They Accidentally Hacked the Presidential Inauguration Transcript

Brian Ebert 2

Travis Taylor:

Adam.

Adam Levin:

(Singing)

Beau Friedlander:

Travis?

Travis Taylor:

Ho, ho, ho.

Beau Friedlander:

I knew Christmas was coming. I knew that’s what it was, Christmas in May.

Adam Levin:

Merry Friedlander.

Beau Friedlander:

May-ry Christmas.

Adam Levin:

Beau, have I got a story for you. It’s like an enigma wrapped in a question, wrapped … Well, whatever. It has to do with a browser wrapped in a browser, that could be the cause of misery in your life. Travis, you know about this.

Travis Taylor:

That’s right. It’s called a browser in the browser attack.

Beau Friedlander:

Ah, the online turducken of identity criminality.

Travis Taylor:

Right. And this one’s pretty sneaky, because even with anti phishing training, this is a tactic or a method that can get around a lot of the telltale signs of a phishing attack.

Beau Friedlander:

When you say a phishing attack, I think a link that I get via email or perhaps texted to me. What does that have to do with a browser?

Travis Taylor:

Well, what this does is you get emailed a link and then that link will lead you to a cloned page that’ll look exactly like a service that you use. And it takes advantage of the fact that a lot of people these days, rather than using password managers or keeping track of all their passwords, they’re using something called single sign-ons.

Beau Friedlander:

Wait a second. Now a service, when you say service, the single sign-ons are few and far between. They’re like Google, Facebook. Who else does a-

Travis Taylor:

Microsoft.

Beau Friedlander:

Microsoft, right. But it’s big, big portals, big companies that are providing the authentication for you so you don’t have to fill out all those forms. Is that what we’re talking about?

Travis Taylor:

Exactly. Yeah. You can just use one password that you know to your primary account rather than having to create a separate account for every single service you use online.

Beau Friedlander:

Sounds like a potential … What’s the word? Cluster F … Cluster?

Adam Levin:

A cluster flum, flum, flum flum, flum.

Travis Taylor:

Cluster fuffle.

Beau Friedlander:

Yeah.

Adam Levin:

A kerfuffle.

Beau Friedlander:

It sounds potentially really messy.

Travis Taylor:

Right.

Adam Levin:

Cluster fun. That’s it. Cluster fun.

Beau Friedlander:

There we go.

Travis Taylor:

So with these cloned pages, first of all, one thing that you can often see with a cloned page is if you mouse over a link, the link will be something different. With these attacks, if you mouse over the link to, say, sign into Google, it will actually show you that it’s supposed to be leading to the regular Google login form.

Beau Friedlander:

Let’s say that in simpler terms, Travis. It will actually show you the URL for Google.

Travis Taylor:

Right. It’ll show you the URL for Google.

Beau Friedlander:

Gotcha. How do they do that?

Travis Taylor:

It’s pretty easy. You can just have that … You can add a little bit of script onto the page that just says ignore the links and ignore the link destination, instead open a popup window.

Beau Friedlander:

Oh. So just as you would do to open up Adamlevin.com as a popup?

Travis Taylor:

Right. Exactly. And so what this does is it opens … It doesn’t actually open a popup window, but it looks exactly like a popup window asking you for your login and your password.

Beau Friedlander:

So it’s an overlay or it’s inside the browser?

Travis Taylor:

It’s inside the browser, but it’s an overlay on top of the content.

Beau Friedlander:

So it fits exactly to the window?

Travis Taylor:

Exactly. Right.

Beau Friedlander:

Can you move it?

Travis Taylor:

Yeah. You can move it. You can close it. You can do all the same things that you would do with a standard popup window. So it looks exactly like one, but in this case it’s actually a cleverly disguised script meant to capture your credentials.

Beau Friedlander:

Yeah. That makes sense. But I have another question about this. It’s a window. So if you’re operating the Chrome browser or the Firefox browser and you have multiple tabs open, this phishing link is going to pop up a new window. So that’s one tell.

Travis Taylor:

Yeah. It would not show up as a new tab. So it looks like it’s just a popup window.

Beau Friedlander:

Correct. So if you’re used to seeing things, if you have your computer set to just open a new tab as a default, this is going to give you a quick tell if you’re paying attention.

Travis Taylor:

If you’re paying attention.

Beau Friedlander:

If you’re paying attention, you will notice, “Oh, there’s a new window. That’s not supposed to happen.” But if you don’t see the black cat in the matrix and it doesn’t glitch, what happens next?

Travis Taylor:

Well, one of the things that makes it tricky to identify is that you can actually drag the window around on your screen.

Beau Friedlander:

Yeah. It’s a window. I get it.

Travis Taylor:

Right. But you can’t drag it outside of your browser window. So that is the one tell.

Beau Friedlander:

Well, why not?

Travis Taylor:

Because it’s not a new window, as such. It’s just a popup within your browser.

Beau Friedlander:

Oh. So it’s not a window. It is actually a popup that looks like a window.

Adam Levin:

I’m moving the window around right now across my screen.

Beau Friedlander:

And it goes off screen. Off screen, off screen. So I know you guys are legit, but if you guys weren’t legit and it was time to quit, you’d get stuck in there because you’d be a popup.

Adam Levin:

And we just feel like shite.

Travis Taylor:

Exactly.

Beau Friedlander:

That didn’t rhyme.

Travis Taylor:

It would in England.

Beau Friedlander:

It would have, we didn’t want to get a beep.

Adam Levin:

I’ve been watching Anatomy of a Scandal. Come on, I get it.

Beau Friedlander:

Too legit to shite.

Adam Levin:

Shite.

Travis Taylor:

At any rate, the main thing about it is it gets around a lot of the telltale signs of a phishing or cloned site. And in so doing, if you really want to take it to the next level, it can read whatever operating system or browser you’re using and make it look like that window, which makes it even harder to detect.

Beau Friedlander:

So actually when it’s served the request for the page or the popup in this instance, it’s actually seeing everything. It’s got your IP address, it sees what operating system you’re using and serves it accordingly.

Adam Levin:

So to quote a former president that might be somewhat part of the story that we’re about to tell later on, this is a bad ombré.

Beau Friedlander:

And he’s not talking about a blonde to brown hair dye job.

Adam Levin:

Welcome to What the Hack, a show about hackers, scammers, and the people they go after. I’m Adam, cyber historian.

Beau Friedlander:

I’m Beau, cyber Neo Marxist interested in a good story.

Travis Taylor:

And I’m Travis, Cybrarian.

Beau Friedlander:

Cybrarian, eh?

Travis Taylor:

Yeah.

Adam Levin:

And today on the show, Brian Ebert is back, ladies and gentlemen, and he’s going to tell us a story about the Secret Service’s response to a 2017 cyber attack on the presidential inauguration.

Adam Levin:

We’d like to welcome Brian Ebert back to our show. Brian was the former Chief of Staff of the United States Secret Service. He was also a special agent in charge of the Washington field office, among other titles that he has. He’s now the Chief Strategy Officer for a company called Hackers Jack out of Virginia. And Brian has some fascinating stories to tell. In fact, we did a previous episode with Brian that I know you’ll enjoy listening to that had to do with taking down an international credit card ring. But today we’ve got a lot of new and interesting stuff to talk to Brian about. So Brian, tell us a little bit about you that I haven’t already told them about you.

Brian Ebert:

Well, thanks, Adam. Thanks for having me back on this show. Beau, Travis, great to be back with you.

Travis Taylor:

Welcome back.

Beau Friedlander:

Great to have you.

Brian Ebert:

As you said, I worked for the Secret Service for almost 30 years. Obviously started in my mid-teens to make that happen. And-

Adam Levin:

When you were 10, actually.

Brian Ebert:

And the Secret Service has a dual mission of protecting our nation’s leaders and in protecting the integrity of the financial infrastructure of our country. So I had the good fortune throughout my career to bounce back and forth between those two parts of our missionary and worked in field offices, working criminal investigations. Secret Service is a small agency, so we all wear lot of hats. So everything from investigations to surveillances to making arrests, everything in between. And then bouncing between that investigative mission and our protective mission, both through our support we provide in our field offices and being assigned to a protective detail. I was assigned to the vice president’s detail for Vice President Gore and Vice President Cheney back in the late ’90s, early 2000, and just jumped around to a bunch of different offices that started in Los Angeles. Spent some time in New York, did a number of assignments in Washington DC. And it was just never a dull moment and really good opportunity to work with a lot of different people from various walks of life and to see the world and learn quite a bit.

Adam Levin:

And Brian, you were also involved in cyber security too, correct?

Brian Ebert:

Yes. Secret Service in both sides of our mission is very much engaged in cyber security. In the protective side of our mission, we are focused on keeping the environments that our protectees are going to go into safe. So we’re very much concerned about the nexus between the internet and cyber and with the physical world. So we look really hard when the president or another protectee is going to a new site. We look at access to the elevator controls, we look at air intake controls, we look at locking systems, we look at cameras. Anything that a bad guy from the outside could access that could be a threat to security, we take a really hard look at that. And in our investigative mission, our mission has morphed since 1865 when we were first charged with protecting our nation’s currency from counterfeiters, up through modern day where primarily we’re focused on financial crimes that use the internet or cyber as a platform for them being committed. So that’s really where our focus is on, is cyber enabled financial crimes.

Travis Taylor:

One thing that I think has been the case for a lot of law enforcement agencies just across the world, is that they’re a little bit late to the party when it came to cyber security. When did that become a focus for the Secret Service?

Brian Ebert:

I would say perhaps, and modestly, that we were pretty early to the table. We were charged with fraud investigations, access device fraud, credit card fraud, cell phone cloning, other types of cell phone fraud pretty early on in the ’80s. And in the early mid ’90s, I want to say ’94, ’95, we created our … Today they’re known as cyber fraud task forces, CFTFs, but at the time they were known as electronic crimes task forces, where we bring together all different types of federal, state, and local law enforcement, but also the private sector, specifically the bank and finance sector, as well as academia to come together, look at fraud trends, what’s going on and coming up with solutions to help us investigate those sort of crimes and to track down and catch the bad guys, seize the assets, and see justice done. So we’ve been involved with that for a long time.

Brian Ebert:

A lot of other agencies are also involved such as the FBI and such as ICE, Homeland security investigations, and certainly state and local law enforcement. But we all work together. We sit on their task forces, they sit on our task forces. But if the focus is financial crimes that are cyber enabled, then generally the Secret Service has a lead for those type of cases.

Travis Taylor:

And I’m wondering, what do you see as the biggest current threat out there when it comes to cyber crime?

Brian Ebert:

The agencies continue to reprioritize our resources based on the evolving techniques that the cyber criminals are using. And right now, the agency’s seeing a lot of use of digital currency to either move money around or for money laundering purposes or for illegal deals or to cash out money from criminal activity that was primarily cyber in nature. So I know the Secret Service, I’m retired a few months now, but I know they’ve recently opened a public facing cyber currency awareness site to educate the community and provide a form for reporting potentially legal activities and very much focused on following the money, going after the money so we can seize it and get it back to the victims whenever possible. That’s been the focus, as we’ve seen a huge increase in transnational organized crime cases that are using these digital currencies.

Adam Levin:

So, Brian, speaking of evolving threats, you have a pretty high level story for us today that happened in 2017, I believe.

Brian Ebert:

Yes. It was not far before the 2017 presidential inauguration.

Speaker 5:

America has a new president. Overnight we saw Donald Trump occupying his new office, the Oval Office. We also saw him and first lady…

Brian Ebert:

These presidential inaugurations are designated as national special security events or NSSEs. It just means they’re large events of national significance. Other examples are the United Nations General Assembly in New York, world leader summits, political conventions like the RNC and DNC. These events are led federally by the Secret Service, the FBI, and Federal Emergency Management Agency, FEMA. Secret Service is the lead agency for planning, coordinating, implementing the comprehensive security plan. FBI covers intelligence and incident management. And FEMA is consequence management or incident recovery if something bad happens.

Brian Ebert:

At the time, I was the special agent in charge of our Washington field office. as you mentioned before. And we had the operational lead for working with all the partners to plan and coordinate the plan for the inauguration.

Beau Friedlander:

I have a dumb question about the inauguration, Brian. I think maybe our listeners may have a similar question. The line of succession, how does it work when you have everybody whose anybody who could possibly be president there?

Brian Ebert:

For events such as the inauguration or presidential addresses to a joint session of Congress, there’s always someone that is in the line of succession that does not attend.

Beau Friedlander:

A designated survivor.

Brian Ebert:

Yes. Yes. And that person may or may not receive Secret Service protection during other circumstances, but during those times, the Secret Service joins up with whoever. It provides protection to those folks.

Speaker 8:

Roger.

Roger:

Good evening, Mr. President.

Speaker 8:

Roger, I’m sorry you drew the short straw on this. We’ll miss you tonight. Next year it’ll be the Surgeon General, I promise. Meanwhile, you can watch on TV in my study.

Roger:

Thank you, sir.

Beau Friedlander:

I mean, it still bothers me that the head of agriculture would be the president just because, but there you have it.

Brian Ebert:

I would suggest that agriculture’s pretty important to the country.

Beau Friedlander:

No. Hey. Hey, hey, hey. I agree with you 100%. And I didn’t mean hay, no pun intended.

Brian Ebert:

Sure.

Adam Levin:

Just remember Keifer was head of housing and urban development.

Mike:

Mr. Secretary, you need to put the phone down.

Speaker 15:

Mike, what the hell is going on?

Mike:

I said, put the phone down. We’ve lost contact with the capitol. [inaudible 00:16:51]

Brian Ebert:

I have heard of the show. I can’t say that I’ve seen it, but I understand that that’s what this show’s about.

Beau Friedlander:

I’ve always just wondered about that, when everyone’s there, who’s going to take over if anything were to happen?

Adam Levin:

And the big question is how does that person get picked?

Brian Ebert:

I’m not going to get into the specifics of that.

Beau Friedlander:

That’s probably a little bit too far into the kitchen. We’re going to have to go back into the dining room.

Brian Ebert:

So for these inaugurations, are many months of planning, coordinating, coming up with the plan, training, doing exercises to prepare for these three days of events. Because it’s not just the inauguration, it’s the events that usually start the day before and go into the following day of the actual inauguration, the parade, the balls, and all the formal events and then for event at the National Cathedral the following day. And all these different agencies, they’re bringing manpower, they’re bringing all sorts of resources to support this integrated plan. And so eight days before the inauguration events began, we found out from our friends at the Washington DC Metropolitan Police Department that dozens of their permanently installed security cameras in the vicinity of the inauguration had been compromised.

Beau Friedlander:

No.

Adam Levin:

Uh-oh.

Brian Ebert:

Over 100 cameras.

Beau Friedlander:

That sounds to me like … So the first thought has to be that there’s something extremely serious afoot.

Brian Ebert:

We were very concerned that the bad actors could have access to these cameras, which were part of the plan. They were some of the most important images that we wanted of the parade route and other events around the inauguration. And we were concerned that they could have access and disrupt our security plan.

Beau Friedlander:

Now, when you find something like that out, Brian, does that elevate your threat level? Does it create a situation where … Does the president elect find out about this or are you still just in planning mode and trying to make sure all your ducks are in a row?

Brian Ebert:

It lit a fire underneath us, for sure. And we’ve got our agents from our, I mentioned before, our cyber fraud task force, which includes members of the DC Police Department over to where these computers that supported the camera system were. And we worked with the city’s office of chief technology and the team was able to see that there was a ransomware attack that had taken control of the camera system, demanding a large sum of money to be paid via Bitcoin to the hackers in return for access back into the system.

Adam Levin:

This is where the ominous music in the movie would start to play right about now.

Travis Taylor:

Do you know how the police actually discovered the breach?

Brian Ebert:

There was a splash page that came up that gave the demands of the … that made it clear that hackers had used ransomware to take control of the system and were asking for, it was more than $60,000 among the different computers involved for city to get access back into the system.

Adam Levin:

So this was not a case where somebody stumbled onto this like, “Hey, this camera’s not working. Why is that?” To where it flat out showed up on a screen going, “Pay us or else.”

Brian Ebert:

That’s true. We didn’t know. We certainly assumed it was intentional and intentionally focused on these computer system because what else? That’s what our job is, to make those sort of assumptions. And now we’ve had this ransomware attack. But at the time, our goal was to regain control of the camera system before the inauguration and catch the criminals involved. And it goes without saying, we weren’t going to pay a ransom.

Beau Friedlander:

Now, is there a thought at this point, Brian, that the ransom demand was actually a cover for something else happening and that there was a higher threat level than just a, I hate to say just, but a garden variety ransomware attack?

Brian Ebert:

We didn’t know what it could mean. We thought about every potentiality that it could mean and prepared ourselves accordingly. So this was a great example of why the two sides of the secret service mission are with this one agency of these criminal investigations and our protective mission, because immediately both sides of our mission areas had to go into action to deal with this. Our technical experts were able to image the hard drives that power the cameras. And pretty quickly with the city’s technology folks, they were able to reconfigure the server so the criminals were locked out and cleared from the system and returned all control to the police department and the Secret Service so they could be used to support security operations for the inauguration.

Adam Levin:

So Brian, quick question. So was this a software issue? Someone failed to update something or was this just somebody being able to get in?

Brian Ebert:

I don’t remember all the details. To be honest, we were focused on two things, making sure this didn’t negatively impact the security plan for the inauguration and any of our people that we protect to include, in this case, all the general public that come out for these things. And then number two, to catch the bad guys. So we weren’t so much focused … That was more for the city, the city of chief technology, to go back in and figure out how it could have been allowed to happen. And we definitely kept abreast of that. But once we know that they were out and that we had control, we were 100% focused on the attribution front.

Beau Friedlander:

Look, no fingers are being pointed at the police department, the Secret Service, capital police. I mean, here’s the thing. You’ve seen those t-shirts with, (beep) happens. Well, un-updated software happens too, and it doesn’t matter what walk life you’re from. But it’s a common way for people to get hacked.

Adam Levin:

Misconfigurations, failure to update software, all those kinds of things. It’s just part of who we are and what we do as a human race.

Beau Friedlander:

Now we’ve all seen the spy movies where people are hacking into municipal cameras to commit a crime or to stop someone from seeing a crime being committed. So you would think that those things would be updated, but you also could totally understand how they might not be. And it’s really super common. To just give one example that I don’t know if we want to use or not, Andrew, but to give just one example, there was a recent very serious incident in New York City in the subways and all three of the cameras in the station where it occurred failed. They weren’t working. It’s just a common thing in a giant municipality with tens of thousands of cameras for things like that to happen. That said, there’s so many pieces to this story.

Adam Levin:

So where do you go from here?

Brian Ebert:

One of our forensic examiners spent a lot of time with the ransomware called a splash page message, realized that the image was actually from a desktop screenshot and he realized there were other windows open behind the primary screen. And blowing up the images, he was able to view part of the content.

Speaker 16:

Enhance. Enhance.

Brian Ebert:

And specifically he was able to view a delivery company’s tracking number that investigation revealed came back to an address in London.

Adam Levin:

So as a result, the hackers made a big mistake that you were able to capitalize on.

Brian Ebert:

A mistake was made for sure. And because of the fact that the presidential inauguration was only a few days out, working with all our US and UK partners, we were able to get a search warrant for the address in London within a few days, which is unprecedented in my opinion, for an international warrant like that to get issued that quickly. I’d never seen anything like it. Only because it was the presidential inauguration, was it able to move so quickly.

Brian Ebert:

But here’s where it gets really interesting. The UK’s National Crime Agency and Secret Service agents from our London office, they served the warrant on the London address, seize the computers, and interviewed the occupant of the residence. They quickly learn, the subject didn’t appear to know anything about ransomware or the inauguration and seemed believable. But a search of the computers revealed that the London resident had been the victim of another type of cyber crime. It’s a scam where bad guys open up a real account as a vendor within Amazon for completely fraudulent purposes. As you know, Amazon sells items directly but also serves as a marketplace for vendors to sell products through the Amazon site. Once the vendor account is open, the bad guys will advertise for products that will show up when customers conduct Amazon searches for a particular product. In this case, the customer, the London resident, conducted a search for a smoking gun. I kid you not. This is a food preparation product designed to quickly give foods and cocktails a smoked woodsy flavor, I guess.

Beau Friedlander:

Yeah. Wonderful.

Adam Levin:

I mean, I visualize this and go. “But wait, wait. I just wanted a smoking gun.”

Beau Friedlander:

And you thought you had found the smoking gun.

Adam Levin:

It’s like …

Brian Ebert:

It was our smoking gun. The London resident ended up on the [inaudible 00:27:48] Amazon site, entered all their credit card and other information necessary to purchase the item. But the bad guys don’t steal the provided account information because the customer would quickly realize when a compromise had been the Amazon vendor and they would notify Amazon who would in turn shut down the vendor site, which is very time consuming to set up for the bad guys. So what they do is they use storing credit card numbers likely bought off the dark web and then buy the item, the smoking gun, from another vendor and send the item to the customer so they don’t know that a fraud has been committed.

Beau Friedlander:

Wow. Travis looks like he’s watching a steak being cooked by the best chef on earth.

Travis Taylor:

Little bit.

Adam Levin:

Let’s run that one just one more time, just so you and I can grasp it. Okay. So you have a fake vendor site and you have guys who are … They’re looking for … What are they looking for? Stolen credit card numbers, they’re looking for addresses, information, what?

Brian Ebert:

So the bad guys have stolen credit card numbers from another source. So they’re looking for a way to get cash out of the deal.

Adam Levin:

So money laundering.

Brian Ebert:

To cash out … Well, it’s a type of money laundering, but it’s also the cash out. It’s getting the cash out of the illegal activity. So they set up the vendor site and they’ll put all sorts of stuff on it so it gets hit when people are looking for something and they’ll put stuff on there that they know that they can easily get other places. When the legitimate customer gives their credit card information, the bad guys take that information and buy the product from another legitimate site.

Beau Friedlander:

Now, how does this end up … Heavens to Mercatroid. How do we go from smoking gun to gun that provides smoke to cameras getting hacked in Washington, DC?

Brian Ebert:

It’s a little complicated, I realize. It’s very insidious, these steps that the criminals set up so that they can do this scam over and over again through Amazon and the Amazon customer never knows that there’s been a fraud committed because they get what they order and their credit card is hit for the amount.

Beau Friedlander:

What’s the reason? What do they get out of it? How does this allow them to commit a ransomware attack in DC?

Brian Ebert:

Our investigators were able to follow the digital trail to Romania and with a lot of good investigative work both in the physical and the cyber, they were able to identify the suspects and learned that these bad guys were doing the Amazon vendor fraud, but they were also using what we call ransomware as a service. So they weren’t super high speed hackers that developed ransomware. They went on the dark web and bought it at the time it was server and Dharma, or the ransomware that they bought. And it came with an instruction book and they just sent it out. And it turns out, all evidence suggests that they didn’t know that the servers supporting the police cameras were police cameras and involved in the presidential inauguration security plan. They likely didn’t know that.

Beau Friedlander:

So Brian, you had eight days to go from this hack to getting it solved and getting those cameras back online and making sure all the other cameras were okay. And that all happened in an eight day period?

Brian Ebert:

I can tell you what didn’t happen in an eight day period was much sleep for anybody working on this.

Beau Friedlander:

I bet.

Brian Ebert:

This case is all about partnerships and it’s what makes these sort of investigations and agencies like the Secret Service successful is the strengths of these partnerships. If we didn’t have an incredibly strong partnership with the Metropolitan Police Department before this happened, there’s no way it would’ve moved as quick as we did. Because we knew them so well, they sat on our task forces. I met with the chief regularly and we worked together closely on this inauguration because it’s their city and so we’re partners in this. If those relationships weren’t as strong as they were, there’s no way we’d have been able to move as quickly. Because within a couple of days we were able to get the bad guys off and make sure that they’re clear, wipe them, reload the software and have a high degree of confidence that those cameras were ours and that the bad guys didn’t have any access to them anymore. And then we were able to focus on … Obviously that was the first priority, and then the attribution part.

Travis Taylor:

One thing that’s standing out to me here is that if this was in 2017 and it was part of a ransomware as a service attack, that seems like it was pretty early in on the whole phase of ransomware hitting that. I think ransomware as a service became a lot better known after the Colonial Pipeline, for instance, attack and things like that. Were ransomware as a service syndicates very much on your radar in that era? Was it still just regarded as being a nuisance hack?

Brian Ebert:

I can tell you that they were certainly in their infancy in terms of those bulk blasts out that people who didn’t know anything about the technology could utilize and try to make some money. It was certainly on the front end of that wave. Not the first time we’d seen it, but it wasn’t as prolific as it became later.

Travis Taylor:

Because it seems like that picked up pretty quickly in the early 2020s, just as a more popular type of attack. But I know that around 2015 or 2016, usually when you’d hear about ransomware, it’d be something like someone taking over one person’s computer and asking for 100 bucks in Bitcoin. So that seems pretty fascinating that this could have been one of the really early adopters of that story.

Beau Friedlander:

It must have been. But Adam was talking about this in 2017 already with these ransomware as a service companies, whatever, syndicates, that were taking a piece of the action in exchange for the use of their software.

Adam Levin:

And I think also the story really we’re talking about today shows that criminals don’t stick to just one type of scam. And if you guys, as the Secret Service, if you weren’t as aware and up on cyber crimes as you were, this investigation could have taken a lot longer. So could you say that because they could follow the trail of this Amazon fraud, they were able to catch the rinse and wear a gang more quickly?

Brian Ebert:

I would say that you nailed it right on the head. And that’s what I always try to convey is these two missionaries that we have, really two different sides of the same coin. And it makes sense for one agency to be doing both this work because the investigations and the protection are mutually supportive in so many ways. And this is a perfect illustration of that, how we would’ve not been able to be as strong on our protection response if we didn’t have the expertise, know how, and experience on the cyber investigative side of the house.

Adam Levin:

Which is a good thing. It’s a good thing.

Beau Friedlander:

I mean, you guys make War Games look like a dumb movie, really. We’re able to funnel down. No. I mean it’s amazing to watch, to hear a story that in some ways really mirrors, I guess, in slightly less flashy terms a lot of the Hollywood movies we see about these investigations. It really does work that way where you get a tiny little thread and you can follow it all the way to your criminal.

Brian Ebert:

At the end of the day, good investigative work is good investigative work, whether it’s physical or cyber. It’s gathering all the information, talking to the right people, following the money, and putting in the shoe leather or the pads of your finger to figure things out and to stick with it. And again, I know I say it a lot, but it’s so important, and the partnerships, because if we didn’t have all the right people as part of our cyber fraud task forces, if we didn’t have the relationships overseas, and with the local police departments, this also would’ve been really, really difficult to resolve as quickly and as well as we did.

Adam Levin:

No. And I know that Jen Easterly of SISA has been making it very clear that public private partnerships are critical internationally in order to get a handle on what is truly a scary situation. Hey, but look, this seems right in line with Secret Service priorities and cyber crime and public education about it, how to recognize potential illegal use of digital assets. So again, we really appreciate what you guys are doing. And of course, Beau and Travis and I, A, want to thank you for your service, and B, we want to state for the record that none of the messing around with these cameras was done in any way to mask the size of the crowd at inauguration.

Beau Friedlander:

Oh, wait. My camera seems to have just been attacked. They just asked me for $10 to get it back.

Adam Levin:

Yeah. I’ll take it in Bitcoin, Beau.

Beau Friedlander:

Okay.

Adam Levin:

So, hey listen, can you tell us a little bit about the public facing cybersecurity awareness site that the Secret Service has developed?

Brian Ebert:

It provides information. It provides descriptions of how cyber criminals launder and/or cash out illegally gained funds and give people a place to click if they think that they’re seeing illegal activity going on in cyberworld.

Beau Friedlander:

Is that secret service.gov/investigations/digitalassets? Or is it something else?

Brian Ebert:

No, that’s right.

Beau Friedlander:

Okay. It is.

Brian Ebert:

All right guys.

Beau Friedlander:

Nice to see you again.

Brian Ebert:

Thank you.

Beau Friedlander:

You rock, Brian.

Travis Taylor:

All Right. Thank you.

Brian Ebert:

Thanks, guys.

Beau Friedlander:

Thanks. Bye.

Adam Levin:

What can we learn from all this today? What can the non Secret Service member of the human race take away from our conversation with Brian?

Beau Friedlander:

No. No. Me, me, me, me, me, Not him. Me.

Travis Taylor:

There’s a guy in the corner making chimp noises that I think might want to take this one.

Beau Friedlander:

Are you calling me a chimpanzee?

Travis Taylor:

I think that ooh, ooh, ooh was kind of-

Beau Friedlander:

No. That’s different.

Adam Levin:

He’s doing his boboon thing.

Beau Friedlander:

Baboo, baboo, boo, bo, boo.

Adam Levin:

Boo, boo.

Travis Taylor:

Borangatang.

Beau Friedlander:

I think the takeaway’s simple guys. If you’re going to do a ransomware attack, don’t have multiple windows open and do a screen grab. Duh.

Travis Taylor:

There is that.

Beau Friedlander:

No, really.

Adam Levin:

Excellent advice. Excellent advice. Now Travis, on the grown up side of things, what do you think?

Beau Friedlander:

Oh, it’s true. I’ll take it.

Travis Taylor:

All right. I think the main person that’s the every man in this situation is the one in England, the moral of the story, and I think that it’s a drum that we beat pretty often is that you need to be really careful online, that even if something seems perfectly legitimate, especially if you’re buying a smoking gun. That is in and of itself a bit of a red flag. But even if a transaction seems legitimate, there’s always the opportunity or potential for a scam. There’s always some way that someone online could be trying to get you in one way or the other. And in this person’s case, it ended up being used for trended disrupt an inauguration.

Beau Friedlander:

Well, no, it wasn’t, Travis. And that’s a really important distinction to make.

Travis Taylor:

Sure, okay.

Beau Friedlander:

It was not used to disrupt an inauguration. What I think is also interesting for all those criminals out there listening to our show is that you may think you’re just doing a simple fraud, but if you end up landing on a police server, for example, around the time of an inauguration, you’re committing a much larger crime, which points to the fact that you’re always committing a fairly serious crime and maybe it’s time to get a job at McDonald’s or something and cut it out.

Travis Taylor:

Do they have McDonald’s in Romania?

Beau Friedlander:

Or at least to try to hack me. No. I’m just saying, it’s a more reliable paycheck and these guys are just putting themselves in harm’s way and they’re clearly not that bright. So, come at me bro, come at me.

Adam Levin:

It’s like the unintended consequences of intended consequences that were unintended.

Beau Friedlander:

Yeah, exactly. And so, kids, if you’re thinking of setting up a fake marketplace to buy a smoking gun to provide a smoking gun to the Secret Service, when you interrupt something they’re trying to prepare for, you’re going to prison.

Adam Levin:

Okay. But let’s roll this back for a second. Okay?

Beau Friedlander:

Okay.

Adam Levin:

So our moral of the story, if you’re buying something on Amazon, how do you protect yourself? I mean, isn’t Amazon supposed to be secure.

Travis Taylor:

I mean, it is by and large fairly secure, but if you’re buying from an Amazon affiliate, that might not be secure. And it’s something that we run into all the time with supply chain stuff. If you’re buying something from Amazon proper, that could be legitimate. If you’re buying from a vendor on Amazon, that can also be legitimate. But at the same time, as soon as you start getting a little bit further away from the core services, there’s always the opportunity for that to be used in a scam one way or the other.

Beau Friedlander:

Yeah. And when you’re working with a vendor, you’re one step away from leaving the platform. You’re on the platform, it’s true. And when I say Amazon, big box. When I say vendors on Amazon, that’s mom and pop, but that’s online mom and pop. And online mom and pop shops are not the same as the one that you walk into to buy whatever it is you’re looking for. And you just need to be careful because while most, if not many, many if most, I don’t know which way that should go, are legit, there’s always going to be Natasha and Boris who are looking to hack into everything known to man.

Adam Levin:

So what’s the best way guys? And I present this to the two of you, the best way that you know that a vendor is really a vendor?

Beau Friedlander:

Well, if you don’t want remorse…

Adam Levin:

Go to the source.

Beau Friedlander:

What does that mean in this case? Go to Amazon, I guess. I mean, much as that pains me to say it. You guys really sounded enthusiastic though. Let me do it again.

Adam Levin:

All right.

Beau Friedlander:

If you don’t want remorse…

Travis Taylor:

Go to the source.

Adam Levin:

Go to the source.

Beau Friedlander:

Okay.

Adam Levin:

Listen, thanks everybody. We really appreciate you listening. And on your way off this experience, it would be really great-

Beau Friedlander:

Experience. On your way back to reality.

Adam Levin:

As you return to the real world.

Beau Friedlander:

Adam, you just hold it for a second. Travis, is this guy going to talk about reviews again?

Travis Taylor:

I think he might because we’ve had something of a milestone on Apple Podcasts.

Beau Friedlander:

Well, there’s someone named Katie in our orbit who had the idea that maybe people would review more if they heard what a good review sounds like. Now, do you think you can do better than this, Fireside Chats about all things cyber. This happened on Sunday from Toro Maya? Sorry, Toro Maya. If it’s Torah Maja. I really love this podcast. I work in retail, which can be unforgiving sometimes. So after work, I just need someone to let me know about crazy scams so that I can focus on something completely different from crazy people at work. Anyway, I’m going to continue. And they very much keep me grounded and informed. We keep someone grounded and informed.

Adam Levin:

We’re not.

Beau Friedlander:

Yeah. As well as just either laughing or groaning. Groaning I can understand at a haha just gone wrong.

Travis Taylor:

Yeah.

Adam Levin:

Hey, did you hear that? A haha just gone wrong?

Travis Taylor:

I did. As a matter of fact.

Beau Friedlander:

We’ve never had a haha go wrong. I don’t know about you Toro Maya. I’m talking about them as if I’m talking about therapy and I do think of them as such.

Adam Levin:

We’re therapists.

Beau Friedlander:

Okay. I’ll be sending around the gold in guts for your services gentlemen, winky emoji. Now I don’t think that you can beat that, but if you can, Adam is going to send you a Ford F150 Lightning. And when he does, I want you to send it to my house because I’m really hoping to get one and they’re back ordered by two years.

Adam Levin:

Wait, wait, wait, wait. Whoa. Let’s be honest. Did you not just get a tractor?

Beau Friedlander:

I know. I’m moving on. So moving right along-

Adam Levin:

That was your birthday tractor.

Beau Friedlander:

I got a tractor. So now I need a truck. So never mind. Mr. Ungratitude here. If you can write a better review, I will personally assure you that Adam Levin will give you an F150 Lightning truck, right Adam?

Adam Levin:

One that I go to the toy store and buy. It will be a perfect replica of your dream F150 Lightning truck.

Beau Friedlander:

Hey, you know what? And I actually think that’s a better offer because the real ones are back ordered by two years or three. So we’ll send you a toy F150 lighting if you claim responsibility for your review via email, which you can do, also a Katie idea, on What the Hack or adamlevin.com, on the Loud Tree Media What the Hack channel or adamlevin.com, where you can find a link that lets you tell your story to us.

Travis Taylor:

Sure. If you have a story, especially one about getting hacked, scammed, or otherwise bamboozled, please come to adamlevin.com and get in touch with us. We may even have you on the show.

Beau Friedlander:

What the Hack with Adam Levin is a production of Loud Tree Media.

Adam Levin:

It’s produced by Andrew Steven, the man with two first names.

Travis Taylor:

You can find us online at loudtreemedia.com and on Instagram, Twitter, and Facebook at Adam K. Levin.

Adam Levin:

Loud Tree.