CRIMINAL MINDS, Entitlement & Accountability. Godfather Brett Johnson.

Show Notes

🚨 NEW EPISODE ALERT 🚨Joined by Brett Johnson, who EXPOSES the MIND of Cyber Crime.

Once known as the "Original Internet Godfather" and US Most Wanted cybercriminal, Brett is now a cybersecurity consultant aiding law enforcement. 

Brett shares his remarkable journey of redemption, and we explore the mind of cyber crime and what drives criminals to commit cyber crimes.

A must-watch for anyone interested in cybersecurity, the criminal mindset, and the transformative journey from crime to redemption.

Grow without Interruption. Stop Breaches. Leverage Advances in Technology with NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com  
 

Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-446

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss a video episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Youtube (FKA Google) Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Chapters

• 0:00: Original Godfather Brett Johnson
• 4:59: Mind of Cyber Crime
• 7:03: Behind Scenes Brett Johnson Story
• 14:34: Cyber Crime Mindset
• 22:16: What Drives Criminals to Commit Cyber Crimes
• 26:29: Selfishness vs. Entitlement: A Deep Dive
• 32:24: Entitlement and Justification in Cybercrime
• 34:28: Current Trends in Credit Card and Banking Fraud
• 35:36: best ways to protect business from cyber crime
• 37:45: Session Token Vulnerabilities and Security Issues
• 42:56: Why Criminals Commit Cyber Crimes
• 44:52: The Ethics of Targeting Vulnerable Groups
• 47:30: The Role of AI in Cybercrime
• 48:43: The Future of Cybercrime and AI
• 49:17: Reflections on Redemption and Change

Transcript

Brett Johnson EXPOSES the DARK MIND of Cyber Crime 

🚨 NEW EPISODE ALERT 🚨Joined by Brett Johnson, who EXPOSES the MIND of Cyber Crime.

Once known as the "Original Internet Godfather" and US Most Wanted cybercriminal, Brett is now a cybersecurity consultant aiding law enforcement. 

Brett shares his remarkable journey of redemption, and we explore the mind of cyber crime and what drives criminals to commit cyber crimes.

A must-watch for anyone interested in cybersecurity, the criminal mindset, and the transformative journey from crime to redemption.

Topics: Original Godfather Brett Johnson, Mind of Cyber Crime, What Drives Criminals to Commit Cyber Crimes, the cyber crime mind, the cyber criminal mind , How Cyber Crime Mind Works,Behind The Cyber Criminal Mind, Cyber Criminal Mind, Why Criminals Commit Cyber Crimes, behind the cyber criminal mind, cybercrime, Brett Johnson, shadow crew, Brett Johnson redemption journey, dark web, psychology of cyber crime, AI, fraud, hacking, why criminals commit crimes, behind scenes brett johnson,

Dino Mauro (00:18.03)
Join us as we go behind the scenes of today's most notorious cybercrime, translating cybersecurity into everyday language that's practical and easy to understand. We appreciate you making this an award-winning podcast by downloading our episodes on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies, and now the show.

you

Dino Mauro (00:50.701)
So, how the hell have you been? You got the Bucky's Cup. That is awesome. That is awesome. I love my Bucky's cups. I got mine right there. There you go. How has life been treating you? It's been good. Things have been busy. Yeah. Good. Good. Yeah, it's really good. You know, I'm like a cybersecurity geek. So, I know you are. I was at a, I was at a company for a long time, almost 10 years, which is a long time for me to do anything. Yeah. Frankly. And

And then, you know, I have known about this smaller group, but they're a good size over in Lexington, Kentucky. And he's been in IT since, for a decade, if not longer, but he did a bunch of stuff in the military and he and I knew each other at my old job and we stayed in touch. And then I joined this company and then we were sitting there talking and we were both like, you, you work for the same company. Like I didn't even know.

Be more on point I really do guys be this guys, you know guys don't tell each other anything, you know, and Yeah, I don't tell anybody anything right wife all the time. You've got to tell me how you're feeling I'm like I'm feeling like I don't want to talk about anything. Get it. No, but I I Work all day. I don't want to talk about my work when I'm through. No, that's exactly right. Isn't it true? It is so true

Like it's like, tell me about your day and something. I'm like, no, no, no. I want to talk. had a good day. I want to hear. want to hear about anything else. That's why I the election was a distraction. That's right. Just so that we could talk about something insane. That's right. Absolutely. That's why need podcasts. I listen. I to them. You know, I'm going to get started. I get started so that way we can just wrap, wrap into it. I showed you my little desk ornament?

No, I want to see it. What happened to your, my God. That's a nice little storage thing there. yeah. It's great band too. Was that slayer? That was slayer. I saw Bruce, you had a post about like we did some spotlight on an employee and he had a post and it said like favorite musician. And it was like Metallica. Yeah. Metallica is like that. It's just so great.

Dino Mauro (03:16.593)
They are joined by none other than one of the former most wanted cyber criminals. The US Secret Service called the original cyber crime godfather. He should have been an actor, but he wound up here. Mr. Brett Johnson. Brett, how are you? I'm good. How are you guys doing? Bruce? It's pleasure to meet you. Great to meet you too, Brett. He's a fan. So I am. I've been telling him all about you. and he's like,

Well, I gotta, I gotta sit through this. gotta like join in. Can I come on the show? See if this guy's an idiot or not. So, so, Brett is, and the, one of the big things I forgot to mention is that he's now good guy. Like he's worked for more than a decade and a half, helping law enforcement and been an instrumental part of some of the bigger stings that you see. we're not allowed to talk about that, but anything you want to share, love stories.

But speaking of stories back in the day, let's let's back up because it's been a while since you've been you've been on. All right. Just Reader's Digest version. Like you were you were cyber criminal for back in the day. Like you were the head of a group. I don't know what your title was. I don't know if you were the CEO. Oh, I don't know if you guys had titles, little business cards. I don't know. But it was the Shadow Crew and

Uh, and then you were helping the government and ever since you've, you've done that. But during the time when you were repenting, you were just right before we started, you were mentioning that you were serving time. We were talking about the musicians that we loved. Bruce loves Metallica. grew up on kiss and Peter Frampton among like Leonard Skinner and all the others. Uh, Brett has a layer toy on his desk. And, uh, and, uh, Brett had mentioned that, uh, uh, you had.

I've done some time with the one of the guys that somebody that was involved in trying to kill Peter Frampton. yeah. Now that story please bear in mind this guy was not the sharpest tool in the shed. He was a good in prison. He was a good guy and you find that out a lot. Some people that they cannot function properly as good citizens when they're free men, but once you get them behind the fence and everything is controlled, they're really good guys and this was a good guy behind the fence. have no idea.

Dino Mauro (05:43.852)
I do know that so Peter Frampton was having a concert in some arena. It was an open arena was what it was. He was famous for those in the 70s. He would have those concerts on like in like San Francisco, San Diego. It was like a beach environment. Like it was just like it was they were phenomenal live show. Yeah. And I saw I told you I saw Frampton three, four years ago and he was great. He was.

was thinking when he got on the stage, I was thinking this guy's half dead. He's not going to be able to do anything, but the guy was brilliant. He really was. That's phenomenal. Well, this guy that I served time with happened to have a house outside of one of the stadiums. So what this son of a does is he literally builds a catapult. I kid you not. He builds a catapult and he starts shooting shit over top of the stadium in the hopes.

of hitting Peter Frampton in the head. First of all, first of all, one of the most cockamamie ideas about trying to like assassinate somebody I've ever heard. Second of all, it's like, sounds like Monty Python and the Holy Grail. It's like you're launching cows over the castle. Yeah. So this guy starts doing this. And of course, the stadium cops, call the police and it's not hard to find the guy. Who's got a catapult. at the arc of objects that's flying over top of the stadium.

Wow. Yeah. So, they go get they go get the some **** and and give him an appropriate amount of time. I I don't know how much you got out of that. When when I was serving time with him, he was in for meth charges. Big surprise. Yeah, shocking because because the the strategic planning involved in the catapult. Yeah. The show. But you get people like that. I mean, it's it sounds like a meth binge though. Like, kinda like, I've got an idea.

Yeah. Peter Frampton guy must go. Let's get the catapult. Yeah. gun. How are you going to get the catapult load? We'll use a catapult, David. Exactly. But, but you know, understand that this, this, this kind of, it of alludes to a lot of the prison environment. Yeah. Prison is a dangerous place, but at the same time you have a lot of fun in prison with idiots like that. And I can't say I wasn't an idiot too sometimes.

Dino Mauro (08:05.3)
fence but you have a lot of fun, man. Everyone's like, it's like a big happy family except you've got some black sheep that have knives. Yeah. That's what it's like. And you just gotta not get not get involved with them or dodge them. I would imagine. Or run from it. Yeah. Yeah, exactly. So, you do a lot of global public speaking. I do. I mean, you are phenomenal. Every time I see you on the media or social media, on

like in Dubai and in all these like crazy places that I'm like, man, I was kind of my bucket list. I've become a cool to visit. And they're like paying you to go out there. And like, that's just crazy. What are, what are some of your latest ones? So of course I was in Dubai. that's the only, I went to Berlin this last year, had fun in that. I'm going to Africa. Really? I am. So, so Jay Chow is right now is working to bring me into Africa because

They really liked me when I was in Dubai. And I got to tell you, man, I had that conference, Jitex conference in Dubai, the largest tech conference in the world. And when it's large, I mean, good Lord. It's bigger than anything we do in the States? Probably, I don't know, four or five times the size of RSA. Wow. I mean, huge. Holy cow. Yeah. And when I say tech, they had the electric cars there. They had the flying cars there. They had all this stuff.

I was very fortunate to have been invited in. None of that was in Dubai when I was there 35 years ago. I'd love to go there now. They invited me in, Jitex did, and I was very grateful to come in. before I went there, and I think I told you that, I've been having a lot of apathy in the cybersecurity field because businesses and consumers... We've talked about that. Yeah, because it's in a lot of ways, it's a broken industry. Like the vendors...

have done it wrong. They've gone to market the wrong way. Like people are like shilling products, like, and then small business is like, if I buy this product, I'm going to be secure. It's done. And it's like, none of that is accurate. It's a process. It's like, it's, like, you don't buy strategic planning. Like you don't buy it in a box. Like it's, it's

Dino Mauro (10:25.548)
it's it's just a mess. But but I gotta tell you this this conference and the people that I met and people that I got to listen to like II got to listen to the CISO of Dubai, Dr. Al Quwetti. Wow. That experience, I no longer have that degree of apathy. I mean, it was was life changing. was inspiring. It was it was. So I was very fortunate. A couple weeks ago, one of the Jatex people was like, Hey, would you like to go to Africa? And I was like, sure, you know, I would. Yeah.

So they're right now to bring me in. Hopefully that will take place. couple of other engagements. What I'm going to do this year because I take that Ghostbusters philosophy of no job is too big. No fee is too big. I am going to what I'm actually going to do is I want to try to do every single engagement that I possibly can at at a price that that the groups can afford instead of me just to,

quoting out this large fee that I've been doing, that my agent has been doing. We're not going to do that. I want to get out there and work and talk to people. So I'm going to do small groups, banking industry. That's good. There's so many organizations, especially in the finance industry, that could really, really benefit from hearing from So I'm hoping, truthfully, I'm hoping to do about 200 engagements, both virtual and online. So you're going, so you're going. I'm going go full out.

Well, you were kind of at that pace before COVID. I was. And I tell you, I was at that pace and it got to the point that I was first in a city, had no idea the city I was in. Right. And then I landed in Atlanta and I was flying out, immediately flying out again. I didn't even get to leave the airport. It's flying out again. And as I was going through TSA, they were like, where did you come from? And I couldn't tell them. I had no idea. So yeah, it got to that point. But yeah. the same thing Peter Frampton would say.

Probably. Yeah, but I want to, uh, I figure I've got, I don't want to keep doing this. Like, uh, Frank Abagnale has done until he's, you know, he's 76. I want to, uh, I want to quit. Hopefully by the time I'm 60, I'm going turn 55 next month. So I want to do five years and quit before, before I become the person that doesn't know what I'm talking about. Yeah. Makes perfect sense. Makes, makes absolutely perfect sense. So, um, what are some of the topics that you address when you do some of these speeches?

Dino Mauro (12:44.746)
You know, like I want to talk about, I literally, and I've been thinking about this for a G's probably two months. I let these ideas kind of foment a while before I, before I started talking about them. So I want to talk about entitlement here in a little bit, but, stuff that I talk about, talk about the criminal mindset. talk about a, thinking like an attacker because Hey, you aren't an attacker. It's so important because how, how do you defend against a foe you don't know or you don't understand? Right. You know what I see?

Here's what I see and I agree. You need to try to think like an attacker, but do not come to me and say, hey, I know how to think like a criminal. No, you don't because you are not one. All right. You can try that, but you need to be humble enough. And that that's the whole thing. It's that it's this lack of humility that I continue to see when people, know, that they classify all criminals as the same. We are not right. And I refer to myself as a criminal today because I still have the mindset, still have the temptations.

I just don't have the entitlement that I used to when I was committing crime. So, you know, if you're going to try to think like a criminal, at least have the humility and be humble enough to admit that, I'm not a criminal. And while I try to do that, at the end of the day, I really can't achieve 100 % accuracy. Yeah, I can do some things, right? I can look at the vertical, the types of fraud that other businesses have been hit with in that vertical, look at my own security and say, hey, you know.

If I was this guy, I would probably hit my company with this technique and you'd probably be right. So you can do that. But you know, the, the lack of humility that I see when, when you see these people that are getting up there bragging about thinking like a criminal, that doesn't work. Well, that's going to do is that's going to cause more harm than good. You're going to come up and say, yes, I know how to think exactly like a criminal. You're going to convince management of some technique that no criminal ever would employ is what you're going to do. And they even have conferences about.

You know, black hat people get around and talk about exploits and vulnerabilities that no criminal ever would do. I know that's and I read your work and I think you and I were chatting about that. Like during some of these conferences, they are, they're kind of out of touch with really what, what the threats are actually happening and business leaders need to know those. Yeah, there's a reason for that. You've got 8,500 security companies out there and they're all trying to sell a product and lo and behold, every study

Dino Mauro (15:10.944)
that one of those security companies comes out with focuses only on their product. You know, the, the crime that we're seeing, the attacks that we're seeing just happens to be a, and we solve a. Yep. So yeah. Just to say in the military, you're always preparing for the previous war, you know? So we were getting ready for Vietnam when we had to go to the middle East, right? And we had to turn all our woodland camis into desert camis and retrain ourselves for desert warfare. And, I think that's so true with cyber crime.

You know, so many of the organizations that are fighting it, they're fighting it from the perspective of what they saw. Whereas the people who I find most interesting at conferences are people like you, Brett, that have had that, there's no substitute for experience, right? And you've got that experience of having done that work on that side of the field. so, you know, that I think that's a great explanation. said about the sense of entitlement that someone who's willing to do the cyber crime has.

in comparison to someone who's willing to think like a cyber attacker and try to mimic that. And, and, and, you know, that's, that's the thing is, is the good guys. And I don't even want to say we, I say the good guys don't have that sense of entitlement. And if you don't have that, that, that leads a lot to the thinking that that criminal lifestyle and the criminal mentality, that criminal thought process, it leads a lot to that, you know, so, and I just, I literally just put up a post and

The reason I was a minute late signing in is I had to respond to one of the threads. One of the comments was there because the guy, what I said in my post is I was like, Hey, and I'll tell you the same story. I was arrested February 8th, 2005. FBI got me within 45 minutes of secret service. They come in, they take over the investigations. from there, the secret service, let me, they let me foment in jail for three months until they got me out.

figuring that, that'll give this SOB a taste of it and he'll behave himself. Little did they know, no, it won't. So I started. Because the entitlement was still there. It was. So I start to work with the secret service from day one. I'm screwing them over from day one. Okay. And it took them 10 months to figure that out. And boy, were they upset. Yeah. So they, they throw me back in, in County jail.

Dino Mauro (17:30.55)
Well, what happens is the judge rules that they violated my bond improperly. They let me out after two weeks. No one calls the Secret Service to tell them I walk out. I'm planning on going on the run because, I'm not wanting to sit around and face those consequences. So I had been interviewing with a guy named Tom Zeller. He was the cybercrime writer for the New York Times at that point in time. And he had been flying into Columbia, South Carolina, back and forth for a

for those 10 months. So I called him up, Tom, I'm out. And he's like, I'll be there. So he hops on a plane, flies his ass over to Columbia, South Carolina. And he had to have known that Brett Johnson was not going to stay. Cause I mean, he, beat a path to South Carolina. I got out one day, he was there the next. So the last question that guy asked me, he looks at me was like, Brett, why did you do it? And I looked at him and I said, Tom, I did it all for Elizabeth.

And he looked at me and he, and his exact words. remember those exact words to this day. His exact words were God damn it, Brett, at some point you've got to accept responsibility. And I got to tell you, David, I had no idea what he was talking about to me. That was the truth. And the truth of the matter now is that I believed my own bullshit. I had drank too much of my own Kool-Aid and, and so. Well, you and I had that conversation before and it was, it was about.

how you were raised and how you saw love and you felt like I needed more and more to give her more and more and you would do anything to do it. Right now, but I But I believed that. Okay. Right. But I also believed before I met her that I did it all for my wife. And I also believed before I got married that I did it all for my family and my sister and blah, blah, blah, blah, Right now. Now you got to understand that, that I'm the guy.

I'm constantly thinking about why I did and why I do the things that I do constantly. That's why I take these long drives. I'll drive seven hours instead of popping on a plane to go and give a speech. that allows me the time to process these things. So, know, and I've been fortunate enough to meet several other former criminals now that I'm on the good guy side. And I constantly hear these stories of, know, I did it.

Dino Mauro (20:00.854)
to escape my neighborhood. I did it because I had no other choice. I did it blah, blah, blah, blah, blah. And I keep thinking to myself, that's this thing I've been processing for the past couple of months. I keep thinking to myself, you know, it goes beyond that justification. It goes beyond those reasons that people come up with, that cognitive dissonance. There's got to be something else there. Let me ask you, is it for the adrenaline rush of getting away with something? So here's the thing.

There absolutely is an adrenaline rush. man. There's a, when you are, like I was cyber crime and fraud. When you're committing those frauds or committing those online crimes, there's, there's absolutely that adrenaline rush that comes from being able to do something that no one else can or, or beating a billion dollar company, a billion dollar security company. That's there. And the ego boost goes with that too. Absolutely. does.

Now I will tell you this and this was my experience. I've seen it with bank robbers. I've seen it with drug dealers, financial guys that are behind the fence, things like that. Those guys, while it does start like that, you get to the point where it's no longer like that, where it becomes this chore after a while. And you also get to the point where

You know, like I knew it. I was with, served time with bank robbers that knew it with the drug dealers and I mean high, high value drug dealers that knew there were signs that they were about to be arrested. cops would stop them. They would have a trunk full of methamphetamine and the cops wouldn't search anything. While they had been convicted previously, the cops would be like, yeah, just go on. You you saw that kind of stuff or bank robbers would know that they were about to be arrested.

The thing is, me, those other guys keep on trucking. You would keep committing crimes, even though it was obvious that you were about to be arrested or under investigation. And the other reason is, that you adopt this philosophy, this belief system of fatalism. Whatever is going to happen is going to happen. And that allows you to say to yourself, hey, it is what it is. If they're going to arrest me, they're going to arrest me anyway. And you keep...

Dino Mauro (22:19.82)
committing crimes so that you don't have to be stressed out and worry about law enforcement getting hey whatever is going to happen is going to happen. So it's that degree of fatalism that comes into play and most most upper tier or experienced criminals they get to that point where it becomes they become fatalistic with what's happening and I've seen it across all the world. What I'm talking about with the entitlement that that root cause stuff and there was a there was a professor that let me let me pull this up and I'll actually read what he says because it's really interesting.

I had been thinking about entitlement for a couple months before I even read this guy. And what caused me to find him was Luigi Mangione. Because I was thinking, hey, if there's ever been an entitled guy, it's that guy thinking that he's entitled to murder somebody else. And I know that my opinion may be contrary to some other people's belief systems out there, those who support that. But I don't really care. At the end of the day, I know I am right. So.

Well, and I, I mean, not that it's relevant, but I completely agree with you. Like it is the definition of like there's a poster child of entitlement and that's him. Like it's, it's, there's, there's absolutely no justification in my mind. Now his mission or what he says he stood for, I understand. And I'm in like, I'm in favor of changing the system and everything, but that is like the most acid in way possible to do it. Like that's a good to accomplish nothing.

So, so hey, and I get you. Hey, United healthcare, worst in the business. I'm down with that. I've said it before. I'll say it again. But that's not what the topic of discussion is. This is this is entitle you to go out and murder the guy because guess what? That don't do no good. They're just going to hire another CEO and they're going to keep on trucking anyway. Right. And we're still going to have the world's best healthcare system and the world's most challenging access to healthcare. There you go. It doesn't mean you can kill people. Right. So, so this paper.

is called, and I found this like last week, Psychology Not Circumstances, An Understanding of Crime as Entitlement, written by Professor Matt DeLisi and a couple of others at Iowa State University. And the part that I keep quoting, and I only quote it because of the definition, the part that I keep quoting, he says, in the psychological literature, entitlement is a term that essentially refers to a frame of mind.

Dino Mauro (24:43.864)
that prioritizes the whims, wants, and needs of the individual over the rights, desires, and needs of others. Entitlement thinking goes beyond normal selfishness because it elevates the belief that one is deserving of special treatment, unearned privileges, and respect independent of effort. The consequences of entitlement thinking are devastating. Entitlement thinking divorces individuals from personal responsibility.

It impedes recognition of the consequences that stem from that individual's behavior. And it leads to the individual. It leads the individual to view wants and desires as rights whose pursuit is beyond reproach. So what does that mean? I use that story again with Tom Zell or me saying Elizabeth and everything else. Well, difference between selfishness and entitlement. Let's walk there, walk us through that. And then we'll get into the, and then explain to us like what

what the actual definitions sure. So, so selfishness. mean, what would you say that is that's, that's self centered, like everything about one, right? Conceited all of that. But that doesn't mean, right. That I'm acting on that selfishness because I can, I can be selfish and I am, I can be selfish and, understand that I am and, and, and work against that when you're entitled.

You, you, goes beyond that selfishness. You, no longer understand that you had that problem. You're at the detriment of others. It's scorched earth around you. You are bringing harm to your environment at that point. So that story that I told you about Tom's hour and the secret service, he asked the question and I tell him Elizabeth, that was my justification. that justification led to, and I believe that because you have to believe your justification. have to.

So that justification led to that entitlement. So think about it. I'm using the excuse of I did it all for love. What is more noble than that? That puts me absolutely, as the professor says, that puts me absolutely beyond reproach. My actions are noble. They're good actions at the end of And therefore you don't have to take accountability for your That's exactly right. It's not me. No, it's not me. It's a noble act. I have to do this. I have to. It's for her. You know? So what?

Dino Mauro (27:07.426)
what bigger line of BS could there be than something like that, except for maybe if you're saying, Hey, I'm doing this for the American people. I'm shooting this guy in the back at six o'clock in the morning for the American people in order to start the revolution. Right. You know, that's, that's that same sense of entitlement. Now, this guy that just responded to my LinkedIn post and I use this as an example in my post as well. I say, Hey, it doesn't matter if it's a guy that murders his wife because he called her cheating.

It doesn't matter if it's somebody that's shoplifting food to feed their family or file falsely filing income taxes, you know, cheating on taxes or filing false. Yeah. Because the government is bad. Right. The only thing that matters is those are simply excuses that lead to the entitlement needed to victimize someone else. And all those are victims that that spouse is the government is all those are victims across the line.

the grocery store you're stealing food is and all that. hey, use the security space. see this Brett, because the, the, cyber criminals that operate in parts of Russia that feel entitled because it's mother Russia and bad America, right? Bad, bad, red, white and blue. And they will go and do it. And there will be no impunity, right? Like they, they operate with, mean, there will be impunity. Like they'll operate with, without any

consequences and they'll bankrupt a business and they're like, I'm justified. That's it. I'm doing it for my country. I'm doing it for my country. Good to my country. Right. So it's another putting people out of work. Kids aren't going to go to college. People will lose their house. And people get upset with that, with me saying that it doesn't matter if you're stealing food to support your family. It's still entitlement because guess what? You got food banks in your city. I know that. Right. You could probably go and ask a neighbor, Hey, you got any food? We don't have any in our house.

But you are too prideful to do that. You feel entitled. You feel entitled. I have to do this to support my family. So I have to victimize someone else to meet my wants, needs and desires. It's a good frame to look at the mind of a hacker or the mind of a, when I say hacker, you know, there's good hackers, there's white, gray, black, purple. And you think about them. And I mean, so you're right. You got, you got the nation state guys that

Dino Mauro (29:29.826)
The ideology leads to is the justification which leads to that sense of entitlement. I can do this. I can bring harm to others. You've got the guys that are on Telegram doing refunding fraud or account takeovers or whatever. You know, I'm not hurting an individual. I'm hurting a company that can afford it. That's the entitlement. Right. That's the justify. I'm not causing harm. Let me ask you about a specific industry if you don't mind. Sure. Because you know all about credit card fraud and

banking fraud and things like that. What today?

Dino Mauro (30:05.632)
What is the, what are the most common tactics that are affecting, you know, the small community banks, the little credit unions, things like that. I just want to ask about a vertical, just because it's one that I'm just curious about because that's one of those ones that, that I think people feel entitled. It's a bank. have, they have all this money and like, I know those little banks like they're, they're, they don't, they don't. And like, and it's like a small business.

I'll tell you the biggest problem and I'm glad you asked that. I actually had a lunch meeting with some agents hell over two months ago and they were like, hey, could you post this online? And I've not, so we can talk about that here right now. One of the big problems that you're seeing in credit unions is instant transfers between members. So what the criminals are doing is they're becoming members of a credit union or they're taking over someone's account.

Usually it's just they're coming in and becoming members, okay? Then they take over someone's account. Because you have instant transfers inside of that environment, those transfers aren't instantaneous. You transfer out $500 from the account you've taken over to the account you control. You go to the ATM, pull the cash out. That, that specific crime is eating credit unions alive right now. And what we found out is that, hey, if you just delay,

you know it's a brand new account, there's a little suspicious activity, multiple devices signing into the account, whatever that is, something's raising a flag somewhere, different IPs, what have you. If you just delay that transfer, instead of it being instantaneous saying, hey 72 hours or a week is what it's going to take to get that money sent over. If you do that, a lot of that crime that hits that specific credit union dries up at that time. that's really...

the problem that's eating him alive. Another problem that's eating him alive, of course, is the check situation. You saw that Chase quote unquote glitch issue. Matter of fact, I deposited a check in my bank account yesterday. I was going to withdraw money and it immediately says, funds unavailable. I'm sitting there looking at it what? It literally just put it in. Yeah. It hits me. It's like, it's because these idiots depositing bad checks and immediately withdrawing money. get it. All right. that, that, that's a problem. mean, it's, yeah, it's good.

Dino Mauro (32:26.2)
because banks want to to make sure their customers are happy but the problem is is that that criminals like I used to be we take advantage of things like that we see that as an opening to profit and it is so you have to you have to understand these products and services and how they can be used for fraud before you implement them else you get the chase glitch which wasn't a glitch it's a problem with policies and procedures so you you have to you have to understand that

before you implement those things that, someone like me is going to eat you alive. Well, it's the balance between convenience and wanting more market share and offering more features and benefits to a customer and security. Now, hey, you can implement that. You can. All right, you can do that instant to instant. But are you looking at every single data point that you need to to ensure that fraud isn't going to happen? No, you're not.

You're not looking at all the devices coming into the environment. You're not looking at all the different IP changes. You're not looking at that kind of stuff. You're just assuming that everything's kosher. And these days what we're seeing is, and it happens with these credit unions as well, we're seeing this man in the middle attack that's capturing the session token of logins. So I don't need your password and login. I bypass multi-factor at that point. And because a lot of these financial institutions simply look at the cookie and nothing outside of that, it makes those transfers very successful.

And that is why the FBI issued the warning. Do not click. Remember me. So for listeners or viewers, you know, for convenience again, on the one scale side of the sale, convenience is you can click that and then it saves your session. The problem is there's other, there's a million vulnerabilities. They get in the first, one of the first things they're going to do is grab those session because then they can log in just as you, they don't need your password.

your multifactor, they're already logged in and then they become you. And you're absolutely right. But there's, there's another problem other than that. So, so the other problem is how lazy was the developer on the website? How lazy were they lazy enough that, know, while, while I have multifactor to log in, sometimes multifactors is deployed again at a transfer. Was that developer so lazy that the same login multifactor token is used and can bypass the one that's inside of it.

Dino Mauro (34:50.76)
Maybe, was the, was the developer so lazy that once I, if I don't click, click, remember me, once I sign out, can that same session token still be used? And some cases I've seen it. Yeah. And some cases, a lot of cases I've seen it still be able to be used. you have, you have to wonder who, who, who's developing the science because that becomes a problem too. I mean, it's a huge issue. It's a huge issue. I was working, mean that, that if I didn't mean to interrupt, but that is what they're

That's what CESA is talking about about secure by design. Like when we get new laptops, I got a couple of laptops here. When we get a new laptop out of the box, like that thing is designed to run an airport. Like it has like super admin privileges. You have to go in there and change a bunch of settings so that you can just put it on a network. Right. Like it's designed so that if you can take over the account of Mrs. Buttermaker over the third floor cubicle, you can have command and control over the whole network.

I mean, it's really, really not designed right. And we're not, you know, we're not addressing that. We're not. You know, when I was, I was doing, I was working with Arcos and very fortunate that we got to speak to a lot of the major banks and those major banks were being hit with that session token takeover. And what we found out, not when I, we, but I was fortunate at that point in time because, know, I have a lot of victims that reach out to me.

I was fortunate at that point in time that some of these victims were coming to me and they were saying, hey, these banks, this happened. These banks refuse to reimburse me because they're not looking past that session token. They're not looking at the change of devices or the change of IPs or anything else like that. They're simply going by the session token. Now that they've been eaten alive with it, you know, it's not been public, but they have now they've been eaten alive with it. They're now looking at more data points.

trying to address that. The problem is that because that information isn't public, it's not bled down to those credit unions and those other financial institutions that have not been hit with that yet. So that's how criminal like me works. I know that you guys are not going to talk about that. So while it's working at Bank A, Bank A is not going to talk about that. Once Bank A employs whatever proper security they need to, it's not shared in the vertical. So I just go down to B, C, all the way to Z and eat it alive. That's the way crime happens.

Dino Mauro (37:12.132)
It's you you want to know how crime happens. That's there's a reason that most attacks Use 90 % known exploits or 90 % of the tax use no, there's a reason for that You know people don't and I've said that I said in a couple interviews in the past and recently the bad guys are winning Because we are better at sharing and exchanging information than the good guys are. Yeah, that's why

That kind of dovetails David into another industry that I think about a lot is like the retirement community space and healthcare. And, you know, a year ago, the gloves came off, right? So to speak on those types of other the organizations and industries that were somewhat agreed upon to not attack. Right. And there was almost like an understanding that they go after the elderly, the sick or the children.

or new power plants. Yeah. And you've seen, you've seen massive amounts of attacks. Yeah. So I wonder, Brett, like our clients that are, you know, re, residences for the elderly and things are what's the vulnerability there and how does that relate to the small banks and credit unions that you're talking about and things like these session cookies and all the things that grandma is using? Sure. So, so I understand that, that senior citizens, they are not the most victimized demographic. Correct.

millennials are. Okay. Isn't that a shocking stat? I remember the first time I learned that I'm like, what? were digital millennials were digital natives. Yeah. But it's because of, yeah, it's because of apathy. That's what we talked about. Yeah. Which is crazy. They just assume there's ghosts in the wires. Something's going to happen. It's, the fatalistic view. It's like, well, whatever's going to happen is going to happen. So why do I have this? Yeah. Why do I have to like really pay attention here? Right.

Right. understand the mentality. You know, so why would I want to hit a senior citizen? Right. The reason is, is that, they are not tech savvy. Right. They're not, Hey, they, are living on a fixed income, so they can't afford all the security services that are out there. Hey, they think if they're not online at all, that they're safe. They're not as a matter of fact, you're less safe at that point in time. So they think all these things together. All right. And that leads to, to far lower security. All right. At the same time,

Dino Mauro (39:36.45)
You've got government services and benefits that really don't look out for senior citizens like the, the mice, my, my SSA.gov. All right. Most senior citizens have not signed on to that. Now as a criminal, if I have your complete identity profile, which I can get pretty easy, you can buy it like on Amazon in an hour.

So if I have that profile that fools is what I meant the dark web. Yeah. Well, maybe you can buy it on Amazon. Just to be clear, I just meant on the dark web or telegraph. I'll run with what you say. And no, that's not what I just wanted to be. I just said it. And then I was like, it's as easy as like, they're going to think you buy this on Amazon. That's not what I meant. It says easy as right now you got somebody Amazon Amazon. know they're like coded by the same.

People, right? Like the same kind of people. But here's the thing, and this gives an illustration and also an illustration to the willingness of a criminal. All right. So it's easy enough for me to go to myssa.gov, sign in and under somebody else's or create an account using a senior citizen's information, get access to that account and then divert their social security payment.

to a payment instrument that I have. Okay, that's easy. That's not a difficult thing at all. All right. It's interesting to me that you don't see a lot of that because of the ease of which you can do it. And I would argue the reason you don't see that is because of the willingness of the criminal themselves. They understand at some level, maybe even subconsciously, they understand that, hey, this is the only money these people are getting in. So I'll find some other way to victimize them.

I'll use their stolen credit card details all day long because at the end of the day, I'm not hurting them. I'm hurting the bank. See, it's that justification that comes pops in again. now you you mentioned something. This is really interesting to me too. We see like we had a lot of ransomware groups come out and say we are not going to get hospitals, right? Alright. You see the cartels now or at least some of the cartels that are saying, hey, if you are manufacturing or selling fentanyl, we are going to kill you and they're following through.

Dino Mauro (41:50.424)
the the the reason and and on the dark web marketplaces, you don't see fentanyl for sale. You don't see rohypnol for sale. You don't see well, sometimes you see no actually you don't see GHB. You'll see BDO for sale. GHB is the date rape drug. It is and GHB at one point was legal and it was used by bodybuilders because it puts you in that deep sleep and allows those muscles to rebuild. Alright, GHB then they found out hey if you take a far lower dose of it, it makes you feel really good and you can party all night at a rave.

And then they found out, they figured out, if I slip some of it in a, in a fruity drink, this girl will pass out and I can take advantage of her reaper. So they outlawed the stuff rightfully. So, so you don't see GHB fentanyl. You don't see, rohypnol, which is another date, right? You don't see those things being sold on online marketplaces, darkwood marketplaces. You don't see weapons in most marketplaces being sold. the reason for that.

is the consequences that come with those cells. The reason you see these ransomware companies, attackers, groups saying we are not going to hit hospitals is because of the consequences. All right. They know that once that's, once you pop that stuff up, law enforcement specifically is going to have a hard on for you. They're going to be poking the bear. That's it. You poke the bear. Like the whole point is they want to make their cash and they want to be left alone. Right. They don't want heat.

Right. So you outlaw those items. You don't see it. Not that you'd ever see pressure cookers for selling a dark web marketplace. But you don't see explosives for selling like because those items come with a lot of publicity and the profit on those items does not justify the possible consequences. So on the dark web, you will see some sites that that offer those, but they're not by the organized crime groups and they're not there for very long. They get taken down very exactly. So so and bear in mind.

we're seeing infrastructure being hit. We're seeing hospitals being hit. And I would argue what's happening there is those, those institutions, those, those infrastructure institutions that are being hit or healthcare institutions that are being hit, their security is so bad that it makes it worth it for those attackers to do that. Right. Or it's part of another campaign and they got in there. Like they launch it on everybody that has this software cause it's an open vulnerability and then they get in there and they're going to take whatever they can get. Yeah.

Dino Mauro (44:17.0)
So let me ask you about, and thank you for this. I love getting into the mind of a criminal and your philosophical approach to it because you really have, you know, when we first met, you are like the poster child for, for reform and for, you know, just repentance and, and, and all of it. And you do so much good for so many organizations. So it's just outstanding. It just shows that people can change. still have your,

You still have the thought, right? You don't have to act on it, right? Somebody emailed me and I get some of these crazy emails sometimes. I've literally had- Did they ask you like, you want to rob a bank with me? would they ask you I get the people that, will you train me to be a criminal? I get those guys sometimes. I've had people that literally, the satellites are listening to me.

I've had three or four of those guys. I get a lot of the, I get some of the crazy religious people sometimes. And I had, got this email the other day and I guess I got it right at the, the, just the right time for me. And the, guy, he said he was talking about watching me on Netflix. You know, I'm on that biggest heist show. He was talking about watching me on Netflix and he was like, you know, this,

Dino Mauro (45:40.401)
He said this, this, this, this thought that you have of being abandoned is wrong. You need to get past that. And he went on to say, you know, the thing is, is that you are where you are right now because he said, said, God willed it. I'm not this question guy. I'm trying to find my faith. I am. But he said, because God willed

Well, I didn't take it as that. I was like, you know, this force in nature, this thing, it called it God if you want to, because I've got certainly getting to that point of belief. And I have to say, you know, something did, man, because I mean, why am I not back in prison for 20 years? I understand my choices, you know, my desire to turn my life around absolutely plays a point. But, you know, I had people that reached out to me and took me in under their wing and put their careers on the line.

to give me that chance and didn't know if I was hell. didn't know if I was going to go back to commit crime at that point. That's the truth. But they put their careers on the line to give me a chance. And that email hit me. It hit me really hard at that point. So you are you are a a living legend in redemption. You really are. I mean, it's you. You show that it's not easy.

I know that you and I have known each other now for some time and you've got your struggles, but you are inspiring so many people. before this ends, I want to ask you, everybody's been talking about AI and AI is going to come in and feed cybercrime and you've spoken about this and you've had some...

some writings on it you're like, I don't see it. Like, I don't know what you guys are talking about. Like it, it really hasn't had as much of an impact. It's not, it's not not yet. Yeah. so explain that explain it. Cause so many people would, would, would be like, I'm sure the cyber criminals are using AI and everything. I'm like, okay, well to clean up a phishing email, like for word processing. Yeah, they're doing it that they're translating a little, but okay. That's been around for years. So let's be honest. mean, if you're, if

Dino Mauro (48:04.413)
before AI even hit, if you were trying to identify a phishing email because of syntax errors, was not the point. Yeah, that was not the real red fella. No, right. So it's a good point. thing is, that, and I forgot the guy's name, but Lex Friedman actually had an AI guy on a show a few weeks back. And he was saying the same thing that I've been saying that, right now AI kind of sucks.

It's not there yet. It's not. right. The thing for the criminal side is, is that we usually, and I keep saying we, because I still refer to myself as a We really don't create anything. What we do is, is we repurpose a lot of stuff. Right. All right. So AI that, that, you know, the chat GPT stuff like that. I mean, it's a, it's not even really that good on what it's doing legally. The ease of use is not great.

It's not ubiquitous. What am I going to use that for other than what you said of, you know, scanning over or verifying code or something like that? I'm not, I'm not. Now you do see, absolutely. You do see a lot of chatter. What kind of use of fork had to be done for this? I think I'll do this. You'll see that, but actually doing it is completely different. Now this guy on, and again, I forgot his name. I'm sorry about that, but he's one of the fathers of AI.

what he said was that it makes perfect sense to me what he says is is hey understand that AI is is going full steam though it's exponential and its improvement and its you know improvement and advancement ease of use everything else and he predicted and and I can't really argue what he said he predicted that by late 25 it will be extremely

successful and easy to use in a criminal environment. And he predicted that its main focus at that point or main use will be from that criminal nation. The criminals will absolutely start to use that. So, so think those deep fakes. You know, if you're able to, do a real time deep fake, both audio and video, that becomes extremely powerful. saw one yesterday of the fed reserve guy and they had like a porn hub background, you know, and the guy was talking about

Dino Mauro (50:31.099)
Well, we've screwed this. We've screwed that and screw you and everything's, you know, over and over. And it was, it was a very good deep fake. But what happens when you've got a real time deep fake of audio and video of a CEO that comes out saying, Hey, our company has lost this much money. Right. Well, your stock's going to go down or you've got Trump saying, definitely going to see that soon. You're definitely going to see that soon because we've, we've seen

Because the use of AI that I've seen in the social engineering context is what we've talked about. And that is you get a phishing email, you try and verify with the actual person. They haven't answered yet. You don't act on it. Right. But then you get a calendar invite for a zoom meeting or teams meeting. You jump on and you see the person and they look and sound the same. Or even if there's some glitch or whatever, you just assume you're working from home. It must be my internet. Right. And then all of a sudden, then you get all your answers.

uh, so, you know, satisfied and then you go and you release the sensitive information or do the wire transfer. That's it. You know, that's what we've seen so far in, in the, popular examples that have been out there, but that's just, you know, that's going to become more more common. That's just one thing. What happens when, when you, when AI has advanced enough that a criminal can just release its ass against one specific organization that, of course it will test that 90 % of vulnerabilities that are out there. But then

it will start to innovate. If this is working, what about this? What about this? What about that? Bang, bang, bang. To me, it's going to exacerbate the arms race, right? Because once they're able to leverage AI in plain language that can make whatever ransomware or malware that they want to launch undetectable by the crowd strikes of the world and the Sentinel ones and the Huntresses and the Articles, then all hats are off because then the good guys are going to have to figure out what they did.

It's going to take six months for them to productize it and get it to market. Meanwhile, the criminals act fast. That's right. So, know, the chatter right now that I'm against are all these security companies that, well, we've got AI or, the criminals are. It's like everybody had a, it's like if it's plugged into the wall, it's got AI. Right. Like everybody's like, got it. That's simply for profit. So what you're doing is, is you're having that conversation. You're coming out with that misinformation.

Dino Mauro (52:51.377)
that says AI this AI that that isn't really correct right now so that when it does become correct right nobody's going to listen to that bullshit. That's exactly right. the problem I have. Yeah well Brett thank you so much I know we're we're sorry about my language today. No it's perfectly fine. Hey that's what editing is for or the unfiltered version like it's perfectly fine. Beep beep beep. that's Brett being Brett again.