1
00:00:02,794 --> 00:00:09,593
♪ ♪
2
00:00:09,593 --> 00:00:15,807
♪ ♪
3
00:00:15,807 --> 00:00:22,105
♪ ♪
4
00:00:24,149 --> 00:00:25,567
MARIANA: What's that stuff?
5
00:00:25,567 --> 00:00:27,152
PRIMO: Little bit of fentanyl.
6
00:00:27,152 --> 00:00:29,655
This (bleep) is blowing up.
These are eight-balls.
7
00:00:29,655 --> 00:00:30,781
This is the trap, baby.
8
00:00:30,781 --> 00:00:32,991
Little Havana.
9
00:00:34,201 --> 00:00:36,119
MARIANA: Is this where you're
making most of your money or?
10
00:00:36,119 --> 00:00:38,038
PRIMO: Hell no. This (bleep)
is a thing of the past.
11
00:00:41,208 --> 00:00:42,292
PRIMO: I ain't
got time for that.
12
00:00:42,292 --> 00:00:45,754
So, what we did is
we started scamming.
13
00:00:46,213 --> 00:00:49,383
MARIANA: Scamming, credit card
fraud, and ID theft are all
14
00:00:49,383 --> 00:00:53,053
part of a booming cybercrime
industry around the world.
15
00:00:53,053 --> 00:00:55,097
LIGHT: I'm buying audio
equipment, I'm using a stolen
16
00:00:55,097 --> 00:00:56,556
credit card.
17
00:00:56,556 --> 00:00:58,850
MARIANA: Most don't even
realize they're targets
18
00:00:58,850 --> 00:01:00,394
until it's too late.
19
00:01:00,394 --> 00:01:03,730
JESSICA: I've had $300,000
that has been taken from me.
20
00:01:07,442 --> 00:01:10,279
MARIANA: Our data has become a
commodity more valuable than
21
00:01:10,279 --> 00:01:13,407
guns, gold, or drugs.
22
00:01:13,740 --> 00:01:15,742
CATALIN: We'll have hackers
targeting large companies,
23
00:01:15,742 --> 00:01:19,162
corporations, and obviously,
critical infrastructure.
24
00:01:20,497 --> 00:01:24,084
MARIANA: I want to know how our
data is stolen, how it's sold,
25
00:01:24,084 --> 00:01:26,795
and how to find the
shadowy band of hustlers
26
00:01:26,795 --> 00:01:29,298
and hackers responsible.
27
00:01:31,216 --> 00:01:34,594
The threat is much
bigger than I ever realized.
28
00:01:35,554 --> 00:01:38,265
JOHN SMITH: If you're
smart about it, you
can't get caught.
29
00:01:46,398 --> 00:01:48,650
MARIANA: What? Do you think
he's suspicious or what?
30
00:01:48,650 --> 00:01:50,235
ABEL: I'll talk to him again.
31
00:01:50,235 --> 00:01:52,404
MARIANA: I'm in Miami
chasing down a tip about
32
00:01:52,404 --> 00:01:54,698
a new breed of criminals.
33
00:01:54,698 --> 00:01:57,576
ABEL: Now he's
acting a little funny.
34
00:01:57,576 --> 00:02:00,662
I'm still talking
to him now, but.
35
00:02:00,662 --> 00:02:02,789
MARIANA: He's just not sure if
he wants to meet us anymore?
36
00:02:02,789 --> 00:02:04,791
ABEL: Yeah, like,
he's saying he's late.
37
00:02:04,791 --> 00:02:07,169
He wants to do it tomorrow.
38
00:02:07,169 --> 00:02:09,921
MARIANA: Abel is a former
gang member who served
39
00:02:09,921 --> 00:02:12,382
three years in jail.
40
00:02:12,382 --> 00:02:14,676
He's also a friend and a
source that I can call
41
00:02:14,676 --> 00:02:17,220
in moments like this.
42
00:02:17,220 --> 00:02:19,765
I'd heard rumors that street
gangs were getting into
43
00:02:19,765 --> 00:02:22,059
credit card and identity theft,
44
00:02:22,059 --> 00:02:25,646
and Abel has been
asking around for me.
45
00:02:25,646 --> 00:02:29,733
We were on our way to
meet one of his contacts
we'll call 'Primo'.
46
00:02:29,733 --> 00:02:31,985
But he's gotten cold feet.
47
00:02:31,985 --> 00:02:34,446
ABEL: He's just nervous
or something because.
48
00:02:34,446 --> 00:02:36,490
MARIANA: Do you think
it would be a good idea
to FaceTime with him?
49
00:02:36,490 --> 00:02:37,991
ABEL: Yeah, definitely.
MARIANA: So he could see...
50
00:02:37,991 --> 00:02:39,409
ABEL: I mean, that
could build trust.
51
00:02:39,409 --> 00:02:45,332
(phone ringing)
52
00:02:47,751 --> 00:02:49,711
MARIANA: Can you see me?
53
00:02:50,337 --> 00:02:51,880
PRIMO (over phone):
Yeah. I see you.
54
00:02:51,880 --> 00:02:53,256
(bleep) is real, you know?
55
00:02:53,256 --> 00:02:55,425
I can't have people
getting indicted over this.
56
00:02:55,425 --> 00:02:56,426
MARIANA: Got it.
57
00:02:56,426 --> 00:02:58,136
So this is the deal, so
this is how we do it.
58
00:02:58,136 --> 00:03:00,013
We don't show your face.
59
00:03:00,013 --> 00:03:03,433
We cover any tattoos, or any
identifiable features that
60
00:03:03,433 --> 00:03:05,852
you have and we also
change your voice
61
00:03:05,852 --> 00:03:08,146
so that it's not recognizable.
62
00:03:08,146 --> 00:03:10,524
So yeah, that's
what I can tell you.
63
00:03:10,524 --> 00:03:13,819
The hardest part of my job is
getting people to trust me.
64
00:03:13,819 --> 00:03:17,364
It can take weeks, months,
sometimes even years.
65
00:03:18,615 --> 00:03:20,409
PRIMO (over phone):
All right, yeah.
66
00:03:20,409 --> 00:03:23,745
MARIANA: But sometimes
we get lucky fast.
67
00:03:23,745 --> 00:03:25,288
Yeah.
68
00:03:25,288 --> 00:03:28,750
He said, he said, "yeah."
He's down to film tomorrow.
69
00:03:28,750 --> 00:03:31,586
He said I'm not doing this for
you, I'm doing this for, for
70
00:03:31,586 --> 00:03:35,090
Abel and if Abel is
cool with this, I'm cool.
71
00:03:35,090 --> 00:03:36,967
I know he's not
going to set me up.
72
00:03:36,967 --> 00:03:39,302
Let's hope it
happens tomorrow.
73
00:03:41,346 --> 00:03:44,433
As we wait for the meeting
with Primo, Abel takes me to
74
00:03:44,433 --> 00:03:46,977
see another friend of his,
who apparently dabbles
75
00:03:46,977 --> 00:03:49,646
in the credit card game.
76
00:03:50,856 --> 00:03:52,899
Can you show me some of
the stuff that you do?
77
00:03:52,899 --> 00:03:55,944
BECCA: Absolutely.
And so, to the dark web.
78
00:03:56,695 --> 00:03:58,488
MARIANA: Becca is a
self-taught scammer whose
79
00:03:58,488 --> 00:04:00,407
husband was a gang member.
80
00:04:00,407 --> 00:04:03,034
She agreed to give me a
primer on how it all works.
81
00:04:03,702 --> 00:04:05,495
BECCA: You can buy arms,
you can buy legs, you can buy
82
00:04:05,495 --> 00:04:08,248
elephant tusk, you
can buy digital goods.
83
00:04:09,166 --> 00:04:11,251
MARIANA: Becca uses a browser
that hides her identity,
84
00:04:11,251 --> 00:04:14,296
making it possible for her to
visit more nefarious websites
85
00:04:14,296 --> 00:04:17,549
normally unavailable
to internet users.
86
00:04:17,549 --> 00:04:19,885
And where do you get that
credit card information?
87
00:04:19,885 --> 00:04:22,512
BECCA: We have
several markets.
88
00:04:22,512 --> 00:04:24,222
MARIANA: Vice City is
the name of the market?
89
00:04:24,222 --> 00:04:25,307
BECCA: Yeah, that's
the name of the market.
90
00:04:25,307 --> 00:04:26,725
I know how cliche, right?
91
00:04:26,725 --> 00:04:28,351
MARIANA: Valid dumps.
92
00:04:28,351 --> 00:04:29,603
BECCA: Comes with
the date of birth.
93
00:04:29,603 --> 00:04:31,104
MARIANA: Uh-huh.
94
00:04:31,104 --> 00:04:32,481
BECCA: ZIP code, so you know
where the card is from,
95
00:04:32,481 --> 00:04:34,107
where the billing address is.
96
00:04:34,107 --> 00:04:36,401
MARIANA: Uh-huh. Wow.
This is so crazy.
97
00:04:36,401 --> 00:04:39,488
BECCA: And then look at an
example, if it doesn't work,
they give you your money back.
98
00:04:39,488 --> 00:04:40,614
MARIANA: No, they don't.
99
00:04:40,614 --> 00:04:42,115
BECCA: Yes, they
do immediately.
100
00:04:42,115 --> 00:04:43,200
Immediately.
101
00:04:43,200 --> 00:04:44,493
Look, right here.
102
00:04:44,493 --> 00:04:45,869
MARIANA: So you can
buy this for only $8?
103
00:04:45,869 --> 00:04:48,538
BECCA: Yeah. Oh, you could
buy them for three cents.
104
00:04:48,538 --> 00:04:52,083
MARIANA: My, my mind
is exploding right now.
105
00:04:52,083 --> 00:04:55,504
Site after site, the dark web
is like a strip mall of
106
00:04:55,504 --> 00:04:59,508
stolen credit card data, where
everything from security codes
107
00:04:59,508 --> 00:05:02,677
to ZIP codes are
available for resale.
108
00:05:03,845 --> 00:05:06,056
BECCA: Carding is the act
of using other people's
109
00:05:06,056 --> 00:05:10,727
credit card info, you know, to
buy stuff or obtain goods.
110
00:05:11,895 --> 00:05:15,357
It starts with prepaid cards.
111
00:05:16,441 --> 00:05:20,487
That's an MSR.
It can read, write, erase.
112
00:05:20,487 --> 00:05:24,199
And then I'm going to clone
this information onto it.
113
00:05:24,199 --> 00:05:27,494
MARIANA: Becca uses the MSR
machine to encode the stolen
114
00:05:27,494 --> 00:05:30,664
credit card data onto the
magnetic strip of the new
115
00:05:30,664 --> 00:05:32,958
burner debit card.
116
00:05:33,583 --> 00:05:34,834
BECCA: So I'm going
to go for that one.
117
00:05:34,834 --> 00:05:36,294
He probably went to a
restaurant and somebody hacked
118
00:05:36,294 --> 00:05:37,712
into their POS, whatever.
119
00:05:37,712 --> 00:05:39,172
MARIANA: Steven, I apologize.
120
00:05:39,172 --> 00:05:40,840
BECCA: It's okay.
It's corporate.
121
00:05:40,840 --> 00:05:43,426
Don't worry about it.
The bank will give it back.
122
00:05:43,426 --> 00:05:45,470
So now, let's make a card.
123
00:05:46,763 --> 00:05:49,516
Bam, credit card okay.
124
00:05:50,225 --> 00:05:52,185
Let's go test this on
the vending machine.
125
00:05:52,185 --> 00:05:54,104
Because I don't
want to get caught.
126
00:05:54,104 --> 00:05:56,648
MARIANA: To check if the
card works, she needs to do a
127
00:05:56,648 --> 00:06:00,110
test run where no one will
catch her, in case it doesn't.
128
00:06:00,735 --> 00:06:03,405
This is the moment of truth.
129
00:06:10,120 --> 00:06:11,413
BECCA: There you go.
130
00:06:11,413 --> 00:06:13,582
MARIANA: I don't know
if I want to do that.
131
00:06:15,667 --> 00:06:17,544
So now you know that you
can actually use this card?
132
00:06:17,544 --> 00:06:19,170
BECCA: Absolutely.
133
00:06:19,170 --> 00:06:21,590
MARIANA: Tonight there's a
guy or a woman somewhere who's
134
00:06:21,590 --> 00:06:24,843
missing $1, and tomorrow
will possibly be missing
135
00:06:24,843 --> 00:06:26,344
a lot more.
136
00:06:26,344 --> 00:06:27,220
So tomorrow you're going
to go shopping with this?
137
00:06:27,220 --> 00:06:29,556
BECCA: Yeah, definitely.
138
00:06:31,099 --> 00:06:33,560
MARIANA: The next day,
Becca invites me to follow her
139
00:06:33,560 --> 00:06:37,314
downtown as she tries to
use the card in a store.
140
00:06:39,482 --> 00:06:42,527
So, what kind of shops
do you typically target?
141
00:06:42,527 --> 00:06:47,449
BECCA: Local, smaller, family
owned shops versus corporate,
142
00:06:47,449 --> 00:06:49,659
big, giant Walmarts and stuff.
143
00:06:49,659 --> 00:06:50,660
MARIANA: Why is
that preferable?
144
00:06:50,660 --> 00:06:53,204
BECCA: Because
way less security.
145
00:06:53,872 --> 00:06:56,625
My thing is everywhere
you go, there's a camera.
146
00:06:56,625 --> 00:06:58,251
That's my fear.
147
00:06:58,251 --> 00:07:00,879
You have to look
normal, casual.
148
00:07:04,215 --> 00:07:06,843
MARIANA: Do you ever buy
anything with a regular
credit card, by any chance?
149
00:07:06,843 --> 00:07:08,011
Or is it all stolen?
150
00:07:08,011 --> 00:07:09,554
BECCA: Yeah.
151
00:07:09,554 --> 00:07:11,723
Steal what you can't buy,
buy what you can't steal.
152
00:07:16,603 --> 00:07:18,813
MARIANA: Becca says she never
knows how long a stolen
153
00:07:18,813 --> 00:07:21,358
credit card will remain active.
154
00:07:21,358 --> 00:07:23,652
It depends on how quickly
the owner, or the bank,
155
00:07:23,652 --> 00:07:26,655
spots the fraudulent activity.
156
00:07:26,655 --> 00:07:28,573
BECCA: What I'm going to do
is I'm going to, you know,
157
00:07:28,573 --> 00:07:30,617
look around, see what I find.
158
00:07:30,617 --> 00:07:33,036
Oh, my son would probably
love one of those book bags.
159
00:07:33,036 --> 00:07:35,705
MARIANA: So you don't
feel comfortable with me
going inside, so I'll...
160
00:07:35,705 --> 00:07:37,624
BECCA: I don't think for
your own good you should
161
00:07:37,624 --> 00:07:39,042
go in there with me.
162
00:07:39,042 --> 00:07:40,752
MARIANA: I'll stay here.
Um, I would say good luck,
163
00:07:40,752 --> 00:07:42,921
but I'm not sure if
that's the appropriate
thing to say right now.
164
00:07:42,921 --> 00:07:45,006
BECCA: You should.
Because, um, God forbid,
165
00:07:45,006 --> 00:07:47,884
you know, like,
something that comes up.
166
00:07:47,884 --> 00:07:49,344
MARIANA: Oh, now
you're making me nervous.
167
00:07:49,344 --> 00:07:50,804
BECCA: You should be nervous.
168
00:07:50,804 --> 00:07:52,722
It's always 50/50,
it's a lottery.
169
00:07:52,722 --> 00:07:55,642
You never know if it's going to
work, if it's not going to work.
170
00:07:55,642 --> 00:07:57,477
I'll be right back.
171
00:07:58,019 --> 00:08:00,605
MARIANA: We can actually see
right through the shop,
172
00:08:00,605 --> 00:08:02,565
so I will be able, we'll be
able to see her inside.
173
00:08:05,735 --> 00:08:07,112
MARIANA: I don't want to look,
I don't want to look suspicious,
like, we're looking at her.
174
00:08:31,469 --> 00:08:32,595
SHOPKEEPER: Uh.
175
00:08:37,559 --> 00:08:39,102
BECCA: Well, yeah.
176
00:08:39,102 --> 00:08:40,687
MARIANA: So I think
she's having trouble
with the card right now.
177
00:08:53,742 --> 00:08:56,119
MARIANA: Here she comes.
178
00:08:59,622 --> 00:09:01,624
BECCA: I have
returned with my plunder.
179
00:09:01,624 --> 00:09:03,710
MARIANA: They
weren't suspicious?
180
00:09:03,710 --> 00:09:05,795
BECCA: No, the other way
around, they were trying to
help me pay for the (bleep).
181
00:09:05,795 --> 00:09:07,505
They were like, "thank you."
182
00:09:07,505 --> 00:09:09,716
Like, literally you
help them help you steal.
183
00:09:12,052 --> 00:09:13,511
MARIANA: Guy who's at
home who just lost...
184
00:09:13,511 --> 00:09:16,014
BECCA: No. Hell no.
MARIANA: Yeah. But it's, yeah.
185
00:09:16,014 --> 00:09:18,349
But it doesn't, well, I
would be angry if it was me.
186
00:09:18,349 --> 00:09:21,019
BECCA: It's a yin and yang.
You give some, you take some.
187
00:09:21,019 --> 00:09:22,812
Unless you have, like, a
really good education and a
188
00:09:22,812 --> 00:09:25,231
good job, it's just,
you can't afford (bleep).
189
00:09:25,231 --> 00:09:27,525
The bigger the stakes are, the
bigger the transactions are,
190
00:09:27,525 --> 00:09:29,235
the bigger they're
going to come after you.
191
00:09:29,235 --> 00:09:31,988
MARIANA: So that's why you
keep it to small transactions.
192
00:09:31,988 --> 00:09:33,573
BECCA: Yeah, definitely.
193
00:09:33,573 --> 00:09:36,034
MARIANA: Oh, my God. I can't
believe how easy that was.
194
00:09:36,785 --> 00:09:38,953
Data has now surpassed oil
195
00:09:38,953 --> 00:09:41,956
as the world's most
valuable resource.
196
00:09:43,374 --> 00:09:46,127
Worldwide, in 2020 alone,
197
00:09:46,127 --> 00:09:49,672
thieves ran off with
more than $28 billion.
198
00:09:50,673 --> 00:09:54,385
It can start with a notification
for a single fraudulent charge.
199
00:09:54,385 --> 00:09:57,013
For most, getting that
money refunded is
200
00:09:57,013 --> 00:09:59,349
just an inconvenience.
201
00:09:59,349 --> 00:10:02,102
But for a growing
number of victims,
202
00:10:02,102 --> 00:10:05,188
the situation escalates quickly.
203
00:10:07,023 --> 00:10:09,901
TIM: At the time, I thought it
was a one and done sort of deal.
204
00:10:09,901 --> 00:10:13,238
I've probably had upwards
of 25 debit and credit cards
205
00:10:13,238 --> 00:10:15,824
compromised and stolen.
206
00:10:15,824 --> 00:10:18,868
DAVE: It's a really scary
thing when you don't know
207
00:10:18,868 --> 00:10:22,497
if the money in your bank
account is not going to
208
00:10:22,497 --> 00:10:25,583
be there when you log in next.
209
00:10:26,376 --> 00:10:32,215
JESSICA: At least every month,
maybe 2 to 15 transactions
210
00:10:32,215 --> 00:10:35,802
that happen
randomly that aren't mine.
211
00:10:36,928 --> 00:10:38,429
TIM: I felt powerless.
212
00:10:38,429 --> 00:10:41,224
They just had access to
all of my life savings.
213
00:10:41,224 --> 00:10:43,518
DAVE: People don't
always get their money back.
214
00:10:43,518 --> 00:10:47,730
SAMUEL: One thing impacted the
next, impacted the next, and
215
00:10:47,730 --> 00:10:50,817
it just kept snowballing.
216
00:10:50,817 --> 00:10:53,361
DAVE: I have no idea when it
will end or if it will end.
217
00:10:53,361 --> 00:10:54,529
TIM: I'm a current student.
218
00:10:54,529 --> 00:10:55,864
JESSICA: I work
in mental health.
219
00:10:55,864 --> 00:10:57,365
DAVE: I'm in the IT area.
220
00:10:57,365 --> 00:11:01,452
SAMUEL: I am a dancer,
teacher, choreographer.
221
00:11:03,121 --> 00:11:05,915
MARIANA: Credit card
fraud exploded in 2020,
222
00:11:05,915 --> 00:11:09,168
increasing more than 40%.
223
00:11:09,168 --> 00:11:12,755
The ease and anonymity of the
crime has drawn the attention
224
00:11:12,755 --> 00:11:15,800
of street gangs, like the Crips,
who used to make their
225
00:11:15,800 --> 00:11:18,720
money in more dangerous ways.
226
00:11:19,679 --> 00:11:20,930
PRIMO: So, have a seat,
have a seat.
227
00:11:20,930 --> 00:11:21,723
MARIANA: Here?
228
00:11:21,723 --> 00:11:23,099
PRIMO: Scoot over, man.
It's a lady.
229
00:11:23,099 --> 00:11:24,392
MARIANA: Thank you.
230
00:11:24,392 --> 00:11:25,935
So we, can I ask you
for a quick question?
231
00:11:25,935 --> 00:11:27,812
Does that gun
always have to be here?
232
00:11:34,068 --> 00:11:37,947
MARIANA: This is Primo,
who I spoke with on
the phone last night.
233
00:11:37,947 --> 00:11:39,490
Do you guys have guns?
234
00:11:39,490 --> 00:11:40,783
PRIMO: Everybody
here got a gun.
235
00:11:40,783 --> 00:11:42,577
MARIANA: So how many guns
are in this house right now?
236
00:11:42,577 --> 00:11:43,912
Just give me a sense.
237
00:11:43,912 --> 00:11:46,331
PRIMO: (bleep) You
sound like ATF right now.
238
00:11:46,331 --> 00:11:47,916
MARIANA: Do you want me to
stop asking these questions?
239
00:11:47,916 --> 00:11:49,083
PRIMO: Yeah.
240
00:11:54,589 --> 00:12:02,263
♪ ♪
241
00:12:02,263 --> 00:12:04,515
MARIANA: So you're talking
about scamming and fraud.
242
00:12:04,515 --> 00:12:06,768
Are you guys all
involved in this?
243
00:12:10,230 --> 00:12:12,398
PRIMO: I'd tell you right now
that that scamming (bleep) is
244
00:12:12,398 --> 00:12:15,735
pretty much the main market
to be in right now if you
want to make money.
245
00:12:15,735 --> 00:12:16,986
You want to stay
out of trouble.
246
00:12:16,986 --> 00:12:18,863
MARIANA: There's no risk
associated with scams?
247
00:12:18,863 --> 00:12:21,950
PROJECT FO: You got people
getting life sentences and
248
00:12:21,950 --> 00:12:24,077
getting charged with
murder for fentanyl.
249
00:12:24,077 --> 00:12:25,578
You'll get five years
doing this game right here.
250
00:12:25,578 --> 00:12:27,580
So, what's the
easier ballpark to be in?
251
00:12:27,580 --> 00:12:29,207
This, easy money.
252
00:12:29,207 --> 00:12:31,167
PRIMO: So, what we did is,
uh, we started a Scamily.
253
00:12:31,167 --> 00:12:32,418
You know what I'm saying?
254
00:12:32,418 --> 00:12:34,545
That's a family that scams.
You feel me?
255
00:12:34,545 --> 00:12:35,880
MARIANA: You said
it was a Scamily?
256
00:12:35,880 --> 00:12:37,131
PRIMO: That's my
little saying.
257
00:12:37,131 --> 00:12:38,341
I would like to
call us a Scamily.
258
00:12:38,341 --> 00:12:39,884
You know, you got
to chase the B.O.A.
259
00:12:39,884 --> 00:12:42,095
We treat you better
than your family.
260
00:12:43,388 --> 00:12:46,307
MARIANA: Each member of the
'Scamily' specializes in a
261
00:12:46,307 --> 00:12:48,226
different skillset.
262
00:12:48,226 --> 00:12:49,560
PROJECT FO: I'm the phone guy.
263
00:12:49,560 --> 00:12:51,104
MARIANA: You're the phone guy?
264
00:12:51,104 --> 00:12:52,563
PROJECT FO: Yeah.
265
00:12:52,563 --> 00:12:53,731
PRIMO: This is the, this is
the prince of Nigeria telling
266
00:12:53,731 --> 00:12:55,066
you to send the money.
267
00:12:55,066 --> 00:12:56,526
Send you a little text.
268
00:12:56,526 --> 00:12:58,486
"Your, your, your bank's been
hacked. This is Chase Bank."
269
00:12:58,486 --> 00:12:59,988
MARIANA: Yeah, I've
received these things.
270
00:12:59,988 --> 00:13:02,156
PRIMO: "Sending you an
online alert. Please sign-in."
271
00:13:02,156 --> 00:13:04,325
And you sign in
through there, you got got.
272
00:13:04,325 --> 00:13:06,202
The old school way: stealing
information and (bleep).
273
00:13:06,202 --> 00:13:07,996
We realized we
don't need that.
274
00:13:07,996 --> 00:13:09,872
People give you
the information.
275
00:13:09,872 --> 00:13:11,332
Jwett got his own ways.
276
00:13:11,332 --> 00:13:13,126
He a real good computer guy.
277
00:13:16,713 --> 00:13:18,631
PRIMO: Jwett go, "Doot,
doot, doot, doot, doo."
278
00:13:18,631 --> 00:13:22,135
Next thing you know, I got
someone's money in that card.
279
00:13:22,552 --> 00:13:25,346
MARIANA: How much money
are you guys making from
fraud or scams?
280
00:13:25,346 --> 00:13:27,390
PRIMO: Depends, really.
Sometimes, it's good days.
281
00:13:27,390 --> 00:13:28,975
Sometimes, it's bad days.
282
00:13:28,975 --> 00:13:30,351
Sometimes, it's
really good days.
283
00:13:30,351 --> 00:13:31,686
You feel me? Like....
284
00:13:31,686 --> 00:13:33,062
MARIANA: Today, for example.
PRIMO: (bleep).
285
00:13:33,062 --> 00:13:34,731
MARIANA: Did you get anything?
PRIMO: Yeah, yeah.
286
00:13:34,731 --> 00:13:36,816
Today I made a quick,
like, $9,000, but it's been a.
287
00:13:36,816 --> 00:13:39,777
MARIANA: What? $9,000?
PRIMO: Yeah.
288
00:13:41,279 --> 00:13:42,780
MARIANA: So, do you guys ever
feel bad that you're stealing
289
00:13:42,780 --> 00:13:43,865
money from other people?
290
00:13:43,865 --> 00:13:45,491
PRIMO: Not at all.
291
00:13:45,491 --> 00:13:46,451
Under a quarter million, the
bank pays that (bleep) back.
292
00:13:46,451 --> 00:13:47,660
Why would I feel bad?
I mean.
293
00:13:47,660 --> 00:13:48,453
MARIANA: But you're still
stealing from somebody.
294
00:13:48,453 --> 00:13:50,038
It's still not your money.
295
00:13:50,038 --> 00:13:51,748
So is there part of that, do you
guys get upset about that?
296
00:13:51,748 --> 00:13:53,041
PRIMO: Look.
Look, look.
297
00:13:53,041 --> 00:13:54,500
I did time for robbery
and all this (bleep).
298
00:13:54,500 --> 00:13:56,419
I tell you, I feel bad
about that sometimes.
299
00:13:56,419 --> 00:13:58,421
You know, that's not
such a victimless crime.
300
00:13:58,421 --> 00:14:00,381
You putting a gun to somebody,
you, you really traumatizing
301
00:14:00,381 --> 00:14:01,966
somebody, you feel me?
302
00:14:01,966 --> 00:14:03,301
This scamming (bleep)
is, "Ah, man, (bleep).
303
00:14:03,301 --> 00:14:05,428
This (bleep) stole
$800 from my account."
304
00:14:05,428 --> 00:14:07,221
You'll be all
right in the morning.
305
00:14:07,221 --> 00:14:10,058
MARIANA: Hmm.
PRIMO: You'll be all right.
306
00:14:10,433 --> 00:14:12,101
SAMUEL: It's not a
victimless crime.
307
00:14:12,101 --> 00:14:15,188
There are victims.
I'm a victim.
308
00:14:15,772 --> 00:14:18,691
I told the bank that money
had been fraudulently taken
309
00:14:18,691 --> 00:14:20,485
from my account.
310
00:14:20,485 --> 00:14:23,654
It was obvious that the
bank did not believe me.
311
00:14:23,654 --> 00:14:28,076
Honesty, I don't think a real
investigation ever took place.
312
00:14:28,076 --> 00:14:31,037
My economic
background plays a part.
313
00:14:31,037 --> 00:14:34,582
The way I look
could play a part.
314
00:14:34,582 --> 00:14:40,379
Whether I have 10 million
or whether I have $10,
315
00:14:40,379 --> 00:14:44,634
it shouldn't make a difference
in terms of how I'm treated.
316
00:14:45,885 --> 00:14:48,763
MARIANA: The 'Scamily's'
operation is just the
tip of the iceberg.
317
00:14:50,014 --> 00:14:52,433
We've heard rumors that there
are gangs engaging in
318
00:14:52,433 --> 00:14:54,852
even more ambitious scams.
319
00:14:54,852 --> 00:14:57,522
Through my sources, a member
of the Crips, who we'll call
320
00:14:57,522 --> 00:15:00,691
"Light," agrees
to speak with me.
321
00:15:06,697 --> 00:15:09,992
Light has invited me to see
the trap house where the gang
322
00:15:09,992 --> 00:15:13,287
dabbles in both the old school
methods and the new ones.
323
00:15:18,960 --> 00:15:20,670
MARIANA: What do
you have here?
324
00:15:22,880 --> 00:15:24,340
MARIANA: And
what, what's this?
325
00:15:27,510 --> 00:15:29,470
MARIANA: So what is, what
is this place, where we are?
326
00:15:32,849 --> 00:15:35,309
MARIANA: So, we have
drugs, we have guns.
327
00:15:35,309 --> 00:15:36,811
Do you have other guns
in the house as well?
328
00:15:40,398 --> 00:15:42,400
MARIANA: And this is where you
are doing your business from?
329
00:15:46,654 --> 00:15:49,615
MARIANA: So, I know that this
is your place and we have to
330
00:15:49,615 --> 00:15:52,577
get your
permission to film here.
331
00:15:52,577 --> 00:15:53,703
Right?
332
00:15:53,703 --> 00:15:56,330
Are you okay with
us filming here?
333
00:16:01,085 --> 00:16:02,086
MARIANA: Can you show me that?
334
00:16:07,341 --> 00:16:10,845
MARIANA: At a table with
three guns and one laptop,
335
00:16:10,845 --> 00:16:14,473
Light says he'll show me how he
made six figures last year.
336
00:16:16,267 --> 00:16:17,935
LIGHT: That's one deposit.
337
00:16:17,935 --> 00:16:19,854
MARIANA: Wow.
That's a lot of money.
338
00:16:26,652 --> 00:16:31,532
♪ ♪
339
00:16:31,532 --> 00:16:33,993
MARIANA: I'm in the backroom
of a Miami trap house, where a
340
00:16:33,993 --> 00:16:36,662
Crips gang member named
'Light' is showing me the
341
00:16:36,662 --> 00:16:39,248
gang's latest hustle.
342
00:16:39,248 --> 00:16:40,958
LIGHT: Do you
see this from IDS?
343
00:16:40,958 --> 00:16:43,794
Which means
Chicago unemployment.
344
00:16:43,794 --> 00:16:45,963
That's unemployed, but I
don't live in Chicago.
345
00:16:45,963 --> 00:16:48,382
I'm in Florida.
346
00:16:48,382 --> 00:16:50,760
MARIANA: Light creates a
fake insurance claim using the
347
00:16:50,760 --> 00:16:54,222
victim's real Social Security
number and birthday.
348
00:16:54,222 --> 00:16:57,433
This is more than
simple credit card fraud.
349
00:16:57,433 --> 00:17:00,436
I'm watching him steal
somebody's identity.
350
00:17:00,436 --> 00:17:02,897
LIGHT: All you have
to do is use a VPN.
351
00:17:02,897 --> 00:17:04,232
Put your VPN on.
352
00:17:04,232 --> 00:17:05,900
MARIANA: And you pretend
that you're in Chicago.
353
00:17:05,900 --> 00:17:06,692
LIGHT: You live in Florida,
but your VPN acts like you're
354
00:17:06,692 --> 00:17:09,862
in Chicago on Walnut Street.
355
00:17:09,862 --> 00:17:12,698
MARIANA: A VPN or virtual
private network disguises your
356
00:17:12,698 --> 00:17:16,494
online identity by encrypting
your connection to a network.
357
00:17:17,036 --> 00:17:19,538
Once a VPN is activated,
tracking the location of your
358
00:17:19,538 --> 00:17:22,458
device becomes
far more difficult.
359
00:17:22,458 --> 00:17:25,795
LIGHT: You're going to find any
random address from Chicago.
360
00:17:32,051 --> 00:17:33,803
You're going to put that
address that you find on the
361
00:17:33,803 --> 00:17:37,682
same application that
you're filling out the
IDS unemployment form
362
00:17:37,682 --> 00:17:39,517
and say that you live at
this address you found.
363
00:17:39,517 --> 00:17:41,686
You don't ever have to worry
about mail getting sent to you,
364
00:17:41,686 --> 00:17:44,689
or receiving it,
because everything is
through direct deposit.
365
00:17:45,064 --> 00:17:46,732
MARIANA: Were people making a
lot of money from the COVID
366
00:17:46,732 --> 00:17:48,276
assistance programs?
367
00:17:48,276 --> 00:17:51,070
LIGHT: I don't know
about people, but I know me.
368
00:17:51,070 --> 00:17:52,280
MARIANA: So that's a...
369
00:17:52,280 --> 00:17:53,322
LIGHT: This is (bleep) crazy.
370
00:17:53,322 --> 00:17:56,409
MARIANA: $19,314.
371
00:17:56,409 --> 00:17:57,868
But you're taking it
away from somebody else.
372
00:17:57,868 --> 00:17:58,911
How does that make you feel?
373
00:17:58,911 --> 00:18:00,288
LIGHT: It's a
dog eat dog world.
374
00:18:00,288 --> 00:18:02,206
I'd rather you, than me.
375
00:18:02,206 --> 00:18:03,791
Them or us.
376
00:18:03,791 --> 00:18:06,836
And I'm not going to
let my kids suffer.
377
00:18:06,836 --> 00:18:10,881
JESSICA: I've never
collected unemployment
before or disability.
378
00:18:10,881 --> 00:18:15,428
I owe EDD,
the state, disability,
379
00:18:15,428 --> 00:18:17,513
Social Security, money.
380
00:18:17,513 --> 00:18:21,475
$60,000 to one of them,
another $84,000 to another.
381
00:18:22,852 --> 00:18:24,895
MARIANA: Jessica is a
mental healthcare worker who
382
00:18:24,895 --> 00:18:28,858
specializes in people
experiencing homelessness.
383
00:18:29,483 --> 00:18:33,404
She's one of nearly 400,000
people whose identities were
384
00:18:33,404 --> 00:18:36,866
used to claim
government benefits in 2020.
385
00:18:37,325 --> 00:18:40,870
JESSICA: And I've been telling
my bank since September 2020
386
00:18:40,870 --> 00:18:41,912
about the fraud.
387
00:18:41,912 --> 00:18:45,791
And I probably call
them on a daily basis.
388
00:18:47,084 --> 00:18:51,464
I don't have my own identity,
meaning nothing's mine.
389
00:18:51,797 --> 00:18:55,301
If I want groceries or
something, nine times out of ten
390
00:18:55,301 --> 00:18:56,969
it's going to take me a
half an hour to get through
391
00:18:56,969 --> 00:18:59,680
the register, because
something's not working,
392
00:18:59,680 --> 00:19:01,932
or the money's not there and,
393
00:19:01,932 --> 00:19:04,226
and I've had more
taken out, somehow.
394
00:19:04,226 --> 00:19:06,771
I have to renew my passport,
my driver's license,
395
00:19:06,771 --> 00:19:09,940
my Social Security card,
my birth certificate.
396
00:19:09,940 --> 00:19:11,567
That all costs money.
397
00:19:11,567 --> 00:19:14,153
Right now, my bank account,
I'm negative $3,000 and it's
398
00:19:14,153 --> 00:19:16,072
been since January.
399
00:19:16,072 --> 00:19:19,408
I think if it ever ends,
400
00:19:20,451 --> 00:19:23,746
which I don't know
if it will, um,
401
00:19:24,789 --> 00:19:27,708
it's gonna be a long
recovery to trust people.
402
00:19:38,678 --> 00:19:41,931
MARIANA: This is Assistant
Special Agent Charles Leopard.
403
00:19:41,931 --> 00:19:44,975
His department is dedicated to
catching data thieves before
404
00:19:44,975 --> 00:19:48,396
stolen information ends up
for sale on the dark web.
405
00:19:49,855 --> 00:19:51,232
LEOPARD: So, in this room,
this is part of our
406
00:19:51,232 --> 00:19:52,983
computer forensics lab.
407
00:19:52,983 --> 00:19:56,987
This is an example of what we
commonly find in gas pumps.
408
00:19:56,987 --> 00:19:59,448
This would be what we call
more of an overlay skimmer.
409
00:19:59,448 --> 00:20:01,826
They would replace the card
reader that's currently there.
410
00:20:01,826 --> 00:20:05,788
We call this a shimmer and
these were designed to go into
411
00:20:05,788 --> 00:20:08,666
an existing card reader.
412
00:20:08,666 --> 00:20:11,377
MARIANA: Agent Leopard and his
team show us how older methods
413
00:20:11,377 --> 00:20:13,921
of theft are
constantly being updated.
414
00:20:14,964 --> 00:20:16,424
INVESTIGATOR: More and more
of these skimmers are
415
00:20:16,424 --> 00:20:17,925
Bluetooth enabled.
416
00:20:17,925 --> 00:20:20,428
The reason behind that is that
you have the individuals that
417
00:20:20,428 --> 00:20:22,430
now don't have to go back
in and take the skimmer
418
00:20:22,430 --> 00:20:24,974
off the gas pump.
419
00:20:28,811 --> 00:20:29,812
OFFICER: Good
morning everybody.
420
00:20:29,812 --> 00:20:31,564
Thank you for
being here today.
421
00:20:31,564 --> 00:20:34,692
We're going to be briefing
in regards to the arrest of a
422
00:20:34,692 --> 00:20:38,404
known large-scale trafficker
of stolen credit card account
423
00:20:38,404 --> 00:20:40,489
numbers obtained from
illegally placed credit card
424
00:20:40,489 --> 00:20:43,659
skimming devices
at gasoline pumps.
425
00:20:44,285 --> 00:20:45,453
LEOPARD: Now, we'll just have
them park there and tell them
426
00:20:45,453 --> 00:20:48,289
to just hang out, until
we figure things out.
427
00:20:48,289 --> 00:20:50,166
All right, man.
428
00:20:50,166 --> 00:20:52,293
MARIANA: Leopard is part of a
joint operation between the
429
00:20:52,293 --> 00:20:55,629
secret service
and local police.
430
00:20:55,629 --> 00:20:57,506
They're tracking down one
of these scammers who
431
00:20:57,506 --> 00:21:01,218
steals credit card
information from gas stations.
432
00:21:07,808 --> 00:21:10,102
OFFICER (over phone):
We're all good to go,
so start rolling through.
433
00:21:10,102 --> 00:21:11,896
OFFICER: All right.
434
00:21:18,068 --> 00:21:20,696
(speaking Spanish)
435
00:21:21,280 --> 00:21:22,782
OFFICER: Back up.
OFFICER: Stay right there.
436
00:21:22,782 --> 00:21:24,408
(speaking Spanish)
437
00:21:24,408 --> 00:21:25,868
MAN: Go ahead, man.
438
00:21:25,868 --> 00:21:27,495
OFFICER: Police warrant!
439
00:21:27,495 --> 00:21:28,746
Come to the door!
440
00:21:28,746 --> 00:21:30,539
OFFICER: You're clear right.
441
00:21:31,373 --> 00:21:32,792
OFFICER 2: Watch your right.
Back of the room.
442
00:21:32,792 --> 00:21:35,669
OFFICER: Go ahead.
Go ahead.
443
00:21:36,212 --> 00:21:37,671
OFFICER: Police!
444
00:21:37,671 --> 00:21:39,423
(crying)
445
00:21:39,423 --> 00:21:42,092
MARIANA: In the end, the
suspect is arrested.
446
00:21:42,092 --> 00:21:43,219
LEOPARD: Okay.
OFFICER: Okay?
447
00:21:43,219 --> 00:21:45,387
We're gonna take him in mine...
448
00:21:46,138 --> 00:21:48,432
MARIANA: Leopard says these
street-level data thieves
449
00:21:48,432 --> 00:21:51,018
have recognized that
skimmers are an easy way
450
00:21:51,018 --> 00:21:53,062
to make a quick buck.
451
00:21:53,062 --> 00:21:58,108
But the secret service has
been tracking the rise of
a much bigger threat.
452
00:21:59,360 --> 00:22:00,820
REPORTER: Ransomware attacks
against TV stations,
453
00:22:00,820 --> 00:22:03,989
food and fuel suppliers,
hospitals, water systems
454
00:22:03,989 --> 00:22:06,116
and all levels of government.
455
00:22:06,116 --> 00:22:08,911
REPRESENTATIVE: Behind these
sophisticated attacks,
456
00:22:08,911 --> 00:22:11,580
there is real world harm
where people's life savings,
457
00:22:11,580 --> 00:22:15,084
people's, uh, companies are
being compromised by
458
00:22:15,084 --> 00:22:16,919
these individuals.
459
00:22:17,336 --> 00:22:20,130
MARIANA: Ransomware is a type
of malicious software that
460
00:22:20,130 --> 00:22:23,592
attackers use to infect
computers and then hold
461
00:22:23,592 --> 00:22:28,639
sensitive data hostage, until
the victim pays for its release.
462
00:22:29,223 --> 00:22:33,477
In 2021, nearly 70% of
businesses worldwide
463
00:22:33,477 --> 00:22:37,106
were victimized by ransomware.
464
00:22:37,106 --> 00:22:39,316
LEOPARD: So one of the biggest
issues with cybercrime is that
465
00:22:39,316 --> 00:22:41,902
it is borderless.
466
00:22:42,903 --> 00:22:45,656
You normally have
networks of criminals.
467
00:22:45,656 --> 00:22:49,243
And you may have a hacker
who resides in Romania
or Eastern Europe.
468
00:22:49,243 --> 00:22:51,120
BIDEN: Responsible countries
need to take action against
469
00:22:51,120 --> 00:22:55,624
criminals who conduct ransomware
activities on their territory.
470
00:22:55,624 --> 00:22:57,167
REPORTER (over TV): We know tha
it's concentrated in Romania.
471
00:22:57,167 --> 00:22:58,794
REPORTER (over TV): Romania.
472
00:22:58,794 --> 00:23:00,087
REPORTER (over TV): Romania in
Southeastern Europe is
473
00:23:00,087 --> 00:23:03,340
considered the cybercrime
capital of the world.
474
00:23:03,340 --> 00:23:05,134
MARIANA: That's my next stop.
475
00:23:05,134 --> 00:23:07,678
I want to know why Romania
has become such a hotbed for
476
00:23:07,678 --> 00:23:10,389
cybercrime and try to track down
477
00:23:10,389 --> 00:23:13,017
one of these
ransomware attackers.
478
00:23:19,315 --> 00:23:26,530
♪ ♪
479
00:23:26,530 --> 00:23:28,824
MARIANA: I kept hearing
about Romania, Romania.
480
00:23:28,824 --> 00:23:30,117
Why Romania?
481
00:23:30,117 --> 00:23:32,119
ALINKA: Romania has the
fastest internet speed.
482
00:23:32,119 --> 00:23:34,914
It's not the top internet
speed of the world,
483
00:23:34,914 --> 00:23:36,665
but it's in the top five.
484
00:23:37,833 --> 00:23:39,543
MARIANA: Alinka is a local
producer who grew up at
485
00:23:39,543 --> 00:23:41,879
the height of the internet
boom in Romania.
486
00:23:41,879 --> 00:23:43,839
ALINKA: Right after the
communist regime fell,
487
00:23:43,839 --> 00:23:45,841
it was pretty much the
wild west over here.
488
00:23:45,841 --> 00:23:47,885
There was
absolutely no regulation.
489
00:23:47,885 --> 00:23:49,386
MARIANA: Oh.
490
00:23:49,386 --> 00:23:51,013
ALINKA: That's why you had so
many hackers flourishing here.
491
00:23:51,013 --> 00:23:53,766
Nobody knew what they were
doing in order to combat them.
492
00:23:53,766 --> 00:23:56,268
We have a lot of engineers, a
lot of tech savvy people here.
493
00:23:56,268 --> 00:23:57,811
MARIANA: Mm-hmm.
494
00:23:57,811 --> 00:24:00,439
ALINKA: It's part of the
culture, if you want, to be
495
00:24:00,439 --> 00:24:04,693
tech savvy was seen as this
epiphany of intellectualness.
496
00:24:04,693 --> 00:24:06,236
MARIANA: Mm-hmm.
497
00:24:06,612 --> 00:24:08,530
I know it's been hard to
get people to talk to us.
498
00:24:08,530 --> 00:24:10,991
Does it look like we, we're
gonna be able to talk to people?
499
00:24:10,991 --> 00:24:13,577
ALINKA: People involved in
criminal activities are also
500
00:24:13,577 --> 00:24:15,079
weary because they're,
sometimes they don't even
501
00:24:15,079 --> 00:24:16,288
believe you're a journalist.
502
00:24:16,288 --> 00:24:17,706
You might be an
undercover cop.
503
00:24:17,706 --> 00:24:19,124
MARIANA: Right.
504
00:24:19,124 --> 00:24:21,085
ALINKA: Well, let's see how
your charm works because mine
505
00:24:21,085 --> 00:24:23,962
is a little bit at
the end right now.
506
00:24:27,675 --> 00:24:31,095
MARIANA: The next morning,
I get my chance.
507
00:24:31,095 --> 00:24:33,514
Alinka gives me the address
of a notorious hacker,
508
00:24:33,514 --> 00:24:37,184
who lives in a middle class
neighborhood in Bucharest.
509
00:24:37,184 --> 00:24:39,019
ALINK (over phone): Be careful,
he's a little bit skittish.
510
00:24:39,019 --> 00:24:42,439
He's waiting for you, but he's
a little bit nervous and well,
511
00:24:42,439 --> 00:24:44,566
he's an active, a
real active hacker, so.
512
00:24:44,566 --> 00:24:45,901
MARIANA: Okay.
513
00:24:45,901 --> 00:24:47,152
ALINKA (over phone):
Expect skittishness.
514
00:24:47,152 --> 00:24:48,278
MARIANA: Okay, yeah.
515
00:24:48,278 --> 00:24:49,905
ALINKA (over phone): Good luck.
516
00:24:55,119 --> 00:24:56,203
JOHN SMITH (over intercom):
Hello?
517
00:24:56,203 --> 00:24:58,122
MARIANA: Hi, Mariana here.
518
00:24:58,122 --> 00:24:59,456
JOHN SMITH (over intercom):
Hi. Come on.
519
00:24:59,456 --> 00:25:01,959
MARIANA: Okay, thank you.
520
00:25:05,045 --> 00:25:07,131
He's pulled out a
couple of times already.
521
00:25:07,131 --> 00:25:11,176
I'm hoping that he's still
interested in talking to us.
522
00:25:19,435 --> 00:25:21,520
Do you characterize
yourself as being a hacker?
523
00:25:21,520 --> 00:25:23,564
JOHN SMITH: I have a
problem with the definition.
524
00:25:23,564 --> 00:25:25,357
MARIANA: Why's that?
525
00:25:25,357 --> 00:25:28,026
JOHN SMITH: There are hackers
and then there are hackers.
526
00:25:28,026 --> 00:25:32,197
Most of the time, what you
see on the news, that's just
527
00:25:32,197 --> 00:25:34,825
somebody that managed to pick
up a piece of software,
528
00:25:34,825 --> 00:25:36,869
then they got caught
because they didn't know
529
00:25:36,869 --> 00:25:38,370
what they were doing.
530
00:25:38,370 --> 00:25:40,164
MARIANA: How many people do
you think here in Romania are
531
00:25:40,164 --> 00:25:41,749
capable of doing what you do?
532
00:25:41,749 --> 00:25:44,126
JOHN SMITH: I
guess less than ten.
533
00:25:44,126 --> 00:25:46,795
MARIANA: Wow.
Less than ten.
534
00:25:46,795 --> 00:25:50,132
JOHN SMITH: You enjoy the
power, let's say, to do it.
535
00:25:51,300 --> 00:25:54,094
MARIANA: Meet a man
we'll call John Smith.
536
00:25:54,094 --> 00:25:57,056
By day, he's a
cyber-security specialist.
537
00:25:57,056 --> 00:26:02,352
But after hours, he's a
developer of ransomware and
spyware.
538
00:26:05,147 --> 00:26:07,316
Do you consider yourself
a good guy or a bad guy?
539
00:26:07,316 --> 00:26:10,027
JOHN SMITH: It depends.
540
00:26:10,861 --> 00:26:13,989
If I'm over here at this
computer, then I'm doing
541
00:26:13,989 --> 00:26:16,950
security for
different companies.
542
00:26:16,950 --> 00:26:21,622
If I'm someplace else,
543
00:26:21,622 --> 00:26:24,166
I take a laptop and
go and have some fun.
544
00:26:24,166 --> 00:26:26,210
Then I'm the other guy.
545
00:26:26,210 --> 00:26:27,961
MARIANA: The bad guy?
546
00:26:29,630 --> 00:26:31,799
What can you tell me
about ransomware attacks?
547
00:26:31,799 --> 00:26:35,427
JOHN SMITH: It's just a
basic blackmailing scheme.
548
00:26:35,969 --> 00:26:38,806
And all you need is a way in.
549
00:26:38,806 --> 00:26:43,477
And then if you're able to
encrypt all the computers,
550
00:26:43,477 --> 00:26:45,562
that's the game.
551
00:26:45,562 --> 00:26:48,065
Just delete the encryption key,
keep it for yourself and
552
00:26:48,065 --> 00:26:51,026
if they pay you,
give it back, or not.
553
00:26:51,026 --> 00:26:53,028
MARIANA: Right.
554
00:26:53,028 --> 00:26:55,197
JOHN SMITH: Need my laptop.
555
00:26:55,197 --> 00:26:57,491
You know, I'm working
on a small side project.
556
00:26:57,491 --> 00:26:59,451
Antennas.
557
00:26:59,451 --> 00:27:01,120
Okay.
558
00:27:01,120 --> 00:27:02,287
We're going in the field.
559
00:27:02,287 --> 00:27:03,413
MARIANA: Oh, we're
going in the field?
560
00:27:03,413 --> 00:27:04,790
You're taking me with you?
561
00:27:04,790 --> 00:27:06,291
JOHN SMITH: I don't know.
You want to come?
562
00:27:06,291 --> 00:27:07,417
MARIANA: Yeah, I do.
563
00:27:07,417 --> 00:27:08,544
JOHN SMITH: Are you sure?
564
00:27:08,544 --> 00:27:10,504
MARIANA: Oh, yeah.
I'm very sure.
565
00:27:13,006 --> 00:27:17,136
♪ ♪
566
00:27:18,428 --> 00:27:20,347
JOHN SMITH: So we're going
to the main headquarters
567
00:27:20,347 --> 00:27:23,183
of this utility company,
just to check out
568
00:27:23,183 --> 00:27:25,310
their wireless infrastructure.
569
00:27:25,686 --> 00:27:28,146
What I'm trying to figure
out, if there's actually any
570
00:27:28,146 --> 00:27:30,691
security whatsoever.
571
00:27:30,691 --> 00:27:34,611
This is a wireless adapter that
has quite an increased range.
572
00:27:38,365 --> 00:27:40,909
MARIANA: Oh, my
God, the police.
573
00:27:40,909 --> 00:27:42,286
Do you want to go
somewhere else?
574
00:27:42,286 --> 00:27:45,205
JOHN SMITH: Ah, we are moving
to the secondary position.
575
00:27:48,333 --> 00:27:49,459
That was weird.
576
00:27:49,459 --> 00:27:52,129
And we're, we're moving.
577
00:27:52,796 --> 00:27:58,135
That wasn't the police,
that was the Romanian
Intelligence Service.
578
00:28:01,889 --> 00:28:05,601
So, I'm just
gonna do this again.
579
00:28:05,601 --> 00:28:08,478
MARIANA: I was a little nervous
before, now I'm extra nervous.
580
00:28:10,314 --> 00:28:12,482
You're trying to see if
there's a vulnerability,
581
00:28:12,482 --> 00:28:13,817
if you can get into the Wi-Fi.
582
00:28:13,817 --> 00:28:15,235
JOHN SMITH: Yeah.
MARIANA: Without a password.
583
00:28:16,820 --> 00:28:19,114
I think it's the first time in
my life that I'm actually
584
00:28:19,114 --> 00:28:21,950
witnessing somebody hacking.
585
00:28:21,950 --> 00:28:24,953
So the company is the glass
building actually right behind,
586
00:28:24,953 --> 00:28:26,330
right next to us.
587
00:28:26,330 --> 00:28:28,707
JOHN SMITH: Yeah.
All of it. All of it, yeah.
588
00:28:28,999 --> 00:28:31,126
MARIANA: What John is
attempting happens in various
589
00:28:31,126 --> 00:28:34,755
forms every day
around the globe.
590
00:28:34,755 --> 00:28:38,175
Sometimes to
devastating effect.
591
00:28:39,259 --> 00:28:40,469
DAWNA: Good evening
and thanks for joining us.
592
00:28:40,469 --> 00:28:42,512
We begin with the brazen
cyber-attack that has shut
593
00:28:42,512 --> 00:28:45,474
down the biggest
pipeline in the United States.
594
00:28:45,474 --> 00:28:49,311
MARIANA: In May of 2021,
Colonial Pipeline became the
595
00:28:49,311 --> 00:28:51,730
victim of a ransomware attack.
596
00:28:51,730 --> 00:28:55,359
It wreaked so much havoc, the
company shut down operations
597
00:28:55,359 --> 00:29:00,238
to the pipeline that supplies
45% of fuel to the east coast.
598
00:29:01,156 --> 00:29:03,951
BIDEN: I want to update
everyone on the ransomware
599
00:29:03,951 --> 00:29:07,746
cyber-attack that impacted
on the Colonial Pipeline
600
00:29:07,746 --> 00:29:08,914
over this past week.
601
00:29:09,456 --> 00:29:12,376
REPORTER: Colonial Pipeline
paid nearly $5 million in
602
00:29:12,376 --> 00:29:15,253
ransom to hackers who
infiltrated their system.
603
00:29:16,213 --> 00:29:19,299
JOHN SMITH: The main company
seems to have taken at least a
604
00:29:19,299 --> 00:29:22,552
few steps towards
protecting themselves.
605
00:29:22,552 --> 00:29:27,015
But it's not that.
There is no Wi-Fi here.
606
00:29:27,015 --> 00:29:29,226
MARIANA: How is that possible?
607
00:29:29,226 --> 00:29:31,687
JOHN SMITH: It's too far
inside of the building and
608
00:29:31,687 --> 00:29:34,815
we can't get it from out here.
609
00:29:34,815 --> 00:29:36,441
And now we go to plan B.
610
00:29:36,441 --> 00:29:38,276
MARIANA: What's plan B?
611
00:29:38,276 --> 00:29:41,989
JOHN SMITH: Plan B is to go to
a smaller company that's
612
00:29:41,989 --> 00:29:43,824
part of this one, that
shouldn't have the same
613
00:29:43,824 --> 00:29:45,784
level of security.
614
00:29:45,784 --> 00:29:48,286
MARIANA: Affiliated companies
often share the same network
615
00:29:48,286 --> 00:29:51,665
access, but might have
less stringent security.
616
00:29:52,290 --> 00:29:54,376
In the case of Colonial
Pipeline, the ransomware
617
00:29:54,376 --> 00:29:57,504
attackers didn't gain access
to the operational network
618
00:29:57,504 --> 00:30:00,799
controlling the pipeline
itself, they found a way in
619
00:30:00,799 --> 00:30:04,261
through the
company's billing system.
620
00:30:04,261 --> 00:30:06,513
JOHN SMITH: The whole problem
with security is that the good
621
00:30:06,513 --> 00:30:10,267
guys need to find each and
every hole in the system.
622
00:30:10,267 --> 00:30:12,394
The bad guy needs to find one.
623
00:30:20,485 --> 00:30:27,284
♪ ♪
624
00:30:32,289 --> 00:30:33,707
MARIANA: I'm with a man
that some consider
625
00:30:33,707 --> 00:30:36,668
one of the
top hackers in Romania.
626
00:30:36,668 --> 00:30:40,589
He's attempting to get
inside the computer system
of a major utility.
627
00:30:41,423 --> 00:30:48,096
♪ ♪
628
00:30:49,639 --> 00:30:51,725
JOHN SMITH: Let's
try this again.
629
00:30:54,770 --> 00:30:58,106
This is just gonna go with some
passwords and try and get in.
630
00:30:58,106 --> 00:30:59,649
MARIANA: Oh, wow.
631
00:30:59,649 --> 00:31:01,568
JOHN SMITH: It
just found the key.
632
00:31:01,568 --> 00:31:02,903
MARIANA: Okay.
633
00:31:02,903 --> 00:31:04,946
So now that you have this
information, you have a way in?
634
00:31:04,946 --> 00:31:07,532
JOHN SMITH: I have a way into
their local network over here.
635
00:31:07,532 --> 00:31:11,578
You search for vulnerable
computers and hopefully we can
636
00:31:11,578 --> 00:31:15,207
gain some traction on our
target, the power company.
637
00:31:15,207 --> 00:31:17,751
MARIANA: Are you shocked
that you were able to
actually get in?
638
00:31:17,751 --> 00:31:19,169
Are you surprised?
639
00:31:19,169 --> 00:31:23,256
JOHN SMITH: I'm surprised that
their security measures are
640
00:31:23,256 --> 00:31:25,008
basically nonexistent.
641
00:31:25,008 --> 00:31:28,762
When you manage to get a foot
in the door this easily,
642
00:31:28,762 --> 00:31:33,100
it's probably going to get
even easier from here on out.
643
00:31:33,100 --> 00:31:35,185
MARIANA: And then what do
you do with that information?
644
00:31:35,185 --> 00:31:37,521
JOHN SMITH: We will see.
645
00:31:38,522 --> 00:31:41,525
MARIANA: John insists this
'side project' was just to
646
00:31:41,525 --> 00:31:43,360
satisfy his curiosity.
647
00:31:43,360 --> 00:31:45,987
But he could make a lot of
money if he decided to take
648
00:31:45,987 --> 00:31:48,198
the experiment further.
649
00:31:48,198 --> 00:31:51,701
In the ransomware game,
this role is known as an
650
00:31:51,701 --> 00:31:54,246
initial access broker.
651
00:31:54,246 --> 00:31:57,124
Someone who sells the details
of how to access a computer
652
00:31:57,124 --> 00:32:01,753
network to other criminals,
who then conduct the attack.
653
00:32:01,753 --> 00:32:04,131
It's a lucrative gig.
654
00:32:12,764 --> 00:32:15,642
I want to learn more.
655
00:32:16,601 --> 00:32:18,687
CATALIN: So this
is our threat map.
656
00:32:18,687 --> 00:32:21,189
MARIANA: Bitdefender tracks
reports of hacking and
657
00:32:21,189 --> 00:32:24,025
cyber security threats
all around the world.
658
00:32:24,025 --> 00:32:25,861
This is what's happening
right now? In real life?
659
00:32:25,861 --> 00:32:26,778
CATALIN: Yes.
This is real-time.
660
00:32:26,778 --> 00:32:28,822
This is just 3%
of what we see.
661
00:32:28,822 --> 00:32:30,282
MARIANA: Really?
CATALIN: Yeah, yeah.
662
00:32:30,282 --> 00:32:31,658
MARIANA: So if everything was
here, what would we be seeing?
663
00:32:31,658 --> 00:32:32,701
Just...
664
00:32:32,701 --> 00:32:34,077
CATALIN: It would be all red.
665
00:32:34,077 --> 00:32:36,496
The human eye wouldn't be
able to, to see all the dots.
666
00:32:36,496 --> 00:32:40,250
BOGDAN: We process about 36
billion events every day.
667
00:32:40,250 --> 00:32:42,335
MARIANA: No.
BOGDAN: So, yes.
668
00:32:44,212 --> 00:32:46,214
MARIANA: Bitdefender has
been collecting data on
669
00:32:46,214 --> 00:32:48,550
cyber-attacks for decades.
670
00:32:48,550 --> 00:32:51,845
But in recent years, their
threat map is increasingly
671
00:32:51,845 --> 00:32:55,682
being overrun with ransomware
cases carried out by a new
672
00:32:55,682 --> 00:32:58,894
generation of professionals.
673
00:32:58,894 --> 00:33:01,271
CATALIN: Ransomware has been
around for the past 32 years,
674
00:33:01,271 --> 00:33:04,858
but only in the last five years
that it's became so prevalent.
675
00:33:04,858 --> 00:33:07,903
They are more organized and
more better prepared than
676
00:33:07,903 --> 00:33:10,530
many of the
organizations out there.
677
00:33:10,530 --> 00:33:12,866
MARIANA: Everybody's a
possible victim of this.
678
00:33:12,866 --> 00:33:16,119
Like hospitals, I'm assuming
airports, governments,
679
00:33:16,119 --> 00:33:17,871
weapons companies.
680
00:33:17,871 --> 00:33:19,581
CATALIN: So cyber-attacks
can lead to...
681
00:33:19,581 --> 00:33:21,041
MARIANA: To death. Yeah.
CATALIN: Yeah, yeah.
682
00:33:21,041 --> 00:33:22,667
If it's critical
infrastructure, we're talking
683
00:33:22,667 --> 00:33:24,336
about tens of
millions of dollars.
684
00:33:24,336 --> 00:33:26,796
So they're actually running
this cybercrime as they're
685
00:33:26,796 --> 00:33:28,089
running a business.
686
00:33:28,089 --> 00:33:29,674
They have their PR person.
687
00:33:29,674 --> 00:33:30,717
They have negotiators.
688
00:33:30,717 --> 00:33:33,345
They have tools that
to, to launder money.
689
00:33:33,345 --> 00:33:35,805
MARIANA: The level of
organization surprised me,
690
00:33:35,805 --> 00:33:38,808
the cyber criminals I've met
are all about keeping
691
00:33:38,808 --> 00:33:40,936
a low profile.
692
00:33:40,936 --> 00:33:43,855
But these ransomware cartels
are different, and more
693
00:33:43,855 --> 00:33:47,525
ruthless than anything
I'd encountered before.
694
00:33:47,525 --> 00:33:52,030
Some of their favorite targets
include hospitals and schools.
695
00:33:53,823 --> 00:33:55,867
JIM: So as I'm driving home
that night and I'm starting to
696
00:33:55,867 --> 00:34:00,956
get more and more, um, texts
and calls about problems that
697
00:34:00,956 --> 00:34:02,290
people are experiencing.
698
00:34:02,290 --> 00:34:05,377
I'm very quickly realizing
that this is not just a few
699
00:34:05,377 --> 00:34:07,879
isolated incidences,
but there's something
700
00:34:07,879 --> 00:34:09,673
bigger going on.
701
00:34:09,673 --> 00:34:11,925
MARIANA: On the night
before Thanksgiving in 2020,
702
00:34:11,925 --> 00:34:15,887
a ransomware group attacked the
Baltimore County school system,
703
00:34:15,887 --> 00:34:18,348
taking its computer
network hostage.
704
00:34:18,348 --> 00:34:21,643
Jim Corns is the executive
director of the county's
705
00:34:21,643 --> 00:34:23,520
IT department.
706
00:34:23,520 --> 00:34:26,815
JIM: As we realized that, that
we had had an attack,
707
00:34:26,815 --> 00:34:29,985
we had to call our leadership
in, in the school system to
708
00:34:29,985 --> 00:34:31,861
let them know that
something was happening,
709
00:34:31,861 --> 00:34:34,990
because decisions had to
be made right away.
710
00:34:34,990 --> 00:34:37,158
We had a day of school that
was coming up the next day,
711
00:34:37,158 --> 00:34:40,870
and, and we didn't have a
way to present instruction.
712
00:34:40,870 --> 00:34:42,747
MARIANA: This was peak COVID.
713
00:34:42,747 --> 00:34:45,750
Baltimore County's
156 schools,
714
00:34:45,750 --> 00:34:50,088
and more than 100,000
students were all virtual.
715
00:34:50,088 --> 00:34:53,300
That's why schools have
become such obvious targets.
716
00:34:53,591 --> 00:34:56,845
Lock teachers and staff out of
their devices and the entire
717
00:34:56,845 --> 00:34:59,723
school system is paralyzed.
718
00:34:59,723 --> 00:35:04,352
JIM: It was
inexplicably, uh, stressful.
719
00:35:04,352 --> 00:35:06,896
Every minute that we weren't
on the problem was a minute
720
00:35:06,896 --> 00:35:08,982
that we, we had lost.
721
00:35:08,982 --> 00:35:10,859
Our students weren't in
contact with our teachers.
722
00:35:10,859 --> 00:35:14,571
And there was more pressure
than I've, I've ever felt.
723
00:35:14,571 --> 00:35:18,825
We have contacted both local and
federal, uh, law enforcement.
724
00:35:19,200 --> 00:35:21,745
KELLY: The ransomware attack on
Baltimore County public schools
725
00:35:21,745 --> 00:35:25,040
is hurting an already
hard-hit educational effort.
726
00:35:25,040 --> 00:35:26,875
MARIANA: Jim won't say
whether the county paid
727
00:35:26,875 --> 00:35:28,710
the attackers or not.
728
00:35:28,710 --> 00:35:31,004
But there are reports that the
cost of the attack is nearing
729
00:35:31,004 --> 00:35:33,590
$10 million.
730
00:35:33,590 --> 00:35:36,593
And he tells me that doesn't
include damages like decades
731
00:35:36,593 --> 00:35:40,096
of lost teaching
materials and student records.
732
00:35:40,597 --> 00:35:43,850
JIM: It's like having our
house burned down and walking
733
00:35:43,850 --> 00:35:47,020
through that house, looking
for anything that was left.
734
00:35:47,020 --> 00:35:50,940
One of the, the biggest
things we lost was our
735
00:35:50,940 --> 00:35:53,068
sense of security.
736
00:35:53,818 --> 00:35:58,031
When everything is suspect,
uh, you, you don't trust any
737
00:35:58,031 --> 00:36:00,450
of the, the
systems that you have.
738
00:36:00,450 --> 00:36:03,286
And we end up with this
feeling that there's something
739
00:36:03,286 --> 00:36:06,081
lurking there,
waiting for you.
740
00:36:06,081 --> 00:36:07,957
MARIANA: That's who I
want to find; one of the
741
00:36:07,957 --> 00:36:10,251
big ransomware players.
742
00:36:10,251 --> 00:36:11,961
And as I continue to research,
743
00:36:11,961 --> 00:36:14,714
one name keeps rising
to the surface.
744
00:36:15,382 --> 00:36:16,383
WOMAN: LockBit.
MAN: LockBit.
745
00:36:16,383 --> 00:36:17,592
MAN: LockBit.
MAN: LockBit.
746
00:36:17,592 --> 00:36:19,177
REPORTER: As LockBit ransomware.
747
00:36:19,177 --> 00:36:21,096
MARIANA: I find
it in FBI reports.
748
00:36:21,096 --> 00:36:23,056
And in hacker forums.
749
00:36:23,056 --> 00:36:25,058
It's both the name of the
ransomware group with the
750
00:36:25,058 --> 00:36:28,812
fastest encryption speeds in
the world and the name of the
751
00:36:28,812 --> 00:36:32,440
leader and developer at the top
of this formidable organization.
752
00:36:34,025 --> 00:36:36,820
MAN: We hacked your company
yesterday and now we have
753
00:36:36,820 --> 00:36:39,948
around 80 gigabytes
of your company data.
754
00:36:39,948 --> 00:36:42,075
MARIANA: The rumors
about him swirled.
755
00:36:42,075 --> 00:36:43,451
But there's no doubt
756
00:36:43,451 --> 00:36:44,911
that LockBit's attacks
757
00:36:44,911 --> 00:36:47,664
are creating chaos
around the globe.
758
00:36:47,664 --> 00:36:50,750
Which is why I
really want to find him.
759
00:36:51,167 --> 00:36:53,294
His name is 'LockBit.'
Have you heard of them?
760
00:36:53,294 --> 00:36:54,921
JON: Oh, yeah!
761
00:36:54,921 --> 00:36:57,215
LockBit's one of the most
dangerous and effective groups
762
00:36:57,215 --> 00:36:59,509
that exist today.
763
00:36:59,509 --> 00:37:01,803
MARIANA: Reaching out to
anyone in the underworld is
764
00:37:01,803 --> 00:37:04,639
always tricky but the
search for LockBit makes me
765
00:37:04,639 --> 00:37:06,724
especially nervous.
766
00:37:06,724 --> 00:37:09,728
He's engaged in attacks right
now, complete with countdown
767
00:37:09,728 --> 00:37:13,106
clocks, tracking when he'll
release sensitive data if a
768
00:37:13,106 --> 00:37:15,942
ransom isn't paid.
769
00:37:15,942 --> 00:37:17,485
Back in the States,
770
00:37:17,485 --> 00:37:20,447
I connect with several
security experts for guidance.
771
00:37:20,447 --> 00:37:23,199
NATE: If you get in contact,
what they're probably going to
do is they're going to want to
772
00:37:23,199 --> 00:37:24,993
talk to you on, like, one of
these secured messaging clients.
773
00:37:24,993 --> 00:37:26,327
MARIANA: Mm-hmm.
Mm-hmm.
774
00:37:26,327 --> 00:37:27,787
NATE: So there's one that
uses, uh, what's called the
775
00:37:27,787 --> 00:37:29,456
Tor Network, which is an
anonymized, it's where the
776
00:37:29,456 --> 00:37:31,040
dark web is. Right?
777
00:37:31,040 --> 00:37:32,208
MARIANA: The dark web, yup.
778
00:37:32,208 --> 00:37:33,501
You know, I'm a little
bit on edge dealing with.
779
00:37:33,501 --> 00:37:35,086
JON (over phone): Yeah.
780
00:37:35,086 --> 00:37:36,796
MARIANA: The person that I
know can find out everything
781
00:37:36,796 --> 00:37:39,466
he wants about me in a second,
so that puts, that makes me
nervous.
782
00:37:39,466 --> 00:37:41,134
JON (over phone): Right.
783
00:37:41,134 --> 00:37:42,969
That's a good thing, because
being, being nervous means
784
00:37:42,969 --> 00:37:45,180
you're going to be paranoid,
and being paranoid is what's
785
00:37:45,180 --> 00:37:46,973
going to keep you safe when
you're dealing with this
786
00:37:46,973 --> 00:37:48,349
sort of element.
787
00:37:48,349 --> 00:37:49,809
MARIANA: Yeah. They're the
people that everybody else is
788
00:37:49,809 --> 00:37:51,686
running away from
and we're chasing.
789
00:37:51,686 --> 00:37:54,355
JON (over phone):
Yeah. Exactly.
790
00:37:54,355 --> 00:37:56,149
NATE: So they're probably
going to do some level of
791
00:37:56,149 --> 00:37:58,943
reconnaissance against you,
just to make sure that you're
792
00:37:58,943 --> 00:38:01,613
not the FBI or, you know,
the NSA, or something.
793
00:38:01,613 --> 00:38:03,072
MARIANA: Mm-hmm.
794
00:38:03,072 --> 00:38:05,158
NATE: The thing that I would
definitely, um, caution you is
795
00:38:05,158 --> 00:38:07,786
that they know that they're
cybercriminals, but do treat
796
00:38:07,786 --> 00:38:09,412
them, treat them with respect.
797
00:38:09,412 --> 00:38:12,165
MARIANA: Um, so if I was to
try and get in touch with,
798
00:38:12,165 --> 00:38:14,334
you know, the people at the
top, what, what do you think
799
00:38:14,334 --> 00:38:16,002
I should do?
How do I start?
800
00:38:16,002 --> 00:38:19,214
NATE: One of my guys
has some friends, he,
he knows a middle man
801
00:38:19,214 --> 00:38:22,008
that can talk to these folks on
your behalf and set it up.
802
00:38:22,008 --> 00:38:25,553
And so basically, he's,
he will probably broker
the conversation.
803
00:38:25,553 --> 00:38:27,597
MARIANA: That's great.
804
00:38:28,306 --> 00:38:31,059
The person I begin texting
with is called Blackrabbit.
805
00:38:31,059 --> 00:38:35,021
He or she tells me these
forums are heavily encrypted
806
00:38:35,021 --> 00:38:38,149
and guarded against outsiders.
807
00:38:39,442 --> 00:38:42,612
But Blackrabbit agrees to
vouch for me if I can prove
808
00:38:42,612 --> 00:38:44,739
I am who I say I am.
809
00:38:44,739 --> 00:38:46,241
How do I know you're
really from Nat Geo?
810
00:38:46,241 --> 00:38:47,784
Can you send me a
picture of yourself?
811
00:38:47,784 --> 00:38:50,036
Huh.
812
00:38:50,453 --> 00:38:52,413
(laughing)
813
00:38:52,413 --> 00:38:53,456
Okay.
814
00:38:53,456 --> 00:38:55,041
Is this a good idea?
815
00:38:55,041 --> 00:38:58,169
I'm basically dangling myself
as bait in front of the
816
00:38:58,169 --> 00:39:00,797
top ransomware
hackers in the world.
817
00:39:01,506 --> 00:39:04,634
"Okay.
I will help you."
818
00:39:04,634 --> 00:39:06,094
Wow.
819
00:39:06,094 --> 00:39:08,388
Blackrabbit explains that the
ransomware scene is full of
820
00:39:08,388 --> 00:39:12,016
big egos, big money,
and big rivalries.
821
00:39:12,976 --> 00:39:15,395
Normally, none of the
top players would talk.
822
00:39:15,395 --> 00:39:18,565
But he thinks we're reaching out
to LockBit at the right time.
823
00:39:18,565 --> 00:39:21,609
His operation has become the
most profitable in the world
824
00:39:21,609 --> 00:39:24,445
and he may be eager
to promote his brand.
825
00:39:25,363 --> 00:39:28,199
Blackrabbit connects
us on a dark web forum.
826
00:39:28,199 --> 00:39:30,410
I wait a day.
Then another.
827
00:39:30,410 --> 00:39:34,038
Finally, someone that I'm
told is LockBit joins the chat.
828
00:39:40,795 --> 00:39:44,549
♪ ♪
829
00:39:44,549 --> 00:39:46,593
MARIANA: Rumors are
that LockBit is a young
830
00:39:46,593 --> 00:39:49,637
20-something from Russia.
831
00:39:49,637 --> 00:39:51,306
But this isn't him.
832
00:39:51,306 --> 00:39:53,892
He would only communicate
via encrypted text.
833
00:39:53,892 --> 00:39:56,853
He asked that we use a masked
avatar to relay the answers
834
00:39:56,853 --> 00:39:58,396
to my questions.
835
00:39:59,105 --> 00:40:01,482
Would you ever
meet us in person?
836
00:40:01,482 --> 00:40:03,776
LOCKBIT: The FBI wants to
eliminate me, I'm ready to
837
00:40:03,776 --> 00:40:06,696
meet you in person
when I lose my mind.
838
00:40:07,447 --> 00:40:10,867
It takes just one
person to destroy the
biggest hacker group,
839
00:40:10,867 --> 00:40:12,869
there are too
many people tied to me.
840
00:40:12,869 --> 00:40:15,455
Without me, my
business would die instantly.
841
00:40:15,455 --> 00:40:17,832
MARIANA: How do you feel
about the FBI targeting you?
842
00:40:17,832 --> 00:40:20,418
LOCKBIT: I really love the
FBI, it is because of them
843
00:40:20,418 --> 00:40:23,254
that I am constantly learning
about anonymity and
844
00:40:23,254 --> 00:40:25,214
improving anonymity schemes.
845
00:40:25,882 --> 00:40:27,884
To change locations
and internet sources,
846
00:40:27,884 --> 00:40:29,218
the countries I live in.
847
00:40:29,218 --> 00:40:32,180
Someday I will be found.
848
00:40:33,473 --> 00:40:36,517
MARIANA: How did you get
into the ransomware world?
849
00:40:36,517 --> 00:40:37,894
And why?
850
00:40:37,894 --> 00:40:40,104
LOCKBIT: Big money.
851
00:40:40,104 --> 00:40:43,691
I am just a young hacker
who decided to make a
lot of money easily.
852
00:40:43,983 --> 00:40:45,985
MARIANA: What does a
typical day look like for you?
853
00:40:46,694 --> 00:40:49,739
LOCKBIT: Riding on a yacht,
Lamborghini, dozens of luxury
854
00:40:49,739 --> 00:40:53,785
models, drugs, everything
like regular millionaires.
855
00:40:55,078 --> 00:40:56,996
MARIANA: You guys have gained
the reputation as one of the
856
00:40:56,996 --> 00:40:59,958
most sophisticated groups
in the ransomware world.
857
00:40:59,958 --> 00:41:02,085
Um, how did you get there?
858
00:41:02,085 --> 00:41:04,170
LOCKBIT: The software has the
best technical specifications
859
00:41:04,170 --> 00:41:07,215
on the planet, we have maximum
encryption speed, ability to
860
00:41:07,215 --> 00:41:10,760
automatically self-distribute,
a list of processes to kill,
861
00:41:10,760 --> 00:41:14,097
trace clearing, safe mode,
filename encryption,
862
00:41:14,097 --> 00:41:16,391
as well as a set of
encryption software.
863
00:41:16,766 --> 00:41:18,726
MARIANA: Do you ever
feel bad for your victims?
864
00:41:18,726 --> 00:41:20,478
LOCKBIT: Why feel
sorry for the victims?
865
00:41:20,478 --> 00:41:22,772
We are not doing
them any harm.
866
00:41:22,772 --> 00:41:25,775
We just provide paid training
to system administrators.
867
00:41:25,775 --> 00:41:28,027
Is it our fault that the
companies don't want to spend
868
00:41:28,027 --> 00:41:31,030
money to protect
their networks?
869
00:41:31,030 --> 00:41:33,491
You can always negotiate with
us simply by paying a modest
870
00:41:33,491 --> 00:41:36,786
amount of money, which is
printed in unlimited quantities.
871
00:41:38,162 --> 00:41:41,833
MARIANA: LockBit claims
he has his own moral
standards about targets.
872
00:41:41,833 --> 00:41:45,586
But he also runs a business
and his malware is a product
873
00:41:45,586 --> 00:41:48,965
that his affiliates have used
to attack government systems,
874
00:41:48,965 --> 00:41:53,302
educational institutions, and
even hospitals around the world.
875
00:41:54,387 --> 00:41:57,348
So you might say that you don't
put people's lives at risk, but.
876
00:41:57,348 --> 00:42:00,518
Aren't you ultimately
responsible for what happens
877
00:42:00,518 --> 00:42:02,812
with the malware
that you create?
878
00:42:02,812 --> 00:42:05,022
LOCKBIT: I'm just a
weapons manufacturer.
879
00:42:05,022 --> 00:42:07,608
America has the best
gun makers in the world.
880
00:42:07,608 --> 00:42:10,319
All these weapons are sold all
over the world, these weapons
881
00:42:10,319 --> 00:42:13,865
regularly kill people,
but do the gun makers care?
882
00:42:14,282 --> 00:42:17,785
The gun makers only care
about the profits from
selling the weapons.
883
00:42:19,203 --> 00:42:21,539
MARIANA: Despite my attempts
to get more details about his
884
00:42:21,539 --> 00:42:23,916
next targets, he won't bite.
885
00:42:23,916 --> 00:42:26,377
But he does send me
one more message.
886
00:42:26,377 --> 00:42:30,923
It's a link to a project he's
calling "LockBit Black."
887
00:42:30,923 --> 00:42:33,968
I'm too scared to open it so
I send it to Jon, one of the
888
00:42:33,968 --> 00:42:36,429
security consultants
I'd been talking to.
889
00:42:36,429 --> 00:42:38,598
So Jon, can you tell me
what's, what's this link that
890
00:42:38,598 --> 00:42:39,891
LockBit sent me?
891
00:42:39,891 --> 00:42:42,018
JON: It's what they're
calling LockBit Black and it's
892
00:42:42,018 --> 00:42:44,854
their newest interface that
they've built for their new,
893
00:42:44,854 --> 00:42:46,022
uh, ransomware.
894
00:42:46,022 --> 00:42:47,648
It's actually really scary.
895
00:42:47,648 --> 00:42:49,984
They've taken a lot of the
technical capability that used
896
00:42:49,984 --> 00:42:53,237
to be required to conduct a
ransomware attack out of it.
897
00:42:53,237 --> 00:42:56,616
MARIANA: Back in Romania,
I'd sat shotgun as John Smith
898
00:42:56,616 --> 00:42:59,744
hacked his way into a
major utility company.
899
00:43:00,578 --> 00:43:04,665
With LockBit's new malware,
he's removed that step.
900
00:43:04,665 --> 00:43:07,877
Now all someone has to do is
type the name of a company
901
00:43:07,877 --> 00:43:11,422
website and the malware
goes in search of access.
902
00:43:11,839 --> 00:43:14,217
JON: It's now like a game.
I could take five minutes.
903
00:43:14,217 --> 00:43:16,427
I could teach you to use
it and conduct attacks.
904
00:43:16,427 --> 00:43:18,638
It's really going to change
the game of ransomware,
905
00:43:18,638 --> 00:43:20,431
and it's really scary.
906
00:43:20,431 --> 00:43:22,183
MARIANA: Do you think that
this has a potential of sort of,
907
00:43:22,183 --> 00:43:27,688
uh, launching a
whole new generation of
ransomware attackers?
908
00:43:27,688 --> 00:43:29,190
JON: Absolutely.
909
00:43:29,190 --> 00:43:31,859
I didn't expect the, the ease
of use that, that this has to
910
00:43:31,859 --> 00:43:33,736
have been built into it.
911
00:43:33,736 --> 00:43:36,447
Uh, I expected it to be more
efficient but I didn't expect
912
00:43:36,447 --> 00:43:39,158
it to be so much easier.
913
00:43:39,158 --> 00:43:40,535
Uh, for someone to do.
914
00:43:40,535 --> 00:43:43,079
What's going to happen is
it's going to allow many more
915
00:43:43,079 --> 00:43:45,665
people to take part
in these attacks.
916
00:43:45,665 --> 00:43:50,169
Higher volumes of attacks
means a lot more victims,
917
00:43:50,169 --> 00:43:54,090
uh, that also means the bad
guy gets a lot more money.
918
00:43:54,090 --> 00:43:57,260
MARIANA: Make no mistake about
it, the arc of the criminal
919
00:43:57,260 --> 00:44:00,096
universe bends
towards easy money.
920
00:44:00,096 --> 00:44:04,851
And we should all be very,
very afraid if ransomware has
921
00:44:04,851 --> 00:44:07,645
gotten easy enough for
someone like me to use.
922
00:44:07,645 --> 00:44:08,938
Captioned by
Cotter Media Group.