Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:02,837 --> 00:00:09,636 ♪ ♪ 2 00:00:09,636 --> 00:00:15,850 ♪ ♪ 3 00:00:15,850 --> 00:00:22,148 ♪ ♪ 4 00:00:24,192 --> 00:00:25,610 MARIANA: What's that stuff? 5 00:00:25,610 --> 00:00:27,195 PRIMO: Little bit of fentanyl. 6 00:00:27,195 --> 00:00:29,698 This (bleep) is blowing up. These are eight-balls. 7 00:00:29,698 --> 00:00:30,824 This is the trap, baby. 8 00:00:30,824 --> 00:00:33,034 Little Havana. 9 00:00:34,244 --> 00:00:36,162 MARIANA: Is this where you're making most of your money or? 10 00:00:36,162 --> 00:00:38,081 PRIMO: Hell no. This (bleep) is a thing of the past. 11 00:00:41,251 --> 00:00:42,335 PRIMO: I ain't got time for that. 12 00:00:42,335 --> 00:00:45,797 So, what we did is we started scamming. 13 00:00:46,256 --> 00:00:49,426 MARIANA: Scamming, credit card fraud, and ID theft are all 14 00:00:49,426 --> 00:00:53,096 part of a booming cybercrime industry around the world. 15 00:00:53,096 --> 00:00:55,140 LIGHT: I'm buying audio equipment, I'm using a stolen 16 00:00:55,140 --> 00:00:56,599 credit card. 17 00:00:56,599 --> 00:00:58,893 MARIANA: Most don't even realize they're targets 18 00:00:58,893 --> 00:01:00,437 until it's too late. 19 00:01:00,437 --> 00:01:03,773 JESSICA: I've had $300,000 that has been taken from me. 20 00:01:07,485 --> 00:01:10,322 MARIANA: Our data has become a commodity more valuable than 21 00:01:10,322 --> 00:01:13,450 guns, gold, or drugs. 22 00:01:13,783 --> 00:01:15,785 CATALIN: We'll have hackers targeting large companies, 23 00:01:15,785 --> 00:01:19,205 corporations, and obviously, critical infrastructure. 24 00:01:20,540 --> 00:01:24,127 MARIANA: I want to know how our data is stolen, how it's sold, 25 00:01:24,127 --> 00:01:26,838 and how to find the shadowy band of hustlers 26 00:01:26,838 --> 00:01:29,341 and hackers responsible. 27 00:01:31,259 --> 00:01:34,637 The threat is much bigger than I ever realized. 28 00:01:35,597 --> 00:01:38,308 JOHN SMITH: If you're smart about it, you can't get caught. 29 00:01:46,441 --> 00:01:48,693 MARIANA: What? Do you think he's suspicious or what? 30 00:01:48,693 --> 00:01:50,278 ABEL: I'll talk to him again. 31 00:01:50,278 --> 00:01:52,447 MARIANA: I'm in Miami chasing down a tip about 32 00:01:52,447 --> 00:01:54,741 a new breed of criminals. 33 00:01:54,741 --> 00:01:57,619 ABEL: Now he's acting a little funny. 34 00:01:57,619 --> 00:02:00,705 I'm still talking to him now, but. 35 00:02:00,705 --> 00:02:02,832 MARIANA: He's just not sure if he wants to meet us anymore? 36 00:02:02,832 --> 00:02:04,834 ABEL: Yeah, like, he's saying he's late. 37 00:02:04,834 --> 00:02:07,212 He wants to do it tomorrow. 38 00:02:07,212 --> 00:02:09,964 MARIANA: Abel is a former gang member who served 39 00:02:09,964 --> 00:02:12,425 three years in jail. 40 00:02:12,425 --> 00:02:14,719 He's also a friend and a source that I can call 41 00:02:14,719 --> 00:02:17,263 in moments like this. 42 00:02:17,263 --> 00:02:19,808 I'd heard rumors that street gangs were getting into 43 00:02:19,808 --> 00:02:22,102 credit card and identity theft, 44 00:02:22,102 --> 00:02:25,689 and Abel has been asking around for me. 45 00:02:25,689 --> 00:02:29,776 We were on our way to meet one of his contacts we'll call 'Primo'. 46 00:02:29,776 --> 00:02:32,028 But he's gotten cold feet. 47 00:02:32,028 --> 00:02:34,489 ABEL: He's just nervous or something because. 48 00:02:34,489 --> 00:02:36,533 MARIANA: Do you think it would be a good idea to FaceTime with him? 49 00:02:36,533 --> 00:02:38,034 ABEL: Yeah, definitely. MARIANA: So he could see... 50 00:02:38,034 --> 00:02:39,452 ABEL: I mean, that could build trust. 51 00:02:39,452 --> 00:02:45,375 (phone ringing) 52 00:02:47,794 --> 00:02:49,754 MARIANA: Can you see me? 53 00:02:50,380 --> 00:02:51,923 PRIMO (over phone): Yeah. I see you. 54 00:02:51,923 --> 00:02:53,299 (bleep) is real, you know? 55 00:02:53,299 --> 00:02:55,468 I can't have people getting indicted over this. 56 00:02:55,468 --> 00:02:56,469 MARIANA: Got it. 57 00:02:56,469 --> 00:02:58,179 So this is the deal, so this is how we do it. 58 00:02:58,179 --> 00:03:00,056 We don't show your face. 59 00:03:00,056 --> 00:03:03,476 We cover any tattoos, or any identifiable features that 60 00:03:03,476 --> 00:03:05,895 you have and we also change your voice 61 00:03:05,895 --> 00:03:08,189 so that it's not recognizable. 62 00:03:08,189 --> 00:03:10,567 So yeah, that's what I can tell you. 63 00:03:10,567 --> 00:03:13,862 The hardest part of my job is getting people to trust me. 64 00:03:13,862 --> 00:03:17,407 It can take weeks, months, sometimes even years. 65 00:03:18,658 --> 00:03:20,452 PRIMO (over phone): All right, yeah. 66 00:03:20,452 --> 00:03:23,788 MARIANA: But sometimes we get lucky fast. 67 00:03:23,788 --> 00:03:25,331 Yeah. 68 00:03:25,331 --> 00:03:28,793 He said, he said, "yeah." He's down to film tomorrow. 69 00:03:28,793 --> 00:03:31,629 He said I'm not doing this for you, I'm doing this for, for 70 00:03:31,629 --> 00:03:35,133 Abel and if Abel is cool with this, I'm cool. 71 00:03:35,133 --> 00:03:37,010 I know he's not going to set me up. 72 00:03:37,010 --> 00:03:39,345 Let's hope it happens tomorrow. 73 00:03:41,389 --> 00:03:44,476 As we wait for the meeting with Primo, Abel takes me to 74 00:03:44,476 --> 00:03:47,020 see another friend of his, who apparently dabbles 75 00:03:47,020 --> 00:03:49,689 in the credit card game. 76 00:03:50,899 --> 00:03:52,942 Can you show me some of the stuff that you do? 77 00:03:52,942 --> 00:03:55,987 BECCA: Absolutely. And so, to the dark web. 78 00:03:56,738 --> 00:03:58,531 MARIANA: Becca is a self-taught scammer whose 79 00:03:58,531 --> 00:04:00,450 husband was a gang member. 80 00:04:00,450 --> 00:04:03,077 She agreed to give me a primer on how it all works. 81 00:04:03,745 --> 00:04:05,538 BECCA: You can buy arms, you can buy legs, you can buy 82 00:04:05,538 --> 00:04:08,291 elephant tusk, you can buy digital goods. 83 00:04:09,209 --> 00:04:11,294 MARIANA: Becca uses a browser that hides her identity, 84 00:04:11,294 --> 00:04:14,339 making it possible for her to visit more nefarious websites 85 00:04:14,339 --> 00:04:17,592 normally unavailable to internet users. 86 00:04:17,592 --> 00:04:19,928 And where do you get that credit card information? 87 00:04:19,928 --> 00:04:22,555 BECCA: We have several markets. 88 00:04:22,555 --> 00:04:24,265 MARIANA: Vice City is the name of the market? 89 00:04:24,265 --> 00:04:25,350 BECCA: Yeah, that's the name of the market. 90 00:04:25,350 --> 00:04:26,768 I know how cliche, right? 91 00:04:26,768 --> 00:04:28,394 MARIANA: Valid dumps. 92 00:04:28,394 --> 00:04:29,646 BECCA: Comes with the date of birth. 93 00:04:29,646 --> 00:04:31,147 MARIANA: Uh-huh. 94 00:04:31,147 --> 00:04:32,524 BECCA: ZIP code, so you know where the card is from, 95 00:04:32,524 --> 00:04:34,150 where the billing address is. 96 00:04:34,150 --> 00:04:36,444 MARIANA: Uh-huh. Wow. This is so crazy. 97 00:04:36,444 --> 00:04:39,531 BECCA: And then look at an example, if it doesn't work, they give you your money back. 98 00:04:39,531 --> 00:04:40,657 MARIANA: No, they don't. 99 00:04:40,657 --> 00:04:42,158 BECCA: Yes, they do immediately. 100 00:04:42,158 --> 00:04:43,243 Immediately. 101 00:04:43,243 --> 00:04:44,536 Look, right here. 102 00:04:44,536 --> 00:04:45,912 MARIANA: So you can buy this for only $8? 103 00:04:45,912 --> 00:04:48,581 BECCA: Yeah. Oh, you could buy them for three cents. 104 00:04:48,581 --> 00:04:52,126 MARIANA: My, my mind is exploding right now. 105 00:04:52,126 --> 00:04:55,547 Site after site, the dark web is like a strip mall of 106 00:04:55,547 --> 00:04:59,551 stolen credit card data, where everything from security codes 107 00:04:59,551 --> 00:05:02,720 to ZIP codes are available for resale. 108 00:05:03,888 --> 00:05:06,099 BECCA: Carding is the act of using other people's 109 00:05:06,099 --> 00:05:10,770 credit card info, you know, to buy stuff or obtain goods. 110 00:05:11,938 --> 00:05:15,400 It starts with prepaid cards. 111 00:05:16,484 --> 00:05:20,530 That's an MSR. It can read, write, erase. 112 00:05:20,530 --> 00:05:24,242 And then I'm going to clone this information onto it. 113 00:05:24,242 --> 00:05:27,537 MARIANA: Becca uses the MSR machine to encode the stolen 114 00:05:27,537 --> 00:05:30,707 credit card data onto the magnetic strip of the new 115 00:05:30,707 --> 00:05:33,001 burner debit card. 116 00:05:33,626 --> 00:05:34,877 BECCA: So I'm going to go for that one. 117 00:05:34,877 --> 00:05:36,337 He probably went to a restaurant and somebody hacked 118 00:05:36,337 --> 00:05:37,755 into their POS, whatever. 119 00:05:37,755 --> 00:05:39,215 MARIANA: Steven, I apologize. 120 00:05:39,215 --> 00:05:40,883 BECCA: It's okay. It's corporate. 121 00:05:40,883 --> 00:05:43,469 Don't worry about it. The bank will give it back. 122 00:05:43,469 --> 00:05:45,513 So now, let's make a card. 123 00:05:46,806 --> 00:05:49,559 Bam, credit card okay. 124 00:05:50,268 --> 00:05:52,228 Let's go test this on the vending machine. 125 00:05:52,228 --> 00:05:54,147 Because I don't want to get caught. 126 00:05:54,147 --> 00:05:56,691 MARIANA: To check if the card works, she needs to do a 127 00:05:56,691 --> 00:06:00,153 test run where no one will catch her, in case it doesn't. 128 00:06:00,778 --> 00:06:03,448 This is the moment of truth. 129 00:06:10,163 --> 00:06:11,456 BECCA: There you go. 130 00:06:11,456 --> 00:06:13,625 MARIANA: I don't know if I want to do that. 131 00:06:15,710 --> 00:06:17,587 So now you know that you can actually use this card? 132 00:06:17,587 --> 00:06:19,213 BECCA: Absolutely. 133 00:06:19,213 --> 00:06:21,633 MARIANA: Tonight there's a guy or a woman somewhere who's 134 00:06:21,633 --> 00:06:24,886 missing $1, and tomorrow will possibly be missing 135 00:06:24,886 --> 00:06:26,387 a lot more. 136 00:06:26,387 --> 00:06:27,263 So tomorrow you're going to go shopping with this? 137 00:06:27,263 --> 00:06:29,599 BECCA: Yeah, definitely. 138 00:06:31,142 --> 00:06:33,603 MARIANA: The next day, Becca invites me to follow her 139 00:06:33,603 --> 00:06:37,357 downtown as she tries to use the card in a store. 140 00:06:39,525 --> 00:06:42,570 So, what kind of shops do you typically target? 141 00:06:42,570 --> 00:06:47,492 BECCA: Local, smaller, family owned shops versus corporate, 142 00:06:47,492 --> 00:06:49,702 big, giant Walmarts and stuff. 143 00:06:49,702 --> 00:06:50,703 MARIANA: Why is that preferable? 144 00:06:50,703 --> 00:06:53,247 BECCA: Because way less security. 145 00:06:53,915 --> 00:06:56,668 My thing is everywhere you go, there's a camera. 146 00:06:56,668 --> 00:06:58,294 That's my fear. 147 00:06:58,294 --> 00:07:00,922 You have to look normal, casual. 148 00:07:04,258 --> 00:07:06,886 MARIANA: Do you ever buy anything with a regular credit card, by any chance? 149 00:07:06,886 --> 00:07:08,054 Or is it all stolen? 150 00:07:08,054 --> 00:07:09,597 BECCA: Yeah. 151 00:07:09,597 --> 00:07:11,766 Steal what you can't buy, buy what you can't steal. 152 00:07:16,646 --> 00:07:18,856 MARIANA: Becca says she never knows how long a stolen 153 00:07:18,856 --> 00:07:21,401 credit card will remain active. 154 00:07:21,401 --> 00:07:23,695 It depends on how quickly the owner, or the bank, 155 00:07:23,695 --> 00:07:26,698 spots the fraudulent activity. 156 00:07:26,698 --> 00:07:28,616 BECCA: What I'm going to do is I'm going to, you know, 157 00:07:28,616 --> 00:07:30,660 look around, see what I find. 158 00:07:30,660 --> 00:07:33,079 Oh, my son would probably love one of those book bags. 159 00:07:33,079 --> 00:07:35,748 MARIANA: So you don't feel comfortable with me going inside, so I'll... 160 00:07:35,748 --> 00:07:37,667 BECCA: I don't think for your own good you should 161 00:07:37,667 --> 00:07:39,085 go in there with me. 162 00:07:39,085 --> 00:07:40,795 MARIANA: I'll stay here. Um, I would say good luck, 163 00:07:40,795 --> 00:07:42,964 but I'm not sure if that's the appropriate thing to say right now. 164 00:07:42,964 --> 00:07:45,049 BECCA: You should. Because, um, God forbid, 165 00:07:45,049 --> 00:07:47,927 you know, like, something that comes up. 166 00:07:47,927 --> 00:07:49,387 MARIANA: Oh, now you're making me nervous. 167 00:07:49,387 --> 00:07:50,847 BECCA: You should be nervous. 168 00:07:50,847 --> 00:07:52,765 It's always 50/50, it's a lottery. 169 00:07:52,765 --> 00:07:55,685 You never know if it's going to work, if it's not going to work. 170 00:07:55,685 --> 00:07:57,520 I'll be right back. 171 00:07:58,062 --> 00:08:00,648 MARIANA: We can actually see right through the shop, 172 00:08:00,648 --> 00:08:02,608 so I will be able, we'll be able to see her inside. 173 00:08:05,778 --> 00:08:07,155 MARIANA: I don't want to look, I don't want to look suspicious, like, we're looking at her. 174 00:08:31,512 --> 00:08:32,638 SHOPKEEPER: Uh. 175 00:08:37,602 --> 00:08:39,145 BECCA: Well, yeah. 176 00:08:39,145 --> 00:08:40,730 MARIANA: So I think she's having trouble with the card right now. 177 00:08:53,785 --> 00:08:56,162 MARIANA: Here she comes. 178 00:08:59,665 --> 00:09:01,667 BECCA: I have returned with my plunder. 179 00:09:01,667 --> 00:09:03,753 MARIANA: They weren't suspicious? 180 00:09:03,753 --> 00:09:05,838 BECCA: No, the other way around, they were trying to help me pay for the (bleep). 181 00:09:05,838 --> 00:09:07,548 They were like, "thank you." 182 00:09:07,548 --> 00:09:09,759 Like, literally you help them help you steal. 183 00:09:12,095 --> 00:09:13,554 MARIANA: Guy who's at home who just lost... 184 00:09:13,554 --> 00:09:16,057 BECCA: No. Hell no. MARIANA: Yeah. But it's, yeah. 185 00:09:16,057 --> 00:09:18,392 But it doesn't, well, I would be angry if it was me. 186 00:09:18,392 --> 00:09:21,062 BECCA: It's a yin and yang. You give some, you take some. 187 00:09:21,062 --> 00:09:22,855 Unless you have, like, a really good education and a 188 00:09:22,855 --> 00:09:25,274 good job, it's just, you can't afford (bleep). 189 00:09:25,274 --> 00:09:27,568 The bigger the stakes are, the bigger the transactions are, 190 00:09:27,568 --> 00:09:29,278 the bigger they're going to come after you. 191 00:09:29,278 --> 00:09:32,031 MARIANA: So that's why you keep it to small transactions. 192 00:09:32,031 --> 00:09:33,616 BECCA: Yeah, definitely. 193 00:09:33,616 --> 00:09:36,077 MARIANA: Oh, my God. I can't believe how easy that was. 194 00:09:36,828 --> 00:09:38,996 Data has now surpassed oil 195 00:09:38,996 --> 00:09:41,999 as the world's most valuable resource. 196 00:09:43,417 --> 00:09:46,170 Worldwide, in 2020 alone, 197 00:09:46,170 --> 00:09:49,715 thieves ran off with more than $28 billion. 198 00:09:50,716 --> 00:09:54,428 It can start with a notification for a single fraudulent charge. 199 00:09:54,428 --> 00:09:57,056 For most, getting that money refunded is 200 00:09:57,056 --> 00:09:59,392 just an inconvenience. 201 00:09:59,392 --> 00:10:02,145 But for a growing number of victims, 202 00:10:02,145 --> 00:10:05,231 the situation escalates quickly. 203 00:10:07,066 --> 00:10:09,944 TIM: At the time, I thought it was a one and done sort of deal. 204 00:10:09,944 --> 00:10:13,281 I've probably had upwards of 25 debit and credit cards 205 00:10:13,281 --> 00:10:15,867 compromised and stolen. 206 00:10:15,867 --> 00:10:18,911 DAVE: It's a really scary thing when you don't know 207 00:10:18,911 --> 00:10:22,540 if the money in your bank account is not going to 208 00:10:22,540 --> 00:10:25,626 be there when you log in next. 209 00:10:26,419 --> 00:10:32,258 JESSICA: At least every month, maybe 2 to 15 transactions 210 00:10:32,258 --> 00:10:35,845 that happen randomly that aren't mine. 211 00:10:36,971 --> 00:10:38,472 TIM: I felt powerless. 212 00:10:38,472 --> 00:10:41,267 They just had access to all of my life savings. 213 00:10:41,267 --> 00:10:43,561 DAVE: People don't always get their money back. 214 00:10:43,561 --> 00:10:47,773 SAMUEL: One thing impacted the next, impacted the next, and 215 00:10:47,773 --> 00:10:50,860 it just kept snowballing. 216 00:10:50,860 --> 00:10:53,404 DAVE: I have no idea when it will end or if it will end. 217 00:10:53,404 --> 00:10:54,572 TIM: I'm a current student. 218 00:10:54,572 --> 00:10:55,907 JESSICA: I work in mental health. 219 00:10:55,907 --> 00:10:57,408 DAVE: I'm in the IT area. 220 00:10:57,408 --> 00:11:01,495 SAMUEL: I am a dancer, teacher, choreographer. 221 00:11:03,164 --> 00:11:05,958 MARIANA: Credit card fraud exploded in 2020, 222 00:11:05,958 --> 00:11:09,211 increasing more than 40%. 223 00:11:09,211 --> 00:11:12,798 The ease and anonymity of the crime has drawn the attention 224 00:11:12,798 --> 00:11:15,843 of street gangs, like the Crips, who used to make their 225 00:11:15,843 --> 00:11:18,763 money in more dangerous ways. 226 00:11:19,722 --> 00:11:20,973 PRIMO: So, have a seat, have a seat. 227 00:11:20,973 --> 00:11:21,766 MARIANA: Here? 228 00:11:21,766 --> 00:11:23,142 PRIMO: Scoot over, man. It's a lady. 229 00:11:23,142 --> 00:11:24,435 MARIANA: Thank you. 230 00:11:24,435 --> 00:11:25,978 So we, can I ask you for a quick question? 231 00:11:25,978 --> 00:11:27,855 Does that gun always have to be here? 232 00:11:34,111 --> 00:11:37,990 MARIANA: This is Primo, who I spoke with on the phone last night. 233 00:11:37,990 --> 00:11:39,533 Do you guys have guns? 234 00:11:39,533 --> 00:11:40,826 PRIMO: Everybody here got a gun. 235 00:11:40,826 --> 00:11:42,620 MARIANA: So how many guns are in this house right now? 236 00:11:42,620 --> 00:11:43,955 Just give me a sense. 237 00:11:43,955 --> 00:11:46,374 PRIMO: (bleep) You sound like ATF right now. 238 00:11:46,374 --> 00:11:47,959 MARIANA: Do you want me to stop asking these questions? 239 00:11:47,959 --> 00:11:49,126 PRIMO: Yeah. 240 00:11:54,632 --> 00:12:02,306 ♪ ♪ 241 00:12:02,306 --> 00:12:04,558 MARIANA: So you're talking about scamming and fraud. 242 00:12:04,558 --> 00:12:06,811 Are you guys all involved in this? 243 00:12:10,273 --> 00:12:12,441 PRIMO: I'd tell you right now that that scamming (bleep) is 244 00:12:12,441 --> 00:12:15,778 pretty much the main market to be in right now if you want to make money. 245 00:12:15,778 --> 00:12:17,029 You want to stay out of trouble. 246 00:12:17,029 --> 00:12:18,906 MARIANA: There's no risk associated with scams? 247 00:12:18,906 --> 00:12:21,993 PROJECT FO: You got people getting life sentences and 248 00:12:21,993 --> 00:12:24,120 getting charged with murder for fentanyl. 249 00:12:24,120 --> 00:12:25,621 You'll get five years doing this game right here. 250 00:12:25,621 --> 00:12:27,623 So, what's the easier ballpark to be in? 251 00:12:27,623 --> 00:12:29,250 This, easy money. 252 00:12:29,250 --> 00:12:31,210 PRIMO: So, what we did is, uh, we started a Scamily. 253 00:12:31,210 --> 00:12:32,461 You know what I'm saying? 254 00:12:32,461 --> 00:12:34,588 That's a family that scams. You feel me? 255 00:12:34,588 --> 00:12:35,923 MARIANA: You said it was a Scamily? 256 00:12:35,923 --> 00:12:37,174 PRIMO: That's my little saying. 257 00:12:37,174 --> 00:12:38,384 I would like to call us a Scamily. 258 00:12:38,384 --> 00:12:39,927 You know, you got to chase the B.O.A. 259 00:12:39,927 --> 00:12:42,138 We treat you better than your family. 260 00:12:43,431 --> 00:12:46,350 MARIANA: Each member of the 'Scamily' specializes in a 261 00:12:46,350 --> 00:12:48,269 different skillset. 262 00:12:48,269 --> 00:12:49,603 PROJECT FO: I'm the phone guy. 263 00:12:49,603 --> 00:12:51,147 MARIANA: You're the phone guy? 264 00:12:51,147 --> 00:12:52,606 PROJECT FO: Yeah. 265 00:12:52,606 --> 00:12:53,774 PRIMO: This is the, this is the prince of Nigeria telling 266 00:12:53,774 --> 00:12:55,109 you to send the money. 267 00:12:55,109 --> 00:12:56,569 Send you a little text. 268 00:12:56,569 --> 00:12:58,529 "Your, your, your bank's been hacked. This is Chase Bank." 269 00:12:58,529 --> 00:13:00,031 MARIANA: Yeah, I've received these things. 270 00:13:00,031 --> 00:13:02,199 PRIMO: "Sending you an online alert. Please sign-in." 271 00:13:02,199 --> 00:13:04,368 And you sign in through there, you got got. 272 00:13:04,368 --> 00:13:06,245 The old school way: stealing information and (bleep). 273 00:13:06,245 --> 00:13:08,039 We realized we don't need that. 274 00:13:08,039 --> 00:13:09,915 People give you the information. 275 00:13:09,915 --> 00:13:11,375 Jwett got his own ways. 276 00:13:11,375 --> 00:13:13,169 He a real good computer guy. 277 00:13:16,756 --> 00:13:18,674 PRIMO: Jwett go, "Doot, doot, doot, doot, doo." 278 00:13:18,674 --> 00:13:22,178 Next thing you know, I got someone's money in that card. 279 00:13:22,595 --> 00:13:25,389 MARIANA: How much money are you guys making from fraud or scams? 280 00:13:25,389 --> 00:13:27,433 PRIMO: Depends, really. Sometimes, it's good days. 281 00:13:27,433 --> 00:13:29,018 Sometimes, it's bad days. 282 00:13:29,018 --> 00:13:30,394 Sometimes, it's really good days. 283 00:13:30,394 --> 00:13:31,729 You feel me? Like.... 284 00:13:31,729 --> 00:13:33,105 MARIANA: Today, for example. PRIMO: (bleep). 285 00:13:33,105 --> 00:13:34,774 MARIANA: Did you get anything? PRIMO: Yeah, yeah. 286 00:13:34,774 --> 00:13:36,859 Today I made a quick, like, $9,000, but it's been a. 287 00:13:36,859 --> 00:13:39,820 MARIANA: What? $9,000? PRIMO: Yeah. 288 00:13:41,322 --> 00:13:42,823 MARIANA: So, do you guys ever feel bad that you're stealing 289 00:13:42,823 --> 00:13:43,908 money from other people? 290 00:13:43,908 --> 00:13:45,534 PRIMO: Not at all. 291 00:13:45,534 --> 00:13:46,494 Under a quarter million, the bank pays that (bleep) back. 292 00:13:46,494 --> 00:13:47,703 Why would I feel bad? I mean. 293 00:13:47,703 --> 00:13:48,496 MARIANA: But you're still stealing from somebody. 294 00:13:48,496 --> 00:13:50,081 It's still not your money. 295 00:13:50,081 --> 00:13:51,791 So is there part of that, do you guys get upset about that? 296 00:13:51,791 --> 00:13:53,084 PRIMO: Look. Look, look. 297 00:13:53,084 --> 00:13:54,543 I did time for robbery and all this (bleep). 298 00:13:54,543 --> 00:13:56,462 I tell you, I feel bad about that sometimes. 299 00:13:56,462 --> 00:13:58,464 You know, that's not such a victimless crime. 300 00:13:58,464 --> 00:14:00,424 You putting a gun to somebody, you, you really traumatizing 301 00:14:00,424 --> 00:14:02,009 somebody, you feel me? 302 00:14:02,009 --> 00:14:03,344 This scamming (bleep) is, "Ah, man, (bleep). 303 00:14:03,344 --> 00:14:05,471 This (bleep) stole $800 from my account." 304 00:14:05,471 --> 00:14:07,264 You'll be all right in the morning. 305 00:14:07,264 --> 00:14:10,101 MARIANA: Hmm. PRIMO: You'll be all right. 306 00:14:10,476 --> 00:14:12,144 SAMUEL: It's not a victimless crime. 307 00:14:12,144 --> 00:14:15,231 There are victims. I'm a victim. 308 00:14:15,815 --> 00:14:18,734 I told the bank that money had been fraudulently taken 309 00:14:18,734 --> 00:14:20,528 from my account. 310 00:14:20,528 --> 00:14:23,697 It was obvious that the bank did not believe me. 311 00:14:23,697 --> 00:14:28,119 Honesty, I don't think a real investigation ever took place. 312 00:14:28,119 --> 00:14:31,080 My economic background plays a part. 313 00:14:31,080 --> 00:14:34,625 The way I look could play a part. 314 00:14:34,625 --> 00:14:40,422 Whether I have 10 million or whether I have $10, 315 00:14:40,422 --> 00:14:44,677 it shouldn't make a difference in terms of how I'm treated. 316 00:14:45,928 --> 00:14:48,806 MARIANA: The 'Scamily's' operation is just the tip of the iceberg. 317 00:14:50,057 --> 00:14:52,476 We've heard rumors that there are gangs engaging in 318 00:14:52,476 --> 00:14:54,895 even more ambitious scams. 319 00:14:54,895 --> 00:14:57,565 Through my sources, a member of the Crips, who we'll call 320 00:14:57,565 --> 00:15:00,734 "Light," agrees to speak with me. 321 00:15:06,740 --> 00:15:10,035 Light has invited me to see the trap house where the gang 322 00:15:10,035 --> 00:15:13,330 dabbles in both the old school methods and the new ones. 323 00:15:19,003 --> 00:15:20,713 MARIANA: What do you have here? 324 00:15:22,923 --> 00:15:24,383 MARIANA: And what, what's this? 325 00:15:27,553 --> 00:15:29,513 MARIANA: So what is, what is this place, where we are? 326 00:15:32,892 --> 00:15:35,352 MARIANA: So, we have drugs, we have guns. 327 00:15:35,352 --> 00:15:36,854 Do you have other guns in the house as well? 328 00:15:40,441 --> 00:15:42,443 MARIANA: And this is where you are doing your business from? 329 00:15:46,697 --> 00:15:49,658 MARIANA: So, I know that this is your place and we have to 330 00:15:49,658 --> 00:15:52,620 get your permission to film here. 331 00:15:52,620 --> 00:15:53,746 Right? 332 00:15:53,746 --> 00:15:56,373 Are you okay with us filming here? 333 00:16:01,128 --> 00:16:02,129 MARIANA: Can you show me that? 334 00:16:07,384 --> 00:16:10,888 MARIANA: At a table with three guns and one laptop, 335 00:16:10,888 --> 00:16:14,516 Light says he'll show me how he made six figures last year. 336 00:16:16,310 --> 00:16:17,978 LIGHT: That's one deposit. 337 00:16:17,978 --> 00:16:19,897 MARIANA: Wow. That's a lot of money. 338 00:16:26,695 --> 00:16:31,575 ♪ ♪ 339 00:16:31,575 --> 00:16:34,036 MARIANA: I'm in the backroom of a Miami trap house, where a 340 00:16:34,036 --> 00:16:36,705 Crips gang member named 'Light' is showing me the 341 00:16:36,705 --> 00:16:39,291 gang's latest hustle. 342 00:16:39,291 --> 00:16:41,001 LIGHT: Do you see this from IDS? 343 00:16:41,001 --> 00:16:43,837 Which means Chicago unemployment. 344 00:16:43,837 --> 00:16:46,006 That's unemployed, but I don't live in Chicago. 345 00:16:46,006 --> 00:16:48,425 I'm in Florida. 346 00:16:48,425 --> 00:16:50,803 MARIANA: Light creates a fake insurance claim using the 347 00:16:50,803 --> 00:16:54,265 victim's real Social Security number and birthday. 348 00:16:54,265 --> 00:16:57,476 This is more than simple credit card fraud. 349 00:16:57,476 --> 00:17:00,479 I'm watching him steal somebody's identity. 350 00:17:00,479 --> 00:17:02,940 LIGHT: All you have to do is use a VPN. 351 00:17:02,940 --> 00:17:04,275 Put your VPN on. 352 00:17:04,275 --> 00:17:05,943 MARIANA: And you pretend that you're in Chicago. 353 00:17:05,943 --> 00:17:06,735 LIGHT: You live in Florida, but your VPN acts like you're 354 00:17:06,735 --> 00:17:09,905 in Chicago on Walnut Street. 355 00:17:09,905 --> 00:17:12,741 MARIANA: A VPN or virtual private network disguises your 356 00:17:12,741 --> 00:17:16,537 online identity by encrypting your connection to a network. 357 00:17:17,079 --> 00:17:19,581 Once a VPN is activated, tracking the location of your 358 00:17:19,581 --> 00:17:22,501 device becomes far more difficult. 359 00:17:22,501 --> 00:17:25,838 LIGHT: You're going to find any random address from Chicago. 360 00:17:32,094 --> 00:17:33,846 You're going to put that address that you find on the 361 00:17:33,846 --> 00:17:37,725 same application that you're filling out the IDS unemployment form 362 00:17:37,725 --> 00:17:39,560 and say that you live at this address you found. 363 00:17:39,560 --> 00:17:41,729 You don't ever have to worry about mail getting sent to you, 364 00:17:41,729 --> 00:17:44,732 or receiving it, because everything is through direct deposit. 365 00:17:45,107 --> 00:17:46,775 MARIANA: Were people making a lot of money from the COVID 366 00:17:46,775 --> 00:17:48,319 assistance programs? 367 00:17:48,319 --> 00:17:51,113 LIGHT: I don't know about people, but I know me. 368 00:17:51,113 --> 00:17:52,323 MARIANA: So that's a... 369 00:17:52,323 --> 00:17:53,365 LIGHT: This is (bleep) crazy. 370 00:17:53,365 --> 00:17:56,452 MARIANA: $19,314. 371 00:17:56,452 --> 00:17:57,911 But you're taking it away from somebody else. 372 00:17:57,911 --> 00:17:58,954 How does that make you feel? 373 00:17:58,954 --> 00:18:00,331 LIGHT: It's a dog eat dog world. 374 00:18:00,331 --> 00:18:02,249 I'd rather you, than me. 375 00:18:02,249 --> 00:18:03,834 Them or us. 376 00:18:03,834 --> 00:18:06,879 And I'm not going to let my kids suffer. 377 00:18:06,879 --> 00:18:10,924 JESSICA: I've never collected unemployment before or disability. 378 00:18:10,924 --> 00:18:15,471 I owe EDD, the state, disability, 379 00:18:15,471 --> 00:18:17,556 Social Security, money. 380 00:18:17,556 --> 00:18:21,518 $60,000 to one of them, another $84,000 to another. 381 00:18:22,895 --> 00:18:24,938 MARIANA: Jessica is a mental healthcare worker who 382 00:18:24,938 --> 00:18:28,901 specializes in people experiencing homelessness. 383 00:18:29,526 --> 00:18:33,447 She's one of nearly 400,000 people whose identities were 384 00:18:33,447 --> 00:18:36,909 used to claim government benefits in 2020. 385 00:18:37,368 --> 00:18:40,913 JESSICA: And I've been telling my bank since September 2020 386 00:18:40,913 --> 00:18:41,955 about the fraud. 387 00:18:41,955 --> 00:18:45,834 And I probably call them on a daily basis. 388 00:18:47,127 --> 00:18:51,507 I don't have my own identity, meaning nothing's mine. 389 00:18:51,840 --> 00:18:55,344 If I want groceries or something, nine times out of ten 390 00:18:55,344 --> 00:18:57,012 it's going to take me a half an hour to get through 391 00:18:57,012 --> 00:18:59,723 the register, because something's not working, 392 00:18:59,723 --> 00:19:01,975 or the money's not there and, 393 00:19:01,975 --> 00:19:04,269 and I've had more taken out, somehow. 394 00:19:04,269 --> 00:19:06,814 I have to renew my passport, my driver's license, 395 00:19:06,814 --> 00:19:09,983 my Social Security card, my birth certificate. 396 00:19:09,983 --> 00:19:11,610 That all costs money. 397 00:19:11,610 --> 00:19:14,196 Right now, my bank account, I'm negative $3,000 and it's 398 00:19:14,196 --> 00:19:16,115 been since January. 399 00:19:16,115 --> 00:19:19,451 I think if it ever ends, 400 00:19:20,494 --> 00:19:23,789 which I don't know if it will, um, 401 00:19:24,832 --> 00:19:27,751 it's gonna be a long recovery to trust people. 402 00:19:38,721 --> 00:19:41,974 MARIANA: This is Assistant Special Agent Charles Leopard. 403 00:19:41,974 --> 00:19:45,018 His department is dedicated to catching data thieves before 404 00:19:45,018 --> 00:19:48,439 stolen information ends up for sale on the dark web. 405 00:19:49,898 --> 00:19:51,275 LEOPARD: So, in this room, this is part of our 406 00:19:51,275 --> 00:19:53,026 computer forensics lab. 407 00:19:53,026 --> 00:19:57,030 This is an example of what we commonly find in gas pumps. 408 00:19:57,030 --> 00:19:59,491 This would be what we call more of an overlay skimmer. 409 00:19:59,491 --> 00:20:01,869 They would replace the card reader that's currently there. 410 00:20:01,869 --> 00:20:05,831 We call this a shimmer and these were designed to go into 411 00:20:05,831 --> 00:20:08,709 an existing card reader. 412 00:20:08,709 --> 00:20:11,420 MARIANA: Agent Leopard and his team show us how older methods 413 00:20:11,420 --> 00:20:13,964 of theft are constantly being updated. 414 00:20:15,007 --> 00:20:16,467 INVESTIGATOR: More and more of these skimmers are 415 00:20:16,467 --> 00:20:17,968 Bluetooth enabled. 416 00:20:17,968 --> 00:20:20,471 The reason behind that is that you have the individuals that 417 00:20:20,471 --> 00:20:22,473 now don't have to go back in and take the skimmer 418 00:20:22,473 --> 00:20:25,017 off the gas pump. 419 00:20:28,854 --> 00:20:29,855 OFFICER: Good morning everybody. 420 00:20:29,855 --> 00:20:31,607 Thank you for being here today. 421 00:20:31,607 --> 00:20:34,735 We're going to be briefing in regards to the arrest of a 422 00:20:34,735 --> 00:20:38,447 known large-scale trafficker of stolen credit card account 423 00:20:38,447 --> 00:20:40,532 numbers obtained from illegally placed credit card 424 00:20:40,532 --> 00:20:43,702 skimming devices at gasoline pumps. 425 00:20:44,328 --> 00:20:45,496 LEOPARD: Now, we'll just have them park there and tell them 426 00:20:45,496 --> 00:20:48,332 to just hang out, until we figure things out. 427 00:20:48,332 --> 00:20:50,209 All right, man. 428 00:20:50,209 --> 00:20:52,336 MARIANA: Leopard is part of a joint operation between the 429 00:20:52,336 --> 00:20:55,672 secret service and local police. 430 00:20:55,672 --> 00:20:57,549 They're tracking down one of these scammers who 431 00:20:57,549 --> 00:21:01,261 steals credit card information from gas stations. 432 00:21:07,851 --> 00:21:10,145 OFFICER (over phone): We're all good to go, so start rolling through. 433 00:21:10,145 --> 00:21:11,939 OFFICER: All right. 434 00:21:18,111 --> 00:21:20,739 (speaking Spanish) 435 00:21:21,323 --> 00:21:22,825 OFFICER: Back up. OFFICER: Stay right there. 436 00:21:22,825 --> 00:21:24,451 (speaking Spanish) 437 00:21:24,451 --> 00:21:25,911 MAN: Go ahead, man. 438 00:21:25,911 --> 00:21:27,538 OFFICER: Police warrant! 439 00:21:27,538 --> 00:21:28,789 Come to the door! 440 00:21:28,789 --> 00:21:30,582 OFFICER: You're clear right. 441 00:21:31,416 --> 00:21:32,835 OFFICER 2: Watch your right. Back of the room. 442 00:21:32,835 --> 00:21:35,712 OFFICER: Go ahead. Go ahead. 443 00:21:36,255 --> 00:21:37,714 OFFICER: Police! 444 00:21:37,714 --> 00:21:39,466 (crying) 445 00:21:39,466 --> 00:21:42,135 MARIANA: In the end, the suspect is arrested. 446 00:21:42,135 --> 00:21:43,262 LEOPARD: Okay. OFFICER: Okay? 447 00:21:43,262 --> 00:21:45,430 We're gonna take him in mine... 448 00:21:46,181 --> 00:21:48,475 MARIANA: Leopard says these street-level data thieves 449 00:21:48,475 --> 00:21:51,061 have recognized that skimmers are an easy way 450 00:21:51,061 --> 00:21:53,105 to make a quick buck. 451 00:21:53,105 --> 00:21:58,151 But the secret service has been tracking the rise of a much bigger threat. 452 00:21:59,403 --> 00:22:00,863 REPORTER: Ransomware attacks against TV stations, 453 00:22:00,863 --> 00:22:04,032 food and fuel suppliers, hospitals, water systems 454 00:22:04,032 --> 00:22:06,159 and all levels of government. 455 00:22:06,159 --> 00:22:08,954 REPRESENTATIVE: Behind these sophisticated attacks, 456 00:22:08,954 --> 00:22:11,623 there is real world harm where people's life savings, 457 00:22:11,623 --> 00:22:15,127 people's, uh, companies are being compromised by 458 00:22:15,127 --> 00:22:16,962 these individuals. 459 00:22:17,379 --> 00:22:20,173 MARIANA: Ransomware is a type of malicious software that 460 00:22:20,173 --> 00:22:23,635 attackers use to infect computers and then hold 461 00:22:23,635 --> 00:22:28,682 sensitive data hostage, until the victim pays for its release. 462 00:22:29,266 --> 00:22:33,520 In 2021, nearly 70% of businesses worldwide 463 00:22:33,520 --> 00:22:37,149 were victimized by ransomware. 464 00:22:37,149 --> 00:22:39,359 LEOPARD: So one of the biggest issues with cybercrime is that 465 00:22:39,359 --> 00:22:41,945 it is borderless. 466 00:22:42,946 --> 00:22:45,699 You normally have networks of criminals. 467 00:22:45,699 --> 00:22:49,286 And you may have a hacker who resides in Romania or Eastern Europe. 468 00:22:49,286 --> 00:22:51,163 BIDEN: Responsible countries need to take action against 469 00:22:51,163 --> 00:22:55,667 criminals who conduct ransomware activities on their territory. 470 00:22:55,667 --> 00:22:57,210 REPORTER (over TV): We know tha it's concentrated in Romania. 471 00:22:57,210 --> 00:22:58,837 REPORTER (over TV): Romania. 472 00:22:58,837 --> 00:23:00,130 REPORTER (over TV): Romania in Southeastern Europe is 473 00:23:00,130 --> 00:23:03,383 considered the cybercrime capital of the world. 474 00:23:03,383 --> 00:23:05,177 MARIANA: That's my next stop. 475 00:23:05,177 --> 00:23:07,721 I want to know why Romania has become such a hotbed for 476 00:23:07,721 --> 00:23:10,432 cybercrime and try to track down 477 00:23:10,432 --> 00:23:13,060 one of these ransomware attackers. 478 00:23:19,358 --> 00:23:26,573 ♪ ♪ 479 00:23:26,573 --> 00:23:28,867 MARIANA: I kept hearing about Romania, Romania. 480 00:23:28,867 --> 00:23:30,160 Why Romania? 481 00:23:30,160 --> 00:23:32,162 ALINKA: Romania has the fastest internet speed. 482 00:23:32,162 --> 00:23:34,957 It's not the top internet speed of the world, 483 00:23:34,957 --> 00:23:36,708 but it's in the top five. 484 00:23:37,876 --> 00:23:39,586 MARIANA: Alinka is a local producer who grew up at 485 00:23:39,586 --> 00:23:41,922 the height of the internet boom in Romania. 486 00:23:41,922 --> 00:23:43,882 ALINKA: Right after the communist regime fell, 487 00:23:43,882 --> 00:23:45,884 it was pretty much the wild west over here. 488 00:23:45,884 --> 00:23:47,928 There was absolutely no regulation. 489 00:23:47,928 --> 00:23:49,429 MARIANA: Oh. 490 00:23:49,429 --> 00:23:51,056 ALINKA: That's why you had so many hackers flourishing here. 491 00:23:51,056 --> 00:23:53,809 Nobody knew what they were doing in order to combat them. 492 00:23:53,809 --> 00:23:56,311 We have a lot of engineers, a lot of tech savvy people here. 493 00:23:56,311 --> 00:23:57,854 MARIANA: Mm-hmm. 494 00:23:57,854 --> 00:24:00,482 ALINKA: It's part of the culture, if you want, to be 495 00:24:00,482 --> 00:24:04,736 tech savvy was seen as this epiphany of intellectualness. 496 00:24:04,736 --> 00:24:06,279 MARIANA: Mm-hmm. 497 00:24:06,655 --> 00:24:08,573 I know it's been hard to get people to talk to us. 498 00:24:08,573 --> 00:24:11,034 Does it look like we, we're gonna be able to talk to people? 499 00:24:11,034 --> 00:24:13,620 ALINKA: People involved in criminal activities are also 500 00:24:13,620 --> 00:24:15,122 weary because they're, sometimes they don't even 501 00:24:15,122 --> 00:24:16,331 believe you're a journalist. 502 00:24:16,331 --> 00:24:17,749 You might be an undercover cop. 503 00:24:17,749 --> 00:24:19,167 MARIANA: Right. 504 00:24:19,167 --> 00:24:21,128 ALINKA: Well, let's see how your charm works because mine 505 00:24:21,128 --> 00:24:24,005 is a little bit at the end right now. 506 00:24:27,718 --> 00:24:31,138 MARIANA: The next morning, I get my chance. 507 00:24:31,138 --> 00:24:33,557 Alinka gives me the address of a notorious hacker, 508 00:24:33,557 --> 00:24:37,227 who lives in a middle class neighborhood in Bucharest. 509 00:24:37,227 --> 00:24:39,062 ALINK (over phone): Be careful, he's a little bit skittish. 510 00:24:39,062 --> 00:24:42,482 He's waiting for you, but he's a little bit nervous and well, 511 00:24:42,482 --> 00:24:44,609 he's an active, a real active hacker, so. 512 00:24:44,609 --> 00:24:45,944 MARIANA: Okay. 513 00:24:45,944 --> 00:24:47,195 ALINKA (over phone): Expect skittishness. 514 00:24:47,195 --> 00:24:48,321 MARIANA: Okay, yeah. 515 00:24:48,321 --> 00:24:49,948 ALINKA (over phone): Good luck. 516 00:24:55,162 --> 00:24:56,246 JOHN SMITH (over intercom): Hello? 517 00:24:56,246 --> 00:24:58,165 MARIANA: Hi, Mariana here. 518 00:24:58,165 --> 00:24:59,499 JOHN SMITH (over intercom): Hi. Come on. 519 00:24:59,499 --> 00:25:02,002 MARIANA: Okay, thank you. 520 00:25:05,088 --> 00:25:07,174 He's pulled out a couple of times already. 521 00:25:07,174 --> 00:25:11,219 I'm hoping that he's still interested in talking to us. 522 00:25:19,478 --> 00:25:21,563 Do you characterize yourself as being a hacker? 523 00:25:21,563 --> 00:25:23,607 JOHN SMITH: I have a problem with the definition. 524 00:25:23,607 --> 00:25:25,400 MARIANA: Why's that? 525 00:25:25,400 --> 00:25:28,069 JOHN SMITH: There are hackers and then there are hackers. 526 00:25:28,069 --> 00:25:32,240 Most of the time, what you see on the news, that's just 527 00:25:32,240 --> 00:25:34,868 somebody that managed to pick up a piece of software, 528 00:25:34,868 --> 00:25:36,912 then they got caught because they didn't know 529 00:25:36,912 --> 00:25:38,413 what they were doing. 530 00:25:38,413 --> 00:25:40,207 MARIANA: How many people do you think here in Romania are 531 00:25:40,207 --> 00:25:41,792 capable of doing what you do? 532 00:25:41,792 --> 00:25:44,169 JOHN SMITH: I guess less than ten. 533 00:25:44,169 --> 00:25:46,838 MARIANA: Wow. Less than ten. 534 00:25:46,838 --> 00:25:50,175 JOHN SMITH: You enjoy the power, let's say, to do it. 535 00:25:51,343 --> 00:25:54,137 MARIANA: Meet a man we'll call John Smith. 536 00:25:54,137 --> 00:25:57,099 By day, he's a cyber-security specialist. 537 00:25:57,099 --> 00:26:02,395 But after hours, he's a developer of ransomware and spyware. 538 00:26:05,190 --> 00:26:07,359 Do you consider yourself a good guy or a bad guy? 539 00:26:07,359 --> 00:26:10,070 JOHN SMITH: It depends. 540 00:26:10,904 --> 00:26:14,032 If I'm over here at this computer, then I'm doing 541 00:26:14,032 --> 00:26:16,993 security for different companies. 542 00:26:16,993 --> 00:26:21,665 If I'm someplace else, 543 00:26:21,665 --> 00:26:24,209 I take a laptop and go and have some fun. 544 00:26:24,209 --> 00:26:26,253 Then I'm the other guy. 545 00:26:26,253 --> 00:26:28,004 MARIANA: The bad guy? 546 00:26:29,673 --> 00:26:31,842 What can you tell me about ransomware attacks? 547 00:26:31,842 --> 00:26:35,470 JOHN SMITH: It's just a basic blackmailing scheme. 548 00:26:36,012 --> 00:26:38,849 And all you need is a way in. 549 00:26:38,849 --> 00:26:43,520 And then if you're able to encrypt all the computers, 550 00:26:43,520 --> 00:26:45,605 that's the game. 551 00:26:45,605 --> 00:26:48,108 Just delete the encryption key, keep it for yourself and 552 00:26:48,108 --> 00:26:51,069 if they pay you, give it back, or not. 553 00:26:51,069 --> 00:26:53,071 MARIANA: Right. 554 00:26:53,071 --> 00:26:55,240 JOHN SMITH: Need my laptop. 555 00:26:55,240 --> 00:26:57,534 You know, I'm working on a small side project. 556 00:26:57,534 --> 00:26:59,494 Antennas. 557 00:26:59,494 --> 00:27:01,163 Okay. 558 00:27:01,163 --> 00:27:02,330 We're going in the field. 559 00:27:02,330 --> 00:27:03,456 MARIANA: Oh, we're going in the field? 560 00:27:03,456 --> 00:27:04,833 You're taking me with you? 561 00:27:04,833 --> 00:27:06,334 JOHN SMITH: I don't know. You want to come? 562 00:27:06,334 --> 00:27:07,460 MARIANA: Yeah, I do. 563 00:27:07,460 --> 00:27:08,587 JOHN SMITH: Are you sure? 564 00:27:08,587 --> 00:27:10,547 MARIANA: Oh, yeah. I'm very sure. 565 00:27:13,049 --> 00:27:17,179 ♪ ♪ 566 00:27:18,471 --> 00:27:20,390 JOHN SMITH: So we're going to the main headquarters 567 00:27:20,390 --> 00:27:23,226 of this utility company, just to check out 568 00:27:23,226 --> 00:27:25,353 their wireless infrastructure. 569 00:27:25,729 --> 00:27:28,189 What I'm trying to figure out, if there's actually any 570 00:27:28,189 --> 00:27:30,734 security whatsoever. 571 00:27:30,734 --> 00:27:34,654 This is a wireless adapter that has quite an increased range. 572 00:27:38,408 --> 00:27:40,952 MARIANA: Oh, my God, the police. 573 00:27:40,952 --> 00:27:42,329 Do you want to go somewhere else? 574 00:27:42,329 --> 00:27:45,248 JOHN SMITH: Ah, we are moving to the secondary position. 575 00:27:48,376 --> 00:27:49,502 That was weird. 576 00:27:49,502 --> 00:27:52,172 And we're, we're moving. 577 00:27:52,839 --> 00:27:58,178 That wasn't the police, that was the Romanian Intelligence Service. 578 00:28:01,932 --> 00:28:05,644 So, I'm just gonna do this again. 579 00:28:05,644 --> 00:28:08,521 MARIANA: I was a little nervous before, now I'm extra nervous. 580 00:28:10,357 --> 00:28:12,525 You're trying to see if there's a vulnerability, 581 00:28:12,525 --> 00:28:13,860 if you can get into the Wi-Fi. 582 00:28:13,860 --> 00:28:15,278 JOHN SMITH: Yeah. MARIANA: Without a password. 583 00:28:16,863 --> 00:28:19,157 I think it's the first time in my life that I'm actually 584 00:28:19,157 --> 00:28:21,993 witnessing somebody hacking. 585 00:28:21,993 --> 00:28:24,996 So the company is the glass building actually right behind, 586 00:28:24,996 --> 00:28:26,373 right next to us. 587 00:28:26,373 --> 00:28:28,750 JOHN SMITH: Yeah. All of it. All of it, yeah. 588 00:28:29,042 --> 00:28:31,169 MARIANA: What John is attempting happens in various 589 00:28:31,169 --> 00:28:34,798 forms every day around the globe. 590 00:28:34,798 --> 00:28:38,218 Sometimes to devastating effect. 591 00:28:39,302 --> 00:28:40,512 DAWNA: Good evening and thanks for joining us. 592 00:28:40,512 --> 00:28:42,555 We begin with the brazen cyber-attack that has shut 593 00:28:42,555 --> 00:28:45,517 down the biggest pipeline in the United States. 594 00:28:45,517 --> 00:28:49,354 MARIANA: In May of 2021, Colonial Pipeline became the 595 00:28:49,354 --> 00:28:51,773 victim of a ransomware attack. 596 00:28:51,773 --> 00:28:55,402 It wreaked so much havoc, the company shut down operations 597 00:28:55,402 --> 00:29:00,281 to the pipeline that supplies 45% of fuel to the east coast. 598 00:29:01,199 --> 00:29:03,994 BIDEN: I want to update everyone on the ransomware 599 00:29:03,994 --> 00:29:07,789 cyber-attack that impacted on the Colonial Pipeline 600 00:29:07,789 --> 00:29:08,957 over this past week. 601 00:29:09,499 --> 00:29:12,419 REPORTER: Colonial Pipeline paid nearly $5 million in 602 00:29:12,419 --> 00:29:15,296 ransom to hackers who infiltrated their system. 603 00:29:16,256 --> 00:29:19,342 JOHN SMITH: The main company seems to have taken at least a 604 00:29:19,342 --> 00:29:22,595 few steps towards protecting themselves. 605 00:29:22,595 --> 00:29:27,058 But it's not that. There is no Wi-Fi here. 606 00:29:27,058 --> 00:29:29,269 MARIANA: How is that possible? 607 00:29:29,269 --> 00:29:31,730 JOHN SMITH: It's too far inside of the building and 608 00:29:31,730 --> 00:29:34,858 we can't get it from out here. 609 00:29:34,858 --> 00:29:36,484 And now we go to plan B. 610 00:29:36,484 --> 00:29:38,319 MARIANA: What's plan B? 611 00:29:38,319 --> 00:29:42,032 JOHN SMITH: Plan B is to go to a smaller company that's 612 00:29:42,032 --> 00:29:43,867 part of this one, that shouldn't have the same 613 00:29:43,867 --> 00:29:45,827 level of security. 614 00:29:45,827 --> 00:29:48,329 MARIANA: Affiliated companies often share the same network 615 00:29:48,329 --> 00:29:51,708 access, but might have less stringent security. 616 00:29:52,333 --> 00:29:54,419 In the case of Colonial Pipeline, the ransomware 617 00:29:54,419 --> 00:29:57,547 attackers didn't gain access to the operational network 618 00:29:57,547 --> 00:30:00,842 controlling the pipeline itself, they found a way in 619 00:30:00,842 --> 00:30:04,304 through the company's billing system. 620 00:30:04,304 --> 00:30:06,556 JOHN SMITH: The whole problem with security is that the good 621 00:30:06,556 --> 00:30:10,310 guys need to find each and every hole in the system. 622 00:30:10,310 --> 00:30:12,437 The bad guy needs to find one. 623 00:30:20,528 --> 00:30:27,327 ♪ ♪ 624 00:30:32,332 --> 00:30:33,750 MARIANA: I'm with a man that some consider 625 00:30:33,750 --> 00:30:36,711 one of the top hackers in Romania. 626 00:30:36,711 --> 00:30:40,632 He's attempting to get inside the computer system of a major utility. 627 00:30:41,466 --> 00:30:48,139 ♪ ♪ 628 00:30:49,682 --> 00:30:51,768 JOHN SMITH: Let's try this again. 629 00:30:54,813 --> 00:30:58,149 This is just gonna go with some passwords and try and get in. 630 00:30:58,149 --> 00:30:59,692 MARIANA: Oh, wow. 631 00:30:59,692 --> 00:31:01,611 JOHN SMITH: It just found the key. 632 00:31:01,611 --> 00:31:02,946 MARIANA: Okay. 633 00:31:02,946 --> 00:31:04,989 So now that you have this information, you have a way in? 634 00:31:04,989 --> 00:31:07,575 JOHN SMITH: I have a way into their local network over here. 635 00:31:07,575 --> 00:31:11,621 You search for vulnerable computers and hopefully we can 636 00:31:11,621 --> 00:31:15,250 gain some traction on our target, the power company. 637 00:31:15,250 --> 00:31:17,794 MARIANA: Are you shocked that you were able to actually get in? 638 00:31:17,794 --> 00:31:19,212 Are you surprised? 639 00:31:19,212 --> 00:31:23,299 JOHN SMITH: I'm surprised that their security measures are 640 00:31:23,299 --> 00:31:25,051 basically nonexistent. 641 00:31:25,051 --> 00:31:28,805 When you manage to get a foot in the door this easily, 642 00:31:28,805 --> 00:31:33,143 it's probably going to get even easier from here on out. 643 00:31:33,143 --> 00:31:35,228 MARIANA: And then what do you do with that information? 644 00:31:35,228 --> 00:31:37,564 JOHN SMITH: We will see. 645 00:31:38,565 --> 00:31:41,568 MARIANA: John insists this 'side project' was just to 646 00:31:41,568 --> 00:31:43,403 satisfy his curiosity. 647 00:31:43,403 --> 00:31:46,030 But he could make a lot of money if he decided to take 648 00:31:46,030 --> 00:31:48,241 the experiment further. 649 00:31:48,241 --> 00:31:51,744 In the ransomware game, this role is known as an 650 00:31:51,744 --> 00:31:54,289 initial access broker. 651 00:31:54,289 --> 00:31:57,167 Someone who sells the details of how to access a computer 652 00:31:57,167 --> 00:32:01,796 network to other criminals, who then conduct the attack. 653 00:32:01,796 --> 00:32:04,174 It's a lucrative gig. 654 00:32:12,807 --> 00:32:15,685 I want to learn more. 655 00:32:16,644 --> 00:32:18,730 CATALIN: So this is our threat map. 656 00:32:18,730 --> 00:32:21,232 MARIANA: Bitdefender tracks reports of hacking and 657 00:32:21,232 --> 00:32:24,068 cyber security threats all around the world. 658 00:32:24,068 --> 00:32:25,904 This is what's happening right now? In real life? 659 00:32:25,904 --> 00:32:26,821 CATALIN: Yes. This is real-time. 660 00:32:26,821 --> 00:32:28,865 This is just 3% of what we see. 661 00:32:28,865 --> 00:32:30,325 MARIANA: Really? CATALIN: Yeah, yeah. 662 00:32:30,325 --> 00:32:31,701 MARIANA: So if everything was here, what would we be seeing? 663 00:32:31,701 --> 00:32:32,744 Just... 664 00:32:32,744 --> 00:32:34,120 CATALIN: It would be all red. 665 00:32:34,120 --> 00:32:36,539 The human eye wouldn't be able to, to see all the dots. 666 00:32:36,539 --> 00:32:40,293 BOGDAN: We process about 36 billion events every day. 667 00:32:40,293 --> 00:32:42,378 MARIANA: No. BOGDAN: So, yes. 668 00:32:44,255 --> 00:32:46,257 MARIANA: Bitdefender has been collecting data on 669 00:32:46,257 --> 00:32:48,593 cyber-attacks for decades. 670 00:32:48,593 --> 00:32:51,888 But in recent years, their threat map is increasingly 671 00:32:51,888 --> 00:32:55,725 being overrun with ransomware cases carried out by a new 672 00:32:55,725 --> 00:32:58,937 generation of professionals. 673 00:32:58,937 --> 00:33:01,314 CATALIN: Ransomware has been around for the past 32 years, 674 00:33:01,314 --> 00:33:04,901 but only in the last five years that it's became so prevalent. 675 00:33:04,901 --> 00:33:07,946 They are more organized and more better prepared than 676 00:33:07,946 --> 00:33:10,573 many of the organizations out there. 677 00:33:10,573 --> 00:33:12,909 MARIANA: Everybody's a possible victim of this. 678 00:33:12,909 --> 00:33:16,162 Like hospitals, I'm assuming airports, governments, 679 00:33:16,162 --> 00:33:17,914 weapons companies. 680 00:33:17,914 --> 00:33:19,624 CATALIN: So cyber-attacks can lead to... 681 00:33:19,624 --> 00:33:21,084 MARIANA: To death. Yeah. CATALIN: Yeah, yeah. 682 00:33:21,084 --> 00:33:22,710 If it's critical infrastructure, we're talking 683 00:33:22,710 --> 00:33:24,379 about tens of millions of dollars. 684 00:33:24,379 --> 00:33:26,839 So they're actually running this cybercrime as they're 685 00:33:26,839 --> 00:33:28,132 running a business. 686 00:33:28,132 --> 00:33:29,717 They have their PR person. 687 00:33:29,717 --> 00:33:30,760 They have negotiators. 688 00:33:30,760 --> 00:33:33,388 They have tools that to, to launder money. 689 00:33:33,388 --> 00:33:35,848 MARIANA: The level of organization surprised me, 690 00:33:35,848 --> 00:33:38,851 the cyber criminals I've met are all about keeping 691 00:33:38,851 --> 00:33:40,979 a low profile. 692 00:33:40,979 --> 00:33:43,898 But these ransomware cartels are different, and more 693 00:33:43,898 --> 00:33:47,568 ruthless than anything I'd encountered before. 694 00:33:47,568 --> 00:33:52,073 Some of their favorite targets include hospitals and schools. 695 00:33:53,866 --> 00:33:55,910 JIM: So as I'm driving home that night and I'm starting to 696 00:33:55,910 --> 00:34:00,999 get more and more, um, texts and calls about problems that 697 00:34:00,999 --> 00:34:02,333 people are experiencing. 698 00:34:02,333 --> 00:34:05,420 I'm very quickly realizing that this is not just a few 699 00:34:05,420 --> 00:34:07,922 isolated incidences, but there's something 700 00:34:07,922 --> 00:34:09,716 bigger going on. 701 00:34:09,716 --> 00:34:11,968 MARIANA: On the night before Thanksgiving in 2020, 702 00:34:11,968 --> 00:34:15,930 a ransomware group attacked the Baltimore County school system, 703 00:34:15,930 --> 00:34:18,391 taking its computer network hostage. 704 00:34:18,391 --> 00:34:21,686 Jim Corns is the executive director of the county's 705 00:34:21,686 --> 00:34:23,563 IT department. 706 00:34:23,563 --> 00:34:26,858 JIM: As we realized that, that we had had an attack, 707 00:34:26,858 --> 00:34:30,028 we had to call our leadership in, in the school system to 708 00:34:30,028 --> 00:34:31,904 let them know that something was happening, 709 00:34:31,904 --> 00:34:35,033 because decisions had to be made right away. 710 00:34:35,033 --> 00:34:37,201 We had a day of school that was coming up the next day, 711 00:34:37,201 --> 00:34:40,913 and, and we didn't have a way to present instruction. 712 00:34:40,913 --> 00:34:42,790 MARIANA: This was peak COVID. 713 00:34:42,790 --> 00:34:45,793 Baltimore County's 156 schools, 714 00:34:45,793 --> 00:34:50,131 and more than 100,000 students were all virtual. 715 00:34:50,131 --> 00:34:53,343 That's why schools have become such obvious targets. 716 00:34:53,634 --> 00:34:56,888 Lock teachers and staff out of their devices and the entire 717 00:34:56,888 --> 00:34:59,766 school system is paralyzed. 718 00:34:59,766 --> 00:35:04,395 JIM: It was inexplicably, uh, stressful. 719 00:35:04,395 --> 00:35:06,939 Every minute that we weren't on the problem was a minute 720 00:35:06,939 --> 00:35:09,025 that we, we had lost. 721 00:35:09,025 --> 00:35:10,902 Our students weren't in contact with our teachers. 722 00:35:10,902 --> 00:35:14,614 And there was more pressure than I've, I've ever felt. 723 00:35:14,614 --> 00:35:18,868 We have contacted both local and federal, uh, law enforcement. 724 00:35:19,243 --> 00:35:21,788 KELLY: The ransomware attack on Baltimore County public schools 725 00:35:21,788 --> 00:35:25,083 is hurting an already hard-hit educational effort. 726 00:35:25,083 --> 00:35:26,918 MARIANA: Jim won't say whether the county paid 727 00:35:26,918 --> 00:35:28,753 the attackers or not. 728 00:35:28,753 --> 00:35:31,047 But there are reports that the cost of the attack is nearing 729 00:35:31,047 --> 00:35:33,633 $10 million. 730 00:35:33,633 --> 00:35:36,636 And he tells me that doesn't include damages like decades 731 00:35:36,636 --> 00:35:40,139 of lost teaching materials and student records. 732 00:35:40,640 --> 00:35:43,893 JIM: It's like having our house burned down and walking 733 00:35:43,893 --> 00:35:47,063 through that house, looking for anything that was left. 734 00:35:47,063 --> 00:35:50,983 One of the, the biggest things we lost was our 735 00:35:50,983 --> 00:35:53,111 sense of security. 736 00:35:53,861 --> 00:35:58,074 When everything is suspect, uh, you, you don't trust any 737 00:35:58,074 --> 00:36:00,493 of the, the systems that you have. 738 00:36:00,493 --> 00:36:03,329 And we end up with this feeling that there's something 739 00:36:03,329 --> 00:36:06,124 lurking there, waiting for you. 740 00:36:06,124 --> 00:36:08,000 MARIANA: That's who I want to find; one of the 741 00:36:08,000 --> 00:36:10,294 big ransomware players. 742 00:36:10,294 --> 00:36:12,004 And as I continue to research, 743 00:36:12,004 --> 00:36:14,757 one name keeps rising to the surface. 744 00:36:15,425 --> 00:36:16,426 WOMAN: LockBit. MAN: LockBit. 745 00:36:16,426 --> 00:36:17,635 MAN: LockBit. MAN: LockBit. 746 00:36:17,635 --> 00:36:19,220 REPORTER: As LockBit ransomware. 747 00:36:19,220 --> 00:36:21,139 MARIANA: I find it in FBI reports. 748 00:36:21,139 --> 00:36:23,099 And in hacker forums. 749 00:36:23,099 --> 00:36:25,101 It's both the name of the ransomware group with the 750 00:36:25,101 --> 00:36:28,855 fastest encryption speeds in the world and the name of the 751 00:36:28,855 --> 00:36:32,483 leader and developer at the top of this formidable organization. 752 00:36:34,068 --> 00:36:36,863 MAN: We hacked your company yesterday and now we have 753 00:36:36,863 --> 00:36:39,991 around 80 gigabytes of your company data. 754 00:36:39,991 --> 00:36:42,118 MARIANA: The rumors about him swirled. 755 00:36:42,118 --> 00:36:43,494 But there's no doubt 756 00:36:43,494 --> 00:36:44,954 that LockBit's attacks 757 00:36:44,954 --> 00:36:47,707 are creating chaos around the globe. 758 00:36:47,707 --> 00:36:50,793 Which is why I really want to find him. 759 00:36:51,210 --> 00:36:53,337 His name is 'LockBit.' Have you heard of them? 760 00:36:53,337 --> 00:36:54,964 JON: Oh, yeah! 761 00:36:54,964 --> 00:36:57,258 LockBit's one of the most dangerous and effective groups 762 00:36:57,258 --> 00:36:59,552 that exist today. 763 00:36:59,552 --> 00:37:01,846 MARIANA: Reaching out to anyone in the underworld is 764 00:37:01,846 --> 00:37:04,682 always tricky but the search for LockBit makes me 765 00:37:04,682 --> 00:37:06,767 especially nervous. 766 00:37:06,767 --> 00:37:09,771 He's engaged in attacks right now, complete with countdown 767 00:37:09,771 --> 00:37:13,149 clocks, tracking when he'll release sensitive data if a 768 00:37:13,149 --> 00:37:15,985 ransom isn't paid. 769 00:37:15,985 --> 00:37:17,528 Back in the States, 770 00:37:17,528 --> 00:37:20,490 I connect with several security experts for guidance. 771 00:37:20,490 --> 00:37:23,242 NATE: If you get in contact, what they're probably going to do is they're going to want to 772 00:37:23,242 --> 00:37:25,036 talk to you on, like, one of these secured messaging clients. 773 00:37:25,036 --> 00:37:26,370 MARIANA: Mm-hmm. Mm-hmm. 774 00:37:26,370 --> 00:37:27,830 NATE: So there's one that uses, uh, what's called the 775 00:37:27,830 --> 00:37:29,499 Tor Network, which is an anonymized, it's where the 776 00:37:29,499 --> 00:37:31,083 dark web is. Right? 777 00:37:31,083 --> 00:37:32,251 MARIANA: The dark web, yup. 778 00:37:32,251 --> 00:37:33,544 You know, I'm a little bit on edge dealing with. 779 00:37:33,544 --> 00:37:35,129 JON (over phone): Yeah. 780 00:37:35,129 --> 00:37:36,839 MARIANA: The person that I know can find out everything 781 00:37:36,839 --> 00:37:39,509 he wants about me in a second, so that puts, that makes me nervous. 782 00:37:39,509 --> 00:37:41,177 JON (over phone): Right. 783 00:37:41,177 --> 00:37:43,012 That's a good thing, because being, being nervous means 784 00:37:43,012 --> 00:37:45,223 you're going to be paranoid, and being paranoid is what's 785 00:37:45,223 --> 00:37:47,016 going to keep you safe when you're dealing with this 786 00:37:47,016 --> 00:37:48,392 sort of element. 787 00:37:48,392 --> 00:37:49,852 MARIANA: Yeah. They're the people that everybody else is 788 00:37:49,852 --> 00:37:51,729 running away from and we're chasing. 789 00:37:51,729 --> 00:37:54,398 JON (over phone): Yeah. Exactly. 790 00:37:54,398 --> 00:37:56,192 NATE: So they're probably going to do some level of 791 00:37:56,192 --> 00:37:58,986 reconnaissance against you, just to make sure that you're 792 00:37:58,986 --> 00:38:01,656 not the FBI or, you know, the NSA, or something. 793 00:38:01,656 --> 00:38:03,115 MARIANA: Mm-hmm. 794 00:38:03,115 --> 00:38:05,201 NATE: The thing that I would definitely, um, caution you is 795 00:38:05,201 --> 00:38:07,829 that they know that they're cybercriminals, but do treat 796 00:38:07,829 --> 00:38:09,455 them, treat them with respect. 797 00:38:09,455 --> 00:38:12,208 MARIANA: Um, so if I was to try and get in touch with, 798 00:38:12,208 --> 00:38:14,377 you know, the people at the top, what, what do you think 799 00:38:14,377 --> 00:38:16,045 I should do? How do I start? 800 00:38:16,045 --> 00:38:19,257 NATE: One of my guys has some friends, he, he knows a middle man 801 00:38:19,257 --> 00:38:22,051 that can talk to these folks on your behalf and set it up. 802 00:38:22,051 --> 00:38:25,596 And so basically, he's, he will probably broker the conversation. 803 00:38:25,596 --> 00:38:27,640 MARIANA: That's great. 804 00:38:28,349 --> 00:38:31,102 The person I begin texting with is called Blackrabbit. 805 00:38:31,102 --> 00:38:35,064 He or she tells me these forums are heavily encrypted 806 00:38:35,064 --> 00:38:38,192 and guarded against outsiders. 807 00:38:39,485 --> 00:38:42,655 But Blackrabbit agrees to vouch for me if I can prove 808 00:38:42,655 --> 00:38:44,782 I am who I say I am. 809 00:38:44,782 --> 00:38:46,284 How do I know you're really from Nat Geo? 810 00:38:46,284 --> 00:38:47,827 Can you send me a picture of yourself? 811 00:38:47,827 --> 00:38:50,079 Huh. 812 00:38:50,496 --> 00:38:52,456 (laughing) 813 00:38:52,456 --> 00:38:53,499 Okay. 814 00:38:53,499 --> 00:38:55,084 Is this a good idea? 815 00:38:55,084 --> 00:38:58,212 I'm basically dangling myself as bait in front of the 816 00:38:58,212 --> 00:39:00,840 top ransomware hackers in the world. 817 00:39:01,549 --> 00:39:04,677 "Okay. I will help you." 818 00:39:04,677 --> 00:39:06,137 Wow. 819 00:39:06,137 --> 00:39:08,431 Blackrabbit explains that the ransomware scene is full of 820 00:39:08,431 --> 00:39:12,059 big egos, big money, and big rivalries. 821 00:39:13,019 --> 00:39:15,438 Normally, none of the top players would talk. 822 00:39:15,438 --> 00:39:18,608 But he thinks we're reaching out to LockBit at the right time. 823 00:39:18,608 --> 00:39:21,652 His operation has become the most profitable in the world 824 00:39:21,652 --> 00:39:24,488 and he may be eager to promote his brand. 825 00:39:25,406 --> 00:39:28,242 Blackrabbit connects us on a dark web forum. 826 00:39:28,242 --> 00:39:30,453 I wait a day. Then another. 827 00:39:30,453 --> 00:39:34,081 Finally, someone that I'm told is LockBit joins the chat. 828 00:39:40,838 --> 00:39:44,592 ♪ ♪ 829 00:39:44,592 --> 00:39:46,636 MARIANA: Rumors are that LockBit is a young 830 00:39:46,636 --> 00:39:49,680 20-something from Russia. 831 00:39:49,680 --> 00:39:51,349 But this isn't him. 832 00:39:51,349 --> 00:39:53,935 He would only communicate via encrypted text. 833 00:39:53,935 --> 00:39:56,896 He asked that we use a masked avatar to relay the answers 834 00:39:56,896 --> 00:39:58,439 to my questions. 835 00:39:59,148 --> 00:40:01,525 Would you ever meet us in person? 836 00:40:01,525 --> 00:40:03,819 LOCKBIT: The FBI wants to eliminate me, I'm ready to 837 00:40:03,819 --> 00:40:06,739 meet you in person when I lose my mind. 838 00:40:07,490 --> 00:40:10,910 It takes just one person to destroy the biggest hacker group, 839 00:40:10,910 --> 00:40:12,912 there are too many people tied to me. 840 00:40:12,912 --> 00:40:15,498 Without me, my business would die instantly. 841 00:40:15,498 --> 00:40:17,875 MARIANA: How do you feel about the FBI targeting you? 842 00:40:17,875 --> 00:40:20,461 LOCKBIT: I really love the FBI, it is because of them 843 00:40:20,461 --> 00:40:23,297 that I am constantly learning about anonymity and 844 00:40:23,297 --> 00:40:25,257 improving anonymity schemes. 845 00:40:25,925 --> 00:40:27,927 To change locations and internet sources, 846 00:40:27,927 --> 00:40:29,261 the countries I live in. 847 00:40:29,261 --> 00:40:32,223 Someday I will be found. 848 00:40:33,516 --> 00:40:36,560 MARIANA: How did you get into the ransomware world? 849 00:40:36,560 --> 00:40:37,937 And why? 850 00:40:37,937 --> 00:40:40,147 LOCKBIT: Big money. 851 00:40:40,147 --> 00:40:43,734 I am just a young hacker who decided to make a lot of money easily. 852 00:40:44,026 --> 00:40:46,028 MARIANA: What does a typical day look like for you? 853 00:40:46,737 --> 00:40:49,782 LOCKBIT: Riding on a yacht, Lamborghini, dozens of luxury 854 00:40:49,782 --> 00:40:53,828 models, drugs, everything like regular millionaires. 855 00:40:55,121 --> 00:40:57,039 MARIANA: You guys have gained the reputation as one of the 856 00:40:57,039 --> 00:41:00,001 most sophisticated groups in the ransomware world. 857 00:41:00,001 --> 00:41:02,128 Um, how did you get there? 858 00:41:02,128 --> 00:41:04,213 LOCKBIT: The software has the best technical specifications 859 00:41:04,213 --> 00:41:07,258 on the planet, we have maximum encryption speed, ability to 860 00:41:07,258 --> 00:41:10,803 automatically self-distribute, a list of processes to kill, 861 00:41:10,803 --> 00:41:14,140 trace clearing, safe mode, filename encryption, 862 00:41:14,140 --> 00:41:16,434 as well as a set of encryption software. 863 00:41:16,809 --> 00:41:18,769 MARIANA: Do you ever feel bad for your victims? 864 00:41:18,769 --> 00:41:20,521 LOCKBIT: Why feel sorry for the victims? 865 00:41:20,521 --> 00:41:22,815 We are not doing them any harm. 866 00:41:22,815 --> 00:41:25,818 We just provide paid training to system administrators. 867 00:41:25,818 --> 00:41:28,070 Is it our fault that the companies don't want to spend 868 00:41:28,070 --> 00:41:31,073 money to protect their networks? 869 00:41:31,073 --> 00:41:33,534 You can always negotiate with us simply by paying a modest 870 00:41:33,534 --> 00:41:36,829 amount of money, which is printed in unlimited quantities. 871 00:41:38,205 --> 00:41:41,876 MARIANA: LockBit claims he has his own moral standards about targets. 872 00:41:41,876 --> 00:41:45,629 But he also runs a business and his malware is a product 873 00:41:45,629 --> 00:41:49,008 that his affiliates have used to attack government systems, 874 00:41:49,008 --> 00:41:53,345 educational institutions, and even hospitals around the world. 875 00:41:54,430 --> 00:41:57,391 So you might say that you don't put people's lives at risk, but. 876 00:41:57,391 --> 00:42:00,561 Aren't you ultimately responsible for what happens 877 00:42:00,561 --> 00:42:02,855 with the malware that you create? 878 00:42:02,855 --> 00:42:05,065 LOCKBIT: I'm just a weapons manufacturer. 879 00:42:05,065 --> 00:42:07,651 America has the best gun makers in the world. 880 00:42:07,651 --> 00:42:10,362 All these weapons are sold all over the world, these weapons 881 00:42:10,362 --> 00:42:13,908 regularly kill people, but do the gun makers care? 882 00:42:14,325 --> 00:42:17,828 The gun makers only care about the profits from selling the weapons. 883 00:42:19,246 --> 00:42:21,582 MARIANA: Despite my attempts to get more details about his 884 00:42:21,582 --> 00:42:23,959 next targets, he won't bite. 885 00:42:23,959 --> 00:42:26,420 But he does send me one more message. 886 00:42:26,420 --> 00:42:30,966 It's a link to a project he's calling "LockBit Black." 887 00:42:30,966 --> 00:42:34,011 I'm too scared to open it so I send it to Jon, one of the 888 00:42:34,011 --> 00:42:36,472 security consultants I'd been talking to. 889 00:42:36,472 --> 00:42:38,641 So Jon, can you tell me what's, what's this link that 890 00:42:38,641 --> 00:42:39,934 LockBit sent me? 891 00:42:39,934 --> 00:42:42,061 JON: It's what they're calling LockBit Black and it's 892 00:42:42,061 --> 00:42:44,897 their newest interface that they've built for their new, 893 00:42:44,897 --> 00:42:46,065 uh, ransomware. 894 00:42:46,065 --> 00:42:47,691 It's actually really scary. 895 00:42:47,691 --> 00:42:50,027 They've taken a lot of the technical capability that used 896 00:42:50,027 --> 00:42:53,280 to be required to conduct a ransomware attack out of it. 897 00:42:53,280 --> 00:42:56,659 MARIANA: Back in Romania, I'd sat shotgun as John Smith 898 00:42:56,659 --> 00:42:59,787 hacked his way into a major utility company. 899 00:43:00,621 --> 00:43:04,708 With LockBit's new malware, he's removed that step. 900 00:43:04,708 --> 00:43:07,920 Now all someone has to do is type the name of a company 901 00:43:07,920 --> 00:43:11,465 website and the malware goes in search of access. 902 00:43:11,882 --> 00:43:14,260 JON: It's now like a game. I could take five minutes. 903 00:43:14,260 --> 00:43:16,470 I could teach you to use it and conduct attacks. 904 00:43:16,470 --> 00:43:18,681 It's really going to change the game of ransomware, 905 00:43:18,681 --> 00:43:20,474 and it's really scary. 906 00:43:20,474 --> 00:43:22,226 MARIANA: Do you think that this has a potential of sort of, 907 00:43:22,226 --> 00:43:27,731 uh, launching a whole new generation of ransomware attackers? 908 00:43:27,731 --> 00:43:29,233 JON: Absolutely. 909 00:43:29,233 --> 00:43:31,902 I didn't expect the, the ease of use that, that this has to 910 00:43:31,902 --> 00:43:33,779 have been built into it. 911 00:43:33,779 --> 00:43:36,490 Uh, I expected it to be more efficient but I didn't expect 912 00:43:36,490 --> 00:43:39,201 it to be so much easier. 913 00:43:39,201 --> 00:43:40,578 Uh, for someone to do. 914 00:43:40,578 --> 00:43:43,122 What's going to happen is it's going to allow many more 915 00:43:43,122 --> 00:43:45,708 people to take part in these attacks. 916 00:43:45,708 --> 00:43:50,212 Higher volumes of attacks means a lot more victims, 917 00:43:50,212 --> 00:43:54,133 uh, that also means the bad guy gets a lot more money. 918 00:43:54,133 --> 00:43:57,303 MARIANA: Make no mistake about it, the arc of the criminal 919 00:43:57,303 --> 00:44:00,139 universe bends towards easy money. 920 00:44:00,139 --> 00:44:04,894 And we should all be very, very afraid if ransomware has 921 00:44:04,894 --> 00:44:07,688 gotten easy enough for someone like me to use. 922 00:44:07,688 --> 00:44:08,981 Captioned by Cotter Media Group. 75489