Trafficked with Mariana Van Zeller (2020) s03e07 Episode Script
Cyber Pirates
1
♪
♪
♪
MARIANA: What's that stuff?
PRIMO: Little bit of fentanyl.
This (bleep) is blowing up.
These are eight-balls.
This is the trap, baby.
Little Havana.
MARIANA: Is this where you're
making most of your money or?
PRIMO: Hell no. This (bleep)
is a thing of the past.
PRIMO: I ain't
got time for that.
So, what we did is
we started scamming.
MARIANA: Scamming, credit card
fraud, and ID theft are all
part of a booming cybercrime
industry around the world.
LIGHT: I'm buying audio
equipment, I'm using a stolen
credit card.
MARIANA: Most don't even
realize they're targets
until it's too late.
JESSICA: I've had $300,000
that has been taken from me.
MARIANA: Our data has become a
commodity more valuable than
guns, gold, or drugs.
CATALIN: We'll have hackers
targeting large companies,
corporations, and obviously,
critical infrastructure.
MARIANA: I want to know how our
data is stolen, how it's sold,
and how to find the
shadowy band of hustlers
and hackers responsible.
The threat is much
bigger than I ever realized.
JOHN SMITH: If you're
smart about it, you
can't get caught.
MARIANA: What? Do you think
he's suspicious or what?
ABEL: I'll talk to him again.
MARIANA: I'm in Miami
chasing down a tip about
a new breed of criminals.
ABEL: Now he's
acting a little funny.
I'm still talking
to him now, but.
MARIANA: He's just not sure if
he wants to meet us anymore?
ABEL: Yeah, like,
he's saying he's late.
He wants to do it tomorrow.
MARIANA: Abel is a former
gang member who served
three years in jail.
He's also a friend and a
source that I can call
in moments like this.
I'd heard rumors that street
gangs were getting into
credit card and identity theft,
and Abel has been
asking around for me.
We were on our way to
meet one of his contacts
we'll call 'Primo'.
But he's gotten cold feet.
ABEL: He's just nervous
or something because.
MARIANA: Do you think
it would be a good idea
to FaceTime with him?
ABEL: Yeah, definitely.
MARIANA: So he could see
ABEL: I mean, that
could build trust.
(phone ringing)
MARIANA: Can you see me?
PRIMO (over phone):
Yeah. I see you.
(bleep) is real, you know?
I can't have people
getting indicted over this.
MARIANA: Got it.
So this is the deal, so
this is how we do it.
We don't show your face.
We cover any tattoos, or any
identifiable features that
you have and we also
change your voice
so that it's not recognizable.
So yeah, that's
what I can tell you.
The hardest part of my job is
getting people to trust me.
It can take weeks, months,
sometimes even years.
PRIMO (over phone):
All right, yeah.
MARIANA: But sometimes
we get lucky fast.
Yeah.
He said, he said, "yeah."
He's down to film tomorrow.
He said I'm not doing this for
you, I'm doing this for, for
Abel and if Abel is
cool with this, I'm cool.
I know he's not
going to set me up.
Let's hope it
happens tomorrow.
As we wait for the meeting
with Primo, Abel takes me to
see another friend of his,
who apparently dabbles
in the credit card game.
Can you show me some of
the stuff that you do?
BECCA: Absolutely.
And so, to the dark web.
MARIANA: Becca is a
self-taught scammer whose
husband was a gang member.
She agreed to give me a
primer on how it all works.
BECCA: You can buy arms,
you can buy legs, you can buy
elephant tusk, you
can buy digital goods.
MARIANA: Becca uses a browser
that hides her identity,
making it possible for her to
visit more nefarious websites
normally unavailable
to internet users.
And where do you get that
credit card information?
BECCA: We have
several markets.
MARIANA: Vice City is
the name of the market?
BECCA: Yeah, that's
the name of the market.
I know how cliche, right?
MARIANA: Valid dumps.
BECCA: Comes with
the date of birth.
MARIANA: Uh-huh.
BECCA: ZIP code, so you know
where the card is from,
where the billing address is.
MARIANA: Uh-huh. Wow.
This is so crazy.
BECCA: And then look at an
example, if it doesn't work,
they give you your money back.
MARIANA: No, they don't.
BECCA: Yes, they
do immediately.
Immediately.
Look, right here.
MARIANA: So you can
buy this for only $8?
BECCA: Yeah. Oh, you could
buy them for three cents.
MARIANA: My, my mind
is exploding right now.
Site after site, the dark web
is like a strip mall of
stolen credit card data, where
everything from security codes
to ZIP codes are
available for resale.
BECCA: Carding is the act
of using other people's
credit card info, you know, to
buy stuff or obtain goods.
It starts with prepaid cards.
That's an MSR.
It can read, write, erase.
And then I'm going to clone
this information onto it.
MARIANA: Becca uses the MSR
machine to encode the stolen
credit card data onto the
magnetic strip of the new
burner debit card.
BECCA: So I'm going
to go for that one.
He probably went to a
restaurant and somebody hacked
into their POS, whatever.
MARIANA: Steven, I apologize.
BECCA: It's okay.
It's corporate.
Don't worry about it.
The bank will give it back.
So now, let's make a card.
Bam, credit card okay.
Let's go test this on
the vending machine.
Because I don't
want to get caught.
MARIANA: To check if the
card works, she needs to do a
test run where no one will
catch her, in case it doesn't.
This is the moment of truth.
BECCA: There you go.
MARIANA: I don't know
if I want to do that.
So now you know that you
can actually use this card?
BECCA: Absolutely.
MARIANA: Tonight there's a
guy or a woman somewhere who's
missing $1, and tomorrow
will possibly be missing
a lot more.
So tomorrow you're going
to go shopping with this?
BECCA: Yeah, definitely.
MARIANA: The next day,
Becca invites me to follow her
downtown as she tries to
use the card in a store.
So, what kind of shops
do you typically target?
BECCA: Local, smaller, family
owned shops versus corporate,
big, giant Walmarts and stuff.
MARIANA: Why is
that preferable?
BECCA: Because
way less security.
My thing is everywhere
you go, there's a camera.
That's my fear.
You have to look
normal, casual.
MARIANA: Do you ever buy
anything with a regular
credit card, by any chance?
Or is it all stolen?
BECCA: Yeah.
Steal what you can't buy,
buy what you can't steal.
MARIANA: Becca says she never
knows how long a stolen
credit card will remain active.
It depends on how quickly
the owner, or the bank,
spots the fraudulent activity.
BECCA: What I'm going to do
is I'm going to, you know,
look around, see what I find.
Oh, my son would probably
love one of those book bags.
MARIANA: So you don't
feel comfortable with me
going inside, so I'll
BECCA: I don't think for
your own good you should
go in there with me.
MARIANA: I'll stay here.
Um, I would say good luck,
but I'm not sure if
that's the appropriate
thing to say right now.
BECCA: You should.
Because, um, God forbid,
you know, like,
something that comes up.
MARIANA: Oh, now
you're making me nervous.
BECCA: You should be nervous.
It's always 50/50,
it's a lottery.
You never know if it's going to
work, if it's not going to work.
I'll be right back.
MARIANA: We can actually see
right through the shop,
so I will be able, we'll be
able to see her inside.
MARIANA: I don't want to look,
I don't want to look suspicious,
like, we're looking at her.
SHOPKEEPER: Uh.
BECCA: Well, yeah.
MARIANA: So I think
she's having trouble
with the card right now.
MARIANA: Here she comes.
BECCA: I have
returned with my plunder.
MARIANA: They
weren't suspicious?
BECCA: No, the other way
around, they were trying to
help me pay for the (bleep).
They were like, "thank you."
Like, literally you
help them help you steal.
MARIANA: Guy who's at
home who just lost
BECCA: No. Hell no.
MARIANA: Yeah. But it's, yeah.
But it doesn't, well, I
would be angry if it was me.
BECCA: It's a yin and yang.
You give some, you take some.
Unless you have, like, a
really good education and a
good job, it's just,
you can't afford (bleep).
The bigger the stakes are, the
bigger the transactions are,
the bigger they're
going to come after you.
MARIANA: So that's why you
keep it to small transactions.
BECCA: Yeah, definitely.
MARIANA: Oh, my God. I can't
believe how easy that was.
Data has now surpassed oil
as the world's most
valuable resource.
Worldwide, in 2020 alone,
thieves ran off with
more than $28 billion.
It can start with a notification
for a single fraudulent charge.
For most, getting that
money refunded is
just an inconvenience.
But for a growing
number of victims,
the situation escalates quickly.
TIM: At the time, I thought it
was a one and done sort of deal.
I've probably had upwards
of 25 debit and credit cards
compromised and stolen.
DAVE: It's a really scary
thing when you don't know
if the money in your bank
account is not going to
be there when you log in next.
JESSICA: At least every month,
maybe 2 to 15 transactions
that happen
randomly that aren't mine.
TIM: I felt powerless.
They just had access to
all of my life savings.
DAVE: People don't
always get their money back.
SAMUEL: One thing impacted the
next, impacted the next, and
it just kept snowballing.
DAVE: I have no idea when it
will end or if it will end.
TIM: I'm a current student.
JESSICA: I work
in mental health.
DAVE: I'm in the IT area.
SAMUEL: I am a dancer,
teacher, choreographer.
MARIANA: Credit card
fraud exploded in 2020,
increasing more than 40%.
The ease and anonymity of the
crime has drawn the attention
of street gangs, like the Crips,
who used to make their
money in more dangerous ways.
PRIMO: So, have a seat,
have a seat.
MARIANA: Here?
PRIMO: Scoot over, man.
It's a lady.
MARIANA: Thank you.
So we, can I ask you
for a quick question?
Does that gun
always have to be here?
MARIANA: This is Primo,
who I spoke with on
the phone last night.
Do you guys have guns?
PRIMO: Everybody
here got a gun.
MARIANA: So how many guns
are in this house right now?
Just give me a sense.
PRIMO: (bleep) You
sound like ATF right now.
MARIANA: Do you want me to
stop asking these questions?
PRIMO: Yeah.
♪
MARIANA: So you're talking
about scamming and fraud.
Are you guys all
involved in this?
PRIMO: I'd tell you right now
that that scamming (bleep) is
pretty much the main market
to be in right now if you
want to make money.
You want to stay
out of trouble.
MARIANA: There's no risk
associated with scams?
PROJECT FO: You got people
getting life sentences and
getting charged with
murder for fentanyl.
You'll get five years
doing this game right here.
So, what's the
easier ballpark to be in?
This, easy money.
PRIMO: So, what we did is,
uh, we started a Scamily.
You know what I'm saying?
That's a family that scams.
You feel me?
MARIANA: You said
it was a Scamily?
PRIMO: That's my
little saying.
I would like to
call us a Scamily.
You know, you got
to chase the B.O.A.
We treat you better
than your family.
MARIANA: Each member of the
'Scamily' specializes in a
different skillset.
PROJECT FO: I'm the phone guy.
MARIANA: You're the phone guy?
PROJECT FO: Yeah.
PRIMO: This is the, this is
the prince of Nigeria telling
you to send the money.
Send you a little text.
"Your, your, your bank's been
hacked. This is Chase Bank."
MARIANA: Yeah, I've
received these things.
PRIMO: "Sending you an
online alert. Please sign-in."
And you sign in
through there, you got got.
The old school way: stealing
information and (bleep).
We realized we
don't need that.
People give you
the information.
Jwett got his own ways.
He a real good computer guy.
PRIMO: Jwett go, "Doot,
doot, doot, doot, doo."
Next thing you know, I got
someone's money in that card.
MARIANA: How much money
are you guys making from
fraud or scams?
PRIMO: Depends, really.
Sometimes, it's good days.
Sometimes, it's bad days.
Sometimes, it's
really good days.
You feel me? Like
MARIANA: Today, for example.
PRIMO: (bleep).
MARIANA: Did you get anything?
PRIMO: Yeah, yeah.
Today I made a quick,
like, $9,000, but it's been a.
MARIANA: What? $9,000?
PRIMO: Yeah.
MARIANA: So, do you guys ever
feel bad that you're stealing
money from other people?
PRIMO: Not at all.
Under a quarter million, the
bank pays that (bleep) back.
Why would I feel bad?
I mean.
MARIANA: But you're still
stealing from somebody.
It's still not your money.
So is there part of that, do you
guys get upset about that?
PRIMO: Look.
Look, look.
I did time for robbery
and all this (bleep).
I tell you, I feel bad
about that sometimes.
You know, that's not
such a victimless crime.
You putting a gun to somebody,
you, you really traumatizing
somebody, you feel me?
This scamming (bleep)
is, "Ah, man, (bleep).
This (bleep) stole
$800 from my account."
You'll be all
right in the morning.
MARIANA: Hmm.
PRIMO: You'll be all right.
SAMUEL: It's not a
victimless crime.
There are victims.
I'm a victim.
I told the bank that money
had been fraudulently taken
from my account.
It was obvious that the
bank did not believe me.
Honesty, I don't think a real
investigation ever took place.
My economic
background plays a part.
The way I look
could play a part.
Whether I have 10 million
or whether I have $10,
it shouldn't make a difference
in terms of how I'm treated.
MARIANA: The 'Scamily's'
operation is just the
tip of the iceberg.
We've heard rumors that there
are gangs engaging in
even more ambitious scams.
Through my sources, a member
of the Crips, who we'll call
"Light," agrees
to speak with me.
Light has invited me to see
the trap house where the gang
dabbles in both the old school
methods and the new ones.
MARIANA: What do
you have here?
MARIANA: And
what, what's this?
MARIANA: So what is, what
is this place, where we are?
MARIANA: So, we have
drugs, we have guns.
Do you have other guns
in the house as well?
MARIANA: And this is where you
are doing your business from?
MARIANA: So, I know that this
is your place and we have to
get your
permission to film here.
Right?
Are you okay with
us filming here?
MARIANA: Can you show me that?
MARIANA: At a table with
three guns and one laptop,
Light says he'll show me how he
made six figures last year.
LIGHT: That's one deposit.
MARIANA: Wow.
That's a lot of money.
♪
MARIANA: I'm in the backroom
of a Miami trap house, where a
Crips gang member named
'Light' is showing me the
gang's latest hustle.
LIGHT: Do you
see this from IDS?
Which means
Chicago unemployment.
That's unemployed, but I
don't live in Chicago.
I'm in Florida.
MARIANA: Light creates a
fake insurance claim using the
victim's real Social Security
number and birthday.
This is more than
simple credit card fraud.
I'm watching him steal
somebody's identity.
LIGHT: All you have
to do is use a VPN.
Put your VPN on.
MARIANA: And you pretend
that you're in Chicago.
LIGHT: You live in Florida,
but your VPN acts like you're
in Chicago on Walnut Street.
MARIANA: A VPN or virtual
private network disguises your
online identity by encrypting
your connection to a network.
Once a VPN is activated,
tracking the location of your
device becomes
far more difficult.
LIGHT: You're going to find any
random address from Chicago.
You're going to put that
address that you find on the
same application that
you're filling out the
IDS unemployment form
and say that you live at
this address you found.
You don't ever have to worry
about mail getting sent to you,
or receiving it,
because everything is
through direct deposit.
MARIANA: Were people making a
lot of money from the COVID
assistance programs?
LIGHT: I don't know
about people, but I know me.
MARIANA: So that's a
LIGHT: This is (bleep) crazy.
MARIANA: $19,314.
But you're taking it
away from somebody else.
How does that make you feel?
LIGHT: It's a
dog eat dog world.
I'd rather you, than me.
Them or us.
And I'm not going to
let my kids suffer.
JESSICA: I've never
collected unemployment
before or disability.
I owe EDD,
the state, disability,
Social Security, money.
$60,000 to one of them,
another $84,000 to another.
MARIANA: Jessica is a
mental healthcare worker who
specializes in people
experiencing homelessness.
She's one of nearly 400,000
people whose identities were
used to claim
government benefits in 2020.
JESSICA: And I've been telling
my bank since September 2020
about the fraud.
And I probably call
them on a daily basis.
I don't have my own identity,
meaning nothing's mine.
If I want groceries or
something, nine times out of ten
it's going to take me a
half an hour to get through
the register, because
something's not working,
or the money's not there and,
and I've had more
taken out, somehow.
I have to renew my passport,
my driver's license,
my Social Security card,
my birth certificate.
That all costs money.
Right now, my bank account,
I'm negative $3,000 and it's
been since January.
I think if it ever ends,
which I don't know
if it will, um,
it's gonna be a long
recovery to trust people.
MARIANA: This is Assistant
Special Agent Charles Leopard.
His department is dedicated to
catching data thieves before
stolen information ends up
for sale on the dark web.
LEOPARD: So, in this room,
this is part of our
computer forensics lab.
This is an example of what we
commonly find in gas pumps.
This would be what we call
more of an overlay skimmer.
They would replace the card
reader that's currently there.
We call this a shimmer and
these were designed to go into
an existing card reader.
MARIANA: Agent Leopard and his
team show us how older methods
of theft are
constantly being updated.
INVESTIGATOR: More and more
of these skimmers are
Bluetooth enabled.
The reason behind that is that
you have the individuals that
now don't have to go back
in and take the skimmer
off the gas pump.
OFFICER: Good
morning everybody.
Thank you for
being here today.
We're going to be briefing
in regards to the arrest of a
known large-scale trafficker
of stolen credit card account
numbers obtained from
illegally placed credit card
skimming devices
at gasoline pumps.
LEOPARD: Now, we'll just have
them park there and tell them
to just hang out, until
we figure things out.
All right, man.
MARIANA: Leopard is part of a
joint operation between the
secret service
and local police.
They're tracking down one
of these scammers who
steals credit card
information from gas stations.
OFFICER (over phone):
We're all good to go,
so start rolling through.
OFFICER: All right.
(speaking Spanish)
OFFICER: Back up.
OFFICER: Stay right there.
(speaking Spanish)
MAN: Go ahead, man.
OFFICER: Police warrant!
Come to the door!
OFFICER: You're clear right.
OFFICER 2: Watch your right.
Back of the room.
OFFICER: Go ahead.
Go ahead.
OFFICER: Police!
(crying)
MARIANA: In the end, the
suspect is arrested.
LEOPARD: Okay.
OFFICER: Okay?
We're gonna take him in mine
MARIANA: Leopard says these
street-level data thieves
have recognized that
skimmers are an easy way
to make a quick buck.
But the secret service has
been tracking the rise of
a much bigger threat.
REPORTER: Ransomware attacks
against TV stations,
food and fuel suppliers,
hospitals, water systems
and all levels of government.
REPRESENTATIVE: Behind these
sophisticated attacks,
there is real world harm
where people's life savings,
people's, uh, companies are
being compromised by
these individuals.
MARIANA: Ransomware is a type
of malicious software that
attackers use to infect
computers and then hold
sensitive data hostage, until
the victim pays for its release.
In 2021, nearly 70% of
businesses worldwide
were victimized by ransomware.
LEOPARD: So one of the biggest
issues with cybercrime is that
it is borderless.
You normally have
networks of criminals.
And you may have a hacker
who resides in Romania
or Eastern Europe.
BIDEN: Responsible countries
need to take action against
criminals who conduct ransomware
activities on their territory.
REPORTER (over TV): We know tha
it's concentrated in Romania.
REPORTER (over TV): Romania.
REPORTER (over TV): Romania in
Southeastern Europe is
considered the cybercrime
capital of the world.
MARIANA: That's my next stop.
I want to know why Romania
has become such a hotbed for
cybercrime and try to track down
one of these
ransomware attackers.
♪
MARIANA: I kept hearing
about Romania, Romania.
Why Romania?
ALINKA: Romania has the
fastest internet speed.
It's not the top internet
speed of the world,
but it's in the top five.
MARIANA: Alinka is a local
producer who grew up at
the height of the internet
boom in Romania.
ALINKA: Right after the
communist regime fell,
it was pretty much the
wild west over here.
There was
absolutely no regulation.
MARIANA: Oh.
ALINKA: That's why you had so
many hackers flourishing here.
Nobody knew what they were
doing in order to combat them.
We have a lot of engineers, a
lot of tech savvy people here.
MARIANA: Mm-hmm.
ALINKA: It's part of the
culture, if you want, to be
tech savvy was seen as this
epiphany of intellectualness.
MARIANA: Mm-hmm.
I know it's been hard to
get people to talk to us.
Does it look like we, we're
gonna be able to talk to people?
ALINKA: People involved in
criminal activities are also
weary because they're,
sometimes they don't even
believe you're a journalist.
You might be an
undercover cop.
MARIANA: Right.
ALINKA: Well, let's see how
your charm works because mine
is a little bit at
the end right now.
MARIANA: The next morning,
I get my chance.
Alinka gives me the address
of a notorious hacker,
who lives in a middle class
neighborhood in Bucharest.
ALINK (over phone): Be careful,
he's a little bit skittish.
He's waiting for you, but he's
a little bit nervous and well,
he's an active, a
real active hacker, so.
MARIANA: Okay.
ALINKA (over phone):
Expect skittishness.
MARIANA: Okay, yeah.
ALINKA (over phone): Good luck.
JOHN SMITH (over intercom):
Hello?
MARIANA: Hi, Mariana here.
JOHN SMITH (over intercom):
Hi. Come on.
MARIANA: Okay, thank you.
He's pulled out a
couple of times already.
I'm hoping that he's still
interested in talking to us.
Do you characterize
yourself as being a hacker?
JOHN SMITH: I have a
problem with the definition.
MARIANA: Why's that?
JOHN SMITH: There are hackers
and then there are hackers.
Most of the time, what you
see on the news, that's just
somebody that managed to pick
up a piece of software,
then they got caught
because they didn't know
what they were doing.
MARIANA: How many people do
you think here in Romania are
capable of doing what you do?
JOHN SMITH: I
guess less than ten.
MARIANA: Wow.
Less than ten.
JOHN SMITH: You enjoy the
power, let's say, to do it.
MARIANA: Meet a man
we'll call John Smith.
By day, he's a
cyber-security specialist.
But after hours, he's a
developer of ransomware and
spyware.
Do you consider yourself
a good guy or a bad guy?
JOHN SMITH: It depends.
If I'm over here at this
computer, then I'm doing
security for
different companies.
If I'm someplace else,
I take a laptop and
go and have some fun.
Then I'm the other guy.
MARIANA: The bad guy?
What can you tell me
about ransomware attacks?
JOHN SMITH: It's just a
basic blackmailing scheme.
And all you need is a way in.
And then if you're able to
encrypt all the computers,
that's the game.
Just delete the encryption key,
keep it for yourself and
if they pay you,
give it back, or not.
MARIANA: Right.
JOHN SMITH: Need my laptop.
You know, I'm working
on a small side project.
Antennas.
Okay.
We're going in the field.
MARIANA: Oh, we're
going in the field?
You're taking me with you?
JOHN SMITH: I don't know.
You want to come?
MARIANA: Yeah, I do.
JOHN SMITH: Are you sure?
MARIANA: Oh, yeah.
I'm very sure.
♪
JOHN SMITH: So we're going
to the main headquarters
of this utility company,
just to check out
their wireless infrastructure.
What I'm trying to figure
out, if there's actually any
security whatsoever.
This is a wireless adapter that
has quite an increased range.
MARIANA: Oh, my
God, the police.
Do you want to go
somewhere else?
JOHN SMITH: Ah, we are moving
to the secondary position.
That was weird.
And we're, we're moving.
That wasn't the police,
that was the Romanian
Intelligence Service.
So, I'm just
gonna do this again.
MARIANA: I was a little nervous
before, now I'm extra nervous.
You're trying to see if
there's a vulnerability,
if you can get into the Wi-Fi.
JOHN SMITH: Yeah.
MARIANA: Without a password.
I think it's the first time in
my life that I'm actually
witnessing somebody hacking.
So the company is the glass
building actually right behind,
right next to us.
JOHN SMITH: Yeah.
All of it. All of it, yeah.
MARIANA: What John is
attempting happens in various
forms every day
around the globe.
Sometimes to
devastating effect.
DAWNA: Good evening
and thanks for joining us.
We begin with the brazen
cyber-attack that has shut
down the biggest
pipeline in the United States.
MARIANA: In May of 2021,
Colonial Pipeline became the
victim of a ransomware attack.
It wreaked so much havoc, the
company shut down operations
to the pipeline that supplies
45% of fuel to the east coast.
BIDEN: I want to update
everyone on the ransomware
cyber-attack that impacted
on the Colonial Pipeline
over this past week.
REPORTER: Colonial Pipeline
paid nearly $5 million in
ransom to hackers who
infiltrated their system.
JOHN SMITH: The main company
seems to have taken at least a
few steps towards
protecting themselves.
But it's not that.
There is no Wi-Fi here.
MARIANA: How is that possible?
JOHN SMITH: It's too far
inside of the building and
we can't get it from out here.
And now we go to plan B.
MARIANA: What's plan B?
JOHN SMITH: Plan B is to go to
a smaller company that's
part of this one, that
shouldn't have the same
level of security.
MARIANA: Affiliated companies
often share the same network
access, but might have
less stringent security.
In the case of Colonial
Pipeline, the ransomware
attackers didn't gain access
to the operational network
controlling the pipeline
itself, they found a way in
through the
company's billing system.
JOHN SMITH: The whole problem
with security is that the good
guys need to find each and
every hole in the system.
The bad guy needs to find one.
♪
MARIANA: I'm with a man
that some consider
one of the
top hackers in Romania.
He's attempting to get
inside the computer system
of a major utility.
♪
JOHN SMITH: Let's
try this again.
This is just gonna go with some
passwords and try and get in.
MARIANA: Oh, wow.
JOHN SMITH: It
just found the key.
MARIANA: Okay.
So now that you have this
information, you have a way in?
JOHN SMITH: I have a way into
their local network over here.
You search for vulnerable
computers and hopefully we can
gain some traction on our
target, the power company.
MARIANA: Are you shocked
that you were able to
actually get in?
Are you surprised?
JOHN SMITH: I'm surprised that
their security measures are
basically nonexistent.
When you manage to get a foot
in the door this easily,
it's probably going to get
even easier from here on out.
MARIANA: And then what do
you do with that information?
JOHN SMITH: We will see.
MARIANA: John insists this
'side project' was just to
satisfy his curiosity.
But he could make a lot of
money if he decided to take
the experiment further.
In the ransomware game,
this role is known as an
initial access broker.
Someone who sells the details
of how to access a computer
network to other criminals,
who then conduct the attack.
It's a lucrative gig.
I want to learn more.
CATALIN: So this
is our threat map.
MARIANA: Bitdefender tracks
reports of hacking and
cyber security threats
all around the world.
This is what's happening
right now? In real life?
CATALIN: Yes.
This is real-time.
This is just 3%
of what we see.
MARIANA: Really?
CATALIN: Yeah, yeah.
MARIANA: So if everything was
here, what would we be seeing?
Just
CATALIN: It would be all red.
The human eye wouldn't be
able to, to see all the dots.
BOGDAN: We process about 36
billion events every day.
MARIANA: No.
BOGDAN: So, yes.
MARIANA: Bitdefender has
been collecting data on
cyber-attacks for decades.
But in recent years, their
threat map is increasingly
being overrun with ransomware
cases carried out by a new
generation of professionals.
CATALIN: Ransomware has been
around for the past 32 years,
but only in the last five years
that it's became so prevalent.
They are more organized and
more better prepared than
many of the
organizations out there.
MARIANA: Everybody's a
possible victim of this.
Like hospitals, I'm assuming
airports, governments,
weapons companies.
CATALIN: So cyber-attacks
can lead to
MARIANA: To death. Yeah.
CATALIN: Yeah, yeah.
If it's critical
infrastructure, we're talking
about tens of
millions of dollars.
So they're actually running
this cybercrime as they're
running a business.
They have their PR person.
They have negotiators.
They have tools that
to, to launder money.
MARIANA: The level of
organization surprised me,
the cyber criminals I've met
are all about keeping
a low profile.
But these ransomware cartels
are different, and more
ruthless than anything
I'd encountered before.
Some of their favorite targets
include hospitals and schools.
JIM: So as I'm driving home
that night and I'm starting to
get more and more, um, texts
and calls about problems that
people are experiencing.
I'm very quickly realizing
that this is not just a few
isolated incidences,
but there's something
bigger going on.
MARIANA: On the night
before Thanksgiving in 2020,
a ransomware group attacked the
Baltimore County school system,
taking its computer
network hostage.
Jim Corns is the executive
director of the county's
IT department.
JIM: As we realized that, that
we had had an attack,
we had to call our leadership
in, in the school system to
let them know that
something was happening,
because decisions had to
be made right away.
We had a day of school that
was coming up the next day,
and, and we didn't have a
way to present instruction.
MARIANA: This was peak COVID.
Baltimore County's
156 schools,
and more than 100,000
students were all virtual.
That's why schools have
become such obvious targets.
Lock teachers and staff out of
their devices and the entire
school system is paralyzed.
JIM: It was
inexplicably, uh, stressful.
Every minute that we weren't
on the problem was a minute
that we, we had lost.
Our students weren't in
contact with our teachers.
And there was more pressure
than I've, I've ever felt.
We have contacted both local and
federal, uh, law enforcement.
KELLY: The ransomware attack on
Baltimore County public schools
is hurting an already
hard-hit educational effort.
MARIANA: Jim won't say
whether the county paid
the attackers or not.
But there are reports that the
cost of the attack is nearing
$10 million.
And he tells me that doesn't
include damages like decades
of lost teaching
materials and student records.
JIM: It's like having our
house burned down and walking
through that house, looking
for anything that was left.
One of the, the biggest
things we lost was our
sense of security.
When everything is suspect,
uh, you, you don't trust any
of the, the
systems that you have.
And we end up with this
feeling that there's something
lurking there,
waiting for you.
MARIANA: That's who I
want to find; one of the
big ransomware players.
And as I continue to research,
one name keeps rising
to the surface.
WOMAN: LockBit.
MAN: LockBit.
MAN: LockBit.
MAN: LockBit.
REPORTER: As LockBit ransomware.
MARIANA: I find
it in FBI reports.
And in hacker forums.
It's both the name of the
ransomware group with the
fastest encryption speeds in
the world and the name of the
leader and developer at the top
of this formidable organization.
MAN: We hacked your company
yesterday and now we have
around 80 gigabytes
of your company data.
MARIANA: The rumors
about him swirled.
But there's no doubt
that LockBit's attacks
are creating chaos
around the globe.
Which is why I
really want to find him.
His name is 'LockBit.'
Have you heard of them?
JON: Oh, yeah!
LockBit's one of the most
dangerous and effective groups
that exist today.
MARIANA: Reaching out to
anyone in the underworld is
always tricky but the
search for LockBit makes me
especially nervous.
He's engaged in attacks right
now, complete with countdown
clocks, tracking when he'll
release sensitive data if a
ransom isn't paid.
Back in the States,
I connect with several
security experts for guidance.
NATE: If you get in contact,
what they're probably going to
do is they're going to want to
talk to you on, like, one of
these secured messaging clients.
MARIANA: Mm-hmm.
Mm-hmm.
NATE: So there's one that
uses, uh, what's called the
Tor Network, which is an
anonymized, it's where the
dark web is. Right?
MARIANA: The dark web, yup.
You know, I'm a little
bit on edge dealing with.
JON (over phone): Yeah.
MARIANA: The person that I
know can find out everything
he wants about me in a second,
so that puts, that makes me
nervous.
JON (over phone): Right.
That's a good thing, because
being, being nervous means
you're going to be paranoid,
and being paranoid is what's
going to keep you safe when
you're dealing with this
sort of element.
MARIANA: Yeah. They're the
people that everybody else is
running away from
and we're chasing.
JON (over phone):
Yeah. Exactly.
NATE: So they're probably
going to do some level of
reconnaissance against you,
just to make sure that you're
not the FBI or, you know,
the NSA, or something.
MARIANA: Mm-hmm.
NATE: The thing that I would
definitely, um, caution you is
that they know that they're
cybercriminals, but do treat
them, treat them with respect.
MARIANA: Um, so if I was to
try and get in touch with,
you know, the people at the
top, what, what do you think
I should do?
How do I start?
NATE: One of my guys
has some friends, he,
he knows a middle man
that can talk to these folks on
your behalf and set it up.
And so basically, he's,
he will probably broker
the conversation.
MARIANA: That's great.
The person I begin texting
with is called Blackrabbit.
He or she tells me these
forums are heavily encrypted
and guarded against outsiders.
But Blackrabbit agrees to
vouch for me if I can prove
I am who I say I am.
How do I know you're
really from Nat Geo?
Can you send me a
picture of yourself?
Huh.
(laughing)
Okay.
Is this a good idea?
I'm basically dangling myself
as bait in front of the
top ransomware
hackers in the world.
"Okay.
I will help you."
Wow.
Blackrabbit explains that the
ransomware scene is full of
big egos, big money,
and big rivalries.
Normally, none of the
top players would talk.
But he thinks we're reaching out
to LockBit at the right time.
His operation has become the
most profitable in the world
and he may be eager
to promote his brand.
Blackrabbit connects
us on a dark web forum.
I wait a day.
Then another.
Finally, someone that I'm
told is LockBit joins the chat.
♪
MARIANA: Rumors are
that LockBit is a young
20-something from Russia.
But this isn't him.
He would only communicate
via encrypted text.
He asked that we use a masked
avatar to relay the answers
to my questions.
Would you ever
meet us in person?
LOCKBIT: The FBI wants to
eliminate me, I'm ready to
meet you in person
when I lose my mind.
It takes just one
person to destroy the
biggest hacker group,
there are too
many people tied to me.
Without me, my
business would die instantly.
MARIANA: How do you feel
about the FBI targeting you?
LOCKBIT: I really love the
FBI, it is because of them
that I am constantly learning
about anonymity and
improving anonymity schemes.
To change locations
and internet sources,
the countries I live in.
Someday I will be found.
MARIANA: How did you get
into the ransomware world?
And why?
LOCKBIT: Big money.
I am just a young hacker
who decided to make a
lot of money easily.
MARIANA: What does a
typical day look like for you?
LOCKBIT: Riding on a yacht,
Lamborghini, dozens of luxury
models, drugs, everything
like regular millionaires.
MARIANA: You guys have gained
the reputation as one of the
most sophisticated groups
in the ransomware world.
Um, how did you get there?
LOCKBIT: The software has the
best technical specifications
on the planet, we have maximum
encryption speed, ability to
automatically self-distribute,
a list of processes to kill,
trace clearing, safe mode,
filename encryption,
as well as a set of
encryption software.
MARIANA: Do you ever
feel bad for your victims?
LOCKBIT: Why feel
sorry for the victims?
We are not doing
them any harm.
We just provide paid training
to system administrators.
Is it our fault that the
companies don't want to spend
money to protect
their networks?
You can always negotiate with
us simply by paying a modest
amount of money, which is
printed in unlimited quantities.
MARIANA: LockBit claims
he has his own moral
standards about targets.
But he also runs a business
and his malware is a product
that his affiliates have used
to attack government systems,
educational institutions, and
even hospitals around the world.
So you might say that you don't
put people's lives at risk, but.
Aren't you ultimately
responsible for what happens
with the malware
that you create?
LOCKBIT: I'm just a
weapons manufacturer.
America has the best
gun makers in the world.
All these weapons are sold all
over the world, these weapons
regularly kill people,
but do the gun makers care?
The gun makers only care
about the profits from
selling the weapons.
MARIANA: Despite my attempts
to get more details about his
next targets, he won't bite.
But he does send me
one more message.
It's a link to a project he's
calling "LockBit Black."
I'm too scared to open it so
I send it to Jon, one of the
security consultants
I'd been talking to.
So Jon, can you tell me
what's, what's this link that
LockBit sent me?
JON: It's what they're
calling LockBit Black and it's
their newest interface that
they've built for their new,
uh, ransomware.
It's actually really scary.
They've taken a lot of the
technical capability that used
to be required to conduct a
ransomware attack out of it.
MARIANA: Back in Romania,
I'd sat shotgun as John Smith
hacked his way into a
major utility company.
With LockBit's new malware,
he's removed that step.
Now all someone has to do is
type the name of a company
website and the malware
goes in search of access.
JON: It's now like a game.
I could take five minutes.
I could teach you to use
it and conduct attacks.
It's really going to change
the game of ransomware,
and it's really scary.
MARIANA: Do you think that
this has a potential of sort of,
uh, launching a
whole new generation of
ransomware attackers?
JON: Absolutely.
I didn't expect the, the ease
of use that, that this has to
have been built into it.
Uh, I expected it to be more
efficient but I didn't expect
it to be so much easier.
Uh, for someone to do.
What's going to happen is
it's going to allow many more
people to take part
in these attacks.
Higher volumes of attacks
means a lot more victims,
uh, that also means the bad
guy gets a lot more money.
MARIANA: Make no mistake about
it, the arc of the criminal
universe bends
towards easy money.
And we should all be very,
very afraid if ransomware has
gotten easy enough for
someone like me to use.
Captioned by
Cotter Media Group.
♪
♪
♪
MARIANA: What's that stuff?
PRIMO: Little bit of fentanyl.
This (bleep) is blowing up.
These are eight-balls.
This is the trap, baby.
Little Havana.
MARIANA: Is this where you're
making most of your money or?
PRIMO: Hell no. This (bleep)
is a thing of the past.
PRIMO: I ain't
got time for that.
So, what we did is
we started scamming.
MARIANA: Scamming, credit card
fraud, and ID theft are all
part of a booming cybercrime
industry around the world.
LIGHT: I'm buying audio
equipment, I'm using a stolen
credit card.
MARIANA: Most don't even
realize they're targets
until it's too late.
JESSICA: I've had $300,000
that has been taken from me.
MARIANA: Our data has become a
commodity more valuable than
guns, gold, or drugs.
CATALIN: We'll have hackers
targeting large companies,
corporations, and obviously,
critical infrastructure.
MARIANA: I want to know how our
data is stolen, how it's sold,
and how to find the
shadowy band of hustlers
and hackers responsible.
The threat is much
bigger than I ever realized.
JOHN SMITH: If you're
smart about it, you
can't get caught.
MARIANA: What? Do you think
he's suspicious or what?
ABEL: I'll talk to him again.
MARIANA: I'm in Miami
chasing down a tip about
a new breed of criminals.
ABEL: Now he's
acting a little funny.
I'm still talking
to him now, but.
MARIANA: He's just not sure if
he wants to meet us anymore?
ABEL: Yeah, like,
he's saying he's late.
He wants to do it tomorrow.
MARIANA: Abel is a former
gang member who served
three years in jail.
He's also a friend and a
source that I can call
in moments like this.
I'd heard rumors that street
gangs were getting into
credit card and identity theft,
and Abel has been
asking around for me.
We were on our way to
meet one of his contacts
we'll call 'Primo'.
But he's gotten cold feet.
ABEL: He's just nervous
or something because.
MARIANA: Do you think
it would be a good idea
to FaceTime with him?
ABEL: Yeah, definitely.
MARIANA: So he could see
ABEL: I mean, that
could build trust.
(phone ringing)
MARIANA: Can you see me?
PRIMO (over phone):
Yeah. I see you.
(bleep) is real, you know?
I can't have people
getting indicted over this.
MARIANA: Got it.
So this is the deal, so
this is how we do it.
We don't show your face.
We cover any tattoos, or any
identifiable features that
you have and we also
change your voice
so that it's not recognizable.
So yeah, that's
what I can tell you.
The hardest part of my job is
getting people to trust me.
It can take weeks, months,
sometimes even years.
PRIMO (over phone):
All right, yeah.
MARIANA: But sometimes
we get lucky fast.
Yeah.
He said, he said, "yeah."
He's down to film tomorrow.
He said I'm not doing this for
you, I'm doing this for, for
Abel and if Abel is
cool with this, I'm cool.
I know he's not
going to set me up.
Let's hope it
happens tomorrow.
As we wait for the meeting
with Primo, Abel takes me to
see another friend of his,
who apparently dabbles
in the credit card game.
Can you show me some of
the stuff that you do?
BECCA: Absolutely.
And so, to the dark web.
MARIANA: Becca is a
self-taught scammer whose
husband was a gang member.
She agreed to give me a
primer on how it all works.
BECCA: You can buy arms,
you can buy legs, you can buy
elephant tusk, you
can buy digital goods.
MARIANA: Becca uses a browser
that hides her identity,
making it possible for her to
visit more nefarious websites
normally unavailable
to internet users.
And where do you get that
credit card information?
BECCA: We have
several markets.
MARIANA: Vice City is
the name of the market?
BECCA: Yeah, that's
the name of the market.
I know how cliche, right?
MARIANA: Valid dumps.
BECCA: Comes with
the date of birth.
MARIANA: Uh-huh.
BECCA: ZIP code, so you know
where the card is from,
where the billing address is.
MARIANA: Uh-huh. Wow.
This is so crazy.
BECCA: And then look at an
example, if it doesn't work,
they give you your money back.
MARIANA: No, they don't.
BECCA: Yes, they
do immediately.
Immediately.
Look, right here.
MARIANA: So you can
buy this for only $8?
BECCA: Yeah. Oh, you could
buy them for three cents.
MARIANA: My, my mind
is exploding right now.
Site after site, the dark web
is like a strip mall of
stolen credit card data, where
everything from security codes
to ZIP codes are
available for resale.
BECCA: Carding is the act
of using other people's
credit card info, you know, to
buy stuff or obtain goods.
It starts with prepaid cards.
That's an MSR.
It can read, write, erase.
And then I'm going to clone
this information onto it.
MARIANA: Becca uses the MSR
machine to encode the stolen
credit card data onto the
magnetic strip of the new
burner debit card.
BECCA: So I'm going
to go for that one.
He probably went to a
restaurant and somebody hacked
into their POS, whatever.
MARIANA: Steven, I apologize.
BECCA: It's okay.
It's corporate.
Don't worry about it.
The bank will give it back.
So now, let's make a card.
Bam, credit card okay.
Let's go test this on
the vending machine.
Because I don't
want to get caught.
MARIANA: To check if the
card works, she needs to do a
test run where no one will
catch her, in case it doesn't.
This is the moment of truth.
BECCA: There you go.
MARIANA: I don't know
if I want to do that.
So now you know that you
can actually use this card?
BECCA: Absolutely.
MARIANA: Tonight there's a
guy or a woman somewhere who's
missing $1, and tomorrow
will possibly be missing
a lot more.
So tomorrow you're going
to go shopping with this?
BECCA: Yeah, definitely.
MARIANA: The next day,
Becca invites me to follow her
downtown as she tries to
use the card in a store.
So, what kind of shops
do you typically target?
BECCA: Local, smaller, family
owned shops versus corporate,
big, giant Walmarts and stuff.
MARIANA: Why is
that preferable?
BECCA: Because
way less security.
My thing is everywhere
you go, there's a camera.
That's my fear.
You have to look
normal, casual.
MARIANA: Do you ever buy
anything with a regular
credit card, by any chance?
Or is it all stolen?
BECCA: Yeah.
Steal what you can't buy,
buy what you can't steal.
MARIANA: Becca says she never
knows how long a stolen
credit card will remain active.
It depends on how quickly
the owner, or the bank,
spots the fraudulent activity.
BECCA: What I'm going to do
is I'm going to, you know,
look around, see what I find.
Oh, my son would probably
love one of those book bags.
MARIANA: So you don't
feel comfortable with me
going inside, so I'll
BECCA: I don't think for
your own good you should
go in there with me.
MARIANA: I'll stay here.
Um, I would say good luck,
but I'm not sure if
that's the appropriate
thing to say right now.
BECCA: You should.
Because, um, God forbid,
you know, like,
something that comes up.
MARIANA: Oh, now
you're making me nervous.
BECCA: You should be nervous.
It's always 50/50,
it's a lottery.
You never know if it's going to
work, if it's not going to work.
I'll be right back.
MARIANA: We can actually see
right through the shop,
so I will be able, we'll be
able to see her inside.
MARIANA: I don't want to look,
I don't want to look suspicious,
like, we're looking at her.
SHOPKEEPER: Uh.
BECCA: Well, yeah.
MARIANA: So I think
she's having trouble
with the card right now.
MARIANA: Here she comes.
BECCA: I have
returned with my plunder.
MARIANA: They
weren't suspicious?
BECCA: No, the other way
around, they were trying to
help me pay for the (bleep).
They were like, "thank you."
Like, literally you
help them help you steal.
MARIANA: Guy who's at
home who just lost
BECCA: No. Hell no.
MARIANA: Yeah. But it's, yeah.
But it doesn't, well, I
would be angry if it was me.
BECCA: It's a yin and yang.
You give some, you take some.
Unless you have, like, a
really good education and a
good job, it's just,
you can't afford (bleep).
The bigger the stakes are, the
bigger the transactions are,
the bigger they're
going to come after you.
MARIANA: So that's why you
keep it to small transactions.
BECCA: Yeah, definitely.
MARIANA: Oh, my God. I can't
believe how easy that was.
Data has now surpassed oil
as the world's most
valuable resource.
Worldwide, in 2020 alone,
thieves ran off with
more than $28 billion.
It can start with a notification
for a single fraudulent charge.
For most, getting that
money refunded is
just an inconvenience.
But for a growing
number of victims,
the situation escalates quickly.
TIM: At the time, I thought it
was a one and done sort of deal.
I've probably had upwards
of 25 debit and credit cards
compromised and stolen.
DAVE: It's a really scary
thing when you don't know
if the money in your bank
account is not going to
be there when you log in next.
JESSICA: At least every month,
maybe 2 to 15 transactions
that happen
randomly that aren't mine.
TIM: I felt powerless.
They just had access to
all of my life savings.
DAVE: People don't
always get their money back.
SAMUEL: One thing impacted the
next, impacted the next, and
it just kept snowballing.
DAVE: I have no idea when it
will end or if it will end.
TIM: I'm a current student.
JESSICA: I work
in mental health.
DAVE: I'm in the IT area.
SAMUEL: I am a dancer,
teacher, choreographer.
MARIANA: Credit card
fraud exploded in 2020,
increasing more than 40%.
The ease and anonymity of the
crime has drawn the attention
of street gangs, like the Crips,
who used to make their
money in more dangerous ways.
PRIMO: So, have a seat,
have a seat.
MARIANA: Here?
PRIMO: Scoot over, man.
It's a lady.
MARIANA: Thank you.
So we, can I ask you
for a quick question?
Does that gun
always have to be here?
MARIANA: This is Primo,
who I spoke with on
the phone last night.
Do you guys have guns?
PRIMO: Everybody
here got a gun.
MARIANA: So how many guns
are in this house right now?
Just give me a sense.
PRIMO: (bleep) You
sound like ATF right now.
MARIANA: Do you want me to
stop asking these questions?
PRIMO: Yeah.
♪
MARIANA: So you're talking
about scamming and fraud.
Are you guys all
involved in this?
PRIMO: I'd tell you right now
that that scamming (bleep) is
pretty much the main market
to be in right now if you
want to make money.
You want to stay
out of trouble.
MARIANA: There's no risk
associated with scams?
PROJECT FO: You got people
getting life sentences and
getting charged with
murder for fentanyl.
You'll get five years
doing this game right here.
So, what's the
easier ballpark to be in?
This, easy money.
PRIMO: So, what we did is,
uh, we started a Scamily.
You know what I'm saying?
That's a family that scams.
You feel me?
MARIANA: You said
it was a Scamily?
PRIMO: That's my
little saying.
I would like to
call us a Scamily.
You know, you got
to chase the B.O.A.
We treat you better
than your family.
MARIANA: Each member of the
'Scamily' specializes in a
different skillset.
PROJECT FO: I'm the phone guy.
MARIANA: You're the phone guy?
PROJECT FO: Yeah.
PRIMO: This is the, this is
the prince of Nigeria telling
you to send the money.
Send you a little text.
"Your, your, your bank's been
hacked. This is Chase Bank."
MARIANA: Yeah, I've
received these things.
PRIMO: "Sending you an
online alert. Please sign-in."
And you sign in
through there, you got got.
The old school way: stealing
information and (bleep).
We realized we
don't need that.
People give you
the information.
Jwett got his own ways.
He a real good computer guy.
PRIMO: Jwett go, "Doot,
doot, doot, doot, doo."
Next thing you know, I got
someone's money in that card.
MARIANA: How much money
are you guys making from
fraud or scams?
PRIMO: Depends, really.
Sometimes, it's good days.
Sometimes, it's bad days.
Sometimes, it's
really good days.
You feel me? Like
MARIANA: Today, for example.
PRIMO: (bleep).
MARIANA: Did you get anything?
PRIMO: Yeah, yeah.
Today I made a quick,
like, $9,000, but it's been a.
MARIANA: What? $9,000?
PRIMO: Yeah.
MARIANA: So, do you guys ever
feel bad that you're stealing
money from other people?
PRIMO: Not at all.
Under a quarter million, the
bank pays that (bleep) back.
Why would I feel bad?
I mean.
MARIANA: But you're still
stealing from somebody.
It's still not your money.
So is there part of that, do you
guys get upset about that?
PRIMO: Look.
Look, look.
I did time for robbery
and all this (bleep).
I tell you, I feel bad
about that sometimes.
You know, that's not
such a victimless crime.
You putting a gun to somebody,
you, you really traumatizing
somebody, you feel me?
This scamming (bleep)
is, "Ah, man, (bleep).
This (bleep) stole
$800 from my account."
You'll be all
right in the morning.
MARIANA: Hmm.
PRIMO: You'll be all right.
SAMUEL: It's not a
victimless crime.
There are victims.
I'm a victim.
I told the bank that money
had been fraudulently taken
from my account.
It was obvious that the
bank did not believe me.
Honesty, I don't think a real
investigation ever took place.
My economic
background plays a part.
The way I look
could play a part.
Whether I have 10 million
or whether I have $10,
it shouldn't make a difference
in terms of how I'm treated.
MARIANA: The 'Scamily's'
operation is just the
tip of the iceberg.
We've heard rumors that there
are gangs engaging in
even more ambitious scams.
Through my sources, a member
of the Crips, who we'll call
"Light," agrees
to speak with me.
Light has invited me to see
the trap house where the gang
dabbles in both the old school
methods and the new ones.
MARIANA: What do
you have here?
MARIANA: And
what, what's this?
MARIANA: So what is, what
is this place, where we are?
MARIANA: So, we have
drugs, we have guns.
Do you have other guns
in the house as well?
MARIANA: And this is where you
are doing your business from?
MARIANA: So, I know that this
is your place and we have to
get your
permission to film here.
Right?
Are you okay with
us filming here?
MARIANA: Can you show me that?
MARIANA: At a table with
three guns and one laptop,
Light says he'll show me how he
made six figures last year.
LIGHT: That's one deposit.
MARIANA: Wow.
That's a lot of money.
♪
MARIANA: I'm in the backroom
of a Miami trap house, where a
Crips gang member named
'Light' is showing me the
gang's latest hustle.
LIGHT: Do you
see this from IDS?
Which means
Chicago unemployment.
That's unemployed, but I
don't live in Chicago.
I'm in Florida.
MARIANA: Light creates a
fake insurance claim using the
victim's real Social Security
number and birthday.
This is more than
simple credit card fraud.
I'm watching him steal
somebody's identity.
LIGHT: All you have
to do is use a VPN.
Put your VPN on.
MARIANA: And you pretend
that you're in Chicago.
LIGHT: You live in Florida,
but your VPN acts like you're
in Chicago on Walnut Street.
MARIANA: A VPN or virtual
private network disguises your
online identity by encrypting
your connection to a network.
Once a VPN is activated,
tracking the location of your
device becomes
far more difficult.
LIGHT: You're going to find any
random address from Chicago.
You're going to put that
address that you find on the
same application that
you're filling out the
IDS unemployment form
and say that you live at
this address you found.
You don't ever have to worry
about mail getting sent to you,
or receiving it,
because everything is
through direct deposit.
MARIANA: Were people making a
lot of money from the COVID
assistance programs?
LIGHT: I don't know
about people, but I know me.
MARIANA: So that's a
LIGHT: This is (bleep) crazy.
MARIANA: $19,314.
But you're taking it
away from somebody else.
How does that make you feel?
LIGHT: It's a
dog eat dog world.
I'd rather you, than me.
Them or us.
And I'm not going to
let my kids suffer.
JESSICA: I've never
collected unemployment
before or disability.
I owe EDD,
the state, disability,
Social Security, money.
$60,000 to one of them,
another $84,000 to another.
MARIANA: Jessica is a
mental healthcare worker who
specializes in people
experiencing homelessness.
She's one of nearly 400,000
people whose identities were
used to claim
government benefits in 2020.
JESSICA: And I've been telling
my bank since September 2020
about the fraud.
And I probably call
them on a daily basis.
I don't have my own identity,
meaning nothing's mine.
If I want groceries or
something, nine times out of ten
it's going to take me a
half an hour to get through
the register, because
something's not working,
or the money's not there and,
and I've had more
taken out, somehow.
I have to renew my passport,
my driver's license,
my Social Security card,
my birth certificate.
That all costs money.
Right now, my bank account,
I'm negative $3,000 and it's
been since January.
I think if it ever ends,
which I don't know
if it will, um,
it's gonna be a long
recovery to trust people.
MARIANA: This is Assistant
Special Agent Charles Leopard.
His department is dedicated to
catching data thieves before
stolen information ends up
for sale on the dark web.
LEOPARD: So, in this room,
this is part of our
computer forensics lab.
This is an example of what we
commonly find in gas pumps.
This would be what we call
more of an overlay skimmer.
They would replace the card
reader that's currently there.
We call this a shimmer and
these were designed to go into
an existing card reader.
MARIANA: Agent Leopard and his
team show us how older methods
of theft are
constantly being updated.
INVESTIGATOR: More and more
of these skimmers are
Bluetooth enabled.
The reason behind that is that
you have the individuals that
now don't have to go back
in and take the skimmer
off the gas pump.
OFFICER: Good
morning everybody.
Thank you for
being here today.
We're going to be briefing
in regards to the arrest of a
known large-scale trafficker
of stolen credit card account
numbers obtained from
illegally placed credit card
skimming devices
at gasoline pumps.
LEOPARD: Now, we'll just have
them park there and tell them
to just hang out, until
we figure things out.
All right, man.
MARIANA: Leopard is part of a
joint operation between the
secret service
and local police.
They're tracking down one
of these scammers who
steals credit card
information from gas stations.
OFFICER (over phone):
We're all good to go,
so start rolling through.
OFFICER: All right.
(speaking Spanish)
OFFICER: Back up.
OFFICER: Stay right there.
(speaking Spanish)
MAN: Go ahead, man.
OFFICER: Police warrant!
Come to the door!
OFFICER: You're clear right.
OFFICER 2: Watch your right.
Back of the room.
OFFICER: Go ahead.
Go ahead.
OFFICER: Police!
(crying)
MARIANA: In the end, the
suspect is arrested.
LEOPARD: Okay.
OFFICER: Okay?
We're gonna take him in mine
MARIANA: Leopard says these
street-level data thieves
have recognized that
skimmers are an easy way
to make a quick buck.
But the secret service has
been tracking the rise of
a much bigger threat.
REPORTER: Ransomware attacks
against TV stations,
food and fuel suppliers,
hospitals, water systems
and all levels of government.
REPRESENTATIVE: Behind these
sophisticated attacks,
there is real world harm
where people's life savings,
people's, uh, companies are
being compromised by
these individuals.
MARIANA: Ransomware is a type
of malicious software that
attackers use to infect
computers and then hold
sensitive data hostage, until
the victim pays for its release.
In 2021, nearly 70% of
businesses worldwide
were victimized by ransomware.
LEOPARD: So one of the biggest
issues with cybercrime is that
it is borderless.
You normally have
networks of criminals.
And you may have a hacker
who resides in Romania
or Eastern Europe.
BIDEN: Responsible countries
need to take action against
criminals who conduct ransomware
activities on their territory.
REPORTER (over TV): We know tha
it's concentrated in Romania.
REPORTER (over TV): Romania.
REPORTER (over TV): Romania in
Southeastern Europe is
considered the cybercrime
capital of the world.
MARIANA: That's my next stop.
I want to know why Romania
has become such a hotbed for
cybercrime and try to track down
one of these
ransomware attackers.
♪
MARIANA: I kept hearing
about Romania, Romania.
Why Romania?
ALINKA: Romania has the
fastest internet speed.
It's not the top internet
speed of the world,
but it's in the top five.
MARIANA: Alinka is a local
producer who grew up at
the height of the internet
boom in Romania.
ALINKA: Right after the
communist regime fell,
it was pretty much the
wild west over here.
There was
absolutely no regulation.
MARIANA: Oh.
ALINKA: That's why you had so
many hackers flourishing here.
Nobody knew what they were
doing in order to combat them.
We have a lot of engineers, a
lot of tech savvy people here.
MARIANA: Mm-hmm.
ALINKA: It's part of the
culture, if you want, to be
tech savvy was seen as this
epiphany of intellectualness.
MARIANA: Mm-hmm.
I know it's been hard to
get people to talk to us.
Does it look like we, we're
gonna be able to talk to people?
ALINKA: People involved in
criminal activities are also
weary because they're,
sometimes they don't even
believe you're a journalist.
You might be an
undercover cop.
MARIANA: Right.
ALINKA: Well, let's see how
your charm works because mine
is a little bit at
the end right now.
MARIANA: The next morning,
I get my chance.
Alinka gives me the address
of a notorious hacker,
who lives in a middle class
neighborhood in Bucharest.
ALINK (over phone): Be careful,
he's a little bit skittish.
He's waiting for you, but he's
a little bit nervous and well,
he's an active, a
real active hacker, so.
MARIANA: Okay.
ALINKA (over phone):
Expect skittishness.
MARIANA: Okay, yeah.
ALINKA (over phone): Good luck.
JOHN SMITH (over intercom):
Hello?
MARIANA: Hi, Mariana here.
JOHN SMITH (over intercom):
Hi. Come on.
MARIANA: Okay, thank you.
He's pulled out a
couple of times already.
I'm hoping that he's still
interested in talking to us.
Do you characterize
yourself as being a hacker?
JOHN SMITH: I have a
problem with the definition.
MARIANA: Why's that?
JOHN SMITH: There are hackers
and then there are hackers.
Most of the time, what you
see on the news, that's just
somebody that managed to pick
up a piece of software,
then they got caught
because they didn't know
what they were doing.
MARIANA: How many people do
you think here in Romania are
capable of doing what you do?
JOHN SMITH: I
guess less than ten.
MARIANA: Wow.
Less than ten.
JOHN SMITH: You enjoy the
power, let's say, to do it.
MARIANA: Meet a man
we'll call John Smith.
By day, he's a
cyber-security specialist.
But after hours, he's a
developer of ransomware and
spyware.
Do you consider yourself
a good guy or a bad guy?
JOHN SMITH: It depends.
If I'm over here at this
computer, then I'm doing
security for
different companies.
If I'm someplace else,
I take a laptop and
go and have some fun.
Then I'm the other guy.
MARIANA: The bad guy?
What can you tell me
about ransomware attacks?
JOHN SMITH: It's just a
basic blackmailing scheme.
And all you need is a way in.
And then if you're able to
encrypt all the computers,
that's the game.
Just delete the encryption key,
keep it for yourself and
if they pay you,
give it back, or not.
MARIANA: Right.
JOHN SMITH: Need my laptop.
You know, I'm working
on a small side project.
Antennas.
Okay.
We're going in the field.
MARIANA: Oh, we're
going in the field?
You're taking me with you?
JOHN SMITH: I don't know.
You want to come?
MARIANA: Yeah, I do.
JOHN SMITH: Are you sure?
MARIANA: Oh, yeah.
I'm very sure.
♪
JOHN SMITH: So we're going
to the main headquarters
of this utility company,
just to check out
their wireless infrastructure.
What I'm trying to figure
out, if there's actually any
security whatsoever.
This is a wireless adapter that
has quite an increased range.
MARIANA: Oh, my
God, the police.
Do you want to go
somewhere else?
JOHN SMITH: Ah, we are moving
to the secondary position.
That was weird.
And we're, we're moving.
That wasn't the police,
that was the Romanian
Intelligence Service.
So, I'm just
gonna do this again.
MARIANA: I was a little nervous
before, now I'm extra nervous.
You're trying to see if
there's a vulnerability,
if you can get into the Wi-Fi.
JOHN SMITH: Yeah.
MARIANA: Without a password.
I think it's the first time in
my life that I'm actually
witnessing somebody hacking.
So the company is the glass
building actually right behind,
right next to us.
JOHN SMITH: Yeah.
All of it. All of it, yeah.
MARIANA: What John is
attempting happens in various
forms every day
around the globe.
Sometimes to
devastating effect.
DAWNA: Good evening
and thanks for joining us.
We begin with the brazen
cyber-attack that has shut
down the biggest
pipeline in the United States.
MARIANA: In May of 2021,
Colonial Pipeline became the
victim of a ransomware attack.
It wreaked so much havoc, the
company shut down operations
to the pipeline that supplies
45% of fuel to the east coast.
BIDEN: I want to update
everyone on the ransomware
cyber-attack that impacted
on the Colonial Pipeline
over this past week.
REPORTER: Colonial Pipeline
paid nearly $5 million in
ransom to hackers who
infiltrated their system.
JOHN SMITH: The main company
seems to have taken at least a
few steps towards
protecting themselves.
But it's not that.
There is no Wi-Fi here.
MARIANA: How is that possible?
JOHN SMITH: It's too far
inside of the building and
we can't get it from out here.
And now we go to plan B.
MARIANA: What's plan B?
JOHN SMITH: Plan B is to go to
a smaller company that's
part of this one, that
shouldn't have the same
level of security.
MARIANA: Affiliated companies
often share the same network
access, but might have
less stringent security.
In the case of Colonial
Pipeline, the ransomware
attackers didn't gain access
to the operational network
controlling the pipeline
itself, they found a way in
through the
company's billing system.
JOHN SMITH: The whole problem
with security is that the good
guys need to find each and
every hole in the system.
The bad guy needs to find one.
♪
MARIANA: I'm with a man
that some consider
one of the
top hackers in Romania.
He's attempting to get
inside the computer system
of a major utility.
♪
JOHN SMITH: Let's
try this again.
This is just gonna go with some
passwords and try and get in.
MARIANA: Oh, wow.
JOHN SMITH: It
just found the key.
MARIANA: Okay.
So now that you have this
information, you have a way in?
JOHN SMITH: I have a way into
their local network over here.
You search for vulnerable
computers and hopefully we can
gain some traction on our
target, the power company.
MARIANA: Are you shocked
that you were able to
actually get in?
Are you surprised?
JOHN SMITH: I'm surprised that
their security measures are
basically nonexistent.
When you manage to get a foot
in the door this easily,
it's probably going to get
even easier from here on out.
MARIANA: And then what do
you do with that information?
JOHN SMITH: We will see.
MARIANA: John insists this
'side project' was just to
satisfy his curiosity.
But he could make a lot of
money if he decided to take
the experiment further.
In the ransomware game,
this role is known as an
initial access broker.
Someone who sells the details
of how to access a computer
network to other criminals,
who then conduct the attack.
It's a lucrative gig.
I want to learn more.
CATALIN: So this
is our threat map.
MARIANA: Bitdefender tracks
reports of hacking and
cyber security threats
all around the world.
This is what's happening
right now? In real life?
CATALIN: Yes.
This is real-time.
This is just 3%
of what we see.
MARIANA: Really?
CATALIN: Yeah, yeah.
MARIANA: So if everything was
here, what would we be seeing?
Just
CATALIN: It would be all red.
The human eye wouldn't be
able to, to see all the dots.
BOGDAN: We process about 36
billion events every day.
MARIANA: No.
BOGDAN: So, yes.
MARIANA: Bitdefender has
been collecting data on
cyber-attacks for decades.
But in recent years, their
threat map is increasingly
being overrun with ransomware
cases carried out by a new
generation of professionals.
CATALIN: Ransomware has been
around for the past 32 years,
but only in the last five years
that it's became so prevalent.
They are more organized and
more better prepared than
many of the
organizations out there.
MARIANA: Everybody's a
possible victim of this.
Like hospitals, I'm assuming
airports, governments,
weapons companies.
CATALIN: So cyber-attacks
can lead to
MARIANA: To death. Yeah.
CATALIN: Yeah, yeah.
If it's critical
infrastructure, we're talking
about tens of
millions of dollars.
So they're actually running
this cybercrime as they're
running a business.
They have their PR person.
They have negotiators.
They have tools that
to, to launder money.
MARIANA: The level of
organization surprised me,
the cyber criminals I've met
are all about keeping
a low profile.
But these ransomware cartels
are different, and more
ruthless than anything
I'd encountered before.
Some of their favorite targets
include hospitals and schools.
JIM: So as I'm driving home
that night and I'm starting to
get more and more, um, texts
and calls about problems that
people are experiencing.
I'm very quickly realizing
that this is not just a few
isolated incidences,
but there's something
bigger going on.
MARIANA: On the night
before Thanksgiving in 2020,
a ransomware group attacked the
Baltimore County school system,
taking its computer
network hostage.
Jim Corns is the executive
director of the county's
IT department.
JIM: As we realized that, that
we had had an attack,
we had to call our leadership
in, in the school system to
let them know that
something was happening,
because decisions had to
be made right away.
We had a day of school that
was coming up the next day,
and, and we didn't have a
way to present instruction.
MARIANA: This was peak COVID.
Baltimore County's
156 schools,
and more than 100,000
students were all virtual.
That's why schools have
become such obvious targets.
Lock teachers and staff out of
their devices and the entire
school system is paralyzed.
JIM: It was
inexplicably, uh, stressful.
Every minute that we weren't
on the problem was a minute
that we, we had lost.
Our students weren't in
contact with our teachers.
And there was more pressure
than I've, I've ever felt.
We have contacted both local and
federal, uh, law enforcement.
KELLY: The ransomware attack on
Baltimore County public schools
is hurting an already
hard-hit educational effort.
MARIANA: Jim won't say
whether the county paid
the attackers or not.
But there are reports that the
cost of the attack is nearing
$10 million.
And he tells me that doesn't
include damages like decades
of lost teaching
materials and student records.
JIM: It's like having our
house burned down and walking
through that house, looking
for anything that was left.
One of the, the biggest
things we lost was our
sense of security.
When everything is suspect,
uh, you, you don't trust any
of the, the
systems that you have.
And we end up with this
feeling that there's something
lurking there,
waiting for you.
MARIANA: That's who I
want to find; one of the
big ransomware players.
And as I continue to research,
one name keeps rising
to the surface.
WOMAN: LockBit.
MAN: LockBit.
MAN: LockBit.
MAN: LockBit.
REPORTER: As LockBit ransomware.
MARIANA: I find
it in FBI reports.
And in hacker forums.
It's both the name of the
ransomware group with the
fastest encryption speeds in
the world and the name of the
leader and developer at the top
of this formidable organization.
MAN: We hacked your company
yesterday and now we have
around 80 gigabytes
of your company data.
MARIANA: The rumors
about him swirled.
But there's no doubt
that LockBit's attacks
are creating chaos
around the globe.
Which is why I
really want to find him.
His name is 'LockBit.'
Have you heard of them?
JON: Oh, yeah!
LockBit's one of the most
dangerous and effective groups
that exist today.
MARIANA: Reaching out to
anyone in the underworld is
always tricky but the
search for LockBit makes me
especially nervous.
He's engaged in attacks right
now, complete with countdown
clocks, tracking when he'll
release sensitive data if a
ransom isn't paid.
Back in the States,
I connect with several
security experts for guidance.
NATE: If you get in contact,
what they're probably going to
do is they're going to want to
talk to you on, like, one of
these secured messaging clients.
MARIANA: Mm-hmm.
Mm-hmm.
NATE: So there's one that
uses, uh, what's called the
Tor Network, which is an
anonymized, it's where the
dark web is. Right?
MARIANA: The dark web, yup.
You know, I'm a little
bit on edge dealing with.
JON (over phone): Yeah.
MARIANA: The person that I
know can find out everything
he wants about me in a second,
so that puts, that makes me
nervous.
JON (over phone): Right.
That's a good thing, because
being, being nervous means
you're going to be paranoid,
and being paranoid is what's
going to keep you safe when
you're dealing with this
sort of element.
MARIANA: Yeah. They're the
people that everybody else is
running away from
and we're chasing.
JON (over phone):
Yeah. Exactly.
NATE: So they're probably
going to do some level of
reconnaissance against you,
just to make sure that you're
not the FBI or, you know,
the NSA, or something.
MARIANA: Mm-hmm.
NATE: The thing that I would
definitely, um, caution you is
that they know that they're
cybercriminals, but do treat
them, treat them with respect.
MARIANA: Um, so if I was to
try and get in touch with,
you know, the people at the
top, what, what do you think
I should do?
How do I start?
NATE: One of my guys
has some friends, he,
he knows a middle man
that can talk to these folks on
your behalf and set it up.
And so basically, he's,
he will probably broker
the conversation.
MARIANA: That's great.
The person I begin texting
with is called Blackrabbit.
He or she tells me these
forums are heavily encrypted
and guarded against outsiders.
But Blackrabbit agrees to
vouch for me if I can prove
I am who I say I am.
How do I know you're
really from Nat Geo?
Can you send me a
picture of yourself?
Huh.
(laughing)
Okay.
Is this a good idea?
I'm basically dangling myself
as bait in front of the
top ransomware
hackers in the world.
"Okay.
I will help you."
Wow.
Blackrabbit explains that the
ransomware scene is full of
big egos, big money,
and big rivalries.
Normally, none of the
top players would talk.
But he thinks we're reaching out
to LockBit at the right time.
His operation has become the
most profitable in the world
and he may be eager
to promote his brand.
Blackrabbit connects
us on a dark web forum.
I wait a day.
Then another.
Finally, someone that I'm
told is LockBit joins the chat.
♪
MARIANA: Rumors are
that LockBit is a young
20-something from Russia.
But this isn't him.
He would only communicate
via encrypted text.
He asked that we use a masked
avatar to relay the answers
to my questions.
Would you ever
meet us in person?
LOCKBIT: The FBI wants to
eliminate me, I'm ready to
meet you in person
when I lose my mind.
It takes just one
person to destroy the
biggest hacker group,
there are too
many people tied to me.
Without me, my
business would die instantly.
MARIANA: How do you feel
about the FBI targeting you?
LOCKBIT: I really love the
FBI, it is because of them
that I am constantly learning
about anonymity and
improving anonymity schemes.
To change locations
and internet sources,
the countries I live in.
Someday I will be found.
MARIANA: How did you get
into the ransomware world?
And why?
LOCKBIT: Big money.
I am just a young hacker
who decided to make a
lot of money easily.
MARIANA: What does a
typical day look like for you?
LOCKBIT: Riding on a yacht,
Lamborghini, dozens of luxury
models, drugs, everything
like regular millionaires.
MARIANA: You guys have gained
the reputation as one of the
most sophisticated groups
in the ransomware world.
Um, how did you get there?
LOCKBIT: The software has the
best technical specifications
on the planet, we have maximum
encryption speed, ability to
automatically self-distribute,
a list of processes to kill,
trace clearing, safe mode,
filename encryption,
as well as a set of
encryption software.
MARIANA: Do you ever
feel bad for your victims?
LOCKBIT: Why feel
sorry for the victims?
We are not doing
them any harm.
We just provide paid training
to system administrators.
Is it our fault that the
companies don't want to spend
money to protect
their networks?
You can always negotiate with
us simply by paying a modest
amount of money, which is
printed in unlimited quantities.
MARIANA: LockBit claims
he has his own moral
standards about targets.
But he also runs a business
and his malware is a product
that his affiliates have used
to attack government systems,
educational institutions, and
even hospitals around the world.
So you might say that you don't
put people's lives at risk, but.
Aren't you ultimately
responsible for what happens
with the malware
that you create?
LOCKBIT: I'm just a
weapons manufacturer.
America has the best
gun makers in the world.
All these weapons are sold all
over the world, these weapons
regularly kill people,
but do the gun makers care?
The gun makers only care
about the profits from
selling the weapons.
MARIANA: Despite my attempts
to get more details about his
next targets, he won't bite.
But he does send me
one more message.
It's a link to a project he's
calling "LockBit Black."
I'm too scared to open it so
I send it to Jon, one of the
security consultants
I'd been talking to.
So Jon, can you tell me
what's, what's this link that
LockBit sent me?
JON: It's what they're
calling LockBit Black and it's
their newest interface that
they've built for their new,
uh, ransomware.
It's actually really scary.
They've taken a lot of the
technical capability that used
to be required to conduct a
ransomware attack out of it.
MARIANA: Back in Romania,
I'd sat shotgun as John Smith
hacked his way into a
major utility company.
With LockBit's new malware,
he's removed that step.
Now all someone has to do is
type the name of a company
website and the malware
goes in search of access.
JON: It's now like a game.
I could take five minutes.
I could teach you to use
it and conduct attacks.
It's really going to change
the game of ransomware,
and it's really scary.
MARIANA: Do you think that
this has a potential of sort of,
uh, launching a
whole new generation of
ransomware attackers?
JON: Absolutely.
I didn't expect the, the ease
of use that, that this has to
have been built into it.
Uh, I expected it to be more
efficient but I didn't expect
it to be so much easier.
Uh, for someone to do.
What's going to happen is
it's going to allow many more
people to take part
in these attacks.
Higher volumes of attacks
means a lot more victims,
uh, that also means the bad
guy gets a lot more money.
MARIANA: Make no mistake about
it, the arc of the criminal
universe bends
towards easy money.
And we should all be very,
very afraid if ransomware has
gotten easy enough for
someone like me to use.
Captioned by
Cotter Media Group.