#954 - Joe Tidy - Chasing The Most Hated Hacker In History
01:29:37 Share

What's happening with Scattered Spider? Well, Scattered Spider is the name of this very loosely coordinated collective of hackers that are, we think, currently causing havoc around the UK and the US as well. So Scattered

I don't know if you've heard about the news of the M&S cyber attack and the co-op cyber attack. So there's a really big, if you're not in the UK, there's a really big chain of supermarkets called M&S, very much loved, over 100 years old, one of the pillars of the high street. And around Easter time, there was a cyber attack which started causing problems for M&S and it just got worse and worse and worse for them because M&S

And initially, they said, actually, we can't take orders on the internet, which for a massive company like M&S is really bad. Then we started seeing logistics problems, empty shelves in some stores. And then around the same time, there was a very similar attack on the co-op. Again, another big supermarket chain in the UK. They also do funeral services and insurance as well. That attack wasn't as bad. But again, we're seeing disruption at stores, empty shelves, and

real chaos behind the scenes. Around the same time, we saw an attack on Harrods, obviously the luxury retailer in London. Everyone's wondering what on earth is going on. Things have got progressively worse. Then we hear the last couple of days, there are attacks on US retailers as well. Everyone is pointing towards this really infamous group called Scattered Spider. They

they're not a normal cyber crime gang. They haven't named themselves that they are, uh, you know, not very organized. They come together on discord and telegram a little bit like, have you heard of anonymous? Yes. Yeah. So they're a little bit like that, but more out for cyber crime and money and infamy than sort of hacktivism. So, uh,

One company called CrowdStrike started looking at this activity coming from this sort of corner of the cybercrime ecosystem. And they said, who are these people? They're doing the same kind of tricks to get into places. So they nicknamed them Scattered Spider. Spider is the name that CrowdStrike gives cybercrime groups. And scattered is the term they give for, you know, because they're loose and they're all over the place. And actually, I'm looking right now.

at the CrowdStrike Scattered Spider figurine. It's very controversial, actually, that they've done this, but here you go. So this is the...

So they sell these on their merch website. And like I say, quite controversial actually, because it kind of glamorizes these guys. And there are some people who say we shouldn't really glamorize cyber criminals because the type of individuals that we think Scattered Spider are, very young, probably teenagers in the US and UK, they will love the attention of having their own figurine.

Do you think that social media platforms like Twitter have sort of changed what hackers motivations are from just exploration or exploitation to now fame, cloud chasing, stuff like that? Absolutely. Yeah. When I wrote this book, my publisher on the first draft, my publisher said, no, that's all great. But can you answer some questions as to how this has happened and why this has happened?

And they really kind of challenged me. And I work for the BBC. So normally, you know, we've got to be very careful about giving opinions and putting our necks on the line in terms of theories about things. But it was quite good because I landed on this. There are two kind of factors which I think have turned teenage hackers from largely benevolent groups of people that are out to

you know, they're out to make a name for themselves, but they're also out to make the internet a safer place to where we are now, where we've got cybercrime gangs, teenage gangs that are causing mayhem and trying to make money. And I think Twitter,

You could kind of see at that point when Twitter becomes mainstream, this shift starting to take place. Because of course, before Twitter, social networks were about being social with your network. Whereas Twitter sort of invented the idea of followers and retweets and likes and clout online. And that's when we started seeing in 2011, when Twitter was really on the ascendancy, we saw LulzSec, the first of this conveyor belt of teenage cybercrime gangs.

Yeah, there's no one flexing their recent ransomware exploitation on their personal Facebook account. That wouldn't work. But on Twitter, that would be great. Yeah, absolutely. And we know from interviews with arrested hackers and convicted hackers, they loved it. They loved the attention back then. And I think where we are now is slightly different because I think what we're seeing is

They have come off Twitter or X, whatever they're calling it. And now it's more in the kind of insular communities. But they're still after that online clout and that infamy. It's just they're in their own channels in Telegram and Discord. I was going to say, where do these people live?

Yeah, Telegram and Discord, yeah. So if we're talking about Scattered Spider, which very much formed the last part of my book, because I talk about this gradual shift to where we are now. But Scattered Spider, they're part of this larger collective known as the Com, the community, which is a group of thousands of online delinquents, really. Largely boys, obviously it always is. And they're causing mayhem, and in some cases delinquency.

doing some really nasty stuff like sextortion. Do you know what sextortion is? No. So sextortion is this horrible thing

sort of criminal harassment campaign where you trick someone into sending you nudes. So I might befriend someone on the internet and strike up a relationship, a romantic relationship, send them some nudes that they think are of me, but I'm a criminal. I'm a man, not the young girl they think I was.

convince them into sending me nudes and then you start extorting them saying if you don't pay me then i'm going to release all these pictures so we see that kind of activity in the com and we see some really nasty stuff some other stuff like um there's some uh it's really nasty but but like cut signs have you heard of cut signs no so like you know a fan sign where if you're a big fan of someone you will hold a sign up saying i love them or you hold their name or their band name

A cut sign is like that, but you literally cut into your own skin the names of hackers that are extorting you. Wow. So the hackers are saying that you need to show me that you've self-harmed my name into your arm. Yeah. To show devotion or to make them feel powerful. There's a bit in my book where there's a gang called Lizard Squad.

that was around in 2014-15. And they destroyed someone's online life. They hacked all of this kid's accounts. And in order to get them back, he had to make a cut sign and say, Lizard Squad made me do this. So although people are really shocked about what we're seeing in the comm now,

This kind of activity has been around for a while. We know it's there. We've got the history for it. So Scattered Spider are part of this larger online cyber crime nastiness. They're a very kind of small niche of this much larger group of largely unskilled cyber people. You wouldn't even call them cyber criminals. But then they come together.

with a little bit of skill and a lot of balls and take on these big hacking campaigns. It seems, I don't know, I have to assume that although M&S is a hundred year old institution, I would like to think that their cybersecurity isn't a hundred years old. How, if you've got to have someone with talent, I assume, how do they get into a system of any kind? Is this cyber hacking or is this social engineering or is this some combination of the two? It,

It's a combination of the two. I think the initial entry is usually through social engineering. But to be honest with you, a lot of hacking is that. To get into a system, it's not really like in the movies where you hunch over a laptop

typing code furiously to get in normally it starts with like an email that you can trick someone into downloading an attachment or you call up this this is what we think happened with the latest um attacks is that they call up the it help desk and they pretend to be a member of staff and they say you know i've forgot my password can you let me in please and it sounds so stupid but it works

And then what often happens is once they are in, that's when you would argue the hacking starts. That's when they find a vulnerability that allows them to spread themselves throughout the network, deploy ransomware, which is this type of malicious software that scrambles a company or a victim's computer and systems and servers, makes that data completely unreadable, useless, brings computers to their knees. And that is where they send the ransom note saying,

If you want the key, pay us in Bitcoin a certain amount and we'll give it back to you. And ransomware is by far the number one problem in cyber right now. Right. So this is social engineering. Pretend to be Julie from the front, from reception who's locked herself out.

find the person who is sufficiently gullible or doesn't stick to protocol and actually allows you in in some ways then you've got access to some intranet type system that means that you can access other bits and

maybe some more sort of spreading from there i would imagine maybe you as that person emails someone else an attachment which gets you more access to a higher admin level you're thinking criminal well i'd look what can i say i'm uh i i am a young british man um but no i i mean my password manager is a fucking mess so i would be bad at that it's good that you've got one yes your way you're a way step ahead of most people if you've got a password manager

I had... Who was the FBI's most wanted guy, that hacker, for a while? Fuck. Kevin Mitnick? No, maybe. He was on the show probably about three years ago or so. And, you know, he'd gone through all of this stuff that he'd done. He'd broken himself out of jail twice and all of this bullshit. And I got to the end of it and I was like, hey, man, I'm...

fucking terrified like what what what do i do and he's like dude just use a use a password manager like the tldr 90 90 10 solution is just get a password manager and use that so uh someone once said to me there are there are buckets of how difficult you are to hack and hackers will always go for the easiest bucket who can i hack who uses the same passwords across multiple accounts who uses weak passwords if you take yourself out of that easy bucket into the slightly harder bucket

massively reduce your chance of getting hacked yeah why like even if you're the target but you're a difficult target there's so many more easy targets fuck it we might as well go for them okay so um ransomware what this is this can just totally debilitate computer systems companies if m&s can't get eggs on the shelves it seems it's pretty comprehensive

Yeah, absolutely. Ransomware completely cripples an organization. It's like going back to medieval times, your pen and paper, you really are. And sometimes we've had situations where ransomware has hit hospitals, for example, and they can't even function in any way you'd imagine. Like some of the systems, some of the scanning systems they use in hospitals, for example, they've been infected by ransomware. So they're down as well.

So, yeah, I would not want to be in an organization where they've been hit with ransomware. M&S is going through a tough time. I wonder whether, or probably more likely when, we will see the first vehicle hack.

autonomous driving vehicles. I was in a... I drove from Palm Springs to Newport Beach last week. Very nice. And I was in a... It was lovely. I mean, it was way too hot in Palm Springs, but I was in a rented Nissan Rogue, a new one, and it had...

normal run-of-the-mill medium level trim nissan rogue and it had this radar guided cruise control and lane assist that was keeping in lanes and would if you just knocked the indicator on would allow you to change it i was like this is assisted autonomous driving in a fucking nissan rogue right old school petrol two liter chug chug chug american car like japanese american car in america

And I just remember thinking, I've been in Waymo's. Waymo is now available on Uber here in Austin. And I thought, holy shit, like if these ransomware attacks, you need as...

The level of kinetic importance to people's lives increases. The level of security around those systems needs to increase. I have to assume you've thought about this, the autonomous driving and the potential risks to cybersecurity. Yeah, yeah. We haven't seen anything like you're talking about, but-

I mean, yeah, it does seem almost inevitable that someone will find a way to cause havoc with autonomous driving. It's a bleak thought. But of course, the companies that are behind these cars, they know that too. And you hope and you pray that they are pretty much on top of security. Jesus Christ, Joe, we've got to the point of hope and prayer. Forget your password manager, just get on your knees and, you know. Have you read a book called Robopocalypse?

No. It's so good. Spielberg brought the rights to it a few years ago. He never actually did anything with them, but it would make and is going to make an awesome movie if they ever make it one day. So in that book, it's about how AI kills us all. And one of the ways that they initially get that first 50% of humanity dead is they take over the driverless cars. And the description of what can happen

It's always stuck with me. But not to scare anyone, that's not going to happen. It's going to be fine. It's going to be fine. They are super-duper cyber-secure, I'm sure. Well, yeah. Up until you're reporting on it for BBC News, mate. And then I'm going to ring in. I'm going to say, Joe said to me, I'm locked inside of my Tesla, which I don't yet own, in Austin, Texas.

people from outside are trying to Molotov cocktail it. People from inside are trying to hack it. I'm fucked. Okay, so... On that point, there was very recently, only like three weeks ago, some tech CEO in some American company, city, I can't remember which one. It was a self-driving city, so whatever. Maybe... San Fran or something like that. He was stuck in one of these cars and it just kept going around the car park and he couldn't get it to stop. And it was funny, but also like...

Hmm, a bit worrying. I've got, look, you're the guy for me to give this take to. I've said this before, but I have switched off

uh, the autonomous toggle on Uber in Austin. So you just, it's on the back end of the settings. Do you want to be more likely to be matched with an autonomous vehicle? And I've said, no reason being every time that there is a vehicle that's 10 minutes away, that's a Waymo. It takes 20 minutes to get to me every single time. And every single time that we do the journey, they say it's going to take 15 minutes for me to get home from the East side of town or whatever. And it

Always takes nearly double. And I realized why. And it's because Waymo's outwardly are so obvious that these big, like bulbous clunky things, LIDAR on top and all, you know, additional Jaguar shit and it's white, right? So it really stands out. Mm-hmm.

I think there's two reasons why humans behave on the road. One is because of fear of retribution, especially in America with a very heavily armed populace. And the second one is guilt at sort of inconveniencing somebody else. So it's safety and human fucking decency, I suppose, is the two. The problem is when you see a Waymo, there's no one in the driver's seat and you can't see if there's anybody in the back. So they just get cucked at every...

at every single junction. No one lets them out. Everybody's like, pedestrians will just, I will too when I go on a walk around Austin. I'll just happily walk out. I'm like, it's 100 feet away. It's going at 30 miles. It'll slow down. I'll be fine. You wouldn't do that if there was a human driving the car. So it means that until you can program in ramps

retributive tailgating and beeping the horn and flashing the lights from the Waymo to somebody else or until you end up with more than 50% of the cars on the road being autonomous, you don't have this level of coordination. It's like an arms race, right? It's an arms race of like being...

mean as drivers. And unfortunately, the Waymo has come without any ammunition. Tesla self-driving people got a hold of this take online and said that that's different because Tesla self-driving is trained on real drivers. So you do have more natural merging, sort of more aggressive driving styles are built in because Tesla

competent drivers are the drivers that this has been built on. Whereas Tesla focused on software, Waymo focused on hardware. And yeah, with Waymo, it's just, it's like being in the back of the car with your mom all the time. Is that Tesla thing true? Have you done a comparison? No, I've never been in a Tesla that's got full self-driving. But I also know that the Tesla full self-driving community online is like...

very evangelist it's like oddly oddly militant uh so i don't know i guess i'll wait and see until i get into one but yeah that's my that's my current working thesis on autonomous vehicles i thought you were going to say you don't do that because like the safety concerns but actually yeah i also thought you were going to say they're slow because they're slow and like they're very safe aren't they but no i i hadn't appreciated the other other people on the road yeah

Before we continue, if your sleep's not been right, you're taking ages to nod off, waking up at random times and feeling groggy in the morning, Momentous' sleep packs are here to help. They are not a typical knock-you-out supplement that's just overloaded with melatonin. Only the most evidence-based ingredients, perfect doses to help you fall asleep more quickly, stay asleep throughout the night and wake up feeling more rested and revitalized in the morning, which is why I take these every single night and why I trust Momentous with my life or at least my sleep.

because they make the highest quality supplements on the planet. What you read on the label is what's in the product and absolutely nothing else. And if you're still unsure, they've got a 30-day money-back guarantee, so you can buy it completely risk-free, use it every night for a month, and if you do not like it for any reason, they'll just give you your money back. That's how confident they are.

that you love it. Plus, they ship internationally. Right now, you can get a 35% discount on your first subscription and that 30-day money-back guarantee by going to the link in the description below or heading to livemomentous.com slash modernwisdom and using the code modernwisdom at checkout. That's L-I-V-E-M-O-M-E-N-T-O-U-S dot com slash modernwisdom and modernwisdom at checkout. Going back to the youth...

these youths online. I think I've heard you say that today's youth hacking culture is tipped from chaotic good into chaotic evil, apart from clout. Is there anything else that's triggered some moral decline in this scene?

Yeah. So we mentioned earlier about the rise of Twitter. I would put that very much as one of the reasons we've seen this shift. I would also say the rise of Bitcoin as well, because if you think about when Bitcoin started becoming valuable and useful as a store of value or as something you could buy things with, sort of 2011, 12, 13, that's when we saw this shift. And certainly it's

Looking at some of the people I do in my book, they go from not even thinking about money, just doing it for the lulz and for the clout, to thinking, hang on a minute, I can make some money here. And as soon as you start introducing Bitcoin into the lives of young teenage boys, you're looking at trouble. So without cryptocurrency, would this be even harder again?

Yeah, I think without cryptocurrency, a lot of cybercrime that happens these days would be a lot harder. Because the great thing about crypto, of course, if you're a cybercriminal, is that I can steal crypto or I can extort crypto from someone.

and then it goes to my wallet and people don't know who I am. No banks can stop that. And if I can find a way, and it's becoming harder now, but if I can find a way to launder that Bitcoin, I can get it out of the system, turn it into money I can use, happy days. Without Bitcoin, you get things like bank card fraud, that kind of thing. And we did see that in some of the early days of hacking. But of course, that's easy to trace and track and stop if you're a bank. And

One of the guys in the book, the main hacker that we follow, who started as a teenage cyber criminal, ended up becoming one of the most wanted criminals in the world. He started by carding, which is where you take credit cards and you use the numbers and the details to spend without the owner knowing. And the banks usually reimburse the owner. And what's interesting about that is when they first arrest him,

And they're going through all the bank receipts. They work out he spent about 33,000 euros, which you'd think like that's quite a lot of money for, I think he was like 15, 16. And when you look at the things he's spending the money on,

It's, of course, what you would do. We've both been 14, 15-year-old boys. It's PlayStation games. It's the latest phone. It's Netflix subscription. He even went and bought some land. He bought a little bit of land. He called himself a lord. Highland titles. It was a subject.

And, you know, that's what you would do if you had unlimited money. But of course, the problem with that is when you get arrested, it's all there and the police have got it all. And, you know, it's very hard to hide from. Whereas cryptocurrency makes that way easier. The other way that you could do it, I'm not giving anyone any ideas because this is how some cyber criminals work, is through gift cards.

So you don't say to someone, send me $200 in a ransom, for example. You say, send me $200 worth of gift cards. And then you can sell those online for $190. So then you have to shave a little bit off each time. Oh, okay. That's interesting. But they're untraceable. You've said teenage hackers are sort of a kind of digital cartel.

Should we be thinking about them more like organized crime than bored kids in bedrooms? What's the tension there? Well, I think...

ransomware groups, for example, these really, really well-run, highly organized, money-oriented gangs like, I don't know, Evil Corps or Lockbit. There's loads of them. Conti was another one. They are like modern cartels. They are run with, you know, there's someone who develops the malware. There's someone that

sends out the phishing emails or someone that does the extortion negotiations. There's 24-7 customer service on the darknet websites for these things. But the teenage hacking gangs, they are slightly different. They're becoming more organized now with the likes of Scattered Spider, but it is a different type of culture. It's more of a hacking culture than a hacking organization.

I wouldn't necessarily put them in the same bracket. But certainly, if you look at the rise of the teenage hacking gangs, every single step of the way, they've been underestimated. There's a researcher called Alison Nixon, who she features quite a lot in my research. And she came up with this new phrase for these types of gangs. She calls them NPTs, which stands for noob persistent threats. So they're newbies, they're noobs.

But it's a play on this very famous and well-used term, APTs, which stands for Advanced Persistent Threat. So she's sort of poking fun at them. But she says, you know, they're not advanced, but they are persistent and they are a threat. And we should take them seriously. And to be honest, I've been doing this job quite a long time now. And we don't. We don't take them seriously. Every time there's a case like we're seeing right now in the UK, people are shocked because

How can this be done by teenagers from their bedrooms? Well, we know from history that this is how they work. They've just rolled the dice enough times. They just keep on going. Yeah. And also they don't really care about getting caught. This is the other thing about these teenage gangs. Unlike the cybercrime gangs that are based in Russia or places where law enforcement in the West can't really get them, they're

These guys are very grabbable. They're very gettable. In the last about year and a half, there's been six arrests of teenagers and early 20s hackers that are thought to be from the scattered spider culture or community because they're in the UK and the US and they don't protect themselves very well. They don't actually disguise their voices when they call up IT desks pretending to be someone else. Stuff like that, you know, like...

Like it's called operational security. And these groups, these NPTs are terrible at it because they don't seem to care. What are the patterns or dynamics about how young kids get pulled into these communities online? What's the typical trajectory of one of these people?

It's nearly always the same. Every single hacker I've ever met has had the same pathway. It's computer games. So Minecraft or RuneScape or whatever it is, probably Fortnite these days, probably still Minecraft. It's so popular. So you get into gaming and you play with your mates and then you start wanting to be better.

So you buy some extra bits for your character or you find some shortcuts, some cheats. Then you find yourself on a hacking forum and you find ways to become better at the game and cheat the game. Then you find yourself sort of drawn away from the game and drawn towards more fun ways to have fun on the internet, i.e. hacking. And it always starts off as just a bit of fun. What happens if I...

type that in there. What happens if I go into this server over here? Oh, where am I? This is exciting. And then it's, oh, quick, you escape. Oh, that was wrong. I shouldn't have been there. And then it's, hang on a minute, what else can I do? And then it goes on from there. And then as soon as you start bringing money into it, Bitcoin, then it can quite quickly become serious cybercrime. And that's

That is the path that I've personally seen, speaking to all the hackers I've interviewed over the years. But also the NCA, the National Crime Agency, in 2015, they did a kind of massive research of all the convicted cyber criminals. And it was exactly the same. It was step one, gaming, step two, gaming cheats, all the way down until serious cyber crime. So it is a cliche, but it's true.

Where are most of these people? You mentioned Russia. When I think hacking group, I just think, oh, it's the IRA or whatever in Russia. Oh, GRU? GRU, whatever. There's loads of them, loads of acronyms. What is it? Where are all of these? You mentioned these two are notable, or at least Scattered Spider is notable because they're primarily English-speaking in the US and the UK, but that's a rarity.

I guess. It is, yeah. That's probably why they're so interesting as well because we're like, well, hang on a minute, they could be upstairs in the bedroom. So,

If you're looking at the kind of, if we take the whole cybercrime ecosystem, these are the people that are out to make money, defrauding, stealing money, extortion, ransomware, all that kind of stuff. They could be anywhere. But the biggest gangs are organized and run, we think, from Russia, Eastern Europe.

And we know this because there are lots of hints that you get. So for example, I spoke to a guy who deals with ransomware negotiations. And I said, how can you be so sure that they're in Russia? And he said, well, they speak and they plan in Russian on Russian forums. They work in Moscow hours.

And they don't ever answer you on public holidays in Russia. So, you know, there's a few hints there. But of course, the actual affiliates, the people that are carrying out the everyday attacks, we don't know where they are. They could be anywhere. And there was a very famous arrest of an IT expert in Canada who was, you know, an upstanding citizen of the Canadian IT scene. And he was working for a Russian cybercrime gang.

called Netwalker. And I actually, on that one, it was really interesting because someone, one of my contacts sent me the negotiation portal for when Netwalker was extorting this university. And it was during the pandemic.

And I was over the course of about three weeks, I watched this negotiation, this extortion take place. What do you mean by the portal? Like a chat, like a private chat type thing? Yeah, so if you get hit with ransomware, you'll have on your screen, on your computer, it'll pop up saying, hey, you've been hit by ransomware. Go to this darknet website, which is like a jumble of numbers and letters, dot onion, and we can start the negotiation. They always, it's really kind of like,

irritating and frustrating, but they always frame themselves as, we are here to help. Follow this link. We will help you. We'll get you through this. And of course, they're the bastards who are trying to extort our money. But it was fascinating watching this Netwalker ransomware group

extort San Francisco. I think it was the Southern California University or something. And they were like, this is during the pandemic. We are working on a vaccine. Please, we haven't got any money. Leave us alone. And they're like, how much you got? And they're like, $750,000. That's nothing. I can't even buy McDonald's with that. Send more. And it ended up, they paid, I think it was 1.2 million.

million dollars to these guys anyway so he turned out to be in Canada but most we think if you look at the arrests they could be anywhere but they are normally based in Russia then you've got North Korea

They are very, very big on the hacking scene. But what's really interesting about North Korea is they're the only country that we know of in the world that as well as doing cyber spying, which we all do, every country does it, UK and US all over it. But North Korea does that. Plus they steal cryptocurrency and they are very, very good at it. They just stole... Oh my, what was it now? I think it was like...

I can't even remember. It was like $1.5 billion. The country of North Korea or- The country of North Korea has a cyber team that, they've always denied this, of course, but they have a cyber team that is dedicated to making money for the regime by hacking. They used to do banks, but now they do cryptocurrency companies.

But they're unusual. Most countries don't have that. Most countries just have their cyber spies and they're out to project power, steal secrets, in some cases robbing

They'll be used in military. So Russia, we know, is hacked against Ukraine in the war, for example. But most cybercrime is done by criminals who could be anywhere but are largely kind of organized in Russia and Eastern Europe. Why is that area of the world such a hotbed? Have they got lax internal scrutiny from the law enforcement? Is it...

sort of side eye allowed by the state to try and fuck up everybody else. What's going on?

Well, yes. So there's this golden rule if you're a Russian cyber criminal, which is you do not hack Russia or former Soviet states. It's like a kind of unwritten rule. If you do, you get in lots and lots of trouble. And there was a cyber crime gang called Reval or R-Eval. And they were allowed to kind of just run amok for years and years, hacking everything.

left, right and center Western companies causing huge amounts of problems. But then, so the story goes, they accidentally hacked Russia and then suddenly there were some arrests. So yeah, there is that kind of culture in Russia. Obviously, the Russian government denies this every single time it comes up. There was this summit between Biden and

Putin. When was that now? 2021, I think. It came off the back of some absolutely horrendous ransomware attacks, one of which was against Colonial Pipeline, which is a really important part of the US petrol and oil infrastructure. And it meant that there was shortages of pumps and panic buying, and there was no fuel going up and down the East Coast. So this conversation between Biden and Putin, according to him, was like, you've got to stop your people hacking. This

This is no good. And Putin was like, it's not us. We get hacked too. But the evidence really is not really there for that. This episode is brought to you by...

Your body is constantly sending you signals, but without real data, it's easy to overtrain, under-recover and miss your best performance, which is where Whoop's brand new 5.0 comes in. It is the newest version of the wearable I've trusted for 2,000 nights now, giving you everything that you need. 24-7 tracking of your heart rate, your sleep, your recovery, your workouts and more, all translated into clear personalized signals.

simple data. And now it's 7% smaller. It's got 14 days of battery life, health span to track your pace of aging and hormonal insights for women who want smarter support during their cycle and pregnancy and all of that stuff. Basically, it is everything that was awesome about Whoop, plus tons of new tools to help you optimize your health and performance. Right now, you can get the brand new Whoop 5.0 by going to the link in the description below or heading to join.whoop.com slash modern wisdom. That's join.whoop.com slash modern wisdom.

How close are we to seeing cyber attacks being treated as acts of war? Well, there's this thing called, I think it's Article 5 in NATO, which means that when you get attacked...

and it's a confirmed attack, then everyone else piles in. And it's one of the founding parts of NATO, one of the tenets. And some people have said what we've seen in Ukraine, sorry, with the attacks against Colonial Pipeline and others is, oh, could this be Article 5? There was another attack on US government, SolarWinds attack, thought to be from Russia. People are saying maybe that crosses the threshold. But I think people are very, very scared

to bring cyber anywhere near the same kind of seriousness as a missile. When in fact, sometimes the damage can be just as bad. What was that one that tried to get... Was it Iranian nuclear reactors and it waited around the Stuxnet? Can you tell me the story behind that? Oh, just like unbelievable. You have to take your hats off to them. So Stuxnet was an attack by...

They've never admitted it, but Israel and the US against Iran. And they were very worried about the uranium enrichment helping to create nuclear weapons for Iran. So according to the story, the president at the time said, right, well, what can we do to slow them down?

and someone said let's let's hack them and the stuxnet virus was so specifically and perfectly targeted that it only infected that certain system and i think they spread it through usb sticks or something they dropped them in the car park absolutely brilliant um it's dumb but it works that's what they always say in cyber it sounds dumb but if it works it's not dumb um and

It managed to get inside the system of this very specific machinery that they were using in the Natanz refinery, and it sped up the refinery centrifuges so fast that it caused, apparently, we don't know because obviously Iran would never admit it, but we think it caused physical damage and potentially broke some of those centrifuges and slowed them down. We don't know how much it slowed them down. We don't know how much damage was done, but

It's largely been, you know, hailed as one of the most impressive cyber attacks of all time. Didn't it? It was infected some insane percentage of computers around the world as well. Loads and loads of machines had it, but it just it didn't do anything. It was just is this insane?

is this computer attached to an Iranian nuclear facility? No. All right, just chill out. Nothing for you to do. Maybe you'll get, maybe you'll meet someone in future that is. And it just did that over and over again. That's it. And it's really targeted, really precise. And there have been cases where a country is blamed for releasing something like that. You know,

uncontrollable worm that's got out of hand. So there's this one called NotPetya, which was 2017, I think it was. And it was, well, again, Russia would never admit this, but it was thought to be from Russia against Ukraine.

And they hacked into a really popular accountancy sort of software that the Ukrainians used. And it was a worm that spread uncontrollably. And it was a fake ransomware. So normally the thing comes up and it says, pay this and you'll get your files back. But with NotPetya, it was a shredder. It was fake. Even if you paid, you wouldn't get anything back. And that spread from Ukraine all over the world. Hundreds of countries affected by this.

and it caused, they think, the most damage of any hack ever. I can't remember the figure now, but it was... I know one company lost a billion. Maersk, the logistics company, they were back to pen and paper. So they had ships coming into harbors. They didn't even know what was on the ships. They didn't know how to unload it, where it was going.

absolute carnage and it cost them well over a billion. I can't remember the details. This is like the Wuhan Institute of Virology equivalent of an online worm. Exactly. And you can't stop it. The only way to stop it is to

inoculate all the computers so that if you get it, they don't get ill. It's like a vaccine around the world. What are the ways that cybersecurity firms find these sorts of hackers? Like, what is it? I know TTPs is sort of part of this, but I don't know. If you're good enough to construct a worm that does ransomware and scrambles and does all the rest of it,

I have to assume that you're good enough to be able to hide your tracks. So it's, yeah. How did the security companies track down who caused it? Well, a lot of it is follow the money, because if you can follow the trail of cryptocurrency and Bitcoin, then you might be able to get them. But thinking about that, there's a part in my book where Julius Kivamaki, this guy that we follow all the way through,

He gets caught. One of the ways that they find out it's him is because he does the biggest self-own in cybercrime history, an absolute monster of a blunder. Someone in the book called Antti Kuritu, who's a cyber expert, he says that everyone thinks that cybercriminals are masterminds when they're carrying out the hacks.

but they're not masterminds at covering their tracks. They often get a bit lazy or a bit arrogant about that part of it because operational security is really, really hard. So this guy, Kibamaki,

He starts sending out, he's got all these, the patient data of psychotherapy patients all over Finland, 33,000 people. He's managed to steal all the notes from the therapists. So he starts extorting the company by releasing every day 100 new records. And yeah, this is the kind of stuff that you do not want on the internet. Like the stuff you say to your therapist is,

is the most sensitive information probably that you could ever hope that, you know, stays safe. So,

Day one, 100 records. Day two, this is on the dark net. Day two, another 100 records. Day three, another 100 records. But then he says, to make it easier for all the people on the forum, here's a bulk download. So you can download all 300 patient data notes instead of having to do one after the other. Then he goes to bed. And then what he doesn't realize is he's accidentally uploaded the entire database of 33,000 patients.

So he's given away all his bargaining chips, but also he's accidentally uploaded his entire home directory for his computer. So it's like, for example, I want to send you an email.

I accidentally send all the emails in my inbox and all the attachments and every folder on my desktop as well. Wow. So the police found this in the morning and they obviously downloaded it as quick as they could. He woke up and he realized that what he'd done and he starts deleting files from the server. The police find an IP address, which is a internet protocol, which is like tells you roughly where the physical computer is.

They find an IP address in that home directory accidental dump for a cloud server company, which is only half an hour away from them in Helsinki. So there's this race against Ransom Man, that's what he's called, deleting everything as he's going because they've got this massive server that could potentially give them all the clues they need. They get to the server farm, pull out the internet cable,

severing ransom man from his server. I put it like this. If you imagine a drug dealer, the cops are arriving. He's trying to flush all the cocaine. But then suddenly, I don't know. They cut off the water or something. Exactly. Something like that. So nothing he can do. So then they had this massive server full of

of all the evidence they needed to track him down. It was a little bit harder than that. He did try and use aliases and that kind of thing. But there was just so much there on that server that led them back to him. And that's what ultimately led to his conviction. So it's that kind of thing, those mistakes that can be made. It's rossolbrick.gmail.com. Yes. That kind of thing. Yeah. Like if you're going to start the biggest online drug selling net

in human history, make sure that your old forum posts aren't linked to your name at gmail.com. But that's a really good example, isn't it, of how...

someone's online presence can start, you know, innocently enough. You're building something, you're a software developer, you're just asking for advice. You don't know that in five years' time, you're a massive mastermind. Yeah, you've got to future-proof yourself. Be careful what RuneScape username you use in 2012 because God knows where you're going to end up 14 years later. Yeah. Okay, so... I'm giving advice now to... I welcome our...

internet overlords my operational security is horrible uh okay so another hack that i knew about one of the most famous ones uh the christmas hack of computer games and it seems like this sort of kicks off a lot of the story that you've been following so what what first drew you to this what's the story behind lizard squad give me the give me the overview yeah so um 2014 christmas time

There was a ginormous DDoS attack, which is a very low level form of hacking. It's like I liken it to when Glastonbury tickets go on sale, everyone lands on the website and accidentally the website crashes. It's like that really in cybercrime. If you get enough traffic into a server or a website, you can bring it down.

So the Lizard Squad were part of this, as I said earlier, this conveyor belt of these teen hacking gangs, these NPTs that emerged in 2010s. And they decided they were going to go after not just Xbox Live, but PlayStation Network as well. And I still don't really know how they did it, but they managed to bring these services down for hours and hours on what was the busiest time of year, Christmas Eve, Christmas Day, Boxing Day.

So that was, coincidentally, that was the first story I ever covered. And I went into the Sky News. I used to work for Sky News. And I walked into the Sky News newsroom. I think it was like very early on Boxing Day or the day after Boxing Day.

And they said to me, have you heard about this massive hack these kids have done? I was like, what are you talking about? No. So then I looked into it and I couldn't believe the power that these kids could wield. I found it absolutely fascinating. So my news editor came over to me and he said, um,

Riley's called, who's the head of Sky News. He says he wants a lizard on air tonight. So I was like, right. How on earth am I going to get one of these anonymous lizard squad hackers to do a TV interview in six hours, seven hours, whatever it was. So anyway, I managed to find one.

And it turned out to be this kid who was, I think he was 16 at the time, 17, calling himself Ryan. And we did an interview and it was... Hang on, you've jumped ahead. How did you find him? Oh, just like going after...

person who says they're involved and then that turns out they're not then another person then another i don't even know i couldn't tell you how i got to him but in i went through i know one of the people i went through was this guy called vinnie who was part of lizard squad it's kind of like an adjacent member he didn't he said he didn't really do anything for them and i believe him and he was cleared of all wrongdoing um and he actually lived in twickenham which was like

three miles away from the newsroom. So, so he, he promised he would get me this, this, this kid, Ryan, who was a part of the gang that took out these, these gaming services. So anyway, I did this interview with, with Ryan and,

who it turned out was Julius Kivamaki. That's one of the aliases he used was Ryan. And that kind of really sparked off in my mind this fascination I've had ever since with cybercrime. And I've tried to keep tabs on Ryan or Julius ever since. But then the trail ran cold because he disappeared for a while. So then when he pops up as potentially the person behind this

ginormous hack in Finland on the psychotherapy centers called Vistamo I thought wow he has had a career and my money Kivamaki is the most hated hacker in history and

Not just because of the Vestamo hack and the PlayStation and Xbox one, but also there are lots of times in that sort of 10, 12 year cybercrime career where he's done some really hateful, nasty stuff to not only people that he wanted to go after, but fellow hackers as well. What like?

So there was a Sony executive called John Smedley who fought back a bit on Twitter against Lizard Squad. He used to be a prolific tweeter and he sort of fired back some tweets against these kids and they didn't like it. So they went after him pretty badly. And one of the things that Kid Amaki did was he found out that John Smedley was flying from

I think it was from Phoenix to Houston or somewhere. I can't remember where it was. And he convinced the airline that there was a bomb on John Smedley's flight and it had to get escorted by fighter jet to a different airport where he was questioned at gunpoint and all sorts. Stuff like that. And there is a litany of situations and incidents where Kivamaki has done some really

horrible things what you said about um what he's done to other hackers as well what's in that list well there's a there was a kid called blair strater who um i spoke to in the book and kivamaki led probably a three-year harassment campaign against him have you heard of swatting

Not SWAT team? Yes, yes. Where you pretend, you call up the police and you say, there's a... Armed, whatever the fuck. I'm going to kill someone or whatever. Yeah. And the SWAT team arrive and it's really dangerous and people have died. So they would do that.

all day, all night for months against Blair Strayter. They've also got this weird thing, which is still a thing now. I don't really understand it, but when you get doxxed, your documents come online. So that means that everyone knows where you live, your real name, all that stuff. So for a hacker, that's a pretty bad situation to be in if you're doxxed. Because the whole point of it is you're anonymous and you're powerful and you can disappear at any moment. So with Blair...

They doxed him, and then Kivamaki and others would send him pizzas, Chinese takeaways, all these kind of deliveries. At one stage, a lorryload of sand and gravel arrived at his house.

Personally, if a free pizza turned up at my house, I'd be happy about it. But when you talk to people who have been victims of this for months, it becomes horrible because you are on edge the whole time and the delivery drivers want paying if you haven't paid them and they get annoyed with you. So that kind of harassment is not nice. There was an article written by another journalist called Kevin Roos who interviewed the Strayter family around this time when it was really bad. And the article was called

haunted by hackers. And I've always thought that's such a good headline because for Blair Strayer and his family, that's what it was like.

A quick aside, grooming isn't just about looking good. It's about feeling good and the right tools make all the difference. That's where Manscaped's Beard and Balls Bundle comes in. It comes with their Beard Hedger Lawn Mower 5.0 Ultra and all the essentials that you need to keep looking sharp from head to toe. The Beard Hedger is your precision trimmer featuring 20 adjustable lengths so you can dial in the perfect style, whether it's light stubble or a full Burt Reynolds stash like...

I'm rocking here. And for downstairs, the Lawnmower 5.0 Ultra has a cutting-edge ceramic blade, reduced grooming accidents, 75-minute battery, waterproof technology, and an LED light. So you could use it as a flashlight if you needed to scare off an intruder, perhaps. Right now, you can get 20% off and free shipping on the Beard and Balls bundle by going to the link in the description below or heading to manscaped.com slash modernwisdom and using the code modernwisdom20 at checkout. That's manscaped.com slash modernwisdom and modernwisdom20 at checkout.

Yeah, it's ruthless, man. Okay, so you sit down with this guy. You don't know. I mean, this is what, 2014? 2014, yeah. The first time you do it. What stuck with you from that first interview? Just complete lack of remorse, caring, smirking throughout the entire interview. A lot of honesty. He didn't sort of make up. So he denied his face?

No, not at all. Not at all. No, no. He turned up to the Sky News interview on Skype, fully didn't disguise his voice, his face, didn't give a damn. Surely that's a bad idea. This is what I'm saying. OPSEC is terrible. These NPTs... But surely that's something different. That, to me, seems like operational security is covering your tracks. That seems more like a purposeful middle finger.

Absolutely. Oh, yeah. And don't forget, well, you don't know this, I don't know how far you got in the book, but at this point, Kivamaki was already under investigation. He'd already been arrested. He was on bail.

So you've got to factor that in. Wow. But, but, but, you know, Kibamaki and there's a few others like him in the last kind of 10, 15 years. They're a different breed. So you've got the MPTs who don't care. They're out to,

cause chaos, get some money, bit of infamy. Then you've got the kind of... Alison Nixon, the researcher I mentioned earlier, she calls them the centers of gravity. There are certain teenage hackers who they are

They are the center of their gangs and everyone follows their lead. And you don't necessarily have to be the most technical to be that center of gravity, but you have to be the most ballsy, anarchistic. Charismatic. Charismatic. And you don't care. And the thing about that Christmas Day hack was he appeared on the interview, fully face and voice. And yes, it came very quickly afterwards. There was a knock on his door by the Finnish police.

But they never got him on anything. All the things he told me, either they didn't find evidence or they were too busy on his other cases to look into it. But as far as I'm aware, and if you look at his court records, none of that was taken into account with any subsequent convictions. Do you know what he did in between that and the mental health hack?

Not really. I know that he traveled a lot. I know that he was carrying a lot of Bitcoin. I spoke to one fellow Lizard Squad hacker who he went out with in the Netherlands on a jolly, and he was carrying a hardware crypto wallet. And it had something like $50,000 worth of Bitcoin in. And that was apparently just his holiday spending money. And of course, that Bitcoin now would be worth something like $12 million.

But you're right. There is this gap in his story, which I would love to find out what happened. But the actual hack happened in 2018. So he stole the Vostamo database of psychotherapy patient notes in 2018. So there wasn't like a huge gap. It didn't go to 2020. But yeah, there was a gap. There is a suggestion that

by a Finnish journalist, which is yet to be confirmed. And it's all alleged and, you know, huge pinch of salt with this because I haven't, we don't know if this is true, but he thinks that Kivamäki might be involved in a, in a, in a hacking sort of hacking cyber crime thing that happened around that time, which was,

Kivamaki aside, whoever did this, it's like the perfect crime. So what they did, I'm not going to say Kivamaki because we don't know if it was him, but what they did was they found a website on the clear web. So that's the internet that we all know and love that was advertising darknet drugs marketplaces. So it had links for the darknet links. So like, as I say, jumble of numbers and letters dot onion.

He hacked into that and then changed the links for those dark net websites to his own fake dark net marketplaces, which had all the things you would imagine, like buy your Coke here, buy your MDMA here. But all the money going into that marketplace was going into his pocket. And I spoke to the police about this. I was like, if that is Kivamaki...

Why aren't you looking into that? Like, why isn't that part of your investigations now that he's behind bars? You know, aren't you investigating this? And the guy, Marco Lepinen, the Finnish police officer said, we haven't got any complaints. There are no victims.

Because, of course, no one's complaining. No one's complaining. The cocaine that I tried to buy on the dark web, I didn't receive my order for that. Exactly. It's the perfect crime. The perfect crime. But anyway, I don't know who's behind that one. But there is some vague suggestion that some journalists have made. How did he do the Vestamo hack? Do you know?

Yes, it took about four minutes. It was awful. The security at Vistamo was terrible. And there have been convictions. The CEO has been convicted. He's appealing it, but the cybersecurity practices at that company were very, very poor. So he did a scan of open servers with no passwords. He logged in, saw it all there, downloaded it. It must have been... Well...

No one knows why he did it in 2018, but then he didn't do the extortion until 2020. But my theory is he couldn't believe his luck. He downloaded it and then sort of sat with it for a long time. Waiting to see if someone's realized. I think so. Because, of course...

At some point, we don't know why, in 2020, he decided to extort the company. Ran out of Bitcoin to party with. You know what I mean? I need to fund the party fund. But that's my other, the other really mysterious thing about this character is that we don't know why he did it. Because apparently he did have enough money. Apparently he was and is very wealthy. The court fees alone, the lawyer's fees to try and defend himself, absolutely humongous.

And part of his defense was, why would I do this? I've got loads of money. And then they say, well, how much money have you got? And he says, I can't remember. It's all in Bitcoin. It fluctuates by the day based on what the price of Bitcoin is. So why did that hack hit differently? What was it about the Bestamo hack that caused such uproar?

Well, data breaches happen all the time. Data is stolen from people all the time, from companies all the time. And to be honest, it's a kind of just like a little bubbling thing that happens in life all the time. And we kind of like take it for granted. There aren't many situations where people actually are badly affected by that. But when you've got a group of people who are already vulnerable because they're in therapy, some of them have had

horrendous lives, childhoods. Some of them are children. And when you get that kind of insight into their lives through the psychotherapy notes that the therapist is writing down, like I said earlier, that kind of data is the most precious of them all, isn't it? So that in itself is pretty bad. Stealing that data is pretty bad. But then what happened

Next was run of the mill. So he went to the CEO of Astamo and he said, give me 400,000 euros worth of Bitcoin and I won't publish the data on the internet. That didn't work. So then he started releasing them on the internet, on the darknet, as I described, 100 a day, which would have carried on if he hadn't have messed it up. And then after that,

He went the step even further and he sent out emails to every single one of the victims he could find email addresses for, which is about 27,000 people. And they all received an email in their inbox on Saturday night after they got out of the sauna in Finland, because everyone has a sauna in Finland on a Saturday night. And they saw in their inboxes an email from Ransom Man saying, I have got your notes, pay me now or I will put them on the internet.

And if you can imagine the kind of impact that would have on you or on me, that's horrendous. But you've got to put yourself in the position of people who are already in the lowest of low. And I spoke to lots of the victims and some of these people have still got PTSD and some of these people are scared to leave the house. And the impact, the long-term impact is absolutely horrendous. Although the evidence is,

has never been presented. The lawyer that represents about 4,000 of the victims, she says that two of the families have said that people have taken their lives over this. Did he send that extortion email after he accidentally leaked all 33,000? Yep. Right, okay. I think it was the last roll of the dice to see if he could make some money out of it. Yeah, yeah, yeah. Okay, so he...

face plant he ross ulbricht at gmail.com's his own computer onto a server the police realize it's 30 minutes away they get in the car they run down there they unplug the computer the internet from the servers they now have the servers and they start to do cyber forensic yeah stuff yeah took a long time but they managed to come up with a name

The funny thing was, of course, even before the servers, people were wondering, could this be Julius Kivamaki? Because he was so infamous in Finland by that stage, as all the teenage stuff he'd done.

And then they, in 2000, I think it was 2022, they decided they had their man and they wanted to start finding him, but they couldn't find him. So I think it was late 2023 that they, no, it was late 2022 that they put out an Interpol red notice for him. So they didn't know where he was. They had a feeling that he was somewhere in Europe.

but they didn't know where. So they put out that it's a bit of a nuclear option, actually, and a bit controversial because Kivamaki has always said they could have just asked me and I'd have come back. Whether or not he would have done, I don't know. Anyway, so this Interpol red notice went out for him and the detectives in Finland kind of just got on with other cases. I don't know what a red notice is. What is that? Oh, sorry. It means that if you are found anywhere in the world, if you've got a red notice out for your arrest, they can arrest you like that.

And then they send you back to wherever the Interpol red notice came from. Assuming you're somewhere that's got extradition. Oh, yeah. Yeah. Yeah. Should have gone to North Korea. Could have been. That's his mistake. So they put this notice out and then they kind of got on with other things. And then remarkably, there was this...

stroke of luck in Paris, whereby someone called in a domestic incident disturbance in the early hours of, I think it was February 2024. And the police, the French police went to the house and they were expecting it to be, you know, a woman being abused or something like that. And they opened the door and everything was fine and there wasn't any danger. And this man sort of, it was after a night out, so I think he was a bit hungover and still asleep.

They dragged him out of his bed and they just did some ID checks. And he was traveling on a passport for someone called Assan Ahmet, which is a Romanian passport. And they were like, well, hang on a minute. This guy is six foot four, green eyes, does not look like a Romanian called Assan Ahmet. So they ran some checks.

And somehow they unearthed the fact that this was Julius Kivamaki. So they arrested him on the spot and took him back to the- Do you know what the disturbance was? Well, the call went out from a woman who'd been out with the woman and Kivamaki that night. And apparently there'd been a big row and she hadn't answered her phone and he was being abusive and aggressive and

But then if you ask Kivamaki, which some journalists did afterwards, apparently it was someone who knew that he was hiding. And they did it deliberately to get police to know where he was. Again, not a very liked person. Yeah, he didn't seem like a good guy. Okay, so he then gets extradited from France? Yeah, back to Finland. And then so begins this...

months-long time period where they were putting together the case against him in time for the trial, which was in 2014. No, 2034, sorry, and led to his conviction. And what was the court trial process like? Claims, defences, and the sentence and all of that?

Yeah, so the police had a giant folder of evidence against him, not only for the hacking, but also for the blackmail. It took police ages to get that evidence together for the actual blackmail part of it because they had to go to, they wouldn't say which US tech giant, but they had to go and kind of get some evidence from them. And it literally took like 18 months for police

Google or Amazon, whoever it was, to send back some details about it. But that was one of the crucial pieces of evidence that they needed. And eventually, yeah, he was convicted in Finland.

They don't have juries. They do it all by judges. There's three judges that decide. And they found him guilty on all counts. But what was really interesting is that every single time that it said in the paperwork, Kivamaki either by himself or with others. So every charge came with that because they're never quite sure whether or not he did it on his own or not. They think he might have had help from somewhere, but they don't know where.

There's some discussions right now happening in Finland, like this week, about whether or not there's a suspect in Estonia that might have helped in some way, but we don't know. But the conviction happened. They said they didn't have anything that... They said that in the totality of the evidence, he's guilty. But if you take each individual one, they couldn't quite pin him on each individual one. It's a strange thing, but the prosecutors are very happy. The police are very happy. They said that

They took everything kind of holistically and said, right, yes, he did it because of all these bits. None of them are kind of like a smoking gun, but all of them together were enough to convict him. What was your reaction to the arrest and the trial and stuff as you were following this going on? Because obviously this was a decade after you first sat down with this guy. There must have been a slightly, I don't know, out-of-body experience for you to see it occurring. Yeah, it was bizarre because...

I just had a feeling all those years ago that this kid would be worth watching. And there were rumors at the time that he'd kind of fled with a stash of billions of Bitcoin and stuff. And I've always been fascinated about what happened after the Lizard Squad takedown at Christmas. And being in the courtroom, seeing him as now, I think, 26, 27 years old,

Still cocky, still smiling, still not really caring about anything, was absolutely fascinating. There was this bizarre moment in the trial where he applied for bail.

because he was in prison and he was having to leave prison each day to go to the courthouse. And he applied for bail to be released so he could be a free man until the end of the case. And although the police objected, because they were worried he'd be a flight risk, the judges agreed. So he was let out. And then the police were like, whoa, whoa, whoa, what are you doing? This guy is not going to be

We can't pin him down. Why have you let him go? So they very quickly appealed and the judges were like, oh yeah, okay, quick, get him back in. He wouldn't come in. He disappeared. They couldn't find him.

Where did he go? Well, the police kept calling him and said, you've got to come back in, court order. And he's like, I'll see you on Tuesday. This was like Saturday. I'll see you Tuesday when the case starts again. They're like, no, no, come in now. He's like, no, no, I'm fine. So anyway, they found his social media handles or somehow like some obscure forum handle that he was using in the past. And he posted a picture of himself

his hand holding a bottle of really expensive champagne. And they saw from the background that it looked potentially like a kind of Airbnb. And then they figured out that there's no way he could have got an apartment. He's not in any hotels. So he's, he's, he's like, there's very only small places he could be. And they looked at all the pictures of all the Airbnbs in Helsinki and

And then got the right one, rang the doorbell, and there he was. Holy fuck. They geoguessed their way to finding him. Yeah. But all the court cases I have covered in my time as a journalist...

People arrive in a suit and they're really polite and they try really hard to make the jury and the judges realize they're good guys. But just it's classic. You know, that's that character of that teenage cyber criminal who's just got away with it for so long. What is it? Yeah. Yeah. What?

What is it about his psychology? Is he completely detached? Is this guy a psychopath? Is he just really cocky and out for recognition? What do you think is driving him? Well, one word that kept coming up is sociopath. And

It's really difficult and dangerous, I think, to kind of throw these things around. I'm not a clinical psychologist. I can't decide on that kind of thing. But one of the guys that used to hack with him back in the teenage days says that the thing about him was he just wanted to sort of watch the world burn. He just wanted to cause chaos and damage. One of the cops said that it's like the kind of guy who likes to get in a fight in a bar

but he can do it from behind the computer to protect his bone structure.

which I've always quite liked. But I don't know. I don't know. I'd like to sit down with him. I tried to get an interview with him during the trial and he said yes and his lawyer said yes, but the judge blocked it at the last minute. So I wasn't able to. And then we were talking on text and then he just stopped talking to me. That was about when he disappeared actually. So maybe that's why he stopped talking to me. And I've tried many times to contact him while he's been in prison, but he won't answer my letters.

Dang it. So, yeah, he remains a bit of an enigma. How long's the sentence? Very short. He'll be out in probably a year and a half from now. You should have just waited to publish the book. You didn't need to publish it now. You can do a follow-up. Like the paperback. The paperback. Paperback can have a...

Yeah, a little appendix, additional chapter. That's the usual way that authors do it. Well, with what's happening right now with M&S Co-op and Harrods, I think there could be enough for another chapter when the paperback comes out. A.

We've just brought up, we've doubled sales. We've doubled sales, haven't we? So I'm interested in this Maxim Yakubets guy as well that you went and tried to track down. It seems like you have a penchant for trying to find Eastern European young men. No accusation, but you do seem to have a skill for it. So what's the story of him and Evil Corp and stuff like that?

Yeah, so Evil Corps are the kind of OGs of Russian cybercrime. They were there from the beginning and they evolved as the cybercrime ecosystem evolved. And they've been kind of run and led by a family, the Yakubets family. And Maxim Yakubets was the most wanted cybercriminal in the world. There's a 10 million...

a dollar reward out for his arrest, him and his right-hand man, Igor Turashev. So we decided in, I think it was just for the pandemic, so 2019, that we would try and go and find him in Russia. Because one of the things that I became a bit annoyed about was that the West points fingers at these people

UK, US and says, oh, they're cyber criminals. They're guilty. They've done this, that and the other. They've stolen $100 million worth of money from innocent people around the world. But you never hear from the actual cyber criminals themselves. You never actually, they never get a chance to kind of have their say. I know that sounds silly, but as a journalist, like it's kind of like my job. And that's the bit that interests me is like hearing both sides. So I was, I remember I was sat in the garden there and I was just like,

thinking one afternoon, why don't we go? Why don't we try and find these people? So we did. And we searched around Moscow and we got all the addresses that were known about them and tracked down their supercars and tried to go to the garages that they were at. And I managed to find an address that we thought was Matkim Jakobets, but it was actually his dad. But we went there and his dad opened the door and we had this absolutely amazing

for me, unforgettable interview with, um, with, uh, Yakubet senior, uh, where he was like,

was so angry with the West accusing his son of being a cyber criminal. And I was saying things like, speaking through my producer, reporter, translator, like, well, how do you explain the Lamborghinis? He's like, well, they could be rented. So how do you explain the quarter of a million dollar wedding? Well, we don't know how much it was. Have you seen the paperwork? It's like, well, no, but I went there and spoke to the wedding organizer. And he had an answer for everything.

And what was fascinating about that and what's become even more fascinating is we went there in 2019 and put the documentary out. And I think it was last year, the National Crime Agency gave us loads more information about Evil Corps. And they said it wasn't just these seven or eight men. It was also the dad. He's a part of it.

He's in some way involved, money laundering. You met the mastermind. He was in front of you. You could have snagged him there and then. Yeah, yeah. So yeah, that was an amazing trip. But I didn't enjoy it. It was the worst assignment I've ever been on. And I went to Ukraine as well during the war, but this was worse. The Moscow trip was worse. Why?

Well, you're in a... There aren't many countries that you go to that are kind of like adversarial countries that are...

um they're not friends of the uk and the bbc out there is seen as an arm of the british government even though of course we're completely independent so like there's that plus i'm going there to track down cyber criminals who we know have got links to the kremlin um and it was really intimidating the entire time we thought we were followed at one stage we flew out to um this place called yoshka ola which is about a thousand uh kilometers east to try and find um

uh, Igor Turashev. And we were convinced there were guys in the airport who we saw, who we then saw our hotel. Um, so that, that kind of thing, you know, isn't, isn't nice. And I'm here complaining, but really, um, the, the, the one that got off the worst was my, um, fellow reporter on the story with me, Andre Zakharov, who, um,

which was and is a very talented cyber reporter but he helped me out with the whole story and he was there the whole time and maybe it was that or maybe it was something else but he was very quickly put on the enemy of the state list um after shortly after that and he had to flee the country no way because of the work that you did together we don't know if it was that because he's done a lot of provocative to the crime right okay okay an illustrious history of pissing off the it was after that

It was after that. He thinks that it was possibly the straw that broke the camel's back. But before he decided to leave, he was followed around the entire city by some nasty looking men for weeks and weeks and weeks, horribly intimidating for him. He is a superb journalist and I'm still friends with him and I know he's doing well now. But yeah, I can't complain about my...

my handling or treatment when andre had a really tough time wow i got scared in a hotel wow at least i get to stay in my country though you know at least i'm in my home country still that's nice i'll tell you though when i got back i installed a security camera system around my house because i was i just started feeling a little bit intimidated because i once interviewed a guy who um

He decrypts ransomware. So like when ransomware is deployed in the system, it scrambles your files. You have to pay them to get the key to unlock it. This guy, Fabian Wasser, is an anonymous researcher from a company called MCSoft. And he is so good.

at building his own decryptors that the hackers absolutely hate him. When he's searching through a piece of malware, he has found on more than one occasion, fuck you, Fabian. Stuff like that. No way. Right in their code. In case he's looking. In case he finds it, yeah. Because they hate him so much. And he fled his country. He fled Germany because he was so scared of, you know, some of these gangs are...

are very, very rich. And it wouldn't be much to drop, you know, 20 grand to go and get someone's legs broken or whatever. What was the fallout from that CrowdStrike thing? Because you've just held up a cool toy model thing. So CrowdStrike, cybersecurity organization,

of cool figurines, but also subject of a lot of bad press only at the start of this year. First off, what the fuck happened? And secondly, what was the comeuppance of that? Because I kind of heard about it. It was a huge deal. Loads of shit happened and then

nothing well give it time there are some big court cases against crowd strike right now there are companies like um oh is it united the airline in the u.s um they are they are trying to sue crowd strike for something like 7 000 flight cancellations across the day that the crowd strike caused the world to implode so the crowd strike problem was um

Was it this year? This year has flown by. Maybe it was this year. Anyway, so they did an update for their CrowdStrike software. And they're like an antivirus company. But it was a year ago, 19th of July, 2024. Oh, it was, okay, last year. And so CrowdStrike is a kind of like antivirus company, one of the biggest and best in the world, and used by some ginormous corporations, including United, to protect systems from cyber attacks. Right.

They did a really innocuous update where they sent through some really tiny bits of information to keep the software up to date. It completely bricked the system. It caused the blue screen of death on something like, I think it was two and a half million computers around the world. And that's not just computers like we're talking on now. That's servers that run airlines, those kind of computers.

So, yeah, the world went mad for, I think, like three days.

No computers running, flights cancelled, online services down, shops offline. Massive, massive problems. It was like some sort of apocalypse was unfolding. But we bounced back. We're still here. The best image that I saw of that was someone's smart fridge. The front screen of a smart fridge, which is...

Yeah, you got BSOD'd on a fucking Samsung American chiller. Yeah, it's just, you know, there is kind of like the Uncanny Valley...

But the equivalent of that for smart homes, and I still don't think that we're out of the other side of it. I think that most houses would benefit from a physical switch on the wall for most things. And that a nice, quite simple up and down, your fridge does not need an app.

No. I mean, look, Echo Water, that's a hydrogen water company that I love. I love hydrogen water. I think it's awesome. It's like big revolution in hell. What's hydrogen water? So it's a special type. I haven't got it here, but like imagine that this flask was able to hydrogenate the water. So it's actually all self-contained within the, the,

unit itself. So it's a kind of hot thing. It'll be in the UK in five years' time. It's big in America. It's coming big in America. It'll transport over the Atlantic in about five years' time. They have an app

for your fucking for your flask and it allows you to change the color of the led and it tracks how much water you've drank and i'm like it's cool i love the product but the app to me and then there's they did a battery update that you need to over the air update your flask from your phone i'm like guys yeah yeah i know it's cool but there is a there is just a little this and i think look if

you know, CrowdStrike issues another update and I can't get my hydrogen water out of my echo water flask. I'm going to be pissed. So I think the way that you, or the way at least that this seems to be explained is that the hackers are always going to be out ahead of governments, they're going to be coming up with increasingly innovative ways to circumvent both security systems and law enforcement to try and track them down.

Is regulation ever going to catch up with how fast dark web hackers, crypto economy stuff can evolve? Like, is this is there a light note at all here or are we just kind of in it for the long haul? Make sure that you've got a password manager downloaded. Yeah, I think.

I think there are some things that we can do right now today that would make it so much harder for hackers, but we don't because there's a thing of security versus convenience. So reusing passwords, keeping your software up to date, etc.

actually, you know, when you think about CrowdStrike, that was one of the things about CrowdStrike that was so bad was that the people that kept their software up to date, which is what we're being told all the time, they were the ones that got hit. If you hadn't have done the software update, then you were fine because it was that thing that bricked your system. But no, generally speaking, CrowdStrike aside, keep your software up to date, do two-factor or multi-factor,

good passwords. And it sounds so obvious and I'm bored saying it. And I know I can see you falling asleep, but if we all did this, then the world would be, the cyber world would be a safer place, but we don't. There's a lot of things at the moment about quantum computing and AI and deep fakes and stuff and how this is how the hackers are getting in these days with all these whiz bang new things. They're not. If you look at the list of how hackers are getting in, it's the same old stuff.

Someone said the other day that nothing in cyber has changed for 20 years. Social engineering, find a person who's prepared to let you into the system, go from there. Yeah, but also, once you get in, they're not using the latest and greatest techniques to move around a system. They're going through something that should have been patched a year ago or two years ago. How much truth is there to this idea

quantum computing will be able to make all encryption totally obsolete because it can work out prime numbers in the space

split of a second and everyone's fucking Bitcoin is going to be owned by one guy and all of our passwords are going to be released. Yes, they call it Q day, the day when the quantum computers can break encryption. And there's this thing called, I think it's something like grab now, encrypt later or decrypt later. So the idea being that if you ask it harvest now and decrypt later. So if you're a spy agency, for example, you

China or the UK or the US, you can grab all of this data that at the moment is encrypted. So all the most important vital communications are done with really high-grade encryption. So if I'm President Trump talking to Prime Minister Starmer, we will talk on a really, really secure line, which if I grab that, it just comes out as gibberish. But if I grab it now, I might be able to make it un-gibberish

Oh, fuck. That's the worry is that, yeah, was that Q day will mean that kind of thing happens. But I'm trying to be positive. It is a concern. The National Crime Agency recently put out advice saying like the deadline is 2030. I think they said you need to get everything encrypted online.

in a way that is post-quantum encryption safe or post-quantum safe now because of what I just described. I'm just having a look here. This is a friend's. A job advertisement for the new head of cybersecurity at His Majesty's Treasury in Britain provoked derision because of its stated pay of £57,000 a year. That was...

the total annual salary around about $70,000 for the head, the head of cybersecurity of his majesty's treasury in the UK. Yeah. Yeah. It's a big problem. Have we considered low pay as a vector of risk, like just disgruntled workers as a potential, you know, I mean, you don't. Yeah. They call it an, they call it insider threat.

They call it insider threat because sometimes there will be people in high levels of power who could be corrupted. But, you know, that's, I don't want to start, you know, I think that's rare. That's a rare thing that we see. They think potentially this is all alleged and all, you know, reportable.

Reports have come out, so I'm not saying this is what's happened, but there's a big thing at the moment right now with Coinbase where lots and lots of people have had their crypto stolen or exposed, and they think that might be inside a threat. But...

Yeah, you mentioned the salary there. The problem with cyber jobs is that you can get paid a lot of money, but not really in the public sector. It's all in the private sector. Of course, we need very good people to be in the public sector, protecting the way more important stuff. Yeah. Joe, you're fucking awesome, dude. You're really great. Books fantastic. You're a wonderful communicator. Where should people go? They want to check out all of your stuff.

Oh, it's, yeah. So my book is called Control Alt Chaos, How Teenage Hackers Hijack the Internet. And it's out on the 5th of June. The book launches the 3rd of June. That's why I got confused. And then it will be in all the usual places and on audiobook as well. And it's also coming out in Finland and it will come out in the US in January as well. Hooray.

Hooray, dude. You're brilliant. Good luck doing more investigations. I look forward to speaking to you again when you've found some more awful people from the Eastern Europe that we can talk about stories to do with. Thank you, mate. Thanks for having me on.

If you're wanting to read more, you probably want some good books to read that are going to be easy and enjoyable and not bore you and make you feel despondent at the fact that you can only get through half a page without bowing out. And that is why I made the Modern Wisdom Reading List, a list of 100 of the best books, the most interesting, impactful and entertaining that I've ever found. Fiction and nonfiction and real life stories. And there's a description about why I like it and there's links to go and buy it.

And it's completely free. You can get it right now by going to chriswillx.com slash books. That's chriswillx.com slash books.