< return

America’s Most Wanted Cybercriminal

October 31, 2022
ep
77
with
Brett Johnson

description

This week our guest is Brett Johnson, who was listed on America’s Most Wanted list in 2006 for cyber-crime and who the secret service once declared as the “original internet godfather.” Since serving his jail sentence and leaving behind his criminal past, Brett has become a leading consultant on tech security, now helping people learn how to protect themselves against the type of person he once was. In this discussion, we explore a wide variety of topics, including social engineering, deceit in the security sector, common hacking vulnerabilities, the legal abuse of data and privacy by big corporations, digital IDs, the future of deep fakes and brain computer interfaces, and a whole lot more.

Follow Brett's work at anglerphish.com or at twitter.com/GOllumfun

**

Host: Steven Parton - LinkedIn / Twitter

Music by: Amine el Filali

transcript

The following transcription was created automatically. Please be aware that there may be spelling or grammatical errors.

Brett Johnson [00:00:00] The perception of truth is more important than the truth itself. We're in an era now where facts don't matter. What matters is, is what? I can't convince someone up. So when you ask, is it the tech or is it the humans? I would say it's the humans that are screwing around, not doing what they need to do with the tech. 

Steven Parton [00:00:35] Hello everyone. My name is Steven Parton and you are listening to the feedback loop on Singularity Radio. This week our guest is Brett Johnson, who was listed on America's Most Wanted list in 2006 for cybercrime and who the Secret Service once declared as the original Internet godfather. Since serving his jail sentence and leaving behind his criminal past, Brett has become a leading consultant in the tech security sector now, helping people learn how to protect themselves against the type of person that he once was. In this discussion, we explore a very wide variety of interesting topics, including social engineering, the deceit that takes place in the security sector, common hacking vulnerabilities, the legal abuse of data and privacy by big corporations such as Cambridge Analytica, for instance, digital IDs, and whether or not they're a good idea. The future of deepfakes and brain, computer interfaces and many other topics around these issues. Now, it's no surprise that Brett was so successful in getting people to trust him during his criminal past, because, as you'll see, he is a very charismatic and well-spoken individual. And this was without a doubt one of the more fun and enjoyable conversations I've had on the show. A quick warning about that, however, is that there is a wee bit more vulgar language in this episode than most others. So if you have sensitive ears listening, just please bear that in mind. And with that said, let's jump into it. Everyone, please welcome to the feedback loop, Brett Johnson. One thing I really want to start with, with you in particular and is the obvious place to start is with your origin story. Now, I know, Lex, your conversation with Lex, you covered a lot of stuff and unfortunately we don't have much time. And you told us about your mom and her, you know, kind of education that she provided you around scamming and hustling and that whole background. But what I'm curious about is specifically the cyber crime aspect. What attracted you to that has a starting place? Was it just that technology, you know, whether it was credit cards or fishing or the more technical scams, just happened to be the most optimal or vulnerable medium for you to play in? Or was there something else that drew you towards that and made you want to get started in that area? 

Brett Johnson [00:03:06] You know, the funny thing with me is that I once made a comment to my wife that and this was this was only probably four or five years ago, that at one point the only thing I used a computer for was either to game or to defraud people. That was the only use that I had for them at all. And there's a lot of truth to that. I grew up. My first computer was a tie, 99 for Texas Instruments, 99 for AA. And the way I got that, we were in Panama City, Florida. My dad, the Texas Instruments, they had stopped making that system and it went on selling on discount clearance. So he waited in line for at a Kmart for like 6 hours to get one for $100 for me. And it was a gaming system was I think it was, you know, it had basic, you know, and if you I don't know if you've ever programed it basic, especially back then, but, you know, you type in the lines, you know, you'd have a few hundred or a few thousand, couple thousand lines and you'd always miss something. So then you have to go through every single line to find out where you didn't put the semicolon. Yeah. And then that was basically what you did in order to play a little piece of shit game for a couple of minutes. That's where I started. And as I grew up, I got, you know, had the Big 20, the Amiga, the Commodore 64, TR, RCA, all those things. I've always been interested in technology, always. And I guess a lot of it has to do with I've kind of always been the outsider to degree, even even now in the industry that I'm in. You know, I'm in the cybersecurity industry. I'm well trusted in this vertical. I'm almost I guess you could call me an influencer because people look for my opinion on things, but I'm also the outsider. The reason I'm able to call out companies and individuals is because, hey, I'm the guy that does that. I'm not I don't really belong to any tribe on the good guy side or the bad guy side. And I think that's the reason that Tech probably appealed to me so much was, you know, I didn't have to belong to any click or group or anything else. And I've been like that my entire life of just I don't like to follow a crowd. I mean, there's been books about the problems I have with authority, but, you know, it's always been that. And I took to it pretty quickly. And the problem is, is that that statement I made, whether it was either gaming or defrauding people, it was mostly gaming to begin with. But, you know, growing up in a household where everyone on that side of the family was involved in fraud, it was kind of a natural progression for me. So I start over, you know, I get a computer and the first thing I do is how do I make money on this? You know, can I make money on this? Because this is right as the Internet, the e-commerce thing starting is starting to ramp up. And it was on eBay. I mean, you've heard the Lex Friedman podcast. Yeah, it was on eBay about me dying Beanie Babies from gray to blue and then ripping people off on that. And that was the first crime. But if you think about that, it was a very natural progression from the types of street frauds and crimes that I was committing under the tutelage of my mom and that side of the family over into the Internet era. It was basically just figure it out. How how can these frauds work online that we know work in the physical world? And it's not really that difficult. What you find out is that trust online is much easier to establish than it is in person and face to face with someone much easier. People tend to trust that technology, and I talk about that a lot these days. You know that idea in order for me to defraud you, to get information, access, data or cash, I have to get that potential victim to trust me. So how do I do that? Well, you've got technology tools. Finally, social engineering. You know, we trust that technology criminals use tools to manipulate their spooked phone calls, spy proxies, things like that. And then finally, once that and that opens a door is the only thing it does. And once that door is open, then we get to see how good of a con man or a liar someone like I am in order to manipulate someone into information, access, data, cash. Yeah. 

Steven Parton [00:07:27] How much of the hacking then or the cybercrime then versus now really comes down to the exploiting human part more than the exploiting machines part? And I always think of the hackers movie when they just call the security tech and they just haven't read off the modem. And it's like just the dumbest thing where it's like this guy doesn't know what he's doing with the technology. He's like, Sure, I'll give him the password access to my system. How much of it is stuff like that where you are just really socially engineering people's trust and working through the human side of things as much as actually exploiting a machine. 

Brett Johnson [00:08:04] Most of it is compromising the human. Now. Now that being said, I understand that and I love the movie Hackers. My favorite hacker movie is Hackers. But I mean, I love it. It's it's great. But that that scenario that you just went over there, that's not too far off. The actual thing is that 41% of every single router has the default password. So it's, you know, that's that's your bank, that's your home. I mean, 41%. So it's not hard to gain access. You know, the problem is, is that. And I was actually reading an article. It's on the debt set dot org page. That's kind of like a Drudge Report of cyber. But I was reading an article about our our security companies basically selling snake oil. And a lot of them are. They really are because, you know, you get 7500 plus security companies. A lot of the mass media out there, they try to paint cyber criminals as hackers, as computer geniuses. That's not the case. The threat landscape is developed because of humans not doing what they need to do. You think about and that's just one statistic that 41%, you know, 90% plus of every single attack uses known exploits. That's nation state attacks. That's little Billy in his mom's basement. 56%. That yeah, that's about 56% of companies have experienced a breach because of third party access. That's what happened with Marriott. So most companies have no idea how many third parties are accessing the system. The third parties that are accessing the system, they're not vetted. So they have no idea what's going on with those third parties. 92% of every attack begins with a phishing attack, and that's straight social engineering right there. So that develops this threat landscape. And then you've got basically very good social engineers, these cybercriminals that come in and exploit that at that point. What you see these days, and that's one of the things I talk about as well. Back when I was committing crime, the people that I was associated with, you know, we had Michael Patterson, Albert Gonzales, Max Butler. I mean, there's a who's who of basic cyber criminals these days. We knew or you had to know really every single dynamic of that attack. So you had to know the security of the company, how the how how you're how the tools we were using worked, how to secure yourself to remain anonymous, how to launder money, how to set up drop addresses. You had to know every single thing across the board. So we were very to that to that understanding. We were sophisticated attackers. We knew what we were doing. These days, the sophistication isn't in the criminal anymore. The sophistication is in the platform. Now you've got cybercrime as a service. You've got off the product, off the shelf products and services that are delivered to individuals who have no idea how they operate, what the security of the of the company they're trying to compromise is or anything else because it's done for them. You can buy a tutorial for five or $10. You can take live instruction classes. You don't even have to do that. You can just ask in a channel, Hey, how do I do this? And typically someone will help you out on that. 

Steven Parton [00:11:14] So are there more or less attack vectors, I guess, on either the person or the technology these days? 

Brett Johnson [00:11:23] I would. So again, that's the interesting thing. I always go back to the human and but the human is responsible for not implementing proper technology. We're not doing the updates on the tech or maybe you've got some human idiot that's, you know, decided they want to come in with regulation. And here's the thing. We need regulation. I support that 100%. But it needs to be informed, educated regulation. I don't know if you've watched any of those crypto hearings up in Congress, but you saw that those blank faces. 

Steven Parton [00:11:56] And that's why I didn't watch it, because it's just like this is kind of sad to see. 

Brett Johnson [00:12:01] Oh, man, it was crazy. You'd you'd see someone trying to explain what blockchain and what these tokens were doing. And the senators, their faces were just blank. Then some aide would come up and whisper something in an ear trying to explain it and nothing. And these are the people that are going to be putting regulation into crypto and things like Zelle, things like that. It's, it's, it's kind of a nightmare. So I go back to the humans, but it certainly has a tech aspect in that the humans. Aren't implementing what they're supposed to be implementing. They're not patching those holes. They're not you know, they're not changing that default password on the 41% of routers that are out there. They're not shutting down outward facing assemblies, which we've known about that for well over a decade. Yeah, that's not been done. 

Steven Parton [00:12:50] You mentioned before, I think you said something like 90% of exploits are known exploits. How how are those going unchecked? Is it just because there's not a standardized system? Is it just because people aren't updating their local systems, like what allows 90% of these vulnerabilities to just sit there and go unguarded? 

Brett Johnson [00:13:14] I would say it's not that they're again, it's not that they're not known about. Most of these vulnerabilities are are things that cybersecurity people have told that specific institution about, but the institution hasn't done anything about it. You take SolarWinds, for example. My God, SolarWinds, you had people that were coming in. You had auditors that were talking about the security problems, the password problems, that man of that, that supplied supply side chain type of attack. And it went ignored. They heard it, but they didn't want to put the money into that. Instead, they wanted to put the money in toward marketing, because at that point, SolarWinds had been purchased and the company had bought them. I think they were trying to get it to the point where they could sell SolarWinds off to someone else. Yeah. That's a lot of the issue. You know, you look at basic economics, that idea of guns versus butter, you know, what are you going to put your your budget into? Are you going to put it into the tech, the security, or are we going to put it into growing and paying our CEOs? 

Steven Parton [00:14:20] We know how that answer always plays out. 

Brett Johnson [00:14:23] We know exactly how that answer ends up. And, you know, the problem is, is that. You take the two biggest attacks on record right now are both not Petya and SolarWinds. Mm hmm. Both of those nation state attacks. Sandworm on one. Fancy bear on the other. Russian hacking groups that hit both of those use known exploits that not Petya is I mean an outstanding example of that so not Petya it uses a faked Microsoft certificate known exploit. It takes over the update server basically the QuickBooks of Ukraine from there launches an update stealing code from the Petya ransomware attack a year prior to make it look like it's ransomware. But it's not. It's just it's just a a code sent out, a malware sent out just to destroy hard drives. It uses mimi cats to harvest credentials out of ram known exploit. It uses eternalblue any kernel romance NSA known exploits which were patched like 16 months prior to that it uses it looks for outward facing as some bizarre thing I just mentioned that remote access which we've been bitching not we, because I was a bad guy at one point, but the good guys have been bitching about that for how a decade you close these ports down. It's not rocket science, but they've been wide open. It's it's those types of things. So so when you ask is it the tech or is it the humans, I would say it's the humans that are screwing around, not doing what they need to do with the tech. 

Steven Parton [00:16:00] Yeah, seems interesting because what I'm hearing is there's this big concern that cyber consultants are snake oil salesman. And at the same time, as soon as the consultant is like, hey, seriously, this is a vulnerability, you should take seriously that like, Nah, I think we'll be fine. We'll just pay the CEO more money. I mean, is that is that really the dynamic, do you think that leaves a lot of things open here is that. 

Brett Johnson [00:16:21] I think it is. You know, have you ever been to RSA or not? 

Steven Parton [00:16:25] No, I don't think so. 

Brett Johnson [00:16:27] So RSA is the security conference takes place in San Francisco. It's I mean, you got tens of thousands of people come in and you've got this conference floor where you've got all these security vendors that are out there trying to get the attention of the people who buy the products. And if you ever go down on that floor, the first thing you, you know, beyond doubt is that the majority of those vendors down there are snake oil salesman. They really are. There are rappers down there. They've got Elvis impersonators down there. They had the blast when I was at. There were at least three delorean's on the floor that looked like the back to the future cars, you know, doing anything they can to get people to come to their booth. And then what happens when they come to their booth? Is it better to try to tell the people that, hey, we've got a very good product? You know, these are the attack vectors. This is what happens. This is what our product does. I mean, you can have that conversation, that truthful type of conversation, or you can say, you know, our products, the only thing that's going to save you, you know, all these is hackers out there. They're hackers, the computer geniuses. You can't stop and you won't stop. You ain't never going to catch them. So that typically is the conversation that a lot of these people use. They use the fear, uncertainty and doubt in order to try to sell the product instead of being truthful about that. And it gets worse than that. You get a lot of these security companies, they develop a product, and when they first develop it, it's outstanding. It does the job that it's supposed to do, and then they sign on a lot of clients and they never innovate on that product at all. So it starts out great. 18 months later. It's shit, excuse my language, but it is eight months later. It's absolute garbage. They never innovate on it. And because these these customers have onboarded with that program, it becomes very difficult to switch from that into another type of product that is more effective. So you get again, you get this problem of these issues that pop up because humans aren't doing what they need to do. 

Steven Parton [00:18:28] Yeah, man, it's ironic. It sounds like the people are trying to protect you from social engineering or just using social engineering to take your money. It's like a. 

Brett Johnson [00:18:36] Little. 

Steven Parton [00:18:36] Blue collar versus white collar crime there. We just allow one of them. 

Brett Johnson [00:18:40] It got so bad. I was I was I sat there amazed. And what happens is, is I never want to go to RSA. I always end up going. I always am always hopeful before I hit the conference floor or the convention floor that, you know, it's going to be okay. And within 30 seconds I'm like, Oh, my God, I've got to get out of here. The last time I went, it was only a few months ago. Went down the escalator, hit the floor. And the first thing that I heard and I complain about this all the time, I'm like in my presentations, I'm like, you know, computer criminals. They're not hackers. They're criminals. There are not £400 in their mom's basement screaming, Mom, bring me the sandwich with a cut crust, cut off with a matrix background flowing in the back. So and I say that almost every presentation and I'll be damned man if there's not some barker on the floor talking about these ransomware kids, how they used to be £400 in their mom's basement. I'm sitting there going, Oh, my God, they they're really using those lines to try to sell someone product. Yeah. And it's completely wrong. And because of that, it not only. Destroys trust within that industry. So you've got, you know, the people who call the shots at some, you know, corporation that, you know, they've heard this before. They know that a lot of it's bunk and you get somebody legitimate that says, hey, you need to put in this tool. Well, they're not going to really listen to that as they should, because you've got these entire, you know, 7500 plus, a good majority of them just just being untruthful. It not only destroys trust there, but it also. Disrupts the larger picture of what computer criminals are because you've got mass media that picks up on that. And mass media, they kind of parrot that, you know, they're hackers. You can't really touch them. They're like in the movie hackers, you know, you're not going to catch those people. That's not really true. They're not really sophisticated at all. And there are ways to catch these individuals. Typically, a lot of good O.S. would peg a lot of them. You take all these Darkweb players, O.S. card, a lot of those people. So that's a lot of it. But it goes even further than that. You know, if you've ever had a friend that has been a victim of a scam online, especially a senior citizen, you know, we hear these lines all the time. Why would you click on that link? Why would you send money to someone you don't know? So we tend to because of this this whole picture that's going on, we also tend to blame the victim for the crimes that are perpetrated upon them. And that's not right either. But this is this is the environment that we live in and we try to operate in. 

Steven Parton [00:21:19] Yeah. I'm wondering, as we got on that point, it made me think about the blue collar versus white collar crime and the way we kind of view, you know, that dynamic. Some people say like taxes as crime or, you know, corporations are committing crime all the time. I'm wondering, did you have any thoughts around Cambridge Analytica? I just talked to the guy who was in the documentary that just came out two years ago or so. Could you. 

Brett Johnson [00:21:44] Interview him? 

Steven Parton [00:21:45] Yeah, two days ago. David Carroll. 

Brett Johnson [00:21:46] Oh, wow, man. 

Steven Parton [00:21:47] Yeah. 

Brett Johnson [00:21:48] So how did that go? 

Steven Parton [00:21:50] I mean, it was really fascinating. It was really fascinating. I mean, just because of the the. Level of, let's just say fuckery that right that took place. I mean and that's kind of my point is like Cambridge Analytica seemed to be doing a lot of stuff where they were talking about classifying their tools, their psychographic tools, which is social engineering in a lot of ways as weapons in Britain. And yet they were using them on the citizenry. And, you know, the dynamic of them just getting caught on camera talking about how like, oh, we worked on that. We can't say we worked on that project, but they're boasting and laughing and joy about how they helped, you know, Brexit along. And it to me it's like there's a lot of stuff that's going on now. I guess my point that is legal cybercrime. Sure. And I'm just wondering if you have any thoughts about like that and Cambridge Analytica and kind of the way we're playing with data now in the legal do your. 

Brett Johnson [00:22:44] Yeah I do and you know and I hearken back I'm a big Doors fan. All right. And at one point, Jim Morrison, he used to study crowd dynamics, how to manipulate a crowd. And one of the things he always talked about, we didn't talk about it, but he had he mentioned it a few times was you take a crowd and if you can place people at certain points in that crowd, you can you can really influence the entire mood of the crowd by what those just few select people are saying. Well, you you move that over to the Internet era and you see that works to a T. And the problem with that and it goes back to something I've said on other podcast as well. The perception of truth is more important than the truth itself. We're in an era now where facts don't matter. What matters is. Is what I can't convince someone to. Mm hmm. You know, we've. We've had. I tell you, I wake up every morning, I watch Fox News and CNN so I can get pissed off at everybody. All right. I'm an equal opportunity hater, but I say that. But I also think there's a lot of there's a lot of reality in that, you know, you've got you've got both sides. And certainly I dislike one side more than the other. I'll keep that to myself. But, you know, it's you've got both sides that are adamant about using any emergency at all. Any crisis at all for political gain. And the people who who lose are the common people that are out there. Cambridge Analytica, these these corporations that also engage in that, whether you're Facebook in your use of people's data or your, you know, your Mark Zuckerberg. So you've decided you're going to create the metaverse simply so you can have your own app store, which is kind of what I believe he's doing this very possible. It's very possible. But you take that and you put it in the United States where. People are not really always concerned about their privacy. And it becomes an issue. You know, I'm not a big fan of Edward Snowden. I'm not I respect Manning much more than I do Snowden. But Snowden was right. He was absolutely right when he was talking about privacy. The problem was nobody cared. That was the issue. Now you've got you know, now we're seeing these stories where we've not not only got corporations that are buying your data, you've got government organizations that are buying all the cell phone data that's out there, all the cookie data that's out there, everything else. And I work with some of these organizations, and I know that the data that they get. Man. It's something they can they could determine a whole lot of stuff by that. Yeah. And I'm not quite sure, you know, we see it now with the with Roe v Wade. We've seen a few states that are trying to pull cell phone data messaging. There was there was a case where I think it was Michigan that subpoenaed Facebook for text messages about a young lady who was going to have an abortion in order to charge her for that. I'm not sure we're still at the point where people care about their privacy. And if a person doesn't care about their privacy, then it it becomes more important that the government does that. If if we don't understand the importance and the value of our own privacy, then our government needs to do that. Because I can promise you the corporations won't do that. And the issue with that is, is that, again, you're talking about a government system that is uninformed and uneducated, trying to put in those types of regulations. And it becomes to me, it's a very frightening aspect. 

Steven Parton [00:26:33] Yeah. And I mean, not to be too cynical here, but I can't help but think also to some extent the same things that make people susceptible to social engineering and cyber crime on a mass level is kind of the same things that I think government benefit from a little bit. Oh yeah. You know, in terms of like demagogs and people running for, you know, positions of power, they, they, they kind of use the same exploits and people make a point. Cambridge Analytica. Analytica was that very thing. And to that end, I guess, are they are there things that you see as particular vulnerabilities that. People might have that make them susceptible to these type of things. Like, Ah, there is the laissez faire attitude around privacy. You know, of the things that make people particularly vulnerable is that people who are depressed and stressed and unable to make ends meet, like, what are some of the things that make people good? 

Brett Johnson [00:27:30] Sure, sure. And this right here. Yeah, this right here. You know, I'm. I've got my own show. Yeah. Big advertisement at the back, but. How many people out there are using Tik-Tok? Yeah. And let's be clear. My understanding is that all of that data goes to the Chinese government. I mean, there's there's certainly been enough leaks that have said that outright. Mm hmm. You know, we've had we've had our intelligence agencies that have said that as well. Now that's tick tock. I'm pretty sure that there is a hell of a lot more companies out there, social media companies, than Tik Tok that do the exact same thing, just not for a government or for themselves. That's the issue. You know, I I'm I'm like 800 levels into Candy Crush right now. And fortunately it's not an addiction to madness played every now and then. But, you know, there are people out there that you're playing a game. You lose your lives, you need to re-up. You don't have the money to do that. Well, will you give up some data for that? Absolutely. You've got people that will do that. People who don't really understand or respect their privacy. And I get the I get the reason for that. You know, if I'm not doing anything wrong, I don't care what they do with it. Well, that's fine until you see, you know, Border Patrol with all these other institutions, organizations out there that are buying cellphone location data. Why? Why do you need that? You don't. You simply don't. That's this overreaching idea of government. And it's not just with government. You know, you can to a degree, I guess you can justify it with government. You know, we need to make our citizens safe. But how can you possibly justify that as an as a corporation that's doing that for profit? Hmm. I don't get that. And that's why we really need. I honestly don't know where it ends. I don't. Because, you know, government's not going to institute proper regulations. Corporations certainly aren't going to police themselves on this. And then you've got the citizens that a majority of them don't give a damn. Yeah. 

Steven Parton [00:29:40] I mean, how do you think it shifts? I mean, do you think we see something like, I don't know, a blockchain or some kind of grassroots technology that looks beneficial from like a revolutionary standpoint and also helps with things like supply chain ends up just slowly meandering into the mainstream and helping with security. Or do you I mean, are you just completely hopeless? Like, how do you not make that, you know, shift? 

Brett Johnson [00:30:07] I'm the guy. As much crime as I've committed, as much bad as I've done. I'm still the eternal optimist. I think that these will hopefully work out. I, I don't have any faith at all in tokens. You know, this idea that cryptocurrency is going to change the world, that everyone's everyone's going to be equal across. Well, no. You look at those tokens, you've got like, you know, 2 to 4% of the whales own 90% of the tokens. That's not equality and it's not going to be anytime soon. But the tech behind that, I really like that. I like this idea of the blockchain. You know, you if you've ever been on one of these sites that uses the DNS blockchain, that's that's pretty powerful security and technology. It really is. So I think that, you know, if we had more social media that that engaged with that, I think that you could you could have something that protects your privacy, that doesn't allow a bunch of advertising marketed directly toward you. And it would be a much more beneficial thing overall NFT technology. You know, I hate the idea of buying JPEGs. Yeah, I don't see that. I don't see the purpose in that. But the tech I think the tech is outstanding. If you can start to attach identity to that, you're doing a lot of good all of a sudden. So if you if you could figure out a way to attach identity to that NFT type of tech technology, then all of a sudden you don't have to worry about. And giving up a lot of your data to verify who you are inside of a company. You know, if you go to sign into Amazon or Apple or something like that, if you're using it in a party to do that, you shouldn't have to give up device information, IPRs, any type of demographics or anything else like that. Because that token should. Verify you through that system. I think that we can get there. The problem is, is that you've got a lot of billion dollar corporations out there that don't want to do that because they won't be billion dollar corporations anymore. But, you know, like most disrupted, disrupted technology, it's going to happen. I do believe it will happen. It's just we have to we have to find somebody that will do that. 

Steven Parton [00:32:24] Yeah, but you think it's going to be something that happens from kind of mass adoption? Mass adoption due to just pragmatism rather than like the government's going to do anything. 

Brett Johnson [00:32:35] Or oh yeah, government is not going to do a damn thing. The corporations aren't going to do a damn thing either. It's going to take, you know, some sort of open source network. No, I think blockchains are built for that kind of stuff because get some sort of open source and open source network. Maybe we'll start with social media probably and you get that's your use case. You know, this is this is growing. This is this is secure. Everyone's private. We don't have a bunch of corporations, you know, feeding off each of off the data that's coming in and things like that. I think that that's where we go with that and I'm hopeful that we get there. 

Steven Parton [00:33:05] Yeah. What do you think about something then? Like a digital ID? Even if you could remain, you know, keep a pseudo pseudo name, some kind of pseudonym, some kind of anonymous, forward facing persona, but still have some kind of, like, certified, you know, whether you'd like a Social Security number or something to get your Internet ID. Do you think something like that is is a step in the right direction? Or is that just opened up far worse cases for, you know, government surveillance, things like that? 

Brett Johnson [00:33:38] I think that it would be nice if we could. Separate that physical world the way we are, the way we verify identity in the physical world versus the Internet, the online world. You know, this idea that you're given a Social Security number or a copy of your driver's license or whatever that is, if we could find a way to separate that and have just an identity online. I like that. I like that a lot. The problem becomes, you know, how do you you can do that? You can certainly do that. But how are you going to pay for stuff? Yeah, well, and maybe that's when maybe that's when more of a crypto type of environment actually becomes, you know, more equal at that point. I'm very. I was the guy that, you know, was Shadow Crew and Counterfeit Library and all those criminal forms. We had those precursors to go to crypto. We had Ego, Liberty Reserve and you know, moving from that over into Bitcoin and then the all the other altcoins that are out there. I think there was a lot of hope that this changes things, that this gets rid of that that horrible. You know, component of capitalism, but it just hasn't worked out that way yet. And it's unfortunate. It is. But again, I'm still that that optimist at the end of the day. I'm I'm hopeful that we get there. Yeah, maybe. Maybe I'm naive. 

Steven Parton [00:35:18] No, I mean, I feel like the. What do they say? The the arc the moral arc of of humanity kind of bends in a positive direction over time. 

Brett Johnson [00:35:27] Right. 

Steven Parton [00:35:29] Do you think in that sense, maybe like we might see a generational shift even at the governmental level like it some there is the old joke that, you know, we just need to let all the old people die so that the young people who understand technology can get in power. I don't know if that's necessarily true. Maybe it is. But I mean, do you think that we will see more people with who don't have those blank faces at at the governmental meetings will be in power and we'll be able to maybe make some smart choices around regulation. Would you support, you know, a certain amount of regulation in that regard? 

Brett Johnson [00:36:02] You know, I've got to tell you that I was I was about to say yes until one name popped up in my head. It was Marjorie Taylor GREENE. Oh. 

Steven Parton [00:36:12] I mean, good point, though, right? Because that's once you create the tool, anybody can take power over. Right. 

Brett Johnson [00:36:18] Right. Yeah. I think that there's a lot of truth to letting the old people die out. I'm 52. I've not got two more years left, but there's a lot of truth to that. If you want to get rid of racism, let the old ones die out. Because I promise you more of the old ones are more racist. And then the younger ones and the same thing with tech as as that older generation dies out and you've got the newer generations and more educated generations that come in. But then again, you've got regardless of the generation, you've got idiots that come to power, whether it be and I'm you know, I can think of actually, I can think of some Dems, too, but I was I was thinking about there but, you know, are on both sides of that fence. You've got absolute idiots that are in power. And that's that becomes the problem. And. It doesn't sometimes it doesn't matter whether the person is educated that's in office or not. If they're just looking to benefit themselves. So I think that's. Do you think we'll ever fix them? 

Steven Parton [00:37:26] Do you support decentralized approaches to most of this? 

Brett Johnson [00:37:29] I do. I absolutely do. I think that, you know, I was mentioning that to that open source type of and I actually kind of think now that I've said it, I think that's where it kind of begins as some sort of open sourced social media channel or, you know, whatever, but or platform. But I think that's where it starts. And then that forces your politicians to start trying to adopt that kind of stuff. I think it has to start with that grassroots, that tap of that kind of decentralized type structure, and then it forces change in the other areas. I think that's what absolutely has to happen. And I got to say, I believe it will happen. I truly do. You know, at some point. I would I would hope that at some point we're going to get a populace that gets tired of being taken advantage of. But who knows? 

Steven Parton [00:38:23] We're all hoping for that day. So while we're on the topic of of government, I guess. I feel like I'd be remiss if I didn't ask. A big controversy these days has to do with the voting machines and how secure they are. Have you looked into that at all? 

Brett Johnson [00:38:40] I have. I have. I actually did a show on mine about it. And here's the thing. You. You look at the news reports and again, it's both sides playing politics. So depending on who's running for office, the voting machines are you know, they here they're susceptible to compromise. And I agree they are. All right. I agree with you. They are. That doesn't mean it's going to happen. Now, I do think that because we had a former president that comes in and says that the election was stolen, I think that the chances of voter fraud, the next presidential election are pretty high on both sides. I think you'll see the the Democrats that will be like, oh, we can't let them steal the election. And then you'll see the Republicans all they stole the last election. We got to make sure we got our numbers up. So I think you were going to see both sides that are trying to skew things. But going back into that crowd dynamics, that Cambridge analytical, analytical type thing, you don't have to break into voting machines in order to skew an election. You can use bots you could do like the Russians did and just have people in channels talking about it. And the idea being if you have enough voices out there, enough fake news that that's out there, you've got that middle line and you're just trying to skew it just enough toward the right or toward the left to influence enough votes so that your candidate wins. That's the proper way to skew an election. Again, that perception of truth is more important than truth itself. What can I convince you of? Sure you can. You can. You can register dead people to vote on my show when I was committing crime and identity theft. One of the vectors that I used to use as you would. You get a dead person, get their social, get their birth certificate, then you would register them to vote and it would work like a charm. You would get the voter registration card and you could vote on that person. Yes, you can do that. Yes, you can scale it up. Does that mean that's going to happen? Not in mass, not in scale. It's not because you don't have to do that to skew an election. You can and you can do stuff like gerrymandering. Oh, yeah. Yeah. I mean, you can make it you could make it harder for specific districts or precincts to get to the voting machines. You can do stuff like that. 

Steven Parton [00:41:08] It gets back to what you were saying before, man. I was thinking the fragmentation, you know, in the post-truth world, when you have people who all live in these little reality tunnels, it becomes very easy to to socially engineer them because they don't have a consensus reality with the rest of the world. 

Brett Johnson [00:41:23] And, you know, the algorithm. And it again, it doesn't matter which side of the political spectrum that you're on, the algorithms on these channels work so that you enter into your own little echo chamber. You're only going to be fed the stuff that agrees with your viewpoint. And there's something horribly, horribly wrong with that. It's we're now in a society and maybe it was always like that. I don't know. But I know that we're in a society now that if you have a different political belief than I do, you are not a friend. You are an enemy, an outright enemy. And I wasn't always like that. I don't think it was. 

Steven Parton [00:41:59] I don't think so. Now I've done a little social science research and it doesn't seem like it was actually. 

Brett Johnson [00:42:04] But it is now. Yeah. Yeah. 

Steven Parton [00:42:07] Do you think do you think deep fakes and whatnot are going to change this? Like, do you think we're going to find ourselves in an arms race with, you know, people making fake videos or fake audio clips of people? And do you think we can actually secure against that? Because that's when people one of people's fears is that, you know, we might be able to just make Clinton or Trump or somebody say something that they definitely didn't say. We'll make a video of it. It'll go viral through all of these, you know, post-truth channels like these. Those are reality tunnels. Nobody will know it's fake. And we'll end up in this world where we can't confirm it's fake and it just becomes the new truth, you know, leading to all those problems. Do you think that's realistic or do you think we can actually maybe scale up some defense tactics against that? 

Brett Johnson [00:42:56] I not only think it's realistic, I think it's going to happen. We've seen it happen. We saw that Russia put out a deep fake on Zelensky saying that they had surrendered. Think of it like this. And I've actually worked with some law enforcement agencies and we've talked about it. Think about a video of law enforcement shooting an unarmed suspect that's released. All right. But in reality, the suspect wasn't unarmed. It was just digitally the weapon was digitally removed from the suspect's hand. Well, it's released. The damage is already done, and then the truth comes out too late. Same thing with financial markets. You get somebody that gets on Twitter Deepfake video saying, hey, we're selling stock markets, going bankrupt, whatever the hell they're going to say, causing a mass market move completely fake. But the damage is done before the truth comes out. That is exactly where we're going. We're seeing that to a degree in financial cybercrime. You know, you're seeing these somebody will get on on camera and it looks like the CEO of a company send the wire transfer over to here while the CEO said it. Well, no, that wasn't the CEO that said that. So you're seeing that. And the problem with that is that the tech, the crime itself and the security that that the term that detects that deepfake, it really is cat and mouse. You get the tech that detects that figures out that it's a deepfake. It catches all the deepfakes. Then then the criminals come in and they tweak it just a little bit and that deepfake flies through. And we're going to continue to see these types of problems. I mean, you've seen this again on Tok. You've probably seen the Tom Cruise guy. He's outstanding. He truly is. It's a problem. It's a problem. And we're really getting to the point where you really it's becoming more and more difficult to determine what's real and what isn't real and deep fakes. Absolutely. Add to that. And that will end up with a loss of life, loss of finance, something like that. Absolutely. 

Steven Parton [00:44:56] So do you think it's inevitable that there will always be a few deep fake type criminals who, let's say, overcome the latest protection, the latest plateau of protection, and get away with stuff before security can come and patch that, you know, patch the things that they did. And then they just go past it. And it's kind of a constant, you know, leap frog where the criminals are always, always get away with stuff for a bit before the regulatory system catches up with them. 

Brett Johnson [00:45:25] I think it's I think it's an absolute certainty. And as I'm talking about this, it's weird with me when I'm when all the channels are talking on a podcast, some things I get sometimes I get these aha moments. But you take a deep fake. A deep fake absolutely feeds into that idea of how trust is established online, that technology tools, social engineering, you know, we inherently trust our technology. What someone is using is they're using a deepfake they're using a tool to build trust with that potential victim, whether that be someone in payroll in order to send out a wire transfer it be a populist as they're trying to get us to riot, thinking that someone was shot unjustly. It be a country like with Zelensky saying, hey, I've surrendered in order to try to destroy the morale of the country. So it's all that that idea of how do you build, how do you gather trust, establish trust with a potential victim, whether that victim be an individual, an organization or an entire population. And that that gets really I mean, to me, it's really interesting, but it's also really scary that trust can be established so easily. Yeah. 

Steven Parton [00:46:36] Do you think that that same idea translates over to something more like hardware? And specifically, this is one thing I think anyone who plays around in the transhuman, you know, futuristic world worries about. Eventually we're going to have things like brain computer interface is we're going to have things that integrate more deeply with the human animal. And if there's always going to be people who are leapfrogging past the latest security, that means at some point where you might be vulnerable to having somebody get inside of our consciousness, control our brain, you know, if we really do integrate with technology to that degree. It seems like we're going to always kind of have the latest risk to ourselves. Do you think in the hardware sense or in that future that's something that you would be worried about happening as well? 

Brett Johnson [00:47:25] Well, I'm not sure that Kurzweil really talked about that in his book, did he? No. 

Steven Parton [00:47:31] I think you want to brush that one under the rug. 

Brett Johnson [00:47:35] But I think that I think you're absolutely right. I mean, if you're integrating with tech and you've got these signals or, you know, augmented reality or whatever coming in and someone is controlling what's coming in again, almost like an echo chamber, then, yeah, it matters. And, you know, thinking back to what we've already been talking about, if you're able to use something like, say, the DNS blockchain again, that would defeat. Deepfakes being effective because you would know, hey, it's not the correct person that's putting out this video, right? So, I mean, the tech I do believe the tech will get there, but what kind of damage will be done before it does? As far as, you know, the human interaction, that singularity. I think that when that before that takes place, we absolutely have to get that security and blockchain may very well be the answer for something like that. 

Steven Parton [00:48:30] Yeah, man, there are probably a thousand more questions, Bret, that I would like to keep going. 

Brett Johnson [00:48:35] You're great. Yeah. 

Steven Parton [00:48:37] Thank you. Very enjoyable conversation, but I know we have some limited time. So before we go, I want to kind of just hear a little bit about like where you're at these days in terms of like what is your big fight these days? Like what is the thing that, you know, there's an old saying that everyone's trying to tell the same story. We just keep trying to figure out different ways to tell it. What is the story that you're trying to tell right now? 

Brett Johnson [00:49:00] You know, it's. There's a few things going on with me. The first is, and I said I've said this on a couple of podcasts recently that I that I really believe that the reason that I'm hearing a lot and a lot of the people are here on Earth is to first know who you are and to second do good to help each other. And I really believe that. I really do so. So I've got that that's going on. I've got this this thing where I'm where I'm learning every single day about how to become a better person. And I try to do that every day. Sometimes I fail, but sometimes I'm successful. And by God, it feels good when I am. I've got that that's going on, I. I'm the guy that. I don't respect I have very little respect for persons just because of who they are or the institution. I look at you on what you're doing and what you've done. And I'm I'm quickly becoming this guy who who says the things that need to be said. And so I'll call out a company, I'll call out Zell or I'll call out Facebook or I.D. me or but I'll call out the criminals, too. And it's really it's really disturbing to me. Like I did a show just released yesterday about Joe Sullivan, the CEO who's going to prison. And it's really disturbing to me that it takes the former criminal. To say the things that need to be said. I don't I don't know why more people actually do know why more people don't see it. And it's because they fear for their job, their, you know, their their financial security contracts. They don't want to upset anyone. I think we have to get past that. So these are the things that I work on. Is is this a lot of it is internal me just trying to to be a better person than I used to be. Yeah. 

Steven Parton [00:50:53] Just so that man. Well, on that note, anything that you're working on right now that you'd like to talk to people about, let them know about, you know, here's your chance to plug like you were talking about earlier, the podcast. Anything else? Let's let's hear it, man. 

Brett Johnson [00:51:06] You know what? I've got this thing. I was on YouTube, I got banned on YouTube not and the reason I got bad is I was talking about prostitution, the way modern day prostitution worked. And they said that was explicit. So I'm no longer on YouTube, but I've got the Brett Johnson Show, it's on Spotify, it's on Apple Podcasts, it's on iHeartRadio, it's on all these different channels. I've got a Facebook page, I've got my page up at the Brett Johnson show Ecom. If you guys would would subscribe to it, just come over, visit, maybe watch a couple of videos. I would really appreciate it. I talk about cybercrime, cybersecurity. I talk about this journey of trying to be a better person. Anything that's interesting to me, I bitch about a lot of stuff too. And you know, I listen to all the comments and everyone's got a suggestion. I try to take that to heart too, but I would appreciate it if people would just pay me a visit. 

Steven Parton [00:51:54] They go, I mean, it's not surprising that you were good at social engineering because you had a lot of charisma, and I expect that translates into all the stuff you're doing. So Brett, I really appreciate your time and this was a good conversation. 

Brett Johnson [00:52:05] I thank you. Stay safe now.