FBI Day In the Life. How FBI Fights Cybercrime.

Show Notes

We delve into the world of cybercrime with special guest Darren Mott, a former FBI agent who transitioned from teaching to law enforcement. He shares his journey into the FBI, the evolution of cyber investigations, and the challenges faced in tackling digital piracy. Mott discusses the creation of Operation Sudden Urge, an undercover operation aimed at dismantling online piracy networks, and the innovative strategies employed to gather evidence and monitor illegal activities.   

Operation Sudden Urge and Operation Fast Link are true CyberCrime stories resulting in simultaneous arrests in over 20 US cities, 7 countries making it at the time one of the FBI’s largest online takedowns in history. The story 

Get peace of mind. Get Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com  
 
Imagine setting yourself apart from the competition because your organization is always secure, always available, and always ahead of the curve. That’s NetGain Technologies – your total one source for cybersecurity, IT support, and technology planning.

Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-4466.

A word from our Sponsor-Kiteworks. Accelerate your CMMC 2.0 compliance and address federal zero-trust requirements with Kiteworks' universal, secure file sharing platform made for every organization, and helpful to defense contractors.

Visit kiteworks.com to get started. 

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Chapters

• 0:00: Introduction to Cybercrime Awareness
• 3:06: Darren Mott's Journey to the FBI
• 4:16: Transitioning to Cybercrime Investigation
• 6:30: The Evolution of Cyber Undercover Operations
• 9:33: Operation Sudden Urge: The Beginning
• 13:46: Building the Undercover Infrastructure
• 16:52: The Batcave: A Clandestine Server Farm
• 20:23: Gathering Evidence and Monitoring Activities
• 22:44: The Challenges of Cyber Investigations
• 25:19: The Impact of Cyber Piracy on Industries
• 29:53: Identifying Key Players in Cybercrime Operations
• 34:35: The Takedown Operations: FastLink and Beyond
• 35:17: The Aftermath of Takedowns and Continued Investigations
• 36:28: International Pursuits: Expanding the Scope of Cybercrime Investigations
• 38:27: Challenges in Cybercrime Prosecution
• 47:16: Understanding Cyber Threats and the Role of Social Engineering
• 55:00: Conclusion and Future Perspectives on Cybercrime

Transcript

FBI Day In the Life. How FBI Fights Cybercrime.

 

Topics: day in the life of fbi special agent, fbi life, fbi stories, fbi day in the life, how fbi fights cybercrime, how a cyber security mindset works,how fbi fights cyber crime,fbi vs cyber crime,how the fbi helps fight crypto scams,crypto currency role in cyber crime,how the fbi fights cyber crime,personal cybersecurity education,cyber security mindset,scott augenbaum,individual user audits,how to educate users,how cyber crime is like the mafia,how to measure security awareness,How to improve security awareness education,FBI vs. Cyber Crime

In this episode, we delve into the world of cybercrime with special guest Darren Mott, a former FBI agent who transitioned from teaching to law enforcement. He shares his journey into the FBI, the evolution of cyber investigations, and the challenges faced in tackling digital piracy. Mott discusses the creation of Operation Sudden Urge, an undercover operation aimed at dismantling online piracy networks, and the innovative strategies employed to gather evidence and monitor illegal activities. The conversation highlights the significant impact of cybercrime on industries and the importance of raising awareness about these issues. In this conversation, Dino Mauro discusses the intricacies of cybercrime investigations, focusing on the identification of key players, the execution of takedown operations, and the challenges faced in prosecuting cybercriminals. He emphasizes the importance of proactive engagement with law enforcement and the evolving nature of cyber threats, particularly the role of social engineering. Mauro also highlights the need for businesses to understand their vulnerabilities and the significance of the human element in cybersecurity.

takeaways

• Darren Mott transitioned from teaching to the FBI.
• The FBI's cyber division was non-existent in the early 2000s.
• Operation Sudden Urge targeted online piracy networks.
• Undercover operations in cybercrime require innovative strategies.
• The impact of digital piracy on companies is substantial.
• Mott built a clandestine server farm for evidence collection.
• Monitoring IRC channels was crucial for gathering intelligence.
• The challenges of cyber investigations include data management.
• Cybercrime awareness is essential for public safety.
• The evolution of cyber investigations reflects changing technology. Identifying leaders, crackers, and distributors is crucial in cybercrime investigations.
• The FastLink operation was a significant takedown involving multiple cities and countries.
• International investigations expanded the scope of cybercrime enforcement.
• Prosecution of cybercriminals often faces legal challenges due to outdated laws.
• Social engineering remains a primary tactic for cybercriminals.
• Businesses should proactively engage with law enforcement to mitigate risks.
• Understanding the human element is essential in cybersecurity.
• Criminals are often ahead of law enforcement in tactics and technology.
• Business email compromise leads to significant financial losses for organizations.
• The average time for detecting a cyber intrusion can be over 300 days.

titles

• The Impact of Digital Piracy
• Behind the Scenes of Cybercrime Challenges in Prosecuting Cybercriminals
• Proactive Engagement: A Key to Cyber Defense

Sound Bites

·       "Join us as we go behind the scenes of cybercrime."

·       "I was a high school teacher before the FBI."

·       "I loved computers since I was 11 years old."

·       "We identified leaders, crackers, distributors."

·       "The largest takedown at the time."

·       "We targeted individuals in seven countries."

Chapters

• 00:00Introduction to Cybercrime Awareness
• 00:56Darren Mott's Journey to the FBI
• 02:48Transitioning to Cybercrime Investigation
• 05:50The Evolution of Cyber Undercover Operations
• 08:57Operation Sudden Urge: The Beginning
• 12:09Building the Undercover Infrastructure
• 14:56The Batcave: A Clandestine Server Farm
• 18:10Gathering Evidence and Monitoring Activities
• 21:04The Challenges of Cyber Investigations
• 23:58The Impact of Cyber Piracy on Industries
• 29:10Identifying Key Players in Cybercrime Operations
• 30:32The Takedown Operations: FastLink and Beyond
• 32:52The Aftermath of Takedowns and Continued Investigations
• 34:19International Pursuits: Expanding the Scope of Cybercrime Investigations
• 36:08Challenges in Cybercrime Prosecution
• 37:35The Evolution of Cybercrime and Law Enforcement's Response
• 39:22The Importance of Proactive Engagement with Law Enforcement
• 43:48Understanding Cyber Threats and the Role of Social Engineering
• 52:24The Human Element in Cybersecurity
• 56:44Conclusion and Future Perspectives on Cybercrime

 

Dino Mauro (00:01.507)
you

Dino Mauro (00:06.198)
Join us as we go behind the scenes of today's most notorious cybercrime. Every time we get online, we enter their world. So we provide true storytelling to raise awareness, interviewing global leaders, making an impact and improving our world.

Translating cybersecurity into everyday language that's practical and easy to understand. We appreciate you making this an award-winning podcast by downloading our episodes on Apple and Spotify and subscribing to our YouTube channel. This is cyber crime junkies and now the show.

Dino Mauro (00:56.684)
Good afternoon, gentlemen. We are joined in the studio today with special guest Darren Mott. Darren, thank you so much for joining. I'm really honored to have you here. So, Darren, for people that may not have met you or know about you, tell us kind of a little bit about yourself. Sure. So prior to joining the FBI, was a high school teacher in Orlando, Florida, teaching physics and chemistry at the time.

I was finding that I was having more enjoyment sending kids to the principal's office and perhaps necessarily teaching. So perhaps decided maybe a career change was in my future and was kind of looking 30 years down the road. And when I retired from teaching, my only option was really I could do substitute teaching. And that really wasn't very enticing. And my wife had just had a baby. And so one some one weekend,

I was going out rollerblading or something to try and get in shape. And she was like, is this our life? You're going to go rollerblading. I'm going to deal with the kid and we're both going to be teachers. and so I was teaching summer school, ran across the FBI page, said hiring, take, taking applications for special agents. I'm like, I'd kind of wanted to do law enforcement. That's I don't want to be a state trooper or local, local police officer. Something, you know, I can, I can see the value in being in that position. So I figured I'd throw my application. Worst they could say is no.

not any worse position than would have been at the time. And I remember, I do remember once the other teachers found out I had applied, the head of the math department came up to me and hey, I heard you applied to the FBI. I yeah, I did. goes, you're a 30 year old white guy. Good luck with that. I'm like, I don't see them like, you know, like recruiting. Where are all the 30 year old white guys? we can't them. Where the white teachers? Where are the 13 year old teachers that we need? That's hilarious. But they, but they,

But you got in, Yeah. Something went right. Yeah. 13 months after I sent in my first application, I was walking through the, through the doors of the Academy in Quantico. Very cool. Very cool. And so you, you actually wound up in, walk us through kind of your, you know, your, the, the, the, yeah, like he wound up as part of this,

Dino Mauro (03:15.722)
undercover cyber unit and have some really great experiences. How did that happen? Not all. Some FBI guys do a lot of paper. Some FBI guys are doing really hardcore, like physical crime things like, well, walk us through this. Well, let me say one thing. We all do paper. Everybody knows paper. That's a requirement for all.

Forget, see what you're seeing on CBS's FBI shows. It's the same thing in law too, because everyone's like, yeah, you're in the courtroom. You're like screaming at jurors. I'm like, yeah, like once or twice a year. The rest of the time you're like dictating interrogatories, just like reading the manuals, like a lot of drives.

I've loved computer since I was 11 years old. When I saw my first computer, my mom was a programmer in 1977. She took me in and I played this little game on her computer. So I love computers. And when I got in the FBI, I of wanted to work computers in some way. I think everybody goes in with an idea of what they want to do. Like, man, I wanted to be a profile or whatever, but I'd read some books and that's looked, but I wanted to do something with computers. And we've got to remember this was 1999, 2000. There was no cyber division in the FBI.

And actually only 16 field offices of 56 had anything even looking like a cyber squad. weren't even called cyber squads. They were called national infrastructure protection center squads, which I'll be honest with you, when you go to a party and you say you work for the FBI and they say, Hey, what do you work drugs? National infrastructure protection center. Okay. You're not the F. Yeah. So I got, but I got onto the, the, newest squad was in Charlotte.

So the, the original case agent for operation, innocent images, which was started in 1993 was Doris Gardner. She was an agent out of Baltimore, had a, an abducted child case, which, which turned into online child exploitation. so she bought that. That's big. I've read about that one. So that actually wound up, it blew up a whole like pedophile rig, right?

Dino Mauro (05:23.999)
Yeah. And actually it goes on today. Operation is there still exists. Every most field offices have a version or some sort of connection to that. Cause obviously the problem hasn't gone away, but she was the new cyber supervisor in Charlotte. So they needed people for that squad. And in my class, I was the only one who cared about computers. Everybody else was like, when we do a little computer classes there, they were all looking at their watches. When can I get out of here? I'm like, when can I have more of this? This would be great. Right. So I got there.

And it was a small squad, only five agents and her, we didn't have, we didn't have a computer scientist, had a secretary. had a, lack, it's not the right term, but secretary who did some of the paperwork stuff. Cause when you would write the paper in the FBI, you'd give it to her and she would upload it to this antiquated system. But that's a story for another day. and so I ended up doing,

I'll just give you the kind of the full 20 year quick arc and we'll go back to the undercover you want to talk about. so did that for, I on that squad for seven years, went to HEPIA headquarters, worked in the cyber division and program managed stuff, went and ran a squad in Cleveland, went back to headquarters to integrate the counterintelligence and cyber divisions with a new unit that was designed specifically for counterintelligence and cyber to kind of find the bad guys behind the keyboards in China, Russia, Iran, wherever.

and then ended up ultimately back as a field supervisor in Huntsville where I ultimately retired. But my, the, the case that really, well, who we're here to talk about was it was one of the, I said, it's not the first undercover the FBI did in the cyber role board was one of the, you know, original 10, guess at the time, cause there weren't a lot, there was not a lot of cyber undercovers going on. Cause remember there was no cyber division. So FBI headquarters didn't know what to do with cyber cases. Who does it belong to? We, we.

Our cyber cases, you program manager, FBI headquarters, they're the ones who get you the money. They send reports up so that the executives know what's going on in the field offices. They're kind of your belly button to, you know, leadership in Washington. and so I remember when I first started going down the road with this case, it was originally in the counterterrorism division. Again, they didn't know where to put these things.

Dino Mauro (07:33.075)
Every couple of months I would call my program manager and he said, well, I'm not doing that anymore. You got to call this guy in the criminal division. So I'd call that guy in the criminal division. He would that had had the guy brought to bring him up to speed on the case. And then they'd say, okay, three months later, I call for money. I don't do that anymore. It's this guy in the counter, counterterrorism division. So I went on for a year when I started this case until the cyber division came along, but the case started. So it was undercover targeting the wearer scene and the started in.

the summer of 2001. essentially. So, ice had a case operation, sudden urge, sudden urge. Yes. Sudden urge. Okay. Okay. So it became OPERATION SUDDEN URGE It wasn't sudden urge at the time. At the time, when the first started, there was a, there was a case out of Chicago and I don't remember the name and it wasn't necessarily under covers as they had identified some guys that were engaged in.

online, all this dealt with online piracy. The where scene is just online piracy, music, movies, game software, all that stuff. But it was at the time in the early 2000s, according to the business software Alliance, their amount of loss to companies was about $6 billion. Now that translates to people's jobs and all that stuff. So people were losing, you know, there's real money lost there. And so the Chicago agents came down and they rated a kid in

the University of North Carolina, Charlotte. He was the leader of a group. And so they raided his, his, they, with our help, they rated his, dorm room and it wasn't even, they didn't come to the Nipsey squad, the national infrastructure protection center squad. went to the white collar squad is who did the, the takedown. I wasn't even involved in that part of it. and so they ended up arresting that kid. And then the two case agents were leaving to go back to Chicago, but they had like an eight hour wait until their plane was leaving.

And they said, Hey, we got this other guy. We didn't have enough information to do a search warrant in his house. Let's just go talk, see if we can find him and talk to him. he was another part of the wearer's team, but he was kind of a different animal. Talk about what he did, but so they go to that house and they knock on the door and this guy, you know, this little skinny guy comes out and they show him the badge and he gets real shaky and scared. And so they sit him down on the porch. They're talking to him about 15 minutes and he's, don't know. I don't think he peed his pants, but he probably was pretty close.

Dino Mauro (09:52.011)
So they're talking to him and he looks confused and another guy comes to the door and goes, Hey, are you looking for, and he says the use, the, name of the, of the, of the username. I am not going to say that here. It would, it let my, give up my source. But so they said, I think you're looking for me. And so they were talking to So, so they brought him out and he brought him inside. He showed him like all the communications he was having with all of these different groups. had access to multiple groups.

And most of the cases up to this point that ICE was doing and a little bit the FBI was doing were singular groups. So singular wares related groups. He had access to many of them because he had become interested in what it was they were doing and he ingratiated himself into all of them. So he had actually had tentacles in all these groups and he said, I'll help you. I'll help you find these guys. Because he was he had a legitimate job. He didn't want to go to jail. And they weren't looking to arrest him. But he was he found that would interest. Right. He was a person like they want to.

They don't know whether he's going to be a target or whether he's going to be a very useful informant. So, keep in mind, is the white. So that they said they bring him back to the FBI office in Charlotte to the white collar squad and say, Hey, we've got this guy. He's with these groups. You might want to use them. And now one of the things, if you're an agent and if you're a new agent, it's you want sources. Sources is the bread and butter for all agents. but the white collar guys like, I don't know what to do with this guy.

He had no, so I was involved in some of the meetings with him when he would come in and they ultimately said, I can't do anything with this. Do you guys want him? And I said, sure, I'll take him. So I started talking to him in the late summer of 2001 about what we could do from an undercover perspective. How could we create an environment that would allow us to gather evidence to, you know, take down these groups? Cause it's all enterprise investigation start.

and find out how the group is organized and try to dismantle it, at like organized crime. was really serious back in the day too, because the theft, the piracy that was going on was massive. Like people were like, companies were closing, the bigger companies were losing billions of dollars, like you mentioned. And then, I mean, this is also at the time, you remember people were pirating the DirecTV satellite boxes, like all of that was,

Dino Mauro (12:09.387)
going on and there was a lot of like, there was a whole connection there to some really dark, deep seated, you know, rogue nations and, and black hat hackers and things like that. it's so, so you were like tapping right into it, weren't you? Right. And keep in mind that the like law enforcement federally, I statewide don't do anything with cyber, but federally, they know really how to deal with it. And prosecutors didn't know how to, how they were supposed to.

prosecute. Exactly. If you could get attribution and find them because they were using encrypted and private IRC channels, internet relay chat. I'm sure the three of us old enough to remember that. But most people, you're 30 or more like, what the hell is that IRC? That's how mafia boy got connected with the Russian hacker gang at age 15 from his bedroom. Right? Yep. It's crazy. Yeah.

Yep. he, so we, we, we organized, we designed a way him and I to say, okay, let's create our own. Cause what the whole thing with this scene was where do they store archival material? Because at the time it was all, it had a weird, know, you'd look at, if you look at the mafia, they have this weird system of respect amongst the different families. I guess I didn't work. I'm guessing that's how it worked. Same thing here. If you released.

The pirated, the original pirated version of Windows ME, let's say, for example, you're so inclined. That copy was the same copy that everybody had because no other group would release it. That would be a big, big boob, big no, no, do not take our stuff and re-release it as your own. So it's like going on the turf, right? Like this is right. Exactly. It was all who's first, who's the first to release it. That's what gave you your creds and gave you your bona fides and

gave you access to all these other groups and all these other servers to do all this stuff. And none of them did it for money. It was all just for the piracy, which is the hard thing. People, people can't wrap their heads around. Why would you even, why would you even go after these guys if they're not doing it for financial gain? And I would have to argue, well, they're not gaining, but people are losing. It's still, it's still a crime, still crime on the time. The government, federal government is trying to still trying to figure out cyber priorities.

Dino Mauro (14:31.649)
China and Russia hacking private companies like we see now is not a big thing. China kind of hit bigger a couple years later when Titan Rain came around, but at the time, they were trying to figure out priorities and obviously, in this image is type tough, the crimes against children was still at the top of the heap. And then you start to have the mafia boy stuff, the botnets and the intrusions, but wares became a big thing.

And so we developed an undercover strategy, what we wanted to do. And as we were starting to write it up, 9-11 hits in 2001. So that goes on a pause because everybody's working terrorism now. then we ended up getting approval to start the undercover, which basically dealt with us being a storage site for these groups. We would create the infrastructure for them to store their material, which basically means they would send us their evidence of their illegal doings, which was great.

But on a date that we got it signed for approval was the same date that ICE conducted what was called Operation Buccaneer, which at the time was the biggest cyber takedown of any group. It was a where's group called Death or Die or something like D &D or something to that line. And it was, they, you know, they did it in a bunch of different countries, but they were as a one hitter. They did it and they were done and they were gone. And the nice thing for us, keep in mind we're creating this

archival system that no one knows about anymore any now and ice just took down a group so everybody's scattered to the winds and they're trying to now recoup and reorganize and we're hitting it right at the same time that they're looking for new places to go to hide their material wow and so they just clustered right on you guys about the one yes the groups that had access to my source that my source had access to right

because he had built his way into the hierarchy of these groups. He was a capital, I guess is the best way to put it. And so he had access to them and he said, Hey, here's what we're doing. We're going to have this site. It's going to be stored and it's everything's going to be in Canada. So the U S can't get to you. And we have, we're to have a high speed access and cause we ended up getting a T three line into the back in the day, the time it,

Dino Mauro (16:43.117)
Kind of it was fast at the time. Cost me $7,700 a month for that line. Wow. AT &T put a big rack in the Charlotte field office. I don't think, it's gone. They're not in that same building anymore, but it sat there for a long time. Cause I had a part of it in this back. I had like a back closet that I set up, basically built my own server farm with. So you had a base, we had a base server, which was at the time, the first one I built was one terabyte. So it was a one terabyte server farm.

This is 2002 is when I'm starting to build all this stuff. One terabyte storage at the time ended up being 20, 50 gig drives. Cause that's the biggest drive I could find. So I had to put up. Yeah. have a 50 gig thumb drive. It's about bigger than my fingernail, but whatever at the time it is what the technology is, what it is.

So we built that, but we, in addition to building the server farm, we had three mirrors. So I created three Linux boxes that connected all connected to that same server, but had different information on it. So that group A could log in the mirror one and group B into mirror two. So looked like they had their own infrastructure when in the end, in the end, they were all kind of feed into the same, the same storage, but that's what kind of brought them to us that we started down there. to think that this was all in Canada, right? Correct. Yep.

And the way I got around that was I ultimately, so AT &T, didn't quite, they just trusted it was no one checked for the first year that we were really in Canada. And within a year I had moved out of the FBI office because the space I was in was so confined and didn't have air conditioning. It was getting too hot. I was burning out, was burning out stuff because I built everything from scratch. I didn't go buy Dell servers. went to this local computer shop that loved me.

because I would walk in and buy $10,000 worth of computer equipment to build my own servers and put them all together. The CPU and the hard drive and the graphics board and all that stuff. and they knew me as kind of a funny story because they knew me as I take that back. The company knew me as my, my co my name was John Ryan is my undercover name. and so, huh? John, right. John, Yeah. My middle name. It should have been Darren, right? I didn't know.

Dino Mauro (19:06.879)
This was the whole thing with at the time in the cyber world with undercover, no one knew what we were doing. My undercover name should not have been John. It should have been Darren because all under covers first name and a fictitious last. So if someone says, Darren, you'll turn your head. So that's the reason. But, but again, no, no one was telling me what to do. I was kind of winging it and people were like, yeah, that's fine. Go, go do that. I don't, we don't care. and so, so they knew me as John Ryan who just bought a lot of

And then ultimately one of the, one of the ladies I dealt with all the time, I had to kind of take her in the back and say, look, I'm an FBI agent. I'm buying this stuff for whatever. Cause I needed it for, I needed her to know that because there were certain things that are like, why is this person buying all this stuff? that's right. So I was able to create that relationship so could buy it undercover at this little store and built it all together. And the funny thing we, mentioned the, code name, this is another issue where we didn't know what we were doing. We were just kind of winging it.

is the name "sudden urge", stupid name means nothing has nothing to do with anything. But when, in when you want a code name in the FBI, there's two ways you can do it. Come up with your own and get approval. Or you go to this unit that sends you a list of five names that is created off of this computer that they know has not been used. So every code name goes into a computer. So don't reuse the same code name. But no one told me that no one told me to do that. They just said call this unit. They'll give you a five names. You pick one like, all right. And

of the five sudden urge was the best. If that tells you what my options were. So I said, that doesn't sound stupid. guess I'll go as opposed to someone could have just said, pick your own, they'll approve it or not approve it. But anyway, that was a learning experience for them. But then the other thing is I was my own, I was a case agent for most undercovers. You have a case agent who owners, does the administrative or actually oversees the cases. There's just the strategic agent. You have the administrative agent who does most of the paperwork. You have a financial person to help you.

You have an agent that manages the sources and that's kind of your team. I was all of those things. did all of those because it's the first time, well, not the first time, but this is, know, one of the first originating undercovers at the time. we just didn't have a cyber division, counterterrorism division, criminal division, didn't know how to do cyber at all. Didn't really care. Like whatever. There was no online undercover school at the time. There was an undercover school. There'd been one for a long time.

Dino Mauro (21:33.537)
to deal with real undercover agents, but I was never going to see these guys in person. It was all online stuff. So was very easy for me to say, well, I'm not going to have a face to face. So I don't meet the criteria for being undercover certified, fully undercover certified. So like, yeah, you're right. You're not going to, so we'll just, we'll make an exception. If your special agent in charge signs off and says, and approves it, we're all good with it. Everybody was good with it. Can't do it anymore. It's a little different. Now you have to go through a class for a month, for a week and some other stuff. But at the time it was like, yeah, go ahead. It's all good.

So that's the guys that were actually doing the crimes. Where were they located? Everywhere. So yeah, I mean, yes, domestic, international, whole thing. Not a lot of Russia because no one spoke Russian. So the Russians had their own groups. We weren't in there because we were in the English speaking groups, but it included Israel, Germany, Canada, Great Britain, France.

Belgium, Amsterdam, I mean, the Netherlands, those areas all had group members because most of them could speak English in some way, or form. And plus there was, there was a plenty of American guys that were doing at the time because the risk was low at the time. Now, Buckingham kind of changed a little bit, made them think a little differently, but they figured as long as we store our information outside the US, they're never going to get evidence on us. That was the, that was the whole goal. And I'll definitely.

moved to a Time Warner facility. had this little metal warehouse about 30 miles from the FBI office. And I was able to go there and get a fiber line at 1.5 megabits per second, which was smoking at the time. At that time in 2002, it was awesome. And that only cost me the facility and the connection was 1500 a month. So went from 7,000 to 1500. So I'm saving the government all sorts of money. They love it. And I thought, great, go ahead and use that.

But I basically had, called it the Batcave because it's where if Darren was in the office, he must be at the Batcave doing whatever he does down there with that stuff. And it had air conditioning and all that kind of jazz. So you've set up this like clandestine server form, right? Correct. And then, then you're undercover and then do you use, do you have other like informants involved or how does this thing come up? The one source, the one, the one guy who came to the door for me.

Dino Mauro (23:58.125)
Yeah, he was a kid. He was mid 20s. He worked for a fairly large job. job. had a legit job that he wanted to go jail for. Yeah, I did security for a fairly large corporation in Charlotte. Wow. So he was helping me and he had so we in addition to the server farm, we had communications system set up to monitor the the internet relay chat channels because we were on about seven or eight of them because all the groups had their own channels. Right. So

We monitored them from there and he monitored them from his house. So he would keep them up all the time at his house because he had a little set up at his house. And then every once a month he would bring me a disk with all of his communications. And I would keep a disk of all mine that I would do at the Batcave. Cool. So then what happens after you get this all set up? What's It goes on for a while. So this started in 2001 and

It ultimately, I ultimately had 15 terabytes worth of server space. had manmade racks all over the place. And the problem was they kept having communication issues amongst themselves. So I would get calls on the weekend from him saying, Hey, mirror one is down. So I have to drive 40 miles down to reset server one. At one time, the, the FBI had put, motion sensors and other stuff for security purposes in this facility.

and so the motion sensor went off and I go, that's not good. So I drive down there with my lights and sirens going to get to this place. I turned them off about a mile before I got to it. A bird had flown in and was flying around the inside and hit up the motion detector. So all these kinds of but so, but all these guys started just loading stuff into us. They just started sending us every, every time they would create a release, they would send an archival copy to us. They stored all of the tools they use for breaking decryption.

and DCMA requirements, they kept all the tools on there. And for the most part, they logged in directly from their homes or from their work. We had a couple of guys that work for universities that were doing it through the university. So they were using the university bandwidth to do everything that one guy was in the Upper Peninsula of Michigan. I remember he was one of the first guys that we identified and ended up having a chat with. And these were like these are things that were otherwise copywritten, right? Like movies, music.

Dino Mauro (26:19.437)
Yeah, well the best thing is I had to evaluate evidence. I watched a lot of movies I wouldn't have seen otherwise Microsoft and Sony both sent me a modified Xbox and a modified PlayStation To test the stuff so I would they would put you know a game up I would download it burn it onto a disk throw it in this modified Xbox and it would play

So that's how I would confirm that it was legitimate material. Movies, movies, movies you could watch, music you could listen. The one thing we didn't do was pornography. There was plenty of it. But if you put pornography on our system, we kicked you out of the group or you out of the access because that was a no-go there, obviously. So we had to restrict that kind of stuff. But books, a lot of software. mean, every conceivable piece of software was there somewhere. There was a $600,000

piece of software that dealt with it with like an X-ray machine. So it was the associated software with that machine. I don't know why it didn't come with the machine. I assume it did, but if you needed to buy another version, there was a retail version of this particular piece of software. So that made it very easy to get the charges ramped up on these guys. It was all based on retail value of this, of what it was they were pirating. And I, we didn't really put money value on the movies music.

money movies or music. But the games and the software we said, okay, this guy, this guy uploaded or downloaded 10 versions of this. So if it was that if it was that medical software, he was easily at the $6 million loss range by his movement. So that made it made it very, made it very painful for them very quickly. Plus, all the log files showed it. But the issue was I had tons of log files, couldn't go through them line by line. I had to we had to

bring a couple guys down from FBI headquarters who were in the technical, the operational, operational technology division to code like a big Google search engine within my network. So I could, could Google search actually within a separate network, but Google search, I got input all this data and then search by username. And then it would list out everything this guy uploaded or downloaded. And then I could go through and figure out what it was. And the problem was these were not one shot files. These were our files. So if you had a,

Dino Mauro (28:40.865)
no, man. So you're right. So figure a seven. So figure a CD is 750 Meg, right? So but that you could only compress it into 10 Meg sizes. So you'd have 75 raw files for one thing or, you know, lots of routes. I to go through all these raw files, make sure they're all there. It's like, that is one full version of this item. So it took that was the hardest part was collating the evidence and identifying who we're targeting because we'd wanted

leaders. There's a lot of people that there are a lot of leachers that were part of the group, but they didn't really do anything. They didn't crack it. They didn't run the group. They didn't distribute. So those were the three things. If you led the group, you were part of the cracking group, or you were a distributor of some way, shape or form. Those were the three main areas we looked for. And if you were part of, you were that person, then we looked for evidence for you for that. then figured out where you lived domestically, the first round of takedowns.

we did everything domestically. So we identified leaders, crackers, distributors, and then basically build dossiers on all of them, who they are, where and how did then identify the username? That's all I knew username, IP address. So I had to subpoena the IP addresses to say, okay, who does this belong to? And then wait for that process to go through while I'm educating the lawyers. So here's what we're trying to do. So, you know, you have to out subpoenas, you have to wait for the subpoenas to come back.

And then, and so that's why from 2000, December, 2001 to June of 2004 is when we actually did the first round of my case had two rounds of takedowns. The first one was then, and it became what was called operation. fast link was the first one. And it was not just my case, but there were two other cases that were part of this out of, actually four other cases out of, new Haven, Washington.

And I'll be honest, I don't remember the fourth one. I think it was in California somewhere, but they all had where's cases as well or certain versions, but they all had singular groups. I had five groups I was targeting at the time, but I had access to more than five, but we focused on five. They were all singular group entities. The one in Washington had to do with music. Their victim was RIAA. okay. Yeah. RIAA. That was huge. Yeah. They were the specific victim in their case.

Dino Mauro (31:00.307)
in New Haven, he had a source as well. And they were on largely software. And I think the one in California, I want to say that one was movie related, because it's probably out of LA with Hollywood stuff. So so that's so correct me if I'm wrong. But like, from what I've read, like the takedown was pretty massive, though. It was like 20 US cities, seven different countries that were like you guys.

Right. So for FastLink, for my part was 20 cities domestically. I had 20 targets. New Haven had several. Washington had several and the one in California had several. So in addition to mine, there were some other ones. There were a couple international, I think. My international ones occurred the next year. for FastLink, mine were all domestic. the first wave of the data. So after that takedown, what happened in the takedown?

Well, in mind, as soon as the first search warrant happened, it like flew, cause we had internet relay chat up watching it. Cause we knew that we're to be, and my source calls me and says, it's crazy out here. They are all freaking out. They're all dropping their access or shutting down their internet relay chat channels. But we knew they'd come back. So everybody starts scattering to the winds. Cause everybody's now getting busted and everybody it's being, Hey, FBI came to my door. It's kind of hard to hide that in this particular scene.

And so we did, we, you we did all that. It's the largest takedown at the time. were terabytes and terabytes of data collected, tons of computers. and so what happened at, so they all scattered and that basically ended the cases in the other three field offices. But my source didn't get burned. Now a couple of guys thought my source was the source of all this issue, but he was able to kind of defund it. And there were plenty of other guys that trusted him that said, that can't be him. Can't not him. Don't believe it's not him. So he's like, we can keep this going.

another year. So I had the US, the attorney from DOJ was with sitting with me, we can keep this going for another year if you guys want to go. Sure, go ahead. Let's, let's, let's do that. And let's see what else we can get. we had, we took down three main groups, mage, think was one and risk ISO and a couple ones that had ISO at the end. We all, and so we targeted four or five that we didn't have access to the first time around. So we just targeted these new groups because now they're now looking for, because for a lot of them, their stuff was taken down.

Dino Mauro (33:21.441)
So a lot of the, where the servers were now gone, we're like, Hey, our server is still up and going. You can come to us. We've proven that we can be secure because no one got us because we're in Canada. now keep in mind. So Buccaneer it happened. Now this happens. and they are now like, they're now getting a little antsy about anybody. And so we said, we're in Canada, do a trace route. The last three hops are going to drop on you. And sure enough, you'd get to Atlanta and there were three hops from Atlanta to Charlotte.

but we had Time Warner was able to redact it. So it was just dot, dot, dot. And we said, that's our VPN going to our server farm in Toronto. And they're like, sounds good to us. Where do we sign up? So I ultimately had 15 terabytes worth of stuff, ultimately. went another year, got more server space, targeted more people. And then this time around, like, let's go international on this one. So we targeted individuals in seven countries.

If asked me to rattle off all seven, I could probably get most of them. don't know if I remember them all. don't have access to the case file anymore, but they all got, they all got the funniest one was the German one. Cause the German guy was using the free wifi of his neighbor. So they ended up going to bust in the neighbor's door. This old couple in Germany, like, we don't know what you're talking about. So, but they found him two days later. He was using somebody else's free wifi, but they were able to track him. And he was the leader of one of the groups.

His name was Dark Wolf was his name. I remember him. I remember that one. And there's another guy named butcher who was the leader of a group. He was out of Texas somewhere. Jimmy Nugent was his real name. I a certain age, you remember who they were because of communications with them and their company. How many guys were, were, were taken down on my case about 40 40 ish. And they, but here's the problem.

Here's the problem. So internationally, I don't know what they did with them internationally. I kind of lost track of that afterwards. I went to any go to headquarters about two years later when we're still going through a bunch of the prosecutions for the first round. but the laws, both the judges and the, DOJ didn't really know how to charge these guys. So it them all with conspiracy. That's the only charge that charged them with cause easier. Cause you can get them to plead to them. Most of them, they all pled. No one said, I didn't do this. I'm going to trial. They all said,

Dino Mauro (35:42.305)
They I tried. I tried Rico. They no way they were going for Rico. That's Rico is special for for mafia. They weren't going to go because there is a predicate. The distribution of copyrighted material is a predicate for Rico. It is in there. I'd research that we can do Rico. And again, we're not doing Rico on this. And again, it goes back to

at the time in early 2000s, the cyber laws just don't match up to the crime. don't see the crime because it's not, like you can see murder, you can see abuse of a child. You can't see intellectual property theft from music and movies and software. Yeah. it's, we talk about this a lot, Darren, and it's because back then, I mean, we had two versions of our lives. We had our physical world, right? And then we had like almost the second version of

right, which was this digital world. Today, it's we've all transformed. We've all like done this digital transformation to such a degree that this is our life. Like it is tied to it. Right. And so the laws have kind of stepped up to kind of match it. And it's it's it's kind of interesting how now you have to be a better corporate citizen. You have to be a better citizen when you get online and you have to realize that it's a much dangerous, much more dangerous world.

But I mean, one thing I always say is criminals are always ahead, way ahead of law enforcement, because now if you wanted to target the wear scene, you're all you're going to get are the leachers, the people that are just downloading the free, you're not going to get the guys distributed because now the whole thing where if I release this, no one else can, that's no longer, that doesn't stand everybody. You can, you can still find, can still download movies, music, game software. It hasn't stopped anything. BitTorrent makes it much easier. And VPNs you.

hide your mental you can hide where you're going hide what you're doing is very hard to do it and it's not a priority anymore. They don't occasionally, you'll occasionally see a couple people arrested for it, but they're like the big end they have big servers in their house where they're just distributing out everything and they don't care. So that you can you can you can accumulate time against that. if you're just you're going and downloading mission impossible, not mission possible, I'm sorry, top gum Maverick. And that's all you do.

Dino Mauro (38:01.709)
you're not, no one's coming to your door. Nobody's going to knock on your door for that. I wonder if, I wonder if the development of SaaS programs too, has really changed that too, because now, I mean, people don't get the discs anymore, right? Right. Maybe, because it's become SaaS that it's just less prevalent. it's so easy to copy now because movie comes out on Amazon prime. It's there are all sorts of free tools because the criminals know how to do it.

that you can immediately snip it, copy it and distribute it. It's all, it's still all out there. Easy to find. So Holy cow. That, was so, so what, what happened at the end? did you, like I said, so they only, the Muslim pled guilty, least the ones in the U S pled, pled guilty to conspiracy. And for the majority of them, they got one year in one day. That was their, that was most of their sense. Unless they,

they, there was a couple that worked with the bureau on other cases. There was a case out of Asselinck that was in, he was in Chicago, and he ended up flipping and becoming a source for the Chicago case, which was called operation Jolly Roger, which ultimately was part of sight down. Got it. And what was psyched out?

It was like FastLink. was the same thing. was just, it was a major case that, so instead of what happened is the reason they put all these together, because if I said, look, I'm going to go arrest these 20 people, I would have screwed up the other cases because all of their guys would have then moved to other infrastructure and they'd have lost all sorts of contacts. So we kind of coordinated all at the same time, because one of the big issues with any, with most judges was when you said, here's the IP address and here's who it belongs to.

If you've done that a year ago, they're going to say, that's not fresh enough. I need something. So you had to do another round of subpoenas for IP addresses within a month or two of actual searching their house or going to their house. so we all had to do that. Every, all, all the cases had to do that at the same time. So we kind of could all coordinate. So we picked the date, everybody, all the case agents and all of the offices involved ended up at headquarters and

Dino Mauro (40:12.587)
what's called the SIOC, the Strategic Information Operations Center, the big conference room there, we all sat in there, we all briefed our cases, and gave information packets to all the agents who were going to be involved with dealing with that. And so, yeah, so that's why we had to do it together. So a year later,

is when we did the second round and I've already lost track of what I'm getting old. What's the, where were we talking about? When I started down that road, I started down that road for a reason. can't remember what the reason was anymore. was asking my operation site down because I was curious. Is that like, was that the takedown of the guys that were doing all those DNS attacks knocking down? No, no, no, no, no, no. So fast link. So site down. So my case went for another year. So I, I, I gathered evidence for another 20 people plus Chicago and San Jose now had cases. Chicago had a case.

similar to mine. San Jose had a very specific movie group, a group that was doing movies. And so they had MPAA as their victim that was helping them. And there was called Operation Copycat was the name of their particular case. They didn't go ask the stupid computer what what should we call this? So we did the same thing all three offices. Okay, what's date we're to do this. So we did it in July of 2005. We'll do a big take down. We'll do it just like we did last year.

And we had the same kind of success. The funny thing was that the original name was not site down. So myself and Shane Berry was the case agent in New Haven for higher education. And he went to be a headquarter supervisor. And so he, him and I excised, how about we use Dev Null? Because when things go away and you can't get to them, it's Dev Null, right? What you guys doing?

Yeah, yeah, I like that. He goes up to the people who can approve these kind of major case names and like we have no idea what that means. You can't use that name. So that's of down is what it ended up being, which is still this is an OK name. so today, I mean, obviously the FBI has a much more robust and dedicated actually different divisions solely dedicated to certain types of cyber crimes. Well, it's one division.

Dino Mauro (42:20.293)
One division, cyber division, but there's multiple sections that deal with different. Yeah, yeah. Correct. And so some focus on certain types of crimes that are happening online. Some some focus on others. know, one thing that always is is. Clients talk to us about it all the time, and it's something that is it's it's one of the issues, right? Clients are always hesitant about contacting law enforcement, right?

And I don't know if it has to do with their, like, that's the realization or the acceptance of accountability that this is a massive data breach, right? Because they're worried about their brand. They're worried about their reputation. They're worried about their jobs, their families, et cetera. What do we tell them today? Because they have to, if they don't do that, we're not like when first happens, if they would

make it known, other people can adjust and change so that it doesn't happen five or six or 50 times, right? So it's better for the community that awareness occurs. like, what are your thoughts on that? That's great question. I, so I did a lot, did hundreds of thousands of presentations. I continue to do those presentations today talking about what the FBI can do. And that question comes up a lot. How did, when do we contact the FBI? Why should we contact the FBI?

Well, think about it in a couple of different ways. First one is if you have a problem, isn't it better to know who your FBI point of contact is before you have the problem rather than when the problem exists. So before you have a problem, reach out to the FBI, say, look, I need to understand in our community here, wherever we are, we're in Texas, LA, Alabama, wherever, what's the threat here? And in most cases from a cyber perspective, it's going to be busy, no compromise ransomware, you know, all the stuff we talk.

Right. But at least then you know who the local contact is. So when you have that problem, you can call us, hey, here's my issue. What do I do? Because with business email compromise, as a perfect example, if you are a victim of business email compromise, if you can contact the FBI within 24 hours to 48 hours, somewhere in that time frame, there's what's called the business email compromise kill chain. They might be able to get your money back after 48 hours. It's hit or miss. But that's something I guarantee you most listeners and most business owners and most executives and organizations don't even know.

Dino Mauro (44:47.437)
Right. It's an eight. I understand. That's a great point. Like, like, are you going to wait until somebody in your administration accidentally wire transfers $120,000 for the first time you're going to contact law enforcement? Like that's the first time. Or do you want to reach out ahead of time and say, Hey, in case something like this happens, what should we do? Here's our plan. Here's what we think we should do. But does this make sense or who should we contact? And then you know,

If something happens, you've already talked to them. You've got the, you've got the back phone. You're able to call them right away. And like what you just said is really impactful. Like if we can call it right away, we might even not even lose the money, which is a great result. think of it from an intelligence perspective as well. And I don't mean just intelligence for the FBI, but intelligence for business sectors. So let's say business sector a is targeted, let's say healthcare. So let's say healthcare, there's an attack against a certain model of MRI machine.

All right. Just picking a picking a product. And because of that, the hospital gets hit with ransomware. I at this day and age, I would say if you're a victim of a cyber incident, your brand is not going to suffer because everybody's a victim of a cyber incident. So really brand brand issues, not that big a deal. Now, unless you're a cybersecurity company and you get breached, you may have a problem that I get that. But if you're health, banks, everybody knows this stuff is happening. So but so going back to my health care issue, if you MRI machine gets hit,

ransomware boom. The information that can be gathered by a forensic examination of that incident can be useful for dissemination to other healthcare organizations that have that same MRI machine that can now not become a victim of that. So you're helping others within your industry through that collaboration with the FDA. You may be able to do it

with third parties like Mandy and CrowdStrike who will release their own intelligence reports if they're the, they're your third party incident responder, fine, whatever. don't care. Call them if you want to pay, do you want to pay the money? If you want to have the FBI try to help you for free. It doesn't really matter. But I mean, I'll give you one example of, know, knowing your FBI person beforehand. We had a, when I was still with the bureau, I had a CIO call me and say, I'm just calling to check and see if agent Smith.

Dino Mauro (47:00.797)
is one of your agents because he called me and said there might be somebody putting ransomware on my network. I'm just verifying he is who he is. Good due diligence. If you don't know who your FBI folks is, but you know someone who's in the FBI, you can confirm it. And this CIO was engaged to another CIO who knew me personally and said, he said, call Darren. He'll tell you. So I said, yep, he is an agent on our cyber squad. If he's got information, you may want to listen to it. Nothing happened. He didn't, he wasn't called back.

the supervisor of the cyber squad emails the CIO and say, look, we have intelligence that there are as a bad actor group putting malware on your system. will induce ransomware. We don't know when, but here are the file names that you can remove from your system. So you don't have this incident. Didn't believe him either. Instead decided, they would email the special agent in charge of the FBI office in Birmingham to verify all three of us were who we said we were now.

guys were in the system downloading files. Do you think they had access to the email? They certainly did because they saw that email go to SAC Birmingham saying is this who is this person? She shows up the next morning whole system locked up with ransomware. was just gonna say they're just gonna launch it right there. Right there and then as soon as they they they see you questioning it they're just gonna launch it right that right. People don't realize how long criminal adversaries hackers are in a system before you realize it.

like before you text it. People always think, it just happens. I click on it and boom, the whole thing happens. I'm like, no, no, no, no. You click on it and nothing happens. Six months later after they're watching you, your emails, everything, that's when they decide to launch the attack. If you're lucky, it's only six months. Right. That's exactly right. Yeah. That's the average. The average is 300 six days. The list lasts that I say, who knows, it could be long.

Like solar winds were in there for a year. I know. And they're reading everything. They're moving laterally. They're going up. They're they're they're they're checking everything out. Holy cow. What? Man. So I think that's great advice about reaching out, taking your incident remediation plan, your incident response plan, your idea, the fact that you don't have a plan, whatever it is, and reaching out to federal law enforcement before something bad happens.

Dino Mauro (49:27.009)
Because at the end of the day, yeah, while brands may not be destroyed because everybody gets breached, not breaches are equal. Right. There's bad breaches that destroy brands. then there's some breaches that are like, OK, you got some some user names. We'll just have everybody. We'll give everybody free monitoring and everybody changes their password and everybody moves along. Yeah, we lost a little money. But there's there's a huge swath of

of gray area in between those. And so by reaching out ahead of time, it can really cause one to not be that bad. What else can we tell people? What else would you say? here's it. So every year when they have a data breach and call you, FBI is going to come swooping in in the blue jackets with the yellow letter. Repel ropes. You're to take every computer available and we'll be down for six months until they gather their evidence. Now,

Look, if you have an insider that hacked your system and stole your IP, yeah, we're to take that one computer, the main computer that probably was where he launched his attack, and we're going to do a forensic examination of that one. You're probably not going to get that one back for a while, but if you're a victim, the last thing the FBI is looking to do is re-victimize you or continue to victimize you. will try to, as least an intrusive way possible, get the intelligence that they need to

you know, figure out maybe, you know, ideally, you find the ideal thing is to find the bad guy and put them in jail. But let's be honest. I think you probably Scott Agenbaum told you this when he was on your, when he was on the same podcast, and probably no one's getting arrested and you're probably not getting your money back. You may, you may find some success. And if that does happen, like, especially if it's an insider, insiders will get caught because they're domestic. So there's a good chance that that evidence can help solve your problem. Now, if you know, if,

China gets in your network. No one's going to jail for that. Russia is in your network. mean, people say, how do I know who got in my network? Well, it's hard to say attributions hard, but here's one way you can tell is so if you're, is to think of the room you're in as a, as your network and you're in your facility. If you come in tomorrow and everything in that room is gone, China was there. If you come in tomorrow and the pen on your desk is gone, Russia was there. And if you come in tomorrow, it's on fire. Iran was there. So that's how you know.

Dino Mauro (51:54.509)
my god, that's hilarious. I've heard before. I think I've heard you say that before. That's so funny. If one head is missing, that was the Russians. Right. That's so funny. my gosh. Well, Hillary was here. You to both. Well, what are some of the biggest like what are some of the biggest threats facing people today? I mean, clearly, yeah, somewhere, et cetera. But to me, it's it's

just social engineering. It's the tactic that is the most persuasive of- Right. So I always start off every presentation with defining risks, threats times vulnerabilities, define your risk. So threats are those, are who the actors are doing the bad things. Vulnerability is what they use to get into it. So from a threat perspective, my argument is nation state actors are far more problematic than criminal actors. Criminal actors are very singularly focused on data they can monetize.

All right. And it's too hard to get to it. They're just going to go to the next place. Nation state actors, if they want your information, they get your information. They're going to, they are persistent for a reason and they will look for those ways to get in. But social engineering, phishing is 90 % of success comes from that because someone always clicks the link every time. They don't have to do the hard SQL injections and all that. They still can. They still will if they can. Maybe you have a

vulnerable server facing the internet and they can immediately do a SQL injection. They're certainly going to do that because then they don't have to deal about someone opening a link. But the other thing to think about is beyond the cyber part is the human piece. They can come at you from a human nation state mind you not criminal so much, but nation state guys will send humans to you to try to get into your networks that way. There's a, the FBI actually will, will give away. It's probably on YouTube now, a case called the company man.

where, which had to do with China trying to steal the intellectual property of an insulation company in the Midwest based on a true story. so they tried that they, they, tried to recruit an engineer to get the intellectual property of this particular insulation company. And it had to do with, there was a big fire in China that killed 57 people because the insulation in the building was poor. So the Chinese government said, if you can come up with this level of insulation, we will give you a $3 billion contract, something like that. That's what led to that. they had actually gone in to do, to talk to the,

Dino Mauro (54:17.239)
company about doing business with them, these two Chinese guys, one of the guys said, Hey, I need to use the restroom. So they say, down the hall to the left. There's a security problem right there. They caught him at a, they caught him at a desk doing something. He didn't quite get the thumb drive in, but they think that's what he was going to do. So, you know, so they will send humans at you if they can. So that whole, that whole mixture of cyber encounter intelligence is where this is all going. It's already there. That mixture already exists. but people don't recognize it. I actually did a whole master's capstone on.

developing a counterintelligence perspective to deal with cybersecurity and businesses aren't doing it because they just they think about the business email compromise think about ransomware but I mean business email compromise is the number one financial loss year in year out 26 times more than ransomware ransomware gets all the news because it's sexy business email compromise don't talk about number two is is crimes against the elderly romance scam stuff like that you never hear those but billions of dollars per year

Yeah, I mean, Mark and I have literally been meeting with CIOs and somebody will walk by and say, I I wired that vendor the 74 grand that you told me to and walk by and the CIO will be like, hang on a minute and go talk to them and be like, what are you talking? You hear them in the hallways. Like I didn't tell you like, yeah, you did. You were talking at that event. like at that convention. I got your email here. I'll show it to you on my phone. It's like, hey, I'm at this event about to go up.

I forgot to, this vendor. Can you just do this? I'll circle back with you tomorrow. It's tomorrow. Right. Like, and they're like, that wasn't me. They were like, that wasn't me. And the wire transfer went and everything else. It, it's really perf. It's really persuasive. mean, it's not the Nigerian princes offering us millions of dollars anymore. Right. Right. And there's a guy, there's a research at a Rochester called named Arun Vishwanath. He has a book called the weakest link.

yeah, that's a good one. Yeah, it deals with social. talks about how social engineering has been around since the eight, no, long time. But the, goes in this whole thing. You know why the name thugs, how that came to be? No, it's in that book. I'll don't want to give it away. It's a good one. there you go. No spoilers. That's awesome, man. Well, this was good stuff. Yeah. Darren, this is not going to be the last time we talk. No.

Dino Mauro (56:44.149)
Yeah, we will. We will talk again. Thank you so much. Great story. Yeah, great. Great advice. So we really appreciate all you do. And for those who haven't checked it out, check out the cyber guy. You want to tell them where you publish your shows at? Yeah. Well, first of all, thank you guys for having me on. I really appreciate it. Usually it's always an honor to be to talk about.

you know, things in my career that I'm proud of. You know, if you look back, people say, why would you do wearers at the time? It was great at the time. It was great for me. And I appreciate you have me on. So the Cyber Guy podcast is on, you know, Google, Spotify, Stitcher, Apple, wherever you get your, wherever you get your podcast, can find it. Cyber is spelled C-Y-B-U-R. It's a branding thing. B-U for bureau. Cyber Guy. I also have another one called Get Cyber Smart. So for all of your, your family members and friends that always call you to say, why isn't my mouse working?

So that's seven, seven minute things. It's like cyber one on one. So it'll give you different things about what cyber crime is, what cyber espionage, what's business email compromise, what's ransomware, how do I have a good password, all those kinds of things. So it's it's quick listen. That's fantastic. Well, Darren, thank you so much, man. I really appreciate it. Yep. Thank you. Thanks. Have a great day. We'll talk to you. You do.

Well that wraps this up. Thank you for joining us. We hope you enjoyed our episode. The next one is coming right up. We appreciate you making this an award-winning podcast and downloading on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and we thank you for watching.