Episode Show Notes

							
			

[START OF RECORDING]

JACK: When I was a teenager living at home with my dad, it always felt like he was invading my privacy. He would do things like open and read the mail that I got, or he would go into my room when I wasn’t there. He says he was picking up trash or collecting dirty cups, but I always suspected he was going through my things for some reason. [MUSIC] Sometimes he’d barge into my room when I was there, too, and I didn’t like that. What if he saw me doing something on my computer that I didn’t want him to see? So, I set up an early warning system so I would know when he was coming. I would sometimes put sheets of newspaper just outside my door. I’d arrange it in such a way that he’d have to step on it to get to my door, and the crinkle of the newspaper would tip me off that someone’s coming. This worked for a while, especially just hearing him complain ah, there’s newspaper all over the floor; what’s going on out here? That way, I would know he’s coming in. But one day, he decided to be tricky. He wanted to come in my room but didn’t want to make noise with the newspaper, so he came up to my door very slowly and quietly, and gently picked up the newspaper so that it didn’t make a single crinkle noise. With the early warning system deactivated, he opened my door and came right in. I was sitting on my bed reading one of my schoolbooks. I was baffled that he didn’t trip my alarm and I asked dad, how did you get in without the newspaper making noises? He held up the paper to show me he had picked it up, and he said I’m always two steps ahead of you. Glad to see you’re doing homework, and left. Well, little did he know that I was four steps ahead. I had wired a proximity sensor up to my door that he didn’t know about, and if someone came up to the door, a little light would blink in my room, letting me know that someone’s getting close. When he came up to get the newspaper, I saw the little light blink. I was playing games on my computer and I turned the monitor off, grabbed a schoolbook and jumped in bed, and acted like I was reading. This is what you have to do sometimes to catch someone in the act. Two steps ahead isn’t enough. Sometimes you need to be four steps ahead.

(INTRO:) [INTRO MUSIC] These are true stories from the dark side of the internet. I’m Jack Rhysider. This is Darknet Diaries. [INTO MUSIC ENDS]

JACK: [MUSIC] Content warning; there are multiple swear words in this episode. If you’d rather not hear bad language, you’ve been warned. Okay, so you don’t want your real name.

OS: No.

JACK: Okay, so we’ll just make up – we’ll just make up something; Frank or Tim or…

OS: I don’t know. Like, I’ll fucking do a random name generator. Let’s see what that says. How about that?

JACK: Yeah.

OS: We’ll let the ether tell us what it should be. Let’s call it Owl Stalker.

JACK: Wait a minute. What kind of name generator are you…? It’s like a video game name generator?

OS: Basically, yeah, dude.

JACK: Owl Stalker?

OS: Yeah, why the fuck not?

JACK: Alright, I tried to use that name, but I just can’t bring myself to call him Owl Stalker this whole episode, so I’m just going to abbreviate his name to O-S and call him Os for short.

OS: Yeah, just from a background perspective of early days, I used to run around in the warez scene as a wares administrator and a rooter, and also a crypto encryption cracker for games in disk. So, some of the largest groups that are out there, I was actually not only hosting for the zero-day drops of the warez scene, but also producing zero-day for the warez scene.

JACK: Ah, the old warez scene in the 90s. Warez is short for softwares, but it specifically means pirated software. [MUSIC] Warez groups would buy software, whether a video game or an app, and then crack it so that you wouldn’t need a license or a serial key for it to run, and then distribute it for anyone to download and use free of charge. In the warez scene of the 90s, you could download pretty much any popular game or app without paying for it. Today, that’s kind of gone away since apps and games require internet connections for them to run, but this was the 90s where internet wasn’t that fast, and this was also a time before torrenting was a thing. So, he was on IRC, the Internet Relay Chat, and was setting up servers to be the place to go when you wanted to download the pirated software. But he wasn’t always distributing pirated software. When he got his first gateway computer, he wasn’t sure what to do with it, [00:05:00] but then a friend told him to check out IRC, where he can meet others. So, he figured out how to get into chat rooms to see what was there.

OS: My nice baud modem decided to dial-up a pop-on. The first ten minutes that I’m in, I actually get popped. I had to rebuild my computer all the way from the ground up and at that time, it was all floppy disks to build the system, and I vowed to never let that happen again. I was pissed.

JACK: This is what started him down a tour of the dark side. He was already fascinated with what computers could do, and so when his computer got hit with a virus, it immediately fascinated him to want to know more. He started asking around about how something like this could happen, which led him eventually to these warez groups which were doing illegal things.

OS: So, I went and learned and trained and taught myself actually how to program. Then I actually kinda just made a decision as I matured and I saw some of the other big groups really starting to get taken down, like our peer groups in that warez scene starting to get hit really hard; several friends of mine that, you know, I had met through the years of being in that scene actually going to jail. I was like dude, I don’t want that to be me.

JACK: So, he decided to go in a totally new direction in life. After being hunched over his PC for years, secluded in his bedroom, he straightened his back and went outside, and started training.

SERGEANT: One, two, three, four, United States Marine Corps.

PRIVATES: One, two, three, four, United States Marine Corps.

OS: Alright, I chose the Marine Corps specifically ‘cause it was – I shopped around. All the other branches had already built cyber-security units and were already in the process of – they were one step ahead of where the Marine Corps was, and so I said you know what? I want to go in the Marine Corps specifically for this. I walked into a recruiting station and said hey, are you guys doing stuff with computers, to protect computers? It wasn’t even cyber-security, right? That didn’t even have a name at that point. They were like hey, look, we really don’t have a whole lot of options here. We’ll see how you test. I tested really high on the entry level and was guaranteed to go into the role that I played in the military which was the cyber-security side of the house, right?

SERGEANT: If I die in the combat zone…

PRIVATES: If I die in the combat zone…

SERGEANT: Hike me up and ship me home.

PRIVATES: Hike me up and ship me home.

JACK: The Marine Corps boot camp is thirteen weeks long, and it’s brutal. By the time you’re done, you’ll be in the best shape of your life. There are no computers in boot camp. Instead, you’re trained on how to be a killer. You learn to fight, you learn to use weapons, you learn to overcome fear and any obstacle that might be in your way. I say all this because it reminds me of a very specific scene in the movie Full Metal Jacket.

HARTMAN: Toejam!

TOEJAM: Sir, yes, sir!

HARTMAN: 0300; infantry.

JACK: The movie follows marines through boot camp and into the Vietnam war.

ADAMS: Sir, yes, sir!

HARTMAN: 0300, infantry.

JACK: When they’re finished with boot camp, that’s when they’re assigned their occupation.

ADAMS: Sir, yes, sir!

HARTMAN: 1800; engineer. You go out and find mines. Cowboy!

COWBOY: Sir, yes, sir!

HARTMAN: 0300; infantry. Taylor!

JACK: Then, one guy stands out; Joker.

HARTMAN: Joker!

JOKER: Sir, yes, sir!

HARTMAN: 4212; basic military journalism. You gotta be shitting me, Joker. You think you’re Mickey Spillane? You think you’re some kind of fucking writer?

JOKER: Sir, I wrote for my high school newspaper, sir.

HARTMAN: Jesus H. Christ. You’re not a writer. You’re a killer.

JOKER: A killer; yes, sir!

OS: [MUSIC] I didn’t think about the fact that the Marine Corps is this elite military and they’re trained to do nothing but kill, right? That’s literally all they are. I looked at it more as a means to an end, to go get the hands-on experience, right, from the government and really get trained up on government capabilities. That’s kinda how I looked at it, then I hit boot camp and went oh fuck, what did I do? Got stripped of everything that I was and rebuilt to who I am to some degree today, right? But how did I come back and go into that computing side of it? I mean, that was my end goal. I set a goal prior to going in and I made agreements with the Marine Corps that I would be provided that. Well, of course, now, later on, I’m realizing how lucky I was, because there are no guarantees. When you sign a contract with the government, whatever, military or any other freaking government service, you’re not guaranteed a damn thing, and particularly with the military, right? But how I transitioned back in out of that fighting mentality – I mean, I always kept it with me, right, because we were trained to fight first. But what was really cool is that [00:10:00] we were the ones that were defining how to fight with digital aspects first.

JACK: So, were you doing mostly offensive or defense, forensics, incident response?

OS: So, I did both. It just really depended on where I was and what I was doing. When I was typically not in a forward-deployed state, then it was defensive. Even in a deployed state, we would do defensive forensic stuff, you know, working with our signals intelligence or intelligence professionals as well. We would take and consume that. They would bring us physical devices, like I said, chip off-type stuff, like where we would actually go desolder chips on a board and actually analyze it at that level, but then also offensive kind of stuff.

JACK: How long did you spend in there?

OS: I spent five years active duty, long enough to realize that I made a really freaking awesome and terrible decision all in one.

JACK: Why was it awesome and terrible?

OS: Well, it was awesome because I got to go do some really cool shit and learn a lot of really cool shit, and it sucked because – I mean, again, go talk to a marine; you hate it while you’re in and you love it while you’re out, right? The life of a marine is not – it’s not an easy life, man. It’s not at all.

JACK: But this experience really did level up his understanding of computers, and specifically cyber-security. So, with this experience and know-how, he landed a job at a consulting company.

OS: They were doing forensics and other cyber-security kinda stuff, right? This is early 2010s, just to give perspective of timeframe here. I got cherry-picked by an individual to come into this consulting firm.

JACK: They had him start by doing digital forensics; analyzing an infected computer to try to understand more about the malware, looking for clues in a network or system that showed signs of intrusion, stuff like that. But they also had him doing some attack-type work too, where he would be assigned to try to get into a computer or a website or a network to test how secure it was. He did that for a while, but then he got a new assignment. [MUSIC] The government of Puerto Rico hired this consulting agency to come do some work.

HOST: 18 degrees above the Equator at that sweet spot where the Atlantic embraces the Caribbean is the island of Puerto Rico.

OS: In Puerto Rico, they sold the work and they were like okay, cool. We need to staff resources. Hey, do you have availability? Cool. Welcome to this project. That’s just kinda how it goes. In consulting firms, you get assigned to projects, right? It was sold to me as – initially that we were going down there to do IT operas – like, operational improvements.

JACK: What he was told was that for this project, him and a team would go down, audit the network, evaluate it, and see if there were any areas to improve to make the network more secure. Okay, so you pack your bags, you head out. How long did you think you were gonna be there?

OS: That’s a hilarious question. I realistically thought that I was only gonna be there for maybe two to three weeks tops. We were gonna come in, evaluate their technical capabilities and look at like okay, cool, you got this 1970s IBM mainframe. You might want to update that, right?

JACK: Little did he know, he would be staying there much longer than a few weeks. He arrives in Puerto Rico, and all goes as planned for a while. He sees what’s there and yeah, there are areas for them to improve the network to make it easier to maintain, get work done, and be more secure. So, he’s writing up all his findings and giving them suggestions on how to improve.

OS: Then the next thing I know, we’re in the middle of a meeting with the governor of Puerto Rico and he’s like, I love the work that you guys have going on and that you’ve done for us. I have a problem. He goes, we are losing millions and millions of dollars a month through the lottery of Puerto Rico, and we don’t know how.

JACK: [MUSIC] Now, to begin with, the governor of Puerto Rico is the highest person who has executive authority there, so the fact that they got to meet with the governor was pretty interesting. But this is a unique challenge, huh? To help figure out how they’re losing millions of dollars through their state lottery. Os was intrigued by this problem, but he wasn’t sure where to start. He had to learn and get familiar with how the lottery system worked. The lottery had weekly drawings. [00:15:00] The drawings themselves were physically done live on TV, not electronic like how some lotteries are. A bunch of balls go into a drum, and then they draw one ball out at a time, showing the camera, and that’s how the winning numbers are announced.

People would buy lottery tickets at special places that sold them, and if your numbers matched the numbers drawn, you win money. You don’t have to match all the balls, though. Even a partial match, like if your ticket contained three out of the five numbers, you also won. This Puerto Rico lottery is a big deal. It’s been running since 1934 and is ran by the Department of Treasury. Of course, a lottery is set up to generate revenue for the government, since the amount of the payoffs is never more than the amount of money generated through ticket sales. But in this case, the payouts were more than the ticket sales; a lot more. Millions of dollars were being lost in the lottery.

OS: We regrouped as a team and said hey, let’s think through this. What are all the possible reasons behind it? Maybe systems aren’t just communicating and updating fast enough because the network connectivity between Building A and Building B is absolutely horrible. Maybe some clerical error in their systems, like their – we’re talking, you know, as we started to do our IT analysis, they were still running Windows 95 on some systems in the early 2010s, right? It’s like, hm, okay, so maybe you’re just – your processes aren’t that good. Maybe they haven’t done a reconciliation of their books in a long time, so hey, let’s bring in our forensic accountants and have them go actually look at their numbers.

JACK: So, their forensic accountant looked through the ledger; how much was paid out and how much was bought. Yeah, sure enough, millions of dollars more were paid out than were bought, which means the lottery was losing money, which is not supposed to happen. The lottery is set up to always generate money, not lose money. But these accountants couldn’t figure out why. They did confirm that there were significant losses in the system, but from their analysis, it looked like all of the money was just going to legitimate winners, [MUSIC] and nothing suspicious at all. This mystery grew deeper.

OS: We then went and started at the very onset of the process. Like, let’s go physically look at where the actual lottery balls are stored and how they’re stored.

JACK: Now, since this is the governor asking for help, they had all the clearances and permission they needed to make a visit where the lottery is conducted. He got to get up close and personal with the lottery balls themselves and analyze them.

OS: Yeah, I got to touch and examine the balls, dude. It was pretty fun.

JACK: The balls seemed fine. None of them were an odd weight or size that would make them more or less likely to be drawn. It didn’t seem like that was the problem. So, next, he looked around and asked…

OS: Who all has access to this? Alright, you got cameras, you got door badge access systems…

JACK: He was given the names of everyone who had access to the lottery equipment. Controls seemed to be properly in place. Only a few people had access to the balls and drawing room.

OS: Then we start down the process of okay, so, day of or day before, what’s your process? Do you have a reconciliation? Yep, all of these balls get moved – these racks of lottery balls get moved over and get staged. They get counted again, they get allocated, they get signed off on. There’s the huge accountability process pre-day. The same day of the lottery drawing, they go through again first thing in the morning. They do a check-in at lunch and then right before the actual drawing itself, they do another check and then they roll them out to the public view.

JACK: So, the public view is really TV. Every week, the drawing is done live, broadcasted on their local TV channel. This is a big deal in Puerto Rico; many tune in while holding their tickets to see if their numbers are drawn.

OS: We actually had the opportunity to walk out with the balls.

JACK: He means he was able to shadow and keep his eye on the lottery balls at every step of the way between when he examined them and when they were drawn on live TV. This way, nothing could be swapped or changed on his watch.

OS: [MUSIC] So, we walked the balls out to – with the actual employee. There was two employees that were assigned to do nothing but manage the lottery balls. That’s it. That was their sole job. Day in, day out, they would go in, do accountability, reconcile sheets, and basically count them, make sure everything was good to go. The way that they sort them; it’s not like we – how we see here in the United States, ours are, [00:20:00] where they’re these plastic ping-pong balls. These are like little plastic beads – they’re a little bigger than a bead, but they have a hole through the middle of them and they’re stored – instead of a plastic container with locks on them, they’re stored – they slide the beads down a metal rod and each rod held a certain number of lottery balls, and they would lock, each one of those. So, it was like this gigantic wooden box with ten rows of these lottery balls in it with ten locks on the front of it, right? So, they’re rudimentary but tamper-proof to some degree, but they had full accountability day in and day out of them. Even more heightened on the day of drawing, they had full accountability of the physical asset that – the lottery balls themselves.

Once they would actually go through, they would dump them into the hopper, and then it would actually do the hopper draw. It would actually roll a ball down. There was a panel of employees for the lottery of Puerto Rico that sat up front that that ball, when it came out – they started from left to right – the first person on the left would get it, put the ball on the little – on the actual tray. They would have the empty trays and they’d slide the ball down the little empty tray, document on a piece of paper what the number was, and then they would continue to do that for the entire drawing, and it would go all the way down. Then whenever they would fill up an actual lottery ball holder, they would lock them up, they would hand them back to the individual. They had chain of custody forms and all sorts of craziness. Then it would go – then all of those paper sheets would actually go into a review room where there were four analysts that would sit in a review room, and they had them – from start to finish, they had them in order.

So, they would watch a video and pair up how the balls were inside of the actual metallic rack and validate that yes, that’s correct; that’s the correct ball, that’s the correct drawing number, et cetera, et cetera, et cetera, right? Then what – that would get them put into the computing system for the lottery of Puerto Rico, and what would happen then is that would go back into a database, and that database would then be shared with the government of Puerto Rico’s printing group, and they would go do a print run of all of the winning numbers in the newspaper. Then they would also take and actually do – on the news that night – a live notification. It’s published live; the Puerto Rican lottery, you can watch it locally and national TV live, but then they do a recap on the news like we do here in the United States to some degree. So, the physical security process was fully sound. There was nothing that we could find that was amiss. It was like okay, they’ve got accountability all the way through when they’re printing the numbers. We even validated the numbers, right? We’re like, that’s right in the paper. Yep, it’s right on the news.

JACK: So, after analyzing the system, they felt like the physical security of the balls and drawing process was fair and secure. Their next step was for them to follow the numbers. Once the officials recorded the winning numbers, where do they go next? Well, another government department handled the next part. See, there was one department in charge of the drawing, and then there was another department in charge of the payouts. So, they went to the payouts department and they found the systems where the winning numbers were entered. They confirmed that the winning numbers did in fact match up with what was actually drawn. Next, there is a database that gets updated. The database has a list of every single lottery ticket purchased and what numbers that ticket had. The database takes the winning numbers and updates all the tickets in the database to indicate if the ticket is a winner and how much should be paid out. They go and meet with the team that manages this database.

OS: The database administrator goes, who are you and why are you here? Who’s authorized you to be in here to audit me? I know how to do my job. Leave me alone, and really was standoffish. I’m like hm, that’s a little odd.

JACK: That is a little odd, but when I was the admin of firewalls for a company, I was very protective of them, myself. I, too, would ask for credentials of anyone asking to see what’s inside, just to make sure. So, maybe this is fine.

OS: So, at that point, we’re like okay, we gotta look at the database system itself. So, it’s a Db2 database and I’m like alright, that’s a pretty sound, solid financial database. I mean, companies today still use it; highly transactional, makes sense. [00:25:00] Go through, look at the security configurations and settings. I didn’t know enough about it, so we hired a professional to come in that was specifically a Db2 database administrator. He looks at it and he’s like dude, everything looks sound and solid.

JACK: The database administrator checked a few things, first seeing who has access, and it was everyone who was supposed to have access; just the IT team who was responsible for maintaining it. Nobody else. Next, he looked at the logic of how the database gets updated, but that was fine. The tickets that should have been winners were updated properly, and the tickets that were losers were shown to not pay out anything. So, this database looked fine. Next, he went down to where people were buying lottery tickets and getting paid for their winnings.

OS: We audited that process, where individuals would go cash in their lottery tickets. We went and audited several of those stations on the island ‘cause they were specific locations. It’s not like you could go to any gas station. They had very specific set up locations where you could go cash in your lottery ticket for winnings.

JACK: This, too, all looked just fine. Nothing strange or unusual here, either. [MUSIC] So, him and the team looked again to see how much money was missing from the lottery while they had watched the whole thing take place. Something strange happened; the lottery showed no losses for the weeks that they were there investigating this and shadowing people and auditing the payout stations and analyzing the databases. Huh, that’s odd. But that’s a clue in itself.

OS: That’s why we kinda saw a slow trickle when we first got to the island and were inside. Really, we identified the hard stop was when we went and actually had the interview and sat with the database team.

JACK: That was the same database team that was questioning him for being there, so his hunch was that if this stopped happening once he started poking his nose in things, then he thinks this might be an insider.

OS: So, we take this all back to the governor and we’re like man, there – the only thing that this is pointing to – you’ve got an insider somewhere, and we don’t know what it is. It’s on the digital element. The governor of Puerto Rico looks at me and the team and goes, I know you’re here for security elements. Go do whatever you have to do to figure this out. You are indemnified of anything – of any digital crime or physical crime on the island to figure out how the hell I’m losing this money. I said, can I get that in writing? He said, absolutely. So, to this date, I own an indemnification of committing any crime on the island of Puerto Rico, which is pretty cool. I’m like, fuck yeah.

JACK: Now, by this point, he’s been there for over a month trying to figure this out. So, while he thought he was only gonna be there a few weeks, he’s now flying into the island every week and flying back home on the weekends. But now, he suspects someone inside the lottery is doing something sneaky. But who? Stay with us because after the break, he goes four steps ahead. Os has examined every aspect of the network and found nothing that would suggest the lottery is losing money. He has confirmed that before he got there, it was losing a lot of money, but whatever was happening stopped since he’s arrived. This makes him believe that there’s an insider somewhere that stopped once they saw he was investigating. But now the governor of Puerto Rico, the highest executive position on the island, has granted him full indemnity and that he may investigate this however he wants, even if it requires breaking the law to do it.

OS: [MUSIC] Absolutely. That’s why they gave me indemnity, ‘cause I…

JACK: You were referring to – can I break into a network?

OS: Can I break into a building?

JACK: Like, were you asking the governor that?

OS: Yeah. I was like, what do you mean by free reign? He’s like, do whatever you need to do. I was like, so you’re telling me I could go break into a building and I won’t get arrested if – or, if I get arrested, then I’m indemnified and you’ll drop all charges and you’ll bail me out? He’s like yeah, and I’ll invite you over to my house to have Chinchon and freaking – some Cuba libres.

JACK: This is exciting.

OS: I geeked out. Like, what the fuck? He was totally – like, me being a pen tester, I’m like, what the fuck? I just got indemnified by the government of Puerto Rico to do what? Okay.

JACK: This is so unusual. I don’t even – because he’s pretty much been given permission to hack into the [00:30:00] government of Puerto Rico to find this insider, which is like a penetration test, right? But typically this is done just to check how secure the network is. In this case, he was going to hack into the network to try to catch someone conducting criminal activity inside the lottery’s network. So, that’s a totally different objective from a normal penetration test. Also, pen testers typically have what’s called a get out of jail free card, where the head of security has granted them permission to hack into the network or break into the building. But in Os’ situation, he has a literal get out of jail free card from the governor which allows him to break laws if he wants.

If he gets arrested, he could just show it to get out of jail. Now, Os has done a number of penetration tests before he did offensive work while in the Marines, but he’s also conducted a number of them as a consultant. So, he’s experienced at this and already has a good lay of the land since he’s been there auditing this whole process for the last month. He knows how everything is working and who all the people are that make it work. The first thing he does is notify the FBI. Now, you might be wondering, why would be FBI be interested in what’s going on in the lottery of Puerto Rico? Well, that’s because Puerto Rico is a territory of the US, so there’s actually an FBI field office over there, and Os thought this was a criminal case worthy of the FBI knowing about, and that he was investigating it and had permission to do so.

OS: They were like alright, go investigate, get everything that you can. You have carte blanche to do whatever you want, right? Like, literally carte blanche. Mind you, up into that point, I had been suit and tie every freaking day, right, as a consultant is, usually on your customer’s site. I freaking dropped into straight civilian clothes, acting like a tourist. I did some things to change my appearance and walked right into the government building and started to look around.

JACK: He went into this building because he knew this is where the database and main network for the lottery payout system actually sat. He figures if he can get into the building, he might be able to get into the network covertly. But you might wonder if he has full permission from the governor, why not just get official authorization to log into the network systems himself? Well, he did that, remember? He found nothing. That might have been because it’s very obvious that he was in there looking around for this particular thing. If you’re some insider hacking the system and you’re trying not to get caught, you’re not gonna be in the network doing bad stuff when you have auditors looking over your shoulder, right? So, he wants to go in covertly to see if he can find malicious insider activity when they think they aren’t being watched. [MUSIC] So, he heads into this government building with the goal of finding a way into the network. But to be successful, he needs to bring some supplies.

OS: Full-on lock pick set. Like, that was number one. I had two laptops with me. I carried them everywhere I went. I had my forensics laptop and my offensive security laptop. The standard tools that I also carry is a pocket knife and a flashlight, right?

JACK: Looking like a tourist, he heads into the government building. Now, this is a publicly-accessible building with places that citizens can go and take care of things like permits or even cash in lottery tickets there. On top of that, he’s been in this building a few times already as he was auditing the whole lottery process.

OS: There was a door that – where I knew the finance office was. Like, the finance office, you’re – say you’re walking down a hallway and you come to a T intersection. To the right, there was a sign that said Finance but straight ahead, like ten feet ahead past that T intersection on the right-hand side, there was a door. I was like hm, I wonder if that’s where they keep physical financial records. Might be a computer in there that’s unlocked, right? So, that’s what I was thinking off the top of my head. I look up and there’s no cameras pointed at this door. They’re pointed down the main corridor facing towards where the entrance of the government of Puerto Rico’s entrance is, and then down the corridor of where the finance office main door is, but there’s not one facing – or towards me or facing behind my back at that door, because there was an end of a hallway. So, there was nowhere you could go, basically, at the end of it. So, I’m like okay, so I just lean up against the freaking wall and jiggle the handle. It’s locked, so I pull out my lock pick set.

JACK: He starts trying to pick the lock which is not a fast or easy thing to do. It takes time and patience and lots of trial and error. You might not have the right tool at first and you need to try a different one. You don’t know if you need to turn the lock to the right or left to unlock it, so it’s kind of like throwing darts in the dark. At the same time, he’s nervous and someone could be coming around the corner at any moment and see what he’s doing and question him. But after a short while, he gets the lock open [00:35:00] and opens the door.

OS: [MUSIC] I pop the lock on this door. I was correct; it was the Finance Department. I was correct; it’s where all the physical freaking documents were. I was correct that there were computers in there. I was incorrect in identifying that there might be people fucking sitting in there. So, four people turn the fuck around and look at me and go, what are you doing here? How did you open that door? That door’s supposed to be locked. I’m like oh, shit.

JACK: He just goes right back out into the hallway and closes the door. He sees that people were getting up to come see what he was doing.

OS: I was like oh, here I go, I’m going to fucking Puerto Rican jail. This is gonna suck, right? I was freaking the hell out, dude. I didn’t know if I could believe the governor of Puerto Rico or not. Is he really gonna bail me out of jail? How long is it gonna take for them to realize that I’m in jail, right? Those are thoughts going through my head when that happened.

JACK: He had to think fast. He did some mental calculus; should he run? Well, that would certainly make him look more suspicious and it could get him kicked out of the building for good. Instead, he wanted to contain this problem to just this office, so he walks around to the front door of this finance office and he tries to think of a story. Because he’s been there before, he remembers that the floor above him is where the passport office is, and that’s what he decides to use as an excuse. He was going to act like a lost tourist not able to speak Spanish and was looking for the passport office. So, he puts on a face and walks into the finance office.

OS: I’m like hey, I was told to come here because this is the passport office. So, the director of finance for the entire government of Puerto Rico was one of the guys that was sitting in the back, right? He walks out and he’s like, that door was not unlocked. I was like, it was. I just pushed on it. I don’t know. Sorry, sir. I’m really…I lost my passport. I’m trying to go to Cuba. Because at the time, you could fly from Puerto Rico to Cuba. You couldn’t fly direct from the United States to Cuba, but you could fly to Puerto Rico and then fly from Puerto Rico to Cuba as a United States citizen, right? This director of finance was giving me the side eye but he’s like yeah, follow me.

JACK: He gets escorted to the passport office. He was trying to contain his stress on the way, and on the walk there, the head of finance was curious of the situation.

OS: Well, he drops me off at the passport office and I walk in. I’m like hey – so, I fill out a bunch of documents and act like I need to get a freaking – my passport, basically, freaking renewed because I had lost it or whatever, and waited ‘til he left. I just kinda sat ‘cause there were quite a few people in there, and I just sat and just kinda waited for about half an hour or so, if I recall, and then bounced out and continued on down the path. Totally almost got fucking popped.

JACK: He left the building. That was enough excitement for a day. Who knows what would happen if they called security on him or caught him on another floor trying to open other doors? He decided to leave and let things cool down.

OS: Ended up in a – and going back the next day. I had already seen what looked like a lunch room area up on the third floor. So, this is – mind you, the government building’s like, seven stories tall. I was like, it looks like a little lunch room. I was like, I’ll go check that out today. So, I head up to the third floor. Mind you, Finance was on first floor. Second floor was the passport office, so – opsec was in terrible aspects of multiple things, and I included this in my report to the governor of Puerto Rico. I was like dude, you have all these financial records that are sitting – your physical financial records are sitting on the first floor. You have hurricanes and flooding continuously on this island; you might want to think about moving that to a higher level. Shit like that. Those were kinda other recommendations that we were putting out there for him.

JACK: He gets up to the lunch room area, then walks around the hallways near there. He sees another door and tries to guess what’s inside it. He puts his ear up to the door. No noises are coming from inside. There are no windows to see in, either. He walks around the halls. No signs as to what this office might be, and it’s not connected to any others; it’s sort of a secluded office with no signage. Hm. He pulls out his lock picks and starts working on the lock. [MUSIC] After a few minutes, he gets it open and looks inside.

OS: When I opened the door, man, it’s like, freaking inch and a half, two inches of fucking dust all over the fucking floor, dude. I look to my right and there’s three PCs lined up in a row that have plastic pulled over them. There’s no lights on in here, so I’m like okay, cool. [00:40:00] So, I literally pull my flashlight out and make my way over the computers, dude. Lo and behold, one’s running.

JACK: Nice. This is great for him; a room that nobody ever visits. It’s dark, it’s quiet, and it has a running computer. This could be gold. If this computer is connected to the lottery network, then he can use it to watch and gather data he needs to catch the insider.

OS: I close the door behind me and I actually set my laptop up against it so if, for whatever reason, someone came in, it would knock it over and alert me to – it wasn’t a big room. It was probably the size of – I’d say it was probably a fifty foot by fifty foot, but it would give me enough time to at least lock down everything that I was doing. I’m like, oh, sweet. Let’s go check this out. So, I lift the plastic off the monitor. I’m like, let’s see if it even works. Turn the monitor on; presented with a log-in screen for Windows 98 with the admin account. I’m like hm, it’s not gonna be this easy, right? Like, admin, admin. Nah, doesn’t work. So, I sit there and I’m like, let’s just sit here and think through this and logically – if I were the administrator or system administrator for the government of Puerto Rico and was running a 1998 system, what would I use as the password for admin to get on the system? So, I run through your typical default list of passwords for admin, like admin/admin, admin/administrator, admin/root, freaking – et cetera, et cetera. I try this over a period of a couple hours ‘cause I didn’t want to potentially trip if they had any alarms, like multiple failed log-in attempts on a system.

JACK: None of his log-in attempts worked. He couldn’t guess the right password. He found some open Ethernet ports and tried plugging into them, but none of them worked. He thought about unplugging the one running computer from the network and plugging his laptop into it, but he wasn’t sure if this computer was running anything important. He wanted to be as quiet as possible. So, he went home for the night to rethink and strategize.

OS: I’m like, alright; Metasploit, what do you have for 1998 Windows systems? There was a boot screen freaking – what is it? The accessibility feature – I can’t remember what the actual vulnerability was, but basically ended up being able to create an exploit that I could plug in a USB and bypass the log-in screen.

JACK: Okay, so Metasploit is a really cool toolkit with lots of exploits and vulnerabilities that are all prepackaged and ready for you to just hack into things. He creates this USB drive with the exploit payload on it, and if the exploit works, he should be able to just go back to that computer, plug in the USB drive, and get into the system. [MUSIC] So, he goes back the next day, heads up to the same room, picks the lock to get it open, puts his laptop against the door as a rudimentary alarm system, and pulls out his malicious USB stick, and puts it in the computer running Windows 98.

OS: Drop it in, get full access. Sweet.

JACK: He’s now on this computer as an administrator. Amazing. But he quickly realizes he’s only administrator for this computer. It doesn’t give him access to anything else. He checks the network status. Yes, this computer is on the network and yes, he can reach the lottery network from here. Fantastic.

OS: I’m like, alright, I’ve got this access into this system, I’m local admin. Is there any antivirus running on it? It didn’t flag for my exploit to come on, so that’s kinda cool. No local antivirus on the system. Connected to the network. So, I’m like alright, so, I have a couple options here; I can either unplug and hope that they’re not doing freaking 802.11x, like NIC-based security or if they’re doing Mac address filtering security, et cetera, et cetera. I start thinking through, like, what are my options here? Do I install tools locally on this system or do I unplug the NIC from the system and then jack in with my pen testing laptop? Well, in the meantime, I’m like alright, well, I have local admin. Let me go ahead and dump the credential files.

JACK: When you have users on a computer, their username and password hash is stored somewhere on that computer. When you’re administrator, you can see the password hash. Now, the password hash isn’t the password; it’s the result of the password when it’s passed through an algorithm, and it looks like scrambled letters. So, he grabs this hash file to try to crack the passwords on this computer, because [00:45:00] with the USB exploit he used, he just bypassed the log-in process. He didn’t actually use a password to get in. So, he thinks if he can crack the password on this computer, then he can try using this username and password to get into other computers on the network.

OS: So, I dropped that to my thumb drive, pull that off, throw that into my pen test laptop.

JACK: He then runs a tool called John the Ripper to try hundreds of thousands of passwords to see if they match the hash. The program can try hundreds of passwords per second or more depending on how fast the computer is, so he knows this will take a while, and just lets it run.

OS: So, I’m like you know what? Fuck it. They haven’t been aware that this system’s online. They’re not gonna know if it goes offline, so I unplug…

JACK: He only unplugged the network cable, not the power cable.

OS: …and actually leave it unplugged overnight just to see what happened, right? So, I leave the room, I leave it unplugged overnight, go and build another thumb drive that has a bunch of tools on it like Nmap and freaking man-in-the-middle tools. But basically, I build my tool suite onto a thumb drive that I can take and actually just run off of my thumb drive instead of installing directly onto the system, right?

JACK: [MUSIC] With all kinds of extra tools, he heads back the next day, goes up to the floor, picks the lock, gets back in, sets the laptop against the door, and goes back to the computer. He plugs the computer back into the network port and all is fine. So, he plugs in the USB drive and starts to run one of these tools he brought.

OS: So, I actually enumerate the network.

JACK: This is the typical first thing a pen tester does to get a lay of the land. Enumerating the network is basically getting a map of what’s out there. You can ask certain systems what other computers do they know about, and they’ll be happy to tell you. Nmap scans are also common which can scan a whole range of IP addresses inside the network to see if anything responds.

OS: I knew the IP address ranges for the IT systems over in the lottery, so I was like well, let me see if I can ping those IP addresses and see how this network looks. It was like – basically looked flat.

JACK: I like to think of a flat network like an empty hull of a ship. If it’s just one big, open space in the hull and there’s a hole in the hull, the entire hull can fill up with water. So, a good idea is to segment your network so that if someone gets into one part of your network, they are completely blocked off from getting into other parts. So, what he found is this long-forgotten computer not only was connected to the network, but it could reach every part of the network since nothing was blocking it. This was fantastic for Os who wanted to find a way into the systems he thought were suspect. But now it’s closing in on the end of the third day. He’s thinking it’s starting to get risky if he has to come back here every day and pick a lock and sneak in, so he sets up a reverse shell to this computer. This allows him to go back to the hotel and from there, he can remotely connect into this computer and use it as if he’s sitting right in front of it. So, he goes back to the hotel and looks at the scans that he was doing on the lottery’s IP range.

OS: I find a web server that has port 80 and I’m like alright, that’s cool. I wonder if it’s open from the outside.

JACK: By ‘open to the outside’, he means can he get to it from the World Wide Web and not the local network?

OS: So, I ran a scan on the outside of the network as well. Again, fortunately for us, we had already been given the IP addresses for the entirety of not just the lottery, but the government of Puerto Rico because as we were talking with them, we’re like look, maybe someone compromised them from the outside and you’re getting money siphoned off, right? Maybe that’s a possibility. So, we asked and they provided. So, I run a port scan against the outside, find the web server that enumerates at the same version of Drupal that I had. I go through the Metasploit table; there’s an exploit for remote code execution, exploit for – and it’s running on a Linux system.

JACK: So, when trying to exploit a system and get unauthorized access to it, the more you know about it, the better. A scan might show you what kind of server is running, what kind of web framework is on that. In this case, Drupal was the web framework and the operating system was Linux. On top of that, you might get versions of what software is on that system. If you know what version it’s running, you can go look to see if that version has any known vulnerabilities that you can exploit. Os found a vulnerability for that version of Drupal and tried to exploit it from the outside, and [MUSIC] bingo, it worked. He got in, which is always a rush to hack into a system from the outside.

OS: I was like, holy fuck yes. Literally, the whole team was sitting around the table and I’m sitting there freaking – I’m drinking a Mai Tai at this point. I’m like fuck yes, check this out. I’m doing my due diligence with screenshots and all that other shit, right? They were like, are you fucking serious? I’m like, yeah. So, I do general commands to show [00:50:00] who am I, and it shows root. Then I actually do freaking a dump of basically the file structure and freaking show that it’s actually the Puerto Rican web server, right, not just some random-ass server, dude. Start pinging internal IP addresses that they had already grabbed forensic images off of as well, too. They were like, holy shit. I’m like yeah, from the hotel WiFi, bro. What’s up.

JACK: Excellent. He’s now in a system inside the lottery’s network, and from here he’s able to get into other computers and route traffic to this Linux server so he can capture and analyze the traffic in the network. This is the man-in-the-middle attack that he was wanting to do. It’s kind of like a wire tap but for network traffic. So, once he’s got all this set up, he watches the traffic day in and day out.

OS: Basically, this is – yeah, we’re about, what, month three and a quarter at this point. So, what we did is we actually started laying low once I actually had popped everything and had access, and just started monitoring. We were sitting just at the hotel monitoring. I’m chilling, hanging out. We know that the drawing goes, we know that the actual input goes the night of the drawing, but doesn’t start the payouts ‘til the morning. We see a log-in from the individual – one of the database individual systems into the mainframe, which was abnormal to see that. Then, at that point we said okay, we need to go basically get on this mainframe. So, the governor of Puerto Rico forced the CIO to give us physical access into that mainframe. They basically pulled the CIO from his job and placed him on temporary leave. We have administrative access on this mainframe, this IBM mainframe where the database is running, and we put some monitoring tools on and just started monitoring.

JACK: They were able to watch the logs of the database; who logs in, what changes do they make, what data is being updated. With a database like this, there are tons of changes. So, when someone comes to cash in their winning lottery ticket, they take it to a place where they can cash it, and the clerk scans the ticket. At that point, the scanner will check the database to see if it’s a winning ticket or not. So, already the database has a read operation that would show the logs. Then the database tells the clerk this is a winning ticket; you should pay this amount. When the clerk pays it, it updates the database to indicate this ticket has been paid and it shouldn’t be cashed out again. So, every lottery ticket that gets paid, there’s an update to the database, which means there’s a lot of logs that he’s gotta sift through to try to find anything unusual. So, he’s watching these transactions happen all day, every day. A clerk scans a winning lottery ticket; it’s a winner and should be paid out for a dollar, and the clerk pays out the dollar. Nothing odd there. But as he looks closer at these logs and analyzes them more, he sees something. [MUSIC] He sees someone change the payout amount for a winning lottery ticket. They went into the database and made the payout higher than it actually was.

OS: The payout was supposed to be a dollar, but it would change to like, $10,000. You would see the transaction for $10,000 exit, and then you would see the amount that was actually paid out go back to a dollar in the database.

JACK: This was it. This was the smoking gun. Someone inside the lottery IT team was going into the database and changing one number, waiting for the payout to happen, and then changing it back. This is why when they audited all the transactions before, they didn’t find any sign of this happening, because someone’s going in the database and wiping the evidence. It was only from sitting patiently, doing some real-time monitoring of logs, collecting network traffic, and watching these tickets get paid out that they caught this.

OS: At the point that I had actually dropped in and we were monitoring and we see this, I immediately have to contact the bureau, the FBI field office in Puerto Rico.

JACK: The governor wanted whoever was behind this arrested and instructed him to contact the FBI. Remember, Puerto Rico is a territory of the US, so there’s an FBI field office on the island. But before he could give the FBI all this evidence, he needed to figure out who the person was that was making these changes, because the problem was whoever was doing this was using the username ‘service’ to make these changes, not his actual username. So, it wasn’t clear who was going in and making these changes. [00:55:00] But the thing about this database, because it’s a super-secure database, the only way to actually make changes to it is to physically go into the data center room where the server was and log into it that way. There was no way to connect into this thing remotely. This is great because now he just needs to know who was in the room during that time that the change was made, and there’s an easy way to figure that out; security camera footage. Os gets access to the video and rewinds it to that moment.

OS: [MUSIC] We’d see him walk into the server room like, two seconds later, log into the mainframe, be there for a few minutes, and then leave. So, we were able to tie hey, there was a transaction that occurred between here and here. What was this at this time? So, what they started doing is taking snapshots on that database, like literally on the hour, basically, and they were able to actual – what we were able to point out is look, last night’s synchronization of this, this ticket should have paid out a dollar. It changed at this time. Here’s camera feed, here’s network access into the mainframe, here’s camera feed access to him walking into the server room where the mainframe is, here’s the modification into the payout table, and here’s a modification of the actual payout table being done again. Here’s him walking out of that server room, badging in back into the database, or the IT room, and here’s video feed footage of that as well. So, we nailed, tied down, all the way up.

JACK: So, this explains what was happening inside the network at the time, but what about what’s happening outside the network at the payout stations? This operation must have been coordinated with someone outside.

OS: Yep, so they would say I will be at this payout station at this time, so this guy would go in ten minutes beforehand, change the payout amount. The person will walk up with a boleto, take a number. They would actually type in the boleto serial number, and it would be for $10,000 versus a dollar. He would see the transaction process and then immediately go flip it back to a dollar. So, the individuals on the end, at the payout stations, didn’t know. They were like oh, this is a $10,000 winning ticket; sweet. Here’s your $10,000.

JACK: Os has cracked the case. He’s figured out how the millions of dollars are being stolen from the lottery, and he knows exactly who did it with all the evidence showing how it was done.

OS: We called the bureau. We’re like dude, we’ve got soup to nuts evidence of freaking fraud right here. Like full on, we know that this is happening; definitive – this individual is fully active and doing this. The bureau’s like cool, wrap up all your information. This is kinda freaking fun. When you meet with the bureau to do data drops, you think you’d go to a field office and go hand them whatever evidence you had. Well, that’s not the case here. Because we were the gringos on the island, because they had freaking taken and actually put the CIO on leave, and basically we had interviewed and there was already enough noise fluttering around and people were starting to kinda talk. The FBI mentioned to us that hey, there’s chatter in the cartels that there’s gringos on the island actively investigating. Be heads up. That’s why we went in to wait for a little while post me actually having access. One, I needed to collect evidence, and two, we were laying low because the cartel – there was chatter from the FBI that the cartel was aware that there was some sort of investigation going on. But once we actually – so, this is the fun part, though.

Again, what I was trying to say is that you would think that it would be a field office that you go walk this data into. Well, no. Here, I’m a gringo in freaking Puerto Rico, right? They call outsiders gringos, right? So, they – the FBI, instead of having – and this tripped me the fuck out because I had worked with them tons in the military, right? It tripped me the fuck out when they go yeah, meet us at the mall food court and just bring it all on a thumb drive. [MUSIC] I’m like, what the fuck? So, I go to the Puerto Rico mall to meet the bureau to transfer the empirical data that we have at this point on at least this database administrator making these manipulations and payouts, right? And literally meet these two guys wearing casual clothes. We go order our food at the little food stall. We’re walking with the trays [01:00:00] and he’s like, you got that thumb drive? Just drop it on my tray while we’re walking. Then I do; he grabs it, puts it in his pocket, and we go sit down and eat lunch. Kinda fucking wild, right? It’s like, what the fuck?

JACK: Supposedly the reason for this is safety and security. There are drug cartels on the island and the FBI knows that the cartels are watching the FBI field office very closely and knows everyone who comes in and out. Since Os was already being talked about by the cartel, they didn’t want to tip off anyone that Os might have found something and was meeting with the FBI. So, they made it look like it was just a casual lunch meeting. Surely you wouldn’t pass along top-secret evidence to someone in a public place where anyone can hear, right? That was exactly why they did it there.

OS: Whenever I made that dead drop to them, they jumped on and looked at it, right? But I get a call like, 7:00 that night; hey, meet us at X location. We want a debrief basically of what’s on here and walk us through like I’m talking to you right now on the details of what’s happened. I had my significant other actually traveling into town that was supposed to be there at like, 9:00. I didn’t get out of my debrief until like, freaking almost midnight, and missed picking my significant other up at the airport. They were standing at the airport in the dark with the lights off, and I wasn’t able to leave ‘cause I’m doing a debrief to the FBI. I tell them hey, my significant other is over at the airport. Would y’all mind going and picking them up? They go, sure. So, they drive by.

JACK: But the FBI didn’t pick anyone up. They just drove by and said they didn’t see anyone, and left. So, by the time the debrief was over, Os calls his significant other to see what was going on.

OS: My significant other was just fucking furious, bro. Like, just absolutely beyond pissed off. Here I am; I can’t explain shit to them.

JACK: The reason why he can’t explain this is because it’s a classified case. He can’t explain that he was with the FBI the whole time, because what if the cartels are tapping his phone or something, right? So, all Os could do is just make up a story.

OS: I’m so sorry. I fell asleep.

JACK: But of course, that wasn’t the case. He just couldn’t explain. At least, not here, not now. But he returns back to his hotel and stays on the island a little longer to assist the FBI.

OS: They basically put us on monitored custody. They were following us everywhere we went.

JACK: He kept meeting with the FBI to provide more evidence and information that he had access to that might help the case.

OS: The bureau took over most of the investigation. We had some limited support to them as more ancillary and informational just to fill in gaps that they weren’t able to pick up out of what we had provided and whatnot.

JACK: The FBI was uncovering evidence that the names Os had provided were linked to a cartel on the island, [MUSIC] basically an illegal drug smuggling group. The FBI somehow found a cartel member with lottery tickets and confiscated the tickets from him. They call the lottery tickets boletos there, and so, the FBI was curious; what if they try to cash in these boletos? So, they get someone to go undercover into a payout station and hand them one of these boletos that was from a cartel member. The payout clerk looks at the serial number on the ticket, and back at the undercover agent, and doesn’t even try to cash the ticket. Instead says…

OS: Pull around back into the garage and then someone would help them out shortly, which turned out to be the individual was told to pop their trunk, don’t look back, and go drive to this location. So, they popped their trunk, stuff was put into it, they drove to basically where – not where they were told to go and basically wherever they went, I don’t know. They popped the trunk to look in there to find that they had like, fifty kilos of cocaine and forty freaking assault rifles, man. So, not only were they stealing money from the government of Puerto Rico, they were also running guns and drugs through that process.

JACK: Apparently the people who worked at the payout station itself were also part of this. They had a system set up that if someone came with a specific ticket, it meant they were a driver for the cartel and here for a pickup. So, when the FBI pulled around back and got the car loaded up with cocaine and weapons, this was quite a surprise. They realized they had stumbled upon something much bigger than just lottery fraud. But somehow it was all linked together.

OS: [01:05:00] So, a pretty elaborate scheme from the cartel. So, at that point, the bureau literally safety-extradited us off the island. They were like, y’all gotta get the hell outta here. Like, y’all – you’ve interrupted a huge cartel operation and we’re gonna do the takedown, and y’all need to get the hell off the island.

JACK: So, of course Os booked it out of there. This is why he didn’t want to have his name mentioned in this episode, because his life was in danger for uncovering this cartel operation in Puerto Rico, which means that even though he still has indemnity from the governor to commit crimes on the island, he’ll likely never go back. The FBI indicted ten people involved in this case. An indictment is just a charge against someone basically listing reasons why these people should be arrested. The indictment claims that these people took 12 million dollars to a nearby island and bought cocaine and brought it back to Puerto Rico. They used boats and airplanes to traffic the drugs in, and used BlackBerry phones to communicate with, and they even had spiritual rituals before doing a big buy. They intended to distribute and sell this in Puerto Rico for financial gains. The indictment also claims that three of the people listed were involved with laundering money through the lottery. In total, the FBI believed that these ten people illicitly generated 127 million dollars from the sale of drugs and weapons and lottery tickets.

The feds wanted to try to seize all this money if they found it, as well as planes, boats, cars, and property that was part of the operation. As I looked through this case, it links back to a case where a few years earlier, twenty other people were arrested, including the leader of this cartel. A lot of evidence points to testimony from what those people said in their trial. Ten individuals were arrested from this operation that Os uncovered. The first few I looked at all pled not guilty at first, and then switched to guilty. Those people got five to fifteen years in prison for this. One guy held onto his not guilty plea, which meant that this case went to trial, which is cool for me because now I can see a lot more details about this case, because the court transcripts are publicly available. It turns out they were using these winning lottery tickets to launder money. Here’s how they did it; [MUSIC] the court records show that they had someone inside the lottery who would produce winning lottery tickets. Then those winning lottery tickets were sold to people in the cartel for 20% more than whatever it was worth, so if the winning lottery ticket was worth $10,000, the cartel members could buy the ticket for $12,000. The reason for this is because the cartel had a lot of illicit cash and they wanted a way to make the cash look legitimate. So, when they’d cash in the winning lottery ticket, they would get a check from the Puerto Rico lottery and take the check to their bank to deposit it. This would allow them to legally declare their winnings on their taxes. This way, they had a nice, clean record of where they got their money from. Sneaky stuff.

Anyway, this guy who went to trial was found guilty, and the judge sentenced him to life in prison not just for this lottery stuff but also for the cocaine and weapon smuggling. So, this brings us to the guy inside the IT department at the lottery. He was one of the ten that got arrested, and he appears to be a really dangerous guy. He was being charged with all four counts of drug running and lottery fraud, but I called up Puerto Rico and I spoke to someone who was close to him, and they said he was a good guy and just fell in with the wrong crowd. See, besides being an IT guy, he also had a private pilot’s license and liked flying planes, and on the weekends he would charter tours in his planes to show people around the island. Well, this cartel heard about his planes and hired him to move some drugs from one island to another. Eventually, he was being hired to do more and more trips for the cartel. He got out on bail while the courts figured out what to do with him. At first he pled not guilty, but then he came back into court and changed his plea to guilty. The court said okay, come back in four months and we’ll determine your sentence. Well, in that four-month timeframe, he somehow got involved with this cartel again and was part of a mission where he had to capture someone and take them somewhere, and in that mission, he was shot and killed. The police found $30,000 in his car after that. This is a surprise ending for me. The IT guy who was changing the numbers in the database was shot and killed in the end? While playing the lottery itself is a gamble, this guy was gambling with his life. When the stakes are that high, you might either get rich or die trying.

(OUTRO): [OUTRO MUSIC] A big thank you to Owl Stalker, Os, for sharing this story with us. He’s been sitting on this one [01:10:00] for a while, not telling anyone this whole story, and I’m thrilled to be sharing it with you which is the first time this story’s ever been told publicly. If you like stories like this, if you think they’re valuable, please consider supporting the show. I’m an independent creator and I can focus on this full-time through listener support. If you donate to the show, you’ll get bonus episodes and an ad-free version of the show. So, please visit patreon.com/darknetdiaries and consider supporting the show. Thank you. This show is made by me, El Lince Oscuro, Jack Rhysider. Sound design and original music was created by the Lobo Loco Andrew Meriwether. Editing help this episode by the Siempre Lista, Damienne, and our theme music is done by the Melodica Breakmaster Cylinder. Hey, what do you call two monkeys that share one Amazon account? Prime mates. This is Darknet Diaries.

[OUTRO MUSIC ENDS]

[END OF RECORDING]

Transcription performed by Leah Hervoly www.leahtranscribes.com