1
00:00:00,080 --> 00:00:02,280
Speaker 1: A what's going on? It's dexter. So we're doing something

2
00:00:02,279 --> 00:00:04,160
Speaker 1: a little different this week. While our team is away

3
00:00:04,160 --> 00:00:06,400
Speaker 1: for the holiday, We're going to bring you an episode

4
00:00:06,440 --> 00:00:09,280
Speaker 1: of a podcast called click here. It's produced by our

5
00:00:09,320 --> 00:00:12,200
Speaker 1: friends that recorded Future News and PRX, and it's all

6
00:00:12,240 --> 00:00:15,400
Speaker 1: about the people who are making and breaking our digital world.

7
00:00:15,760 --> 00:00:19,560
Speaker 1: Today's episode follows a hacking group called Elusive Comet. They

8
00:00:19,560 --> 00:00:22,520
Speaker 1: don't rely on zero days or ransomware. They just use

9
00:00:22,640 --> 00:00:25,480
Speaker 1: charm and zoom to fall into their trap. You don't

10
00:00:25,520 --> 00:00:28,960
Speaker 1: need to be reckless, just polite. Here's Dina temple Rastin,

11
00:00:29,160 --> 00:00:31,000
Speaker 1: the host of click Here, with the story.

12
00:00:33,880 --> 00:00:36,320
Speaker 2: Jake Gallen used to work behind the velvet ropes in

13
00:00:36,400 --> 00:00:39,960
Speaker 2: Las Vegas. Among other things, he worked the cabanos at

14
00:00:40,040 --> 00:00:44,320
Speaker 2: Planet Hollywood and for a while he thought that life sparkled.

15
00:00:45,920 --> 00:00:47,800
Speaker 3: You know, it's funny because when I was going to UNLV,

16
00:00:47,880 --> 00:00:51,720
Speaker 3: I was in a fraternity there, and you'd say, yeah,

17
00:00:51,840 --> 00:00:53,680
Speaker 3: you know, I would love to have a nightclub job

18
00:00:53,720 --> 00:00:55,680
Speaker 3: because I can continue this type of lifestyle.

19
00:00:56,240 --> 00:00:58,480
Speaker 2: But it got a little old once you get.

20
00:00:58,320 --> 00:01:00,880
Speaker 4: Into that lifestyle. After about a year, you're like, man,

21
00:01:00,920 --> 00:01:01,720
Speaker 4: this kind of sucks.

22
00:01:02,120 --> 00:01:04,680
Speaker 2: It wasn't just that he was awake when the rest

23
00:01:04,720 --> 00:01:07,360
Speaker 2: of his friends were asleep, or that he missed all

24
00:01:07,440 --> 00:01:11,480
Speaker 2: kinds of milestones in other people's lives. It was just

25
00:01:11,560 --> 00:01:15,040
Speaker 2: kind of lonely, and he worried that he'd never find

26
00:01:15,080 --> 00:01:18,280
Speaker 2: something as exciting where he'd be making that kind of

27
00:01:18,319 --> 00:01:22,000
Speaker 2: money until one day he was on a Reddit forum

28
00:01:22,120 --> 00:01:24,520
Speaker 2: and found Ethereum, the cryptocurrency.

29
00:01:25,160 --> 00:01:28,920
Speaker 3: So I found Ethereum in twenty sixteen on a Reddit

30
00:01:28,959 --> 00:01:30,360
Speaker 3: forum called Wall Street Bets.

31
00:01:31,200 --> 00:01:35,560
Speaker 2: To Jake, trading ethereum, the second largest cryptocurrency after Bitcoin,

32
00:01:36,000 --> 00:01:39,319
Speaker 2: felt like opening a secret door into a whole new world,

33
00:01:39,760 --> 00:01:43,520
Speaker 2: one that was intoxicating, unpredictable, and full of promise.

34
00:01:43,920 --> 00:01:46,440
Speaker 3: I was very fascinated by this idea of how it

35
00:01:46,520 --> 00:01:48,800
Speaker 3: kind of strips power away from a lot of the

36
00:01:48,840 --> 00:01:52,920
Speaker 3: central authorities, and for me, I was very certain that

37
00:01:53,000 --> 00:01:56,440
Speaker 3: this was going to be the industry that changes the world.

38
00:01:56,600 --> 00:01:57,440
Speaker 4: I still have that.

39
00:01:57,360 --> 00:02:00,600
Speaker 2: Believer, and like so many true believers, he didn't want

40
00:02:00,600 --> 00:02:03,639
Speaker 2: to just watch from the sidelines. So we started training

41
00:02:03,640 --> 00:02:07,040
Speaker 2: crypto and then he stumbled into the world of NFTs

42
00:02:07,920 --> 00:02:12,720
Speaker 2: that short for non fungible tokens. There are blockchain based collectibles,

43
00:02:12,960 --> 00:02:17,320
Speaker 2: think beanie babies, but with code, and before long he'd

44
00:02:17,320 --> 00:02:20,280
Speaker 2: carved out a reputation in one of the strangest corners

45
00:02:20,320 --> 00:02:24,480
Speaker 2: of the NFT universe, a niche known as historical NFTs.

46
00:02:25,360 --> 00:02:29,680
Speaker 2: Think of them as relics, pixelated artifacts from Crypto's adolescence.

47
00:02:30,280 --> 00:02:32,800
Speaker 4: So's one of the largest Mooncat collectors at the time.

48
00:02:33,360 --> 00:02:38,079
Speaker 2: Mooncats primitive, quirky, little pixelated pictures of cats and among

49
00:02:38,120 --> 00:02:40,480
Speaker 2: the very first NFTs ever minted.

50
00:02:40,760 --> 00:02:42,440
Speaker 3: And I said that I had some that I was

51
00:02:42,520 --> 00:02:44,240
Speaker 3: interested in auctioning off.

52
00:02:44,520 --> 00:02:47,480
Speaker 2: They were valuable, a kind of Mickey Mental Rookie card

53
00:02:47,520 --> 00:02:53,000
Speaker 2: of the blockchain. This wasn't an obvious career choice for

54
00:02:53,080 --> 00:02:56,440
Speaker 2: a health science major, but Jake understood collectibles in a

55
00:02:56,520 --> 00:02:59,320
Speaker 2: kind of visceral way because he'd lived it.

56
00:03:00,000 --> 00:03:03,200
Speaker 3: I had actually owned an antique store in Vegas with

57
00:03:03,240 --> 00:03:05,640
Speaker 3: my father. That was my first business, and so we

58
00:03:05,680 --> 00:03:10,200
Speaker 3: are very knowledgeable in this world of like antiquities and collectibles.

59
00:03:09,560 --> 00:03:14,200
Speaker 2: Which is probably why Southeby's came calling. Yes, that's Southeby's

60
00:03:14,280 --> 00:03:16,240
Speaker 2: the one that sells Van Goes.

61
00:03:16,200 --> 00:03:20,000
Speaker 3: Six Sasi painting by Vassin Vngeur sendor Remo Marte.

62
00:03:19,960 --> 00:03:21,600
Speaker 1: Painted in eighty eighty seven.

63
00:03:21,639 --> 00:03:23,760
Speaker 2: And they asked him if you wanted to participate in

64
00:03:23,800 --> 00:03:27,200
Speaker 2: their second ever NFT auction. It was a huge deal.

65
00:03:27,680 --> 00:03:31,080
Speaker 2: One of the world's oldest auction houses was now moving

66
00:03:31,120 --> 00:03:32,080
Speaker 2: into digital.

67
00:03:31,720 --> 00:03:39,760
Speaker 3: Ward eleven million, two d and fifty thousand euros adiuge.

68
00:03:38,800 --> 00:03:42,200
Speaker 2: And just like that, Jake was suddenly orbiting Crypto Royalty,

69
00:03:42,440 --> 00:03:46,360
Speaker 2: rubbing elbows with celebrities like Steve Aoki and Paris Hilton.

70
00:03:47,200 --> 00:03:50,920
Speaker 2: He was hosting panels, being interviewed live streaming, He started

71
00:03:50,920 --> 00:03:54,840
Speaker 2: a podcast, and his profile exploded. And in the middle

72
00:03:54,880 --> 00:04:01,480
Speaker 2: of all this, he made an unusual decision. In the

73
00:04:01,520 --> 00:04:05,880
Speaker 2: crypto world, everyone hides, they use avatars or fake names

74
00:04:06,320 --> 00:04:11,440
Speaker 2: VPNs on top of VPNs, that's the culture, anonymous, encrypted

75
00:04:11,560 --> 00:04:17,520
Speaker 2: and untouchable. But not Jake Gallon. He in essence doxed himself.

76
00:04:18,560 --> 00:04:22,040
Speaker 3: Since I started in twenty seventeen, you know, being a

77
00:04:22,120 --> 00:04:23,600
Speaker 3: docs person was unheard of.

78
00:04:23,680 --> 00:04:25,200
Speaker 4: That was like a very rare thing to do.

79
00:04:26,120 --> 00:04:28,640
Speaker 2: He used his real name, told people what he owned,

80
00:04:28,760 --> 00:04:31,599
Speaker 2: where he worked, what he bought into. He thought the

81
00:04:31,680 --> 00:04:36,080
Speaker 2: transparency would help him earn trust, so he leaned into it.

82
00:04:37,040 --> 00:04:39,240
Speaker 3: You know, well, obviously it makes you a target, but

83
00:04:39,279 --> 00:04:41,160
Speaker 3: it also makes you a little bit more respectable and

84
00:04:41,200 --> 00:04:44,560
Speaker 3: it leads, in my opinion, to more opportunities.

85
00:04:45,600 --> 00:04:49,880
Speaker 2: That openness got him noticed. He started getting nonstock media

86
00:04:49,960 --> 00:04:54,640
Speaker 2: requests three, five, sometimes eight interviews a week, so when

87
00:04:54,640 --> 00:04:58,080
Speaker 2: a show called Tactical Investing reached out in April, it

88
00:04:58,200 --> 00:05:00,200
Speaker 2: was just another thing he had to fit in into

89
00:05:00,240 --> 00:05:00,880
Speaker 2: his schedule.

90
00:05:01,279 --> 00:05:04,040
Speaker 3: The message was like, hey, you know doing a cohort

91
00:05:04,040 --> 00:05:08,719
Speaker 3: of individuals with leaders in the industry for my channel.

92
00:05:08,800 --> 00:05:12,240
Speaker 3: Would love to interview you. So I respond and say,

93
00:05:12,320 --> 00:05:14,120
Speaker 3: hey man, sure, yeah, I'd love to.

94
00:05:17,279 --> 00:05:20,520
Speaker 2: A week later, he logged onto zoom ready for his interview.

95
00:05:21,000 --> 00:05:25,440
Speaker 2: But this was not just any interview, this was a trap.

96
00:05:28,560 --> 00:05:32,680
Speaker 2: I'm Dina Templewrestent and this is click here, a podcast

97
00:05:32,680 --> 00:05:36,440
Speaker 2: about all things cyber and intelligence. We tell true stories

98
00:05:36,480 --> 00:05:40,280
Speaker 2: about the people making and breaking our digital world today.

99
00:05:40,600 --> 00:05:44,159
Speaker 2: We're used to watching for a shady link, a sketchy email,

100
00:05:44,320 --> 00:05:47,720
Speaker 2: a too good to be true promise. But what if

101
00:05:47,839 --> 00:05:51,320
Speaker 2: danger comes wrapped in something ordinary, A zoom call, a

102
00:05:51,360 --> 00:05:55,159
Speaker 2: friendly face, a simple request. You don't need to be careless,

103
00:05:55,560 --> 00:06:08,000
Speaker 2: just courteous. Stay with us. From Record of Future News,

104
00:06:08,440 --> 00:06:19,919
Speaker 2: This is click Here. Jake Gallon had always known that.

105
00:06:20,000 --> 00:06:23,000
Speaker 2: Deciding to use his real name publicly and talking so

106
00:06:23,120 --> 00:06:26,680
Speaker 2: openly about his life would be a risk, so he

107
00:06:26,800 --> 00:06:29,159
Speaker 2: made sure his security was air tight.

108
00:06:29,680 --> 00:06:32,760
Speaker 4: I generally consider myself to be very careful. I mean

109
00:06:32,800 --> 00:06:33,320
Speaker 4: I have.

110
00:06:33,680 --> 00:06:36,960
Speaker 3: Maybe five to ten different hardware wallets with different assets.

111
00:06:37,000 --> 00:06:41,160
Speaker 3: On top of it, multiple computers which hold different types

112
00:06:41,200 --> 00:06:41,839
Speaker 3: of wallets.

113
00:06:42,560 --> 00:06:45,320
Speaker 2: So anytime he got an interview request, he would vet

114
00:06:45,360 --> 00:06:48,680
Speaker 2: them thoroughly. And that's exactly what he did in April

115
00:06:48,800 --> 00:06:51,360
Speaker 2: when he got an interview request from a YouTube show.

116
00:06:51,400 --> 00:06:55,320
Speaker 2: He'd never heard of something called Tactical Investing. Did they

117
00:06:55,360 --> 00:06:59,760
Speaker 2: have mutual followers? Check history of posts with the original

118
00:07:00,600 --> 00:07:04,799
Speaker 2: check check a show that appears to be a real show.

119
00:07:06,120 --> 00:07:08,159
Speaker 4: Hey, guys, what is up? It is Alexander here back

120
00:07:08,160 --> 00:07:10,840
Speaker 4: with Tactical Investing, and in today's video, I want to

121
00:07:10,920 --> 00:07:14,000
Speaker 4: do a step by step staking.

122
00:07:13,720 --> 00:07:17,640
Speaker 3: The YouTube channel had close to one hundred thousand subscribers,

123
00:07:17,800 --> 00:07:21,720
Speaker 3: had like six years of posting history. I had interviews

124
00:07:21,720 --> 00:07:24,960
Speaker 3: with people that I'm familiar with in the industry, and

125
00:07:25,160 --> 00:07:29,920
Speaker 3: had a bunch of recent posts, posting videos every few

126
00:07:30,000 --> 00:07:31,000
Speaker 3: days or so.

127
00:07:31,000 --> 00:07:34,320
Speaker 2: So we said yes, and he was excited. By this point.

128
00:07:34,360 --> 00:07:37,200
Speaker 2: He was CEO of a crypto company and they had

129
00:07:37,240 --> 00:07:40,520
Speaker 2: a new product. He wanted to demo. So the day

130
00:07:40,520 --> 00:07:43,160
Speaker 2: of the interview, he logged on and it started like

131
00:07:43,400 --> 00:07:46,600
Speaker 2: so many interviews before it, but the host had his

132
00:07:46,680 --> 00:07:47,320
Speaker 2: camera off.

133
00:07:47,920 --> 00:07:50,080
Speaker 3: So when we get on the interview, he has his

134
00:07:50,160 --> 00:07:54,800
Speaker 3: screen off, and he says, do you mind that I'm

135
00:07:54,800 --> 00:07:56,040
Speaker 3: going to keep my screen off?

136
00:07:56,600 --> 00:07:58,920
Speaker 2: Why wouldn't he want his camera on? He was a

137
00:07:58,960 --> 00:08:02,320
Speaker 2: YouTuber after all, That alone set off a flicker of

138
00:08:02,360 --> 00:08:05,040
Speaker 2: doubt in Jake's mind, but just a flicker.

139
00:08:05,440 --> 00:08:09,960
Speaker 3: This industry is, you know, it's full of pseudononymous and

140
00:08:09,960 --> 00:08:10,800
Speaker 3: anonymous people.

141
00:08:10,960 --> 00:08:14,400
Speaker 4: But what was weird is that he's a YouTuber.

142
00:08:15,720 --> 00:08:19,200
Speaker 2: But then the guy kept talking. He sounded confident, casual,

143
00:08:19,600 --> 00:08:22,200
Speaker 2: and Jake he let the flicker fade.

144
00:08:22,520 --> 00:08:24,680
Speaker 3: So I'd actually watched a handful of his interviews, you

145
00:08:24,760 --> 00:08:27,840
Speaker 3: kind of understand who this person is, or like what

146
00:08:27,880 --> 00:08:30,600
Speaker 3: their interview style is like. It sounds just like him,

147
00:08:30,720 --> 00:08:34,160
Speaker 3: literally just like him.

148
00:08:34,240 --> 00:08:37,400
Speaker 2: And pretty quickly he wasn't just feeling relaxed, he was

149
00:08:37,400 --> 00:08:42,080
Speaker 2: feeling kind of impressed. The questions were smart, technical. The

150
00:08:42,120 --> 00:08:46,640
Speaker 2: interviewer clearly understood Emblem Vault, the crypto company that Jake

151
00:08:46,760 --> 00:08:47,240
Speaker 2: was running.

152
00:08:48,280 --> 00:08:52,160
Speaker 3: What he was asking me actually was was kind of nuanced,

153
00:08:52,240 --> 00:08:57,000
Speaker 3: questions about emblem vault, which to understand what elmbum vault is,

154
00:08:57,040 --> 00:08:59,079
Speaker 3: you have to be pretty deep into the industry.

155
00:08:59,440 --> 00:09:03,400
Speaker 2: So what any founder would do when somebody really gets it,

156
00:09:04,000 --> 00:09:05,200
Speaker 2: he let his guard down.

157
00:09:05,320 --> 00:09:10,200
Speaker 3: And so after about thirty or forty minutes into the interview,

158
00:09:10,679 --> 00:09:13,560
Speaker 3: the gentleman says, okay, I would love for you to

159
00:09:13,600 --> 00:09:14,880
Speaker 3: demo Agent Hustle.

160
00:09:15,480 --> 00:09:19,160
Speaker 2: Agent Hustle not a nineteen seventies crime show, but an

161
00:09:19,200 --> 00:09:23,040
Speaker 2: AI tool for tracing blockchain activity. And Jake was really

162
00:09:23,080 --> 00:09:26,120
Speaker 2: proud of it. So when the interviewer said he'd give

163
00:09:26,240 --> 00:09:29,480
Speaker 2: Jake access to share his screen, he just clicked shared

164
00:09:29,480 --> 00:09:33,280
Speaker 2: his screen and walked the interviewer through the tool. When

165
00:09:33,320 --> 00:09:36,160
Speaker 2: the call ended, Jake thought it had gone pretty well.

166
00:09:36,760 --> 00:09:39,240
Speaker 3: I tell him, hey, he is a great interview. He

167
00:09:39,520 --> 00:09:42,080
Speaker 3: asked the right questions, and he says he'll be up

168
00:09:42,120 --> 00:09:45,200
Speaker 3: in a few days, and then that's it.

169
00:09:45,360 --> 00:09:46,520
Speaker 4: Everything is fine.

170
00:09:46,679 --> 00:09:52,480
Speaker 2: But everything was not fine. It started the next day

171
00:09:53,480 --> 00:09:56,760
Speaker 2: Jake got a notification that a Mooncat NFT that he'd

172
00:09:56,760 --> 00:10:00,520
Speaker 2: bought for one hundred thousand dollars was suddenly sold at

173
00:10:00,559 --> 00:10:03,160
Speaker 2: the bargain basement price of one thousand dollars.

174
00:10:03,800 --> 00:10:06,319
Speaker 4: And then I see another sale happen.

175
00:10:06,360 --> 00:10:08,720
Speaker 3: I get another notification from open Sea saying that another

176
00:10:08,760 --> 00:10:09,880
Speaker 3: sales happened, very.

177
00:10:09,760 --> 00:10:12,240
Speaker 2: Low ball, and his heart started to raise.

178
00:10:12,520 --> 00:10:15,280
Speaker 4: And I know there's a hack that's happening. I don't

179
00:10:15,320 --> 00:10:16,920
Speaker 4: know how or what or why.

180
00:10:18,960 --> 00:10:23,680
Speaker 2: He scrambled change passwords, reached for every security switch he knew.

181
00:10:23,920 --> 00:10:26,880
Speaker 3: Just minimizing the blast radius of what was going on,

182
00:10:27,040 --> 00:10:30,120
Speaker 3: trying to figure out what was happening.

183
00:10:30,640 --> 00:10:33,800
Speaker 2: And then came the moment everyone dreads. He was logged

184
00:10:33,840 --> 00:10:37,040
Speaker 2: out of his email, his social media, and every time

185
00:10:37,200 --> 00:10:40,360
Speaker 2: he tried to regain control, the hacker just kicked him

186
00:10:40,400 --> 00:10:43,120
Speaker 2: right back out. It was like whack a mole with

187
00:10:43,200 --> 00:10:47,839
Speaker 2: his life. He tried to revoke permissions on revoke cash no.

188
00:10:47,920 --> 00:10:51,000
Speaker 3: Look, and I could see more Mooncats being listed, and

189
00:10:51,040 --> 00:10:53,120
Speaker 3: then I see other collections being listed.

190
00:10:53,160 --> 00:10:55,800
Speaker 2: And then a chilling realization.

191
00:10:55,840 --> 00:10:58,880
Speaker 3: Oh fuck, this is like a full on like somebody

192
00:10:58,960 --> 00:11:00,120
Speaker 3: has my seat phrase.

193
00:11:00,120 --> 00:11:02,600
Speaker 2: Seed phrase like a master key to all of his

194
00:11:02,720 --> 00:11:05,240
Speaker 2: wallets and NFTs.

195
00:11:04,640 --> 00:11:07,880
Speaker 4: Which is crazy because I've never written that seed phrase

196
00:11:07,920 --> 00:11:10,280
Speaker 4: down anywhere nowhere digitally. It's written down on a piece

197
00:11:10,280 --> 00:11:11,560
Speaker 4: of paper inside of a save.

198
00:11:12,400 --> 00:11:15,679
Speaker 2: That's when it clicked. Breaking into his computer was as

199
00:11:15,720 --> 00:11:19,280
Speaker 2: good as breaking into his safe. How much did you lose?

200
00:11:20,000 --> 00:11:22,360
Speaker 3: It's about between one hundred and fifty to two hundred thousand,

201
00:11:22,480 --> 00:11:25,839
Speaker 3: depending on how you value the assets themselves.

202
00:11:26,360 --> 00:11:29,720
Speaker 2: Jake was gutted and pretty confused. Who would do this

203
00:11:30,160 --> 00:11:33,160
Speaker 2: and how? His gut told him that this had to

204
00:11:33,160 --> 00:11:35,960
Speaker 2: be connected to that interview. But what kind of hacker

205
00:11:36,080 --> 00:11:39,120
Speaker 2: launches a YouTube channel and runs it for six years

206
00:11:39,320 --> 00:11:42,440
Speaker 2: just so they can scam someone. None of it made sense,

207
00:11:45,040 --> 00:11:50,160
Speaker 2: so he called nine one one, actually SEAL nine one one.

208
00:11:50,760 --> 00:11:53,679
Speaker 5: The official name is Open Security Alliance, but everybody just

209
00:11:53,720 --> 00:11:54,280
Speaker 5: says SEAL.

210
00:11:54,960 --> 00:11:57,160
Speaker 2: There were a team of white hat hackers who respond

211
00:11:57,240 --> 00:11:58,600
Speaker 2: to crypto attacks.

212
00:11:58,880 --> 00:12:01,920
Speaker 5: We do everything from people who got fished for one

213
00:12:01,960 --> 00:12:08,480
Speaker 5: thousand dollars to kidnappings to big North Korean heists. There's

214
00:12:08,559 --> 00:12:12,160
Speaker 5: all sorts of crazy things. Whatever people need, we'll figure

215
00:12:12,160 --> 00:12:13,000
Speaker 5: out a way to do it.

216
00:12:15,000 --> 00:12:17,800
Speaker 2: When we come back, the SEAL team gets to work,

217
00:12:18,200 --> 00:12:21,840
Speaker 2: the FBI steps in, and the real host of Tactical

218
00:12:21,880 --> 00:12:41,560
Speaker 2: Investing sends a very unexpected message, stay with us. Nick

219
00:12:41,679 --> 00:12:45,160
Speaker 2: Box is an incident responder at SEAL, and they've worked

220
00:12:45,200 --> 00:12:47,920
Speaker 2: on thousands of crypto hacking cases like Jakes.

221
00:12:48,640 --> 00:12:51,760
Speaker 5: Yeah, it's just you know, we're always on call. Some

222
00:12:51,880 --> 00:12:54,880
Speaker 5: days are a lot worse than others. Yesterday I woke

223
00:12:54,960 --> 00:12:57,840
Speaker 5: up and it felt like every single threat actor we

224
00:12:57,840 --> 00:12:59,839
Speaker 5: were looking at had decided to do something at the

225
00:13:00,000 --> 00:13:03,120
Speaker 5: exact same time. Fridays are worse. I think a lot

226
00:13:03,120 --> 00:13:05,920
Speaker 5: of hackers know that if they start hacking on Friday,

227
00:13:06,080 --> 00:13:07,920
Speaker 5: the FEDS won't get involved until Monday.

228
00:13:08,400 --> 00:13:10,640
Speaker 2: Nick didn't waste any time trying to get to the

229
00:13:10,640 --> 00:13:11,760
Speaker 2: bottom of what happened.

230
00:13:12,200 --> 00:13:14,240
Speaker 5: First thing we do in triage is give them a

231
00:13:14,240 --> 00:13:15,640
Speaker 5: set of instructions to follow.

232
00:13:15,960 --> 00:13:18,920
Speaker 3: Apparently phrasing you're supposed to actually is unplug your computer

233
00:13:18,960 --> 00:13:19,679
Speaker 3: from the Internet.

234
00:13:19,760 --> 00:13:21,360
Speaker 5: Disconnect your computer from the Internet.

235
00:13:21,440 --> 00:13:22,839
Speaker 3: I wish I would have knowne that probably would have

236
00:13:22,880 --> 00:13:25,080
Speaker 3: saved myself a lot, a lot of money.

237
00:13:25,559 --> 00:13:30,600
Speaker 2: Then came the forensic work, retracing every click, and as

238
00:13:30,679 --> 00:13:34,960
Speaker 2: they dug Nick Spidey sense started tingling he'd seen something

239
00:13:35,040 --> 00:13:35,760
Speaker 2: like this before.

240
00:13:36,520 --> 00:13:39,479
Speaker 5: Yeah, you know, as soon as we heard he suspected

241
00:13:39,480 --> 00:13:42,360
Speaker 5: a zoom call, we immediately start to think it's DPRK.

242
00:13:43,320 --> 00:13:48,360
Speaker 2: DPRK North Korea the most prolific crypto thieves on the planet,

243
00:13:48,600 --> 00:13:51,679
Speaker 2: and they've been using Zoom too. Traders and even crypto

244
00:13:51,720 --> 00:13:55,240
Speaker 2: companies with fake job interviews and investor.

245
00:13:54,800 --> 00:13:57,440
Speaker 5: Calls, and they play a video of a person that

246
00:13:57,800 --> 00:13:59,559
Speaker 5: might be the person you're supposed to be meeting with,

247
00:14:00,040 --> 00:14:03,440
Speaker 5: and they look bored and they're not talking, but it's

248
00:14:03,480 --> 00:14:06,199
Speaker 5: actually a loop of a video, and then they tell

249
00:14:06,240 --> 00:14:09,920
Speaker 5: you over text that there's trouble with the audio. And

250
00:14:09,920 --> 00:14:11,720
Speaker 5: then they write, oh, we've seen this problem before.

251
00:14:11,880 --> 00:14:14,920
Speaker 2: Just go to this link, a link to malware. But

252
00:14:15,200 --> 00:14:17,880
Speaker 2: Jake didn't click on anything like that. There was no

253
00:14:18,040 --> 00:14:21,880
Speaker 2: fake video. He just had a conversation one he thought

254
00:14:21,920 --> 00:14:23,120
Speaker 2: was a pretty good one.

255
00:14:23,600 --> 00:14:27,040
Speaker 5: The fake interview was new. We hadn't seen this vector before.

256
00:14:27,280 --> 00:14:30,080
Speaker 5: We realized it probably wasn't North Korea.

257
00:14:30,200 --> 00:14:32,400
Speaker 2: So the team went back to the drawing board. They

258
00:14:32,440 --> 00:14:36,400
Speaker 2: went over everything again and that's when they caught it.

259
00:14:36,720 --> 00:14:39,080
Speaker 5: They kept trying to get him to screen share.

260
00:14:40,600 --> 00:14:43,600
Speaker 2: The screen share that Jake used to demo agent hustle.

261
00:14:44,200 --> 00:14:45,800
Speaker 2: And while there are lots of things you can do

262
00:14:45,880 --> 00:14:50,640
Speaker 2: to protect yourself from a hack, antivirus software, avoid spamy leaks,

263
00:14:51,040 --> 00:14:54,480
Speaker 2: there's one thing that's as hard to see coming as

264
00:14:54,480 --> 00:14:59,880
Speaker 2: it is easy to fall for social engineering hackers exploiting

265
00:15:00,080 --> 00:15:07,320
Speaker 2: somebody's humanity, their ego, their enthusiasm, their fears. When it

266
00:15:07,360 --> 00:15:11,280
Speaker 2: came time to demo his project, Jake was enthusiastic. They

267
00:15:11,400 --> 00:15:14,320
Speaker 2: just launched this new AI tool and he wanted everyone

268
00:15:14,360 --> 00:15:17,920
Speaker 2: to know about it, so he wasn't quite as focused

269
00:15:18,000 --> 00:15:20,239
Speaker 2: as he went through the screenshare process.

270
00:15:20,680 --> 00:15:23,440
Speaker 5: They had a Zoom account where the name on the

271
00:15:23,480 --> 00:15:29,680
Speaker 5: account was Zoom, and then they requested remote control and

272
00:15:30,120 --> 00:15:34,120
Speaker 5: a notification pops up on Zoom that says something like

273
00:15:34,240 --> 00:15:36,680
Speaker 5: Zoom is requesting permission or remotely controller device.

274
00:15:37,320 --> 00:15:40,080
Speaker 2: In that moment, it didn't look like a red flag.

275
00:15:40,240 --> 00:15:42,200
Speaker 2: It just looked like part of the process.

276
00:15:42,720 --> 00:15:46,600
Speaker 5: People just think it's requesting permission to share my screen,

277
00:15:46,920 --> 00:15:52,080
Speaker 5: but it's actually requesting permission to remotely control your desktop.

278
00:15:52,680 --> 00:15:56,800
Speaker 2: Jake barely remembers clicking, which is exactly how the best

279
00:15:56,800 --> 00:15:57,440
Speaker 2: hacks work.

280
00:15:58,400 --> 00:16:01,200
Speaker 5: When you do get hacked, it's like a magic trick,

281
00:16:01,320 --> 00:16:04,800
Speaker 5: like an illusion. It's like when someone pulls a coin

282
00:16:04,840 --> 00:16:08,120
Speaker 5: from behind my ear. They didn't really make a coin appear.

283
00:16:08,680 --> 00:16:10,800
Speaker 5: They used a sleight of hand and tricked me.

284
00:16:11,280 --> 00:16:16,840
Speaker 2: And with that the hackers had everything remote access files, passwords, wallets.

285
00:16:17,280 --> 00:16:20,280
Speaker 5: Once you get you know, remote code execution on someone's computer,

286
00:16:21,240 --> 00:16:24,360
Speaker 5: you can do a lot. You can look for all

287
00:16:24,400 --> 00:16:28,840
Speaker 5: of the high value targets, private keys, SSH keys, access tokens, whatever.

288
00:16:29,040 --> 00:16:32,120
Speaker 5: Then they'll get your password manager. They'll try and take

289
00:16:32,160 --> 00:16:34,040
Speaker 5: over your Twitter account and your Telegram account.

290
00:16:35,600 --> 00:16:39,080
Speaker 2: The Seal team had a hunch maybe this wasn't North Korea,

291
00:16:39,640 --> 00:16:42,280
Speaker 2: maybe this was someone borrowing from their playbook.

292
00:16:42,800 --> 00:16:46,160
Speaker 5: It was actually a group of Western people, a US

293
00:16:46,360 --> 00:16:50,280
Speaker 5: or Europe or North America based hackers who had had

294
00:16:50,280 --> 00:16:55,240
Speaker 5: a clever method and were using it a lot.

295
00:16:54,880 --> 00:16:58,200
Speaker 2: A method that appeared to be piggybacking on North Korea's mo.

296
00:16:59,040 --> 00:17:03,119
Speaker 5: We have seen people try to imitate North Korean tactics,

297
00:17:03,440 --> 00:17:06,840
Speaker 5: and I think what happened is they heard about this

298
00:17:07,920 --> 00:17:11,320
Speaker 5: video chat zoom call vector and thought, oh, that sounds

299
00:17:11,359 --> 00:17:13,440
Speaker 5: like a good idea. We can modify that to fit

300
00:17:13,480 --> 00:17:14,360
Speaker 5: to our strengths.

301
00:17:14,600 --> 00:17:17,360
Speaker 2: Maybe they even thought that looking like they were North

302
00:17:17,440 --> 00:17:21,040
Speaker 2: Korean hackers would help them get away with it whatever

303
00:17:21,119 --> 00:17:23,960
Speaker 2: it was. Seal wrote about the group and in their

304
00:17:24,000 --> 00:17:26,280
Speaker 2: report they called them elusive comment.

305
00:17:26,920 --> 00:17:30,360
Speaker 5: I don't know if they think we'll just give up

306
00:17:30,400 --> 00:17:32,080
Speaker 5: because we know that they're beyond the reach of law

307
00:17:32,160 --> 00:17:35,240
Speaker 5: enforcement or what. But it's actually the exact opposite of

308
00:17:35,240 --> 00:17:37,359
Speaker 5: what you should do because there are a lot of

309
00:17:37,359 --> 00:17:43,240
Speaker 5: federal resources that focus completely on North Korea. So it's

310
00:17:43,240 --> 00:17:45,159
Speaker 5: not in your interest if you're a hacker to have

311
00:17:45,240 --> 00:17:49,040
Speaker 5: them think you're North Korea. Despite what some people might think.

312
00:17:49,560 --> 00:17:53,960
Speaker 2: The FBI is now investigating. Jake says they reached out

313
00:17:54,080 --> 00:17:56,880
Speaker 2: not long after he reported the attack and gave him

314
00:17:56,960 --> 00:17:57,920
Speaker 2: even more detail.

315
00:17:58,800 --> 00:18:02,679
Speaker 3: This is a very large scammering that's going on that

316
00:18:02,720 --> 00:18:06,840
Speaker 3: could total potentially, you know, eight or maybe nine figures

317
00:18:06,880 --> 00:18:09,920
Speaker 3: and lost to value, and they're all using zim apparently

318
00:18:09,960 --> 00:18:10,280
Speaker 3: for all of this.

319
00:18:11,280 --> 00:18:14,080
Speaker 2: But the FBI wasn't the only one who reached out.

320
00:18:17,520 --> 00:18:21,639
Speaker 6: Heyjake, it's Alex. Otherwise is known as Tactical Investing. My

321
00:18:21,680 --> 00:18:23,919
Speaker 6: account was compromised Wednesday of last week.

322
00:18:24,359 --> 00:18:28,359
Speaker 2: Tactical Investing is a real YouTube channel run by a

323
00:18:28,520 --> 00:18:32,280
Speaker 2: real person, Alex Banister. He's in the Air Force, and

324
00:18:32,640 --> 00:18:35,120
Speaker 2: to prove who he was, he sent Jake a video

325
00:18:35,200 --> 00:18:36,840
Speaker 2: of himself in uniform, you know.

326
00:18:36,880 --> 00:18:40,480
Speaker 6: For proof I'm in the military. There's my uniform Air

327
00:18:40,520 --> 00:18:44,320
Speaker 6: Force and then my last name is Banister. I'm check

328
00:18:44,320 --> 00:18:45,960
Speaker 6: it out here. It's on my uniform.

329
00:18:46,080 --> 00:18:50,399
Speaker 2: So the hackers hadn't just fooled Jake they'd hijacked someone

330
00:18:50,400 --> 00:18:57,439
Speaker 2: else's identity to trick him. Jake lost a lot that

331
00:18:57,600 --> 00:19:02,800
Speaker 2: day time money trust. But what bothers him most is Zoom.

332
00:19:03,200 --> 00:19:06,600
Speaker 2: That remote access button that Jake was tricked in depressing,

333
00:19:07,080 --> 00:19:11,679
Speaker 2: it's not some obscure setting. It's enabled by default for

334
00:19:11,800 --> 00:19:15,840
Speaker 2: all personal Zoom accounts. If you use Zoom, it's probably

335
00:19:15,960 --> 00:19:17,600
Speaker 2: enabled on your computer right now.

336
00:19:18,400 --> 00:19:22,159
Speaker 3: Basically, the whole scam is that if you're a host

337
00:19:22,359 --> 00:19:27,439
Speaker 3: of a Zoom interview, you can request remote access to

338
00:19:27,480 --> 00:19:29,879
Speaker 3: the guests. This is like a default feature that's on. Like,

339
00:19:29,960 --> 00:19:31,920
Speaker 3: if you turn that default feature off, this whole thing

340
00:19:31,960 --> 00:19:34,280
Speaker 3: goes away. It's literally that simple.

341
00:19:35,240 --> 00:19:37,920
Speaker 2: We reached out to Zoom and they told us they

342
00:19:38,040 --> 00:19:42,440
Speaker 2: take security seriously and that users must give explicit consent

343
00:19:42,560 --> 00:19:45,919
Speaker 2: before allowing anyone to take control of their screen, which

344
00:19:46,320 --> 00:19:51,080
Speaker 2: is technically true, but cybersecurity experts say that's not the point.

345
00:19:51,600 --> 00:19:54,320
Speaker 2: While no one would be hurt, if Zoom just turned

346
00:19:54,320 --> 00:19:58,160
Speaker 2: it off from a default setting, it could save unsuspecting

347
00:19:58,240 --> 00:20:00,680
Speaker 2: victims a lot of time money in hassle.

348
00:20:00,960 --> 00:20:04,120
Speaker 3: If they just did, they could easily fix the side

349
00:20:04,200 --> 00:20:07,439
Speaker 3: just making remote access default off, Like that's literally all

350
00:20:07,440 --> 00:20:09,200
Speaker 3: they have to do to fix it, but they don't

351
00:20:09,200 --> 00:20:12,439
Speaker 3: seem to be interested in wanting to make that change.

352
00:20:13,920 --> 00:20:16,600
Speaker 2: Jake says he's spoken with people at Zoom. He's even

353
00:20:16,680 --> 00:20:20,239
Speaker 2: heard their CEO was made aware of his case, but

354
00:20:20,320 --> 00:20:24,320
Speaker 2: so far nothing's changed. So Jake's doing the only thing

355
00:20:24,359 --> 00:20:26,600
Speaker 2: he can, the only thing he's been doing since he

356
00:20:26,720 --> 00:20:30,239
Speaker 2: first stumbled into the crypto spotlight. He's talking about his

357
00:20:30,280 --> 00:20:34,960
Speaker 2: life and telling people what happened to him, Journalists, crypto traders,

358
00:20:35,040 --> 00:20:37,520
Speaker 2: Twitter followers, anyone who will listen.

359
00:20:38,560 --> 00:20:42,520
Speaker 3: Yeah, it is embarrassing, but I felt like there's it's

360
00:20:42,640 --> 00:20:45,239
Speaker 3: much more important to keep people protected, to ensure that

361
00:20:45,280 --> 00:20:49,119
Speaker 3: this doesn't happen again and again and again. You know,

362
00:20:49,200 --> 00:20:51,200
Speaker 3: do I want to be the face of this, No,

363
00:20:51,280 --> 00:20:54,000
Speaker 3: not really, But do I want people to be aware

364
00:20:54,920 --> 00:20:55,760
Speaker 3: of what's going on?

365
00:20:55,960 --> 00:20:57,000
Speaker 4: Yeah? Absolutely?

366
00:20:58,680 --> 00:20:59,600
Speaker 2: This is quick Here.

367
00:21:02,359 --> 00:21:05,359
Speaker 1: That was Dina temple Rastin, host and managing editor of

368
00:21:05,400 --> 00:21:08,600
Speaker 1: the click Here podcast from Record of Future News and PRX.

369
00:21:09,040 --> 00:21:11,679
Speaker 1: The show tells true stories about the people making and

370
00:21:11,760 --> 00:21:15,360
Speaker 1: breaking our digital world. New episodes come out every Tuesday

371
00:21:15,480 --> 00:21:18,040
Speaker 1: and Friday. You can find click Here wherever you get

372
00:21:18,080 --> 00:21:21,160
Speaker 1: your podcasts, and starting in twenty twenty six, on selected

373
00:21:21,160 --> 00:21:23,840
Speaker 1: public radio stations will put a link to the podcast

374
00:21:23,880 --> 00:21:26,480
Speaker 1: in the show notes. Thank you for listening to kill Switch,

375
00:21:26,600 --> 00:21:29,000
Speaker 1: and we'll be back in the new year with new episodes.