You could buy literally whatever else you wanted. You could host things. - Drugs. - Drugs. You could buy heroin right from Afghanistan, the good stuff. Hacking tools, you could hack for hire. You could buy murders for hire. - The following is a conversation with Chris Tarbell, a former FBI special agent and cyber crime specialist who tracked down and arrested Russ Ulbricht, the leader of Silk Road, the billion dollar drug marketplace.
And he tracked down and arrested Hector Monsegur, AKA Sabu, of LulzSec and Anonymous, which are some of the most influential hacker groups in history. He is co-founder of Naxo, a complex cyber crime investigation firm, and is a co-host of a podcast called The Hacker and the Fed. This conversation gives the perspective of the FBI cyber crime investigator, both the technical and the human story.
I would also like to interview people on the other side, the cyber criminals who have been caught, and perhaps the cyber criminals who have not been caught and are still out there. This is the Alex Friedman Podcast. To support it, please check out our sponsors in the description. And now, dear friends, here's Chris Tarbell.
You are one of the most successful cybersecurity law enforcement agents of all time. You tracked and brought down Russ Ulbricht, AKA Dread Pirate Roberts, who ran Silk Road, and Sabu of LulzSec and Anonymous, who was one of the most influential hackers in the world. So first, can you tell me the story of tracking down Russ Ulbricht and Silk Road?
Let's start from the very beginning. And maybe let's start by explaining what is the Silk Road. - It was really the first dark market website. You literally could buy anything there. Well, I'll take that back. There's two things you couldn't buy there. You couldn't buy guns, because that was a different website, and you couldn't buy fake degrees.
So no one could become a doctor, but you could buy literally whatever else you wanted. You could- - Drugs. - Host things, drugs. You could buy heroin right from Afghanistan, the good stuff. Hacking tools, you could hack for hire. You could buy murders for hire if you wanted someone killed.
Now, so when I was an FBI agent, I had to kind of sell some of these cases, and this was a big drug case. That's the way people saw Silk Road. So internally to the FBI, how I had to sell it, I had to find the worst thing on there that I could possibly find.
And I think one time I saw a posting for baby parts. So let's say that you had a young child and that needed a liver. You could literally go on there and ask for a six-month-old liver if you wanted to. - For like surgical operations versus something darker. - Yeah, I'd never saw anything that dark as far as people that wanted to eat body parts.
I did interview a cannibal once when I was in the FBI. That's another crazy story, but that one actually weirded me out. - So I just watched Jeffrey Dahmer document on Netflix, and it just changed the way I see human beings because it's a portrayal of a normal-looking person doing really dark things, and doing so not out of a place of insanity, seemingly, but just because he has almost like a fetish for that kind of thing.
It's disturbing that people like that are out there. So people like that would then be using Silk Road, not like that necessarily, but people of different walks of life would be using Silk Road to primarily, what was the primary thing, drugs? - It was primarily drugs, and that's the way it started.
It started off with Ross Ulbricht growing mushrooms out in the wilderness of California and selling them. But really his was more of a libertarian viewpoint. I mean, it was like you choose what you wanna do for yourself and do it. And the way Silk Road kind of had the anonymity is it used what's called Tor, the Onion Router, which is an anonymizing function on the deep web.
It was actually invented by the US Navy back in the mid '90s or so, but it also used cryptocurrency. So it was the first time that we saw this birth on the internet of mixing cryptocurrency and an IP-blocking software. So in cybercrime, you go after, one, the IP address and trace it through the network, or two, you go after the cache, and this one kind of blocked both.
- Cache meaning the flow of money, physical or digital, and then IP is some kind of identifying thing of the computer. - It's your telephone number on your computer. So yeah, all computers have a unique four-octet numbers. So 123.123.123.123. And the computer uses DNS or domain name services to render that name.
So if you were looking for CNN.com, your computer then translates that to that IP address or that telephone number where it can find that information. - Didn't Silk Road used to have guns in the beginning? Or was that considered to have guns? Or did it naturally emerge and then Russ realized like, this is not good?
- It went back and forth. I think there were guns on there and he tried to police it. He told himself that they're the captain of the boat, so you had to follow his rules. So I think he took off those posts eventually and moved guns elsewhere. - What was the system of censorship that he used of selecting what is okay and not okay?
I mean-- - Him alone. He's the captain of the boat. - Do you know by chance if there was a lot of debates and criticisms internally amongst the criminals of what is and isn't allowed? I mean, it's interesting to see a totally different moral code emerge that's outside the legal code of society.
- We did get the server and was able to read all of the chat logs that happened. I mean, all the records were there. I don't remember big debates. I mean, there was a clear leadership and that was the final decision. That was the CEO of Silk Road. - And so primarily it was drugs and primarily out of an ideology of freedom, which is if you want to use drugs, you should be able to use drugs.
- You should put into your body what you wanna put in your body. - And when you were presenting the case of why this should be investigated, you're trying to find, as you mentioned, the worst possible things on there. Is that what you were saying? - So we had arrested a guy named Jeremy Hammond and he hit himself.
He was a hacker and when we arrested him, it was the second time he had been arrested for hacking. He used TOR. And so that kind of brought us to a point. The FBI has a computer system where you look up things. You look up anything. I could look up your name or whatever if you're associated with my case.
And we were finding at the time a lot of things in, you look it up, a case would end. Be like, oh, this is TOR. It just stopped. Like we couldn't get any further. So we had just had this big arrest of Sabu and took down Anonymous. And sometimes in the FBI, the way it used, the old school FBI, when you had a big case and you're working seven days a week and 14 hours, 15 hours a day, you sort of take a break.
The boss kind of said, yeah, I'll see you in a few months. Go get to know your family a little bit and come back. But the group of guys I was with was like, let's find the next big challenge. And that's when we were finding case closed, it was TOR.
Case closed, it was TOR. So said, let's take a look at TOR and let's see what we can do. Maybe we'll take a different approach. And Silk Road was being looked at by other law enforcement, but it was taking like a drug approach where I'm going to find a drug buyer who got the drug sent to them in the mail and let's arrest up, let's go up the chain.
But the buyers didn't know their dealers. They never met them. - And so you were taking a cyber security approach. - Yeah, we said, let's try to look at this from a cyber approach and see if we can gleam anything out of it. - So I'm actually indirectly connected to, I'm sure I'm not admitting anything that's not already on my FBI file.
- Oh, I can already tell you what you're gonna tell me though. - What's that? - That when you were at college, you wrote a paper and you're connected to the person that started. - You son of a bitch. You clever son of a bitch. - I'm an FBI agent or a former FBI agent.
How would I not have already known that? - No, but I could have told you other stuff. - No, that's exactly what you were about to tell me. - I was looking up his name 'cause I forgot it. So one of my advisors for my PhD was Rachel Greenstadt and she is married to Roger Dingle Dine, which is the co-founder of the Tor Project.
And I actually reached out to him last night to do a podcast together. I don't know. (laughing) No, it was a good party trick. I mean, it's cool that you know this and the timing of it, it was just like beautiful. But just to link around on the Tor Project, so we understand, so Tor is this black box that people disappear in, in terms of like when you were tracking people.
Can you paint a picture of what Tor is used in general? Other, it's like when you talk about Bitcoin, for example, cryptocurrency, especially today, much more people use it for legal activity versus illegal activity. What about Tor? - Tor was originally invented by the US Navy so that like spies inside countries could talk to spies and no one could find them.
There was no way of tracing them. And then they released that information free to the world. So Tor has two different versions of, versions, two different ways it can be utilized. There's .onionsites, which is like a normal website, a .com, but it's only found within the Tor browser. You can only get there if you know the whole address and get there.
The other way Tor is used is to go through the internet and then come out the other side if you want a different IP address. If you're trying to hide your identity. So if you were doing like, say, cyber crime, I would have the victim computer and I would trace it back out to a Tor relay.
And then because you don't have an active connection or what's called a circuit at the time, I wouldn't be able to trace it back. But even if you had an active circuit, I would have to go to each machine physically live and try to rebuild that, which is literally impossible.
- So what do you feel about Tor, ethically, philosophically, as a human being on this world that spent quite a few years of your life and still trying to protect people? - So part of my time in the FBI was working on child exploitation, kiddie porn, as they call it.
That really changed my life in a way. And so anything that helps facilitate the exploitation of children fucking pisses me off. And that sort of jaded my opinion towards Tor because that, because it helps facilitate those sites. - So this ideal of freedom that Russell Albrecht, for example, tried to embody is something that you don't connect with anymore because of what you've seen that ideal being used for.
- I mean, the child exploitation is the specific example for it. You know, and it's easy for me to sit here and say child exploitation, child porn, 'cause no one listening to this is ever gonna say that I'm wrong and that we should allow child porn. Should, because some people utilize it in a bad way, should it go away?
No, I mean, I'm a technologist. I want technology to move forward. People are gonna do bad things and they're going to use technology to help them do bad things. - Well, let me ask you then, oh, we'll jump around a little bit, but the things you were able to do in tracking down information, and we'll get to it, there is some suspicion that this was only possible with mass surveillance, like with NSA, for example.
First of all, is there any truth to that? And second of all, what do you feel are the pros and cons of mass surveillance? - There is no truth to that. And then my feelings on mass surveillance-- - If there was, would you tell me? - Probably not. - Yeah.
(laughs) I love this conversation so much. But what do you feel about the, given that you said child porn, what are the pros and cons of surveillance at a society level? - I mean, nobody wants to give up their privacy. I say that, I say no one wants to give up their privacy, but I mean, I used to have to get a search warrant to look inside your house, or I can just log onto your Facebook and you've got pictures of all inside your house and what's going on.
I mean, it's not, you know, so people like the idea of not giving up their privacy, but they do it anyways. They're giving away their freedoms all the time. They're carrying watches that gives out their heartbeat to a weight of companies that are storing that. I mean, what's more personal than your heartbeat?
- So I think people on mass really want to protect their privacy. And I would say most people don't really need to protect their privacy. But the case against mass surveillance is that if you want to criticize the government in a very difficult time, you should be able to do it.
So when you need the freedom, you should have it. So when you wake up one day and realize there's something going wrong with the country I love, I want to be able to help. And one of the great things about the United States of America is there's that individual revolutionary spirit, like so that the government doesn't become too powerful.
You can always protest. There's always the best of the ideal of freedom of speech. You can always say, "Fuck you," to the man. And I think there's a concern of direct or indirect suppression of that through mass surveillance. You might not, is that little subtle fear that grows with time, that why bother criticizing the government?
It's gonna be a headache. I'm gonna get a ticket every time I say something bad, that kind of thing. So it can get out of hand. The bureaucracy grows and the freedoms slip away. That's the criticism. - I completely see your point and I agree with it. But on the other side, people criticize the government of these freedoms, but tech companies talk about destroying your privacy and controlling what you can say.
I realize they're private platforms and they can decide what's on their platform, but they're taking away your freedoms of what you can say. And we've heard some things where maybe government officials were in line with tech companies to take away some of that freedom. And I agree with you.
That gets scary. - Yeah, there's something about government that feels, maybe because of the history of human civilization, maybe because tech companies are a new thing, but just knowing the history of abuses of government, there's something about government that enables the corrupting nature of power to take hold at scale more than tech companies, at least what we've seen so far.
- I agree, I agree. But I mean, we haven't had a voice like we've had until recently. I mean, anyone that has a Twitter account now can speak and become a news article. My parents didn't have that voice. If they wanted to speak out against the government or do something, they had to go to a protest or organize a protest or do something along those lines.
So we have more of a place to put our voice out now. - Yeah, it's incredible, but that's why it hurts. And that's why you notice it when certain voices get removed. The president of the United States of America was removed from one such or all such platforms. And that hurts.
- Yeah, that's crazy to me. That's insane. That's insane that we took that away. - But let's return to Silk Road and Russ Elbrecht. So how did your path with this very difficult, very fascinating case cross? - We were looking to open a case against Tory because it was a problem.
All the cases were closing because Tory. So we went on Tory and we came up with 26 different onion, dot onions that we targeted. We were looking for nexuses to hacking 'cause I was on a squad called CY2 and we were like the premier squad in New York that was working criminal cyber intrusions.
And so, any website that was offering hackers for hire or hacking tools for free or paid services, now we're seeing ransomware as a paid service and phishing as a paid service, anything that offered that. So we opened this case on, I think we called it, so you have to name cases.
One of the fun thing in the FBI is when you start a case, you get to name it. You would not believe how much time is spent in coming up with the name. Case goes by. I think we called this Onion Peeler because of the, yeah. - So a little bit of humor, a little bit of wit and some profundity to the language, yeah, yeah.
- Yeah. - 'Cause you're gonna have to work with this for quite a lot, so. - Yeah, this one had the potential of being a big one because I think Silk Road was like the sixth on the list for that case, but we all knew that was sort of the golden ring.
If you could make the splash that that onion site was going down, then it would probably get some publicity. And that's part of law enforcement is getting some publicity out of it that makes others think not to do it. - I wish to say that Tor is the name of the project, the browser.
What is the onion technology behind Tor? - Let's say you wanna go to a .onion site. You'll put in the .onion you wanna go to and your computer will build communications with a Tor relay, which are all publicly available out there. But you'll encrypt it. You'll put a package around your data.
And so it's encrypted and so can't read it. It goes to that first relay. That first relay knows about you and then knows about the next relay down the chain. And so it takes your data and then encrypts that on the outside and sends it to the relay number two.
Now, relay number two only knows about relay number one. It doesn't know who you are asking for this. And it goes through there, adding those layers on top, layers of encryption till it gets to where it is. And then even the onion service doesn't know, except for the relay it came from, who it's talking to.
And so it peels back that, gives the information, puts another layer back on. And so it's layers, like you're peeling an onion back of the different relays and that encryption protects who the sender is and what information they're sending. - The more layers there are, the more exponentially difficult it is to decrypt it.
- I mean, you get to a place where you don't have to have so many layers because it doesn't matter anymore. It's mathematically impossible to decrypt it. But the more relays you have, the slower it is. I mean, that's one of the big drawbacks on Tor is how slow it operates.
- So how do you peel the onion? So what are the different methodologies for trying to get some information from a cybersecurity perspective on these operations like the Silk Road? - It's very difficult. People have come up with different techniques. There's been techniques to put out in the news media about how they do it, running massive amounts of relays and you're controlling those relays.
I think somebody tried that once. - So there's a technical solution. And what about social engineering? What about trying to infiltrate the actual humans that are using the Silk Road and trying to get in that way? - Yeah, I mean, I definitely could see the way of doing that and in this case, in our takedown, we used that.
There was one of my partners, Jared Darragon, he was an HSI investigator and he had worked his way up to be a system admin on the site. So that did gleam quite a bit of information because he was inside and talking to, at that time, we only know it as DPR or Dread Pirate Roberts.
We didn't know who that was yet, but we had that open communication. And one of the things, the technical aspects on that is there was a Jabber server. There was, that's a type of communication server that was being used and we knew that Ross had his Jabber set to Pacific time.
So we had a pretty good idea what part of the country he was in. - I mean, isn't that, from DPR's perspective, from Russ's perspective, isn't that clumsy? - He wasn't a big computer guy. - Do you notice that aspect of the technical savvy of some of these guys doesn't seem to be quite, why weren't they good at this?
- Well, the real techie savvy ones, we don't arrest. We don't get to 'em, we don't find 'em. - We don't get to them. Shout out to the techie criminals. They're probably watching this. - I mean, yeah, I mean, we're getting the low-hanging fruit. I mean, we're getting the ones that can be caught.
I mean, I'm sure we'll talk about it, but the anonymous case, there was a guy named AV Unit. He's still, I lose sleep over him 'cause we didn't catch him. We caught everybody else, we didn't catch him. He's good, though. He pops up, too, once in a while on the internet, and it pisses me off.
- Yeah, what's his name again? - AV Unit, that's all I know, is his AV Unit. - AV Unit. - Yeah, I got a funny story about him and who people think he is. - Can I actually, can we go on that brief tangent? - Sure, I love tangents.
- Well, let me ask you, since he's probably he or she, do we know it's a he? - We have no idea. - Okay. - Another funny story about hackers, the he/she issue. - What's the funny story there? - Well, one of the guys in LULSEC was a she, was a 17-year-old girl.
And my source in the case, the guy, Sabu, that I arrested and part of, we sat side by side for nine months and then took down the case and all that. He was convinced she was a girl, and he was in love with her almost at one point. It turns out to be a 35-year-old guy living in England.
- Oh, so he was convinced it was a... - Yes, he was absolutely convinced. - Based on what exactly? By a linguistic, human-based linguistic analysis or what? - She, he, whatever, Kayla, so it ended up being a modification of his sister's name, the real guy's sister's name, was so good at building the backstory.
All these guys, and it's funny, these guys are part of a hacking crew. They social engineer the shit out of each other just to build, if one of them ever gets caught, they'll convince the everybody else that they're a Brazilian ISP owner or something like that, and that's how I'm so powerful.
- Well, yeah, that social engineering aspect is part of living a life of cyber crime or cybersecurity on the offensive or defensive. So AV unit, can I ask you also just a tangent of a tangent first? - That's my favorite tangent. - Okay. Is it possible for me to have a podcast conversation with somebody who hasn't been caught yet, and because they have the conversation, they still won't be caught?
And is that a good idea? Meaning, is there a safe way for a criminal to talk to me on a podcast? - I would think so. I would think that someone could, I mean, someone who has been living a double life for long enough, where you think they're not a criminal.
- No, no, no, they would have to admit that they would say I am AV unit. - Oh, you would wanna have a conversation with AV unit? - Yes. I'm just speaking from an FBI perspective, technically speaking, 'cause I, so let me explain my motivation. I think I would like to be able to talk to people from all walks of life and understanding criminals, understanding their mind, I think is very important.
And I think there's fundamentally something different between a criminal who's still active versus one that's been caught. The mind, just from observing it, changes completely once you're caught. You have a big shift in your understanding of the world. I mean, I do have a question about the ethics of having such conversations, but first, technically, is it possible?
- If I was technically advising you, I would say, first off, don't advertise it. The fewer people that you're gonna tell that you're having this conversation with, the better. And yeah, you could, are you doing it in person? Are you doing it-- - In person would be amazing, yeah, but their face would not be shown.
- Face would not be shown, yeah. I mean, you couldn't publish the show for a while. They'd have to put a lot of trust in you that you are not going to, you're gonna have to alter those tapes. I say tapes 'cause it's old school, the opt-out, you know.
- It's a tape. - Exactly, I'm sure a lot of people just said that, like, oh shit, this old guy just said tape. - I heard it, VHS was in the 1800s, I think. - But yeah, yeah, you could do it. They'd have to have complete faith and trust in you that you destroy the originals after you've altered it.
- What about if they don't have faith? Is there a way for them to attain security? So like for me to go through some kind of process where I meet them somewhere where-- - I mean, you're not gonna do it without a bag over your head. I don't know if that's the life you wanna live.
- I'm fine with a bag over my head. That's gonna get taken out of context. But I just, I think it's a worthy effort. It's worthy to go through the hardship of that to understand the mind of somebody. I think fundamentally conversations are a different thing than the operation of law enforcement.
Understanding the mind of a criminal, I think, is really important. - I don't know if you're gonna have the honest conversation that you're looking for. I mean, it may sound honest, but it may not be the truth. I found most times when I was talking to criminals, it's lies mixed with half-truths.
And you kinda, if they're good, they can keep that story going for long enough. If they're not, you kind of see the relief in them when you finally break that wall down. - That's the job of an interviewer. If the interviewer is good, then perhaps not directly, but through the gaps, seeps out the truth of the human being.
So not necessarily the details of how they do the operations and so on, but just who they are as a human being, what their motivations are, what their ethics are, how they see the world, what is good, what is evil, do they see themselves as good? What do they see their motivation as?
Do they have resentment? What do they think about love for the people within their small community? Do they have resentment for the government or for other nations or for other people? Do they have childhood issues that led to a different view of the world than others perhaps have? Do they have certain fetishes, like sexual and otherwise, that led to the construction of the world?
They might be able to reveal some deep flaws to the cybersecurity infrastructure of our world, not in detail, but like philosophically speaking. They might have, I know you might say it's just a narrative, but they might have a kind of ethical concern for the well-being of the world, that they're essentially attacking the weakness of the cybersecurity infrastructure because they believe ultimately that would lead to a safer world.
So the attacks will reveal the weaknesses. And if they're stealing a bunch of money, that's okay, because that's gonna enforce you to invest a lot more money in defending, yeah, defending things that actually matter, you know, nuclear warheads and all those kinds of things. I mean, I could see, you know, it's fascinating to explore the mind of a human being like that because I think it will help people understand.
Now, of course, it's still a person that's creating a lot of suffering in the world, which is a problem. So do you think ethically it's a good thing to do? - I don't, I mean, I feel like I have a fairly high ethical bar that I have to put myself on, and I don't think I have a problem with it.
I would love to listen to it. - Okay, great. - I mean, not that I'm your ethical coach or anything. - Well, that's interesting, I mean, so 'cause I thought you would have become jaded and exhausted by the criminal mind. - It's funny, you know, fast forward in our story, I'm very good friends with Hector Monserrate, the sabu, the guy I arrested, and he tells stories of what he did in his past, and I'm like, oh, that Hector, you know?
But then I listened to your episode with Brett Johnson, and I was like, ah, this guy's stealing money from the US government and welfare fraud and all this sort of thing, it just pissed me off. And I don't know why I have that differentiation in my head. I don't know why I think one's just, oh, Hector will be Hector, and then this guy just pissed me off.
- Well, you didn't feel that way about Hector until you probably met him. - Well, I didn't know Hector, I knew sabu. So I hunted down sabu, and I learned about Hector over those nine months. - We'll talk about a little, let's finish with, let's return tangent to back to tangent.
Oh, one tangent up, who's AV unit? - I don't know. - That's interesting. So he's at the core of Anonymous, he's one of the critical people in Anonymous. What is known about him? - There's what's known in public and what was known because I sat with Hector, and he was sort of like the set things up guy.
So if, LulzSec had like their hackers, which was sabu and Kayla, and they had their media guy, this guy Topiary, he lived up in the Northern end of England. And they had a few other guys, but AV unit was the guy that set up infrastructure. So if you need a VPN in Brazil or something like that to pop through.
One of the first things Hector told me after we arrested him is that AV unit was a secret service agent. And I was like, oh shit. Just because he kind of lived that lifestyle. He'd be around for a bunch of days and then all of a sudden gone for three weeks.
And I tried to get more out of Hector and that early on in that relationship, I'm sure he was a little bit guarded, maybe trying to social engineer me. Maybe he wanted that, oh shit, there's law enforcement involved in this. And not to say, I mean, I was in over my head with that case, just the amount of work that was going on.
So to track them all down, plus the 350 hacks that came in about just military institutions, it was swimming in the deep end. So it was just at the end of the case, I looked back and I was like, oh fuck, AV unit, I could have had them all.
Maybe that's the perfectionist in me. - Oh man, well, reach out somehow. I can't, I won't say how, right? We'll have to figure out. - Would you have him on? - Yeah. - Oh my God, just let me know. - And just talk shit about you the whole time.
- That's perfect. He probably doesn't even care about me. - Well, now he will. Because there's a certain pleasure of a guy who's extremely good at his job, not catching another guy who's extremely good at his job. - Obviously better, he got away. - There you go, he's still eating at you, I love it.
He or she. - If I can meet that guy one day, he or she, that'd be great. I mean, I have no power. - So yes, Silk Road, can you speak to the scale of this thing? What, just for people who are not familiar, how big was it? And any other interesting things you understand about its operation when it was active?
- So it was when we finally got looking through the books and the numbers came out, it was about $1.2 billion in sales. It's kind of hard with the fluctuation value of Bitcoin at the time to come up with a real number. So you kind of pick a daily average and go across.
- Most of the operation was done in Bitcoin. - It was all done in Bitcoin. You couldn't, you had escrow accounts on, you came in and you put money in an escrow account and the transaction wasn't done until the client got the drugs or whatever they had bought. And then the drug dealers had sent it in.
There was some talk at the time that the cartel was starting to sell on there. So that started getting a little hairy there at the end. - What was the understanding of the relationship between organized crime like the cartels and this kind of more ad hoc new age market that is the Silk Road?
- I mean, it was all just chatter. It was just, 'cause like I said, Jared was in the inside. So we saw some of it from the admin sides and Ross had a lot of private conversations with the different people that he advised him, but no one knew each other.
And I mean, the only thing that they knew were the admins had to send an ID to Ross, had to send a picture of their driver's license or passport, which I always found very strange because if you are an admin on a site that sells fake IDs, why would you send your real ID?
And then why would the guy running the site who profits from selling fake IDs believe that it was? But fast forward, they were all real IDs. All the IDs that we found on Ross's computer as the admins were the real people's IDs. - What do you make of that?
Just other clumsiness? - Yeah, low hanging fruit, I guess. I guess that's what it is. I mean, I would have bought, I mean, even Ross bought fake IDs off the site. He had federal agents knock on his door. You know, and then he got a little cocky about it.
- The landscape, the dynamics of trust is fascinating here. So you trust certain ideas are, like who do you trust in that kind of market? What was your understanding of the network of trust? - I don't think anyone trusts anybody, you know? I mean, I think Ross had his advisors of trust, but outside of that, I mean, he required people to send their ID for their trust.
People stole from him. There's open cases of that. It's a criminal world. You can't trust anybody. - What was his life like, you think? - Lonely. Can you imagine being trapped in something like that where the whole world focused on that and you can't tell people what you do all day?
- Could he have walked away? - Like someone else take over or the site just shut down? - Either one. Just you putting yourself in his shoes, the loneliness, the anxiety, the just the growing immensity of it. So walk away with some kind of financial stability. - I couldn't have made it past two days.
I don't like loneliness. I mean, if my wife's away, I'd probably call her 10, 12 times a day. We just talk about things. You know, something crossed my mind. I want to talk about it. And I'm sure she-- - And you'd like to talk to her honestly about everything.
So if you were running so crowded, you wouldn't be able to like-- - Hopefully I'd have a little protection. I'd only mention to her when we were in bed to have that marital connection. But who knows? I mean, she's gonna question why the Ferrari is outside and things like that.
- Yeah. Well, I'm sure you can come up with something. Why didn't he walk away? It's another question of why don't criminals walk away in these situations? - Well, I mean, I don't know every criminal mind and some do. I mean, A.V. Unit walked away. I mean, not to go back to that son of a bitch, but-- (laughing) - There's a theme to this.
- But you know, Ross started counting his dollars. I mean, he really kept track of how much money he was making and it started getting exponentially growth. I mean, if he would have stayed at it, he would have probably been one of the richest people in the world. - And do you think he liked the actual money or the fact of the number growing?
- I mean, have you ever held a Bitcoin? - Yeah. - Oh, you have? Well, he never did. - What do you mean held a Bitcoin? - You can't hold it. It's not real. It's not like I can give you a briefcase of Bitcoin or something like that. He liked the idea of it growing.
He liked the idea. I mean, I think it started off as sharing this idea, but then he really did turn to, like I am the captain of this ship and that's what goes and he was making a lot of money. And again, my interaction with Ross was about maybe five or six hours over a two day period.
I knew DPR 'cause I read his words and all that. I didn't really know Ross. There was a journal found on his computer and so it sort of kind of gave me a little insight. So I don't like to do a playbook for criminals, but I'll tell you right now, don't write things down.
There was a big fad about people, like remember kids going around shooting people with paint balls and filming it? I don't know why you would do that. Why would you videotape yourself committing crime and then publish it? Like if there's one thing I've taught my children, don't record yourself doing bad things.
It never goes well. - And you actually give advice on the other end of logs being very useful for the defense perspective for information is useful for being with people for being able to figure out what the attacks were all about - Logs are the only reason I found Hector Monsegor.
I mean, the one time his VPN dropped during a Fox hack and he says he did, it wasn't even hacking. He just was sent a link and he clicked on it. And in 10 million lines of logs, there was one IP address that stuck out. - This is fascinating.
We'll explore several angles of that. So what was the process of bringing down Ross and the Silk Road? - All right, so that's a long story. You want the whole thing or you want to break it up? - Let's start at the beginning. - Once we had the information of the chat logs and all that from the server, we found-- - What's the server?
What's the chat log? - So the dot onion was running the website, the Silk Road was running on a server in Iceland. - How did you figure that out? That was one of the claims that the NSA. - Yeah, that's the one that we said that, yeah, I wouldn't tell you if it was.
It's on the internet. I mean, the internet has their conspiracy theories and all that, so. - But you figure out, that's the part of the thing you do. It's puzzle pieces and you have to put them together and look for different pieces of information and figure out, okay, so you figure out the server is in Iceland.
- We get a copy of it. And so we started getting clues off of that. - Was it a physical copy of the server? - Yeah, you fly over there. So you go, if you've been to Iceland, if you've never been, you should definitely go to Iceland. - Is it beautiful?
- I love it, I love it. It was what, so I'll tell you this. So, sorry, tangents. - Yeah, I love this, yeah. - So I went to Iceland for the Anonymous case. Then I went to Iceland for the Silk Road case. And I was like, oh shit, all cyber crime goes through Iceland.
It was just my sort of thing. And I was over there for like the third time. And I said, if I ever can bring my family here. Like, so there's a place called Thingavar, and I'm sure I'm fucking up the name. The Icelandics are pissed right now. But it's where the North American continental plate and the European continental plate are pulling apart.
And it's being filled in with volcanic material in the middle. And it's so cool. Like, I was like, one day I'll be able to afford to bring my family here. And once I left-- - Just like the humbling and the beauty of nature. - Just everything, man, it was a different world.
It was insane how great Iceland is. And so we went back and we rented a van and we took friends. And we drove around the entire country. Absolutely, like a beautiful place. Like, Reykjavik's nice, but get out of Reykjavik as quick as you can and see the countryside. - How is this place even real?
- Well, it's so new. I mean, that's, so you know, our rivers have been going through here for millions of years and flattened everything out and all that. These are new, this is new land being carved by these rivers. You can walk behind a waterfall in one place. It's the most beautiful place I've ever been.
- You understand why this is a place where a lot of hacking is being done? - Because the energy is free and it's cool. So you have a lot of servers going on there. Server farms, you know, the energy has come up out of the ground, geothermal. And so, and then it keeps all the servers nice and cool.
So why not keep your computers there at a cheap rate? - I'll definitely visit for several reasons, including to talk to AV Unit. - Yeah, he'll let you there. - Well, the servers are there, but they don't probably live there. I mean, that's interesting. I mean, the Pacific, the PST, the time zones, there's so many fascinating things to explore here.
But so you got-- - Sorry, to add to that, I mean, the European internet cable goes through there. So, you know, across to Greenland and down through Canada and all that. So they have backbone access with cheap energy and free cold weather, you know. - And beautiful. - Oh, and beautiful, yes.
- So chat logs on that server, what was in the chat logs? - Everything, he kept them all. That's another issue. If you're running a criminal enterprise, please don't keep all, again, I'm not making a guidebook of how to commit the perfect crime, but you know, every chat he ever had, and everyone's chat, it was like going into Facebook of criminal activity.
- Yeah, just looking at texts with Elon Musk being part of the conversations. I don't know if you're familiar, but they've been made public for the court cases going through, was going through, is going through, was going through with Twitter. - I don't know where it is. But it made me realize that, oh, okay.
I'm generally, that's my philosophy on life, is like anything I text or email or say, publicly or privately, I should be proud of. So I tried to kind of do that because you basically, you say don't keep chat logs, but it's very difficult to erase chat logs from this world.
I guess if you're a criminal, that should be, like you have to be exceptionally competent at that kind of thing. To erase your footprints is very, very difficult. - Can't make one mistake. All it takes is one mistake of keeping it. But yeah, I mean, not only do you have to be, whatever you put in a chat log or whatever you put in an email it has to hold up and you have to be able to stand behind it publicly when it comes out.
But if it comes out 10 years from now, you have to stand behind it. I mean, we're seeing that now in today's society. - Yeah, but that's a responsibility you have to take really, really seriously. If I was a parent and advising teens, like you kind of have to teach them that.
I know there's a sense like, no, we'll become more accustomed to that kind of thing. But in reality, no, I think in the future we'll still be held responsible for the weird shit we do. - Yeah, a friend of mine, his daughter got kicked out of college because of something she posted in high school and the shittiest thing for him, but great for my kids.
Great lesson, look over there and you don't want that to happen to you. - Yeah, okay. So in the chat logs was a useful information, like breadcrumbs of what, of information that you can then pull out. - Yeah, great evidence and stuff. I mean, obviously-- - Evidence too. - Yeah, a lot of evidence.
Here's a sale of this much heroin because Ross ended up getting charged with czar status on certain things. And it's a certain weight in each type of drug that you had, I think it's four or five employees of your empire and that you made more than $10 million. And so it's just like what the narco track readers get charged with or anybody out of Columbia.
- And that was primarily what he was charged with during when he was arrested is the drug. - Yeah, and he got charged with some of the hacking tools too. - Okay, because he's in prison, what, for-- - Two life sentences plus 40 years. - And no possibility of parole?
- In the federal system, there's no possibility of parole when you have life. The only way you get out is if the president pardons you. - There's always a chance. - There is, I think it was close. I heard rumors it was close. - Well, right, so it depends.
Given, it's fascinating, but given the political, the ideological ideas that he represented and espoused, it's not out of the realm of possibility. - Yeah, I mean, I've been asked before, does he get out of prison first or does Snowden come back into America? I don't know, I have no idea.
- Snowden just became a Russian citizen. - I saw that, and I've heard a lot of weird theories about that one. - Well, actually, on another tangent, let me ask you, do you think Snowden is a good or a bad person? - A bad person. - Can you make the case that he's a bad person?
- There's ways of being a whistleblower, and there's rules set up on how to do that. He didn't follow those rules. I mean, I'm red, white, and blue, so I'm pretty, - So you think his actions were anti-American? - I think the results of his actions were anti-American. I don't know if his actions were anti-American.
- Do you think he could have anticipated the negative consequences of his action? - Yes. - Should we judge him by the consequences or the ideals of the intent of his actions? - I think we all get to judge him based on our own beliefs, but I believe what he did was wrong.
- Can you still mend the case that he's actually a good person and good for this country, for the United States of America, as a flag bearer for the whistleblowers, the check on the power of government? - Yeah, I mean, I'm not big government-type guy, you know, so that sounds weird coming from a government guy for so many years, but there's rules in place for a reason.
I mean, he put some of our best capabilities, he made them publicly available. It really kind of set us back in the, and this isn't my world at all, but the offensive side of cybersecurity. - Right, so he revealed stuff that he didn't need to reveal in order to make the point.
- Correct. - So if you could imagine a world where he leaked stuff that revealed the mass surveillance efforts and not reveal other stuff. Like, is the mass surveillance, I mean, that's the thing that, of course, in the interpretation of that, there's fear-mongering, but at the core, that was a real shock to people that it's possible for a government to collect data at scale.
- It's surprising to me that people are that shocked by it. - Well, there's conspiracies, and then there's like actual evidence that that is happening. I mean, there's a lot of reality that people ignore, but when it hits you in the face, you realize, holy shit, we're living in a new world.
This is the new reality, and we have to deal with that reality. Just like you work in cybersecurity, I think it really hasn't hit most people how fucked we all are in terms of cybersecurity. Okay, let me rephrase that. How many dangers there are in a digital world, how much under attack we all are, and how more intense the attacks are getting, and how difficult the defense is, and how important it is, and how much we should value it, and all the different things we should do at the small and large scale to defend.
Like, most people really haven't woken up. They think about privacy from tech companies. They don't think about attacks, cyber attacks. - People don't think they're a target, and that message definitely has to get out there. I mean, if you have a voice, you're a target. If the place you work, you might be a target.
See, your husband might work at some place, because now people are working from home, so they're gonna target you to get access to his network in order to get in. - Well, in that same way, the idea that the US government or any government could be doing mass surveillance on its citizens is one that was a wake-up call, because you could imagine the ways in which that could be, like, you could abuse the power of that to control a citizenry for political reasons and purposes.
- Absolutely. You know, you could abuse it. I think during, in the part of the Snowden League, saw that two NSA guys were monitoring their girlfriends, and there's rules in place for that. Those people should be punished for abusing that. But how else are we going to hear about, you know, terrorists that are in the country talking about birthday cakes?
And, you know, that was a case where that was the trip word, that, you know, we're gonna go bomb New York City's subway. - Yeah, it's complicated, but it just feels like there should be some balance of transparency. There should be a check in that power. Because, like, you know, in the name of the war on terror, you can sort of sacrifice, there is a trade-off between security and freedom, but it just feels like there's a giant, slippery slope on the sacrificing of freedom in the name of security.
- I hear you. And, you know, we live in a world where, well, I live in a world where I had to tell you exactly when I arrested someone, I had to write a 50-page document of how I arrested you and all the probable cause I have against you and all that.
Well, you know, bad guys are reading that. They're reading how I caught you, and they're changing the way they're doing things. They're changing their MO. You know, they're doing it to be more secure. If we tell people how we're monitoring, how, what we're surveilling, we're gonna lose that. I mean, the terrorists are just gonna go a different way.
And I'm not trying to, again, I'm not big government. I'm not trying to say that, you know, it's cool that we're monitoring, the US government's monitoring everything. You know, big tech's monitoring everything. They're just monetizing it versus possibly using it against you. - But there is a balance. And those 50 pages, they have a lot of value.
They make your job harder, but they prevent you from abusing the power of the job. - Yeah. - There's a balance. - Yeah. - That's a tricky balance. So the chat logs in Iceland give you evidence of the heroin and all the large-scale czar-level drug trading. What else did it give you in terms of the how to catch?
- It gave us an instruction. So the Onion name was actually running on a server in France so if you like, and it only commuted through a back channel of VPN to connect to the Iceland server. There was a Bitcoin vault server that was also in Iceland. And I think that was so that the admins couldn't get into the Bitcoins, the other admins that were hired to work on the site.
So you could get into the site, but you couldn't touch the money. Only Ross had access to that. And then another big mistake on Ross's part is he had the backups for everything at a data center in Philadelphia. Don't put your infrastructure in the United States. I mean, again, let's not make a playbook, but you know.
- Well, I think these are low-hanging fruit that people of competence would know already. - I agree. - But it's interesting that he wasn't competent enough to make, so he was incompetent in certain ways. - Yeah, I don't think he was a mastermind of setting up an infrastructure that would protect his online business because keeping chat logs, keeping a diary, putting infrastructure where it shouldn't be, bad decisions.
- How did you figure out that he's in San Francisco? - So we had that part with Jared that he was on the West Coast, and then-- - Who again is Jared? - Jared Day-Egan, he was a partner. He was a DHS agent, worked for HSI, Homeland Security Investigations in Chicago.
He started his Silk Road investigation because he was working at O'Hare and a weird package came in, come to find out he traced it back to Silk Road. So he started working at a Silk Road investigation long before I started my case, and he made his way up undercover all the way to be an admin on Silk Road.
So he was talking to Ross on a Jabra server, a private Jabra server, private chat communication server. And we noticed that Ross's time zone on that Jabra server was set to the West Coast. So we had Pacific time on there. So we had a region, 1/24 of the world was covered of where we thought he might be.
- And from there, how do you get to San Francisco? - There was another guy, an IRS agent that was part of the team, and he used a powerful tool to find his clue. He used the world of Google. He simply just went back and Googled around for Silk Road at the time it was coming up and found some posts on some help forums that this guy was starting an Onion website and wanted some cryptocurrency help.
And if you could help him, please reach out to ross.albrek@gmail.com. In my world, that's a clue. - Okay, so that's as simple as that. - Yeah, and the name he used on that post was Frosty. - Yeah, so you had to connect Frosty and other uses in Frosty, and here's a Gmail, and the Gmail has the name.
- The Gmail posted that I need help under the name Frosty on this forum. - So what's the connection of Frosty elsewhere? - The person logging into the Philadelphia backup server, the name of the computer was Frosty. Another clue in my world. - And that's it. The name is there, the connection to the Philadelphia server and then to Iceland is there, and so the rest is small details in terms of, or is there interesting details?
- No, I mean, there's some electronic surveillance that find Ross Albrek living in a house, and is there, you know, is a computer at his house attaching to, you know, does it have Tor traffic at the same time that DPR's on? Another big clue. (laughing) - Matching up timeframes?
- Again, just putting your email out there, putting your name out there like that, like what I see from that, just at the scale of that market, what I, it just makes me wonder how many criminals are out there that are not making these low-hanging fruit mistakes and are still successfully operating.
To me, it seems like you could be a criminal, much, it's much easier to be a criminal on the internet. - What else to you is interesting to understand about that case of Ross and Silk Road and just the history of it from your own relationship with it from a cybersecurity perspective, from an ethical perspective, all that kind of stuff.
Like when you look back, what's interesting to you about that case? - I think my views on the case have changed over time. I mean, it was my job back then, so I just looked at it as of, you know, I'm going after this. I sort of made a name for myself in the bureau for the anonymous case, and then this one was just, I mean, this was a bigger deal.
I mean, they flew me down to DC to meet with the director about this case. The president of the United States was gonna announce this case, the arrest. Unfortunately, the government shut down two days before, so it was just us. And that's really the only reason I had any publicity out of it is because the government shut down and the only thing that went public was that affidavit with my signature at the end.
Otherwise, it would have just been the attorney general and the president announcing the rest of this big thing, and you wouldn't have seen me. - Did you understand that this was a big case? - Yeah, I knew at the time. - Was it because of the scale of it or what it stood for?
- I just knew that the public was gonna react in a big way. Like the media was, now, did I think that it was gonna be on the front page of every newspaper the day after the arrest? No, but I could sense it. Like I went like three or four days without sleep.
When I was out in San Francisco to arrest Ross, I had sent three guys to Iceland to... So it was a three-prong approach for the takedown. It was get Ross, get the Bitcoins, and seize the site. Like we didn't want someone else taking control of the site and we wanted that big splash of that banner.
Like, look, the government found this site. Like you might not wanna think about doing this again. So- - And you were able to pull off all three? - Maybe that's my superpower. I'm really good about putting smarter people than I am together on the right things. - It's the only way to do it.
- In the business I formed, that's what I did. I hired only smarter people than me. And I'm not that smart, but smart enough to know who the smart people are. - The team was able to do all three? - Yeah, we were able to get all three done.
Yeah, and the one guy, one of the guys, the main guys I sent to Iceland, man, he was so smart. I sent another guy from the FBI to France to get that part, and he couldn't do it, so the guy in Iceland did it from Iceland. They had to pull some stuff out of memory on a computer.
You know, it's live process stuff. I'm sure you've done that before, but. - I'm sure you did. Look what you're doing. You're, this is like a multi-layer interrogation going on. Was there a concern that somebody else would step in and control the site? - Absolutely. We didn't have insight on who exactly I'd control.
So it turns out that Russ had like dictatorial control, so it wasn't easy to delegate to somebody else. - He hadn't. I think he had some sort of ideas. I mean, his diary talked about walking away and giving it to somebody else, but he couldn't give up that control on anybody apparently.
- Which makes you think that power corrupts, and his ideals were not as strong as he espoused about, because if it was about the freedom of being able to buy drugs, if you want to, then he surely should have found ways to delegate that power. - We changed over time.
You could see it in his writings that he changed. Like, so people argue back and forth that there was never murders on Silk Road. When we were doing the investigation, to us, there were six murders. So there was, the way we saw him at the time was Ross ordered people to be murdered.
People stole from him and all that. It was sort of an evolution from, oh man, I can't deal with this, I can't do it, it's too much, to the last one was like, the guy said, well, he's got three roommates. It's like, oh, we'll kill them too. - Was that ever proven in court?
- No. - Just part murder? - The murders never went forward because there was some stuff, problems in that case. So there was a separate case in Baltimore that they had been working on for a lot longer. And so, during the investigation, that caused a bunch of problems because now we have multiple federal agencies, a case against the same thing.
- How do you decide not to push forward the murder investigations? - So there was a de-confliction meeting that happened in DC. I didn't happen to go to that meeting, but Jared went, this is before I ever knew Jared, and we have like televisions where we can just sit in a room and sit in on the meeting, but it's all secured network and all that.
So we can talk openly about secure things. And we sat in on the meeting and people just kept saying the term sweat equity. I've got sweat equity, meaning that they had worked on the case for so long that they deserve to take them down. And by this time, no one knew about us, but we told them at the meeting that we had found the server and we have a copy of it and we have the infrastructure.
And these guys had just had communications under covers. They didn't really know what was going on. And this wasn't my first de-confliction meeting. We had a huge de-confliction meeting during the anonymous case. - What's a de-confliction meeting? - Agents within your agency or other federal agencies have an open investigation that if you expose your case or took down your case would hurt their case or the other way.
- Oh, so you kind of have a, it's like the rival gangs meet at the table in a smoke filled room and- - Less bullets at the end, but yes. - Boy, with the sweat equity. - Yeah. - I mean, there's careers at stake, right? Yeah. You hate that idea.
- Yeah, I mean, why is that a stake? Just because you've worked on it long enough, longer than I have, that means you did better? - Yeah. - That's insane to me. That's rewarding bad behavior. - And so that one of the part of the sweat equity discussion was about murder.
This was, here's a chance to actually bust them given the data you have from Iceland and all that kind of stuff. So why? - They wanted us just to turn the data over to them. - To them. - Yeah, thanks for getting us this far. Here it is. I mean, it came to the point where they sent us, like they had a picture of what they thought Ross was and it was an internet meme.
It really was a meme. It was a photo that we could look up. Like it was insane. - All right, so there's different degrees of competence all across the world between different people. Yes. Okay. Does part of you regret because you pushed forward the heroin and the drug trade, we never got to the murder discussion?
- I mean, the only regret is that the internet doesn't seem to understand. Like they just kind of blow that part off that he literally paid people to have people murdered. It didn't result in a murder. And I thank God no one resulted in a murder. - But that's where his mind was.
- His mind and where he wrote in his diary was that I had people killed and here's the money. He paid it. He paid a large amount of Bitcoins for that murder. - So he didn't just even think about it. He actually took action, but the murders never happened.
He took action by paying the money. - Correct. And the people came back with results. He thought they were murdered. - That said, can you understand the steel man, the case for the drug trade on Silk Road? Like can you make the case that it's a net positive for society?
- So there was a time period of when we found out the infrastructure and when we built the case against Ross. I don't remember exactly, six weeks, a month, two months, I don't know, somewhere in there. But then at Ross's sentencing, there was a father that stood up and talked about his son dying.
And I went back and kind of did the math. And it was between those time periods of when we knew we could shut it down. We could have pulled the plug on the server and gone. And when Ross was arrested, his son died from buying drugs on Silk Road.
And I still think about that father a lot. - But if we look at the scale at the war on drugs, let's just even outside of Silk Road, do you think the war on drugs by the United States has alleviated more suffering or caused more suffering in the world?
- That might be above my pay scale. I mean, I understand the other side of the argument. I mean, people said that I don't have to go down to the corner to buy drugs. I'm not gonna get shot on the corner buying drugs or something. I can just have them sent to my house.
People are gonna do drugs anyways. I understand that argument. From my personal standpoint, if I made it more difficult for my children to get drugs, then I'm satisfied. - So your personal philosophy is that if we legalize all drugs, including heroin and cocaine, that that would not make for a better world.
- I don't, no, personally, I don't believe legalizing all drugs would make for a better world. - Can you imagine that it would? Do you understand that argument? - Sure, I mean, as I've gotten older, I've started to, I like to see both sides of an argument. And when I can't see the other side, that's when I really like to dive into it.
And I can see the other side. I can see why people would say that. But I don't wanna be, my race children in a world where drugs are just free for use. - Well, and then the other side of it is with Silk Road, taking down Silk Road, did that increase or decrease the number of drug trading criminals in the world?
It's unclear. - Online, I think it increased. I think, that's one of the things I think about a lot with Silk Road was that no one really knew. I mean, there was thousands of users, but then after that, it was on the front page of the paper, and there was millions of people that knew about Tor and Onion Sites.
It was an advertisement. I would have thought, I thought crypto was gonna crash right after that. Like, I don't know, people now see that bad people are doing bad things with crypto. That'll crash. Well, I'm obviously wrong on that one. And I thought, Ross was sentenced to two life sentences plus 40 years.
No one's gonna start up these. Dark markets exploded after that. Some of them started as opportunistic, I'm gonna take those escrow accounts and I'm gonna steal all the money that came in. They were for that. But there were a lot of dark markets that popped up after that. Now we put the playbook out there.
- Yeah, yeah. But and also there's a case for, do you ever think about not taking down, if you've not taken down Silk Road, you could use it because it's a market. It itself is not necessarily the primary criminal organization. It's a market for criminals. So it could be used to track down criminals in the physical world.
So if you don't take it down, given that it was, you know, the central, how centralized it was, it could be used as a place to find criminals, right? As opposed to-- - So the dealers, the drug dealers take down the drug dealers? - Yeah. So if you have the cartel, get the cartels start get to involve you, you go after the dealers.
- It would have been very difficult. - Because of TOR and all that. - Because of all the protections anonymity. De-cloaking all that would have been drastically more difficult. And a lot of people in upper management of the FBI didn't have the appetite of running something like that. That would have been the FBI running a drug market.
How many kids, how many fathers would have to come in and said, "My kid bought while the FBI was running a site, a drug site, my kid died." So I didn't know of anybody in the FBI and management that would have the appetite to let us run what was happening on Silk Road.
'Cause remember at that time we're still believing six people are dead. We're still investigating where are all these bodies. That's pretty much why we took down Ross when we did. I mean, we had to jump on it fast. - What else can you say about this complicated world that has grown of the dark web?
- I don't understand it. It would have been something for me, I thought it was gonna collapse. But I mean, it's just gotten bigger in what's going on out there. Now, I'm really surprised that it hasn't grown into other networks or people haven't developed other networks, but TOR-- - You mean like instead of TOR?
- Yeah, TOR is still the main one out there. I mean, there's a few others and I'm not gonna put an advertisement out for them. But I thought that market would have grown. - Yeah, my sense was when I interacted with TOR it was that there's huge usability issues.
But that's for like legal activity. 'Cause like if you care about privacy, it's just not as good of a browser to look at stuff. - No, it's way too slow. It's way too slow. But I mean, you can't even like, I know some people would use it to like view movies like Netflix, so you can only view certain movies in certain countries.
You can use it for that, but it's too slow even for that. - Were you ever able to hold in your mind the landscape of the dark web? Like what's going on out there? To me as a human being, it's just difficult to understand the digital world. Like these anonymous usernames, like doing anonymous activity.
It's just, it's hard to, what am I trying to say? It's hard to visualize it in the way I can visualize it. Like I've been reading a lot about Hitler. I can visualize meetings between people, military strategy, deciding on certain evil atrocities, all that kind of stuff. I can visualize the people, there's agreements, hands, handshakes, stuff signed, groups built.
Like in the digital space, like with bots, with anonymity, anyone human can be multiple people. It's just- - Yeah, it's all lies. It's all lies. - Like, yeah, it feels like I can't trust anything. - No, you can't. You honestly can't. And like, you can talk to two different people and it's the same person.
Like there's so many different, you know, Hector had so many different identities online, the, you know, of things that, you know, the lies to each other. I mean, he lied to people inside his group just to use another name to spy on, make sure what they were, you know, weren't talking shit behind his back or weren't doing anything.
It's all lies and people that can keep all those lies straight. It's unbelievable to me. - Ross Albrecht represents the very early days of that. That's why the competence wasn't there. Just imagine how good the people are now, the kids that grow up. Oh, they've learned from his mistakes.
- Just the extreme competence. You just see how good people are at video games. Like the level of play in terms of video games. Like I used to think I sucked. And now I'm not even like, I'm not even in the like consideration of calling myself shitty at video games.
I'm not even, I'm like non-existent. I'm like the mold. - Yeah, I stopped playing because it's so embarrassing. - It's embarrassing. It's like wrestling with your kid and he finally beats you. And he's like, well, fuck that. I'm not wrestling with my kid ever again. - And in some sense, hacking at its best and its worst is a kind of game.
And you can get exceptionally good at that kind of game. - And you get the accolades of it. I mean, there's power that comes along. If you have success, I look at the kid that was hacking into Uber and Rockstar Games. He put it out there that he was doing it.
I mean, he used the name, whatever hacked into Uber was his screen name. He was very proud of it. I mean, one building evidence against himself, but he wanted that slap on the back. Like, look at what a great hacker you are. - Yeah. What do you think is in the mind of that guy?
What do you think is in the mind of Ross? Do you think they see themselves as good people? Do you think they acknowledge the bad they're doing onto the world? - So that Uber hacker, I think that's just youth not realizing what consequences are, I mean, based on his actions.
Ross was a little bit older. I think Ross truly is a libertarian. He truly had his beliefs that he could provide the gateway for other people to live that libertarian lifestyle and put in their body what they want. I don't think that was a front or a lie. - What's the difference between DPR and Ross?
You said like, "I have never met Ross until, "I have only had those two days of worth of interaction." - Yeah. - It's just interesting given how long you've chased him and then having met him, what was the difference to you as a human being? - He was a human being.
He was an actual person. He was nervous when we arrested him. So one of the things that I learned through my law enforcement career is if I'm gonna be the case agent, I'm gonna be the one in charge of dealing with this person, I'm not putting handcuffs on him.
Somebody else is gonna do that. Like I'm gonna be there to help him. I'm your conduit to help. And so right after someone's arrested, you obviously have had them down for weapons to make sure for everybody's safety, but then I just put my hand on their chest, just feel their heart, feel their breathing.
I'm sure it's the scariest day, but then to have that human contact kind of settles people down. And you can kind of like, "Let's start thinking about this. "I'm gonna tell you, "I'm gonna be open and honest with you." There's a lot of cops out there and federal agents, cops, that just go to the hard-ass tactic.
You don't get very far with that. You don't get very far being a mean asshole to somebody. Be compassionate, be human, and it's gonna go a lot further. - So given everything he's done, you were still able to have compassion for him? - Yeah, we took him to the jail.
So it was after hours, so he didn't get to see a judge that day. So we stuck him in the San Francisco jail. I hadn't slept for about four days because I was dealing with people in Iceland, bosses in DC, bosses in New York. So, and I was in San Francisco, so timeframe, like the Iceland people were calling me when I was supposed to be sleeping.
It was insane. But I still went out that night while Ross sat in jail and bought him breakfast. I said, "What do you want for breakfast? "I'll have a nice breakfast for you." 'Cause we picked him up in the morning and took him over to the FBI to do the FBI booking, the fingerprints and all that.
And I got him breakfast. I mean, and you don't get paid back for that sort of thing. I'm not looking, but out of my own-- - Did he make special requests for breakfast? - Yeah, he asked for certain things. - What, can you mention, is that top secret FBI?
- No, that's not top secret. I think he wanted some granola bars. And, you know, but I mean, he already had lawyered up, so we, you know, which is his right, he can do that. So I knew we were gonna work together, you know, like I did with Hector.
But I mean, this is-- - So most of the conversations-- - His last day. - Most of the conversations have to be then with lawyers. - From that point on, I can't question him when he asked for a lawyer, or if I did, it couldn't be used against him.
So we just had conversation where I talked to him. You know, he could say things to me, but then I have to remind him that he asked for a lawyer, and he'd have to waive that and all that. But we didn't talk about his case so much. We just talked about like human beings.
- Did he, with his eyes, with his words, reveal any kind of regret, or did you see a human being changing, understanding something about themselves in the process of being caught? - No, I don't think that. I mean, he did offer me $20 million to let him go when we were driving to the jail.
- Oh, no. - And I asked him what we were gonna do with the agent that sat in the front seat. - The money really broke him, huh? - I think so. I think he kind of got caught up in how much money it was, and how, you know, when crypto started, it was pennies, and by the time he got arrested, it was 120 bucks, and you know, 177,000 Bitcoins.
Even today, you know, that's a lot of Bitcoins. - So you really could have been, if you continued to be one of the richest people in the world. - I possibly could have been if I took that 20 million then. I could have been living, we could have this conversation in Venezuela.
(laughing) - In a castle, in a palace. - Yeah, until it runs out, and then the government storms the castle. - Yeah. Have you talked to Russ since? - No, no. I'd be open to it. I don't think he probably wants to hear from me. - And do you know where, in which prison he is?
- I think he's somewhere out in Arizona. I know he was in the one next to Supermax for a little while, like the high security one that's like, shares the fence with Supermax, but I don't think he's there anymore. I think he's out in Arizona. I haven't seen him in a while.
- I wonder if he can do interviews in prison. That'd be nice. - Some people are allowed to, so I've not seen an interview with him. I know people have wanted to interview him about books and that sort of thing. - Right, because the story really blew up. Did it surprise you how much the story and many elements of it blew up?
Movies, books? - It did surprise me. My wife's uncle, who I didn't, I've been married to my wife for 22 years now. I don't think he knew my name, and he was excited about that. He reached out when "Silk Road" came out, so that was surprising to see. - Did you think the movie on the topic was good?
- I didn't have anything to do with that movie. I've watched it once. It was kind of cool that Jimmy Simpson was my name in the movie, but outside of that, I thought it sort of missed the mark on some things. - When Hollywood, I don't think they understand what's interesting about these kinds of stories, and there's a lot of things that are interesting, and they missed all of them.
So for example, I recently talked to John Carmack, who's a world-class developer and so on. So Hollywood would think that the interesting thing about John Carmack is some kind of shitty, like a parody of a hacker or something like that. They would show really crappy emulation of some kind of Linux terminal thing.
The reality is the technical details, for five hours with him, for 10 hours with him, is what people actually wanna see, even people that don't program. They want to see a brilliant mind, the details that they're not, even if they don't understand all the details, they want to have an inkling of the genius that's there.
That's just one way of saying that you wanna reveal the genius, the complexity of that world in interesting ways, and to make a Hollywood, almost parody caricature of it, it just destroys the spirit of the thing. So one, the Operation FBI is fascinating, just tracking down these people on the cyber security front is fascinating.
The other is just how you run TOR, how you run this kind of organization, the trust issues of the different criminal entities involved, the anonymity, the low-hanging fruit, the being shitty at certain parts on the technical front, all of those are fascinating things. That's what a movie should reveal.
Should probably be a series, honestly, a Netflix series than a movie. - Yeah, an FX show or something like that, 'cause they're kinda gritty. - Yeah, yeah, gritty, exactly, gritty. I mean, shows like Chernobyl from HBO made me realize, okay, you can do a good job of a difficult story and reveal the human side, but also reveal the technical side and have some deep, profound understanding on that case, on the bureaucracy of a Soviet regime.
In this case, you could reveal the bureaucracy, the chaos of a criminal organization, of a law enforcement organization. I mean, there's so much to explore. It's fascinating. - Yeah, I like Chernobyl. When I rewatch it, I can't watch episode three, though, the animal scene, the episode. They go around shooting all the dogs and all that.
I gotta skip that part. - You're a big softie, aren't you? - I really am. I'm sure I'll probably cry at some point. (both laughing) - I love it, I love it. - Don't get me talking about that episode you made about your grandmother. Oh my God, that was rough.
- Just to linger on this ethical versus legal question, what do you think about people like Aaron Schwartz? I don't know if you're familiar with him, but he was somebody who broke the law in the name of an ethical ideal. He downloaded and released academic publications that were behind a paywall, and he was arrested for that and then committed suicide, and a lot of people see him, certainly in the MIT community, but throughout the world as a hero, because you look at the way knowledge, scientific knowledge is being put behind paywalls, it does seem somehow unethical, and he basically broke the law to do the ethical thing.
Now, you could challenge it, maybe it is unethical, but there's a gray area, and to me at least, it is ethical. To me at least, he is a hero, because I'm familiar with the paywall created by the institutions that hold these publications. They're adding very little value. So it is basically holding hostage the work of millions of brilliant scientists for some kind of, honestly, a crappy capitalist institution.
Like they're not actually making that much money. It doesn't make any sense to me. It should, to me, it should all be open public access. There's no reason it shouldn't be, all publications should be. So he stood for that ideal and was punished harshly for it. That's the other criticism, it was too harshly.
And of course, deeply unfortunately, that also led to his suicide, 'cause he was also tormented on many levels. I mean, are you familiar with him? What do you think about that line between what is legal and what is ethical? - So it's a tough case. I mean, the outcome was tragic, obviously.
Unfortunately, when you're in law enforcement, you have to, your job is to enforce the laws. I mean, it's not, if you're told that you have to do a certain case, and there is a violation of, at the time, 18 USC 1030, computer hacking, you have to press forward with that.
I mean, you have to charge, you bring the case to the U.S. Attorney's Office, and whether they're gonna press charges or not, you can't really pick and choose what you press and don't press forward. I never felt that, at least that flexibility, not in the FBI. I mean, maybe when you're a street cop and you pull somebody over, you can let them go with a warning.
- So in the FBI, you're sitting in a room, but you're also a human being. You have compassion. You arrested Ross, the hand on the chest. I mean, that's a human thing. - Sure. - So there's a-- - But I can't be the jury for whether it was a good hack or a bad hack.
It's all someone, a victim has come forward and said, "We're the victim of this." And I agree with you, 'cause again, the basis of the internet was to share academic thought. I mean, that's where the internet was born. - But it's not up to you. So the role of the FBI is to enforce the law.
- Correct. And there's a limited number of tools on our Batman belt that we can use. Not to get into all the aspects of the Trump case and Mar-a-Lago and the documents there. I mean, the FBI has so many tools they can use and a search warrant is the only way they could get in there.
I mean, that's it. There's no other legal document or legal way to enter and get those documents. - What do you think about the FBI and Mar-a-Lago and the FBI taking the documents for Donald Trump? - You know, it's a tough spot. It's a really tough spot. The FBI has gotten a lot of black eyes recently.
And I don't know if it's the same FBI that I remember when I was there. - Do you think they deserve it in part? Was it done clumsily, their raiding of the former president's residence? - It's tough. It's tough, you know, because again, they're only limited to what they're legally allowed to do and a search warrant is the only legal way of doing it.
I have my personal and political views on certain things. I think it might be surprising to some where those political points stand. But-- - You told me offline that you're a hardcore communist. That was very surprising to me. - Well, that's only you tried to bring me into the Communist Party.
- Exactly, I was trying to recruit you. I was giving you all kinds of flyers. Okay, but you said like, you know, people in the FBI are just following the law, but there's a chain of command and so on. What do you think about the conspiracy theories that people, some small number of people inside the FBI conspire to undermine the presidency of Donald Trump?
- If you would have asked me when I was inside and before all this happened, I would say it never happened. I don't believe in conspiracies. You know, there's too many people involved. Somebody's gonna come out with some sort of information. But I mean, from the more of the stuff that comes out, it's surprising that, you know, agents are being fired because of certain actions that are taken inside and being dismissed because of politically motivated actions.
- So do you think it's explicit or just pressure? Just, do you think there could exist just pressure at the higher ups that has a political leaning and you kinda maybe don't explicitly order any kind of thing, but just kinda pressure people to lean one way or the other and then create a culture that leans one way or the other based on political leanings?
- You would really, really hope not. But I mean, that seems to be the narrative that's being written. - But when you were operating, you didn't feel that pressure? - Man, I was such at a low level. You know, I'd had no aspirations of being a boss. I wanted to be a case agent my entire life.
- So you love the puzzle of it, the chase. - I love solving things, yeah. To be management and manage people and all that, like no desire whatsoever. - What do you think about Mark Zuckerberg on Joe Rogan's podcast saying that the FBI warned Facebook about potential foreign interference?
And then Facebook inferred from that that they're talking about Hunter Biden laptop story and thereby censored it. What do you think about that whole story? - Again, you asked me when I was in the FBI, I wouldn't believed it from being on the inside and I wouldn't believe these things.
But there's a certain narrative being written that is surprising to me that the FBI is involved in these stories. - So, but the interesting thing there is the FBI is saying that they didn't really make that implication. They're saying that there's interference activity happening. Just watch out. And it's a weird relationship between FBI and Facebook.
You could see from the best possible interpretation that the FBI just wants Facebook to be aware 'cause it is a powerful platform, a platform for viral spread of misinformation. So in the best possible interpretation of it, it makes sense for FBI to send some information saying like we're seeing some shady activity.
- Absolutely. - But it seems like all of that somehow escalated to a political interpretation. - I mean, yeah, it sounded like there was a wink-wink with it. I don't know if Mark meant for that to be that way. Again, are we being social engineered or was that a true expression that Mark had?
- And I wonder if the wink-wink is direct or it's just culture. You know, maybe certain people responsible on the Facebook side have a certain political lean and then certain people on the FBI side have a political lean when they're interacting together. And it's like literally has nothing to do with a giant conspiracy theory, but just with a culture that has a particular political lean during a particular time in history.
And so like maybe it could be Hunter Biden laptop one time and then it could be whoever, Donald Trump Jr.'s laptop another time. - It's a tough job. I mean, if you're the liaison, if you're the FBI's liaison to Facebook, you know, there are certain people that I'm sure they were offered a position at some point.
It seems, you know, there's FBI agents that go, I know of a couple that's gone to Facebook. This is a really good agent that now leads up their child exploitation stuff. Another squad mate runs their internal investigations, both great investigators. So, you know, there's good money, especially when you're an FBI agent that's capped out at a, you know, a 1310 or whatever pay scale you're capped out at.
It's alluring to be, you know, maybe want to please them and be asked to join them. - Yeah, and over time that corrupts. I think there has to be an introspection in tech companies about the culture that they develop, about the political ideology, the bubble. It's interesting to see that bubble.
Like I've asked myself a lot of questions. I've interviewed the Pfizer CEO, what seems now a long time ago, and I've gotten a lot of criticism, positive comments, but also criticism from that conversation. And I did a lot of soul searching about the kind of bubbles we have in this world.
And it makes me wonder, pharmaceutical companies, they all believe they're doing good. And I wonder, because the ideal they have is to create drugs that help people and do so at scale. And it's hard to know at which point that can be corrupted. It's hard to know when it was corrupted and if it was corrupted and where, which drugs and which companies and so on.
And I don't know. I don't know that complicated. It seems like inside a bubble, you can convince yourself if anything is good. People inside the Third Reich regime were able to convince themselves. I'm sure many just, "Bloodlands" is another book I've been recently reading about it. And the ability of humans to convince they're doing good when they're clearly murdering and torturing people in front of their eyes is fascinating.
They're able to convince themselves they're doing good. It's crazy. Like there's not even an inkling of doubt. Yeah, I don't know what to make of that. So it has taught me to be a little bit more careful when I enter into different bubbles to be skeptical about what's taken as an assumption of truth.
Like you always have to be skeptical about what's assumed is true. Is it possible it's not true? You know, if you're talking about America, it's assumed that in certain places that surveillance is good. Well, let's question that assumption. Yeah, and also it inspired me to question my own assumptions that I hold as true constantly, constantly.
It's tough, it's tough. - But you don't grow. I mean, do you wanna be just static and not grow? You have to question yourself on some of these things if you wanna grow as a person. - Yeah, for sure. Now, one of the tough things actually of being a public personality when you speak publicly is you get attacked all along the way as you're growing.
In part, a big softy as well, if I may say. And those hurt, it hurts, it hurts, it hurts. - Do you pay attention to it? - Yeah, yeah, yeah, yeah. It's very hard. Like I have two choices. One, you can shut yourself off from the world and ignore it.
I never found that compelling, this kind of idea of like haters gonna hate. This idea that anyone with a big platform or anyone's ever done anything was always gotten hate. Okay, maybe. But I still wanna be vulnerable, wear my heart on my sleeve, really show myself, open myself to the world, really listen to people.
And that means every once in a while somebody will say something that touches me in a way that's like, what if they're right? - Do you let that hate influence you? I mean, can you be bullied into a different opinion than you think you really are just because of that hate?
- No, no, I believe not, but it hurts in a way that's hard to explain. Yeah, it gets to like, it shakes your faith in humanity actually is probably why it hurts. Like people that call me a Putin apologist or a Zelensky apologist, which I'm currently getting almost an equal amount of, but it hurts.
It hurts because I, it hurts because it damages slightly my faith in humanity to be able to see the love that connects us and then to see that I'm trying to find that. And that's, I'm doing my best in the limited capabilities I have to find that. And so to call me something like a bad actor, essentially from whatever perspective, it just makes me realize, well, people don't have empathy and compassion for each other.
And it makes me question that for a brief moment. And that's like a crack and it hurts. - How many people do this to your face? - Very few. - It's online e-muscles, man. They're just flexing. - I have to be honest that it happens because I've hung around with Rogan enough.
When your platform grows, there's people that will come up to Joe and say stuff to his face that they forget. They still, they forget he's an actual real human being. They'll make accusations about him. - So does that cause him to wall himself off more? - No, he's pretty gangster on that.
But yeah, it still hurts. If you're human, if you really feel others, I think that's also the difference with Joe and me. He has a family that he deeply loves, and that's an escape from the world for him. There's a loneliness in me that I'm always longing to connect with people and with regular people.
And just to learn their stories and so on. And so if you open yourself up that way, the things they tell you can really hurt in every way. Like just me going to Ukraine, just seeing so much loss and death. Some of it is, I mean, unforgettably haunting. Not in some kind of political way, activist way, or who's right, who's wrong way, but just like, man, like so much pain.
You see it and it just stays with you. - When you see a human being bad to another human, you can't get rid of that in your head. You can't imagine that we can treat each other like that. That's the hard part, I think. I mean, for me it is.
When I saw parents, like when I did the child exploitation stuff, when they rented their children out, they literally rented infant children out to others for sexual gratification. Like I don't know how a human being could do that to another human being. And that sounds like the kind of thing you're going through.
I mean, I went through a huge funk when I did those cases afterwards. I should have talked to somebody, but in the FBI you have to keep that machismo up or they're gonna take your gun away from you. - Well, I think that's examples of evil that that's like the worst of human nature.
But just because I have-- - War is just as bad, I mean. - Somehow war, it's somehow understandable given all the very intense propaganda that's happening. So you can understand that there is love in the heart of the soldiers on each side given the information they're given. There's a lot of people on the Russian side believe they're saving these Ukrainian cities from Nazi occupation.
Now there is stories, there is a lot of evidence of people for fun murdering civilians. Now that is closer to the things you've experienced of like evil, of evil embodied. And I haven't interacted with that directly with people who for fun murdered civilians. - But you know it's there in the world.
I mean, you're not naive to it. - Yes, but if you experience that directly, if somebody shot somebody for fun in front of me, that would probably break me, yeah. Like seeing it yourself, knowing that it exists is different than seeing it yourself. Now I've interacted with the victims of that and they tell me stories and you see their homes destroyed, destroyed for no good military reason.
It's civilians with civilian homes being destroyed. That really lingers with you. It's, yeah, the people that are capable of that. - That goes with the propaganda. I mean, if you were to build a story, you have to have on the other side, the homes are gonna be destroyed, the non-military targets are gonna be destroyed.
- To put it in perspective, I'm not sure a lot of people understand the deep human side or even the military strategy side of this war. There's a lot of experts outside of the situation that are commenting on it with certainty. And that kind of hurts me because I feel like there's a lot of uncertainty.
There's so much propaganda, it's very difficult to know what is true. Yeah, so my whole hope was to travel to Ukraine, to travel to Russia, to talk to soldiers, to talk to leaders, to talk to real people that have lost homes, that have lost family members, that who this war has divided, who this war changed completely how they see the world.
Whether they have love or hate in their heart to understand their stories. I've learned a lot on the human side of things by having talked to a lot of people there. But it has been on the Ukrainian side for me currently. Traveling to the Russian side is more difficult.
Let me ask you about your now friend, can we go as far as to say his friend in Asabu, Hector Masegur. What's the story, what's your long story with him? Can you tell me about what is LALSEC, who is Asabu, and who's Anonymous, what is Anonymous? Where's the right place to start that story?
- Probably Anonymous. Anonymous was a, it still is I guess, a decentralized organization. They call themselves Headless, but once you look into them a little ways, they're not really Headless. The power struggle comes with whoever has a hacking ability. That might be you're a good hacker or you have a giant botnet used for DDoS.
So you're gonna wield more power if you can control where it goes. Anonymous started doing their hacktivism stuff in 2010 or so. The word hack was in the media all the time then. And then right around then, there was a federal contractor named HBGary Federal. Their CEO is Aaron Barr.
And Aaron Barr said he was gonna come out and de-anonymize Anonymous. He's gonna come out and talk at Black Hat or Defcon or one of those and say who they are. He figured it out by based on when people were online, when people were in IRC, when tweets came out.
There was no scientific proof behind it or anything. So he was just gonna falsely name people that were in Anonymous. So Anonymous went on the attack. They went and hacked in HBGary Federal and they turned his life upside down. They took over his Twitter account and all that stuff pretty quickly.
- I have very mixed feelings about all of this. - Okay. - I get, like part of me admires the positive side of the hacktivism. - Okay. - Is there no room for admiration there of the fuck you to the man? - Not at the time. Again, it was a violation.
The 18 USC 1030, so it was my job. It's what I, you know, so at the time, no. In retrospect, sure. - But what was the philosophy of the hacktivism? The philosophically, were they at least expressing it for the good of humanity or no? - They outwardly said that they were gonna go after people that they thought were corrupt.
So they were judge and jury on corruption. They were gonna go after it. Once you get inside and realize what they were doing, they were going after people that they had an opportunity to go after. So maybe someone had a zero day and then they searched for servers running that zero day.
And then from there, let's find a target. I mean, one time they went after a toilet paper company. I still don't understand what that toilet paper company did, but it was an opportunity to make a splash. - Is there some way for the joke, for the lulz? - It developed into that.
So I think the hacktivism and the anonymous stuff wasn't so much for the lulz, but from that HBGary Federal hack, then there were six guys that worked well together and they formed a crew, a hacking crew, and they kind of split off into their own private channels. And that was lulzsec, or laughing at your security, was their motto.
- So that's L-U-L-Z-S-E-C, lulzsec. - Of course it is. - Lulzsec. And who founded that organization? - So Kayla and Sabu were the hackers of the group. And so they really did all the work on HBGary. So they're- - These are code names. - Yeah, they're online names. They're Nicks.
And so, you know, that's all they knew each other as. You know, they talked as those names. And they worked well together. And so they formed a hacking crew and that's when they started the, at first they didn't name it this, but it was the 50 days of lulz, where they would just release major, major breaches.
And it stirred up the media. I mean, it put hacking in the media every day. They had 400 or 500,000 Twitter followers. You know, and it was kind of interesting. But then they started swinging at the beehive and they took out some FBI affiliated sites. And then they started Fuck FBI Fridays, where every Friday they would release something.
And we waited it with bated breath. I mean, they had us hook, line, and sinker pissed. We were waiting to see what was gonna be dropped every Friday. It was, it's a little embarrassing looking back on it now. - And this is in the early 2010s. - Yeah, this was 2010, 2011, around there.
- So actually linger on Anonymous. What, do we still understand what the heck is Anonymous? - It's just a place where you hang out. I mean, it's just, it started on 4chan, went to 8chan. It's really just anyone. You could be in Anonymous right now if you wanted to.
Just you're in there hanging out in the channel. Now, you're probably not gonna get much cred until you work your way up and prove who you are or someone vouches for you. But anybody can be in Anonymous. Anybody can leave Anonymous. - What's the leadership of Anonymous? Do you have a sense that there is a leadership?
- There's a power play. Now, is that someone that says this is what we're doing and all we're doing? - I love the philosophical and the technical aspect of all of this. But I think there is a slippery slope to where for the lulz, you can actually really hurt people.
That's the terrifying thing. When you're attached, I'm actually really terrified of the power of the lulz. It's the fun thing somehow becomes a slippery slope. I haven't quite understood the dynamics of that. But even in myself, if you just have fun with a thing, you lose track of the ethical grounding of the thing.
And so like, it feels like hacking for fun can just turn it, like literally lead to nuclear war. Like literally destabilize nations. - Yeah, yada, yada, yada, nuclear war. I could see it, yeah. - So I've been more careful with the lulz. Yeah, I've been more careful about that.
And I wonder about it because in internet speak, somehow ethics can be put aside through the slippery slope of language. I don't know, everything becomes a joke. If everything's a joke, then everything's allowed and everything's allowed, then you don't have a sense of what is right and wrong. You lose sense of what is right and wrong.
- You still have victims. I mean, you're laughing at someone. Someone's the butt of this joke. Whether it's major corporations or the individuals. I mean, some of the stuff they did was just releasing people's PII, their personal identifying information and stuff like that. I mean, is it a big deal?
I don't know, maybe, maybe not. But if you could choose to not have your information put out there, probably wouldn't. - We do have a sense of what anonymous is today. Has it ever been one stable organization or is it a collection of hackers that kind of emerge for particular tasks, for particular, like, hacktivism tasks and that kind of stuff?
- It's a collection of people that has some hackers in it. There's not a lot of big hackers in it. I mean, there's some that'll come bouncing in and bounce out. Even back then, there was probably just as many reporters in it, people in the media in it with the hackers at the time, just trying to get the inside scoop on things.
Some giving the inside scoop. We arrested a reporter that gave over the username and password to his newspaper, just so he could break the story. He trusted him. - Speaking of trust, reporters, boy, there's good ones. There's good ones. - There are. - There are. But boy, do I have a complicated relationship with them.
- How many stories about you are completely true? - You can just make stuff up on the internet. And one of the things that, I mean, there's so many fascinating psychological, sociological elements of the internet to me. One of them is that you can say that Lex is a lizard, right?
And if it's not funny, so lizard is kind of funny, what should we say? Lex has admitted to being an agent of the FBI. You can just say that, right? And then the response that the internet will be like, oh, is that true? I didn't realize that. They won't go like, provide evidence, please.
They'll just say like, oh, that's weird. I kind of thought he might be kind of weird. And then it piles on, it's like, hey, hey, hey, guys. Here's a random dude on the internet just said a random thing. You can't just like pile up as, and then-- - Yeah, Johnny6969 is now a source that says.
- And then like, the thing is I'm a tiny guy, but when it grows, if you have a big platform, I feel like newspapers will pick that up and then they'll start to build on a story. And you never know where that story really started. It's so cool. I mean, to me, actually, honestly, it's kind of cool that there's a viral nature of the internet that can just fabricate truth completely.
I think we have to accept that new reality and try to deal with it somehow. You can't just like complain that Johnny69 can start a random thing, but I think in the best possible world, it is the role of the journalist to be the adult in the room and put a stop to it versus look for the sexiest story so that there could be clickbait that can generate money.
Journalism should be about sort of slowing things down, thinking deeply through what is true or not and showing that to the world. I think there's a lot of hunger for that. And I think that would actually get the most clicks in the end. - I mean, it's that same pressure I think we're talking about with the FBI and with the tech companies about Controversy.
I mean, the editors have to please and get those clicks. I mean, they're measured by those clicks. So, I'm sure the journalists, the true journalists, the good ones out there want that, but they wanna stay employed too. - Can I actually ask you really as another tangent, the Jared and others that are doing undercover, in terms of the tools you have for catching cybersecurity criminals, how much of is undercover?
- Undercover is a high bar to jump over. You have to do a lot to start an undercover in the FBI. There's a lot of thresholds. So, it's not your first investigative tool step. You have to identify a problem and then show that the lower steps can't get you there.
But I mean, I think we had an undercover going on in the squad about all times. When one was being shut down or taken down, we were spinning up another one. So, it's a good tool to have and utilize. They're a lot of work. I don't think if you run one, you'll never run another one in your life.
- Oh, so it's like psychologically, there's a lot of work just technically, but also psychologically, like you have to really- - It's 24/7, you're inside that world. Like you have to know what's going on and what's happening. You're taking on, you have to remember who you are when you're, 'cause you're a criminal online.
You have to go to a special school for it too. - Was that ever something compelling to you? - I went through the school, but I'm a pretty open and honest guy. And so, it's tough for me to build that wall of lies. Maybe I'm just not smart enough to keep all the lies straight.
- Yeah, but a guy who's good at building up a wall of lies would say that exact same thing. - Exactly. - It's so annoying the way truth works in this world. It's like, people have told me, because I'm trying to be honest and transparent, that's exactly what an agent would do, right?
But I feel like an agent would not wear a suit and tie. - I wore a suit and tie every day. I was a suit and tie guy. - You were? - Yeah, every day. I remember one time I wore shorts in and the SAC came in. And this was when I was a rockstar at the time in the Bureau and I had shorts in and I said, "Sorry, ma'am, I apologize for my attire." And she goes, "You can wear bike shorts in here, "I wouldn't care." I was like, "Oh, shit, that sounds nice." I never wore the bike shorts, but.
- Yeah. But see, I don't see a suit and tie as constraining. I think it's liberating in sorts. It's like, shows that you're taking the moment seriously. - Well, not just that, people wanted it. I mean, people expected when you're not, you are dressed like a perfect FBI agent.
When someone knocks on their door, that's what they wanna see. They wanna see what Hollywood built up is what an FBI agent is. You show up like my friend, Il-Won. He was dressed always in t-shirts and shorts. People aren't gonna take him serious. They're not gonna give him what they want.
- I wonder how many police that can just show up and say I'm from the FBI and start interrogating them. Like at a bar. - Probably. - Like how-- - Oh, definitely, if they've had a few drinks, you can definitely. Well, but people are gonna recognize you. That's the only problem.
That's another thing. You start taking out big cases. You can't work cases anymore in the FBI. Your face gets out there. - Your name too. - Yeah, yeah. - Well, actually, let me ask you about that before we return to our friend, Sabu. - Okay. - You've tracked and worked on some of the most dangerous people in this world.
Have you ever feared for your life? - So I had to make a really, really shitty phone call one time. I was sitting in the bureau, and this was right after Silk Road, and Jared called me. He was back in Chicago. And he called me and said, "Hey, your name and your kid's name are on a website for an assassination.
They're paying to have you guys killed." Now, these things happen on the black market. They come up, you know, and people debate whether they're real or not. But we have to take it serious. Someone's paying to have me killed. So I had to call my wife, and we had a word, in that if I said this word, and we only said it one time to each other, if I said this, this is serious.
Drop what you're doing and get to the kids. And so I had to drop the word to her. And I could feel the breath come out of her, 'cause she thought her kids were in danger, at the time they were. I wasn't in a state of mind to drive myself.
So an agent on the squad, a girl named Evelina, she drove me, lights and sirens, all the way to my kid's school. And we had locked, I called the school. We were in a lockdown. Nobody should get in or out, especially someone with a gun. The first thing they did was let me in the building with a gun.
So I was a little disappointed with that. My kids were, I think, kindergarten and fifth grade, or somewhere around there, maybe the closer, second, I'm not sure where. But all hell broke loose, and we had to, from there, go move into a safe house. I live in New York City.
NYPD surrounded my house. The FBI put cameras outside my house. You couldn't drive in my neighborhood without your license plate being read. Hey, why is this person here? Why is that person there? I got to watch my house on an iPad while I sat at my desk. But again, I put my family through that, and it scared the shit out of 'em.
And that's, to be honest, I think that's sort of my mother-in-law's words were, "I thought you did cybercrime." (laughing) And because during Silk Road, I didn't tell my family what I was working on. I'll talk about that. I wanna escape that. I don't wanna be there. I remember that, so when I was in the FBI, driving in, I used to go in at 4.30 every morning, 'cause I like to go to the gym before I go to the desk.
So I'd be at the desk at seven, so in the gym at five, a couple hours, and then go. The best time I had was that drive-in in the morning where I could just be myself. I listened to a sports podcast out of DC. We talked about sports and the Nationals and whatever it was, the Capitals.
It was great to not think about Silk Road for 10 minutes. But that was my best time, but yeah, again, so yeah. I've had that move into the safe house. I left my MP5 at home. That's the Bureau's machine gun. Showed my wife to just pull and spray. - But how often did you live or work and live with fear in your heart?
- It was only that time. I mean, for actual physical security, then, I mean, after the anonymous stuff, I really tightened down to my cybersecurity. I don't have social media. I don't have pictures of me and my kids online. I don't really, if I go to a wedding or something, I say, "I don't take my picture with my kids," if you're gonna post it someplace or something like that.
So that sort of security I have. But just like everybody, you start to relax a little bit and security breaks down 'cause it's not convenient. - But it's also part of your job, so you're much better at, like, I mean, your job now and your job before, so you're probably much better taking care of the low-hanging fruit, at least.
- I understand the threat, and I think that's what a lot of people don't understand, is understanding what the threat against them is. So I'm aware of that and what possibly, and I think about it, you know? I think about things. I do remember, so you tripped a memory in my mind.
I remember a lot of times, and I had a gun on my hip, I still carry a gun to this day, opening my front door and being concerned what was on the other side, walking out of the house 'cause I couldn't see it. I remember those four o'clocks, heading to the car.
I was literally scared. - Yeah. I mean, having seen some of the things you've seen, it makes you perhaps question how much evil there is out there in the world, how many dangerous people there are out there, crazy people even. - There's a lot of crazy, there's a lot of evil.
Most people, I think, get into cyber crime or just opportunistic, not necessarily evil. They don't really know, maybe think about the victim. They just do it as a crime of opportunity. I don't label that as evil. - And one of the things about America that I'm also very happy about is that rule of law, despite everything we talk about, it's tough to be a criminal in the United States.
So if you walk outside your house, you're much safer than you are in most other places in the world. - You're safer and the system's tougher. I mean, LulzSec, six guys, one guy in the United States, five guys other places. Hector was facing 125 years. Those guys got slaps on the wrist and went back to college.
You know, different laws, different places. - So who's Hector? Tell me the story of Hector. So this LulzSec organization was started. So Hector was before that in, he was in part anonymous. He was doing all kinds of hacking stuff, but then he launched LulzSec. - He's an old school hacker.
I mean, he learned how to hack and I don't wanna tell his story, but he learned to hack because he grew up in the Lower East Side of New York and picked up some NYPD computers that were left on the sidewalk for trash. Taught himself how to-- - He doesn't exactly look like a hacker.
For people who don't know, he looks, I don't know exactly what he looks like, but not like a technical, not what you would imagine. But perhaps that's a Hollywood portrayal. - Yeah, I think you get in trouble these days saying what a hacker looks like. I don't know if they have a traditional look.
Just like I said, Hollywood has an idea, an FBI looks like. I don't think you can do that anymore. I don't think you can say that anymore. - Well, he certainly has a big personality and charisma and all that kind of stuff. - That's Sabu. - I can see him selling me anything.
- That's Sabu. - Convincing me of anything. - Two different people. There's Sabu and there's Hector. Hector is a sweet guy. He likes to have intellectual conversations and that's just his thing. He'd rather just sit there and have a one-on-one conversation with you. But Sabu, that's a ruthless motherfucker.
- And you first met Sabu. - I was tracking Sabu. That's all I knew was Sabu. I didn't know Hector. - So when did your paths cross in terms of tracking? When did you first take on the case? - The spring of '11. - So it was through Anonymous.
- Through Anonymous, and really kind of LULZSEC. LULZSEC was a big thing and it was pushed out to all the cyber, 56 field offices in the FBI. Most of them have cyber squads or cyber units. And so it was being pushed out there and it was in the news every day, but it really wasn't ours.
So we didn't have a lot of victims in our AOR area of responsibility. And so we just kind of pay attention to it. Then I got a tip that a local hacker in New York had broken into AOL. And so Olivia Olsen and I, she's another agent who she's still in.
She's a supervisor out in LA. She's a great agent. We went all around New York looking for this kid just to see what we can find and ended up out in Staten Island at his grandmother's house. She didn't know where he was, obviously, why would she? But I left my card.
He gave me a call that night and started talking to me. And I said, "Let's just meet up tomorrow at the McDonald's across from 26th and." And he came in and three of us sat there and talked and gave me his stuff. He started telling me about all the felonies he was committing those days, including that break into AOL.
And then he finally says, "I can give you Sabu." Sabu to us was the Kaiser socialite of hacking. He was our guy. He was the guy that was in the news that was pissing us off. - So he was part of the FBI Fridays? - Sabu was, yeah. Oh, he led it.
Yeah, he was the leader of fuck FBI Fridays. So yeah. - What was one of the more memorable FFFs? (sighs) - I said, "How do you get, how and why do you go after the beehive? That's kind of intense." - You get you on the news, it's the lulls.
It's funnier to go after the big ones. You know, and they weren't getting like real FBI. They weren't breaking into FBI mainframes or anything, but they were affiliate sites or anything that had to do, a lot of law enforcement stuff was coming out. But, you know, we looked back.
And so if this kid knew that Sabu, maybe there was a chance we could use him to lure Sabu out. But we also said, "Well, maybe this kid knows Sabu in real life." And so we went and looked through the IPs and 10 million IPs, we find one and it belonged to him.
And so that day Sabu, someone had doxxed Sabu and we were a little afraid he was gonna be on the run. We had a surveillance team and FBI surveillance teams are awesome. Like you cannot even tell their FBI agents. They are really that good. I mean, there's baby strollers and all whatever you wouldn't expect an FBI agent to have.
- So that's a little like the movies. - A little bit, yeah. I mean, it is true, but they fit into the area. So now they're on the Lower East Side, which is, you know, a baby stroller might not fit in there as well. You know, somebody just laying on the ground or something like that.
They really get in, play the character and get into it. - So now I can never trust a baby stroller again. - Well, probably shouldn't. - Every baby, I'm just like, look at stare at them suspiciously. - Especially if the mom's wearing cargo pants while she pushes it. - Yeah, so if it's like a very stereotypical mom or stereotypical baby, I'm gonna be very suspicious.
I'm gonna question the baby. - That baby's wired, be careful. You know, we raced out there and like our squad's not even full. There's only a few guys there. And like I said, I was a suit guy, but that day I had shorts and a t-shirt on. I had a white t-shirt on and I only bring it up 'cause Sabu makes fun of me to this day.
So I had a bulletproof vest and a white t-shirt on and that was it. I had shorts too and all that, but raced over to there. We didn't have any equipment. We brought our boss's boss's boss. He stopped off at NYPD, got us like a ballistic shield and a battery and RAM if we needed it.
And then we get to Hector's house, Sabu's house, and he's on the sixth floor. And so normally, you know, we're the cyber dork squad. We'll hop in the elevator, six floors is a long ways to go up and bulletproof vest and a ballistic shield. But we had been caught in an elevator before on a search.
So we didn't, we took the stairs. We get to the top, a tad winded, but knocking the door and this big towering guy opens the door just slightly. And he sees the green vest with big yellow letters FBI and he steps outside. Can I help you? And tries to social engineer us.
But eventually we get our way inside the house. You know, I noticed a few things that are kind of out of place. There's a laptop charger and a flashing modem. And I said, well, do you have a computer here? And he said, no, there's no computer here. So we knew the truce and then the half lies and all that sort of thing.
So it took us about another two hours and finally gave up that he was Sabu, he was the guy we were looking for. So we sat there and we kind of showed him sort of the evidence we had against him. And, you know, from his words, we sat there and talked, talked like two grown adults and, you know, I gave him the options and he said, well, let's talk about working together.
- So he chose to become an informant. - I don't think he chose that night, but that's where it kind of went to. So then we brought him down to the FBI that night, which was, it was a funny trip 'cause I'm sitting in the back seat of the car with him.
And I was getting calls from all over the US from different FBI agents saying that we arrested the wrong guy. I was like, I don't think so. And they're like, why do you think so? I was like, 'cause he says it's him. And they still said, no, it's the wrong guy.
So I said, well, we'll see how it plays out. - That's so interesting 'cause it's such a strange world. Such a strange world 'cause it's tough to, 'cause you still have to prove it's the same guy, right? 'Cause the anonymity. - Yeah, I mean, we had his laptop by that point.
- Yeah, I know, but-- - Him saying, that helped. I gave him a clue in my world. - Yeah, yeah. - But yeah, if he would have fought it, I mean, that definitely would have come in as evidence that other FBI agents are saying it's not him. You have to disclose that stuff.
- So you had a lot of stuff on him. What was he facing if-- - He was facing 125 years. - 125 years in prison. Now that's if you took every charge we had against him and put him consecutively. No, no one ever gets charged with that, but yeah, essentially it would have been 125 years.
Fast forward to the end, he got thanked by the judge for his service after nine months. And he walked out of the court a free man. - But that's while being an informant. - Yes. - Well, so the word informant here really isn't that good. It's not fitting that technically, I guess that's what he was, but he didn't know the other people.
It was all anon, he knew Nix and all that. He really gave us the insight of what was happening in the hacker world. Like I said, he was an old school hacker. Back when hackers didn't work together with anonymous, he was down Cult of Dead Cow and those type guys, like way back.
He was around for that. He's like an encyclopedia of hacking. But, you know, we just-- - So I guess Prime was in the '90s. - For terror hack, but yeah, he kind of came back when anonymous started going after MasterCard and PayPal and all that, do the WikiLeaks stuff.
- But even that little interaction, being an informant, he probably made a lot of enemies. How do you protect a guy like that? - He made enemies after it was revealed? - Yeah. - How does the FBI protect him? Good luck. I mean, perhaps I'll talk to him one day, but is that guy afraid for his life?
- I, again, I think-- - He doesn't seem like it. - He has very good security for himself, cyber security. But, you know, yeah, he doesn't like the negative things said about him online. I don't think anybody does. But, you know, I think it's so many years of the internet kind of bitching at you and all that, you get calloused, it's just internet bitching.
- And also the hacking world moves on very quickly. He is kind of, they have their own wars to fight now, and he's not part of those wars anymore. - There's still people out there that bitch and moan about him, but yeah, I think it's less. I think, you know, he has a good message out there of, you know, trying to keep kids from making the same mistakes he made.
He tries to really preach that. - How do people get into this line of work? Is there all kinds of ways, being not your line of work, his line of work, just all the stories you've seen of people that are in Anonymous and LulzSec and Silk Road and all the cyber criminals you've interacted with.
What's the profile of a cyber criminal? - I don't think there's a profile anymore. You know, I used to be able to say, you know, the kid in your mom's basement or something like that, but it's not true anymore. You know, like, it's wide. It's like, I've arrested people that you wouldn't expect would be cyber criminals.
- And it's in the United States, it's international, it's everything? - Oh, it's international. I mean, we're seeing a lot of the big hackers now. The big arrests for hackers in England, surprisingly. You know, there's, you know, you're not gonna see there's a lot of good hackers like down in Brazil, but I don't think Brazil law enforcement is as good at hunting them down.
So you're not gonna see the big arrests. - How much state-sponsored cyber attacks are there, do you think? - More than you can imagine. And what do you wanna say an attack? You had a successful attack or just a probing? - Probing for information, just like feeling, you know, testing that there's where the attack factors are, trying to collect all the possible attack factors.
- Put a Windows 7 machine on the internet forward-facing and put a packet sniffer on there and look at where the driver comes from. I mean, in 24 hours, you were gonna fill up a hard drive with packets just coming at it. - Yeah. - I mean, it's not hard to know.
I mean, it's just constantly probing for entry points into things, you know? You could go mad putting up Honeypot, draws in intrusions, should I see what methodologies? - Just to see what's out there. - Yeah, and it doesn't go anywhere. It maybe has fake information and stuff like that.
You know, it's kind of to see what's going on and judge what's happening on the internet. Get a, you know, lick your finger and test the wind of what's happening these days. - The funny thing about, like, because I'm at MIT, that attracted even more attention for the, not for the lulz, but for the technical challenge.
It seems like people enjoy hacking MIT. Just the amount of traffic MIT was getting for that, in terms of just the sheer number of attacks from different places is crazy. Yeah, like, just like that, putting up a machine, seeing what comes. - NASA used to be the golden ring.
Now everybody got NASA. That was like the early '90s. If you could hack NASA, that was the, now, yeah, MIT is a big one. - Yeah, it's fun. It's fun to see. (laughs) Respect. 'Cause I think in that case, it comes from a somewhat good place, 'cause, you know, they're not getting any money from MIT.
(both laugh) It's more for the challenge. Well, let me ask you about that, about this world of cybersecurity. How big of a threat are cyberattacks for companies and for individuals? Like, let's lay out, where are we in this world? What's out there? - It's the wild, wild west. And it's, I mean, people want the idea of security, but it's inconvenient, so they don't, they push back on it.
And there are a lot of opportunistic nation state, financially motivated hackers, hackers for the lulz. You got three different tiers there. And they're on the prowl. They have tools. They have really good tools that are being used against us. - And at what scale? So when you're thinking of, I don't know what's, let's talk about companies first.
So say you're talking to a mid-tier. I wonder what the most interesting business is. So Google, we can look at large tech companies, or we can look at medium-sized tech companies. And like, you are sitting in a room with a CTO, with a CEO, and the question is, how fucked are we?
And what should we do? What's the low-hanging fruit? What are the different strategies and those companies should consider? - I mean, the problem is they want a push button. They want a out-of-the-box solution that, I'm secure, you know? They want to tell people they're secure, but-- - And that's very challenging to have.
- It's impossible. But if I could, if someone had it, they'd be a billionaire. They'd be beyond a billionaire, 'cause that's what everybody wants. So you can buy all the tools you want. It's configuring them the proper way. And if anyone's trying to tell you that there's one solution that fits all, they're stakeholder salesmen.
And there's a lot of people in cybersecurity that are stakeholder salesmen. - Yeah, and I feel like there's tools, if they're not configured correctly, they just introduce, they don't increase security significantly, and they introduce a lot of pain for the people. They decrease efficiency of the actual work you have to do.
So like, we had, I was at Google for a time, and I think mostly I want to give props to their security efforts, but user data, so like data that belongs to users, is like the holy, like the amount of security they have around that is incredible. So most, any time I had to work with anything even resembling user data, so I never got a chance to work with actual user data, anything resembling that, first of all, you have no access to the internet.
It's impossible to even come close to the access to the internet. And there's so much pain to actually like interact with that data. Where, I mean, it was extremely inefficient. In places where I thought it didn't have to be that inefficient, the security was too much. But I have to give respect to that, 'cause in that case, you want to err on the side of security.
But that's Google. They were doing a good job of this. - The reputational harm, if it got out. I mean, Google, why is Google drive-free? Because they want your data. They want you to park your data there. So if they got hacked or leaked information, the reputational harm would be tremendous.
- But for a company that's not, it's really hard to do that, right? And the company is not as big as Google or not as tech-savvy as Google, might have a lot of trouble with doing that kind of stuff. Instead of increasing security, they'll just decrease the efficiency. - Well, yeah.
So there's a big difference between IT and security. And unfortunately, these mid-side companies, they try to stack security into their IT department. Your IT department is about business continuity. They're about trying to move business forward. They want users to get the data they need to do their job so the company can grow.
Security is not that. They don't want you to get the data. But there's fine-tuning you can do to ensure that. I mean, as simple as having good onboarding procedures for employees. Like, you come into my company, you don't need access to everything. Maybe you need access to something for one day.
Turn the access on, don't leave it on. I mean, I was the victim of the OPM hack, the Office of Personnel Management, because old credentials from a third-party vendor were sitting there inactive. And the Chinese government found those credentials and were able to log in and steal all my information.
- So a lot could be helped if you just control the credentials, the access, the access control, how long they last. And people who need access to a certain thing only get access to that thing and nothing else. And then it just gets refreshed like that. - Access control, yeah, like we said, setting up people, leaving the company, get rid of their, they don't need control.
Two-factor authentication, that's a big thing. I mean, I sound like a broken record because this isn't anything new. This isn't rocket science. The problem is we're not implementing it. If we are, we're not doing it correctly because these guys are taking us. - Well, two-factor authentication is a good example of something that I just was annoyed by for the longest time.
Because yes, it's very good, but it seems that it's pretty easy to implement horribly to where it's not convenient at all for the legitimate user to use. It should be trivial to do, like to authenticate yourself twice should be super easy. - If security, if it's slightly inconvenient for you, it's think about how inconvenient it is for a hacker and how they're just gonna move on to the next person.
- Yes, yes, in theory, we implemented it extremely well. But I just don't think so. I think actually if it's inconvenient, it shows that system hasn't been thought through a lot. - Do you know why we need two-factor authentication? People using the same password across the same site. So when one site is compromised, people just take that username and password, it's called credential stuffing and just stuff it across the internet.
So if 10 years ago when we told everybody, "Don't use the same fucking password across the internet, "across vulnerable sites," maybe two-factor wouldn't be needed. - Yeah, so you wouldn't need two-factor if everyone did a good job with passwords. - Yeah. - Right, but I'm saying like the two-factor authentication, it should be super easy to authenticate myself with some other device really quickly.
Like it should be frictionless. - Like you just hit OK? - OK, and anything that belongs to me, yeah. And it should, very importantly, be easy to set up what belongs to me. I don't know the full complexity of the cyber attacks these platforms are under. They're probably under insane amount of attacks.
- Yeah, you've got it right there. - People have no idea, these large companies, how often they're attacked, on a per second basis. And they have to fight all that off and pick out the good traffic in there. So yeah, there's no way I'd wanna run a large tech company.
(Lex laughing) - Well, what about protecting individuals, for individuals? What's good advice to try to protect yourself from this increasingly dangerous world of cyber attacks? - Again, educate yourself that you understand there is a threat. First, you have to realize that. Then you're gonna step up and you're gonna do stuff a little bit more.
Sometimes, I guess, I think I take that to a little bit extreme. I remember one time, my mom called me and she was screaming that, "I woke up this morning and I just clicked on a link "and now my phone is making weird noises." And I was like, "Throw your phone in a glass of water.
"Just put it in a glass of water right now." And I made my mom cry. It was not a pleasant thing. So sometimes I go to a little extremes on those ones. But understanding there's a risk and making it a little bit more difficult to become a victim. I mean, just understanding certain things.
Simple things like, as we add more internet of the things to people's houses, I mean, how many wifi networks do people have? It's normally just one. And you're bumping your phones and giving your password to people who come to visit. Set up a guest network. Set up something you can change every 30 days.
Simple little things like that. I hate to remind you, but change your passwords. I mean, I feel like I'm a broken record again. But just make it more difficult for others to victimize you. - And then don't use the same password everywhere. - That, yes. I mean- - I still know people that do that.
- I mean, ask.fm.got popped last week, two weeks ago. And that's 350 million username and passwords with connected Twitter accounts, Google accounts, all the different social media accounts. That is a treasure trove for the next two and a half, three years of just using those credentials everywhere. Using, you'll learn, even if it's not the right password, you'll learn people's password styles.
Bad guys are making portfolios out of people. We're figuring out how people generate their passwords and kind of figuring, and then it's easier to crack their password. We're making a dossier on each person. It's 350 million dossiers just in that one hack. Yahoo, there was half a billion. So the thing a hacker would do with that is try to find all the low-hanging fruit, like have some kind of program that, yeah, evaluates the strength of the passwords, and then finds the weak ones.
That means that this person is probably the kind of person that would use the same password across multiple. - Or even just write a program into that. Remember the Ring hack a couple of years ago? That's all it was, it was credential stuffing. So Ring, the security system by default, had two-factor, but didn't turn it on.
And they also had a don't try unlimited tries to log into my account. You can lock it out after 10, by default, not turned on, 'cause it's not convenient for people. The Ring, it was like, I want people to stick these little things up and have security in their house, but cybersecurity, don't make it inconvenient, then people won't buy our product.
That's how they got hacked. They wanted to say that it's insecure and got hacked into, reputational harm right there for Ring, but they didn't. It was just credential stuffing. People bought username and passwords on the black market and just wrote a bot that just went through Ring and used every one of them to maybe 1% hit, but that's a big hit to the number of Ring users.
- You know, you can use also password managers to make the changing of the passwords easier. - And to make, you can charge the difficulty, the number of special characters, the length of it and all that. - My favorite thing is on websites, yell at you for your password being too long or having too many special characters, or like, yeah, you're not allowed to have this special character or something.
- You can only use these three special characters. Do you understand how password cracking works? If you specifically tell me which password, which special characters I can use? - I honestly just want to have a one-on-one meeting, like late at night with the engineer that programmed that, 'cause that's like an intern.
I just want to have a sit down meeting. - Yeah, I made my parents switch banks once because the security was so poor. I was like, you just, you can't have money here. - But then there's also like the zero-day attacks. Like I mentioned before the QNAP NAS that got hacked.
Luckily I didn't have anything private on there, but it really woke me up to like, okay, so like if you take everything extremely seriously. - Unfortunately for the end users, there's nothing you can do about a zero-day. It's, you have no control over that. I mean, the engineers that made the software don't even know about it.
Now let's talk about one days. So there's a patch now out there for the security. So if you're not updating your systems for these security patches, if it's just not on you, my father-in-law has such an old iPhone, you can't security patch it anymore. So, and I tell him, I said, this is what you're missing out on.
This is what you're exposing yourself to, because, you know, we talked about that powerful tool that how we found Ross Ulbrich at gmail.com. Well, bad guys are using that too. It's called, you know, it used to be called Google dorking. Now it's, I think it's named kind of Google hacking by the community.
You can go in, you know, and find a vulnerability, read about the white paper, what's wrong with that software. And then you can go on the internet and find all of the computers that are running that outdated software. And there's your list, there's your target list. - Yeah. - I know the vulnerabilities that are running.
Again, not making a playbook here, but, you know, that's how easy it is to find your targets. And that's what the bad guys are doing. - Then the reverse is tough. It's much tougher, but it's still doable, which is like first find the target. If you have specific targets, to, you know, hack into a Twitter account, for example.
- Much harder. - That's probably social engineering, right? That's probably the best way. - Probably, if you want something specific to that. I mean, if you really want to go far, you know, if you're targeting a specific person, you know, how hard is it to get into their office and put a, you know, a little device, USB device in line with their mouse, who checks how their mouse is plugged in.
And you can, for 40 bucks on the black market, you can buy a key logger that just USB, then the mouse plugs right into it. It looks like an extension on the mouse. If you can even find it, you can buy the stuff with a mouse inside of it and just plug it into somebody's computer.
And there's a key logger that lives in there and calls home, sends everything you want. So, I mean, and it's cheap. - Yeah, in grad school, a program that built a bunch of key loggers, it was fascinating, a tracking mouse, just for, I was doing as part of the research, I was doing to see if by the dynamics of how you type and how you move the mouse, you can tell who the person is.
- Oh, wow. - That's like, it's called the active authentication, like it's basically biometrics that's not using bio to see how identifiable that is. So it's fascinating to study that, but it's also fascinating how damn easy it is to install key loggers. So I think it's natural, what happens is you realize how many vulnerabilities there are in this world.
You do that when you understand bacteria and viruses, you realize they're everywhere. And the same way with, I'm talking about biological ones, and then you realize that all the vulnerabilities that are out there. One of the things I've noticed quite a lot is how many people don't log out of their computers.
Just how easy physical access to systems actually is. Like in a lot of places in this world, and I'm not talking about private homes, I'm talking about companies, especially large companies. It seems quite trivial in certain places that I've been to, to walk in and have physical access to a system.
And that's depressing to me. - It is. It just, I laugh because one of my partners at Naxo that I work at now, he worked at a big company. You would know the name as soon as I told you, I'm not gonna say it. But the guy who owned the company, and the company has his name on it, didn't want to ever log into a computer.
It just annoyed the shit out of him. So they hired a person that stands next to his computer when he's not there, and that's his physical security. - See, that's good. That's pretty good, actually. - Yeah, I mean, I guess if you could afford to do that. - At least you're taking your security seriously.
I feel like there's a lot of people in that case would just not have a login. - Yeah. No, the security team there had to really work around to make that work, non-compliant with the company policy. - But that's interesting. The key log, there's a lot of, there's just a lot of threats.
- Yeah, I mean-- - There's a lot of ways to get in. - Yeah, I mean, so you can't sit around and worry about someone physically gaining access to your computer with key logger and stuff like that. You know, if you're traveling to a foreign country and you work for the FBI, then yeah, you do.
You pick little, you know, sometimes some countries you would bring a fake laptop just to see if they stole it or accessed it. - I really want, especially in this modern day, to just create a lot of clones of myself that generate Lex sounding things and just put so much information out there.
I actually dox myself all across the world. - And then you're not a target, I guess. Just put it out there. I've always said that, though. We do these searches in FBI houses and stuff like that. If someone just got a box load of 10 terabyte drives and just encrypted them, oh my God, do you know how long the FBI would spin their wheels trying to get that data off there?
It'd be insane. - Oh, so just give 'em-- - You don't even know which one you're looking for. - Yeah. That's true, that's true. So it's like me printing a treasure map to a random location, just get people to go on goose chases. - Yeah, what about operating system?
What have you found, what's the most secure and what's the least secure operating system, Windows, Linux? Is there no universal? - There's no universal security. I mean, it changed. People used to think Macs were the most secure just 'cause they just weren't out there, but now kids have had access to them.
So I know you're a Linux guy. I like Linux too, but it's tough to run a business on Linux. People wanna move more towards the Microsofts and the Googles just 'cause it's easier to communicate with other people that maybe aren't computer guys. So you have to just take what's best, what's easiest, and secure the shit out of it as much as you can and just think about it.
- What are you doing these days at Nexo? - So we just started Nexo. So I left the government and went to a couple consultancies and I started working, really all the people I worked good in the government with, I brought them out with me. And now-- - You used to work for the man and now you're the man.
- Exactly. But now we formed a partnership and it's a new cybersecurity firm. Our launch party is actually on Thursday, so it's gonna be exciting. - Do you wanna give more details about the party so that somebody can hack into it? - No, I don't think I can tell you where it is.
You can come if you want, but don't bring the hackers. Hector will be there. - I can't believe you invited me 'cause you also say insider threat is the biggest threat. By the way, can you explain what the insider threat is? - The biggest insider threat in my life is my children.
My son's big into Minecraft and will download executables mindlessly and just run them on the network. So he is-- - Do you recommend against marriage and family and kids? - Nope, nope. - From a security perspective. - From a security perspective, absolutely. But no, I just, segmentation. I mean, we do it in all businesses for years.
Started segmenting networks, different networks. I just do it at home. My kid's on his own network. It makes it a little bit easier to see what they're doing too. You can monitor traffic and then also throttle bandwidth if your Netflix isn't playing fast enough or buffers or something. So you can obviously change that a little too.
- You know they're gonna listen to this, right? They're gonna get your tricks. - Yeah, they'll definitely will listen. But there's nothing more humbling than your family. You think you've done something big and you go on a big podcast and talk to Les Freeman, they don't fucking care. - Unless you're on TikTok or shit.
- Yeah, you'll show up on a YouTube feed or something like that. And they'll be like, oh yeah. - Whatever, this guy's boring. - My son does a podcast for his school and I still can't get him to tell. So Hector and I just started a podcast talking about cybersecurity.
We do a podcast called Hacker in the Fed. It just came out yesterday. So first episode. So yeah, we got 1,300 downloads the first day. So pretty, we were at the top of Hacker News, which is a big website in our world. - So it's called Hacker in the Fed?
- Hacker in the Fed's the name of it. - Go download and listen to Hacker in the Fed. I can't wait to see what, 'cause I don't think I've seen a video of you two together. So I can't wait to see what the chemistry is like. It's not weird that you guys used to be enemies and now you're friends?
- So yeah, I mean, we just did a trailer and all that. And our producer, we have a great producer guy named Phineas and he kind of pulls things out of me. And I said, okay, I got one. My relationship with Hector, we're very close friends now. And I was like, oh, I arrested one of my closest friends.
Which is a very strange relationship. - Yeah, it's weird. - But he says that I changed his life. I mean, he was going down a very dark path and I gave him an option that one night and he made the right choice. I mean, he now does penetration testing.
He does a lot of good work and he's turned his life around. - Do you worry about cyber war in the 21st century? - Absolutely. If there is a global war, it'll start with cyber. If it's not already started. - Do you feel like there's a boiling, like the drums of war are beating?
What's happening in Ukraine with Russia? It feels like the United States becoming more and more involved in the conflict in that part of the world. And China is watching very closely, is starting to get involved geopolitically and probably in terms of cyber. Do you worry about this kind of thing happening in the next decade or two, like where it really escalates?
You know, people in the 1920s were completely terrible at predicting the World War II. Do you think we're at the precipice of war, potentially? - I think we could be. I mean, I would hate to just be, you know, just fear mongering out there, you know, COVID's over, so the next big thing in the media is war and all that.
But I mean, there's some flags going up that are very strange to me. - Is there ways to avoid this? - I hope so. I hope smarter people than I are figuring it out. I hope people are playing their parts and talking to the right people because war is the last thing I want.
- Well, there's two things to be concerned about on the cyber side. One is the actual defense on the technical side of cyber. And the other one is the panic that might happen when something like some dramatic event happened because of cyber, some major hack that becomes public. I'm honestly more concerned about the panic because I feel like if people don't think about this stuff, the panic can hit harder.
Like if they're not conscious about the fact that we're constantly under attack, I feel like it'll come like a much harder surprise. - Yeah, I think people will be really shocked on things. I mean, so we talked about LULSIC today and LULSIC was 2011. They had access into the water supply system of a major US city.
They didn't do anything with it. They were sitting on it in case someone got arrested and they were gonna maybe just expose that it's insecure. Maybe they were gonna do something to fuck with it. I don't know. But that's 2011. I don't think it's gotten a lot better since then.
- And there's probably nation states or major organizations that are sitting secretly on hacks like this. - 100%, 100% they are sitting secretly waiting to expose things. I mean, again, I don't wanna scare the shit out of people, but people have to understand the cyber threat. I mean, there are thousands of nation state hackers in some countries.
I mean, we have them too. We have offensive hackers. - You know, the terrorist attacks of 9/11, there's planes that actually hit actual buildings and it was visibly clear and you can trace the information. With cyber attacks, say something that would result in a major explosion in New York City, how the hell do you trace that?
Like if it's well done, it's going to be extremely difficult. The problem is there's so many problems. One of which the US government in that case has complete freedom to blame anybody they want. - True. - And then to go start war with anybody, anybody that actually see, that's sorry, that's one cynical take on it, of course.
- No, but you're going down the right path. I mean, the guys that flew planes in the buildings wanted attribution. They took credit for it. When we see the cyber attack, I doubt we're going to see attribution. Maybe the victim side, the US government on this side might come out and try to blame somebody.
But you know, like you've brought up, they could blame anybody they want. There's not really a good way of verifying that. - Can I just ask for your advice? So in my personal case, am I being tracked? How do I know? How do I protect myself? Should I care?
- You are being tracked. I wouldn't say you're being tracked by the government. You're definitely being tracked by big tech. - No, I mean, me personally, Lex, at an escalated level. So like, like you mentioned, there's an FBI file on people. - Sure. - I'd love to see what's in that file.
(laughing) Who did I have the argument for? Oh, let me ask you, FBI. - Yeah. - How's the cafeteria food in FBI? - At the Academy, it's bad. - Yeah. What about like- - At headquarters? - Headquarters. - A little bit better, 'cause that's where the director, I mean, he eats up on the seventh floor.
- Have you been like at Google? Have you been to Silicon Valley, those cafeteria, like those- - I've been to the Google in Silicon Valley. I've been to the Google in New York. - Yeah, the food is incredible. - It is great. - So FBI's worse. - Well, when you're going through the Academy, they don't let you outside of the building.
So you have to eat it. And I think that's the only reason people eat it. - Okay. - It's pretty bad. - I got it. Okay, I don't know why I asked- - But there's also a bar inside the FBI Academy. People don't know that. - Alcohol bar? - Yes, alcohol bar.
And as long as you've passed your PT and going well, you're allowed to go to the bar. - Nice. It feels like if I was a hacker, I would be going after like celebrities, 'cause they're a little bit easier, like celebrity celebrities, like Hollywood. - The Hollywood nudes were a big thing there for a long time.
- But now, yeah, I guess nudes- - That's what they went after. I mean, all those guys, they socialized. They social engineered Apple to get backups, to get the recoveries for backups. And then they just pulled all their nudes. And I mean, whole websites were dedicated to that. - Yeah, see that?
See, I wouldn't do that kind of stuff. It's very creepy. I would go, if I was a hacker, I would go after like major, like powerful people and like tweet something from their account and like something that, like positive, like loving, but like for the walls, the obvious that it's a troll.
- God, you get busted so quick. - By a bad hacker. - Really, but why? - Because hackers never put things out about love. - Oh, you mean like, this is clearly- - Yeah, this is clearly Lex. - What the fuck? - He talks about love in every podcast he does.
- I would just be like, no, oh, goddammit, now somebody's gonna do it. You'll blame me. It wasn't me. - Looking back at your life, is there something you regret? - I'm only 44 years old, I'm already looking back. - Is there stuff that you regret? - EV unit.
Got away. - It's always the one that got away. - Yeah, I mean, it took me a while into my law enforcement career to learn about like the compassionate side and it took Hector Monsiger to make me realize that criminals aren't really criminals, they're human beings. That really humanized the whole thing for me, sitting with him for nine months.
I think that's maybe why I had a lot more compassion when I arrested Ross. Probably wouldn't have been so compassionate if it was before Hector, but yeah, he changed my life and showed me that humanity side of things. - So would it be fair to say that all the criminals, or most criminals are just people that took a wrong turn at some point?
They all have the capacity for good and for evil in them? - I'd say 99% of the criminals that I've interacted with, yes, the people with the child exploitation, no, I don't have any place in my heart for them. - What advice would you give to people in college, people in high school, trying to figure out what they wanna do with their life?
How to have a life they can be proud of, how to have a career they can be proud of, all that kind of stuff. - In the US budget that was just put forward, there's $18 billion for cybersecurity. We're about a million people short of where we really should be in the industry, if not more.
If you have, want job security and want to work and see exciting stuff, head towards cybersecurity. It's a good career. And one thing I dislike about cybersecurity right now is they expect you to come out of college and have 10 years experience in protecting and knowing every different Python script out there and everything available.
The industry needs to change and let the lower people in in order to broaden and get those billion jobs filled. But as far as their personal security, just remember, it's all gonna follow you. I mean, there's laws out there now that you have to turn over your social media accounts in order to have certain things.
They just changed that in New York state. If you wanna carry a gun, you have to turn over your social media to figure if you're a good social character. So hopefully you didn't say something strange in the last few years and it's gonna follow you forever. I bet Ross Ulbrich would tell you the same thing, don't put rossulbrich@gmail.com on things 'cause it's gonna last forever.
- Yeah, people sometimes, for some reason, they interact on social media as if they're talking to a couple of buddies, like just shooting shit and mocking and like, what is that, busting each other's chops, like making fun of yourself, like being, especially gaming culture, like people who stream. - Thank God that's not recorded.
Oh my God, the things people say on those streams. - Yeah, but a lot of them are recorded. That's just so there's a whole Twitch thing where people stream for many hours a day. And I mean, just outside of the very offensive things they say, they just swear a lot.
They're not the kind of person that I would wanna hire, I wanna work with. Now, I understand that some of us might be that way privately, I guess, when you're shooting shit with friends, like playing a video game and talking shit to each other, maybe, but like that's all out there.
You have to be conscious of the fact that that's all out there. And it's just not a good look. It's not like you're, you should, it's complicated 'cause I'm like against hiding who you are. - If you're an asshole, you should hide some of it. - Yeah, but like, I just feel like it's going to be misinterpreted.
When you talk shit to your friends while you're playing video games, it doesn't mean you're an asshole. 'Cause you're an asshole to your friend, but that's how a lot of friends show love. - Yeah, an outside person can't judge how I'm friends with you. If I wanna be, this is our relationship.
If that person can say that I'm an asshole to them, then that's fine, I'll take it. But you can't tell me I'm an asshole to them just because you saw my interaction. I agree with that. - They'll take those words out of context and that's considered who you are is dangerous.
And people take that very nonchalantly. People treat their behavior on the internet very, very carelessly. That's definitely something that you need to learn and take extremely seriously. Also, I think that taking that seriously will help you figure out who you, what you really stand for. If you use your language carelessly, you'd never really ask, what do I stand for?
I feel like it's a good opportunity when you're young to ask what are the things that are okay to say? What are the things, what are the ideas I stand behind? Especially if they're controversial and I'm willing to say them because I believe in them versus just saying random shit for the lols.
'Cause for the random shit for the lols, keep that off the internet. That said, man, I was an idiot for most of my life and I'm constantly learning and growing. I'd hate to be responsible for the kind of person I was in my teens, in my 20s. I didn't do anything offensive, but it just changed as a person.
Like I used to, I guess I probably still do, but I used to read so much existential literature. That was a phase. There's like phases. - Yeah, you grow and evolve as a person that changes you in the future. Yeah, thank God there wasn't social media when I was in high school.
Thank God. Oh my God, I would never have gotten the FBI. - Would you recommend that people consider a career at a place like the FBI? - I loved the FBI. I never thought I would go anyplace else, but the FBI, I thought I was gonna retire with the gold watch and everything from the FBI.
That was my plan. - You get a gold watch? - No, but you know what it is, it's a, oh, it's an expression of colonialism. You get a gold badge, you actually get your badge in Lucite and your creds, they put it in Lucite and all that, so. - Does it, by the way, just on a tangent, since we like those, does it hurt you that the FBI by certain people is distrusted or even hated?
- 100%, it kills me. I've never until recently not, sometimes be embarrassed about the FBI sometimes, which is really, really hard for me to say 'cause I love that place. I love the people in it. I love the brotherhood that you have with all the guys in your squad, guys and girls.
I just use guys, you know. I developed a real drinking problem there because we were so social of going out after work and continuing on, it really was a family. So I do miss that. But yeah, I mean, if someone can become an FBI agent, I mean, it's pretty fucking cool, man.
The day you graduate and walk out of the academy with a gun and a badge and the power to charge someone with a misdemeanor for flying a United States flag at night, that's awesome. - So there is a part of representing and loving your country, and especially if you're doing cyber security.
So there's a lot of technical savvy in different places in the FBI. - Yeah, I mean, there's different pieces. Sometimes you'll see an older agent that's done not cyber crime come over to cyber crime at the end so he can get a job once he goes out. But there's also some guys that come in.
I won't name his name, but there was a guy, I think he was a hacker when he was a kid, and now he's been an agent. Now he's way up in management. Great guy, I love this guy. And he knows who he is if he's listening. He had some skills.
But we also lost a bunch of guys that had some skills because we had one guy in the squad that he had to leave the FBI 'cause his wife became a doctor and she got a residency down in Houston and she couldn't move. He wasn't allowed to transfer, so he decided to keep his family versus the FBI.
So there's some stringent rules in the FBI that need to be relaxed a little bit. - Yeah, I love hackers turned leaders. Like one of my quickly becoming good friends is Mudge. He was a big hack in the '90s, and then now was recently Twitter chief security officer, CSO, but he had a bunch of different leadership positions, including being my boss at Google, but originally a hacker.
It's cool to see hackers become leaders. - I just wonder what would cause him to stop doing it, why he would then take a managerial route, very high-tech companies versus-- - I think a lot of those guys, so this is like the '90s, they really were about the freedom.
There's a philosophy to it. And when I think the hacking culture evolved over the years, and I think when it leaves you behind, you start to realize like, oh, actually what I wanna do is I wanna help the world, and I can do that in legitimate routes and so on.
But that's the story that, and yeah, I would love to talk to him one day, but I wonder how common that is too, like young hackers turn good. You're saying it like pulls you in. If you're not careful, it can really pull you in. - Yeah, you're good at it, you become powerful, you become, everyone's slapping you on the back and say what a good job and all that at a very young age.
- Yeah. - Yeah, I would love to get into my buddy's mind on why he stopped hacking and moved on. That's gonna be a good conversation. - In his case, maybe it's always about a great woman involved, a family and so on that grounds you. Because there is a danger to hacking that once you're in a relationship, once you have family, maybe you're not willing to partake in.
What's your story? What, from childhood, what are some fond memories you have? - Fond memories? - Where did you grow up? - Well, I don't give away that information. - In the United States? - Yeah, yeah, yeah, in Virginia. - In Virginia. - Yeah. - What are some rough moments, what are some beautiful moments that you remember?
- I had a very good family growing up. The rough moment, and I'll tell you a story that just happened to me two days ago and it fucked me up, man, it really did. And you'll be the first, I've never told, I tried to tell my wife this two nights ago and I couldn't get it out.
So my father, he's a disabled veteran, or he was a disabled veteran, he was in the army and got hurt and was in a wheelchair his whole life for all my growing up. He was my biggest fan. He just wanted to know everything about what was going on in the FBI, my stories.
I was a local cop before the FBI and I got into a high-speed car chase, foot chase and all that, and kicking doors in. He wanted to hear all those stories. And at some points I was kind of too cool for school and, "Ah, dad, I just want a break," and all that, and things going on.
We lost my dad during COVID, not because of COVID, but it was around that time, but it was right when COVID was kicking off. And so he died in the hospital by himself and I didn't get to see him then. And then my mom had some people visiting her the other night, Tom and Karen Roggeberg, and I'll say they're my second biggest fans, right behind my dad.
They always asking about me and my career and they read the books and seen the movie. They'll even tell you that "Silk Road" movie was good. (laughing) They'll hide you on that. But, and so they came over and I helped them with something and my mom called me back a couple of days later and she said, "I appreciate you helping them.
"I know fixing someone's Apple phone over the phone "really isn't what you do for a living. "It's kind of beneath you and all that, "but I appreciate it." And she said, "Oh, they loved hearing the stories "about 'Silk Road' and all those things." And she goes, "Your dad, he loved those stories.
"I just wish he could have heard them." He even would tell me, he would say, "Maybe Chris will come home and I'll get him drunk "and he'll tell me the stories." But, and then she goes, "Maybe one day in heaven "you can tell him those stories." And I fucking lost it.
I literally stood in my shower sobbing like a child. Like just thinking about like, all my dad wanted was those stories. - Yeah. - And now I'm on a fucking podcast telling the stories to the world and I did tell him. Yeah, so. - Did you ever have like a long heart to heart with him about like, about such stories?
- He was in the hospital one time and I went through and I want to know about his history, like his life, what he did. And I think he may be sensationalized some of it, but that's what you want. Your dad's a hero, so you want to hear those things.
- He's a good storyteller? - Yeah, again, I don't know what was true and not true, but you know, some of it was really good and it was just good to hear his life. But you know, we lost him and now those stories are gone. - You miss him?
- Yeah. - What did he teach you about what it means to be a man? - So my dad, he was an engineer. And so part of his job, we worked for Vermont Power and Electric or whatever it was. I mean, when he first got married to my mom and all that, like he flew around in a helicopter, checking out like power lines and dams.
He used to swim inside Scuba into dams to check to make sure they were functioning properly and all that. Pretty cool shit. And then he couldn't walk anymore. I probably would have killed myself if my life switched like that so bad. And my dad probably went through some dark points, but he had that from me, maybe.
And so to get through that struggle, to teach me like, you know, you press on, you have a family, people count on you, you do what you gotta do. That was big. Yeah. - I'm sure you make him proud, man. - I'm sure I do, but I don't think he knew that, that I knew that.
- Well, you get to pass on that love to your kids now. - I try, I try, but I can't impress them as much as my dad impressed me. I can try all I want, but. - Well, what do you think is the role of love? 'Cause you gave me some grief, you busted my balls a little bit for talking about love a lot.
What do you think is the role of love in the human condition? - I think it's the greatest thing. I think everyone should be searching for it. If you don't have it, find it, get it as soon as you can. I love my wife, I really do. I had no idea what love was until my kids were born.
My son came out and, this is a funny story, he came out and I just wanted him to be safe and be healthy and all that. And I said to the doctor, I said, "10 and 10, doc, 10 fingers, 10 toes, everything good?" And he goes, "Eh, nine and nine." I was like, "What the fuck?" He's like, "Oh, this is gonna suck." Okay, we'll deal with it and all that.
He was talking about the Apena card score or some score about breathing and color and all that. And I was like, "Oh, shit." But no one told me this. But so I'm just sobbing. I couldn't even cut the umbilical cord. Just fell in love with my kids when I saw them.
And that to me really is what love is, just for them, man. - And I see that through your career that love developed, which is awesome. Being able to see the humanity in people. - I didn't when I was young, the foolishness of youth. I needed to learn that lesson hard.
When I was young in my career, it was just about career goals and arresting people became stats. You arrest someone, you get a good stat, you get an atta boy, maybe the boss likes it and you get a better job or you move up the chain. It took a real change in my life to see that humanity.
- And I can't wait to listen to you talk, which is probably hilarious and insightful given the life of the two you lived and given how much you've changed each other's lives. I can't wait to listen, brother. Thank you so much. This is a huge honor. You're an amazing person with an amazing life.
This was an awesome conversation. - Dude, huge fan. I love the podcast. Glad I could be here. Thanks for the invite. So, exercise in the brain too. It was great. Great conversation. - And the heart too, right? - Oh, yeah, yeah. You got some tears there at the end.
- Thanks for listening to this conversation with Chris Darbell. To support this podcast, please check out our sponsors in the description. And now, let me leave you with some words from Benjamin Franklin. They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
Thank you for listening and hope to see you next time. (upbeat music) (upbeat music)