Transcript

Speaker 1:

Wait, wait. You're the ...

Speaker 2:

Okay?

Speaker 3:

All right.

Alina Simone:

Okay?

Speaker 3:

All right.

Speaker 2:

You're listening-

Speaker 1:

Listening-

Speaker 2:

To Radiolab. Lab ... Lab ... Lab

Speaker 3:

Radio Lab.

Speaker 2:

From.

Speaker 1:

WNY-

Speaker 4:

C!

Speaker 2:

C?

Speaker 1:

Yeah.

Jad Abumrad:

Hey. I'm Jad Abumrad.

Robert Krulwich:

I'm Robert Krulwich.

Jad Abumrad:

This is Radiolab and today-

Robert Krulwich:

Well, today we're going to tell you a story which we hope does not become your future, but it raises a simple question. We all have computers. We love computers. We depend upon computers. But what if the cost of using your computer becomes more than you're willing to pay? Two stories today, which suggest that we might be at the very beginning of a nightmare.

Jad Abumrad:

The first comes from a journalist, Alina Simone and her mother, Inna.

Alina Simone:

I mean, do you want to start with my mom? Because it really happened to her? She only got in touch with me maybe on day six.

Inna:

Are you talking to me, or her?

Alina Simone:

Yeah.

Jad Abumrad:

Okay. So what ... Yeah, day one. What was the first, first thing that happened?

Inna:

On day one, what happened that I called Tufts University IT services, because my husband works at Tufts, complaining that my computer is unbearably, unbearably slow.

Jad Abumrad:

She tells IT, "I don't know what's going on. Every time I try and open a window, it's like 'click ... oop ... click.. oop-'"

Inna:

Practically stopped working.

Jad Abumrad:

"What do I do?"

Inna:

They checked, whatever. Said, "Probably nothing." Rebooted. So did nothing, basically. Then-

Jad Abumrad:

She went away for the weekend.

Inna:

And when I came back I turned the computer on and like it was doing something ... and I saw many, many windows-

Jad Abumrad:

Covering her screen. Boop, boop, boop, boop, boop, boop!

Inna:

And those windows multiplied.

Jad Abumrad:

Doop, doop, doop.

Inna:

I cannot open any of them and I could not figure, but it was very late at night. So-

Jad Abumrad:

She went to bed, got up the next day-

Inna:

Called the Tufts again, asking for help.

Jad Abumrad:

They had no idea what was going on.

Inna:

No.

Jad Abumrad:

But she says at this point, whatever the computer had been doing-

Inna:

It was done. All the windows disappeared.

Jad Abumrad:

Except now, anytime she tried to click any of her files-

Inna:

The pictures, videos, I cannot open any of them.

Jad Abumrad:

Instead, every time, this message would pop up.

Inna:

And the message says ...

Speaker 5:

What happened to your files?

Inna:

All my files-

Speaker 5:

All of your files have been protected with a strong encryption- [crosstalk 00:02:33].

Inna:

... encrypted-

Speaker 5:

... Using CryptoWall. This means that the structure and data within your files have been irrevocably changed- [crosstalk 00:02:42].

Inna:

And in order to get them back-

Speaker 5:

To unlock files, you must pay 500 US dollars. If you really value your data, then we suggest that you do not waste valuable time searching for the solutions because they do not exist.

Robert Krulwich:

You're saying that somebody went into your computer and locked up all of your things?

Inna:

Yeah. They gave me the exact count.

Speaker 5:

5726 files encrypted.

Robert Krulwich:

When you say, "they," did you have any image in your head of who ... ?

Inna:

My first thought was Russia or Ukraine, which is even better.

Robert Krulwich:

Why?

Jad Abumrad:

Why?

Inna:

Because, you know, everybody talks about excellent, fantastic education there. Special in math. I'm from there, I know.

Alina Simone:

You know she's right. They've surpassed the US in educating their kids when it comes to math and science and they've got a severe underemployment problem, especially outside of the major cities, which is where these viruses often trace down to. Not Moscow and St. Petersburg. What we're talking about, you know, backwater.

Inna:

I was so positive that it comes from that part of the world that I wrote them in Russian.

Jad Abumrad:

Apparently the criminals had provided her a link to a website where she could send them a message. You know, customer support.

Inna:

I wrote them [foreign language 00:04:04]. I don't know how to translate it in English more accurately. Something like, "I wish you all die," or "Drop dead." [crosstalk 00:04:15].

Robert Krulwich:

Wish you all die?

Inna:

But in Russian language, there is a word 'to die' for humans, or another word for animals.

Robert Krulwich:

Oh! [crosstalk 00:04:25] You used the animal one.

Inna:

Yes. Not a curse, but ... they got the message.

Jad Abumrad:

Now, Inna says she thought about just wiping the computer clean. So that she wouldn't have to pay. [crosstalk 00:04:35] But then it occurred to her that her husband had all these files on there-

Inna:

Which he needed.

Jad Abumrad:

You know, like business receipts that he hadn't filed yet.

Inna:

Which he's lazy to do so he asked me to help.

Alina Simone:

And she's right, that like, you know, she has this tax information, this reimbursement information. Ultimately, it's worth more than 500 dollars.

Inna:

My husband did not want to pay, I overruled him.

Jad Abumrad:

So Inna decides-

Inna:

To follow the instructions, basically.

Speaker 5:

One. Download and install Tor browser.

Jad Abumrad:

So she goes and installs this browser called Tor, which apparently-

Inna:

Is not traceable.

Speaker 5:

Two. Run the browser and wait for initialization.

Jad Abumrad:

She does that.

Speaker 5:

Three. Type in the address bar, K-PI-7-Y-C-R-7-J-A-X-Q- [crosstalk 00:00:05:18].

Jad Abumrad:

Then she's directed to a site where it basically tells her, "Look, if you don't trust us-"

Inna:

"We can decrypt one of your files for free, as a sample that when you pay us, you would know that you could really get all your files back."

Jad Abumrad:

Huh.

Inna:

And I was curious, I decided that I will try it.

Jad Abumrad:

So she clicked the button that said yes and ...

Inna:

I got one file back, but as soon as I did ... the clock start ticking-

Jad Abumrad:

Literally, she says a little clock appeared at the top of the browser.

Inna:

They gave me exactly seven days.

Speaker 5:

167 hours, 59 minutes, 59 seconds.

Jad Abumrad:

So you decrypt the thing and then suddenly it's a countdown?

Inna:

Yes! They say, "If you won't pay by this date, then the fine will be doubled and if you won't pay in one more week, then you will lose your files forever and you will never get it back."

Jad Abumrad:

Now, in the message it had told Inna that she had to pay that 500 dollar fine not in dollars, but in Bitcoin.

Inna:

You know, this was first time in my life, ever, I heard the term 'Bitcoins.' So I found this website-

Jad Abumrad:

Called Coin Cafe.

Inna:

Where you can buy Bitcoins. And to buy these Bitcoins is a nightmare. It's a torture.

Jad Abumrad:

What she needed to do was exchange 500 bucks for the requisite amount of Bitcoins. And at the time 500 bucks equaled 1.37 Bitcoins. But before she could even make that exchange, she had to fill out all these forms with all these questions.

Inna:

"What happened? What is the reason to buy Bitcoin?" And reasons were listed. One of them was ransom. So then you-

Robert Krulwich:

That's a category?!

Inna:

Yes. It was the first reason, to pay a ransom to the criminals.

Jad Abumrad:

Next, she says after you fill out all the forms-

Inna:

You have to make a picture and send them a photograph through the internet. Okay? I did not have a camera because-

Jad Abumrad:

She says your camera happened to be in the shop.

Inna:

... Oh! More than that, I have to make a picture of my husband holding a driver's license. Send them this picture back so they would-

Robert Krulwich:

Is this the bank, or the criminals?

Inna:

No! [crosstalk 00:08:00] This is the people who sell you Bitcoins-

Robert Krulwich:

Oh my god!

Inna:

... in exchange for your money. I told you that it's a torture. It's unbelievable.

Jad Abumrad:

But eventually she was able to find a neighbor, borrow the camera, take the picture she needed to take. Then she had to get the money she wanted to exchange to Coin Cafe and it turns out the preferred way to do it, the most secure way to do it, is not online, but through a money order.

Inna:

This was the day right before the Thanksgiving ... Wednesday.

Jad Abumrad:

She still had about six days before the deadline, so she thought, "All right, I'll just pop down to the post office, get a money order."

Inna:

But-

Newscaster 1:

Live from Boston, WVT-

Inna:

Lexington and the whole Massachusetts had a terrible, terrible snow storms.

Newcaster 2:

For a lot of us, this could be the biggest storm so far this Winter. [crosstalk 00:00:08:47].

Inna:

Undriveable road-

Newcaster 3:

And significant snow, a wet snow at that [crosstalk 00:08:51].

Inna:

But I had to go to the post office.

Jad Abumrad:

So she plows through the snow, almost kills herself, but gets there, gets everything together, sends it off ... And it's like, "All right."

Inna:

So finally I send everything out. The post office assured me that they will get it on Friday, which is the first working day after the Thanksgiving. Okay, so on Friday-

Jad Abumrad:

She called Coin Cafe.

Inna:

They did not get it. On Saturday, they did not get it. On Monday, in the morning, nothing was delivered, and I was desperate because my deadline was Tuesday, something like 12 o'clock. And I start calling the post office, whatever. Nobody knows anything. They said "Yes, two days, but there is no guarantee."

Jad Abumrad:

Finally-

Inna:

4 o'clock in the afternoon on Monday-

Jad Abumrad:

But 24 hours before the deadline-

Inna:

They got it-

Jad Abumrad:

Phew!

Robert Krulwich:

Yes!

Inna:

And they send me Bitcoins in exchange because they got my money.

Jad Abumrad:

But she says when she went online to check her Bitcoin account-

Inna:

I'm 13 dollars short.

Opera Singer:

[singing 00:10:06].

Inna:

Because of the exchange-

Robert Krulwich:

So you get only 400 and-

Inna:

And I start calling them- [crosstalk 00:10:13].

Jad Abumrad:

Basically, the exchange rate changed on her. She had bought it at 500, now it was worth 487.

Inna:

I asked them how often do you change the exchange rate and they said, "Every minute." But it's not a joke, every minute. I said, "Are you crazy?" I was a double victim. I was victim² or victim³. You see what I mean?

Inna:

Because driving was terrible. I have to stand on my head to get a camera and then I was struggling to send them.

Robert Krulwich:

That's the problem with this crime. Like the criminals need a better way to get money from the victim.

Inna:

But everything else is traceable.

Jad Abumrad:

I'm on the edge of my seat here. So you're 13 dollars short ...

Inna:

I am calling ... They said, "There is one more way ... one more way."

Inna:

And what does it?

Inna:

"We have a ATM machine."

Inna:

I said "What?"

Inna:

"Yeah, we can have an ATM machine. Only one."

Inna:

And I said, "Where is it?"

Inna:

"It's in Brooklyn."

Robert Krulwich:

Brooklyn, New York?!

Inna:

Yeah.

Robert Krulwich:

Oh, no!

Jad Abumrad:

200 miles away.

Robert Krulwich:

Wait a second, I don't understand this. There is one ATM that is in the borough of Brooklyn, where you do not live?

Inna:

Exactly.

Robert Krulwich:

Ah!

Jad Abumrad:

But luckily her daughter, Alina, lives in Brooklyn.

Inna:

You asked me how my daughter got involved, that's how.

Jad Abumrad:

So she calls Alina.

Alina Simone:

Yeah. My mom called me the night before the ransom was due, so I-

Robert Krulwich:

Were you aware of any of this up to this point?

Alina Simone:

No, no. I remember, you know, it was at night. I had the TV on and I have a toddler, you know, is all these things going on. I was probably on my laptop, too. I was doing like 12 things and my mom called and she was like upset with a capital U. She started ranting about criminals and ransom and I literally thought she was like talking in air quotes.

Alina Simone:

I'm like, "Oh yeah, I know when I go to [tech serv 00:00:12:04] and like, yeah, there's extortion!" And my mom was like, "No! Like, no! There's really a ransom! No, they're really criminals!"

Jad Abumrad:

Her mom told her, "Google 'CryptoWall.'"

Alina Simone:

And I was like, "Holy [beep], this is really a thing!" Plus, I started Googling, as she suggested I do, and found out that police departments had paid this. That a Sheriff's department in Dickson, Tennessee had just paid it to unlock like, you know, 70 plus thousand case files. And I was like, "Yeah, a lot-"

Robert Krulwich:

Oh, so these crooks go after police departments?

Alina Simone:

They've gone after governments, universities, corporations- [crosstalk 00:12:37].

Robert Krulwich:

Oh my god!

Alina Simone:

... police departments.

Robert Krulwich:

And did the question ever come up in your mind like, "Why my mom?"

Alina Simone:

No, not at all. Because like a million people in the US have been infected with criminal- [crosstalk 00:12:46].

Jad Abumrad:

With this very thing?

Alina Simone:

Yes.

Jad Abumrad:

Anyhow. Next day, less than six hours left, Inna says to Alina, "Please go to this ATM so we can just be done with this whole thing."

Inna:

You can cut it later, but I can tell you that in the morning she said, "I have a date for," my granddaughter date. To play date.

Alina Simone:

Play date.

Inna:

"I won't be able to do it until 12 o'clock," And I called again. I said, "Are you crazy? I don't have time."

Alina Simone:

So I go out to Greenpoint, to this ATM. And you know, I just want to add that- [crosstalk 00:13:18].

Inna:

But you had your play date.

Alina Simone:

Well, I canceled my ... [crosstalk 00:13:22].

Inna:

No, you didn't. I called you. You shorten it. You might get a little bit ...

Alina Simone:

Right. Okay, so I cut my play date short. Sorry. Forget that crucial detail. And I go out to Greenpoint and they have an ATM, and I'm-

Robert Krulwich:

I'm just worried that there's going to be 57 people all lined up at this single ATM that you're-

Alina Simone:

There were totally not 57 people. I mean, most people do take care of this remotely. Like there was no one at this ATM. I mean, what was funny about the ATM is like I'm expecting like, "Yeah, I've been to an ATM, like I have a Capital One account. I know what an ATM is." You know, but this was on like the second floor of a work share space in Brooklyn.

Alina Simone:

It was like in the hallway. There was like a bike hanging from a wall, kind of blocking it. And there was like a paper sign, taped to the wall, that just had a printout from the computer that just said 'bitcoin atm' all lower case letters and an arrow, to this phone booth!

Alina Simone:

It looked very Soviet, like if you've seen photos of those phones with no buttons and there's just a receiver? And it's totally scary. [crosstalk 00:00:14:24].

Jad Abumrad:

Like direct line?

Alina Simone:

Yeah, yeah. Like you just pick it up and like somebody is always on the other line, or something. It was like that. It was just this box with a screen and no buttons and a camera eye.

Jad Abumrad:

Oh my god!

Alina Simone:

And what you do is you hold up your QVC code. Is that what they're called? QVC? What are they called?

Speaker 6:

QRC.

Alina Simone:

QRC? QRC?

Speaker 6:

Yeah.

Jad Abumrad:

The barcode thingy?

Alina Simone:

Yeah. Yeah, it's like a barcode. So there's this QRC code and my mom had emailed it to me and was like, "You need to print this out and this is ... this essentially gives you access to my account, to top it off," you know? And so I put this QRC code up to the camera eye it kind of went, "Bloop!" And then it was like, "We are accessing your account."

Alina Simone:

And then I got a spiny wheel.

Jad Abumrad:

You got the wheel of death?

Alina Simone:

Yes!

Jad Abumrad:

No!

Alina Simone:

Ugh, spiny wheel!

Jad Abumrad:

Alina starts frantically dialing her mom, the guys at Coin Cafe.

Alina Simone:

I called, you know. I left like three phone messages-

Inna:

And I left five.

Alina Simone:

So, finally, they called me back, like 20 minutes later. Said, "Okay, we're sending a technician over to fix the machine," which was very cool. I didn't think that would happen. And so, you know, the technician was there and he fixed the machine and he helps me deposit these 25 dollars.

Alina Simone:

And then ... we started talking and he was like, "Yeah, you know ..." He knew my mom because, you know, he'd been talking to her on the phone, he's like, "I feel so bad for your mom. We've been getting so many of these cases." And I'm like, "Why are you, why-" [crosstalk 00:15:47]

Jad Abumrad:

"You're getting a lot of these cases?"

Alina Simone:

Yeah. I was like, "Why are you guys getting so ... Why is everyone coming to you?" And he's like, "Oh, I know why. Because in the ransom note, that they give a list of preferred vendors, and we are number one-"

Jad Abumrad:

Or two.

Mike Hoats:

What [beep] the introduction. What a bad introduction to Bitcoin. Like, "We're going to hold you ransom for all your information until you use this new currency to pay us off." I mean, that's terrible.

Jad Abumrad:

This is Mike Hoats and John Ha. They are the co-owners of Coin Cafe.

John Ha:

I had, a few weeks back, a grandmother who was in tears. She was going to lose all of her family photos because the deadline was coming up. You know, crying on the phone to me and it ... God! It felt horrible. [crosstalk 00:16:27]

Jad Abumrad:

Now, clearly, people who sell Bitcoin just believe that there should be a digital currency that is decentralized. It doesn't rely on the banks. But unfortunately it has become the currency of choice for ransom and so ... they're in this weird position.

Will Wheeler:

So it's a tricky thing because like I can't sell Bitcoin to someone who I know is going to do something illegal with it. Right?

Jad Abumrad:

That's Will Wheeler who runs a Bitcoin exchange called expresscoin and he says he and the other exchangers are really worried right now that if they keep helping the little guys pay the ransom, in order to get their files back, they are in effect making themselves accessories to a crime.

Will Wheeler:

I finally got a call back from a FinCEN, which is the federal authority for Financial Crimes Enforcement Network. They said that we could perceive paying a ransom as unlawful activity and so they might choose to use that against the company who helps out. Right? And, likely, until we get a straight answer from FinCEN, we'll take the overly cautious approach and start declining these transactions.

Robert Krulwich:

Even though, in your heart, you want to help?

Will Wheeler:

Well, yeah. I mean, do I want to risk being indicted for helping you get your travel receipts reimbursed from your company? And I mean, to me the answer is no.

Jad Abumrad:

In any case ... after Alina deposits the extra 25 bucks in her mom's Bitcoin account, Inna, the mom, goes online.

Inna:

Then I clicked and it was gone. But then ...

Jad Abumrad:

About an hour later.

Inna:

I went to my computer and there was another message. That, "You are late."

Jad Abumrad:

No!

Inna:

It turns out that I was two and a half hours late. "You have to pay 1300 dollars, roughly."

Inna:

I did not have anybody to turn to.

Jad Abumrad:

So she went to that same website where you can write them a message.

Inna:

I wrote them that I was late, but I mentioned the snow storm, the Thanksgiving, which they probably were not aware of. And, of course, the wonderful US Mail service. I said that I tried and I was only two hours late.

Inna:

And then, all of a sudden, I am getting the message, "You paid in full," without any explanation. Nothing. "You paid." That's it. And I got all my files back.

Robert Krulwich:

... That they took pity on her?

Jad Abumrad:

Maybe.

Inna:

I felt that it's over. Finally, it's really over.

Robert Krulwich:

It does make you wonder like who these people are?

Jad Abumrad:

We have a story about that up next.

Michelle:

Hello, this is Michelle from Kaka'ako, Hawaii. Radiolab is supported in part by the Alfred P. Sloan Foundation, enhancing public understanding of science and technology in the modern world. More information about Sloan at www.sloan.org.

Michelle:

Mahalo!

Burton-Hill:

I'm Clemmie Burton-Hill and I'm here to tell you about The Open Ears Project, the new podcast from WNYC Studios and WQXR, in which people share stories about the classical music that gets them through that lives. People like director Sam Mendes, musicians John Batiste and Wynton Marsalis, Call Your Girlfriend's Aminatou Sow, and our very own Alec Baldwin. It's part mix tape, part sonic love letter, kind of like a daily musical journey into other human lives. Listen for free wherever you get your podcast and sign up at openearsproject.org

Jad Abumrad:

Hey, I'm Jad Abumrad.

Robert Krulwich:

I'm Robert Krulwich.

Jad Abumrad:

This is Radiolab.

Robert Krulwich:

So here's the next obvious question, who did this to ...? Like do we know anything about them?

Jad Abumrad:

When we put that question to Joseph Menn, investigative reporter for Reuters, he's done a ton of work in this area, and his hunch was that Inna's right.

Joseph Menn:

We're talking people ... Russian-speaking folks, by and large.

Jad Abumrad:

He wrote a book called Fatal System Error, which is sort of a deep dive into the Russian hacking scene. And much of it, as as you'd expect, you know, young guys-

Joseph Menn:

Early twenties.

Jad Abumrad:

Kind of grubby-

Joseph Menn:

By and large, they do not live a lavish lifestyle. There are guys at the top of these criminal organizations that are very flashy.

Joseph Menn:

They are like sort of pop icons, some of them, in the same way that rap stars are in the US. There's a hacker magazine, which has guys with their sports cars and the supermodels, and whatever. You know, buying bottle service at discos at three in the morning.

Robert Krulwich:

Those are the guys who will hire the 20 year olds.

Joseph Menn:

They hire the 20 year olds, or they're franchises.

Jad Abumrad:

And he says the 20 year old grunts work at office parks.

Joseph Menn:

Yeah. It's like a call center type of atmosphere.

Kelsey Padgett:

Is there like you know ...

Jad Abumrad:

That's producer Kelsey Padgett.

Kelsey Padgett:

Ivan in a cubicle at his computer board. He has a meeting later with Judy in HR and he's mad about it. Is that the kind of like environment that these people are in?

Joseph Menn:

For the most part, I think so, yes.

Jad Abumrad:

The larger point is that it's not just like your lone-wolf, pimply faced hacker anymore. Cyber-crime is now super organized. It is often corporate. It is big business. And the whole sort of economy seems to revolve around these secret sites where people come together to buy and sell things like that ransomware from our last story.

Joseph Menn:

They're these underground web forums and there's a variety. Some are available ... You can reach you on the open internet. The more impressive ones are password-protected. You know, you have to know somebody to get in. The really, really fancy ones, you have to have a couple of people vouch for you.

D.Temple-Raston:

You actually have to apply with your resume, your hacker's resume. "Here are the things I can bring. These are the kinds of hacking exploits that I've had and therefore I should be part of your exclusive club."

Jad Abumrad:

That's Dina Temple-Raston, NPR cyber-crime correspondent. She's been tracking the government's attempts to shut down some of these sites, which she describes as-

D.Temple-Raston:

Sort of a hacker's black market bazaar. So let's say someone is looking for a bunch of credit card numbers that have been stolen. You can get it there.

Joseph Menn:

There's at one price, if they're MasterCard Gold, and another price for a higher-level credit, whatever.

D.Temple-Raston:

Let's say you wanted to know about a boss, or an employee, or a girlfriend-

Jad Abumrad:

You can get this piece of software that allows you to turn on their phone at any time.

D.Temple-Raston:

You could basically ease drop on them because you're in their pocket. And for 300 dollars a month you would actually get customer service.

Joseph Menn:

And the prices actually keep coming down. It's a very, very evolved, fluid marketplace. There's feedback and there's escrow.

Robert Krulwich:

There are feedback forums? Come on! [crosstalk 00:23:24].

Joseph Menn:

Absolutely.

Robert Krulwich:

That thief was not really ... There was like ... Didn't do the thief ... the robbery right?

Joseph Menn:

Absolutely. Particularly for something ... You'll see it a lot for freshness of credit cards because it's easy to say, "Here are 10000 credit card numbers," but if they're credit card numbers had been out for awhile, and get declined to everybody, you've just wasted your money. And these people are called 'Rippers' as in, 'they're ripping you off.' And they will get banned from the forum.

Jad Abumrad:

Wow. So it's reputational, just like everywhere else?

Joseph Menn:

Yeah. And it's as good as eBay. If you feel safe doing business on eBay, there's no reason you shouldn't feel safe doing business with the criminals.

Jad Abumrad:

Now, all of this to me, frankly, felt like just a sexy hacker talk [crosstalk 00:24:03] until a couple of months ago, Dina started telling us about this one particular site. Actually, the biggest of these kinds of sites that's out there. It's called Darkode.

D.Temple-Raston:

Yeah. The way it has been described by law enforcement is sort of an amazon.com for hackers.

Jad Abumrad:

Actually, here's specifically how US Attorney David Hickton described it to her in an interview.

David Hickton:

Darkode is the largest English-speaking criminal cyber-crime forum in the world.

D.Temple-Raston:

And one of the .. I think most people know Silk Road and they know, for example, you could get a contract hit from Silk Road, and drugs, and guns, and everything else. So would it be right for me to say that this was sort of a Silk Road for hackers?

David Hickton:

Yeah, I wouldn't want to draw that direct comparison. I think it's probably accurate. I would say that all measure of cyber crime that you see and watch around the world was in some form or fashion connected through it.

Jad Abumrad:

So we got really interested in this world of this site, Darkode, and the people in it. And so, with Dina, we started calling around trying to find anyone that would talk. And after weeks of searching and calling and lawyering, we found a guy who agreed to go on the record.

Daniel Placek:

My name is Daniel Placek and I am a reformed hacker.

Jad Abumrad:

As far as we know, Dan has never talked about this publicly.

D.Temple-Raston:

So how did you get involved with Darkode?

Daniel Placek:

Well, I was one of the people who created it.

Daniel Placek:

A very long time ago.

Jad Abumrad:

Daniel's story begins not in Russia, but in Milwaukee.

Daniel Placek:

Sure. Well let me ... Let me start with a little bit of context- [crosstalk 00:25:28]

Jad Abumrad:

Small middle-class suburb, right outside of Milwaukee.

Robert Krulwich:

Do you have brothers and sisters?

Daniel Placek:

Two younger brothers and two younger sisters. Big family.

Robert Krulwich:

Did you have to share rooms with them or were you in your own little kingdom?

Daniel Placek:

I shared a room with both my brothers, for a lot of years.

Jad Abumrad:

In fact, that sort of plays into the story because he says what he would do, to sort of escape, is go to the basement and play video games.

Daniel Placek:

So yes, the stereotypical hacker in his parents' basement. I know, I know. It's quite hilarious.

Jad Abumrad:

Dan says his hacking began, innocently enough, when he would monkey with games like Age of Empires.

Daniel Placek:

I had changed the graphics, changed the artificial intelligence in the game, the way it plays. Rework it, create new maps, that type of thing. It was something I enjoyed. And slowly throughout my teenage years that developed into something more.

Daniel Placek:

I did not get along well with a lot of my peers in grade and middle school. So I spent a lot more time, you know, on the computer and by myself than I did socially, at least at that age.

Jad Abumrad:

And he says one day he was in a chat room, an internet chat room.

Daniel Placek:

It was called Game Search.

Jad Abumrad:

Talking with a bunch of other people about video games.

Daniel Placek:

And at some point, along the way-

Jad Abumrad:

He meets this guy.

Daniel Placek:

You know, this particular guy was into botnets.

Robert Krulwich:

"Oh yes, botnets!" We all cry. Yeah. Just remind us of what's going on there.

Daniel Placek:

Botnets are malware, viruses installed on computers. And botnets, you know, are the way to centrally control a whole lot of infected computers.

Jad Abumrad:

Just to put this in context for second, because I think this is totally fascinating.

Jad Abumrad:

Joseph Menn says that this whole botnet situation-

Joseph Menn:

It started with spam. One of the easiest ways to make money on the internet, back pre-2000, was spam.

Robert Krulwich:

Spam as in penis extensions-

Joseph Menn:

All that stuff. What happened was that the ... in the olden days, most servers, mail servers, acted as open relays.

Jad Abumrad:

Meaning the mail people wouldn't really pay attention to who was sending what. So the spammers would spam with abandon.

Joseph Menn:

And then spam got to be enough of a problem that the techies of the world-

Jad Abumrad:

Decided, "That's it." They started to block people. Like if they found a guy who they thought was sending too many product emails or whatever, they would block his IP address so that he couldn't send any more mail.

Joseph Menn:

So what the spammers and their contractors then needed to do was to have a bunch of clean IP addresses.

Joseph Menn:

And send spam from that. [crosstalk 00:28:00].

Jad Abumrad:

So what they did, which is totally genius, totally evil, is they hired a bunch of programmers to create a bunch of viruses. Disseminated those viruses across the internet. People would accidentally click or open something, get them onto their computer, and then suddenly the spammers could now remote control our computers, at a distance, whatever they wanted, for maybe just an hour or two a night to send out their spam. Because these were clean IP addresses.

Joseph Menn:

Of course, what happened is that once the spammers had these botnets-

Jad Abumrad:

They started thinking-

Joseph Menn:

"Hey, I could do something else with this." And the next thing that came along was denial of service attacks. You can have all of them try to contact ebay.com at the same time and knock over eBay.

Daniel Placek:

This first gentleman that I ran into, he had a botnets of well over a thousand computers, which at the time was amazing to me. You know, by today's standards, a thousand for a botnet is nothing.

Jad Abumrad:

Now they can get up into the millions.

Daniel Placek:

But back then it was quite incredible to me and- [crosstalk 00:28:56].

Jad Abumrad:

Because he says he was in this chat room, this guy was there, and this guy would get into fights with people. And anytime he did, he'd point his 1000 computer drone army at that enemy and-

Daniel Placek:

"F you man, I'm going to knock your internet offline and there's nothing you can do about it." You know, if it was something in a game, he could knock the game server that they were playing on offline. You know, stop their game, things like that.

Robert Krulwich:

It's like he can take away your his ball back in 1935.

Jad Abumrad:

Yes!

Daniel Placek:

That is exactly it. Taking away someone else's ball over the internet.

Robert Krulwich:

So this for some reason intrigued you?

Daniel Placek:

Yes. It was amazing to me. I'm like, "You have control of a thousand computers? Wow!"

Daniel Placek:

You know, "How did you do this?" You know, at the time, I had never heard of botnets. I didn't know about any of this stuff. Like, "How did you get the software to do this? How did you get it onto all these computers?"

D.Temple-Raston:

And he was quite happy to tell you all that?

Daniel Placek:

Oh, he certainly was. This particular gentleman had a very large ego.

D.Temple-Raston:

And did you see him as a bad guy?

Daniel Placek:

To be honest, I think at that age, I didn't really think about it that deeply. It's the internet. It's a lot harder to kind of quantify right and wrong there. I mean, now, I mean, it's easy to look back at that and say, "Yeah, this is wrong." But it's not like going up to someone and punching them in the face. There's no human connection there. You don't see these people or feel these people.

Jad Abumrad:

He says at the time it was just sheer curiosity.

Jad Abumrad:

So he says he asks this Pied Piper guy to send him some of the bot software that made the botnet go.

Daniel Placek:

And that really intrigued me. You know, digging through the source code, trying to understand what does this thing doing, how does it work, how does it tick?

Jad Abumrad:

This guy, was he a good coder?

Robert Krulwich:

Like is he good at it?

Daniel Placek:

Was he good at it? No, no. I would ... You know, in hindsight, now, you know, he's what I would classify as a script kitty. You know, someone who-

Robert Krulwich:

Yeah!

D.Temple-Raston:

Script kitty!

Robert Krulwich:

I don't know what that is, but it's a whole new curse word. [crosstalk 00:30:48].

Daniel Placek:

Script kitty. So a script kitty is someone who has just enough technical ability to kind of take some tools and software that other people have created and just use them.

Jad Abumrad:

Yeah. To fast forward ... As Dan went the opposite direction of the script kitties and got better and better and started making these botnets that could literally spy on people as they were using their computers.

Daniel Placek:

Interesting to see all the porn that people are watching, that type of thing.

Jad Abumrad:

He says he found himself in another chat room.

Daniel Placek:

That was called [BAT Talk 00:00:31:19].

Jad Abumrad:

It's the kind of place where hackers swap tips, brag.

Daniel Placek:

Like, "Hey, look what I did. I defaced this website, take a look"

Jad Abumrad:

And he says one day he was talking with a coder friend of his, guy named [Eserdo 00:31:28].

Daniel Placek:

We were talking and, "Why don't we set up a community where we can really filter who gets to join and don't let all these script kittys and idiots in." I actually chose the name. I came up with that a nice lame name.

D.Temple-Raston:

I actually think it's pretty good.

Robert Krulwich:

What's the name again?

Daniel Placek:

Darkode.

Robert Krulwich:

Darkode.

Jad Abumrad:

It's like D-A-R-K-O-D-E, I think. Right?

Daniel Placek:

It seemed cooler with the K. Yeah, so we chose the name and started getting the site set up.

Jad Abumrad:

The rules were it would be invite-only.

Daniel Placek:

So you had to have an invite.

Jad Abumrad:

And each new person would be required to demonstrate their skill.

Daniel Placek:

You know, "Here's a piece of software that I created."

Jad Abumrad:

Or, "Here's a video of my botnet in action."

Daniel Placek:

And at some points, not too long after it was created, it was decided for one reason or another that you know, "Hey, we got all these programmers on here, that's great. But, you know, they also want to be able to sell some of the stuff they're making. So let's invite some people who would be willing to buy some of this stuff."

Robert Krulwich:

This now begins to sound like a fair. You say, "Oh, I have a burglar's tool. Do you have a door you want a burgle?" And then you're like, "I'll rent you my tool."

Daniel Placek:

That's a simplification, but yeah.

Daniel Placek:

People would post and say, "I am looking to buy X," or "Here's this piece of software I created. Here's all the things it does, here's some screenshots of it in action. And here's the price." Could be a certain type of botnet software. It could be buying a botnet itself. You know, if you don't want to build one yourself, you want to buy one that somebody else already created and has going.

Robert Krulwich:

You mean, "I can get you onto 200000 or 20000 computers. Just give me a check?"

Daniel Placek:

Yeah. What they called them were 'installs.'

Jad Abumrad:

Installs.

Daniel Placek:

You know, "Hey guys, I've got installs and they're 10 dollars per 1000," something like that.

Robert Krulwich:

Wow.

Jad Abumrad:

Now, this is something that's sort of surprising to us, that when it comes to botnets, that there's this whole rental market that's frighteningly affordable.

KJacksonHiggins:

Yeah, it's bargain basement.

Jad Abumrad:

In fact, we were talking with one reporter, Kelly Jackson Higgins, who's the executive editor of darkreading.com which is a cyber security new site. And she told us-

KJacksonHiggins:

You know, you can actually rent a botnet if you really wanted to. You could rent a botnet for one hour for about 38 dollars a month-

Jad Abumrad:

What?!

KJacksonHiggins:

And, in some cases, as low as 20 ... Yes. As low as 20 dollars a month. So it-

Jad Abumrad:

I can rent a botnet for 20 bucks a month?

KJacksonHiggins:

You could. It's like renting space, "Here, you want to use this to go do damage somewhere, or you want to make a statement, or you have some plan for it. Do you want to send some spam? Here you go."

Daniel Placek:

You could go online right now and probably find somewhere out there on the net, somebody who will sell you access to computers for cents a piece.

Jad Abumrad:

And these are like people's computers, like your computer, my computer. And Dan says as Darkode got bigger and bigger, he began to see more of this kind of activity on the site. Like some guy would have a botnet of 5000 computers. Another guy would have some software, like the ransomware. Software guy would then rent the botnet from guy one, install his ransomware, ransom these poor people, then move on.

Daniel Placek:

You know, some of the people were doing some pretty unpleasant things. You know, moving more into the kind of financial crimes territory, which is something that I really never had a desire to be involved in.

Jad Abumrad:

And it was largely because of that, he says, that in 2009 he decided to get out.

Jad Abumrad:

But, unfortunately, the next year ...

Daniel Placek:

I got a lovely visit from the FBI. They promptly ...

Jad Abumrad:

Was it like 'kicked down in your door' type situation?

Daniel Placek:

They knocked, they knocked. So it was ...

Jad Abumrad:

Okay.

Jad Abumrad:

What was that like?

Daniel Placek:

Pretty terrifying, you know. What's going to happen to me? What's going to happen next?

Jad Abumrad:

And what did happen next?

Daniel Placek:

I don't know how much of that I can talk about, but I did cooperate with the government and I have cooperated with them for the last, you know, five plus years now. It was a kick in the butts. You know, my parents kind of kicked me out. Not 'kicked me out,' but 'assisted me with a rapid move out.'

Daniel Placek:

And I've been living on my own since then and became gainfully employed. Had a few jobs, became a little bit more serious with my then-girlfriend, who is now my wife. So, you know, it's given me an opportunity over the last five years to really make some serious changes to my life.

Jad Abumrad:

Meanwhile, over the same five years, Darkode grew into this massive cyber criminal swap meet, where tens of thousands of stolen Social Security numbers were bought and sold. Huge databases of personal information and emails were bought and sold. Malware and software of various kinds are bought and sold. And this continued, according to Dina Temple-Raston, right up into July 15th of this year. July 15th, 2015

David Hickton:

Today marks a milestone in our efforts to bring to justice some of the most significant cyber criminals in the world.

D.Temple-Raston:

What ended up happening on July 15th is that the FBI had actually got into Darkode with a number of intelligence services from around the world. And they had an 18 month investigation in which they took down, in the end, 28 people.

David Hickton:

The FBI has effectively smashed the hornets' nest and we are in the process of rounding up and charging the hornets.

D.Temple-Raston:

But here's what's amazing, right? So they take down more than two dozen people. Two weeks later ... Darkode is up again.

Jad Abumrad:

It just popped back up?

D.Temple-Raston:

Just popped back up.

Robert Krulwich:

Our deep gratitude to NPRs Dina Temple-Raston, who's reporting really got us going on this whole project.

Jad Abumrad:

Yeah. Props to Kelsey Padgett, who produced our first segment.

Robert Krulwich:

Andy Mills, who produced our second segment.

Jad Abumrad:

And who can, from memory give, you the extended family tree of Darkode. Just right off his head. Right out of his head.

Robert Krulwich:

You got original music this hour from Dubmood and [Yahaveh 00:37:14] .

Jad Abumrad:

Yeah, wow. Thanks also to Andrew Zolli, Michael [Shamos 00:37:17].

Robert Krulwich:

Gunther [Omen 00:37:18] .

Jad Abumrad:

Little Libby.

Robert Krulwich:

Kathy Rotter-

Jad Abumrad:

Also, Cathy, too.

Robert Krulwich:

Don't forget attorney David [Bacaro 00:00:37:21].

Jad Abumrad:

And the whole crew at the Microsoft Cyber Crimes Unit. And to you Robert, thank you to you.

Robert Krulwich:

Why me?

Jad Abumrad:

Because you're part of my botnet.

Robert Krulwich:

"Because ..."

Jad Abumrad:

I'm Jad Abumrad.

Robert Krulwich:

And I'm Robert Krulwich.

Jad Abumrad:

Thanks for listening.

Speaker 7:

Message 21. New.

D.Temple-Raston:

Hey, this is Dina Temple-Raston and I'm reading the credits. Radiolab is produced by Jad Abumrad.

Speaker 8:

Our staff includes: Brenna Farrell, David Gebel.

D.Temple-Raston:

Dylan Keefe, Matt Kielty, Andy Mills.

Speaker 8:

Latif Nasser, Kelsey Padgett, Arianne Wack.

D.Temple-Raston:

Molly Webster, Soren Wheeler, and Jamie York.

Speaker 8:

With help from Simon Adler, Alexandra Guillon, Abigail Kiel, and Alexandra Brennan. Our fact-checkers are Eva [Desha 00:38:17] and Michelle Harris.

Speaker 7:

End of message.







Copyright © 2019 New York Public Radio. All rights reserved. Visit our website terms of use at www.wnyc.org for further information.

New York Public Radio transcripts are created on a rush deadline, often by contractors. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of New York Public Radio’s programming is the audio record.