Sony Hack Decoded--Behind Scenes with A Real Hacker Artwork

Cyber Crime Junkies

Translating Cyber into Plain Terms. Newest AI, Social Engineering, and Ransomware Attack Insight to Protect Businesses and Reduce Risk. Latest Cyber News from the Dark web, research, and insider info. Interviews of Global Technology Leaders, sharing True Cyber Crime stories and advice on how to manage cyber risk.

Find all content at www.CyberCrimeJunkies.com and videos on YouTube @CyberCrimeJunkiesPodcast

All Episodes

Cyber Crime Junkies

Sony Hack Decoded--Behind Scenes with A Real Hacker

March 28, 2025 • Cyber Crime Junkies. Host David Mauro. • Season 6 • Episode 58

🔥 Stay with us as we explore The SONY hack-decoded and take you Behind Scenes with a Real Hacker.

In this episode we go Behind Scenes with A Real Hacker where Cyber Crime Junkies, host David Mauro, interviews Cody Kretsinger, a former Lulzsec member, exploring the Sony Hack Decoded.

Guest Cody Kretsinger shows us how hacktivists help keep businesses secure, as a security expert helping companies across the globe stay secure. He shares his incredible story of his past as “Recursion” a member of LulzSec hacktivist group affiliated with the infamous Anonymous group back when he was in college in AZ.

Topics covered: sony hack decoded, Behind Scenes With A Real Hacker, Cody Kretsinger, How Hacktivists Work, Inside The Sony Breach, why hacktivists help keep businesses secure, who hacked sony, how sony got hacked, how sony got breached, inside the mind of a hacker, what hackers do in cyber security, what hackers do with your information, how hackers break into websites,

Send us a text

Growth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com

Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-4466

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss a video episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Youtube (FKA Google) Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Sony Hack Decoded--Behind Scenes with A Real Hacker

Summary

In this episode we go Behind Scenes with A Real Hacker where Cyber Crime Junkies, host David Mauro, interviews Cody Kretsinger, a former Lulzsec member, exploring the Sony Hack Decoded.

Takeaways

• Cody's early interest in technology stemmed from gaming and hacking simulations.

• The thrill of hacking often comes from the challenge and the chase.

• Cody aspired to work for the NSA and had gone through extensive interviews.

• LulzSec was formed by individuals from the Anonymous group to expose security flaws.

• The Sony Pictures hack was a significant event in cybersecurity history.

• SQL injection was a key method used in the Sony hack.

• Cody's involvement with LulzSec was driven by a desire to prove something.

• The consequences of hacking have become more severe over time.

• The NSA focuses on signals intelligence and employs many mathematicians.

• The hack resulted in the theft of millions of records from Sony's database. There's a significant fear among hackers about being caught.

• The mindset of a hacker often involves arrogance and overconfidence.

• Destruction of evidence can be a reaction to impending legal trouble.

• FBI raids can be less dramatic than portrayed in media.

• Cooperation with authorities can lead to lighter sentences.

• Understanding the details of VPN services is crucial for privacy.

• Federal charges are more serious than state charges.

• Building a culture of security is essential for organizations.

• Small businesses are not immune to cyber threats.

• Cybersecurity regulations are becoming more stringent.

Chapters

00:00 Behind Scenes with A Real Hacker
01:08 Cody's Journey into Cybersecurity
03:37. The Thrill of Hacking: Red Team vs Blue Team
07:00. Aspirations and the NSA Interview
10:24. Involvement with LulzSec
12:31. The Sony Pictures Hack Explained
16:49. Sony Hack Decoded
21:39 Aftermath and Consequences of the Hack
23:08 The Tension of Anticipation
30:10 The FBI Encounter
34:25 Lessons from the Past
42:32 Building a Culture of Security

Topics: sony hack decoded, Behind Scenes With A Real Hacker, Cody Kretsinger, How Hacktivists Work, Inside The Sony Breach, why hacktivists help keep businesses secure, who hacked sony, how sony got hacked, how sony got breached, inside the mind of a hacker, what hackers do in cyber security, what hackers do with your information, how hackers break into websites, how did sony get hacked, cybersecurity, hacking, LulzSec, Sony breach, SQL injection, red team, blue team, NSA, cybercrime, data theft, cybersecurity, hacking, FBI raid, security culture, VPN, cybercrime, red team, incident response, security operations center, hacker mindset

Speaker 2 (00:05.166)
Hey everyone, welcome to Cyber Crime Junkies. So how did a group of rogue hackers bring a global corporation like Sony to their knees? What really happened behind the scenes of the infamous Sony attack? Today we sit down with Cody Kretzinger, a former lead member of LulzSac, a hacker collective that made the world take cyber threats seriously. LulzSac is an offshoot of Anonymous.

and they became famous for exposing weak security in government agencies, corporations, and more, all for what they call the lulls. But what is their true mission? And how did they pull off some of the most talked about cyber attacks in history? Stay with us as we explore the Sony hack decoded and take you behind the scenes with a real hacker. And now the show.

All right, well, welcome, everybody to cybercrime junkies. I am your host, David Morrill. Yeah, really excited. So we're joined today by Cody Gatziger, speaker, leader, author, hacker, former LulzSec member and cybersecurity champion. Cody, welcome to the studio,

Thank you so, so much for having me.

Yeah, well, we're glad to hear that our very first live stream was about the Sony breach. Right now, it wasn't the one from 2011. It was the 2014 breach. And we were just talking about we were just talking about all the open questions like, was it North Korea? Was it this if it was North Korea? Why did this happen? Why did that? How did they know this? And like, there were more questions than answers. And so that kind of sparked the whole interest. And so we're really funny. Oh, yeah, that's good.

Speaker 1 (01:53.624)
real fast on this. So he's been compromised several times, right? Like, it's just not so many pictures, which is the one that I was involved in. So you had you have the one around the movie, the one that you're talking about, you also had so much Sony online entertainment, they got breached as well.

That's hilarious. So before we even get there, let's, let's walk back to kind of where, where, where'd you grow up? Did you grow up in the Midwest or did you grow up out in Arizona?

Yeah, so I grew up in the Midwest and got involved with IT and a good buddy of mine showed me this pamphlet for a college out in Arizona, specifically Phoenix. And they had a really, really awesome curriculum. Network security was the main component of it, but they also had computer forensics as well as network engineering.

It sucked me in and it was a really fascinating time out there.

Yeah, so when you what drove you to be interested in computers as a kid, like was it just the single agent was.

Speaker 1 (03:00.844)
So there was this game called Uplink and it is a hacking simulator game. before then, a good buddy of mine, his father was really into computers, computer gaming, specifically Command and Conquer series. So that kind of like, that was my foray into computers and then gaming. And then once Uplink came out, I played it and realized that there was a component of

that was security based. And that launched me into kind of some underground hacking scenes to kind of figure out where I enjoyed doing certain things and then ultimately got me professionally interested in doing security.

Did you come from a background in it? Like were your parents in technology or anything like that?

couldn't meet two more distant people from technology. I will say, my mom was a clerical typist that worked her way up to a really good position at a local government. My dad worked in law enforcement, so he's the king of spreadsheets, which is kind of a funny goof around the house. they both, computers aren't their thing. In fact,

as well.

Speaker 1 (04:19.857)
The only reason we had a computer in our house originally, it was because the city ran some sort of deal that city employees could get a certain computer so they could familiarize themselves with it.

So what was it about network security and things like that that got you into wanting? Is it the challenge of it?

Or even how can I break this? Yeah. like that's the Yeah. I mean, that's so that's the mentality really that the hackers have. And let me tell you a story. I was at a conference a few weeks ago and it was after a really long day and I just plopped my butt down into a chair away from everybody else kind of party going on in that in the background. And eventually four or five younger, younger gentlemen come up and

They're all talking, it's their first conference. And eventually they asked me some questions, well, who are you? They didn't know, which is great, right? Because that's how I prefer most conversations to go. You what do you do and all that stuff. And they asked me more or less the same question that you did, David. here's what I asked back to them. I asked them, is there a certain component to IT or security or something where

you get the warm and fuzzies, your heart flutters a little bit. And a couple of them said, yes. And I said, well, what component of your job makes that happen? What makes the hair on the back of your neck stand up? What makes the goosebumps, right? And one guy said, well, it's actually it's blue teaming. It's the thrill of the hunt, right? I want to find the bad guy. That's what really

Speaker 1 (06:09.262)
really gets me going. And another guy said, well, it's, it's red teaming. It's when I can break into a system and manipulate it to do a thing that it's not supposed to do. And I'm scared to death that some guy, somebody is going to find me and, uh, you know, in that short period of time and I'm going to get caught. And that statement from the red teaming side of thing that it is the thrill of fighting.

The of being chased, right? You want to accomplish a task. You want to capture the flag before getting caught.

Yeah, there's a component of that, but there's also a component of I'm able to manipulate a system in such a way to get it to do a thing that it's not supposed to do. And I might be the first person to have ever done this. Yeah.

Well, and in the community, there's there's street cred, right? There's accolades. There's there's hey, I was able to do I was the first one. I know we're going to get into that in just a second.

the

Speaker 2 (07:19.054)
Right? mean, that's it's it's kind of what it is. It's like trophies, right? It's like, hey, I, I accomplished this. Let me throw it up on my throw it up on my book. Yeah.

There's a component of that, I think more so in the past than currently. In the past, was, what I did on the down low. You maybe talk about it within certain social groups, maybe IRC, or maybe a local 2600 chapter or something along those lines, and everybody just kind of knew. Now so much, you talk about a hack that you've done,

You might find up going to prison. There's consequences, right? There is now. Yeah, for sure.

Yeah. So let's talk about that. Let's talk. So you're, you're away at college. You're, you go out to Arizona. Great place to go to college. you're out there and from what I, from what I've read, right. And my understanding people I've talked to, like you were really good at school. You were like, you wanted to go into like work for the department of defense one day. Like you were, you, you had some great aspirations, everything else.

Something happened along the way. like walk us walk us through this

Speaker 1 (08:39.232)
I progressed very quickly, not only because of the academic information that I was being taught, but also because of this career. So I moved very quickly. And you're right. In fact, I interviewed for the NSA. I was going to be part of the NSA Red Team. had gone through the polygraph. I had gone through the psychological evaluation. I'd gone through the background check. I'd done all of those things.

What year were you in college?

I would have been a junior. The NSA recruits out of that school specifically because the type of talent that is there. Really? Yeah, yeah. Or they did at that point. I'm not sure now. But there were myself and several other students that had all applied to the NSA and several of us had either job offers or we saw people graduate and immediately they were part of the NSA.

So yeah, there was a lot of really good talent.

Explain to the listeners, I apologize, but explain to the listeners what is the NSA? Like I know it's very obvious to us, but you know for those that might be working out or driving in their car have this kind of work that aren't in cybersecurity. know what? What is the NSA and why is that so significant? Because it is very significant.

Speaker 1 (10:00.526)
It is. the NSA is an intelligence community much like the CIA is an intelligence community. You can consider CIA to be people driven and the NSA is technology driven. So they have things called signals intelligence, which is what the NSA mainly handles. And those are things like intercepts. So understanding encrypted communication breaking.

Encrypted communication. In fact, the NSA employs the largest number of mathematicians anywhere. And that's strictly to break code. The flip side of that is the NSA also does technology driven things, meaning they specialize in both red teaming operations, which is offensive. If you want to think of it from like a football oriented kind of conversation offensive. So we're breaking into

adversaries think other nation states or terrorist organizations or any of those things, and gaining access to grab information. We're also subsequently helping defend our country and our allies against cyber threats. So they have both of those components as well. And there's a number of other things that I'm sure that they do that I have no idea. I'm sort of an.

Yeah, it's

That's just the advertised portion, right? That's just a public facing piece. Exactly.

Speaker 2 (11:28.942)
So you're going along had a very exciting kind of undergrad career with with eyes on doing some pretty cool things. But you got involved with a group called Lulzac. It's L-U-L-Z-S-E-C. Explain to the explain to the listeners what was Lulzac.

So, LulzSec started, my goodness, where do you start with this one? LulzSec started- that one back there, There is. I'll try to hit the bullet points real fast. there's a group of people online called Anonymous, which is essentially a number of individuals from a particular website. In that group, there was a few people that got together who were fairly intelligent.

and created LulzSec and it was created by two or three individuals one of which was Sabu or Hector and he was kind of the ringleader if you will of LulzSec so they hacked into a few different

They have some very well-known breaches.

They do, So they hacked into a few things and Hector and I in fact went back a lot of years, back to my youth. And one day I got a message on AOL Instant Messenger and it said, hey, you should come check out what we're doing over in Woolsac. And they had already made the news at this point. And I was genuinely curious what was going on inside, it was an IRC server. I was genuinely curious what was going on in the IRC server.

Speaker 2 (13:08.84)
Absolutely, absolutely. And so that was a good explanation, by the way. And so you get involved there and at some point you're getting involved with some of the activities that the LulzSac is doing. Is that fair?

Yeah, so, yeah, there were several hacks that were going on prior to my arrival. There were several hacks that happened while I was there. There was only one specific hack that I was involved in, and that's the Sony Pictures hack.

Okay, and the Sony Pictures hack and for the listeners, it is not the PlayStation. Sony has sustained several different breaches that have made it to the media. There's the one in 2014, which we talked about in our very first episode. There's the PlayStation one, which happened earlier, I believe, right? And then there is a compromise that happened between like

late May of 2011 and June of 2011, which is the computer systems of SPE, Sony Pictures Entertainment, which were compromised. they attribute that to a compromise from LulzSec. And now does LulzSec mean anything that's the name? Is it like LOL security, like laughing at the security or what does it mean?

That's exactly it. Mainly the purpose of LulzSec, yeah. You don't have to read into it too far. Surface Levels is exactly what it was. The entire idea behind LulzSec was you had... Well, first you had a bunch of nerds like myself that had a chip on their shoulder and wanted to prove something.

Speaker 2 (14:46.446)
You guys were kids. I mean you guys were kids. Yeah, we think it. Yeah for sure

Yeah, 20s. And that's all it was is we found laughable security and right.

which is out there. It's out there. It's why we exist. It's still there. So, okay. So, so what, what, us through what, what happened and, and, and, and let's, let's start with what you guys were doing there. Like if that's okay to, to speak about it. Cause I think it's all, it's all been said and done now. So I think we're open to, to, to speaking about.

Yeah, the Statue of Limitations has passed.

Speaker 1 (15:32.418)
We're good with this. the entire purpose, so we ran a number of scanners, like bots, essentially to go out there and map the internet to see where we could find vulnerabilities. And we were finding them left and right, but we'd only focus on big targets and specifically like Sony came up and

Again, getting back to that trophy. again, if you're going to go and you're to spend the time risk, maybe getting caught or whatever, like you want them to have a logo. You want a logo by right or name.

There's a component of that, there was also a component of like Screw Sony. Remember the big DRM thing that they tried to pull with the root kit and all of that? That left a really sour taste in a lot of nerds minds.

Walk us through what that is. Can you explain to the listeners what that was? What did somebody do?

So I have not brushed up on this, I'm gonna at least try to get it from the 5,000 foot level. There was music CDs that they had put some sort of digital rights management on, so basically making it very difficult to steal the music and play it somewhere else. Remember, this is like the era of Napster.

Speaker 2 (16:51.532)
Exactly. Back then today, everybody was whipping off songs, right?

Exactly. So Sony developed this application, which was a Rootkit, which installs itself. Rootkit basically just installs itself at the highest level privileges of a system and is very, very sneaky in how it does it. And that application was there to make sure that you couldn't steal the actual music itself. at some point, the encryption key or the there was a key associated with it that

somebody discovered, then Sony tried to sue them and cover it up. And then everybody publish it online. just, it grew snowballed into this thing. And eventually there was a lot of, a lot of hatred towards Sony and nerds don't forget. So, so there's a little bit of that hatred was, was still there when, when we discovered, the website that was vulnerable. We find the vulnerability at Sony when you're out there scanning out of all the other ones that you.

Yes.

Speaker 1 (17:54.84)
What was kind of the next step, the next process? How did that evolve into where we got? Yeah, it's super simple. It's, guys, we've got a sequel injection, which I'll explain in a moment what that is. But we've got a sequel injection on the Ghostbusters website. Everybody started attacking it. And that was essentially the order. Wow. Yeah.

So it was their website was actually their website that was so vulnerable. I mean, it wasn't getting into like any bypassing of any firewall. It was nothing like that. It was just their public facing website.

It was, if you want to talk at low hanging fruit, this couldn't be lower. And the website that was insecure was the Ghostbusters website. fact, it was a, So they were running some sort of, some sort of sweepstakes where if you, I think there was some sort of anniversary or something along those lines. And it asked people to put in their first, last names, email address, physical address, phone number, stuff like that. And it had,

had a lot of records in it. And it also coincidentally was vulnerable to a style of attack called SQL injection, which is essentially, you know, when you go on to a website and you submit information, meaning their first, last name, phone number, that kind of stuff. Typically what normal people would do is actually put legitimate data in those fields where it asks for that data. Us being hackers, we're testing to see whether or not certain characters cause that form submission.

you when you hit submit, to do something unexpected. And in fact, there's a kind of a standard way to approach this. There are certain characters on the keyboard to get things not to work correctly. And we found that out. And what happens is instead of that data being submitted to a backend database, that information from the database is now being presented to us.

Speaker 2 (19:48.43)
Yeah, it kind of regurgitates itself. Yeah, it kind of regurgitates itself, right? And all of that data that's sitting on the back of that website comes to you guys.

So it's not only that website, but any other website that uses that set of databases. So you can imagine that one database that has the Ghostbusters sweepstakes information, that's a lot of records, but there's probably gonna be some other promotional databases on the same server. when we were done, was, I'm pretty sure it was between one or two million unique records that were stolen.

out of this group of servers,

Holy cow. So you guys are doing that and what are you guys doing with the data? So you guys get this data. It's housed somewhere in the Lulzac kingdom or wherever you guys can.

We had a SharePoint. I'm kidding.

Speaker 2 (20:45.262)
We just had a public facing SharePoint site in case anybody was interested.

Yeah, in case you want to download anything. So right, Totally makes sense. Funnily enough, it's real quick aside in the in the position that I'm in, we share malware back and forth via Teams and SharePoint and whatnot. And you'd be surprised how often Microsoft looks the other way on like completely malicious stuff, which is hilarious. So.

That helps in red team engagements. can tell you that right now. But essentially it was, was somebody mapped the database to begin with, at least at the high level and basically said, you go for this, you go for that, you know, here's your section of data you're quote unquote responsible for. And so the, had my section of stuff and the tool that we used, any

anybody can use something called SQL map or SQL map. It's point and click almost. And in fact, there were other instances of somebody using Havage, which is a windows based application to do this. But the point I want to make here is that we ran those applications for days, which means we were hammering away at this website. I think personally, it was a week or more from my side of things. So nobody noticed.

for weeks. So we'd grab all the data and then we would send that data to the guys that were more or less running a little, even though there really wasn't a leader. They compiled all the information and then tweeted at Sony basically saying like, hey, we're in your systems and you can't find us. And then

Speaker 2 (22:32.186)
media. Every brand loves to get a tweet referencing them that, we're inside your network. And you don't know it. Come find us.

And you don't know it.

Speaker 1 (22:44.75)
Remember, LulzSec had made national news like four or five times prior to this particular hack occurring. Imagine a threat group right now, you know, the folks behind ClackBot.

Yeah, or like lock bit 3.0, tweeting something. Yeah.

Saying Sony we're in your systems and you haven't found us yet It was more or less the same in terms of how it was received on their side Right it is but what's but once we had all the information we compiled it and then Dropped a tweet real fast and then there was a torrent so anybody could download all of this information

It's It's chilling.

Speaker 2 (23:23.95)
And then so and you're still in college and you're going to school, skipping your way over to class, working for that interview with the NSA. And so what was it? it in September of 2011 that the feds came knocking or what?

Yeah, how did that go down? So there's a couple of components to that. And what a lot of people don't know is that I was working in IT as the network security administrator for the school. So I knew all of the stuff that was going on to a certain degree. And one day myself and several other workers come into IT and everybody's access is turned off except for two individuals.

And in the back of my head, there's nobody else on campus except for maybe one or two people that understand what I'm involved in, right? So in the back of my head I go, well, it's probably pretty likely that the feds are coming. that night, there was, kind of going back to that security research group.

Yeah.

Speaker 1 (24:40.526)
There were a lot of things going on in that student-ran organization. None of it was illegal, but everybody was scared. And we had a word. It was a word that if you ever got a particular word via text message and that was it, that meant either we're getting raided or we think we're getting raided or there's a situation in which you might want to destroy evidence is really what it falls down as you know.

And that a few of us got got together that evening and that word went out to the entire crew and Yep, and I've never seen the removal of so much hardware from a single like dorm room that I did that particular night There was there's a significant amount of information that was that was destroyed

So when you had the sense, when you had the sense that the feds were coming before they actually came and you, you met them, what, what was going through your mind? How did that, how did that make you feel? I mean, it's, it gets into the core of the hacker mindset that you want to go and capture that flag without getting caught. Right. And you have that sense that it's being exposed. Right. So it's, it does that.

get you down to your core, what happened? Like what was that feeling?

So I was a very, very arrogant young man. And while I figured the feds were coming and going to be knocking on my door, I thought I was smarter than them. It's what it was down there. OK. Yeah. yeah. I learned my lesson on that one. Right, right. You that straightened out real quick. Very quick. So but I did take steps, right? I did.

Speaker 1 (26:35.136)
I debanned all of the drives that were associated with any of the things and destroyed quite a bit of information. what's jumping ahead when they actually do the raid and they're interviewing me instead of actually saying I want a lawyer, I'm telling them that I'm smarter than them and that I destroyed evidence and a number of It gets you pretty far with the FBI, right? I told you I was young and arrogant.

Yeah, they love that. They love sitting across the desk from like a 20 something being told how stupid they are and how bright you are like they love that.

They had the final last word though. So I got, I got to ask Cody. So, and I heard you referred to it as a raid. that, I mean, is it like we see on TV? Did they come in with the, you know, the blue jacket with the yellow lettering and they all had guns and you know, what, what, what happened? Or did they just walk in in some suits and say, Cody, come with us. So I much would have preferred the latter. but it wasn't quite as bad as the former. And in fact, when I, when I get my presentation, especially to like kids,

Yeah, they do.

Speaker 1 (27:43.566)
about my backstory. There's a gif of these guys breaking into a house and they're like dropping through the ceiling through like skylights and kicking in doors and going through.

Right. I always tell people, that's how I got rated. And of course, that's a complete lie and fabrication. What they did do was show up at my dorm room and my poor roommate. I feel so bad for them. Yeah. they did do is...

I'm gonna go hey mom. I've got this really cool roommate. He's got all this like really cool. He's really smart There'd be a lot of drama. He'll just be nerding out all weekend Don't you worry about me and then the feds are at the door Hey mom, my roommates in all the trouble. All right,

the

Speaker 1 (28:31.662)
So the feds are at the door. So it's five o'clock in the morning and these guys show up and there's a knock at the... Actually, I hear the key card coming. So there was two components to the lock. There's a physical deadbolt and then there's the key card like you would at old school hotels, right? And I keep hearing it getting denied because the deadbolt's engaged. I never deadbolt the dorm room door, but that night prior.

for some reason I did. And I hear it occur that gets me kind of out of my sleep. And then there's a knock, unlike a knock I've ever heard in my entire life. It's the most- cop knock? Tack, tack, tack, tack. It is the most afforded knock you'll ever hear in your entire life. I hate that happens. Yeah, by the way, no one's waking up any other student at five o'clock in the morning in this dorm room. Right.

Like I'm already a couple of steps ahead of what I think is occurring, but like, it's not like I'm going to, you know, bust out the window and try to run away. So I opened the door and there's the FBI agent that I grew to know. And I put my foot behind the door and it's only open just a few inches. And he asks, and I can't remember which name he used, but it's hilarious. And he goes, is such and such here and used a woman's name or a girl's name.

And the thing is, is that this particular college was like 98 % male. The likelihood of a woman being in any of these dorm rooms was so, so small. And it caught me off guard. And I said, no. And he goes, that's when he pushed his way through the doors, you know, a FBI and secret service. we're here to execute a search warrant. You need to sit down, like all of these things and about 20 guys, enter this very, very small dorm room.

was going to say the dorm room is like an eight by 12 space. Like 20 guys.

Speaker 1 (30:31.362)
But to answer your question, they were plain clothes, right? were wearing... Okay. They weren't even in suits. They were in just street clothes.

Okay. Okay. And, and so then from what I understand and people that we've spoken with, like you were super cooperative. were, despite your version of being young and arrogant stuff, you, didn't put up much of much fuss. You kind of were like, look, this is what we did. Like you were, you know, it was, it was, it was, it was a hack that we achieved.

Yeah, at a certain point, like they've got you dead to rights. And one of the things that, throughout your process, anybody that goes through the federal process has been charged by a federal grand jury and they have

You have to go through the indictment where they issue a true bill and they've actually said there is probable cause to proceed.

Yeah, so like there's already a level of like detail there that most search words don't have. And then once you're through that original kind of the original, you know, indictment, if you will, or even just a search warrant, you start to realize like, they have all of their ducks in a row. There's not really much that I can do or say. if the feds have something like a 97 and a half percent conviction rate.

Speaker 2 (31:52.68)
Yeah, it's much different than state charges, right? Local district attorneys, the county prosecutors, they shoot from the hip. They don't have the resources, everything else. It's like high school ball versus the NFL. When you get up to that federal level, they pretty much have dotted all their I's, crossed all their T's before acting.

Yeah, so I mean, then becomes the component of going back and forth with the feds. There are other former LulzSec members that were just complete. They were not friendly towards the feds. They also subsequently had 10 year sentences as opposed to where mine was a year and a day. So I would say that I was, I did a little bit better off than the guys that were, that didn't cooperate to some degree.

So did they did they pick a bunch of you up it all at you know on the same night it's been five in the morning or was it just sporadic how did that work? I was the first to go of the group. wow. So that's from the flood plate the flood gates and from there I think everybody else realized probably best to shut up shop and move on. Now mind you

Why do you think you were first? I'm just curious. Like I wonder, you know what I mean? You weren't like the main one that was driving a lot of it. I mean, I wonder why you were first.

luck of the draw? Don't know. don't know if it was easier to find me than others. Well, you know, the thing is, is there's been some speculation as to the validity of the VPN service that myself and others used in order to kind of hide our identity and whether or not

Speaker 2 (33:30.281)
Yeah.

Speaker 2 (33:45.422)
Yeah, I read about that as a proxy server, you were using a proxy service and it should have shielded your identity, your IP, at least in things. And maybe that got compromised somehow or maybe it had exposed you.

out it was you guys. my understanding is there was enough pressure, it was a VPN service out of out of England and that there was enough pressure from the government over there that they were essentially mandated to give over information that they shouldn't have been collecting anyway. In fact, in their terms of service to begin with, it said under no circumstances will we ever give this to law enforcement. Well, they did. I can tell you that.

My ass is white.

Yeah, so one of the lessons we've learned here is shop and read the details of the VPN service that you engage in, right? Because you're using a VPN to be encrypted and for them not to be selling your data or transferring it or collecting.

Yeah, would go a step further and say that most VPN services are likely going to cooperate with an authority and if you're going to commit a crime, probably not a good thing to use a VPN service. Also don't commit crimes.

Speaker 2 (35:10.542)
Yeah, exactly. That's one of the lessons. so fast forward, you didn't go to trial, right? You guilty, right? You pled guilty. You got a year and a day served. Where did you wind up serving? Did you serve in Florida or did you serve in...

I served it in a Martha Stewart style or esk federal prison camp in Pekin, Illinois.

okay. I'm familiar with that one. It's not not because I was there. But I, in my prior life, I was an attorney. And so I had, I had been there to to actually interview somebody once. But yeah, but very interesting. So yeah, I mean, federal prison is not like the jails that we see in like, scared straight in some of these other, you know, the county jails and the state penetrant.

Tenetentries. It's much more conducive to rehabilitation, right? And it's much more civilized. It's still a hard fall from being in college. That's the whole point, right? It's still a huge blow to a human being who is knocking on, you you know what I mean? were, were, yeah, you were in your prime, you know, gonna work for the NSA, but you've recovered really, really well and you're doing some great things. And that's

why you're here. And so let's share some of the great things that you're doing for the security community and the presentations that you're doing. Like you do a phenomenal job. And this is like, this, so important to me. Like we've talked to a ton of people that identify as hackers, that identify as prior, you know, cyber criminals that have, that are on the good, on the,

Speaker 2 (37:04.888)
good side of the law now that really help in ways that other people can't, right? Because they don't think the same way and they don't have the same experiences. But by knowing that it's part of the reason why some people they'll go undercover and they'll study, you know, Lockbit 3.0 and they'll study, like they'll get to know those personalities because if we don't understand at end of the day, it's all people. And so if we don't understand the people behind it and the reasons and the behavior and the personalities,

How can we adequately defend against it?

Yeah, exactly. Yeah, I mean, there's to use an analogy. Oftentimes you'll find former bank robbers becoming bank consultants or banks. Exactly. I will say that for anybody that's interested to get into this, I'm going to preface what I'm about to say because.

If there's anybody that's interested in getting into security, there is a path in which you can take that doesn't involve doing something illegal. In fact, the cybersecurity industry frowns upon doing that. I was at the very tail end of when it was still somewhat acceptable to do these things. Now it is very much not. But that being said.

The things that I help businesses with, cybersecurity-wise or just network security-wise, those are the things that the bad guys are doing. I say I'm a recovering red teamer. I don't do it as much as I used to, but when I'm applying what I know and how things work and how a bad guy actually operates and I'm quote unquote attacking a business,

Speaker 1 (38:52.428)
for a fee, right? So it's all above board. I'm giving this

With permission, With permission, they want you to. That's what red team engagements are. want to be hacked because the agreement is you're not going to do any harm. It's almost like a capture the flag. But it's somewhat like, here's a piece of intellectual property. We're going to hide it. You come in undetected and get access to it. And we'll pay you a fee so that way we could learn where our vulnerabilities.

From what we see, we're secure. We know we're not. So where are we? What are our blind spots?

It's really identifying those gaps in security, right? Most organizations, you can't check your own work. And that's the reason why they have somebody come out and do what I do. applying not only that component, because you can hire any red teamer that you want to, but being able to hire a red teamer that has experience in doing, you could say criminal stuff, there's a little extra umph there. There's also...

There's the credibility aspect to it. And then there's also just kind of the namesake, if you will. So there's that component. And then there's also a component where I built a sock or a security operations center, is basically, yeah, from the ground up, it was me. And then built a built a sock from the ground up. you know, hiring the correct people, making sure that, you know, logs are being analyzed, that people are responding to events.

Speaker 1 (40:26.624)
I actually stopped doing so much red teaming. hired red teamers to do that. And then my main focus for several years was mainly incident response. now it's I'm on the other side.

Blue team a little purple. Yeah, that's really good.

So now I can apply my perspective into, all right, you are either currently engaged in an incident or one has happened and we're trying to figure this out. And now I can apply that same, that same knowledge on how the bad guys operate. And then that's also the same. My folks on. Really, right? Because it gives you perspective on everything. That's, know, that's really, it's actually really cool.

a little in Europe.

Speaker 2 (41:10.402)
Yeah, I mean, the lens that you view the same facts are is going to be a different lens, right? And it's and it's really, really insightful. So so organizations really benefit. We have a whole team. Mark and I are with all covered, which is the Conoco Minolta MSSP. We have our own sock. We have our own red team group. And I'm telling you, like the red team group, they're so cool, like they're like the way that they think the way that they look at things.

And our sock has really been built from the ground up and they're so insightful. But part of it is because they all work together and they collaborate. That's really, really so important that we see on a daily basis. It's really important. And businesses benefit by insight like yours. mean, that's just, there's such a clear benefit. Yeah.

No, go ahead.

was just going to elaborate a little bit more on it's you're completely right and running a SOC gives you a really interesting perspective in of itself because you're monitoring a lot of different businesses. mean we had financial institutions, healthcare, manufacturing, emergency services.

municipalities, stuff like that. when you see a particular attack starting to occur over here, you can then help out other folks in other places. So it's a very interesting perspective to be able to kind of help businesses without them even realizing.

Speaker 2 (42:51.374)
Yeah, exactly. Yeah. Yeah. As as as we're looking to wrap up here, what are some of the what are I don't know exactly how to ask it, but what are some of the main things that you're seeing that organizations need to change when it comes to creating a security culture when it comes to having the right defenses up? I mean, small businesses struggle, it seems a lot more than than large

enterprise organizations that can create their own sock. What can small to mid-sized businesses do? What are some of the top priorities you're seeing?

Yeah, there's a lot.

The security mindset, or I really like the phrase culture of security. So there has to be a focus on that. And here's the thing. It ain't going away. In fact, it's going to get much more stringent and there are going to be things that come up between now and probably next year. You look at things like the FTC safeguards and who those impact, mom and pop accounting shops versus big automotive dealerships. They're all on the hook now for developing a security program.

Yep. And oftentimes those folks, especially if you look for like automotive dealerships, it's usually usually just the guy who's somewhat good with technology is the the IT guy, right? Yeah. You can't blame them for it because in the past this has worked well. Well, now there's some there's federal charges that can be levied against those individuals who don't take the correct steps in order to to actually protect themselves.

Speaker 1 (44:36.958)
So that's one component. So we're seeing regulation. Another component is that folks don't, think, and using this phrase again, they think that they can check their own work. And that is really where having somebody come in, do an assessment, figure all that stuff out, that's gonna be incredibly, it's not only incredibly important, but it needs to happen on a regular basis to identify where those gaps in security is.

We can sit here and we can talk about whether or not MFA is enabled, whether or not somebody uses a password manager, whether or not there's long passwords versus short password. We can talk about technologies and controls and all of those things, but really what it boils down to is understand the regulations, make sure that you're checking on those things, that somebody's got eyes on the glass because it's going to continue to grow. This is something like...

like a 500 % growth in cybersecurity in the last year or two, I don't expect that to slow down any time. for folks that are not putting focus on security now, it's going to bite you in the butt at some point in time. And not to spread FUD, but it's one of those things where it'll come back around and get you at some point.

And you're not spreading fun. You're not spreading fear, uncertainty and doubt. Like it's because that is what is there. And it goes to the core of an organization's brand, right? That brand is there because customers trust them and people lose trust when people lose their stuff, right? When all of a sudden, you know, you know, you want to,

apparently in that time.

Speaker 2 (46:28.366)
buy a vehicle and all of a sudden your kids, you know, uh, false tax returns are filed on behalf of your kids because you tried to buy a vehicle. Well, guess what? You know, we can buy a vehicle anywhere. We're not going to do it from you. Right. I mean, that's, that's, goes to the, yeah, it really goes to the, to, to the core. Yeah. And I, I agree with you about the culture, right? It needs to be.

we're not gonna do you

Speaker 2 (46:56.182)
something that is ingrained in that culture. know, like it's gotta be something that from the top down, it's gotta come from leadership. Like it's gotta be part of everything. When you think about, you know, cultures that don't tolerate harassment, right? Yes, there's harassment training maybe once a year, but there's a culture there that doesn't tolerate it, right? And so what's happened with security is there may be an initial onboarding

cybersecurity training, or you might get an email on tech Tuesdays about how to spot a fish, but it's not really part of the culture, right? They're like, we don't care. Go ahead. If you're working from home, save your documents wherever nobody ever asks. So like that, no, like it needs to be part of the culture. It needs to be ingrained because you all have to care about yourselves, your family and the organization's brand that you serve.

Yeah, and to add on to that, there's no organization too small. Great point. The only reason you don't hear about the mom and pop places getting smoked is because they either haven't, sorry, the mom and pop places being compromised or having an incident is either because it's low enough in the news that nobody cares or they haven't detected it yet.

Yeah, absolutely.

That's a great point. That's really good.

Speaker 2 (48:20.43)
Well, everybody, please check out Cody Kredzinger. We'll have your links to your services, links to your LinkedIn, connect with them. The information that you have out there is really helpful to organizations. it was fantastic. It was really, really insightful. So thank you so much. We'll have links in the show notes.

the

Speaker 2 (48:47.886)
for everybody to connect with Cody and just a really unique fresh insight and we really appreciate what you do. yeah, so all right man. Thank you so much.

Thank you,

Speaker 2 (49:08.398)
Well that wraps this up. Thank you for joining us. We hope you enjoyed our episode. The next one is coming right up. We appreciate you making this an award winning podcast and downloading on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and we thank you for watching.

People on this episode

David Mauro

Host

Cyber Crime Junkies