Exclusive Brett Johnson Interview.

Show Notes

U.S. Secret Service called him the Original Cyber Crime Godfather. Now the infamous Good Guy will address top security tips we all want to know in our new Exclusive Brett Johnson interview. 

Brett joins Cyber Crime Junkies to discuss:  

• effective ways to protect people from cyber crime, 
• latest tik tok ban,
• effective ways to protect business from cyber crime, 
• best ways to protect business from cyber crime, 
• how can we spot fraud in business, 
• top security tips we all want to know, 
• top ways to prevent account take overs, 
• top ways to prevent facilitated fraud, 
• top lessons from joe sulllivan, 
• lessons learned by joe sulllivan charges, 
• fraud found in fintechs, 
• financial cybercrime.

Video episode: https://www.youtube.com/live/avtv95mHM_A?feature=share

Thanks for Listening and Watching. PLEASE
CONSIDER SUBSCRIBING. It's FREE and it will help us to help others.

Our Video
Channel @Cybercrimejunkiespodcast https://www.youtube.com/channel/UCNrU8kX3b4M8ZiQ-GW7Z1yg

Connect with us.
DAVID MAURO Linkedin: https://www.linkedin.com/in/daviddmauro/
Cyber Crime Junkies Linkedin: https://www.linkedin.com/in/cybercrimejunkies/ Cyber Crime Junkies Instagram: https://www.instagram.com/cybercrimejunkies/ Cyber Crime Junkies Facebook: https://www.facebook.com/CyberCrimeJunkies Podcast Cyber Crime Junkies: https://cybercrimejunkies.buzzsprout.com

Site, Research and Marketplace: https://cybercrimejunkies.com -

David, Mark, Kylie and Team @CCJ

Try KiteWorks today at www.KiteWorks.com

Don't Miss our Video on this Exciting KiteWorks Offer!

Try KiteWorks today at www.KiteWorks.com

Don't miss this Video on it!

The Most Secure Managed File Transfer System. 

• Watch Video Episodes! And Please...Subscribe to our YouTube Channel.
  • Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
  • Submit Your Questions Direct and Find out more www.CyberCrimeJunkies.com
  • Stay up-to-date on Cybersecurity with VIGILANCE Newsletter.
• Want Gear? We love our Small Business Sponsor, BlushingIntrovert.com. has it all. Women’s clothing, cool accessories supporting Mental Health Research. https://blushingintrovert.com

Transcript

Brett Johnson Interview. Cyber Crime Junkies.

Video episode: https://youtu.be/g-e3WSRsDq0

U.S. Secret Service called him the Original Cyber Crime Godfather. Now the infamous Good Guy will address top security tips we all want to know in our new Exclusive Brett Johnson interview. 

 

Brett joins Cyber Crime Junkies to discuss:  effective ways to protect people from cyber crime, latest tik tok ban, effective ways to protect business from cyber crime, best ways to protect business from cyber crime, how can we spot fraud in business, top security tips we all want to know, top ways to prevent account take overs, top ways to prevent facilitated fraud, top lessons from joe sulllivan, lessons learned by joe sulllivan charges, fraud found in fintechs, financial cybercrime.

[00:00:00] Wow.

It's always in the news. Cyber criminals attacking great organizations wreaking havoc on the trust of their brand. We socialized cybersecurity for you to raise awareness. Interviewing leaders who built and protect great brands. We help talented people enter into this incredible field and we share our research and blockbuster true cyber crime stories.

This is Cyber Crime junkies, and now the show.

All right, well welcome everybody to Cyber Crime Junkies and the Brett Brett Johnson interview. We are really, really honored to have Brett Johnson join us. I will tell you [00:01:00] that every time we speak, we always learn something from 'em. And more than that, it's always entertaining. So right before we started, and in the studio, as always, is my fantabulous always positive co-host, and those are insincere things to say to coworkers from my insincere things to say to Coworkers app that I have.

Mark Musher. Mark, how are you? Hey, hey. You know, I get excited about all our special guests, but I am amped up today to have, you know, did you ever have like a really cool uncle that he's probably gonna teach you how to do something that's gonna get you in trouble? That's yes, I did. You did. I know you literally did.

And we'll talk about that. Man, I'm so pumped up it, I don't hold it against him that he went to that little brother university down the street from mine, the, the second best university in the state of Kentucky. And I like that he wore his hat just to remind me of the fact, oh my, David, let's kick this off.

I can't believe it. So, Brett, welcome sir. Thank you so much for joining. Thank you. [00:02:00] Thank you. You know, I was, you've got that intro. That intro is magnificent. Me, my intro for my show, I just scream at the screen. That's it. Now we, it's fun. Like, just, it's just fun. You know what I mean? I know, I know. So you were talk, we, before you pressed, you know, the streaming button before you went live, we were checking on Bucky.

We were talking about Buckys. We were, and if, and for those in the, in Ohio, Michigan North, like you might not know what Buckys is because I certainly did it until I actually saw. Post from you talking about it. Yep. And I was like, what the heck? It is like, it's a gas station, but it's like almost like a hotel.

It's got like everything. It's got like, it's like a shopping mall. It has, it's a gas station with hundreds and hundreds and hundreds of aisles. But the food there, you walk in and they like are wheeling in fresh [00:03:00] brisket, cutting it fresh for people. Yep. Like they, they have breakfast sandwiches that are like that big.

It was, they have clothing that was like nice. It was like walking into a, like a target. It was see weird. It was like the, the cool it was, it was the f such a good experience that we hit everyone on our road trip. We kept going. We're like, well that one's 45 minutes out of our way, but we're going, let's take that, so let's go.

They may have something different.

It is, it is one of those, like only in America, but you don't like shake your head. You're like, yeah, only in America. That's true. True. We actually do this. Right. Would a gas station be a destination on your vacation? Yeah. Well, I take the last, so, so now outside of Birmingham, we have one. So I, and I've visited frequently, but before that they were just in Texas.

And so every trip I took to Texas, I would, I would find on the map where the [00:04:00] closest Bucky's was. Absolutely. So I, I remember I was in I was in like Austin or someplace like that, and I drove an hour and a half out of my way to go to Bucky's. So I was committed and I, this probably should be, I have like a hundred gas pumps at this place since Yes, they do.

It's magnificent. It's, and they don't allow truckers on there. I have nothing against truckers, but that speaks highly of the Bucky's environment. Well, what I was shocked is, and Bucky's, by the way, Bucky's go to a Bucky's near you and they're not a sponsor, but if they're interested, welcome and call uss.

Exactly. Call us, because I am telling you, I, I can't say enough about it. They were so many people in this place, and they, and there was a massive line. You get your food, you get your whatever stuff you need, like a lawn chair, like clothing. It is true. Like utility, knives, whatever you need, you go and you get, and then there's a [00:05:00] long line and literally it just keeps moving.

Like, you don't stand still, you just nope. Move along. They were perfectly. Gracious, super helpful. And it, we were in line for like less than a minute the whole time. Like, see, I couldn't it, they did it. Right. It was amazing. That's great. So Mr. Johnson, you are, you are back on YouTube. We are great to see. Yes, yes.

Last time I'm back on YouTube, I'm hoping that I'm able to stay on YouTube this time without getting banned again. Again. I'm confident you will. I hope so. I hope so. You know, I did a three hour episode just the other day. I don't know if you, you caught that or not. I saw the writeup for it, but I have a job in a family and I, I don't even watch my own, like, we didn't watch ours anyways.

We didn't watch ours. I don't content either. I did the weird thing was, is the night before I recorded an episode and I dumped the entire thing because I thought it was too long. Oh, right. It came in at 90 minutes. Oh. So yeah. [00:06:00] Yeah. Then I record the three hour thing, but the three hour one, what, what was your topic there?

Because we, we will have links to your channel in our, in our show notes when, when we release this as a, as a formal episode. We're doing it live now, obviously. So, so my problem is, is right now I've got a boat load of, I'm not sure if you could call it apathy, but just disappointment. Okay. In the cyber industry.

So this last episode was when the good guys suck, part two and the good case when, for those that were listening,

see, that's why I like you so much. You gotta, if you gotta play with toys, you gotta let us play with toys, powerful toys. It's not Now when and if not us, who exactly would say, that's all I'm gonna say. But you know, the, the show was about how these FinTech companies, blue Acorn Wombly money Lion had helped facilitate [00:07:00] pandemic fraud.

So, so Blue Acorn, really bad. And come to find out, I've got an insider, I've got several insiders, but this insider had delivered unto me about 800 pages of documents having to do with these fintechs. And many of these documents are clearly stamped, confidential on them. So I could not really talk about a lot of that, but but when you get that information, cuz back in the days when I was in involved in like investigations right?

And stuff like that. You get that stuff, you're like, holy god, that's like a movie. Like I was telling Mark one where I had inside information on a, an amusement park that had like, had notice of molested kids and all this and they were burying it cause they didn't want the press. And the cops were mad. At the local [00:08:00] amusement park cuz their cops wouldn't turn it over to the actual trained police so that they could actually help the families.

Right, sure. And they got a hold of this and, and they made sure, like people could find out and like, they would literally meet me in like the garage of a parking lot. Right. And literally walk from behind a car. I'm like, am I gonna get shot? This is like a movie. Like, I wanted somebody to be filming me at the time because like 15 years later, 20 years later, nobody would believe me if I told 'em that.

But I'm telling you this happened and, and they like literally put it underneath my thing and like walked away. Absolutely. They put it underneath my arm and like walked away and I'm like, You guys really watched too many movies. You could have just, you could have scanned it and emailed it to me. You could have, you could have posted on Dropbox and let me know.

Like there's a whole bunch of ways you could have given this to me, but you wanted to make this like scene. But I got so I'll you the worst to talk about. I got something to [00:09:00] talk about. I'll tell you the worst bit about these documents. All right, so these documents, my, my contact, he is, he's the he's the guy that really blew the horn on Blue Acorn and Waffley.

All right? Mm-hmm. So he's, he's, he's vested into this, but where he got the documents, he got the documents off of the House committee's website because they uploaded, oh yeah. They uploaded 800 pages of attorney-client privileged documents before they realized, oh, we shouldn't upload these. So then they took them down, but not before at least he, at least he downloaded the things.

Wow. That's what we're dealing with. So I was, you know, he tells me where they came from. I'm like, Well, hell, I, I'll just go ahead and start talking about it and then he contacts me cuz I mentioned it on part one of when the Good Guys sucked that I, I was gonna talk about this stuff and he gets up with me.

He was like, Hey, Manam, I would appreciate it if you didn't, you know, show these documents on the screen because we're trying to put people in prison. And [00:10:00] I'm like, oh, gotcha. You understand completely. Oh, absolutely. Oh, it's that serious. It's that serious. Yeah. And it's one of the things where like, but, but if, if it's up there, you wanna be, you like the public can access it.

Right. Right. They were, it was so why wouldn't you talk about it on screen? It's up there. That's, that's what I thought. And so then what happened was, and the reason I did the show and I cut out, so I didn't show any of the confidential documents at all. Mm-hmm. Showed the stuff that was not marked confidential, which there was only like 15 or 20 pages total in that.

But what happened was, A criminal, one of these pandemic fraudsters on Telegram. He listened to part one of the show of the, of the series, and he contacts me. He's like, Hey man, I wanna have a talk with you. So we got on the phone, we're talking, he's telling me about all this pandemic fraud and how it was happening and these comp, these specific companies.

And I'm like, well, hell, I've got to do a show on this. Yeah. So, so that's what the second part was, was [00:11:00] a recap of the interview with him, why and how pandemic fraud had occurred, and then how these FinTech companies had helped facilitate that fraud. So it comes out, you know, three hours long and I'm like, okay, it is what it is.

Yeah, that makes sense then. Yeah, that makes sense. It does. Wow. So, and, and for those who. I don't know why they wouldn't know who the hell you are, but for those who or you or Mark. That's right. That's right. Yeah. For those who don't know, I could understand not knowing who we are. That's okay. But if, if you don't know, Brett Johnson is the us.

This US Secret Service had called him the original cybercrime godfather. Now he's an infamous good guy and he addresses top security tips. We all wanna know has the Brett Johnson show and works for security company offering security services cybersecurity service layers and as a consultant is a [00:12:00] world renowned public speaker on the topic.

A lot of help on fraud scams, romance scams, right. And really understands how it is. Also an insider that helped us with our theories on the Jerry Cotton case, which was really useful. That was a good cause. That was that. I'm still waiting. I know. I'm gonna bump into that guy, so, yeah. Yeah. When he is behind bars, hopefully.

Yeah. Well, I hope I don't bump into him now. Maybe I'll see him online is what you meant. There you go. Exactly. I hope I'm not like, so Jerry, they got us, man. Like they got us. Can't believe it. They found my, didn't believe it. Finally caught up your cookie from the commissary, Jerry. Yeah. Yeah. So, so, you know, my thing is I've had, I've got apathy, disappointment in the industry because Yeah.

It's disappointing. It's frustrating. It, it's, my issue is, is, you know, we've got, like, you know, I did a show on where the s e C or the FTC and the state of Florida have filed complaints [00:13:00] against chargebacks in nine 11, right. For. Illegal activities. Mm-hmm. So no one else in the industry is talking about that they're keeping No, it's almost like the fraud part isn't talked about in cybersecurity.

Right. And what frustrates me about that, and I just did a, you know, we also talked to like John DeMaio and analyst one who, who does like undercover things and I'm like, do they not under, like, cybersecurity is the protection from cyber crime, right? That's what it is. Right? Like, why do you not talk about the online scams, the romance scams, all of those are forms of social engineering, right?

All those are forms of fraud. The the pig butcher. Attacks, like all of these fraud scams right? Are all elements of social engineering, right. For monetary gain. They're all violate certain laws depending on where you apply it, where it occurs. Mm-hmm. It's the same thing. Why does [00:14:00] ransomware get more pressed than this?

Exactly. I don't get it. I don't, I don't get it. No, I don't, I don't, I don't understand it. I don't get it. I don't know why. You know, we've got, we've got professionals in the industry who who won't speak out against, you know, members of their team. We, we've got all these issues that are going on.

We've got a cybersecurity industry that is lacking. Let's, let's just say it like that. I did a, i, I put a post out yesterday that was talking about some of these issues of you know, if your entire company is based on the idea of providing security, that is simply depending on criminals to be stupid.

There's something wrong with you at that point. I saw that post I just saw, you know, it's a little while ago actually. Yep. And I, I don't, I don't get it. I don't, I really don't. Right. So I've got, I've got a lot of apathy and I keep saying to myself, not today, Satan. It's today, Satan. Not today. Not today. Not [00:15:00] today, Satan.

No, I like it, but we're not, I like it. So, okay, so I agree with you and, and some of it has to do with what are the rules, right? Like what are the frigging rules? Like the more, the deeper my studies and research and experiences have been with clients and client questions, clients are asking us like, okay, well we should go by the NIST standards.

Well, no, we should go by the CIS standards, right? Well, no, CI's got this and then this. And I'm like, yeah, that's the problem. That's the problem. Like there isn't like a set of like one single set of rules. Then we've got the administration who came out with the US cyber strategy 10 years too late and they, they came out with it.

But it's, it's good. It's good. Like, I liked the words. It's good. Said I liked it. Like, I was like, so we're gonna actually get proactive. We're gonna do a little No, that doesn't mean we're gonna do that. Wrote it. Yeah. I mean, I liked it [00:16:00] put on paper though, but now, but all it is is it's, I used to have a professor that used to say, if you don't act on it, it's just so much parchment when he was talking about the constitution.

Right, right. Like it's just so much parchment and, and it's true. Like those are great words. But it's just so much parchment, meaning it's just words on paper or digital paper. That's it. It means nothing other than we really wanna do something. This is bad. Ah. And then nothing happens. I mean, but that's, that's the thing, right?

I mean, it's we're in an industry where a lot of words are spoken. Mm-hmm. And then we're also in an industry where there's a lot of silence when words need to be spoken. Yep. Ooh, that's, that's the issues. Yeah. Yeah. Right. Yeah. And, and you know, like You take crypto, for example. Well, that, and that was, I, I've got a couple things I wanted to, to go over with you and tell, tell me what you think about this.

Let's talk about Crypto Joe Sullivan. Okay. I wanna get your take on TikTok. I want to get your, and I wanna [00:17:00] talk about FinTech, like facilitating crime, but that gets into that, that gets into the crypto thing too, so. Sure, sure. And we should probably touch upon ideology. I'm traveling to Sweden next week mm-hmm.

To give a presentation on ideology and how it's influencing those cash-based attackers. Oh, let's start there. Wow. We start there. Let's start there because let, let me, let me preface this. So I was talking with somebody over in Europe. Mm-hmm. One of my, one of my security buddies over there. And he was saying, he's like, we still don't understand you Americans.

And I'm like, what do you, what do you mean? I go, I know, I'm What level? About like a long list. Which part? This is gonna be like a four hour conversation, man. Right. And he goes, he goes, well, no, he's like, We take our data, our personal data is like a fundamental human right? Right. Yeah. We protect it. It's why we came out with like, you know, the, the, the, the, the, the, the, the standards, the rules.

And there's, there's [00:18:00] consequences when it's violated and they really care about it. And then Americans are like, we're just throwing stuff up. We're curating our lives. And if somebody takes it and sells it, ah, we don't care my passwords, except I don't care. My passwords, my dog, by the way, my dog is spot and here's a bunch of pictures on it.

And I love spot, by the way. I use them as my password. Right? I'll put that on Facebook. They won't look. It's like, what? Like they don't, I don't understand it. And, and I couldn't have agreed more. And I, I almost think it's because is it, or I, here, my question to you is, cuz you've traveled all over the world.

Mm-hmm. Is it because we're too geocentric. We know the areas around Ohio. We know the areas around Alabama, in Louisiana and, and, and Louisville. I mean, mark might know most of Kentucky probably hasn't been on the East. I haven't been outta Louisville. But, [00:19:00] but, but we know that, but we don't know Jack about other countries or provinces there or whatever.

People are like, where's Portugal? Like, Americans don't even know. Like in general, we don't know that much about other parts of the world. And is that part of the problem you read any Tim Ferris? A little half. Okay. So Tim Ferris wrote a book called The Four Hour Body, alright? Mm-hmm. Which is his exercise program.

It's a fantastic book. In the book I. He, he talks about this thing called the Bike shed Effect, alright, which basically says, you know, you're building a shed in your back, in your backyard to house your bikes. And everyone has an input about it because, hey, everyone owns a bicycle. Everyone has a backyard.

Everyone kind of needs something like that. All right? Right. If you think about it, the Internet's no different. Everyone thinks that they're an expert on the internet, all right? Mm-hmm. And everyone, especially in the United States, they really [00:20:00] think they're experts. No one knows more than an American about politics, about the internet, about privacy, about safety, everything else.

But you add into it the degree, and we've, I, I just mentioned my own apathy, but I think Americans are very apathetic when it comes to cybersecurity. We hear every single day about some new breach that's happened, about some new attack that's happened, about how. TikTok is, is stealing all of our data and handing it over to the Chinese government.

We hear this every single day to where it become it. It almost gets to this point where we're deadened by it. And I think, and that's really the reason that the number one victimized demographic is not senior citizens, but it's millennials. Those millennials have heard about this their entire lives.

They've grown up in that tech environment, and now they're kind of desensitized to it. They're apathetic and they simply don't care. So, Luke, can we pause for a second? I don't sure. I don't mean to to cut you off, but the number one demographic [00:21:00] that is affected by cybersecurity breaches and, and, and frauds are actually millennials, not millennials, elderly right now.

Second is, is the elderly, is senior citizens. Right. Makes sense. Make them in number two, but the number one by far. Is millennials. Wow. Because of that apathy, because they've been raised in that. They've been desensitized, right? To those breaches. They've been told, if you think about it, all these security companies, mass media, what do we hear?

It's hackers. It's computer geniuses. They're ghosts in the system. You'll never catch them. They're untouchable. They're unstoppable. Because of that, you get to the point where, okay, well hell, I'll just adopt that degree of fatalism. Whatever's going to happen with my data is going to happen with my data, and they let it go.

All right? And that means they're the most victimized demographic across the board. That makes sense. So consider that, but also consider that in the United States we've had this, you know, [00:22:00] carrot thing that's going on. We, we dangle a carrot in front of someone. Hey, you want this free app? Let us have your location data, right?

Share this with us. So we, we've, we've trained. People in the United States to give up their privacy. To give up their data for trinkets. Exactly. I think that's a lot of the problem. And the, and over in the eu, the uk, you're absolutely right. They respect their privacy. It means something. There's a reason that that, and I, I despise Edward Snowden.

I can't stand the guy. Mm-hmm. But there's a reason that when he, when he tells on everybody, you know, they're stealing their data, they're using it against us, everything else. And he was right. Mm-hmm. That nobody really cared. Right. That's a great point, Brett, because nobody did. Right. Like nobody cared. So yeah.

Where, what's the problem? But over there they do, their privacy is almo. They take it personal, right? Like That's right. It's personal to them. That data is personal. You can have my location data. Just let me have [00:23:00] three more attempts at Candy Crush and I'm good to go. Yep. That's what, yeah, because, because no app is really free, right?

Like Yep. They, it, it costs a lot of money. The cloud hosting for that, the designer, the coding, the modifications, the updates, like none of that stuff's free. They're getting money off of you anyway. And Exactly. Most people just don't care and they just click accept all cookies cuz it's okay. Right. We, as we as Americans, we've never been taught the value Right.

Of our information. You know, even Mark Zuckerberg when he's in college and he's creating Facebook and, and am I allowed to use colorful language here or not? Yeah, absolutely. We'll just Mark, what does Mark accordingly, I'm sorry. So, so Martin Zuckerberg, what he says was, is he says that all the people that are signing on to Facebook are fucking idiots.

Right, because they give up all their information, all their data for what to use this app. And that's the value of the app. And they voluntarily curate their lives. They voluntarily give him all the content he knows. And I'll give you [00:24:00] everything. Everything. What, what high school I went to, what street I grew up on, what my pet's name is.

I'll, I'll tell you everything. So, so in the United States, we've never, we've never been educated to what the value of that is. And because of that, and, and there's so much value from targeted ads, right, right. To misinformation. I mean, part of the problem is, is if you're in a certain part of the United States and you're in a different part of the United States, when news is released and stories are told, you're hearing different stories of it, right?

You are actually being fed different lines in different stories. Like it's not the same. You know, you're in a, you, you, you have aligned yourself to the far left. Mm-hmm. You're getting far left feeding confirmation bias, fed news releases and, and, and blogs about it and all of those things. And then in your other side of the spectrum, you're getting [00:25:00] fed that.

And so it's, and, and think about that. I mean, really let that sink in. Yeah. I, I, I, I do, I watch, I, I wake up every morning. I watch Fox News, I watch cnn so I can start my day off. Pissed off. I was telling Mark, I go, I, he goes, what are you watching that I'm not gonna say which one, but what are you watching that one from?

He's like, that one doesn't sound like you. I go, I always watch both sides. I'm trying to get to the truth because, and the truth is, can't get. There's, there's somewhere in the middle, there's truth. It's gonna be somewhere in the middle. Like it's not, there's no truth at all. Neither one is telling us everything.

Right? No, no. So it, it becomes that idea of, okay, where do you find if you're really, if you're looking for truth, where do you find that? In today's world, and I'm not sure you can Right. You know, Fox, it's much matter. It's much parter than people think. Yeah. So, so Newsmax Fox, cnn, msnbc, whatever, they've, they've got their own agendas.

Mm-hmm. And when you tune into [00:26:00] those platforms, you see completely different shows and completely different topics that are discussed. Now, I'll grant you there are, and I made the mistake cuz I, I was of, I was getting of the opinion that okay, there's no real journalists out there. There are some real journalists that are out there right now.

They're absolutely not. I'm convinced there are. Yeah, right. There are. But are they on the major platforms? That's something that I'm not seeing at all. I'm really not. I'm seeing editorial, slants and contents. And that's the only thing that's out there. And, and because of that, you, you add this in with, I, I really believe that the American people on some level, I think that some of 'em consciously understand that, but I think on a much deeper subconscious level that they understand that as well.

That yeah, that's a lot of the apathy. That's a lot of this you know, this, this, this, this thing that's fomenting within the United States society of, of this discontent. And I really think we're seeing a lot of that discontent, massive [00:27:00] polarization, right? Yeah. Yeah. I mean, I, I was at an event and I heard like two people on both sides of the aisles, so to speak, kind of debating.

And I just remember, I just sat there listening and one was like, Well, this shows that the Biden administration has implemented this brilliant plan, and it stemmed from this event that really was due to what Obama had done. And the other side was saying, well, actually, they aired in doing this because it was put in place because of what Trump had done.

And it kind of stopped 'em both. And I said, would you both agree that this happened? And they're like, well, yeah, that happened. And I go, okay, so both of you ground said this happened cause of him, and this happened because you're just extrapolating subjectively giving your guy credit through confirmation bias, whichever one you want.

Right. But I think you guys can both agree this happened, right? This, and, and this happened is good. Right? And they were like, yeah. I go, all right, so you found some common ground. Okay, go. I just [00:28:00] sat back, you know, with me, I, I'm of the opinion, I, I've been of this opinion for a few years that, that everything is interconnected.

So, you know, we do cyber. Okay. Fair enough. That's, that's our industry. We do cyber, but every single thing has this connection and it has an, it has an effect on our industry. So you, you take all this disconnect, the, the polarization, everything that's going on. I think that what we're seeing in, at least in the industry that I, that we're in, I think what we're seeing is the failure of people to speak up and speak out.

The failure of, of implementing proper security, of, of taking that extra step, like, you know, like financial institutions of taking that extra step to protect consumers. I think it, it boils down to people scared of losing their own slice of the pie. Yeah. You know, we, we've got our own little corner. We have to protect that.

If we come out and say anything, we may lose a contract, a job, a client, some, some degree of profit, right? So they keep their mouth shut [00:29:00] in the hopes that nothing will disrupt their own little corner of the universe. Yep. It's, it's a loss aversion Yeah. Loss of version Yep. Is more persuasive for behavior than gaining anything or saving money on something.

Right. Right. And you know, it's aver. The thing is, is that, you know, prison taught me a lot of stuff. Mm-hmm. It did. Mm-hmm. Mm-hmm. And one of the, one of the big takeaways, and you hear guys in inside say this all the time, if you don't stand for something, you will fall for, for anything. Yep. Yep. And there's lot of, that's, that's a great John Cougar Mellencamp.

Song two. There you go. There you go. That's true though. It's true. Hey, so let me get your take on real quick, and we won't belabor at this point, but on TikTok, I mean, you know, Montana banned them yesterday. Montana banned TikTok. How many people are in Montana? No dancing in Montana today. Right, right. No dancing in Montana.

Can't [00:30:00] share, you can't share your dance moves That's right. In the Montana today. And that's not true. You just can't, you just can't curate your lives while dancing on a, on a platform that has ties to the Chinese government. Well, I, I tell you, I've, I've, I've still got my TikTok installed on my phone.

Mm-hmm. I do. And I am a t you know, that algorithm is outstanding. You guys know I have spoken about this. You know, it, I, I flipped through my talk and I'll, something will catch my eye. Typically it's something that jiggles and I don't want to stay on it and, and my eyes avert to that thing, that jiggles and then the algorithm recognizes that it knows exactly what you're doing.

It does. The algorithm recognizes that and delivers unto me more things that jiggle, right. What's funny about, what's funny about this scenario is the communist regime in China is probably more worried that you've got their app than you should be. That you've got their app. [00:31:00] Brett's got us on his phone, so look, you know I, I flip on that a lot.

I do think that the Restrict Act is overreaching and it's designed for a hell of a lot more than just getting rid of TikTok. Yeah. It's a, it's very similar to the Patriot. There's a lot of, there's a lot of analogies to the Patriot Act post nine 11. Right. Right. Now, do I think that TikTok has been handing over to the Chinese government US data?

Absolutely. I think that mm-hmm. I, I also think that TikTok is, is capable with that Texas initiative of locking down the data and not delivering that data to the Chinese government. If they're allowed to do that, if they're, you know, if they, if they actually implement the Texas initiative as they say, they're gonna implement Yeah.

Okay. Which is questionable. I'm, and that's okay. I'm, I'm with you up until that point. I, I personally don't think that that's gonna necessarily change anything, but that doesn't really matter. It doesn't, that doesn't matter. Doesn't [00:32:00] matter. You know, I mean, it's, it's really, and, and. And in the same sense too, there's still, like the, the selling of data is, is going on with Instagram and Facebook, everything else anyway.

And that's the next, right. And that's really the, that's really a different issue. Now here, I think one of the concerns from what I've talked to for people in federal law enforcement is, well, what you don't understand are the bigger plays that aren't in the public. And that is, you know, they make a move on Taiwan distributing and limiting and censoring what the what us because there's a whole group of people that live almost exclusively on TikTok.

Right. And that's basically where they're getting their news. Right. And China knows that. And so they're like, we can disseminate. Propaganda that way. And so their, their concern is that, but no, I understand. I understand. And I think it's a valid concern because we've seen that bullshit before. Right. With Cambridge [00:33:00] analytical in influencing things.

We know what happens. Right. All right. But you know, the thing is, is that, and I, Hey, I agree with you. China attacks Taiwan, we're gonna see a lot of Pro-China stuff hitting TikTok. There's no doubt about it. All right. No, I don't doubt that for a second. But the thing is, is that all these other platforms have been guilty of the exact same stuff.

Well, yeah. And they're not being looked at at all. No, and that's a bigger, and, and to me, what I almost, that that whole congressional hearing, you know, there were a couple zingers in there, there, there was some good, there was some good questions. There were some good and there was some really, yeah, there was some embarrassing parts that, that were like cringe worthy.

And you're like, wow. Can't believe you can't believe you're in Congress. Access the wifi. Yeah. Can't, can't believe you're in Congress. Like, who is elected? These guys like, did I vote for that guy? I'm looking. I'm like, holy [00:34:00] cow. I hope I didn't like that one. Dude was as bad as that one. S o b back a few years ago, who was worried about Guam tipping over Yes.

Two. It was, it was the same guy. It's the same guy. There you go. I remember that. I remember that. Yeah. So that, that, that was bad. And, and really what, while, while the points made, Were arguably valid against TikTok, and the answers given were purely like they, they weren't answers, he didn't answer anything.

Right. And I'm like, that is a good lawyer who got to him. Right? Like, that was well, well played. The other thing was though, is the elephant in the room to me, that nobody was addressing is why don't we have a set of regulations or rules about the problem, right? Like, like Instagram, like all, all these other places are still able to do what TikTok is doing right now, that you guys are flying them on.

And, and the reason why is, why is that [00:35:00] you've got an outstanding algorithm with TikTok. Mm-hmm. It, it's so damn good that no other social media platform can touch it. Right. It's that good. And because of that, you've got all these US platforms that are raising hell about TikTok. We've gotta get rid of TikTok because TikTok is drinking their milkshake, taking all their advertising dollars.

Yeah. That's the issue. Yeah. So nobody, Hey, don't look at us. Look at the Chinese. Look at now, I grant you. It's valid. Look at it because it's a problem. But if you're gonna look at it, but there's a bigger problem. There is the point, right? It's not the only problem. Only problem. No. And nobody wants to talk about that.

Nobody wants to talk about how Facebook, they influence the hell out of things. Just look at Cambridge Analytica, look at what Instagram's doing. Look at you're, you're talking about the danger to kids on TikTok. Did you forget about Instagram? Right. Did you forget about Snapchat? Right. Did that just [00:36:00] conveniently leave the memory?

Because those have been problems for a while. Yeah. Oh yeah. And the, and the, the algorithm, you know, social science neuroscience has shown the, the, the addiction piece that, that it taps into the dopamine levels of the brain and then the body morphism for young females that are going, like, growing up.

And they, they, they feel they're, they're too fat. And you look at 'em, they're like a stick. And you're like, holy cow, what are you doing to yourself? And it's, it's from this social media. It's from this, it is this, this, this whole thing that needs some protections. I mean, if you, if you really want to know.

How your children are being raised. Hell get on TikTok, get on Instagram and just see exactly some of these feeds that were going on beyond the apps. I mean, yeah, we had somebody that, that is part of several congressional committees on it, and they're affiliated with Bark that has that like design that lets you know when your kids [00:37:00] text and Right.

And have things about suicidal ideation and all that stuff. And they, they were just saying, you, you wanna know, you're never gonna know by, you have to have conversations with your kids, but you have to be on the apps. Right. You actually have to see what they're seeing. And so, so my be shocking. It's shocking.

So you don't, my question is, okay, so you're, you're gonna, you're gonna complain about TikTok. That's fine. Why isn't Congress complaining about these other things? Again, I think it boils down to profit. I was gonna say follow the money and usually we can follow the answers. The money always takes you to the answer.

Right. Or the. Well, and think about, I mean, think about like, we could take that a step further, follow the money, and you can find what's one of the best of all the verticals of all the industries in the United States. What's the one that really takes cybersecurity seriously? Predominantly, predominantly it's the finance industry.

Right? Right, right. Like they're the ones that have to, they, the banks have to have certain things, certain services, certain layers of security. They have [00:38:00] to, in order to be in existence, you have to do this, and yet other industries don't. And it's like, well, I mean, That's part of the problem. I mean, TikTok is not really an issue in the banking industry.

Right. You know, you're not getting, you don't have like Facebook and TikTok on your com company computer at working at JP Morgan or like working, you know what I mean? Like, you, you don't have that, like, it's not an option there because it's all regulated. But you can, at a hospital, you can, at some of these facilities in schools, you can.

Right. Like, you're like, oh my gosh. It's, it's, it's, it's definitely, definitely a challenge. So circling back, let's talk about the finance industry and FinTech, because when we talk about FinTech and crypto I mean, it's a haven and we've known it for a long time. It's a haven for cyber crime. Well, you know, the two favorite words of any cyber criminal, finn and tech.

Yeah. Right. I mean, that's, that's perfect in [00:39:00] in tech. It's true in tech because, yeah. And why is that? Tell us, tell, tell, tell us why that is. So, so my, my theory on this, and it starts when I really, you know, started to work as a good guy. I was at Microsoft and we were going through SOX five proxies, alright?

Mm-hmm. And there was this engineer that was there that was arguing with me, I was showing him how the Sox fives were, were working and we were going through Lux Sox is what we were going through. And Lux Sox was taking cloud-based ips and making them look like residential was how lux socks was actually working at the time.

A very impressive, very good setup. And until Lux socks finally shut down and they shut down voluntarily about four years later, they were the number one proxy provider among criminals. But this, this engineer was arguing with me and he was saying, you know, we can see this, we can see this, this, this is stuff that we can [00:40:00] flag.

And he argued with me for about 20 minutes until finally I looked at the guy and I was like, you know, yeah, I grant you, you can see it, but are you actually looking for that? And he gets quiet and he was like, well, no, we're not. And I was like, so then it doesn't matter if you're getting the data, if you don't look at the damn stuff, does it?

And he was like, he gets quiet at that point. Now, the reason I tell you that story is typically in FinTech, you've got a bunch of engineers that are on the cutting edge of designing products that benefit users. And there's no, they're never really looking at how those products and services can be used to commit fraud.

It gets even worse than that though. Typically, the fraud team is told to shut the hell up. We don't want to hear your negative comments as they're developing these products. So you've got a cutting edge type of system [00:41:00] that's meant to make people's lives better, transfer money quicker, be very profitable.

That's never really considered on how fraudsters could use that. All right. Meanwhile, you've got, for traditional financial institutions, you've got people that understand that, hey, money laundering is big. Right? Criminals. Criminals. At the end of the day. Yeah, there's, there's regulations, there's rules, there's processes built in place, right?

Right. For money laundering and for fraud scams and things like that, right? And you don't have that. You don't have that degree of knowledge, understanding, or even caring on the FinTech side. Now, that's not to say that all fintechs are like that. They're not. But there's enough out there that criminals know that, hey, These, these new products and services, basically we can eat 'em alive.

Right. And they do constantly, of course, with crypto, crypto's a big one, right? Because well, you're not gonna pay for your stolen credit card data. [00:42:00] You're not gonna buy your Fentanyl with cash. So you need something online to pay for that one. Dan, buy and let me be a, let me be a hacker here. Can't buy ransomware with cash or credit cards.

That's right. You need to use, you need to use cryptocurrency. That's right. That's right. So what, so what are some of the most prevalent scams that you've been talking about or you've been exploring that are, are involved in FinTech? Recently, I mean so I was on, I think his show was out now, so I can, I can talk about it.

Eric Hunley, he has a, a very successful podcast. He got hit with a crypto scam about Oh yeah, just a few weeks ago. He contacted me. I I've been trying to help the man. Was it through like a sim swap or they got the keys to his wallet? No. Or how did it happen? It, it was through an Instagram.

What, what? So a, so [00:43:00] a, so someone, an attacker creates a very like Instagram account to a friend of his Okay. Sends him a message. And it was really, I think it was only like a, a period on the end of the account name was the difference on that, and convinces Eric to start sending money over. And Eric doesn't notice it until a few thousand dollars or is sent over at that point in time.

So, so Eric gets up with me and he is like, Hey, you know, do you know anyone? I was like, yeah, man. I said, I, I, I've got people, I've got friends in the fbi. I'm, I've, I know Aaron West, you know, Hey, I'll connect you. We'll see what we can do. Because he was still on the line with these people. The, the, the crypto was being sent to wallets where it could be recovered, where it could be locked down, you know, major exchange wallets.

So you would think something would happen, right. He contacts the Norfolk fbi, they tell him to file an IC three complaint, [00:44:00] which is useless. Oh, I saw your posts on this. You, you saw my post on that. I saw this Cuz you were talking about, it was like happening right in real time. You're like, right. Can anybody, does anybody know anybody over there?

Because all we got was go file a form. Right? Right. And the, and you're like, well, we did that. Nobody's called. Now here's the thing. Now I see three. It used to be pretty useless. It still is if you're a low dollar person, because they triage every Right. Report report that comes in. Of course. Right. So if it's, you know, a hundred thousand dollars, oh yeah.

They're gonna act on that quickly. If it's $5,000, you are not front in line. Well, and part of it is just a matter of resources, right. That like, it's not, we don't have 10,000 FBI agents like sitting there waiting with another one's coming in. Let's go all, all 10 of us. You're right. Let's jump on this one.

We don't, they don't, they don't have, so to give you an idea, you've got 37,000 FBI agents, only about 200 of them Right. Are cyber crime. Exactly. So you don't have That's not a lot. [00:45:00] It's not a lot. That is not a lot. It's not. And, and that's one of these, these things that I, I, I, I'm really having problems with right now is, is, you know, you've got somebody that, like Eric, he's lost several thousand dollars, not a hundred thousand, not, not the triage amount that gets action immediately.

But you've lost some money. It's, it is, it's money to him, you knows not Oh, it's significant. Yeah. Right. Like it's a significant amount and the the money could be, could be clawed back. Right. But because we don't have the proper resources, he's lost his money. Oh, man. You more people than that in shadow crew.

Right, right. That's one crew. And that, that was the start of it. We had 4,000 people. That's good. Now you've got, you've got these, these criminal communities that are millions of members of large. Right. Meanwhile, you've got 200 FBI agents. I know. I don't know. And they do good work. Like they do outstanding work.

They do. Like there's no, [00:46:00] like, we just need more of you. Right. You know what I mean? And, and make no mistake, they do outstanding work. Yeah. They truly do. But it's, but there's just not enough enough. Yeah. No, it's exactly right. So, you know, the, we were talking about FinTech, you know, the problem is, is that, that a lot of these FinTech companies, they are in a rush to put out a product.

Yep. And make the money back. They've got VCs, you know, on their hills, everything else. So they don't work every quarter, every month. They've gotta show returns. Right. And they've gotta show members. So you take something like, so, so Hindenberg put out a research report on Cash App. Mm-hmm. Talking about how Cash App helps to facilitate fraud.

And they're talking about, Hey, 40% of all Cash app accounts are fraudulent. Mm-hmm. Think about that 40%, but still, and Mosher's only like 10% of that. I'm just, I'm just one fraudulent account. Come on. But you know, when you're talking about money coming in for [00:47:00] investing, you're not, you're not really, you know, separating the fraudulent accounts from the legitimate accounts.

You're just saying, Hey, we've got several million accounts and that helps you at your bottom dollar at the end of the day. So I, I, to me it, you know, it's still boiling it down to that profit. It's still boiling down to people just not doing it. Like I, in my show saying, just do the right damn thing. And people are simply not doing that.

We know criminals don't do that, that they stay in their lane. But the people who are, who are choosing, they've, they've chosen a, a life of doing the right thing. You know, these fraud professionals, every, everyone else, they, they've chosen that career. That means, that dictates that you're supposed to be securing things for other people and you're not doing that.

And I, I'm having a lot of problems with that. You know, I'm, I'm this teetotaler now, I'm this recovering alcoholic, this recovering criminal that much like [00:48:00] that recovering alcoholic. I, I'm, I'm, I don't see things these days as gray area anymore. I see it as black and white. Well, you're, you're attuned to it.

You're like, I, I can see both sides and I'm looking at it about what is objectively the correct action here and why is it not happening? So I've got, you know, I've got, I've got issues with that. Mm-hmm. Guys, I really do. And makes sense. You know, it bugs me. It bugs me to no end. So what I'm raising it about it, before we move on to our, our last subject, Joe Sullivan, which is always an entertaining topic.

Tell me about like, what can people do to protect themselves from FinTech facilitated fraud. Right. So, I mean, Here's the thing, and, and let me pull this up since, since you asked that question, right? There's a difference between, and you bring your buddy with you. Like, I wanted to bring your buddy actually, he, he's out of reach.

Oh, is he out of reach right now? I'll bring him on the next time, I promise. Okay. Please do that and tell him we said hello. [00:49:00] Tell him we tell him we said hello there. Hello. Let's see here. Does he have an accent or something? I, I don't, I keep trying to figure out what voice I want with accent. You need to get, you need to just like do one of these voice app things and then like just use it whenever he talks.

So from this is from Toby Scammel over at Wombley. Alright? Mm-hmm. And he gives, he says in this document, he says in recent days we've seen a significant increase in fraudulent applications. Here are some recommendations that may be applied to detect, prevent, investigate fraud against government platforms by private participants.

So he is, he, he gives a list. Of the different security things that you need to do as a business, okay. To pr to make sure that FinTech doesn't facilitate fraud. He says, you know, block all international ips, all anonymous ips, because people were committing the pandemic fraud using the tour browser at one point, right?

He says, block [00:50:00] all voiceover IP numbers, do database and KBA checks are widely exploited. So, and he gives a list of these companies that have been compromised that you know, KBA is just useless on. He says, block temporary paper and foreign IDs. He talks about that. He talks about use video selfies with strict liveness detection because some of the, some of the liveness detection services that were being used during the pandemic could be circumvented with masks, dolls, mannequins, et cetera.

He says, block all online banks at the routing numbers. Because what you have to realize is, is that these prepaid cards have. Routing numbers that need to be flagged, a prepaid coming through with refund fraud, with with pandemic fraud. Anything else should be a major flag. But people weren't blocking that.

He says, use, oh, he says what's else he, who else has he got here? He says require funding into a named bank account because again, [00:51:00] prepaid cards don't have a name attached to 'em. So you were able to send multiple n multiple deposits in different names to prepaid cards. So you need to make sure that stuff's flagged, require business bank accounts for business deposits that are coming in.

He's, he's got a whole list of different things that he mentions that need to be addressed, and that's, I think that that comes into this idea of a layered approach to security. Think of an attacker as having a toolbox. He uses a variety of tools. As a defender, you need that toolbox with a variety of tools, that multi-layered approach.

Absolutely. To mitigate all these different things across the board. I think that's, from a business point of view, you have to consider that from an individual point of view. At the end of the day, I think it's really having that situational awareness, and I, I've been talking about this for a few months now of, you know, in our physical lives, we go into a bad neighborhood.

We know immediately that something's off. If something's, yeah, you go [00:52:00] visit Mosher, you know, my windows are rolled up, you know, my windows are rolled up, I'm packing heat. But you know, we've got that situational, situational awareness. We, that does, for some reason, it's not translating into an online environment.

We tend to trust. Those online environments, and we need to understand that, okay, trust is fine, but you need to verify. Right? And you, you need to understand there are predators in those environments. I think just doing that, if we can get to that level, the other things will follow, will, will understand that we need to monitor our accounts.

We will understand that we need to have a credit freeze in place. Need to have Yeah. Freeze your credit. Yeah. Use, we recommend that all the time. Yeah. So, so, you know, I used to talk about password managers. I'm no longer talking about password managers considering the trouble recently. Yes. But, but we've got pass keys, so, you know mm-hmm.

Good, good password protocols in place. I think that if you, if we simply [00:53:00] developed the situational awareness online, those other things will follow that we won't see, you know, like for mfa, a large adoption rate is like 12%. Right? But if we can, if we can get to where we're having that situational awareness, I think that that percentage will raise.

Well, that's a G. Excellent. Excellent advice. So thank you for that. And yes, that, that's a really good segue too, because when we talk about mfa, whenever I think of m FFA and, and what's an example where multifactor authentication MFA hasn't worked? And I think of Uber because there's Uber that has mfa, right?

Right. They had mfa, and correct me if I'm wrong, listeners, like I've been wrong before. They, they tell me. But I heard like, my understanding of the most recent breach of the 40 or the three or four, whatever they've had, they've, there's been a few, there's been a few there. Right. But the most recent one [00:54:00] was multifactor authentication fatigue, right?

Yeah. They kept paying, they, they got the, Email and password bought off the dark web or got it from a compromised account. So they tried to log in and it kept asking, it kept saying this is sent for multifactor authentication. Okay. They just kept doing it over and over and over. So coup. Yeah. So a couple things went wrong there.

One is the the user ultimately got tired. Right. And just said Enough, fine. Click it. Okay. The other thing that went wrong there is you didn't get TI just tired and then clicked it. They communicated with them and said, Hey, this is your IT department. Let's get on WhatsApp. Right. And they went off the main domain into WhatsApp.

If that's not a red flag, right? Like at a company, I don't know what is, but they went on WhatsApp. I'm like, when I'm on LinkedIn and somebody immediately messages direct, messages me on [00:55:00] LinkedIn and goes, Hey, you know, I'm not here on this platform that's off. Let's get on WhatsApp. I'm like, no, it's okay.

Yeah, let's stay here. Like let's start, go into the dark alley, right? Let's just stay in the light. Okay. You know, there's nothing wrong with using WhatsApp. I'm not saying that, but the point is, is in that context, that's situational awareness. There's no reason to do that. Right? So why would we do that?

Well, they got him on WhatsApp and then they asked him to authenticate and then he did, right? The other issue there also was the, there, there wasn't like a zero trust assessment like configuration, meaning from that one user. They were able to allegedly get all the way to the source code, which shouldn't have happened.

And that one user might not have even known that they could get all the way up there. But the. Threat actors were able to find their way through. And that gets into that controlled access. Meaning the way organizations are structured, they don't even know how they've rolled out permissions. Right? Right.

They've got [00:56:00] users that have access to accounting that should have no access to accounting. They don't even know that it's configured that way. But that's Uber. That's uber somebo. Something else happened in Uber. They, they, they had a, they had a, a strategic security leader that got in a little trouble, didn't they?

He, he did get in in a bit of trouble. He was a you know, he had quite the resume. He was a phenomenal resume. Yeah. And, and a great public speaker, like a really bright person, like holy cow, I mean, top of the food chain. Yep. Former federal prosecutor. He had, he had set up all these programs. He had evidently paved the way for many other people.

I mean, he was, he was good to go until, until two attackers come in and breach, Uber, steal some of the data, and then things fall apart for the guy. Yeah. Because [00:57:00] really what happens is, is when a breach happens, lo and behold, we don't want, well, we don't, we always say is one of the benefits to engaging with security companies, right, is we keep 'em, we help anyway.

Right? We help keep 'em out of the news. You don't wanna be in the news, you don't wanna be in reporting land, right? You don't want to have to report this to shareholders, to stakeholders, to the public, things like that, because it's bad for business, right? So this guy, what does he do? At that point in time, Uber had had a bug bounty program.

It was a max of $10,000. These attackers wanted a hundred thousand. So he, he basically says, Hey, what we'll do is we'll hide the breach saying that these guys were just, you know, bug bounty guys, we'll pay 'em a hundred thousand dollars. We'll have 'em sign an NDA so they can't talk about it, and they'll go out in their happy, happy, merry way.

Nobody has to know about the breach. No blemishes on my nice, pristine resume. Everything will be just fine. That's what he does. [00:58:00] Yes. And it, and apparently that's, that's not, that's legal. Like it's, it's, it's clearly Who would've thought if you're listening and you don't catch that like that, that's bad.

That's bad, bad objective, binary. Good, bad. That was a bad decision. Yeah. That is obstruction and misprision coming from Chicago. I mean, I'd say that's kind of the way businesses run, but like, that's generally not good. It's fraud. Right? You can't do that. It's, it seems to be that, that that's how they captured.

They, they captured it as fraud and they indicted him. And it was the first security person, right? Like in a private company to, to face criminal charges. It was, it was really shocking. It was very serious. And the charges weren't, The charges exactly weren't fraud. So it wasn't alleged to be fraud.

It was like one was, I believe false, allegedly false statements to the ftc. Mm-hmm. Cuz they were investigating him during this time that this happened. They were investigating Uber [00:59:00] for the, and he was in a role with the former c e o correct. Right. In discussions with the FTC about a prior B breach.

Right. Right. And so the FTC felt, well, you should have brought this one up. Like this is something that should have not, would've mentioned that. Yeah. I think that's just kind of situational awareness. Right. Any other takes on that? I mean, you, he was sentenced. I've got one hell to take on that. Yeah. I mean, recently he was sentenced.

Right. He didn't, it was so here's the thing. The two guys, Joe Sullivan, the CISO of Uber, knew their names. Mm-hmm. They promised him, you know, scouts honor, we won't sell any of any of the data that we've stolen over on the dark web. Meanwhile, guess what? Yeah. It's being sold on the dark web. Yes. Not only that, but these two guys that Joe Sullivan knew the names of, they go on to hit other companies with the exact same social engineering attack that they breached Uber with.

Ugh. [01:00:00] That Joe Sullivan could have stopped it all. He didn't. Right Now they charge his ass for obstruction, misprision, a couple of other things as well. Yeah. Joe Sullivan, his sentence is Three years probation. 200 hours. Community service. Very, very light. Very light. When you consider the tens of thousands, hundreds of thousands of victims.

Mm-hmm. Because of his actions I've got and, and I think this is where it gets to, do Americans even realize what that means to be a victim? Like, right. I still think they think, oh, so they have my password. I just changed my password. There's no harm, no fall, but that, it's deeper than that. Like for the next 10, 15 years, you can be, you can pull your credit report for something seven, eight years from now and find out you have a defaulted condo in Nevada.

[01:01:00] Like, right, that happens. I've met those people, right? Like it's, it's brutal. When this stuff happens, it ruins lives. Now here's the thing. That's Joe Sullivan's sentence. 200 hours. What would the sentence be for some kid on the dark? I say a kid sub 20 year old on the dark web, who goes out and does that breach?

Oh, it'd be a lot more, a lot more, more. He'd get, he'd get two years in prison for aggravated. Mm-hmm. Identity theft. He'd get, depending on the number of victims he's gonna get charged for access, device fraud. That level he's probably looking at for what? Joe Sullivan, those victims were there. This kid's probably looking at 15 years behind bars.

Mm-hmm. Convicted, felon the rest of your life. Right. All that. Right. It's tough, but Joe Sullivan gets off with community service. There's something wrong with that, especially when you consider that Sullivan, his entire career was Dick. Was, was, [01:02:00] was based on the idea of him doing the right thing of him protecting people.

Right. And at the end of the day, he didn't, it seems to me that, that by God, he should be serving some time behind the fence someplace. Right. One would think Right, because one would think, because when you think about. Others in less serious predicaments. They get slammed. Yeah. Yeah. They get slammed. Not, and, and again, not only is he not serving time, but we've got a whole boatload of people in the industry that are supporting the guy.

Mm-hmm. Oh, thank God he didn't serve any time. He didn't need to serve any time he got a horrible sentence as it was. He'll never be able to work in the industry again. Well, guess what? No, that's true. Does that, does that make any of these people, any of these victims whole again, does that solve the problem?

Does it deter anybody [01:03:00] from doing similar that he did? No one does Or is that other? No, it doesn't. Right. And it And is that also a, just them projecting like, that's it. While I'm a, I'm a ciso, if I recommend that to my client, I don't want to go to jail's now. I know I won't. Yeah, that's it. Hell, I got, I got 90 days for my last indecent exposure.

Come on, God. Where's, where's the who? Let him out of the closet. I got 90 days for that. Yeah. I, I had one lady tell me it looked like a penis. Only smaller. Oh. He's like the end. On a real high note, on a moral high note, right. With us, with this group. I am, I apologize to my family. My children like, I apologize.

I'm so sorry. My wife. I'm sorry. There's a reason Brett keeps getting banned on YouTube.

You can come on our channel all day long, man. You can just, you can just [01:04:00] flow right through here. I'll start you off and then I'll just check out and you can go ahead. That's it. That's it. It's fine. You'll always have a voice. No, I, I'd tell you, I just I think that Sullivan needed to serve serve some time.

I think that honestly, I think he should have gotten two to three years. Well, and absolutely. I think, honestly, like after being a federal prosecutor too, like usually when judges do one thing bad, like they go down and they go down hard because of the fact that they've been given this privilege. Yeah.

Because, and, and the same people that are like backing them are the first ones to say, well, you know, when you're privileged, you shouldn't have those rights. Well, here, here's a, that's, that's hypocritical. Like, well, you know, that, that goes into this. Having that privilege means you have to have it, you have to keep it sacred.

I agree. And it, it goes into this, you know, it really is like, we've got two different systems of justice. In the United States, we've got the system that Sam Bankman Freed is allowed to operate under, or [01:05:00] Elizabeth Holmes or Joe Sullivan. I was about to ask you about Elizabeth Holmes, cuz I've never asked you about Elizabeth Holmes and if I'll have to make the whole episode if there's anything, if there's anything that makes me angry Holmes.

Yeah. If there's anything that's makes me angry, it's, it's Theranos and Elizabeth Holmes. Yeah. It's like, I just like, it's everything, you know, in our sales training and stuff like, like we're very careful with the words that we use the right, the, the promises that we make, the all of that. We have to be very careful because these wound up being legal terms of art.

Right. Like we cannot, and. My gosh. If we could say, you know, we will 100% keep you secure and you will never have a problem. We guarantee it. And by the way, we're going to triple the size of your business because of this one service. Like, that's what they were saying, right? And like, and then they were getting hundreds of millions of dollars.

For people. Like, but I mean that, that [01:06:00] whole arc of how they had this, you know, the board on there had all these huge names, none of them medical Right. None of them with any science background that could call bs, you know, and they just kept doing this and, and then they rolled it out to the public through Walgreens and Right.

Holy cow. And now she, this sentence there keeps getting continued, right? She hasn't, well, her report date, she got her report date yesterday. So she is barring any new developments. Oh, she got her report date yesterday. Okay. That, that was an update I missed. So, hey, we got the update final, so May 30th is her prison report date.

There it is. Okay. Yeah, so those are, and those, those are pretty well locked in at that point. But you know, the thing is, again, if that had been anybody else, if it had been someone without means, oh yeah, they wouldn't have had to worry about a report date because they would've already been locked up. They wouldn't have been out on bond or anything else.

Of course, like that. Of course. So it, it, it really is. I mean, I, I, yeah. And [01:07:00] she was destitute, remember? But meanwhile going, driving home with everything to like a 50 million house and all that, and you're like, okay. Yeah. So hopefully she'll rot in there for a while. Yeah. Her sentence was quite light though.

Yeah. Her, her, her, her sentence was not as, as I think because it didn't, it didn't kill somebody. Right. Like it did cause false reports on cancer screenings and all of this, cuz it was claiming to do all of this, but yet it didn't do anything and it was never consistent. But but I think that just the lack of remorse just Oh yeah.

The complete denial. Like, oh yeah, I still believe like this, we, you know, we would've done it. And then he also gets into like an intellectual question of, well, at what point do we. Well, at what point do you call it? Like there's, there are examples of people that have made claims because the technology just hadn't caught [01:08:00] up yet, right?

Because it was heading there. Now, the issue was when they were making these claims, did they have actual scientific knowledge that what they were saying was false? And I think the evidence showed they knew that. Oh, they knew. They absolutely knew. That's the issue. Right? That's the issue. But had they just kind of stayed under the radar a little, kept the money, stayed a little bit under the radar, maybe not rolled it out to the public Right.

And applied that as science to the public yet. Right. They probably could have kept going until the technology caught up. But they didn't. They didn't. You know what I mean? They didn't. And, and you, you see homes now. I mean, you're, you're right. I mean, there's no remorse. No, I didn't do anything wrong. It would've worked.

Banging, bang, and mm-hmm. I mean, so you're gonna allow that, you're gonna give somebody a light sentence that doesn't care. About the damage that they've done. Mm-hmm. Whether it be Joe Suman, whether it be Elizabeth Holmes, and it's going to be Sam Bankman freed as well. Yes, exactly. Yep. [01:09:00] So my PO just texts me.

Apparently he's watching, he says, I need to call him right after the episode. Hey, are you off that monitor? Give me a call. We need you to come in. Mosher was ac asking me for a chainsaw and a hacksaw and a big we, yeah. Like the thing, you know, wire cutters earlier. I didn't know he was cutting off his his band on his ankles.

There you go. Well guys, you guys are outstanding. Truly. Brett Johnson, thank you so much, sir. Not, absolutely not the last time that we're gonna talk because there's gonna be a lot more updates and things to cover for sure. Oh, without a doubt. Without, so we will have links to the Brent Johnson show in our show notes.

Please check 'em out. The Brett Johnson show on YouTube. Follow 'em on Twitter. Very active on Twitter and LinkedIn. Very active. Very active. Very active. Don't look for him. Don't look for him. Don't look for him on TikTok. That's right. Everything else. Thank you so much, man. We take care guys. We [01:10:00] absolutely appreciate it.

And thanks everybody for listening. We'll talk to you guys next time. Thanks, Brett. Take care, brother. Take care now.

Hey, well that's a wrap. Thank you for listening. Our next episode starts right now. Please be sure to subscribe to our YouTube channel. It's free, and download the podcast episodes available everywhere you get podcasts. To support our show and get exclusive pre-release episodes and bonus content, please subscribe to Cyber Crime Junkies Prime Lincoln, the description and show notes, and thanks for being a cyber crime junkie.