx attack. I should have manned up and did it. I would be getting out by now.

So he feels he should have quit when he was ahead. But you know, he’s in prison for the rest of his life, most likely. But he’s a very interesting character to, you know, if you listen to his phone calls from prison or anything. He was just all about the thrill.

Brad Hawkins: That’s what’s amazing is, is just trying to understand the logic behind what it is that’s happening.

Cause I mean, there’s, the internet’s not going away and, and hackers are just getting more and more sophisticated and knowledgeable about what it is that they’re doing. And so to understand. Why it is, what is the motivation? You think that, you know, it’s all about just stealing. Well, it might be in the, in the very beginning until they have enough money, but you know, there’s a lot of people that are all about, Oh, I’ve got to, I’ve got to show my friends I have the access.

I got to, I got to outdo the, the people around me. And when you start realizing that it’s not just about money, it actually increases the risk. Because there’s so much more to it. So it’s really kind of an amazing process to really understand the logic and the thinking behind these guys.

Patrick McMurphy: Yeah. Cause I mean, I mean, I mean, can you imagine being 14 years old and you hack NASA, imagine that rush?

I mean, you know, NASA employs people

Jim Brangenberg: or was the rush when the principal came with the guys with the blue FBI. I’m going to get you out of the out of the study hall that day.

Brad Hawkins: Sitting around the lunchroom saying I did that. I did that. That was me. That’s right.

Jim Brangenberg: I mean, I. Yeah, you heard it here. The internet and everything digital can and does have a digital dark side with super many dark players.

It’s why you need SaferNet by your side. Thanks to SaferNet for supporting our efforts to bring these stories to your ears and giving them the exposure that they need for your own security and the safety of those you love and those you work with. Check out safer net. com. Don’t get messed up by one of these hackers get secure today till next time click only on the attachments you trust from those you trust and delete the rest and if you get those attachments and those links from your mother who’s in her 90s Don’t click on them anyway, or you may become the next victim of a Digital Desperado.

Outro: This episode of the Digital Desperados podcast is brought to you by SaferNet VPN, found online at SaferNet. com.

World War III started on your computer when Al Gore unleashed the internet in 1994. Want to fortify your business against cyber attacks? SaferNet VPN is the answer. Our easy to use cybersecurity app protects your enterprise on all fronts.

Plus, secure your family’s online journey with powerful internet filters. Embrace simple yet robust cybersecurity with SaferNet VPN now. Get secured now. Sign up at SaferNet. com. That’s SaferNet. com.

As we reach the end of today’s digital odyssey, it’s clear that the threats facing small businesses in the vast expanse of the internet are not just tales meant to scare us into action—they are real, they are present, and they are ever-changing. But fear not, for the shield of cybersecurity is within your grasp. SaferNet VPN is more than just a service; it’s a commitment to the safety and integrity of your business’s digital presence.

Small businesses are the lifeblood of innovation and progress, and they deserve protection that is both powerful and affordable. With SaferNet VPN, you’re not only investing in state-of-the-art cybersecurity but also in peace of mind. Whether you’re fending off the silent threats of cybercrime or ensuring your remote workforce remains secure and productive, SaferNet is your partner in this ongoing battle.

Remember, in the digital realm, complacency can be the chink in your armor. So equip your business with SaferNet VPN, where robust security meets simplicity. Don’t let your business be the next target for the digital desperados out there. Fortify your digital defenses, take control of your internet safety, and navigate the web with the confidence that comes from knowing you’re protected.

Thank you for joining us on the Digital Desperados podcast. Secure your digital world today at SaferNet.com and make ‘VPN for Small Businesses’ not just a search term, but a cornerstone of your business strategy.

Until next time, stay vigilant, stay secure, and stay connected with SaferNet VPN.

Libsyn:https://sites.libsyn.com/488183/episode-2-alexsey-belan-could-be-selling-your-information

YouTube:https://youtu.be/GmIYvOWGX-w

Rumble: https://rumble.com/v3qfx5s-episode-2-alexsey-belan-could-be-selling-your-information.html

Hey there, Digital Defenders! 🛡️ As we navigate the waves of the web from our home offices, coffee shops, or even while lounging in our backyard hammocks, the importance of secure remote work cannot be overstated. Gone are the days when cybersecurity was a buzzword only the IT crowd tossed around—today, it’s as essential as your morning cup of joe. ☕

In this episode of the Digital Desperados podcast, brought to you by the knights in shining armor at SaferNet VPN, we dive deep into the shadowy alleys of the internet. We’ve got tales that’ll make your digital hairs stand on end, and insights that’ll arm you with the ironclad protection you need in this era of remote work.

Whether you’re a solo entrepreneur, a remote employee, or part of a global team, SaferNet VPN is your faithful ally in creating a fortress around your digital life. Imagine having a digital shield that not only secures your connection with military-grade encryption but also stands guard against the cyber goblins trying to infiltrate your virtual workspace.

So, grab your favorite snack, secure your connection (we’ve got you covered on that front), and get ready for a rollercoaster ride through the latest episode of Digital Desperados. Trust us; you don’t want to miss the dark tales from the web that Patrick McMurphy has in store for you. And remember, with SaferNet, secure remote work isn’t just a fancy phrase—it’s your new reality. Let’s get started!

 

If you’d prefer to listen to this episode of Digital Desperados, you can listen back here:

Intro: This episode of the Digital Desperados podcast is brought to you by SaferNet VPN, found online at SaferNet. com.

Jim Brangenberg: Welcome to the Digital Desperados podcast featuring Dark Tales from the Web. Patrick McMurphy is here today to tell us our dark tales. I’m Jim Brangenberg and I’ll serve as your story guide.

And of course, Brad Hawkins joins us from SaferNet to tell us how they can save the day. You know, there’s just so many tools out there that can increase… Anyone’s online protection. But one of these tools is safer net and safer net is the complete solution to the cybersecurity threats faced by individuals, businesses, and families.

Not only does it connect to every device to a 24 seven, always on military grade. VPN, but it also stops outside cyber threats, malware and viruses as well. SaferNet was designed with user freedom in mind and can protect you anywhere in the world on any cellular device or any wifi network. In addition to the protection SaferNet offers, it also offers a range of employee and parental internet controls.

These include internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories. Is there any reason you don’t get secured right now? I doubt it. Check out our affordable production at safer net. com. That’s safer net. com. All right, Patrick, which dark tale are you telling us about today?

Patrick McMurphy: Today I wanna talk about Alexi Balan, also known as Abeer ov. I’m just gonna call Alexi by his, his first name today, because I cannot pronounce that pseudonym. But Abe, you got Abe. Abe. Abe. Good. Good old Abe. Good old Alex Belan, Abe. So yeah, Alexi was primarily known for the Yahoo data breach.

And now these days when you talk about Yahoo, I mean if you get a lot of like. You know, Gen Z, they probably don’t even know what Yahoo is. But back then, mid 2000s, Yahoo was, it was bigger than Google, it was huge. And that data breach was the biggest in history at the time. It was half a, half a billion Yahoo accounts were compromised.

And what Alexei did… With these accounts is that he gained further information like credit card information and he, he would sell it on on the dark web and Alexei kind of, he, he was, he’s a good story about someone who’s really good at one specific thing. And that’s, that’s how we got his notary. So Alexei was born in 1987 in Latvia and like in our last episode, he he kind of grew up in, you know, that transition between.

U. S. S. O. R. the switch from communism to capitalism and it was funny because I wish I had this information in our last episode because I actually, I met some Ukrainians over the weekend and they were telling me what it was like growing up in that transitional stage. And it was just, there was a lot of things I didn’t know.

I mean, it was really, I mean, for example, one of the ladies, she, her father was an engineer with the Cosmonauts. And when the switch happened, he ended up working in just like a factory production line job. And it was, it was a complete tonal shift in life. So it’s a difficult time to grow up.

Jim Brangenberg: I just say, I gotta, I gotta counter you on one thing.

The shift from communism to capitalism. I don’t think so, Patrick. I’m not quite sure they might’ve done that on the outside. Mikhail Gorbachev might’ve said that’s what we’re going to do, but I don’t think that ever really happened because I don’t think Putin is much of a list.

Patrick McMurphy: Yeah, I, I, I, I, I agree. I mean, it’s, it’s, it’s not really capitalism is that it’s it’s going to distorted Russian take on, on

Brad Hawkins: their own, their own version of capitalism.

Patrick McMurphy: Yeah. I mean, you know, where Russia is still in control. Exactly, because I was, I was in China a number of years ago and you know, I went to China and this, you know, the idea was a communist and the first thing I see in China is this, I’m in, I’m in Beijing and I see a Lamborghini store and I was like, this doesn’t feel very communist.

A lot of these countries just kind of have their weird take on economics that you can’t really define well, but you know, it is what it is. All right, so back in alexis back to good old alexis good old good ole so alexis is kind of He’s kind of known since around 2006 because we know that because his, a lot of his monikers can be seen on hacking websites on dark web forms, especially inside pro and Zloy.

They were two really big dark websites back in the day. He was also blogging at the time using, using his good ole handle. And it’s funny because if you go back and read his blogs now. They’re so above board. He’s just talking about his day and things like that. And it’s kind of funny to see this hacker talk about he was walking his dog or something, you know, just real normal stuff.

But Alexei, he’s, he’s a bit of a small fry, but he’s, he’s starting to make a name for himself. So he kind of starts off with hacking Russian web. He eventually gets more international. He specifically starts targeting a lot of Israeli websites and what, what Alexei is really good at doing. Is that he gets into websites and he steals user account information.

He takes that information and sells it on the dark web. So he kind of really builds this reputation for himself where he can crack any website. And he, Alexi gets known for his…

Brad Hawkins: Patrick, do you know roughly how old he was when he was starting this? Or before he got his notoriety, do you know anything about his history?

Patrick McMurphy: Yeah, he would have been about 19 at the time there’s not a, there’s not a lot known about his childhood except that we know he, he had close ties to Russia, so it’s possible that a parent of his may have been Russian or something like that, but he was always, I mean, even though he was born in Latvia, he was definitely very close to Russia, so there, there’s, I think there’s a possibility there’s some family ties there.

Brad Hawkins: Yeah, that’s, that’s what always amazes me when we look at some of these real notorious hackers, you think it’s like, you know, like old mafia people, but no, they’re, they’re typically just super young and super smart and, and they can, they can do almost anything, but yet they choose to to operate in this way.

But anyway, I go, go ahead. I was just in the background.

Patrick McMurphy: You’re, you’re right. Yeah, you’re right for sure. And you kind of, you kind of questioned, you know, Was it just these young men didn’t was there no opportunities for them that they decided to go down this? I mean, it’s a it’s a pretty dark path, you know I mean, if there was a better opportunity, yeah, dark path, dark web.

But I mean, you know, if there was more opportunities for them. If their family life had been different, would they end up, you know, going on to university and, you know, studying mathematics and things like this? But Alex was really good at being evasive online. He, he, he really had a knack for invading detection.

All his communication was encrypted. He really messed up with digital forensics. Like you couldn’t, you couldn’t track this guy. This guy was, he was really hard to get a hold of. I mean, even Once he kind of got access to a website, he would really delve deep into the network infrastructure of the website.

It just made him really, really difficult to track. I know at the time, if you guys can remember back then WordPress kind of first hit the headlines. WordPress became phenomenally popular. And Alexei was the only guy, kind of only popular guy, who was really good at hacking WordPress. He could get into any WordPress site.

And so he, that’s, that’s how he really got his reputation. If you wanted to, if you wanted to hack a WordPress site, you had to contact Alexei on one of these forums. Yeah, it was, it was crazy, but what Alexey started doing, you know, he realized that the big fish at this point where the U S e commerce websites and a lot of them were hosted a lot, a lot of the WordPress sites were using things like Shopify and other platforms to sell their stuff.

I don’t know anything. I mean, their products on their WordPress sites. But, you know, if you start, you know, kind of poking the bear as it is with targeting U. S. websites, the government are going to, are going to notice after a while. And at the time, Alexei was living in Greece and the U. S. noticed him and they said, we got to get rid of this guy.

They put out an international warrant on him. In fact, the FBI had a hundred thousand dollar bounty on his head. And so they also put on an Interpol red note.

Brad Hawkins: I just have to say, what a. I hate to say it this way, but what a genius move hacking WordPress because you can, you can bypass, if you get in one, you’ve got access to all of these websites and for those people that dunno, WordPress is a, is basically a, a, a site that you can go in and, and create a, a, a webpage or, or, yeah, a full website.

And, and they, they host your website, and they, you, you do all your work for your website on WordPress. And so, thousands and thousands of websites on there, and all he has to do is, is hack into WordPress, and then he has access to all of these websites. Honestly, that’s, it’s it’s like shooting fish in a barrel.

But that’s, I, I didn’t realize that, so anyway. I’ve never shot the barrel.

Jim Brangenberg: I have thrown, you know, an M 80 into a lake that’s similar shooting.

Patrick McMurphy: I mean, we do that in Ireland for fun, Jim, you know, I mean, we’re all fishing barrels throwing TNT and fish barrels.

Brad Hawkins: It goes along with the same ethical lines.

Patrick McMurphy: Yes. Okay. All right. Well, we didn’t shoot fish and bar, but I’ll tell you what I did do growing up. So, you know there’s not a lot of guns in Ireland. Which is not really gun culture, but my dad managed to get his hands on a gun. And so we used to buy, we would go to the store and we’d buy like ten bottles of deodorant.

And people would be like, why are these two guys buying all this deodorant? And we’d take them to a field and we used to shoot them. Because if you shoot a bottle of deodorant, the thing explodes. And I was like five years old doing this as well. Probably not the safest thing for a five year old to do in retrospect, but.

Yeah, but we didn’t shoot fish in a barrel. We didn’t shoot the ocean down a good distance. It was a nice shot. It was a good shot. It’s a shame I wasn’t raised in America, honestly.

Jim Brangenberg: Yeah, and speaking of taking a good shot at things, you know, if you want to take a shot at your cyber security, you need to talk about SaferNet.

Brad, how could SaferNet help protect somebody who’s got a WordPress site? Is that something SaferNet can help with?

Brad Hawkins: Well, actually if he’s getting into WordPress and, and then messing around in WordPress it, it is a different type of security. So what we, we protect is the endpoint device. We protect all computers tablets cell phones, whatever it is.

We protect those type of things. But getting into WordPress, that’s, that’s more of a a. A level of of creative hacking that we, we don’t, we don’t mess with, but truthfully, the average person out there is, does not have a WordPress height. They’re, they’re out there. Using these wordpress sites, but they’re not, they’re not using those.

And we’re, we’re more of a cybersecurity company for everybody as opposed to companies that hold their, their website in a wordpress.

Patrick McMurphy: Very good. All right. So, yeah, sorry. Go ahead, Jim.

Jim Brangenberg: No, no, come on. You’re going to jump in on there.

Patrick McMurphy: Go ahead. No, yeah. I was, I was just going to add, I mean, you know, I’ve run a lot of.

I’ve run a lot of WordPress. I used to have a hockey blog. In fact, I dedicated most of my free time to writing about ice hockey. But I will add with SaferNet, if you’re running anything like a blog on, on, on WordPress, you know, you get comments. You, excuse me, you get comments on your blogs. And you’ve got a lot of stuff in the contact form and 99 percent of it is going to be fishing links.

And if you say for now, and you’ve got one of these links and you click it safe, that has your back a hundred percent. So it’s definitely helpful to have, I think, if you are running any kind of WordPress.

Jim Brangenberg: Yeah. I recently installed safe for that on my mom’s computer. She’s 89 and I got to tell you it, it, when she likes to click on those really pretty links, it keeps her from going places.

It keeps going to those places that the naughty people send her. All right, back to Greece. We’ve got it. We’ve got an international

Patrick McMurphy: back to Alexei. Poor Alexei. We almost forgot about Alexei. A

Jim Brangenberg: hundred thousand dollar reward doesn’t sound like very much, but because he’s probably making a lot of other people a lot more money than that.

Patrick McMurphy: Well, what happened? Yeah. So you got, he’s in Greece. You got the Interpol red notice, all the cops that are in any country that’s aligned

with the U S they’re looking from. And so. Alexei actually gets arrested by the Greece, the Greek authorities. And now, here’s a very funny point. He somehow escaped from the police, but it’s not known how.

And I’ve always kind of had it in my head, that he’s in this kind of comedic scene where he’s in the back of a police car and he like, shuttles out the window or something, but it’s not actually known how he got away from the cops, but he did.

Brad Hawkins: First of all, I think that’s pretty clear. He’s, he’s discussing the 100, 000 reward and and how about a million if you, if you just walk away right now,

Patrick McMurphy: I mean,

Brad Hawkins: it’s amazing what happens when you have have a few extra dollars sitting in your bank account and they’re offering a hundred grand as a reward, so.

Patrick McMurphy: Yeah, but they are known for their love of certain brown envelopes. So, you know, I mean, look, whatever happened,

Jim Brangenberg: all right. So getting back to the story escapes from the authorities.

Patrick McMurphy: Yeah, so he escapes from the authorities and Alexei’s first thought is, I need to go to Russia because he knows, I mean, he’s a lot of friends in the hacking community, he knows that Russia is kind of a safe haven at this point for hackers.

So he gets over to Russia and the first thing he does is get in contact with the FSB, which is a very clever move by Alexei, in fairness to him, to give him credit. And so the FSB recruit him, you know, they may have coerced them, but I think they probably just realized they had a good guy on their hands to work with, so.

He partners up with two FSB agents, Dmitry Dukachev and Igor Shushkin. And so, Russia at this point, they’re very interested in Yahoo accounts, because there’s a lot of foreign dignitaries who are using Yahoo, and they really want to get into Yahoo accounts. And they know that Alexei is very specifically good at just hacking websites.

And so Alexei, with these two agents, they basically send them on a mission to… Again, access to a huge amount of accounts that are targets of interest to Russian intelligence. So we’re talking about there’s ministers for economic development, diplomats from other nations, investigative reporters, especially employees of certain us companies like, you know, cloud storage companies.

There’s a Nevada gaming official. I don’t know that the guys want to go to Vegas for a weekend or something, but there’s things like senior officials and us airlines. There’s, there’s all these kinds of guys, right? And so Alexia and the two agents, what they specifically do is spear phishing. And so spear phishing is when you know someone in a certain company, let’s say a CEO or a CFO, especially, they get an email saying, Hey, this is your, you know, accountant or whatever, please click on this link.

I mean, look, they’re going to be a lot more elaborate than that. You know, I’m obviously, I was never good at spear phishing myself, but you know, this is, this is what they’re doing to get access to these accounts. And so, while Alexei is working doing this for the FSB, he’s also moonlighting hacking other Yahoo accounts.

And so, he does crazy stuff. You know, people talk about SEO these days, you know, search engine optimization. And you know, there’s, I mean, Brad and I know there’s whole companies out there that are dedicated to SEO. Alexi is so good at SEO that he hacks the Yahoo search algorithm. So anytime you search things like pharmacy online, all you get is his affiliate links.

The guy just masters it. So, I mean, if you ever need SEO, talk to Alexi because He’s on to something.

Jim Brangenberg: We are not recommending here on the digital desperadoes podcast. We’re not recommending that you try to contact Alexi. We think that would be a bad idea.

Patrick McMurphy: Yeah, please do. I, please do not bring me to court.

If you try to contact Alexi and your bank account is gone the next day. It’s, it’s not my fault, but he is really good at SEO. But I suppose during all this, all, all the, the moonlight that he’s doing, he actually gains access to half a billion Yahoo accounts, which is just insane. It’s actually the biggest hack at the time.

And so he’s just selling all this information online. He’s kind of. He’s also orchestrating other phishing attacks based off the account information he gets,

like, for example, if he got access to his CEO, he’d then be emailing the CTO, etc. And yeah, I mean, that’s really Alexei. He’s still at large.

Now, he’s not been in the headlines for a couple of years, but a lot of these guys haven’t because it’s kind of assumed right now they’re probably working on the whole war in Ukraine situation. But yeah, he’s still hacking. He’s still hacking WordPress. He’s still with those two FSB agents. That’s Alexi Balan.

Brad Hawkins: Well, it’s, it’s, it’s absolutely amazing to, to think about the cover that Russia’s providing these guys to allow them to just, just do what they do.

Patrick McMurphy: It’s crazy.

Brad Hawkins: And, and the fact that, that it’s, it, it’s a known thing that, man, if you’re in trouble, , you know where to go. But yeah, that’s, that’s just amazing.

Patrick McMurphy: I’m just saying,

Jim Brangenberg: I’m not going to Russia. I don’t care. Maybe you’re probably safer in prison in the United States. Pretty sure. I don’t know. Or, or you could just go to Montana. They can’t find you there anyway. All right. Not that we’re talking about authorities, but we are talking about evading those people who are coming at you from the dark web, safer net can be there for you.

On all your devices 65 web filtering vpn It is there for you it’s it there’s just so many pieces of what they do But being able to monitor to be able to control Where your family goes to be able to control where your employees go To be able to make sure that when you click on a link if it goes to a naughty place that it just doesn’t go That’s the power of safer net go online to safer net.

com safer net. com Patrick and brad. Thanks for being here today. Thanks for bringing us the story. Thank you. Thanks for having me lexi Great, jim. Thank you. Yeah, you bet you bet you heard it here, the internet and everything digital can have a dark side with many dark players That’s why you need safer net on your side Thanks to safer net for supporting our efforts of bringing these stories to your ears and giving them the exposure that they need Please for your own security and your safety for those that you love and those that you work with check out safer net.

com Get secure today. Till next time, click only on the attachments and the links you trust from those you trust and delete the rest or you may become the next victim of a Digital Desperado.

Outro: This episode of the Digital Desperados podcast is brought to you by SaferNet VPN found online at SaferNet. com Business owners, listen up. Criminals and search engines do not need to know everything you do on the internet. SaferNet VPN ensures your company’s safety with its powerful cybersecurity defenses.

Explore the Control Center dashboard for seamless management. Shield your workforce from inappropriate web content using 84 internet filters. Trust SaferNet VPN. Your path to worry free online operations. Get secured now. Sign up at SaferNet. com. That’s SaferNet.com.

And there you have it, Cyber Crusaders! Another episode of Digital Desperados has come to a close. We’ve journeyed through the eerie backstreets of the internet and emerged wiser and ready to fortify our digital domains. As we log off, let’s not forget the golden rule of secure remote work: vigilance is non-negotiable.

In a world where our office can be anywhere from a kitchen table to a desk on the other side of the globe, SaferNet VPN stands as your unwavering guard against the unseen marauders of the internet. It’s not just about locking doors; it’s about building an impenetrable citadel around your online presence.

As you step back into your daily grind, remember that SaferNet VPN is more than just a shield; it’s a commitment to secure remote work that empowers you to conquer the digital realm with confidence. Don’t leave your digital safety to chance; stride boldly with SaferNet by your side.

Until our next cyber saga, keep your connections secure, your data encrypted, and your remote work seamless with SaferNet. Check out SaferNet.com to bolster your defenses and join the ranks of entrepreneurs, remote warriors, and digital families who choose not just to survive, but to thrive online.

Stay safe, stay connected, and stay secure. Because when it comes to remote work, ‘secure’ is the only way we roll. Catch you on the digital flip side!

Libsyn:https://sites.libsyn.com/488183/episode-1-the-life-criminal-activity-of-maksim-yakubets-aka-aqua

YouTube:https://youtu.be/CAFIpGYhnhI

Rumble: https://rumble.com/v3qfp2s-episode-1-the-life-and-criminal-activity-of-maksim-yakubets-aka-aqua.html

 

In a world where digital threats lurk behind every click, safeguarding your devices is not just a convenience—it’s a necessity. This is where the concept of ‘device-level security’ comes into play, offering a fortified shield for your personal and professional online interactions. Whether you’re a remote worker securing sensitive data or a parent safeguarding your family’s online activities, the need for robust security measures tailored to each device is paramount. SaferNet VPN rises to this challenge by delivering unparalleled protection that extends beyond traditional security means. By encompassing a vast array of cybersecurity features—including VPN services, malware defense, and internet controls—SaferNet ensures that your devices are not only connected but also comprehensively protected. As we delve into the darker corners of the digital world in this episode of the Digital Desperados podcast, remember that the device-level security offered by SaferNet VPN is your vigilant guardian against the ever-evolving cyber threats.

“Jim Brangenberg: This episode of the Digital Desperados podcast is brought to you by SaferNet VPN, found online at SaferNet. com.

Welcome to the Digital Desperados podcast featuring dark tales from the web. Patrick McMurphy is here today to tell us about our dark tales. I’m Jim Brangenberg and I’ll serve as your story guide.

We’re also joined by Brad Hawkins from SaferNet VPN. This podcast is brought to you by SaferNet VPN. You know, usually a business or family would need three different services for Protecting their computers, a VPN, malware, and antivirus protection as long as, as well as internet controls. But SaferNet offers all three features in one product.

SaferNet truly is an endpoint security presence that can be implemented in minutes anywhere in the world. It can be done on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes just minutes.

And it’s easily accessible anywhere in the world. And their control hub helps you monitor your employees, your family members, devices, including activity, time spent online and threats blocked. Is there any reason you don’t get secured now? I can’t think of one. We did it here at our organization. You should do it at yours.

Check out our affordable protection, SaferNet. com online. That’s SaferNet. com. Now, Patrick McMurphy, which dark tale are you telling us today?

Patrick McMurphy: Yeah, I think we’re going to start with the best one. And when I say best, probably, I don’t mean morally the best, but definitely one of the most notorious it’s a gentleman by the name of Maxim Yakubets.

He’s gone by the acronym of Aqua. The media have called him the hacker who stole 100 million, but I take a bit of issue with that because that figure is definitely much, much higher. So Aqua, I’m just going to call him Aqua, it’s because I’m going to butcher people’s Russian’s name in this, so you know.

He’s a, he’s a genius, first and foremost. Most of the hackers we talk about are, they’re either brilliant mathematicians, they’re just whiz kids with computers,

but he was an extraordinarily talented hacker. These days he’s running one of the most sophisticated cybercrime groups to ever exist called Evil Corp.

Definitely not an original name by any means, but you’ll see this in the hacking world. People kind of have cheesy names like Deathlord and all this. It’s just, it kind of comes with the territory. Now he, he’s been primarily involved in banking malware as is the rest of Evil Corp. But Aqua, Aqua was born in the late 1980s.

He was born in Ukraine. And as he grew up, it was, yeah, late 1980s. So he grew up into really post USSR Ukraine. And his family were moving close to Russia and Moscow, and it’s, I mean, if you think about it back then, it is a titanic change in your life, going from communism to quasi capitalism, it never really quite worked out there, but it’s a titanic change for any country to make, so it is a difficult upbringing and he, Really spent a lot of his formative years around Moscow and there, there’s not a lot of information on his family out there.

The only person we kind of know, we do know his father is still alive. There was a couple of years back, a bunch of reporters from, I think it was Channel 4 in the UK. They went to the father’s apartment in Moscow. Real, just a modern apartment, nothing fancy or special about it. They tried to interview him.

He wasn’t taking interviews, obviously. He just, he told them that his son wasn’t a criminal. I mean, obviously, look, you’re living in Russia. You can’t really be saying your son’s a criminal. You probably did.

Brad Hawkins: I, I, I, I gotta say. Obviously, he doesn’t, he doesn’t know this name of his son’s company named as Evocore.

You would think, what made him, maybe my son has stepped offline a little bit.

Jim Brangenberg: Maybe, yeah. They, maybe they, they were like clowns for birthday parties. They just happened to be called Evocore, you know?

Brad Hawkins: It’s a little head in the sand stuff, but yeah. But yeah, so, I mean, again, not a lot is known about how we got into computing but we kind of first see Aqua in the media around 2009.

And so, 2009, Aqua got involved with this gang called the Jabber Zeus crew. And so Jabber Zeus, with their name, they’re using a piece of malware called Zeus, which is a banking virus. Now Zeus is a real historical virus if you look

back on the history of digital virology because it started many, it’s basically, it’s source code was taken as time went on and other viruses were created from it, but this is around 2009 is the genesis of Zeus.

He didn’t create Zeus, did he?

Patrick McMurphy: No. No he didn’t. It was created by, I was hoping you would not I cannot, I cannot pronounce the creator surname.

Jim Brangenberg: I got it. It’s Hamza.

Patrick McMurphy: I was gonna call him Hanny B. I was gonna, I was gonna go with Hanny B, but yeah, you can go with that. I’m probably gonna wake up tomorrow with Zeus on my computer for saying that, but, you know. Yeah, he was just an operator, and you kind of do find this as well. The, oftentimes the, the original virus will be created by some…

Like Mathematical Zabant type character, some real, you know, next level guy. And then it’s distributed by various hackers who use different techniques. And so when he was, when Aqua and the Jabberzoo’s crew were distributing it, they were mostly going by phishing attacks. So, you know, you get a dodgy link in an email and it could be from a stranger or it could be from someone pretending to be someone you know and say, hey, click on this and…

Bang, it’s a drive by download, you’re infected. Now Zeus had a number of capabilities.

Jim Brangenberg: What do you mean by a drive by download?

Patrick McMurphy: So that’s, that’s kind of, it’s, it’s, it’s one of the kind of quickest attack vectors. So it’s, you’re just opening a link and without you really knowing it, there’s a, there’s malware being…

Download it onto your machine, because a lot of people make the mistake with phishing. They say, Oh, I can click a link, but I just, if I just don’t enter any account details, I’ll be fine. But that’s actually not the case. Just the act of clicking the link is, is enough to get you infected. That’s the door. That’s the door they’re opening,even with device-level security

Jim Brangenberg: So Patrick, I just, this question is, you know, I’m a simple guy. What? Why do people do this stuff? I mean, do they have no other time on their hands? Are they truly doing this as a job? They’re doing this because they

want to make money. So they’re going to do, I mean, I mean, you’ve been studying hackers, even studying virus guys for years. Why? they go to school for this?

Patrick McMurphy: It’s a school, but it’s not an official school, I would say, more, more than the school in the dark web. Yeah, you don’t. No, you might get a digital degree, maybe like an NST type degree or something, but digitally assigned. But I think really, Jim, there, you, you come across a few different motivations, some, which we’ll see in a couple of weeks time are a lot stranger than others, but, I would say the most common is financial gain.

It’s financial gain. Now, with that I would say what’s a joint motivation with that is that they are either under pressure from their government or they’re actually working for their government to carry out the attacks. Because if you’re looking at a guy who’s deploying banking malware to, we’ll say, a bank in the United States.

It’s doing two things. He’s getting money from it, but it’s actually disrupting something in the United States as well. So it’s, it’s kind of, there’s two reasons for an attack like that.

You know, they’re making money and they’re having a giggle at the same time.

Jim Brangenberg: All right. You better get back to this guy’s story.

Patrick McMurphy: Yeah. So Zeus, yeah. So as I said, it was distributed by phishing attacks and it had a few capabilities. It could deploy other malware, including ransomware, which is just deadly. One of the worst kinds you can get. It had a key logging feature. I know that’s where. Someone can, is tracking your keystrokes, so if you typed in the word hello, they could see you typed. H E L L O. You can imagine, if that’s on someone’s computer, they’re typing in bank details, all that information is going back to the hacker’s server. Probably it’s worst thing was it’s ability to hijack the browser to create fake login pages. So we’ll say you’re infected with Zeus. You go onto your, you open your browser, and you go onto, let’s say, Chase Bank.

And it doesn’t matter if you type in the URL, it’s in a bookmark or whatever, Zeus notices it, the URL actually might even still seem the same. Brings up a page that looks identical to Chase. You enter your login information. And you’ll just get an error saying wrong password or something. Whereas in fact, Aqua, you just gave Aqua your bank account details.

So this thing was vicious. It was vicious. And during its time, really, cause this was the peak of Zeus, but Zeus made between 70 million dollars on Aqua was definitely the main guy with Zeus. So it was devastating at this time. Again, why device-level security is so critical.

Brad Hawkins: how does Aqua get Zeus if somebody else made it, do they just share their technology to help everybody out, or are they working together or what’s the strategy?

Jim Brangenberg: Hackers, they steal it!

Patrick McMurphy: Yeah, well, there’s a lot of different strategies. We often talk about SaaS, software as a service, but something that’s very popular is MaaS, which is malware as a service. So, a hacker is on the dark web. Ransomware is probably actually the most powerful, but they’re on the dark web and they rent out licenses to use their, to use their malware.

So it’s, it’s a business, man. It’s these guys, like these guys aren’t clowns. They’re businessmen just with you know, different motivations.

Brad Hawkins: Gotcha. Gotcha.

Jim Brangenberg: I got it. I got it. Okay. I want to hear more of the story. And Patrick, you could pick up here in a second. Yeah. But Brad, you know, you’re talking about these are people that are stealing virus offers from other people or paying licensing to virus offers.

They can do it. And this is just one virus. We know there’s lots of them. I mean, and this is any, this is why SaferNet exists.

Brad Hawkins: Honestly, you know, I’ve been here thinking Man, these guys are, these guys are on top of it. If, if, if we could just help them with a little morality, I’d love to hire them. But they, they know what they’re doing, but the struggle is, is that they’re using it just to, to steal.

They could, they could be amazing at business if they would just run it straight up and they could enjoy their money right in front of everybody. Yes, that is the reason that SaferNet exists. That is exactly the reason, is that you know, one of the, one of the things that, that Patrick said was that You know, you just to drive by it, just you’re not even paying attention and it gets you all of a sudden now you have Zeus on your device and it’s wanting to suck up all your passwords or whatever it is that it’s trying to get to.

And the reason is, is that most people forget to turn on the cyber security devices and the tools. That you have on your device. So if you’re working for a company, the company puts it in there. They say you have to use this, but you forget to turn it on. You forget to turn on a whatever, whatever it is that we’re working on.

But the reality is, is that with SaferNet, one of the greatest things that I’m proud of our developers are putting out. Is that we’re 24 seven always on you. You don’t even have to think about it. It’s always They’re protecting to stop those drive bys

Jim Brangenberg: SaferNet. com. All right. Now patrick you said that the american government finally got the I mean they finally Think like hey this yakubets Hey We got to watch out for him.

Patrick McMurphy: Yeah. And what really was the catalyst for that was that, you know, Aqua had been targeting a lot of Western Europe and American companies, but what he did was he targeted the Kentucky County treasurer. So at that point you’re, you’re actually targeting the government in a sense. And that, and that’s when the U. S. got, you know, that really ticked them off. Now something notable about that attack, and it, it really just speaks to Aqua as a hacker and his methodology, was that he hoises tracks so well that it took eight days for the Treasurer to notice any money was missing. Now you might say it was just a bad treasure, but I’d like to believe that.

Aqua was pretty significant in what he did there. But that attack alone, that was half a million dollars. But it was an inter it was an international incident. And the U. S., the U. S. appealed to other countries to help them. They did figure out he was Russian. It’s unknown how. It could be some calling card.

He may have even, you know, he could have left anything there. But. He asked the Russians to, they asked, the U. S. asked the Russians to help them track down Aqua, which was one of the last times they asked the Russians for help in something like this, but So what happened was that Aqua, even though this guy is so good at hiding his tracks, he actually used a duplicate email in one of his hacking attempts, and when he had ordered something to his house online, I think at like 12 months previous.

And the FSB, the Russian intelligence wing, they caught this and so they raided the apartment he was living in. He was there living with his first wife and their child, who was a baby at the time. And this raid is, is the turning point in Aqua’s

life. The Russians immediately claimed to the U. S. that Ack was innocent and no further action needs to be taken.

Now, if the story ended there, it wouldn’t be a very exciting story. In reality, what happened here is that the FSB realized that, okay, we’ve got a serious hacker on our hands. This guy is really talented. So the FSB either coerced them into working for them or they recruited him. I’d like to believe they recruited him just based on his later life after this.

They tell the U. S. Don’t worry about this guy. You’ll never hear from him again. And then they take him under his wing or they take him under their wing effectively and his career just explodes at this point.

Brad Hawkins: What does the FSB stand for?

Patrick McMurphy: Something in Russian that I cannot pronounce. Oh, okay.

Jim Brangenberg: It’s the Federal Security Bureau.

Patrick McMurphy: Is it?

Jim Brangenberg: I just made that up, but I’m going with it. .

You could’ve said yes there and I would’ve bought it.

Patrick McMurphy: Like if you, if you wanna sell me some magic beans, Jim, I’ll buy a pack off you .

Jim Brangenberg: There are some beans at the end of the rainbow. I, I heard an Irish guy say that once.

Patrick McMurphy: That’s a pot. That’s a pot of gold. And we’re very protective about our pots of gold.

Jim Brangenberg: Yeah, bet you are. Alright, so, so the Russians, obviously we know the Russians are now in charge of lots of hacking. They clearly found the leader of their. The Hacker Division.

Patrick McMurphy: Yeah, they found their golden boy. And immediately they start introducing him to the top dogs. They introduce him to Dmitry Peskov who was, and still is, Putin’s press secretary. So he’s immediately going to the top.

He gets introduced to an FSB agent by the name Edward Benerskaya. Now, Benerskaya is believed to, he could have been a mentor for Aqua in terms of just dealing with, I suppose, Russian political life.

No, these two grow very close. Later on, in fact Aqua marries Benerskaya’s daughter. So he introduced him to the family. These guys are toys. And so Aqua really under the direction of, and with the funding of the FSB phones, EvilCore this international cyber crime crew, they’re based out of Moscow Aqua has insane plans for EvilCore. It’s plans like this why you need device-level security.

He wants to take Zeus, remodel it and make it better. And so they do. They invent something called DroidX, which is built on the bones of Zeus. Zeus at this point, you don’t see a lot of Zeus infections that much anymore because people are figuring it out. There’s unlockers for it. This always happens with malware.

In the lifespan of malware, it’ll get stalled by white hat hackers, the cybersecurity experts. And then something new will appear. DroidX is this new piece of malware. It had much greater obfuscation methods and it was also distributed by phishing. Thanks for watching. But here’s, here’s the thing, right?

Brad Hawkins: So, so, Patrick, you said distributed by phishing. Yeah. Can you give a quick explanation of that?

Patrick McMurphy: Yeah. So we’ll say I’m a hacker. I send, I have a list of business leader emails. I send them all an email with the links in at, Hey, you need to see this quickly. It’s about the company’s finances. They click on it and they’re suddenly, you know, it’s a fake login page, or again, it could be a download again.

But effectively, you’re just trying to convince anyone who will read your email that they need to click on this link. There is another type called spear phishing, where I deliberately target someone in a company, like I might look at Brad’s CEO of SaferNet, so I get Brad’s email specifically. I might write to Brad, pretending to be SaferNet’s accountant, and say, Brad, you need to look at this, you need to look at this for, you know, our finances for the next 12 months.

Such and such a thing, but it’s all just a ploy to get you to click a link to either get your account information or deliver another virus on your system.

Brad Hawkins: Yeah, I’ve, I’ve, I’ve seen some of those phishing emails and it’s just absolutely amazing how enticing it is to, to, to click on them. I, I, I got one

from my electric company and, and, and I’m like, Gosh, I need to do something on my account and and I work in this field and I click on it and I get this SaferNet window saying I don’t think you want to do that.

And so It stops you right in the middle of it But it was it’s absolutely amazing how easy it is to click and to get Sucked into those phishing emails, but yeah.

Jim Brangenberg: You guys just solved a problem for me. I’ve got an 89 year old mother Who, when she sees a link, she thinks that is the prettiest thing in the world.

She has to click on that link. I have to do this. We need to put SaferNet on every elderly person’s computer to save them. From clicking on pretty links because my father in law who is now with the Lord, he he was clicking on every link. I mean, he actually answered the phone when people said, Hey, I’m calling from Microsoft.

We need to update your antivirus. He would talk to those people. This is fantastic. This is great. But I was thinking, Patrick, that this is like this, this Yakubets thing that this whole aqua guy. This is like the next episode of Austin powers and his. This is some powers where we should actually submit this to Hollywood. Well, once they get off strike. All right. So, so, so this ride X thing,

Patrick McMurphy: I do want to add about trade X as well. So it was delivered mostly by fishing. However, Aqua was concerned that people would get educated about fishing attacks. He did not need to be concerned about that because it’s still happening, even with device-level security.

People get fished every single day. It can happen to anyone. So what he does, he also distributes it through what is what are called Microsoft Word macros. And it was called Microsoft Word, but it, it applies to Excel and just that general suite of products. And what that is, it’s, it’s the one attack where there is actually zero defense for except education.

So what happens, it’s, it’ll start like a phishing attack. I could be the accountant talking to a CEO and saying, Hey, look at this document, this Excel spreadsheet. Do the numbers look correct here? And the person opens it, now it’ll just be, it’ll be an attached document and people will see it and think, oh, it’s just Microsoft Word, it’s not necessarily a link, nothing can go wrong.

And they click it, and occasionally if you get kind of corporate level Excel sheets or Word documents, there’ll be an option to enable macros that’ll pop up.

And if you click OK on one of these pop ups, and it’s sent by someone like Aqua, immediately, Right. X’s on your machine, because what happens in the background, the macro that executes is actually a piece of code saying, go to this server, download this and execute it right now.

And the person never knows. They just, they’re looking, they might even be looking at a black document and then, you know, go back to the person. They think who sent it and said, oh, I didn’t send you anything. So the work, the macro attacks are just next level. They’re next level.

Jim Brangenberg: All right. You better finish up the story before I run out of time.

Patrick McMurphy: Yeah, yeah, sure. There’s not a ton left. But, so Aquid, he’s really pushing Tridex. Tridex ends up being found in over 40 countries. Hundreds of millions of dollars worth of theft. That’s why I don’t think he’s stolen 100 million. It’s a lot more. In fact, if you’re in the US now, and you get a Tridex infection you are by law not allowed to engage in transactions with Evil Corp, which really pushes home why device-level security is important.

If they hold your computers for ransom, it’s against the law to pay them. It’s that serious. B have a $5 million bounty on Aqua’s head. So the man definitely cannot leave Russia at all.

Brad Hawkins: Well, it, it could be that he only made the a hundred million because he is having to share the rest with the, the Russian government, though

Patrick McMurphy: it’s a strong possibility.

But I mean, if you look at his day-today life, so you know, he did marry this FSB agent, daughter, their wedding was the best day for Russian cyber crime. Who’s who? Top most wanted cybercriminals, lot of FSB agents, politician, wedding itself costs over 300, 000. So he’s definitely, there’s definitely money coming from somewhere.

Furthermore, he he drives a 200 or 200, 000 Lamborghini. around Moscow with the words B. O. P. on the side, which is Russian for Thief. So he’s very proud of what he does. There’s videos of the cops stopping him, and then they realize who it is, and they’re just having a laugh with him. And he’s doing donuts around Moscow.

The guy’s above the law in Moscow. He’s basically immune, because he’s now functionally immune. Not only just an FSB agent, but the FSB golden boy when it comes to computer hacking. Wow. But yeah, he’s still at large. Like I said, if he leaves Russia, he probably has about 50 FBI task forces waiting for him.

But I think he’s pretty happy in his mansion hacking the world. So, that’s Maxim Yakovets, Aqua.

Brad Hawkins: Wow, that’s amazing.

Jim Brangenberg: So let me just ask, I’m a simple guy, and so, if an email gets sent to me and I don’t do anything with it and I just delete it, I’m okay, right?

Patrick McMurphy: If you delete it, yeah, but I would do some bit of digital hygiene you know, a lot of these emails can just be sent out on a blast.

You could just be a random target. But if I did get an email, I would still, you know, check my accounts, has there been any unusual, check all my accounts, has there been unusual activity? Am I actually being targeted, or am I just a random a random target, you know?

Jim Brangenberg: So, brad, can, if I’m getting an email and it’s got naughty stuff on it, is SaferNet helping me out there?

Brad Hawkins: Oh, oh, totally. You know, what we’re doing is we’re, we’re locking down that computer so that it doesn’t reach out to places that we know that are bad locations. So, if you click on a link that, that we know that is a location that you don’t want to go, even if the web, even if the the email page looks like, Something you’ve seen a hundred times from companies that you work with.

If that link takes you to a wrong location we’re going to stop it. And you’re, you’re going to have to go through a lot of hoops to get to that, that location. And we’ve, we’ve actually had clients that have done that turnoff SaferNet. And, and because they know that they’re supposed to go there.

And, and have regretted that move. But the, the reality is, is that we’re, we’re trying to silo your work into the locations that we know that are good.

Jim Brangenberg: It’s amazing. Anybody that’s ever had a ransomware attack from our buddies over there in Russia, it’s painful because if you don’t have a

great backup. You’re paying, you’re paying a ransom in order to get your computer. You’re a host.

Patrick McMurphy: It’s either that or you’re throwing the computer out the window, you know, it’s, it’s a bad deal.

Jim Brangenberg: So Patrick, I love that you brought the story of Aqua and I, just the awareness of where did this all come from? It’s sad that there are people out there in the world that this is what they’re doing, but we now understand more how Russia.

I mean, they are known as the number one hackers in the world because they’ve got nothing else better to do because they destroyed their economy. So this is one of the ways to get to do it. And we’re talking about it.

Patrick McMurphy: And I mean, a lot of these guys, you know, we haven’t heard anything, maybe in the last two years from them. And that’s, I mean, a lot of these guys now probably employed in their current war in Russia. And they’re, you know, they’re, they’re doing diver warfare as opposed to actually targeting us corporations for, for a few years. Anyway, you know, boss. They’re still out there the whole time, man. You know, it’s, it’s crazy, which is why cybersecurity as a whole and device-level security is important.

Jim Brangenberg: It is crazy, but it’s good to know that SaferNet’s there to back us up because this is a, this is a great thing. Love the fact that you’re bringing these stories to us. Can’t wait for the next episode. Just remember you heard it here, the internet and everything digital. Can have a dark side with many dark players.

It’s why you need SaferNet by your side. Thanks to SaferNet for supporting our efforts to bring these stories to your ears and giving them the exposure that they need, please, for your own safety and security of those you love and those you work with, check out SaferNet. com SaferNet. com. And get secured today. Till next time click only on the attachments you trust from those you trust and delete the rest, or you may become the next victim of a digital desperado.

Outro: This episode of the digital desperados podcast is brought to you by SaferNet VPN found online at SaferNet. com.

Calling all entrepreneurs and parents. Protecting those we love on the internet is important. Safeguard your ventures and loved ones with SaferNet VPN. Our cybersecurity app keeps you safe on any device.

Shield your business from cyber threats while ensuring a family friendly online environment. Simplify your digital life with SaferNet VPN today. Get secured now. Sign up at SaferNet. com. That’s SaferNet. com.”

As we conclude today’s insightful journey with the Digital Desperados podcast, let’s reflect on the critical takeaway: the importance of device-level security in our interconnected era. SaferNet VPN isn’t just a tool; it’s your digital bodyguard, vigilantly securing every device you own—from smartphones to laptops. It’s the armor in your arsenal against cyber threats, ensuring that your online environment remains uncompromised. With SaferNet VPN, you’re not just using a service; you’re embracing a comprehensive security strategy designed to protect at the device level, where the battle against cyber risks is often won or lost. So, equip your digital life with SaferNet VPN, and move forward with the confidence that comes from knowing you’re protected at every turn. Visit SaferNet.com now and take the definitive step towards complete device-level security. Secure your peace of mind today, because in the digital world, safety isn’t just a feature—it’s a promise.