Summary
Jack Recyder interviews Chris Rock, an Australian security researcher and mercenary hacker who operates in both white-hat and black-hat domains. The episode details a complex engagement in the Middle East where Chris investigated financial theft and intellectual property misappropriation, ultimately recovering $2.5 million from a suspect's bank account while he was in jail. Chris also discusses critical vulnerabilities in death and birth certificate systems that could enable identity fraud and manipulation.
Insights
- Mercenary hackers operate with sophisticated operational security using compromised systems across geopolitically hostile nations as proxy hops to avoid attribution
- Critical infrastructure in financial and vital records systems relies on easily-forged credentials (medical license numbers, funeral director registrations) with minimal verification
- High-net-worth individuals in certain regions bypass legal systems entirely, hiring hackers for asset recovery rather than pursuing court proceedings
- Multi-layered social engineering targeting family, doctors, lawyers, and accountants provides better access than direct targeting of primary subjects
- Bank security remains fundamentally weak despite decades of known vulnerabilities, with employees storing passwords in LDAP descriptions and minimal egress filtering
Trends
Mercenary hacking as a service becoming normalized in Middle East and emerging markets as alternative to legal remediesNation-state attribution becoming unreliable as private hackers deliberately plant false APT signatures to deflect investigationVital records systems (birth/death certificates) moving online without corresponding security improvements, creating identity fraud vectorsTwo-factor authentication bypass through session hijacking and real-time credential logging remains viable against banking systemsGeopolitical tensions between nations being exploited as operational security feature (routing through hostile countries with no law enforcement cooperation)Long-term persistent access (9+ months) to financial institutions remaining undetected despite large fund transfersPlausible deniability structures in international criminal operations using intermediaries to insulate principals from direct liability
Topics
Mercenary Hacking and Black Hat OperationsBank Security Vulnerabilities and ExploitationTwo-Factor Authentication Bypass TechniquesPhishing and Trojan Deployment via PDF ExploitsWi-Fi Cracking and WEP Encryption VulnerabilitiesOSINT and Social Engineering TargetingVital Records System Security FlawsDeath Certificate Fraud and Identity ManipulationBirth Certificate Fraud and Fake Identity CreationOperational Security and Attribution EvasionInternational Financial Crime and Asset RecoveryRemote Access Trojans and Persistent BackdoorsKeylogging and Email InterceptionBanking System Forensics and Anti-ForensicsGeopolitical Exploitation in Cybercrime
Companies
SeamMonster
SIEM platform founded by Chris Rock to collect security logs and alert on incidents, built from open-source products ...
Vanta
Agentic trust platform for GRC automation, used by 16,000+ companies; sponsor offering 24/7 compliance monitoring and...
Drota
Agentic Trust Management Platform automating GRC tasks, security questionnaires, and evidence collection; episode spo...
Ripley
AI platform providing unified workforce visibility across HR, IT, and finance with automated action capabilities; epi...
People
Chris Rock
Australian security professional with 40+ years hacking experience; guest discussing black-hat operations and vital r...
Jack Recyder
Podcast host conducting interview and providing narrative context throughout the episode
Quotes
"I've been doing them since I was 11 years old. This is the norm. I know a lot of people on the white hat say, I used to be a black hat and now I'm not. I mean, for me, it's like I didn't give a shit whether it's white or black."
Chris Rock•Early in interview
"It's not that I'm that good. It's just you have to be stupid to get caught. You know what I mean? Like, the world's your oyster."
Chris Rock•On avoiding law enforcement
"We don't just send like a blind email and then just like, oh, you know, they're on choice or we got in successfully. So we'll essentially own their whole world."
Chris Rock•On multi-layered targeting strategy
"You have to be really careful not to be seen. So essentially what we would do with a blackout exercise, we might compromise, say, eight targets around the world and the last hop would be from the home country."
Chris Rock•On operational security
"The beauty is if you do find tools that they're using, you take a copy of those tools because we can then use those tools to plant on another target's side so they get the blame for it, not us."
Chris Rock•On false flag attribution
Full Transcript
Just a content warning from the top here. There's quite a few swear words in this one. I don't know. Do these content warnings even help anyone? Let me know if you like knowing if there's swear words coming up or not. Someone who's been on my radar for the last decade is a guy named Chris Rock. Not that Chris Rock. A different Chris Rock. A white guy. An Australian. And I know him as a security researcher. But as soon as I got on the call with him, I started learning that he's way more than just a researcher. Yes. I'm a public guy for my research, but not public for that side of the business. So for me, it's just a gig. And whether it's white or black, it makes no difference to me. So I think that sort of... Wait, so have you done black hat gigs before? Oh, shit, yeah. This is the... I've been doing them since I was 11 years old. This is the norm. I know a lot of people on the white hat say, I used to be a black hat and now I'm not. I mean, for me, it's like I didn't give a shit whether it's white or black. Are you a hacker yesterday? Yeah, I think so. Hold on a second. But the black hat indicates that you're doing criminal activity. So you don't give a shit if you're doing criminal activity. No, not at all. Not at all. It's funny. I meet with a lot of people who do the whole hacking is not a crime and all that sort of stuff. It's all full of shit. That's the public persona to keep their job safe. But at the end of the day, when you have a beer with them and you talk shit, it's all bullshit. So I'm essentially transparent about what I do. So what black hat stuff have you done? When you were 11, I mean, I'm sure you stole your mom's credit card or something, but that's small potatoes compared to when you're an adult, I suppose. We've done everything. We've done banks. We've done government. We've done telcos. We've done big oil companies just out of exploratory processes. It's like, yeah, normal stuff. I want to say normal stuff, normal for black hat people. No, I'm not tracking. So you're telling me you robbed a bank and then just like took the money? Yeah. Chris. What are you doing? I mean, for me, it's an exercise like it's just, you know, can you do it? Yes, no transfer. And there's a lot of people around the world that will pay you to get into these banks and transfer money. Yes. You broke my brain here. Sorry, buddy. I don't even know where to go. You've got multi-angles and look, you may not, you may not be able to come at all in this call. It's just an exploratory call. That thing really needs like 10 calls. I mean, the hard thing with you, Jack, is you've got 30 something year old career that you've got to stick into an out walk. It's not going to fit. So it's a... Okay. Have you ever been arrested? No. How are you this good that you're able to rob banks and not get arrested? It's not that I'm that good. It's just you have to be stupid to get caught. You know what I mean? Like, the world's your oyster. I mean, we get more... We get raised in this world. I mean, I train forensics, anti-forensics. I mean, it's just like the norm. Like, it's... I feel sorry for the people that do get caught because, man, you shouldn't be hacking shit that, you know, that, you know, when you've got five years, 10 years experience. Like, once you've done it for 20 plus years, it's just easy. These are true stories from the dark side of the Internet. I'm Jack Reisider. This is Dark Net Diaries. This episode is sponsored by Vanta. What's the one thing in business that's spreading as fast as AI? AI risk. Every new tool your team signs up for, every vendor that turns on AI features, every new integration, each one is an opportunity for something to go wrong. And most security programs weren't built for AI's pace of growth. Enter Vanta. Vanta is the number one agentic trust platform used by over 16,000 fast-moving companies like Ramp, Cursor, and Harvey to ensure they're always audit-ready. And now Vanta is helping companies like yours watch for the risks that show up between audits, across your vendors, your AI tools, your whole environment. How? The Vanta agent works like a 24-7 GRC engineer in the background, finding issues, drafting fixes for you, and cutting vendor assessment time by up to 50%. Whether you're a fast-growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today at vanta.com slash dark net. That's spelled V-A-N-T-A. Vanta.com slash dark net. This episode is sponsored by Drota. Let's face it, if you're leading GRC at your organization, chances are you're drowning in a sea of spreadsheets every day. Advancing security, risk, and compliance in an ever-changing landscape of threats and regulatory frameworks can feel like running a never-ending marathon. Enter Drota's Agenetic Trust Management Platform, designed for leaders like you. Drota automates the tedious tasks, security questionnaires, responses, continuous evidence collection, and much more, saving you hundreds of hours each year. With Drota, you can spend less time chasing documents and more time solving real security problems. With Drota, you also get access to a powerful trust center, a live customizable product that supports you in expediting your never-ending security review requests in the deal process. It's perfect for sharing your security posture with stakeholders or potential customers, cutting down on the back and forth questions and building trust at every interaction. Ready to modernize your GRC program and take back your time? Visit drota.com slash dark net diaries to learn more. This is Drota spelled D-R-A-T-A, drota.com slash dark net diaries. All right, so who are you and what do you do? So my name is Chris Rock. I'm 50, 51 now. So my career started when my parents bought me, you know, my first computer, which then it wasn't even a computer, but it was, you know, the Atari 2600. And from there it went to, you know, Commodore 64 and Amiga and then IBM Client. I was born at the right time for computers, loved hacking. I'm on, you know, I consider myself on the spectrum, like I prefer the company of computers than people. So for me, you know, spending 16, 20 hours a day in front of the theater is natural and I've done it since I was 10 or 11 years old. So you spend that much time in front of us or something. You become good at it. So I've spent my whole, you know, the last 40 years on a keyboard. And I went to university 18, didn't like uni. It was coding. I hate coding. So I dropped out of uni. uni wasn't really for me. So then I went into the, into the sector. So it was IT slash really IT 80% then security 20%. But I went into the banking sector. So I spent the next 10 years in banks in Australian banks, which you could probably tell from my accent, 10 years in banks. And then someone said to me, you know, what do you want to do now? So, you know, I want to do some pen testing. And then, then I set my own pen testing company. So I did pen testing for another 10 years after that around the world. And then one of my customers from pen testing wanted the same solution. I said, look, I can help you out. I can stitch some open source products together like elastic and stuff like that. And I did that and they really loved it. And then, you know, they said, why don't you give it to the rest of the world? So they can have a look at, which was essentially the platform that I'm running now, same on the version one. So we rolled that out. I got a lot of traction and essentially that's my full time geek. I am the CISO of SeamMonster, SIE Monster. What a Seam does is it collects all the security logs of an organization and alerts when there's a security incident. And Chris made his own called SeamMonster, which came about because he was breaking into companies and saying things like, oh, if you had logging turned on, you could have saw me. And those companies were like, well, set up logging so we can see you. So he's got quite a bit of experience in both the offensive and defensive side of cybersecurity. So while I was talking to Chris, he started telling me about a job that he had in the Middle East. And I'm not even sure what kind of job this was. It's not exactly a penetration test and it's not exactly an incident response. Research and engagement. So it's probably a better word for it. So when I was doing pen testing, people would say, Chris, you seem like a guy that would do outside activities and then I'll get approached for these outside activities and then, you know, around the world to, you know, hacking to this person, hacking this company, you know, get these secrets and that sort of stuff. So essentially, both parts are working. So through word of mouth, there is someone in the Middle East who needs a hacker's help and heard that Chris is the guy to call for these sort of things. So he calls him up and says, can we meet? Usually they do it in person. So in this case, I flew to a neutral area. So if I flew to Istanbul and Turkey and then met over dinner to talk about the exercise that people pull. That's a that's quite a I mean, already I'm intrigued, right? Because it's like, hey, we have this job. If you want more details, meet me in Turkey. Yeah, it's and I say it off the cuff because that's natural for me. And I know a lot of, you know, pen testers don't see that side of the world. You know, they see it in a forensics report or, you know, incident response. But once you live it and you go through it, it's very interesting. Well, like it's, you know, you, you, you, you, you know, I'll use you in the example, you know, you get paid every week slash fortnight slash whatever and you get paid, you get tax comes out and stuff like that. But when you're on that other side, you know, it doesn't work like that. Obviously, you know, there's there's no tax, but you've got to get your money and things are expensive, burner phones, you know, burner laptops, crypto, PDP money and getting your money washed, all that sort of stuff. Different world is, you know, great learning curve. But a lot of us don't get to experience that sort of stuff. Well, yeah, what is this engagement? Tell me, tell me more about how this was pitched to you and what are you, what's the job and stuff? Yes. So, so I met this guy, Walden's calling Mike. I met Mike and Mike's worked for a company and they were rich Middle Easters who essentially he was one of five brothers and each of the brothers was worth about a billion dollars, but he was only worth $200 million. So he was like the poor loser of the family. So I know that sounds really weird, but he had to take bigger risks to compete with his brothers to get to that billionaire status. And that's why he would, you know, he would engage hackers to assist him with his business activity. So in this case, it was put forward to me that one of his subsidiaries, he thought that they were stealing money and then moving that money to another company, another offshore company and also the IP from that company. So he asked whether I'd be interested in in in finding out where it was true and then to recover as much money as possible. We're dealing with a few mega rich billionaires from the Middle East here, but the one brother isn't quite a billionaire yet. And he's keen on hiring a hacker's help to investigate where some of this money went. In this exercise, it was a cash deal. I mean, it was offered gold in a briefcase, which is pretty fucking useless, getting gold overseas. But, you know, you get offered different types of currencies. Gold in a briefcase is what they offered you. I know it's when I heard that story, first of all, I thought it was just a shit story. But they had cash ready to go for the exercise. And but if they said I prefer gold, I could get gold. So being not a native from that part of the world, it was pretty useless for me. OK, so did you meet with this multi-millionaire directly in Turkey? No, you always go through an agent. So I don't want to sound rude, but when you're dealing with Middle Eastans, you don't actually deal with the Middle East guys. You deal with also you deal with a white guy because they don't want to have any direct link to the foreigner. So I met with an agent of the rich guy and he was from South Africa. And he he and I discuss what was required, the targets. Chris, this is not a normal incident response or engagement or exercise or whatever it is you called it. Like when I when when when I hear that they wanted this extra layer between like the client and you, it makes me think that they want like plausible deniability. So like if you get caught, they can be like, we don't have any assies on our payroll. And I'm not sure who you have, but that's that's not our problem. And and they'll just leave you in the dust. Like, do you see it that way, too? So yes, you were spot on. It was essentially one level removed. And the reason I hesitated with my language before about talking about white guy, we refer them as skirt wearers. So, you know, like the Middle Eastern with their, you know, the long garb that they were. So it was your skirt wearer will not meet a Western guy. So there's always a Western guy dealing with a Western guy. That's the language that we would use for these sort of assignments. So since this client has heard that Chris has done some mercenary type work before, they wanted him to come investigate this theft. See if he can help them build a case against the guy who took it. Spot on. And there's parts of the world that essentially are the Wild West. So Middle East, for example, they do not good to give two shits about, you know, the law or that sort of stuff. So if they need you, you need to hack into a bank to get the money returned. Although if you need to hack into a company, do it. It's it's normal. And when you're dealing with like government sponsored stuff, it's normal activity for them. So don't don't don't want to be don't put your American brain on it. It's think of it as like the Wild West. Now, typically with a penetration test, you are given a scope, you know, like you can hack into this stuff, but don't hack into that stuff. But he wasn't given a scope. He was told by any means necessary, conduct your investigation. And on a typical incident response, you'd be given some internal network access or at least access to some logs or documents to comb through to figure out what happened. But here's the problem. All this company knew was that they gave this money to an investment firm and they didn't get what they expected. So they wanted Chris to pretty much do the incident response by getting into that investment firm and combing through their logs and documents to try to find proof that they did misappropriate this money or steal money or steal intellectual property. So really, all they gave Chris was this suspected company's name and the people who worked there. They were like, here's our suspects. We don't have any other details. No, they we got a list of names. So those eight names and what information they knew about them, whether it be phone numbers, personally, my address is working, my address is the name of the company, nothing else that was completely then, you know, earn your fucking money and get in by any means necessarily. So the names you were given are the employees that work there? Some in the company and some outside of the company because the theory was the money was going into this company and then going out to another company, another investment firm that was essentially going to steal the IP from the subsidiary and then launch another iteration of that with the IP and the funds that was coming from the original investment company. And so what are your first steps? What do you get going? What do you do? Yeah, so the first step was we had a number of targets. It wasn't a single target. We had essentially eight targets on our list. So essentially, we essentially map out the person, you know, the Internet dumb research on who this person is, how they how they live their lives. You know, LinkedIn, you know, social media, all that sort of stuff, getting that sort of information, obviously phone numbers, email addresses, physical addresses and stuff like that. And then plan an attack. Like, who are we going to go after first? Are we going to go after the prime target first? I'll use the guy Bob, Bob and Alice. It's an easy one to use. So in this case, we were the prime target was Bob, but we had all these other targets like Alice and Jane and all that sort of stuff. And maybe we don't go after Bob first. Maybe we map out these other people first. So when we do an exercise like this, and we're talking big money, when we do exercises like this, we own, we don't just send like a blind email and then just like, oh, you know, they're on choice or we got in successfully. So we'll essentially own their whole world. So we talk about level one, level two, level three. So level one is there in a circle, you know, in this case, Bob's wife, Bob's kids, so that sort of stuff. Then you have a layer two, you know, things like accountants, lawyers, gyms, all that sort of stuff, level two. And then you have the three, like the affiliates on the outside. So we might target, in this case, we would target level three, level two first. And when I say target as in own email, so you could actually, if we sent an email to Bob, he would reply to it and wouldn't think it's dodgy. If that makes sense, not from, you know, dodgy idiot at gmail.com. It's actually a real person. So we would target level three, level two. And then once we're comfortable with all those assets, now, I know that sounds like very exhaustive, but when you're doing these sort of gigs, those level two, level three come in handy down the track. Whoa, this guy is serious. I've told you many times, don't open attachments on emails or click on links from texts from people you just don't know. But what Chris is doing is he's targeting people. This guy, Bob, did know, getting into their emails and their network first, so that when it's time to target Bob, he'll be sent an email from someone he does know. And perhaps even a document that he's been expecting. Like, for instance, if you get an email from your doctor with the lab results included, that would likely be an attachment that you would think is safe to open. This is the kind of stuff that Chris was trying to do to avoid any suspicion that Bob is being hacked into or spied on. This, to me, has a level of sophistication that I'm impressed by. Yeah. So what made you interested in Bob as opposed to the other seven? Bob was a boss. So he was the CEO. So essentially he's target number one on our list. Like, you know, if you've got like a deck of American deck of cards, he's like the ace of hearts, if that makes sense. Mm hmm. OK, so you were going to start with him. And if you need more information, you go down the line with the other. Actually, no, we didn't reverse order. Maybe I talked about we do like a level three first, level two, level one. So we essentially start bottom up because we want to have what you don't want to send like a blind email. You need to understand. You need to read the emails and get the personality of Bob before you approach Bob. So you need to know, you know, Bob's dealing with Jane. What's the normal language flow between Bob and Jane? So you compromise Jane, you get the, you know, the from emails from Bob. So you can see the language and what time of day emails get sent, you know, that sort of stuff. So we do not do the first hug until last, if that makes sense. So as Chris gets to know more about Bob, he starts hacking into everyone around Bob. Their emails, their computers, their phones, their locations. This allows him to see who's in Bob's orbit and how does communication look between them? And at the time, Chris had some really nice vulnerabilities and Adobe PDF reader and would send emails to someone and getting them to open the PDF. And that would allow him to install a remote access Trojan, get access to their computer. Yes. So in that case, the Adobe was enough to get, you know, probably four or five of the eight people and also the subsidiary. So a lot of the fantastic listeners will know that, you know, once you've got remote shell, there's pretty much game over that. Things like keyloggers and stuff like that. But the more complex thing is that we did is we didn't have access to the investment firm that Bob was moving assets to or IP to. So so it was time for plan B. Plan A was to hack into the laptops of the employees of that company. But even though he could get the Trojan installed, he just couldn't get a connection into their machine when they were in the office. So we wouldn't get their shell. We wouldn't get the shell returned to us. So it was either some sort of egress back filtering that we couldn't get an open shell. So we would have PDFs being clicked on, but we couldn't get a remote session from the target. So we had to go. What's supposed to happen here? Is it is it Metasploit that you've used? So yes and no. In this case, we would use Metasploit as a pentester, but we would do our own custom PDFs that we would run against AV. So we would upload it against, you know, the entire virus to make sure that nothing picked it up. And so we would send the PDF off that when it was double clicked, it would then remote connect back to us on a port for Hothory, whatever, that we thought would get back through an egress port back to us that would then essentially have a listener like Metasploit, but we would have our own listeners listening in this case. He wanted to get into the company's network. He was hoping there he'd find some file servers or something which could offer him more evidence of what got taken. And this company was a small investment company and didn't have a dedicated office, but instead was working out of a co-working type space, kind of like we work. But to break into an office in another country, you really need to come prepared. You need all the plans, plan A, plan B, plan C and escape routes to. This isn't a mock exercise. This is playing for keeps and potentially very dangerous. The first plan never works. Like it's just one of those things in life and they never work. So I think for Darcy's side, man, that was the one-in chance. So you're right, multi-gear. So it's one of those things you have to plan for the worst. The goal was to get access to this company's network. But where's that company's network? And how do you get into it without being caught? This is where the more you know about that company, the better. He discovered this company had a Wi-Fi network set up in the building. And what's more is the Wi-Fi they were running was using WEP encryption. This was years ago when WEP wasn't so uncommon. Today, we use WPA, which is much more secure, but WEP had some vulnerabilities. If you could get a radio near the WEP Wi-Fi router, you could intercept enough beacons and packets to get on their Wi-Fi network. So that was the goal. Get in the building, get within range of their Wi-Fi router and plan to device to listen to and capture the WEP packets. We actually had to do custom built stuff. So, you know, I got an Italian motherboard. It was like the tiniest motherboard at the time and then built up my own a Linux stack with Wi-Fi hacking and things like, you know, party and reverse the shelters like Plink and stuff like that, that we would use that we would plant close to the VC firm. So he loads up his kit full of cool gadgets and flies over to that country. You got any sort of way you dress up when you go out to these things? Just just look black or blue suit with a white shirt and tie. Like it's just it's just even if it's 50 degree heat like in QA, you just that's what you wear. That's not what a black hat hacker looks like. I know, I know. Exactly right. And so, yeah, so hoodie, all that sort of stuff, that doesn't command respect over there, but suit guy over there in their eyes, respect. He goes to the office building and starts planning out how to get in. That's the easy part. A white guy in a suit with a laptop with, you know, someone holding like lots of books, someone like the door for them. You know, like it's one of those pen testing stories that you probably heard a million of that. That works in the US or even in Australia. But if you're a white guy walking into a place with a bunch of people that don't look the same, you're not now you're out of place. You're thinking is right. But when a white let me let me show you. Middle Eastern companies like a Western are in there because these people have been trained outside of the Middle East. We trust them to be to, you know, Cambridge and MIT. All this stuff. So it comes with an air and an inherent trust. So you're right, Jack, you're thinking is, oh, you know, the white guy sticks out of place. But no, over there, a white guy don't you do what they say. Because if you've done any work in the Middle East, they employ, you know, the best German engineers and the best English, you know, finances and stuff like that. It's not unusual for a white guy to come in pretty much run the show, if that makes sense. So he's led in the building, no problem. And it's a co-working space, which means there's a lot of small businesses working out of this building. And he can use that to his advantage because everyone is used to seeing strangers roaming around. Getting access to the building was really easy because it was like you said, it was a co-working space. And then finding out that they were on a floor that had one of those communal kitchens. Like for us, it was like easy as I didn't have to get past, you know, a reception or someone, what are you doing here? It was essentially, you know, I'm going to making a coffee, pulling the microwave forward, sticking something behind it. And then boom, we had a device planted in to get this last VC firm. You said we a few times, who else is on your team? Yeah, we're not talking about owning level three, level two, level one targets. I mean, there might be 20 targets behind the scenes. So we're talking about, you know, Bob's doctor, Bob's lawyer, Bob's accountant, Bob's gym, you know, in an extreme case, it seems like Bob's bank, you can't do that all by yourself. I mean, that would be a year long exercise and it's not worth the effort. So I always work in a team to do these activities just to make that load easier, if that makes sense. OK, so it was fairly uneventful getting in, but he managed to slip in, go into their kitchen, go behind their microwave, plug in this little computer with an antenna and then slip out of the building. Now him or his team can access this little device remotely because it has its own cell connection so that he can just access it from anywhere in the world. Their first goal is to get on the Wi-Fi network. To do that, they're going to have to crack the web protocol. They log into that little device and fire up a tool called AircrackNG. What this does is it intercepts as many Wi-Fi packets as it can. If you think about it, Wi-Fi is wireless. So the packets are just flying through the air all over the place. It's pretty easy to tune your antenna to just see them and grab them. Today's modern WPA protocols make it so even though you can grab the packets out of the air, you can't see what's in them. But with web encryption, there are vulnerabilities in which you could grab enough packets to be able to decipher it and get into the Wi-Fi yourself, which is what they did. After running AircrackNG long enough, they got their little device on the office Wi-Fi, which now they have a little machine on the inside, giving them an inside look into their network. A network scan shows them a few devices that are there. And then they look at what ports are open on those systems. And then they can guess what devices those might be. They find a file server, which employees were using to store documents and such. And remember, this is an investment firm. So they're managing a lot of money and have to maintain relationships with people and know which businesses they are invested in. So all this must be documented somewhere. And this file server was exactly where it all was. That's correct. And then we had access to file servers and stuff like that and email servers. And that's how we got into that company, that we couldn't get in through the whole remote PDF stuff. At this point, Chris has a huge amount of visibility into this investment firm and the suspects who might be stealing this money and intellectual property. He's got a ridiculous amount of listeners in place, full access to the network. Like he can look at all the files on their file servers and email servers, full access to some of the suspects computers, to remote access Trojans that were put on there. He's able to see every email in and out. And he also has keyloggers on their computers. So you can see what their usernames and passwords were. But he also has access to emails and computers with people around the suspects, family members, friends, doctors. He's also looking to see what kind of bank accounts these people have, just in case he needs to get in there and take a look to see where money is going. So with all this access, he starts finding stuff that the client might be interested in. On file servers, you'd start seeing folders, like a folder. And then we're talking about in the investment firm, you would see like, you know, bobs, and then you would see things like IP and stuff like that, which we would then run past our clients saying, is this the sort of stuff that you're worried about leaking into somebody else's hands? And then we would send that to our handler who'd say, yes, no, yes, keep targeting that sort of stuff. So you start starting building a picture. And I mean, this exercise went for a long time. I don't want to exaggerate. I think this one went for nine plus months on this exercise. It was just a continual stream. So over that time, you're reading every email back and forth. And so you would get all that sort of information and learning how they speak and how they think and proper language. So you start piecing the puzzles together on what this guy is actually doing. And because I'll say this, we don't give a shit what he's doing. It's essentially, here's what he's doing, client. Is this what you want? Is this what you suspected? There's no emotion. Like, we didn't give a fuck. Is this the job? And then we would give that, say, yes, no, how do you want us to proceed and then go from there? The client kept telling him he's on the right track. Keep finding more details and send them over. And like he said, he maintained his access for quite a while as he gathered all this info. But he doesn't want his presence to be detected. So he has to be very careful not to be seen. So essentially what we would do with a blackout exercise, we might compromise, say, eight targets around the world and the last hop would be from the home country. So, for example, we might compromise a hotel in Pakistan and an Airbnb in India. And then another country, now, these countries don't participate. They don't do forensics with each other like they're essentially at war with each other. So you would pop your traffic cross seas. And then the last hop would be in this case, it was a Q8. So essentially the last hop before the target would be a Q80 IP. And we actually owned the telco at that stage in Q8. That was a, essentially didn't really matter. Just a Q19. What? My gosh, just to just to log into their Gmail, you're like, wait, we can't do it from Australia. Let's let's get over there and log in from there. I'll tell you what, I got a plan. First, we're going to hack into an Airbnb in Pakistan. Then we're going to hop over from there to hack into a telecom provider in that country. And then from the telecom provider, that's when we're going, that's so crazy. Yeah. And so it's great. So when you talk about like it, when people talk about like a little black book, we would essentially have a network of these compromised targets, not the telcos. Let's leave the telcos. We would have a network of a path we could use when we want to do a hack job. And we're not doing it from the local McDonald's or from your home, for example. So we would have this rotating list of our own proxies, not tour or anything like that. We do our own targeted proxies that do the hops that we want. Like we definitely want to do India, Pakistan, Sri Lanka, Bangladesh, because like I said, I hate each other. So there's no, oh, can you give us your diss for this activity? Like it's not going to happen. So we would use the the the the walls of the world to benefit us. So that would be our black book of targets that we always have. And when we're not working, we would essentially find these targets for our next assignment. So you always have that little black book of like he's talked about before tools. We would have compromised targets around the world that we were going to bounce off. The telco was just having to be something that I love working. I love hacking telcos. So it was one of those things that was going to come in handy. Gosh, so to carry out a task like this, he has to spend quite a bit of time and resources finding vulnerable systems around the world so he can hack into them only to use that system to jump over to another computer in the world. This way, it's impossible for anyone to track his route back to where he came from. But also think about the fact that he has that little computer behind the microwave in the office that he's targeting. It's on the same Wi-Fi as the people in that office. So he could use that computer to log into things like Gmail, which would appear to be the same IP those people are typically logging in from, making Gmail think this is normal activity and not alert the user. After a while, Chris had collected and delivered enough evidence that the client called the police. Yeah, so the evidence was essentially what they suspected that both money that had been sent to the company to build the company was being moved to both personal accounts and to the outside investment firm, as well as IP that was created in the business. The subsidiary was being moved to another investment firm as essentially our collateral, our moat, for example. This is the data. So how do you find that? Or what was that smoking gun that you found? That was everywhere. These guys are operating like again, the world where so operating the emails, both Gmail, both company emails, file servers, everything. It was just that evidence was everywhere. I mean, it just took a while to put it all together and connect the dots. But yeah, and remember, that was not our job. Our job was to present what we found. And then they went to the go, is this because we don't care. Like I said before, I don't want to sound non-issue alone, but is this your shit? Yes. No. Do you want us to find more shit? No, we have all the shit we need. Go do your job. I mean, that's how we operate. Because again, it's not personal. We don't care what the information is. Is this the right shit or are we on the wrong track? We just need to know. Now, the payment for this, was it sufficient? Because I can imagine them saying, here's a briefcase of money. And then you're like, well, dude, that was OK. We've been working on this for three months. You know, if you want us to keep more, we need another briefcase. Yeah. We don't. How we operate is we'll have a initial fee, a finalization fee, and then we will have what we call an ongoing fee. So, you know, the jobs like this we'd like to have over within a month. So initial fee, completion fee. But if you want us to continue monitor these eight people and this outside company, you're going to have to have a monthly charge, almost like a subscription model where they would pay to find out what's going on in these people's lives. So you don't want them to think they're idiots. So you put a you put a quote in front of them and they'll say, we agree to that quote, you better stand by that quote. You know, like if you want referral jobs going forward, like if you said half a mill or a mill or two mill, whatever you quote that you stick to that, you don't say we need more. Like you make it crystal clear. Because this is again, this is repeat businesses that you want. Yeah, I'm just starting to put the picture together of like how much you charge versus how much they're losing. It's worth more to them to pay a million or two million to you. And if they're going to recover, what how much money do you think was was being stolen here? In this case, I know exactly how much money was being sold. I think it was two points five US or two point seven five USD a million dollars in this case. But you got to think when when you're in business, Jack, I know you're in business. But when you when you're working with a customer, their initial first year spend might be let's say it's half a million dollars for the initial spend. Once they see how useful you are and then you do repeat business, it's like it's an investment for them. They're always investing shit. So they always want to use your services down the track. So you might do it's a bit like a drug dealer. Like you might give them a taster for half a mill and the next job is going to be worth two. Like, you know what I mean? Like you just they know your work and know your style and then you know, you're going to get repeat business with with with higher stakes. I mean, he's dealing with wealthy people here, billionaires, oil money. Yeah, if he can prove that he's the go to person to these folks, yeah, this could be long term customers of his. And in this case, they were very happy with him. They got enough evidence to take action on this thing. They got they got lawyers involved from their side. They had to be really careful about what they presented to the lawyers. But it was we believe XYZ and then get the police to arrest the the ringleader Bob at that moment. And so that was essentially their goal to get him in jail because they took it personally that they were like I said, you got to treat them with respect. And if you disrespect them, they get really a motive. And then for them, jail was the worst case of action for them. OK, stories over, right? They they found you found the thief. They put them in him in jail. Yes, so Jack, so he's not over there. That's this is where it gets exciting. Stay with us. We're going to take an ad break, but it's going to get exciting after that. This episode is sponsored by Ripley. Let's face it, any AI can give you business insights, but Ripley gives you AI that takes action across your global workforce. So what makes them different? Ripley AI is built on your live global workforce data. It's one platform giving you one unified source of truth with HR, IT and finance connected from day one. This means they can operate with the full context of your live business, surfacing insights and taking action using your org chart and comp history and device inventory, even tenure and so much more. This means you can ask Ripley AI something like, who are my top performers this year and instantly receive a report supported by your data. It can take this report and suggest a retention strategy, turning insight into action. Don't settle for AI. That's all talk. Head to Ripley.ai slash darknet and get the only AI built to give you full visibility across your business and take complex actions across your entire organization. That's Ripley spelled R I P P L I N G Ripley.ai slash darknet. Sign up for exclusive access today. There was enough evidence to prove that the sky Bob stole the money and the intellectual property, but they told Chris they were worried about the money. The customer worried that Bob was going to use that money as a defense. He was going to get on all these bloody Shapiro lawyers to fight his case and use the funds that he'd stolen to fund that exercise. So they asked Chris, get us back that stolen money. Do your job as a hacker by any means necessary and return the money to us. Which in my opinion is crazy because why not just have the police return the money? They didn't want to wait because you're thinking American system, not Middle Eastern system. They didn't want to fuck around with that sort of stuff. They didn't want to go through. We want the money. You know, we want this. We want, you know, and then put a brief together stuff like that. They don't roll that way. So his objective was clear. Get into this guy's bank account while he's in jail and move the money out. This job has essentially turned into a bank heist at this point. And it seems to me that Chris doesn't have any moral concerns about robbing a bank. No, no, no. And Jack, I've listened to a lot of your your sessions and that comes up quite a lot. I don't have that boundary. Does that make sense? So for me, so OK, so this doesn't make sense just economically, right? So if somebody pays you $50,000 to go get a million dollars out of a bank account, why don't you just go get the million dollars and be like, you know what, I'm forget you. I'm just going to go steal my own money. I don't need. And that's actually happened on jobs before where you take your share as well. But you. So in our case, remember, we were returning the funds. We didn't return the funds and a little bit extra. Yes, we could have taken money from somebody else's account, but that raises flags if in case. So we were essentially returning the money that was stolen. So there's no actual victim. Does that make sense? The money was returned to the rightful person. But yeah, it does make sense. OK. OK. And remember, we're after repeat work and word of mouth, which is how you work over there. It's like building a business. OK. So you accept this job to get the money back. Now, how do you do it? How do you get the money back? We compromised the bank, which was pretty easy. So we essentially use the same sort of techniques of, you know, PDFs inside, going to the core banking system, finding out, you know, the internal weather, internet banking web servers were replaced in the front page to actually log all the user names and passwords and two factors. And then we would have a log file of all the user name passwords and two factor. So what he just said was that he found a bank employee, sent him a phishing email, got them to open a PDF, which planted a Trojan on their computer. And then he was able to get into their computer. From there, he hopped into the server of the bank's network. And from that, he was able to find the front end web server for the online banking and he configured the online banking site. So that anyone who logged in, their username and password will be stored in a log file so that he could see it. But on top of that, he was also logging two factor authentication codes that people are entering. This is incredible. Well, he's only trying to get access to a single user account. He's basically accessed all the bank users who logged in during that window while he was watching. I just can't believe this guy. I suppose the question is why are you surprised? Yeah, you talk to people, you know, for years and and, you know, the pen tests that are out there that people can talk about. It's fucking normal. Like you do not, you do know, but you don't believe, you would not believe how shit banks are locally and internationally. Like the shit security that they have out there that is just, you know, if there was more bad people in the world, there'd be more banks getting done. Well, I guess maybe that's why I'm surprised is because the hackers of the world is the immune system for all these banks, right? And so what, you got a shit security bank. So OK, well, there's million hackers out there that are going to fix that for you real quick. Yeah, exactly right. And the thing is, Jack, you might have a million hackers. You know, 800,000 of those are just like new to the industry, you know, the zero to five. And then, you know, if you then look at the like the bulk of people who are wearing the banks, you know, there's, there's, you know, I'll just say a thousand for arguments sake, but it's a smaller number that you need to protect against. But Jack, I've seen some banks that where I've gone in and I've gone into A day and have a look at, you know, Joe Smith. And it has the description of where they work. And what they put in the description is the user's password. So, you know, password one or password two thousand in clear text in the descriptive field of the LDAP field, because when someone rang up and said, oh, I forgot my password, they just read out the description tool from the LDAP. And I couldn't fucking believe it. So they would have everyone's password on the list and just read off it. And anyone knows anything about LDAP, you can just query that. But that's the shit that we see as a pentessa and as a blackout. Well, we've done, we've done banks, Jack, where we've seen other hackers in the in the bank itself, like it's just fucking hackers right beside us. Wait, then you're like, hey, I recognize you. I've seen you at DevKind. Exactly right. And the video, the video stuff like that is you work around each other. No one wants to lose. This is like a, this is like that Beastie Boys video, Paul Revere, you know, that song where they're just hanging out at the bar and then suddenly the one guy's like, I'm going to rob this place. You want you in? Yeah, I mean, let's do that. Exactly. And you don't know why they're there. You don't know if it's government, you know, if it's, you know, other hackers or whatever it is, you just work around each other. The beauty is if you do find tools that they're using, you take a copy of those tools because we can then use those tools to plant on another target's side so they get the blame for it, not us. So, you know, you look at the techniques that they're using, whether, you know, today we use APT groups, stuff like signatures, you'll create those signatures and you'll plant them somewhere else. So you might, you know, compromise a target, you know, format the disk before you format the disk, throw the tools on, format it. And then all of a sudden, you know, some, some, you know, deloitte guy, you know, runs in case and goes, oh, I can see some deleted toolkit. Must be this group. And then they get the blame for it. Oh my gosh. Did you hear that? If Chris really wants to hide his tracks, he'll plant evidence on servers, which makes it look like some nation state hackers were there, which throws off investigators who are on his trail. And he only knows what tools that some of these other hackers use because in the past he spotted them on the same servers that he's hacked into and watch what they've done. Okay. So you got to the, you got to the web page. You were able to see this target, Bob's username, password, two factor authentication code. And were you able to log in and transfer his money out with this? No, because when you did a transfer, then asked for your two factor authentication code again. Now the, the, the problem we had is fucking Bob's in jail at this stage. So he doesn't have access to his texts. Oh, right. How's he going to do online banking from jail? They managed to get his username and password and were able to log into his account before he went to jail. But there's this problem with the two FA code now. So the, uh, when you go to wire the money out, it asks you for another two factor authentication. This bank did. Yes. And you didn't have a way to get that second one. No, because we, we'd had the session live. So we, we kept that into that session live. So it wouldn't log us out when we got access before he went to jail, but when it then asked for another transfer, it did it like, oh, you need another code to do that transfer. So we couldn't move that money out. You're insane. Okay. So plan A failed. Um, how do you, how do you do it? Yeah. So plan A filed, and I don't want to sound like a glasses are full, but it was enough to prove that the money was all, not the whole money, but a good proportion of the money was still there. Bob obviously had me had some expenses. So, um, so at this stage, remember, we'd already compromised the bank itself. So it was just essentially going in as essentially as a teller. Then when you're a bank teller, your body knew what the fuck you want. So, uh, any bank teller doesn't have the rights. You can be treasurer. Look, we already owned the bank. He can move up horizontally vertically to get the, the guy's access to move the money. Huh. Interesting. If he can pose as a bank teller, get the access they have, they have the power to conduct any transfer they want. And keep in mind, Chris spent 10 years working in the banking sector. So he knows exactly how banks operate. Well, step one comb through the directory of employees, find which ones are the tellers and find which ones have remote access to the bank where they can do like work from home stuff, maybe like phone support or something. Then grab their username and hash and crack the hash. And now you can log in as that teller and move money around, which is exactly what he did as a teller. He transferred Bob's money out into another account. So remember we talked about 2.75 and I was fumbling over the 2.75 and 2.5. Essentially, we recovered the 2.5, but the original was 2.75. 2.5 million dollars were taken from that guy's account while he was in jail. Crazy. This is a black hat bank robbery type stuff. Now I'm starting to put it off together on what he means when he says he doesn't care if he does illegal black hat type hacking. He's like a mercenary hacker for hire, you know. And maybe that makes him gray hat. Well, yes, it's illegal, but he's helping someone find a bad guy. But what I don't get is why the bank didn't raise alarm bells from all this. Like if 2.5 million dollars got transferred out of the bank in a very suspicious manner, you'd think they'd launch a full on investigation, like bring in the teller who did this transfer and ask them a bunch of questions and look through the security logs for any unusual activity. And if they notice all the usernames and passwords are being stored in the logs, then that's a data breach that should be disclosed to their customers and maybe impact their share price or something. Yeah, so you raised good points. In my world, there's people to make transfers disappear. So in my world, I can contact I've got bank accounts that I can use that can be scrubbed on the other end in the SWIFT network to say that that didn't exist. And then it goes through a laundry process where that money is cleaned over a nine month period so that money gets returned. So in there, the answer to your question is in Bob's case, no one gave a shit. Bob's had money's count and body money was returned. So there is no victim. Does that make sense? Like Bob stole the money money got returned. There's no one who injured the bank. Where's my money? Huh. Since nobody complained, the money was stolen. Then maybe nobody ever investigated this, which means they don't have to hide the money trail either. Like he was preparing to wire the money to a bank where he can launch it and have it come out clean. But since this money rightfully belonged to the client, they didn't think he needed to go through all the hassle of cleaning the money. No, in this case, we didn't need to. It was just transferred back to the investment firm. So it was just like from Bob to investment firms, being returned has been misallocated, misappropriated, and it's been returned. How wild. Somehow this all slipped past the bank. I mean, perhaps later they saw this, but never came public about it or reverse the transfer. And maybe it was because Bob was in jail and never complained about it. Or maybe they wanted to avoid embarrassment of being hacked. Or maybe it was because they saw where the money went and it was to a very influential person who they didn't want to disturb or ask questions about. Or maybe they did ask that person questions and that person simply said, yeah, the money was stolen by Bob who's now in jail. And here's the police report. Thank you so much for reversing the charge. It's this whole thing's just got my brain up in knots. In this method here, we could have created a flake teller and then, you know, just, just, you know, just done a copy user and then replace and then just done the transfer that way. But we knew we didn't have to. The fact that the customer just wanted their money returned to their bank account, not a washing station, like a laundromat, then it was just, that it was just, it gives a shit. Like we didn't have to do any, we don't have to delete the user. We didn't have to delete the transaction. I guess what I'm wondering also is like, if this is, if this is going back to the appropriate person, then why can't I mean, the person, your, your, your client is a very influential person in the region. Why can't they just go to the bank and be like, listen, I found the guy who stole this money. We need to reverse the charge. Just do this. This is a legitimate reverse. That's a, that's a, that's a great question. The, what we, what, what we, all I can tell you is what we were told. We were told they were, they feared that that money was going to be used, if the money was there, which it was, if the money was going to be used as in a court process, like it was going to be a string out two to three year court trial, and they're going to use those funds. So the time that they got that money back, they wouldn't, you know, the bank said, you know, you need a court order. Can you prove it? Blah, blah, blah. They will wait about that. Now, whether they could have just, you know, overridden that, I don't know, but in their head, that's what they were worried about. So keep in mind who we're dealing with here. This guy we're calling Bob has the guts to steal money from an investment firm owned by a super rich guy. Even though Bob got caught, he's still pretty smart. So he's probably got a plan for when all this goes wrong. So it's important for Chris to keep eyes on him as he goes to jail. So he watches who Bob is messaging and what's he up to? He's a kind of guy that I actually have respect for this guy, because he's pretty cunning. And because I've been reading his emails, I knew him so well inside and out. You know what it's like when you're reading or maybe a no check, but you know, when you read someone's emails, you know, you have a you have a relationship with them, whether they don't know it, but you actually know them inside and out. So Bob's quite crafty for Bob. Bob used that I am Bill Carrth and he worked with his doctor to get a bail hearing that he could get out on bail while this case is going forward. So he was essentially in jail for a week. And then the doctors wrote, you know, my client is sick note, which we could verify because we talked about level two and level three. We had access to his doctor. So we got to see what was going on that he used his use his doctor to get to get to get out of out of jail after two weeks in jail. What happened is we were reading some of the emails when he was in jail, obviously, in the outside of jail and his language changed. He almost like he was putting it on, you know, like when you're an actor, you act and when you're not acting, you look like an idiot. And Bob was essentially looked like he was acting in his emails. And I said to the customer, this is not normal emails that he's sending out. It's like he was going on fishing trips. He was planning a fishing trip and, you know, they kind of never been fishing. You know, it was all these sort of I'm going to be here at this time. And it was too much information that the thing I think, you know, he's on. He knows that you're we're reading his emails and he's he's putting it on. And I said, look, what this guy's a flight risk and they since he went, no, no, no, no, he's fine. We got his passport and blah, blah, blah. So because Chris had such a deep level of visibility into Bob, he watched him closely to see where he was going. Bob didn't actually go fishing. He was smuggled across the border in a bloody burka. And we tracked his headers of his IP saying, look, the guy's not even the fucking country anymore. You guys think he's there. He's not. He's in a month. So, you know, all this shit talk about, we've got your passport. He's not going anywhere. And he actually escaped the system on a second passport. Because this was in real time over maybe a 12 hour period, I'll say 24 hour period. Essentially, the guy was moving fast, you know, car. He was in a car. Well, we later found out that he was in a boot and then he went into the backseat with a burka and then he went hop to border and then got an he had another passport and then he used that. But because we had the IP headers, we could see where he actually was. Like he was not saying he's stupid because a lot of people don't in that world don't understand IP headers. But you were in his phone. No, he was sending emails out from his device. OK. I will make that clear. Normally we do get into phone, but this case wasn't a phone. It was just email headers, not IP. Don't get me wrong. And I don't want to talk about this, but sometimes we all send a ping packet. So you get the odd SMS and you know, Jack, you get an SMS and you'll click on it, you know, your UPS mail is late. You click on it and go, it's just some fucking scam. It's awesome for my username and password. But what it does is just tracks your location from your phone. We use that a couple of times on this project. But it wasn't a tool that was it was needed. Does that make sense? We had enough from the IP headers that we didn't need a GPS location. Once Bob left the country, there was nothing Chris's client could really do about it. So they said, thanks for letting us know. I guess that's it then. Here's your final payment. That's the end of the engagement. Um, weird question. Have you ever killed anybody? Well, only virtually. Yeah, virtually. Oh, the answer is going to be no on this podcast, Jack. Have a birthday. Now, my birthday. Anybody that's another story. You have many kids. I have many kids. I have many kids. See, the thing that put Chris Rock on my radar is a talk he gave at Defconn in 2015 titled, I will kill you. And in this talk, he explains exactly how to use hacking to kill someone. Part of my career as, you know, a pentester, mercenary, you know, scene founder is research. And one of my first Defconn talks was I was watching the news in Australia. And one of the news report was a hospital had accidentally sent out 200 death notices instead of 200 discharge notices. And I went, what the fuck? How is that even possible? And then let me down the rabbit-worn of researching the death industry, the medical component and the funeral director component on how the system has moved online and the flaws that involved where you could actually physically create a real person, like a fake person and how you could kill them. OK, so walk us through this step by step, how to kill someone. Yeah, so in America, it's very similar around the world. But in the US, they have a they used to have a paper based system where the funeral director would fill out half form on how the person died or where the person died, like where they buried and all that sort of stuff next to kin. And the doctor would fill out the first part of the form, which is the cause of death and those sort of details, name of the victim and then how they died. That one piece of paper would go into essentially the birth, death and marriage system, and then that person would be declared dead. What's happened now is that's moved online. So essentially when somebody dies, the process is the doctor will log on to a US system called EDRS, so log on with their username and password and actually put in what caused the person to die or a poem, a poem, embalism or whatever, a heart failure, that sort of stuff. And then that information would then pass to the funeral director. Funeral director would complete their part again, username and password to log in. And that would form the essentially the death certificate in the EDRS system. Now, the floor in the system is both the medical and the funeral director component is essentially if you want to be registered to declare people dead, you essentially put in what your license number, your medical license number and your office address. Now, if anyone's looked up a doctor before to see if they're a real doctor, that all this shit's online. There's databases all around the world to say whether your doctor's license and practice, their registration number and their office number. So you could register yourself as a doctor and then you could then you could actually kill somebody off the first part. And again, with the funeral director component, it's pretty much the same as a doctor where you can declare yourself a funeral director and form the second part of that form and to kill somebody off and get an essentially a death certificate. And why would you want to kill someone? Well, there's multiple reasons why you want to kill someone. First of all, if you want to kill your parents, for example, like you're waiting for their will, but they're not giving you the money, you can actually kill them off. You could kill your boss. You know, your boss was being an asshole. You could kill him just to fuck with them. Or if you're under investigation, so, you know, you've got prosecution and judge and all that sort of stuff, you could actually kill them off to make their life more difficult. You're ridiculous. And so you're saying you're saying this flaw in the death system can also be done in the birth system? Yes. So it's exactly the same. Well, it's a different system, but it's exactly the same as EOS for death. And you need two parties. So you need the doctor or midwife and you need the parents. So then, you know, the name of the child, the weight of the child and stuff like that. So the two parts would then make the birth certificate very similar to the funeral director and the doctor making the death certificate. So and if you have a home birth, you may not even have a midwife. So it's something you actually done by the parents. And so once you have an online system, you have a birth certificate, that person's then born. So in theory, you can create fake children. And then when they hit a certain age, you could kill them off and get their life insurance and build up their credit and all that sort of stuff. You do both of the things. Well, I was I really like this idea of making a fake persona to use as a second identity in case I'm I'm I'm I've embezzled some money from a Middle Eastern millionaire and I need to leave the country. Exactly, Jack. And you think and what have won when you can have a hundred? So you can have a hundred fake people that have different credit. And so if you screw up your life and you go to jail and you have to come out and you go get another job or whatever, you have another clean identity, like another virtual ID. And it's real. Like it's not it's not like someone entered it in the back end. It's actually registered person that you can have. You know, I suggest you keep yourself looking young because you might create someone who's zero. And then but there's little flaws in the system as well. And I may have mentioned that they don't want people going through life without being recorded. So you have up to the age of five to get yourself registered. So if you have you can take five years off your virtual person by register them five years after they're born because they want to capture people as they go into the school system and they don't want them to be prevented from going to school or getting driver's license or stuff like that. So you can you don't have to register a baby at zero. You can register them at five as well. You know, when I saw you do this talk at Def Con, I was so surprised that the governments haven't like knocked on your door and said, hey, would you shut up about this? You can't just go making killing people and making babies that are not real. You're you're teaching people to do bad things. Yes. So the government haven't done shit even since my talk. Now, my talk was done nine years ago, Jack. So those same flaws exist today. Nothing's changed. If you're intrigued to know more about how to kill someone like a hacker, go to YouTube and type in Chris Rock Def Con. He actually has given three talks at Def Con and they're all phenomenal. And the second talk, he explains how to overthrow a government. And I have a sneaking suspicion that he's actually done it or was very much involved with overthrowing a government in the past. Let me know if you liked him and you want me to have him back on and tell that story. And his other talk is about how to bypass radio jammers in case someone is trying to jam your cell phone and he'll show you how to get through it anyway. A big thanks to Chris Rock for coming on the show and giving us a good story. Come join our discord. You can talk to a lot of people who are fans of the show, but it's also my favorite place to hang out. You can find us at discord.gg slash darknet diaries. And on November 19th, we're going to be doing a t-shirt giveaway so you can win some cool darknet diaries swag. So come on over to discord. This episode was created by me, the script, kiddie it. Jack Recyder, our editor is the captain backspace Tristan Ledger, mixing done by proximity sound and our intro music is by the mysterious breakmaster cylinder. Hey Siri, why am I so bad at women? My name is Alexa. Damn it. This is darknet diaries.