139: D3f4ult
This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made.
Sponsors
Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.
Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools.
Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries.
Sources
https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban
https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/
https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/
https://archive.ph/Si79V#selection-66795.5-66795.6
https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html
Listen and follow along
Transcript
Was this after you went to prison?
Uh, what was after when I went to prison?
Yeah, you had a million dollars in crypto.
Um, no, that was before.
Okay, um, well, I want to get it.
I want to get into all that.
Yeah, it's it's honestly a lot.
Okay, well, this is good.
I'm glad that your story is uh strange.
Well, it's made
very long and strange.
And honestly, for me, I lived it and told it so many times that it's so normalized.
Yeah,
that I'm just like, yeah,
I did this and that and I yeah I went to federal prison for five years they're like holy shit and I'm like yeah I know it's crazy right okay it's um well then I'm excited there's a lot to cover yeah I'm excited to do it I want you want to start all the way like you didn't give me like a
any kind of reference for how you wanted to go about this um
so i just want to get a verbal confirmation for um i don't know legal reasons or whatever it's okay to record this call to to use on the podcast Darknet Diaries.
Is that okay with you?
Yeah, of course.
These are true stories from the dark side of the internet.
I'm Jack Reeseider.
This is Darknet Diaries.
This episode is sponsored by my friends at Black Hills Information Security.
Black Hills has earned the trust of the cybersecurity industry since John Strand founded it in 2008.
Through their anti-siphon training program, they teach you how to think like an attacker.
From SOC analyst skills to how to defend your network with traps and deception, it's hands-on, practical training built for defenders who want to level up.
Black Hills loves to share their knowledge through webcasts, blogs, zines, comics, and training courses all designed by hackers.
For hackers.
But do you need someone to do a penetration test to see where your defenses stand?
Or are you looking for 24-7 monitoring from their active SOC team?
Or maybe you're ready for continuous pen testing where testing never stops and your systems stay battle ready all the time.
Well, they can help you with all of that.
They've even made a card game.
It's called Backdoors and Breaches.
The idea is simple.
It teaches people cybersecurity while they play.
Companies use it to stress test their defenses.
Teachers use it in the classroom to train the next generation.
And if you're curious, there's a free version online that you can try right now.
And this fall, they're launching a brand new competitive edition of Backdoors and Breaches where you and your friends can go head to head hacking and defending just like the real thing.
Check it all out at blackhillsinfosec.com/slash darknet.
That's blackhillsinfosec.com/slash darknet.
This show is sponsored by Delete Me.
DeleteMe makes it easy, quick, and safe to remove your personal data online at a time when surveillance and data breaches are common enough to make everyone vulnerable.
Delete Me knows your privacy is worth protecting.
Sign up and provide DeleteMe with exactly what information you want deleted, and their experts will take it from there.
DeleteMe is always working for you, constantly monitoring and removing the personal information you don't want on the internet.
They're even on the lookout for new data leaks that might re-release info about you.
Privacy is a super important topic for me.
So a year ago, I signed up.
Delete Me immediately got busy scouring the internet looking for my name and gave me reports of what they found.
Then they got busy deleting things.
It was great to have someone on my team when it comes to protecting my privacy.
Take control of your data and keep your private life private by signing up for Delete Me.
Now at a special discount for my listeners, get 20% off your Delete Me plan when you go to joindeleatme.com slash darknet diaries and use promo code DD20 at checkout.
The only way to get 20% off is to go to joindeleteme.com/slash darknet diaries and enter code dd20 at checkout.
That's join delete me.com slash darknet diaries code dd20.
Explicit content warning.
This episode has some language in it that might not be suitable for all audiences.
Okay, hi, welcome to the show.
I want you to meet a fellow named Just, well, let's just call him default.
As a teenager, I was in Newport News, Virginia with
my dad.
He worked for the government.
So as a teenager, what was your relationship with the government?
Were you politically
active?
Was your dad politically active?
No, not whatsoever.
I didn't pay attention to that kind of stuff when I was younger.
I was just
a nerd, you know, liked to play video games, was very active in sports, very active in sports, actually.
I used to play like four soccer teams year-round
and was big into like competitive video games, like
you know, Halo, Call of Duty, even like Super Smash Bros.
Eventually, if you're into gaming,
you stumble down the rabbit hole of like finding hacks to you know increase your experience in the game, whether it's like modding or J tagging or whatever it may be.
So as a teen, he was playing RuneScape, and one day he got in an argument with someone in the game who threatened to hack him.
And suddenly, his computer went to a blue screen and wouldn't booed up after that.
That's what got him interested in hacking.
Since as far back as I can remember, I've always had a very inquisitive mindset, like extremely.
I always questioned everything and not just questioned everything, like I wanted to know how things work.
I'm like, why does this happen?
How does this happen?
This led him to understand that you can get computers to do things that you shouldn't be allowed to do.
And he got curious and wanted to learn more about how they work.
Then one day his mom grounded him.
Banned from the internet for a week.
Well, Curious Little Default tried to crack his neighbor's Wi-Fi and sure enough was able to do it.
and he got back online.
That was like
it opened my eyes to the possibilities that I'm not even aware of.
I'm like, I want to know more about this.
Like my mom just took away my internet.
I just downloaded this program, hacked my neighbor's Wi-Fi and I'm back online within like 10 minutes.
And to me, that was like so powerful.
Like I took the power back from my parents or whatever.
And so I started delving deep into this stuff.
An Alta Vista search about hacking might have led you to a message board.
And the message board would have introduced you to hacker tools.
And those tools might be made by a certain group of people.
And those groups would be present.
on IRC, a chat room.
Getting in the chat room might not be so easy though.
It might be invite only.
So you got to message the channel operators to ask permission to join.
But they'll deny you because they don't know you.
But you notice the person who denied you to get in is also in another chat room.
So you join that one to see what's going on there.
and you eventually find your way into some hacker chat rooms.
Now, the year was 2008 and being on IRC and in hacker chat rooms in 2008 was a very,
very special time and place to be.
Those who were there will never forget those years.
In fact, the whole world will never forget what happened then.
This was the heyday of Anonymous.
And default found his way right into the heart of it.
Like, even when I look back now at, you know, quote-unquote anonymous, I still cringe, but I still feel like it was necessary.
It was like a necessary stepping stone
in the hacking collective conclave, whatever, to get to
where we're at today.
It's just, it was necessary.
It was people congregating for similar belief systems and standing up for something.
It had its place in time.
The anonymous chat room was a hot mess.
The biggest disaster of a chat room you've ever seen.
Whatever you can imagine is the most awful picture ever.
Double that.
And then spam it to the chat room.
That's what was going on there.
Gore, brutality, pornography, vile and disgusting imagery.
It was kind of a hazing experience that you had to get through in order to find your way deeper into anonymous.
Sometimes new people would be asked to eat a stick of butter or a tube of toothpaste on camera to prove yourself.
Because here's the thing, cops, feds, journalists, security researchers, and normies would show up in these chat rooms and if they pop in to see what's going on and it's just full of gory imagery, a lot of them can't handle it.
They might vomit even and then just nope right out of there.
Spamming the most graphic and awful pictures was like a firewall of some kind.
But if you could tolerate it, building calluses on your eyes, and start talking with people through the noise, you might be welcomed deeper into the pockets of anonymous.
It was a double-edged sword.
Yeah, we're all anonymous.
But so are the, you know, the feds that are infiltrating it that you don't know about.
So that's why all of the really elite programmers and hackers like spawned off into their own little small groups where they can like vet the members and make sure that they're not, you know, like feds.
Like, oh, well, go hack this website and like basically commit a crime to prove to me that you're not a fed.
Whereas anonymous is just like, you don't know who's in here.
This made the edges of anonymous even more fuzzy.
New groups were forming out of it and they had their own ideas and agendas.
And they'd look back at the anonymous chat rooms and think, those cats are cringe.
We don't want to be affiliated with that stupid stuff.
We're our own group.
And IRC hacking groups would come out of anonymous.
Some were loosely affiliated.
Some were even anti-anonymous themselves.
There was infighting too, doxing people from other anonymous groups and other hacking groups.
It was a real mess.
Some other groups that were springing up in that time, coming out of anonymous, were like LulSac, Team Poison, Ugg Nazi, HTP.
And some people in these groups were getting arrested and then working with the feds to catch other hackers.
Things weren't safe.
You always had to be looking over your shoulders in these chat rooms.
You just didn't know who to trust in there.
It became very obvious: like, we need to move more underground and
be a lot more selective with the individuals that we're interacting with on a daily basis.
So
I moved on to basically my doing stuff myself and kind of becoming associates with other hacking groups.
Started learning from Team Poison, like MLT.
I actually knew Trick too.
I don't know if you're aware of who Trick was.
Yeah, in fact, I do know who Trick was very well.
I did a whole episode about him called Team Poison.
That's episode 109.
But the scene was so hard to navigate, to know who to trust.
It almost became a thing that if you were hacking into stuff, breaking laws, then you were trusted.
You must not be a Fed if you're able to break the law.
Everyone else keeps them at arm's length.
Now, the thing is, at this little time and place in the world, hacks were happening everywhere you looked.
Some from Anonymous, some from Anonymous Adjacent, some from crews that were anti-anonymous.
But what was their motivation?
Some were politically motivated.
Some wanted to get revenge.
Some wanted to amplify a cause or an idea.
And if you deface a big website and write with big letters on the front page something about your cause, it brings more awareness to it.
Default was hacking into stuff too.
But what was his motivation?
So I didn't really develop any kind of like altruistic ideology for a little while.
It was more just all curiosity based and learning.
I was obsessed with learning more and more as much as I could because
I thought it was so intriguing, you know, if I could shell this website and then if I can root it and then if I can like you know get access to all the other subdomains and um it was really just a bunch of challenges So I always
was just pushing myself to learn new things.
Okay, I see.
He's interested in learning, and his crime is curiosity.
It reminds me of that scene from the movie Hackers, which came out in 1995.
Listen.
This is our world now.
The world of the electron and the switch, the beauty of the bond.
We exist without nationality, skin color, or religious bias.
You wage wars, murder, cheat, lie to us, and try to make us believe it's for our own good, yet we're the criminals.
Yes, I am a criminal.
My crime is that of curiosity.
I am a hacker, and this is my manifesto.
Huh?
Right?
Manifesto?
You may stop me, but you can't stop us all.
Even though that's a scene from the 90s movie Hackers, that manifesto was actually written in 1986, a full 20 years before Anonymous would start making a name for itself.
Yet it feels like that's absolutely something Anonymous would say.
So I joined into a group called Anon Ghost, which there were some really competent people in there, but like as time progressed, their leaders started becoming radicalized members supporting ISIS.
So I had to diverge away from them.
And then I joined a group called Anonsec which people I hated the name and wanted to change it because it got associated with anonymous so much and I had like a disdain for anonymous at that time like heavily because
that's not where the most technologically advanced hackers were at.
Like none of them are in anonymous and
That really bothered me that some of our hacks got attributed to anonymous I eventually ended up like taking over the group.
But that's I think that's where I started to get more politically motivated and we did a whole bunch of
different operations like I think one of our first one was
Operation Detroit
where they were having you know, it's like really similar to the Flint, Michigan issue with the water, but it had more to do with the corruption in the government there and the fact that they have a really messed up system for how their water is distributed.
Okay, so this was a big deal.
Default and the crew he was in wanted to take out Detroit's water payment system.
Someone in the channel suggested they hit the site with Loic, the low orbit ion cannon.
This is a basic tool.
You just point and shoot it, but it floods the target IP with loads of traffic, overwhelming it, so it can't handle legitimate customers.
Sometimes it'll even drop dead from the flood of connections.
But then someone else is like, nah, screw Loick, that's lame and it isn't safe.
Let's use Tor's hammer.
And so someone started passing Tor's hammer around the chat.
And this also floods the target with a whole bunch of traffic, but it uses Tor to route all the traffic through it, hiding where the attack is coming from.
So the members all fired this up and together launched an attack on Detroit's water payment system.
And immediately it went offline.
No one could pay their water bill.
So that was like our first segue into like politically motivated stuff because
you know it pissed me off and it was like I can we can actually do something about this.
It's like okay well now nobody's gonna pay you.
So you're not gonna get any payments.
So
what are you gonna do now?
And
honestly, we kept their that part of their web server down for like, I think two months.
So
not really sure the equivalent of financial laws that they had for that, but it was significant enough for them to make announcements and changes and launch investigations into who was doing this.
And actually one of the members of our group got arrested for this.
There's something empowering about pulling off something like this.
You feel like the world bends to you and your whims.
There's a shift in control and that control can become intoxicating.
It was just kind of like us sitting around in our IRC chat rooms and being like,
well,
what pisses you off?
Or what do you hate?
And I remember somebody being like, I can't stand pedophiles.
I think they're like the scum of the earth.
And I was like, yeah,
I think everyone could agree with that I think everyone can get on board with this
Hmm pedophiles have been sort of hated universally within anonymous in these chat rooms where anything was allowed and free speech rules pedophilia was not allowed which I've always been fascinated by that that's the common denominator that everyone agreed on It didn't matter what group you were in or political affiliation or a cause that was important to you.
Pedophilia was wrong to everyone.
Which you might think, yeah, duh, of course that's wrong.
Draw that line.
But why there?
Why not ban pictures of murdered people or pictures of people having sex with animals or pictures of torture?
All that was approved.
Hell, there was a video of two girls eating poo, which was a real big hit in these channels.
Like nothing you could possibly present to this crowd shocked them or made them care.
except pedophilia.
That was going too far.
So imagine, if you will, being a teenager, having these hacking skills, looking around for something to use it on, and seeing that everyone hated pedophiles.
All the hackers and all the channels, the cops even, the normies.
There was even a TV show called Catch a Predator where they'd set up sting operations for pedophiles.
It felt like if this is who you wanted to try to hack into or mess with, the universe was on your side.
It felt like what you were doing was right in every way.
It was helping the world and nobody would say you're wrong.
Yet at the same time, hacking feels so counterculture and rebellious.
This is a powerful cocktail to be mixing up as a teenager.
You can go into the forums where they don't like post and they just, it's all text.
And,
you know, you find out
where they're messaging people, whether it's on like,
I don't know,
like AOL or whatever it may be and then you get their handles and then you go you know create you know alt accounts and then interact with them kind of like set them up basically and then you send them a file like hey oh yeah I'm
I would love to hang out yada yada yada get they're all excited and then you're like, here's a picture of me, or here's a video of me, and you put some malware in it.
And,
you know, it could be very simplistic.
Just, I just need a port.
I just need a back connection into this guy's computer.
And then just download everything that he has and get all of his location data and pretty much dox the guy.
And then just send it to his local authorities.
And
we would check up on these people and a lot of them would get arrested.
And it felt good, you know, like you making a change in the world, making the world a better place.
Like,
you know, people preying on children.
It's just like
it's one of the worst
things that somebody could ever do.
Getting pedophiles arrested meant getting respect among the hacker groups, which meant getting more members.
Things were progressing for them, and their hacks got bigger.
This is one of the ones that I think I'm the most proud of, I could say, was Operation Denmark.
So, bestiality was not banned in Denmark.
Okay, that's generally banned everywhere.
So I guess a lot of sickos were taking advantage of this lack of,
you know, laws against bestiality there.
There was literally dens and like private places you can go.
And people's like animals were going missing.
And they were ending up in these like, they called them dog brothels.
It's so sick.
It's so crazy.
And
I had a dog, so that really pissed me off just thinking about the fact that like, well, what if, you know, being a, trying to be objective and be like, well, what if someone took my dog and that happened to my dog?
I would freak out.
So
we,
I think we took down the official Denmark government website and then we actually
defaced it, you know, and said, Did you know that your government allows bestiality?
And there's bestiality dens where people can go and pay money to do these things to animals.
And most of them are like
people's pets.
And a lot of people weren't even aware of it, like the average person was not aware of that because
they're just going about their lives.
So
everyone freaked out, and it was like all over the news.
Geez, me,
you got me fact-checking the weirdest stuff in this episode.
Okay, so
he's right.
In 2014, it was legal in Denmark to have sex with animals, and there was some weird-ass animal sex tourism going on over there.
Because, like a year earlier, Sweden and Germany banned sex with animals.
So, it was like a weird moment where some places it was illegal, and some it wasn't.
And yeah, shortly after this hack, Denmark changed the law.
They made sex with animals illegal.
And I can't tell if this hack had anything to do with the laws changing, but the timing is very coincidental.
Now, stuff like this, hacking into places, making the news, and getting people arrested and stuff, it's like a drug.
Yeah, the sleep schedule didn't exist.
And it is, I would be lying if I didn't say it was exhilarating and like gave you a sense of power and you know you start to crave that that rush of serotonin.
It's just like
you know you get so worked up and you you're like this is
so awesome.
This feels great.
You know, not only are we doing something good,
but it's exciting and I want to do it again and again.
And sometimes like it's like you're almost like you're chasing a high
and that can like lead you off the trail.
Let's take a quick ad break, but stay with us because when we come back, we're going off the trail.
This episode is sponsored by Shopify.
Starting a new solo project is really overwhelming.
When I started this podcast, I suddenly had to worry about writing, editing, researching, interviewing, and so much more, all alone.
And when you're starting something something new, finding the right tool that not only helps you out, but simplifies everything can be a game changer.
For millions of businesses, that tool is Shopify.
Shopify is the commerce platform behind millions of businesses around the world and 10% of all e-commerce in the US.
From household names like Mattel and Gymshark to my own t-shirt shop, which is shop.darknetdiaries.com.
And I love Shopify because of how easy it makes getting my business online.
And once it's there, Shopify has built-in tools to help me create, execute, and analyze my online marketing campaigns.
So get started with your own design studio.
With hundreds of ready-to-use templates, Shopify helps you build a beautiful online store to match your brand's style.
If you're ready to sell, you're ready for Shopify.
Turn your big business idea into
with Shopify on your side.
Sign up for your $1 a month trial and start selling today at shopify.com/slash darknet.
Go to shopify.com slash darknet, shopify.com/slash darknet.
Okay, so Default was on a path.
He didn't know where the path was taking him, but he already made his way through Anonymous and into different hacker groups.
Anonsec was the group where this first exciting stuff was happening.
He kind of took over that group.
But do you realize there's a whole infrastructure to these hacker groups?
There's like data stores to keep records of like the stuff you collected or the passwords you've cracked.
And there's a tool shop to quickly grab hacking tools and how to use them.
But to build on that infrastructure, they decided they needed to build a botnet.
A botnet is just having control of a bunch of computers.
You typically try to infect a huge swath of IPs and hope that a bunch of computers get infected and become under your control.
But the reason why they wanted a botnet was to route their attacks through it.
Instead of malicious traffic or connections coming from the non-sec members themselves, they set up this botnet to pipe their traffic through someone else's computer to get to their targets.
But when you infect a bunch of computers with a botnet, start to get curious.
What are these computers that are in our control now?
So all these different devices that are part of the botnet, you know, just like going through and like seeing where they're at or, you know, what they have access to.
And some of the stuff that randomly would just get popped would be like an Apple TV,
an Iranian WiMAX base station
for like cell phones.
One of these servers belonged to the Windsor University.
This is a medical school.
And
you just pull it up and I start looking and I'm like, oh, this is some kind of institution, university.
So pull up the URL, check the domains, go to the homepage,
and,
you know, can easily access the admin panel.
And once I log in, just
pull up the finances of all the people and all the debt they have.
I saw a screenshot of this.
He was in the admin panel of the university.
And there, in front of him, was a list of all the students who owed money to the school.
And it all added up to $9 million.
And he started to think,
could I,
should I mess with this?
These people might,
you know, really enjoy having their slate wiped clean, as it were.
If you look, some of them owe a substantial amount of money, you know, like 70,000.
I think some people owed like upwards of like over 100,000.
It's a lot of money, you know what I'm saying?
It's just like perpetual debt that sometimes it just lasts for decades
there were 391 students listed here he scrolled to the bottom of the page and there was a button delete all
why was there a delete all button i have no idea but there it was so
um
just deleted everything
i went into the php shell and just like sent everything to dev null and just like shredded it so whatever I sent there is just not coming back.
Wow, crazy.
How do you feel after that?
You feel good, you know.
Um,
whenever you can make a positive impact in people's lives,
and the power of doing that remotely from like your house is just like
it's like almost intangible.
Like the amount of power you can exert over the internet, it's something that
your average person just will never understand.
Default kept going further down this path, getting into place after place, and the places he was hidden were starting to really add up.
I mean, literally, anything from
banks, like I said, Apple TVs, we landed inside the Netherlands Defense Gateway.
Like,
what?
Y'all have the default SSH password set?
Like, you just haven't done anything with.
Okay, cool.
More schools, school of computer and intelligent systems,
host providers.
That was really cool.
It was honestly like a gold mine because we could literally just like keep spinning up.
virtual private servers whenever we need.
It's like free web hosting, free storage space.
Stumbled across a weird NSA Skynet program on a Cirrus Avenue server by, like, also was co-hosted with the US Air Force.
Super weird stuff.
We're sitting on an admin login panel for Coinbase, which had access to hot wallets.
Very scary stuff.
Thankfully, we didn't do anything with that.
The Twitter and Facebook zero days.
It was both just like a four-digit pin reset.
Now, each of these have their own story, and I've listened to him tell me some of these himself, and they're insane.
And I'm sorry I can't include them all here.
But I do want to stop at the Facebook login exploit he had.
I became kind of obsessed with like having
the tightest obset that I could have because I didn't ever want to get caught, obviously.
And
that kind of led to my arrogance also
of being able to literally, I I got to the point where I thought I'd never be caught no matter what I did
and
that just opened the door for doing anything like hacking wise like I didn't care if it was like Facebook or Twitter which we had a zero day on and could access anyone's account What they did was get a Facebook username and then try to log in as them, but then say, oh, I forgot my password.
And at the time, Facebook would then send you a four-digit code to your email that you had to type into the site to prove it was really you.
Because after all, if you had control of the email that was registered to this user, it must really be you, right?
Well, it was a four-digit code, which means there's about 10,000 possibilities of what it could be.
And these guys learned that they could just keep submitting codes to Facebook over and over and over, cycling through all the possible four-digit codes until they found the one that worked.
And they could do this pretty quickly quickly, too, and just reset anyone's password that way.
And then log into Facebook as them.
I mean, we got into big accounts.
Like, I got into Seth Rogan's account, got his
cell phone number, and called him just to tell him that, like, I love his movies.
And he was like, Who is this?
And I was like, I'm just a big fan.
Like, you're hilarious.
He was like, Click,
completely deactivated his cell phone like 10 minutes later.
Cardi B before she like really blew up.
Chief Keith, which he was like honestly really cool about because we gave him the account back.
Like we gave all these people the accounts back.
Like we had no malicious intent.
It was just fun.
It was like a challenge.
So while all this started out as fun and a challenge, Over time it morphed.
I mean, how can one feel this kind of power?
And then watch the news and see everything wrong in the world and decide not to use this power to make change?
I mean, it really is like a superpower to just topple over a computer or get inside a system that isn't yours.
With great power comes great responsibility, right?
I think...
It was the Snowden release that just like kind of like set me off where he was talking about the prison program and how literally it's not a conspiracy that people have been like saying the government is spying on everyone.
They're like, oh, you're like, nope, actually, if you could see here through these
very classified documents that they are literally magnetting every single packet in the United States.
And they've co-opted all of these companies through the prison program.
And all of your data is ours.
And we're building a giant storage facility to keep all this forever.
So if you ever become a potential threat to us, we'll know everything about you.
So, it really just set us off and
kind of just gave us this mentality: like, okay,
so
basically, you're hacking all of us.
So, we're going to start targeting y'all and start showing that we can do to y'all what y'all are doing to us, also, and that nobody's immutable.
And
we drove that point home very hard,
Like literally sat around and came up with lists of high level individuals in the intelligence community and then just started targeting them one by one.
What?
What the hell?
They made a list of people to hack into that were high profile members of the intelligence community?
This just went up to 11.
I,
okay, at this point, I mean, I'm fascinated by this because I'm I'm always surprised how high-profile people in government pretty much dox themselves, right?
They give their real name and talk on TV, and they have a phone number to their office, email address, physical address.
All this stuff is public information.
We know who their boss is.
Chances are there's a Wikipedia article on them listing all this, or there might even be a whole biography written about them.
And yeah, I always wondered, doesn't that make them extremely vulnerable targets for attacks?
I am so glued to the story right now.
Okay,
let's back up a second.
At this point, Default has left Anonsec, which didn't affiliate itself with Anonymous at all.
And the fact that they were anti-anonymous, but Anonymous seemed to get credit for everything they did since it was called Anonsec.
So he was sick of that and left.
But he knew people in this little pocket of the internet.
And a group that he thought was doing some cool shit was CWA.
And this stood for Krakas with Attitude.
And the head of CWA was a guy named Kraka.
Started talking to him, and we just like were on the same page about being really pissed off about the government and
also a lot of the things going on in like the Middle East, just a lot of injustice in the world.
Just kind of
just like pissed off, you know.
I wanted to like direct that somewhere for like a greater good, as it were.
so he starts hanging out with these folks from CWA and joins in on their hacktivism.
And that ended up being exposing
the lack of security within our own government.
We are very vulnerable, and the people running the show are not practicing proper operational security whatsoever, either.
So, we're going to show the world this, and it was actually really easy.
Like it was not super advanced.
Most of it was just social engineering.
And then taking that initial social engineering information we gathered and pivoting and leveraging that information.
Who was one of the first ones you targeted?
It was James Clapper.
Yeah, James Clapper was Numera Uno and he's the director of national intelligence.
What the hell?
This would be a strong no for me.
I would be out.
You can't attack the head of U.S.'s intelligence agency like this and expect everything to be okay.
I mean, I don't care how good your OPSEC is.
Hide behind five VPNs, use your neighbor's Wi-Fi, use Tor, move to an underground bunker.
It doesn't matter if you make it personal, they'll make it personal, they will find you.
But
at the same time, default was seeing stupid stuff on the news.
Listen, this is James Clapper.
What we do not do is spy unlawfully on Americans, or for that matter, spy indiscriminately on the citizens of any country.
We only spy for valid foreign intelligence purposes as authorized by law with multiple layers of oversight to ensure we don't abuse our authorities.
The Snowden leaks clearly proved otherwise.
The NSA was grabbing metadata off of millions of Americans' phone calls.
This is spying on regular, good standing Americans.
And to hear James Clapper say otherwise meant that some were accusing him of criminal perjury, lying under oath.
This enraged Default and Kraka.
Our leaders were caught in a lie.
What more can we find on them?
But Kraka was the one who acted on this.
I believe he acted alone, actually.
Kraka got into the online account for James Clapper's internet and phone service.
Somehow from there, he was able to get Clapper's wife's social security number and posted that publicly.
Then he routed all the calls coming into James's phone to a free Palestine hotline.
Kraka posted proof of all this to Twitter.
I gave him a head nod, like, dude, that was a sick hack.
Like,
like respect.
like started talking to him i was like that was awesome you really exposed this guy james clapper was actually not the first person from the intelligence community that cwa hacked into their first was homeland security secretary jay johnson kraka got into his comcast account somehow and default was seeing all this and chatting more with cracker so we just
started to like actually sit down and think of different people that we should hack.
Together, they teamed up.
And
well, you know what?
I'll just let Lester Holt from CBS News take it from here.
Good evening.
Did a high school student really manage to hack his way into the personal email of one of this country's top spy bosses?
Federal agents are urgently trying to answer that question tonight after what appeared to be private and possibly sensitive information was posted online.
Given the high profile of the target of the attack and the relatively low-tech method used, it's both a disturbing and cautionary tale that NBC's Pete Williams picks up from here.
The apparent victim isn't just any American or government official, it's John Brennan, the CIA director since 2013 and a longtime key player in the U.S.
intelligence community.
A man who says he's an American high school student claims he hacked his way into Brennan's personal AOL email account by fooling Verizon and AOL into revealing enough information to reset the account password.
Hello, guys, This Twitter account is going now, the apparent hacker says, posting what appears to be an actual spreadsheet of names and emails of current and former intelligence officials.
The hacker blanked out their social security numbers.
The hacker also says he got into the Comcast billing account of the Homeland Security Secretary, Jay Johnson.
This was the personal email account of Brennan, not his government account, and it appears no classified information was compromised.
Okay, so tell me how you got into John Brennan's account.
John Brennan's account, if I remember correctly.
Okay, you know what?
I'll help you out.
I mean, the year was 2015.
Who remembers little details like this from eight years ago?
My research shows that they first found John Brennan's mobile phone number, and they did a mobile number lookup and discovered he was a Verizon user.
So, time to put on the ruse.
They were going to call up Verizon, pose as a technician on site, trying to help out a customer, John Brennan, but for some reason, we're having trouble.
So they called Verizon asking for help on his account.
Verizon is like, what's your employee code?
They made one up and it worked.
The support technician at Verizon asked, well, why can't you just get into the account yourself?
And they said, the tools are down and we need to get this going quick because the customer's waiting.
So the support technician was like, okay, sure, I'll help.
What do you need to know?
And this is how they got John Brennan's Verizon account number, his four-digit PIN, a backup mobile number to his account, the email associated to his account, which was an AOL email, and the last four digits of his bank card.
Now that they had this extra information on him, how can they leverage that to take this a step further?
Well, they know his AOL email address, which when you log in to AOL, the username is the email.
So they had John Brennan's email username, but not the password.
Hmm.
Well, time to call AOL.
So they called AOL, this time acting like John Brennan.
Hi, I've been locked out of my email account.
Can you help me get back in?
Sure, Mr.
Brennan, but I'll need to verify it's you.
Okay.
Can you tell me the last four digits of your credit card number?
Why, yes.
Yes, I can.
Because they had this information from the data they got from Verizon.
Clever, clever.
And so when they gave this information to AOL, this let them reset his password and get into John Brennan's AOL email.
On October 12th, 2015, they gained access to the inbox of the director of the CIA.
Whoa.
They started looking through his emails, reading one after another, looking at attachments sent.
One attachment had a list of U.S.
intelligence officials, which included their social security numbers.
Why in the world was John Brennan using his AOL account to send emails that included social security numbers of U.S.
intelligence officials?
This is such bad OPSEC.
Why, director of the CIA, why?
You know better.
I think it just goes to show that no matter how much you know about privacy and security, we're still human and screw up this whole security thing.
This Able email account
had not only like
stuff about the war in Iraq and Afghanistan.
I have no idea why
he also had his SF86 form in there.
Ooh,
this
is not good.
The SF86 form is the form that you fill out to apply for secret clearance, which means it has your entire background listed clearly in the form.
Social security number, email address, telephone number, place of birth, aliases, passports used, prior addresses, names of your neighbors, what school you went to, your military history, past employers.
It's everything on a person.
And now default and Kraka had it all.
So like you call Teresa password and it does not matter if you sound like a 14 year old girl on the phone.
You got the CI director's social, like that you have to be him.
I mean, I don't really have a choice but to reset the password for you.
It was over.
Unreal.
And Kraka's just posting this stuff straight up to Twitter as Kraka.
And it wasn't just these two guys in CWA.
There were some other members there for the ride, but Default was suspicious about one of the members in CWA.
He had somehow...
eluded capture when he was involved with other groups that mysteriously went down after he had joined them.
Also, there's a lot of psychological flags, like red flags, just like trying
really hard to befriend us.
You know, it was kind of like weird, kind of obvious.
And then, when I actually publicly called him out, he became a completely different person.
And that was just another confirmation.
It is
hard to understand, you know, fully
my train of thought of thinking that we would get away with this, but
it
after
some time,
we knew that we weren't going to get away with it, so we just like mashed the gas
and we're like,
you know,
let's hit as many as we can before it's over.
And
it did Like really, they had to issue a memo because
they were probably terrified because it was vast.
It was like upwards of like 10 or 11 people, all within like CIA, FBI, White House, DOJ, Department of Homeland Security, Quantico, and then defense contractors.
So
that was, it was pervasive and, you know, far-reaching to like all arms.
and
subcontractors of the intelligence community to like they were like what is going on yeah we're actually like calling some of these people too by the way we actually i actually called i called john brennan on his cell phone like what'd you say to him
i told him he was a piece of shit
wow and he asked how much money i wanted and i said i don't want any money
i want y'all to stop being so corrupt and committing crimes whilst prosecuting people for the same stuff y'all are doing.
Like,
so hypocritical.
Like, basically, like, y'all are awful people.
Like, really.
Like, you're not doing any net positive things for the world.
You're just not.
And
he was, like, audibly, like, shaken up.
I could hear it in his voice.
Well, I mean, just a random phone call is not going to be that big of a deal, but did you say I've also got...
It was his personal cell phone number.
We read it.
We read him his
social security number to him.
You know, if you get a random phone call and your private cell phone number that nobody except for a select few people is supposed to know about, and some random kid reading you your social security number, I would imagine it's a pretty jarring experience.
They were so relentless that people started going into hiding.
At the time, the threat level was literally unknown.
He was very stressed out.
It's like the extra security they had to hire to relocate the CIA director and then the deputy director of the FBI to a secure location because they didn't know at the time what the threat level was.
They had no idea who we are, what we were, what we were affiliated with, what our purpose was.
We were some kids, literally, and just pissed off at the government, but they didn't know.
At some point, they got into Amy Hess's account.
She was the FBI Executive Assistant Director for Science and Technology.
Like once you log into the portal, you can see the connected TVs.
And
honestly, it's like,
I think it's hilarious because I think it reminded me like something out of a movie like Hackers.
So
we played that movie.
I think what they did here is they called up Comcast pretending to be her and get her password reset.
And yeah, it worked.
And once they got in her Comcast portal, they were able to control her TV at home.
And they just started playing the movie movie Hackers on it.
This is a problem with connected and smart devices.
You're not the only one who can control them.
Amy claimed she suffered from psychological damage from this.
And once they got into someone's account and messed around there, they just went down the list to the next person.
Jenny Sackey, the White House spokesperson, I literally just, I took that up on myself because she was calling Edward Snowden a traitor, and that triggered me so hard.
I was like, I have to hack this lady.
Like,
I know that maybe these aren't her words, and she might just be reading off of, like, a sheet that, you know, they want her to say, but, like,
I couldn't stand to hear that kind of stuff.
So these guys were just ripping through all these high-level people's accounts.
It was insane, the people that they were able to breach.
But at some point, the the two started talking and realized, wait a minute, we have all this information on U.S.
intelligence members.
What databases do they have access to?
And this turned their attention to LEAP, which stands for.
The Law Enforcement Enterprise Portal had the information on all FBI agents in the United States, like personal information.
So somewhere in all this, they hacked into Mark Giuliano's accounts.
He was the deputy director of the FBI.
And using his information, they were able to leverage that to get into LEAP,
which I think is really taking this to another level.
To basically pose as the deputy director of the FBI to access a database that only officials should have access to?
I don't know.
This just seems crazy to me that this can even happen.
Because why is this LEAP database even accessible from the internet at all?
Yeah.
And I think because
they have like agents all over, they could have taken security measures, but I think it would have been too much trouble for them.
I'm like, y'all just like really don't care.
Like
that sentiment right there is what I think fueled default to go further.
This idea that the U.S.
government thinks that there's some elite hacking force able to break into anything and steal anything, yet has a database of FBI agents' personal details on a public website, which is vulnerable to a teenage social engineer to be able to get into it?
They wanted to put their thumb right in the eye of the government and make it hurt.
How can we trust you with our private data if you can't even protect your federal agents' data?
Why is the Department of Defense hacking into things instead of defending their own network?
On top of that, why is the world even like this at all?
Why is security so bad everywhere that the intelligence community can't even secure their own stuff?
So Default and Cracker got into the leap database and downloaded all the information they could on as many FBI agents as they could.
Okay,
but what are you going to do with this?
You know, hit up Wikileaks, and
it was Julian at the time running the account.
And
he was very interested in it, obviously,
as he always is.
And
it happened very fast, you know, just handed over and he published it all, including his SF-86 form and
the
documents about the war in Iraq
and Afghanistan, along with the leap data still on the WikiLeaks website, if I'm not mistaken.
The CIA director's personal emails posted by Wikileaks after cyber criminals said they'd broken into his AOL account.
I don't think WikiLeaks posted any of the stuff from the LEAP database, but they sure did post John Brennan's information.
They got into other databases, too.
JABS, the joint agency booking system.
Everyone that's put into that from county, state, and federal level in the prison system.
Yeah, okay.
So any person who's put in prison is in this system.
And they found access to this very useful.
They were doing things like looking up other hackers that were caught and keeping an eye on them, like trying to figure out, did they become informants?
But also they were suspicious of some of the other people in CWA and there might be an informant within them.
So access to this system was kind of like a way to run a criminal report on anyone you wanted very quickly.
So they were just downloading stuff from these databases and looking through it.
And that's when they found in these databases, there was a bunch of information about the Miami-Dade Police Department.
Let's talk about Miami Police.
Yeah, that was another one.
The Miami-Dade Police.
At the time, I really didn't care.
I just like, that was towards the end of the run.
It was just like, all bets are off.
You know, I'd gone all the way down the rabbit hole.
I had just become very
disillusioned with people's complacency and their lack of care for what was going on.
So it's like we're gonna bring attention to this with like chaos and mayhem.
So
what happened to the police department?
Now we got your motive.
What did you do?
Oh, well,
we
dropped their docks pretty much.
This time it wasn't WikiLeaks, though.
I'm looking at a tweet here, which has a link to Pastebin, and then there is a list of 80 Miami police officers.
Their name, title, phone number, and email address.
Like, me and Krack are talking, and we're like both, like,
physically, like, shaking, because it's like terror and excitement at the same time.
You're like, I'm accessing a top secret database.
Holy shit.
I'm going to get caught.
But this is exhilarating
I don't really like
it's like what do I do
it's like okay we're gonna drop this database okay what else are we gonna do it's like I'm about to get the fuck off this thing
at the time Kraka was just a teenage high schooler but default was in his 20s yeah I think I was like 23
and what was home life like
it was terrible really toxic um
you know i live with my dad
living there was really bad which i think kind of like fueled some of this just like no oversight
no
real father figure to like
tell me what to do and what not to do so just like bets are off i'll do whatever i want
Really, it became like my whole life.
Hacking really did.
It It was like, go to work, come home, hack, go to work, come home, hack.
It was just all it was.
It got to the point where I like
estranged myself from all my friends and they didn't know why
because I never told them.
And, you know, you can't.
That's just part of it.
It's this very lonely existence.
You know,
especially if you're like committing all these crimes.
At that time, I had a significant amount of money in Bitcoin.
And I really just that, you know, that was actually a key factor in like all of this.
It's like money was no longer an issue.
So now what?
You know, like 22 years old and you have several million dollars.
Yeah, let's talk about that then.
So how did you get those seven, several million?
Literally, mining and buying from since 2011.
I was so early to getting ASICs and I was like, oh my God.
And these things were like 30 to 40 times more powerful than the average graphics processing unit at mining Bitcoin.
So
yeah, started mining a lot of Bitcoin.
So John Holdren, I have written down here that someone tried to swat him.
Yeah, not me.
I have no idea.
I don't honestly, I don't even remember him getting swatted.
So the idea was using posing as him to call the police from his
police shit and then getting saying there's a violent incident here and then them coming to his house.
Dude, that pissed me off so much that that even got attributed like somewhat to me because
technically a conspiracy is if I know about someone committing a crime and don't instantly go tell on them, I'm complicit.
So it's like, because I was in the chat room with one of the people while they did this.
Now I'm a party to the crime.
I'm like, what the fuck?
I don't even want to be a part of the SWATIE.
I don't, I hate that shit.
It's people have died from that.
There was, there was some sort of current, there was an undercurrent of people online at the time, right, that you were mixed up in that
was also, you know, very involved in this sort of thing.
Talking about anonymous, for example, right?
Anonymous was always calling out injustices of the world and threatening this and that because people were just being evil.
And it felt like, it felt like being part of that was the winning side.
Yeah.
Right.
It felt like you're doing what's morally right.
And I don't know if that exists today.
I think today we've kind of lost that pulse.
The empathy is at an all-time low, just like caring for your fellow man and like the bigger picture.
But people have just become very complacent and
would rather just like
be content with the way things are.
And
that's a dangerous road to go down because while that's going on,
I can assure you that the
NSA and you know the five eyes and all these other people that are colluding together are not being complacent.
They're actually,
you know,
getting
more aggressive.
with the spying and the hacking.
And
I think it was like Rule 41 passed where it's like, they can just like literally hack people now.
Like they don't need to go physically kicking your door.
Like, no, they can just hack you.
And I'm pretty sure that's how I got caught is that the NSA got involved.
And I know I got hacked two days before I got raided.
Well, let's talk about that.
So how do you think the
how did they catch you?
It's threefold.
There's three things that contributed to it
because the official shit that they say is so fucking hilarious because I never used my home IP address.
I had a giant Wi-Fi satellite dish that could reach up to a mile away.
Okay.
So I was usually using the Dairy Queen that was like a half a mile away, had free Wi-Fi.
So their bullshit answer of, oh, well, we pulled Twitter logs and he had his IP in there.
Like, no, I didn't.
I've never fucking used my home IP address on that Twitter account.
Like, that's why I bought this.
So I would never do that.
I was so overkill on my OPSEC.
It was a process.
Like, literally, my hard drives for my desktops had to completely de-encrypt, which took like 30 to 40 minutes.
And
then
I don't have like...
internal Wi-Fi cards in my laptops or anything.
Like I have to like connect it to stuff so it's not like automatically connecting anything around me.
super paranoid dude like i mean you kind of have to be and then after that i'm connecting through tor nodes and my botnet i think was threefold one one
i know was a contributing factor 100 because like he told me one of my friends who i thought was my friend and this is crazy over a female of course what had happened was
I
ended up hooking up with a girl and
I had asked him prior to this, I was like, do you mind?
It's like you dated her a while ago, whatever.
Do you mind if I like hook up with her, talk to her, whatever?
He said no.
I was like, okay, well, I asked you.
So like, you know, speak now forever.
Hold your peace, bro, because I'm going to do it.
And like,
literally, like, you got mad at me.
And I was like, why didn't you be a man and tell me?
Like, you still had feelings for her.
Like, I, I would have respected that.
And he's like, I don't know and then like
so that kind of started it all like I didn't know he had like ill intentions toward me and
so whatever move past that and then like the CWA thing happens and we're drunk one night and we're on like Xbox Live or whatever and like
I slip up for the first time ever being fucking arrogant and cocky.
It comes on the news, CI director hacked, blah, blah, blah, all this stuff.
And I'm like, yeah, that was us, blah, blah.
I was like drunk talking and just totally like gave myself away.
But I mean, I didn't think he would take me serious, I guess.
Like, I don't know, I was drunk, but he did.
And he actually reported me to the FBI.
And then he told me that he reported me to the FBI.
And I'm not going to name drop him, but he knows who he is.
And that's some real scumbag stuff to do.
Like over
that,
like
I just could never imagine, I would never do something like that to another person.
I guess just,
I don't know.
So that's one prong.
That's definitely maybe got them to look into me because of an anonymous tip.
The other one is the person in our group that I know is a snitch, but on what information was he able to collect about me?
I don't know.
He was always posting weird links in our chat, you know,
you know, like a URL shortener.
So, like, could have done some sketchy stuff with that.
I really didn't ever click on those.
And the other one was Julian saying that the NSA got involved and me knowing that I got hacked.
Yeah, so when they gave John Brennan's SF-86 form to Julian Assange at WikiLeaks, this really angered the Department of Defense.
And Julian somehow got word that the NSA was aiding in the investigation.
So Julian told default to be careful.
Then one day, Default's computer started acting up.
Something wasn't right.
It was crashing and glitchy.
And he looked at the network traffic and saw some connections to Langley, Virginia, where the CIA is based out of.
I knew I was hacked.
My computer was acting crazy, was having weird connections.
Shut it off.
I was like, fuck.
And
so like shut it off for a while.
And like a couple of days go by one day and the second day I turn it back on after I get home from school and like
start decrypting it takes like 30 40 minutes Okay,
but I noticed when I got home there was a black van or a suburban sitting across the street
And I didn't think anything of it and also now that I remember Very very very sketchy people had moved in across the street um this little house, and they just sat on the front porch smoking cigarettes, looking at my house nonstop.
So, like, literally minutes after my desktop decrypted and came online,
they came in.
Like, what are the chances of that?
Like, literally waited and waited.
Usually they'd bum rush you, like, right when you get home, or you're in the house, or you're like, somewhere they can confine you in a space.
And what it is probably, is they waited for that to come on and ping whatever remote controller they had, whatever server it was connecting back to,
to verify that
my desktop was unencrypted.
What happened?
They knock on the door?
Tell me about that incident of the dude.
They definitely don't knock on the door.
Okay, what'd they do?
They definitely don't knock on the door, bro.
They kicked that shit in.
They hit it in with a fucking Ram.
And all I heard was FBI search warrant.
and at your dad's house, right?
Yeah,
and I just like
before I could all I had to do was pull the plug
and they had submachine guns pointed at my face and I like blacked out
He had his computer set up in such a way that if he disconnected the power to it, it would re-encrypt his hard drive
He just needed to grab the cord and pull it.
But when you're sitting there at your computer with assault rifles pointed at you,
don't think you're going to reach for that power cord.
So at gunpoint, he had no choice but to let them seize the computer.
They had it all.
And I knew I was fucked.
I was like...
There's so much data on there.
They're gonna have a field day.
They don't even know what they have yet but I know
so
I pretty much knew it was over at that point they pulled you out of that room and someone else went in there to start taking your computer
unplug it and take it they know they've got no they immediately like hooked up something to
flash copy my hard drive Yeah, and Secret Service was there as well because I think someone like hacked Donald Trump's website or some shit, which I had no idea about.
Or they were like,
you know, they assume you're lying about everything.
They're like, come on, you know about that.
I'm like,
I honestly literally have no idea what you're talking about.
Like, why would I hack Donald Trump's website?
Like, I don't give a shit about Donald Trump's website, bro.
But I guess Secret Service has got to get involved.
So I'm sitting across from like BJ Kang and like some very stereotypical tall, muscular Secret Service agent, like
boating down on me, like asking me if I'm part of HTP and, like, where's NAC hash?
And I'm like,
dude, like, I don't know what you think this is.
Like, it's not going to go down like this.
And I think they were like doing a coordinated attack where they were like raiding us all at the same time because they didn't want anyone to be able to notify each other.
It's true.
Around the same time, Kraka was also raided by the police, but it turned out he was living in the UK and he was a high schooler.
So they took DeFault straight to jail.
Police just weren't sure how dangerous he was and they didn't want to take chances.
I think due to the nature of this, they likely did time it so that when his computer was online, that's when they would raid him and capture as much evidence as they could.
How they knew his computer was online is a mystery to me still.
Were they looking through the window?
Did they hack into his computer and wait for it to signal out or something?
His theory is that they did hack him.
His computer was now in the hands of federal authorities, completely unlocked and decrypted.
And, well, the stuff they found on there was clearly enough to convict him of many crimes.
Screenshots that you had taken, bandicam videos.
Oh, God, that was the dumbest thing I ever did.
But how did they get the videos if you never posted them?
Because, like, literally, like I said, like, I
basically did all the heavy lifting for them because like I'm obsessive compulsive with like
archiving data, stuff that probably shouldn't be archived.
Like,
oh, I think it'll be cool to record me doing this crime and I'll look back on it later.
And it'll be safe because it'll be on my encrypted hard drive.
Well,
what if your hard drive is not encrypted?
And then now they have literal, irrefutable proof that you recorded yourself committing a crime that they would have no idea you had anything to do with.
There was one device in particular that he watched them take, and he knew what was on it.
Something that was very important to him.
So important that I just imagine as he watches them walk off with it, that his world just goes quiet and almost becomes slow motion.
But he couldn't say anything and just watched them take it because this was a secret.
One of the things things they took from me was one of my external hard drives, which I wanted back very,
very much so.
What it was is my Bitcoin wallet.
I had a lot of Bitcoin on there, man, like about almost a thousand Bitcoin.
They had all the evidence they needed to convict him.
He knew it.
There was no way to get out of this.
So he pleaded guilty.
And the judge sentenced him to five years in prison.
Was prison rock bottom for you?
Oh, yeah, for sure.
I got in trouble for like exposing
the prison that I was at and how they weren't adhering to any COVID policies.
And it's like open dorms.
So it's like, if COVID gets in here from one of these guards, like everyone's going to get COVID.
People are going to die.
And y'all are still like coming in our rooms and like touching all of our shit and flipping everything upside down.
And it's like, so I recorded all this with like a phone I had and sent sent it to some reporters I knew.
And of course, someone told on me.
And like the next day, SIS came and scooped me up and took me to the shoe, which is, you know, solitary confinement.
And from there, they weren't letting me back on the compound and they weren't shipping people because it was lockdown, full lockdown, because of COVID.
So I spent a year back there, a year in solitary confinement.
It's the hardest thing I've ever done in my entire life.
And there was a lot of people back there that
unfortunately killed themselves
because it's
extremely psychologically testing to be locked in
this tiny little cell 24-7.
You don't get out at all.
Like even in the worst prisons in America, the penitentiaries, You have to let them out at least one hour a day.
It's called 23-in-1.
We didn't get that.
It was 24-7
for 365.
He read a lot of books in prison, learned about the importance of morals from an Italian gang, and picked up stock market trading skills from a stockbroker.
And when he got out, he was banned from the internet entirely.
It was part of his probation for a while.
Same with Kraka.
Kraka was banned from the internet for a while too, and he ended up with a two-year prison sentence, even though he was only 16.
But all that time has passed now, and both of them are out and back online.
Default struggled to get back on his feet.
He couldn't find a job, especially being banned from the internet, especially having a felony record.
So he eventually got into trading stocks and cryptocurrencies.
He's still doing this now.
and he feels like he's good enough to make a living from it.
Just sharing my story with people, I think is, you know, not just because it's an interesting story and people enjoy listening to it, but I think there's a lot of net positive results and things that people can learn from this
that maybe they're not in prison or they're not going to prison or whatever, but they're at a low point in their life.
And it's like, look, dude, it's not the end of the world.
Like, literally.
You can bounce back from anything.
You can change your life.
You can change.
You decide who you want to be every single day.
Just because you made some mistakes doesn't mean that that determines who you are and what your character is as a person
you know something i keep thinking about while listening to this story is
well digital privacy and i'm not going to go on another rant like i did in the last episode but in this case government officials were doxxed these guys stole their information they used it against them and then published it to wiki leaks How does someone come back from getting their private information published to WikiLeaks?
I mean, I'm looking at John Brennan's SF86 form right now.
It's still there on Wikileaks and it's the very first hit on Google when you search for it.
Everyone knows everything about him.
It seems like anyone should just be able to do a password reset on him, you know?
I mean, you could impersonate him over the phone because you have all his information.
You can essentially be him, the director of the CIA.
because we all have all his information.
It's possible for someone to get a new social security number.
It's not easy.
You really have to prove to the social security office that you're in danger.
I bet government officials at this level might be able to skate through that whole process easier.
And I think it's easy enough to get a new phone number and email address.
It's not so easy to just up and move to a new house, though, but that's doable.
It's possible to change your name too, but what's the point of that when you're a public figure?
And that doesn't fix any of the problems of knowing all your previous addresses and who your neighbors were, your past employers, your friends, date of birth, hometown, height, eye color.
See, I think with all the doxing going on in the world, I wish there was a simple way to just burn your identity and start fresh.
Hell, I'd even be interested in doing it yearly myself, just to always keep distance from whoever might be trying to track me out there.
And everyone is trying to track us.
I wish I knew what John Brennan did to recover from this.
I didn't reach out to him because I assume he wouldn't want to talk about it because it would just be giving away more of his private information.
But I feel like we need a better system to help us, the regular people out there, when we get in this situation.
Private information is not a thing of the past.
We still need our privacy.
But I think what might help is just better tools to stay private in general.
You want my address?
Oh, sorry, I only give out my proxy address, a post box that receives mail for me, opens the letters, and then sends me pictures of those letters.
You want my phone number?
Oh, sorry, I only give out burner phone numbers.
You want my social security number?
Um, no, I don't give that out to anyone.
Oh, what?
It's for my security clearance?
Sorry, that's not even a safe place to give it.
Didn't you hear about what happened to John Brennan?
These pieces of information on us are important that they remain out of the public view.
Yet time and time again, they get into the public view.
And it's not just from doxing.
Data breaches, companies sharing your data, or you just giving your information to the wrong people.
I mean, for instance, I had to give my social security number to buy Bitcoin.
And now the CEO of that company that I gave my social to is in prison.
So who knows where my data went?
So I think we're way overdue for a better system to protect our most important data.
I think we need to stop giving it out to just anyone who asks for it.
I mean, I was at the store buying bananas the other day, and they were asking for my phone number and my zip code and all this stuff.
I think there needs to be fewer situations where we need to provide it.
I think we need to be less reliant on our private information as a way to authenticate it's really really us.
And I think we need a way to recover from situations where it's been completely exposed, which I think with the Equifax breach, most of us Americans have had our private data completely exposed anyway.
I think this is a problem that needs to be solved.
And while I think some solutions are out there, it's piecemeal and complicated.
And I don't see anyone doing it holistically right now.
There's something that still rattles around in my head from this story.
That hard drive that the feds took, it still has his Bitcoin wallet on it.
The feds never got access to that Bitcoin, it's still sitting there untouched, and they still have that hard drive and won't give it back.
And the reason they kept it is because it has evidence on it, data that he stole from various places.
He asked them, just take what you want off it and give me back the drive, but they refused.
1,000 Bitcoin still sits on that hard drive.
1,000 Bitcoin today is worth $25 million.
Just imagine $25 million sitting in some storage locker in a federal building, and the feds have no idea it's there.
So it sits for years
and will probably one day be destroyed by some lowly computer technician.
A big thank you to Default for coming on the show and sharing this insane story with us.
Like this one, I was like, wait, what?
Like so many times.
It's just unreal.
If you like this episode, you should probably check out episode 109 called Team Poison.
It's another story that was sort of running alongside this one in parallel and sort of same time and place of the internet.
Okay, what housekeeping is there?
Oh yeah, a lot of you are telling me you're finally caught up and I've listened to all the episodes.
If that's you, I want you to know there are 10 bonus episodes on Patreon.
You can support the show and hear more stuff if you want.
Go to patreon.com slash darknet diaries.
My favorite online hangout these days is the Darknet Diaries Discord.
We have 17,000 members, but I can squeeze you in.
So come on.
Just go to discord.gg slash darknet diaries and come say hi.
This episode was created by me, the slow loris Jack Recider.
It was assembled by the Corpulent Porpoise Tristan Ledger, mixing done by Proxemini Sound, and our theme music is by the Mysterious Breakmaster Cylinder.
I tried teaching my mom how to build a PC,
but all we did was make my mother bored.
This is Dark Knight Diaries.