Episode Show Notes
[START OF RECORDING]
JACK: A lot of hackers act alone, do it solo, and treat it like an art form. They plan their attack, feel for what to do next, attempt to exploit the system. They rely on their intuition to conduct a hack but Ira does it differently.
IRA: I specialize in putting together teams of former Special Forces and intelligence officers to go after organizations.
JACK: Ira is methodical, follows a playbook, and works with highly trained people. The jobs Ira does are bigger than what one person is capable of. He needs a crew of specialized people, each one with a different mastery of their craft. He's assembled one of the most elite hacking teams in the country. Each member is incredibly skilled. They rely more on their training and what steps are required to accomplish the task and less on intuition. The plan of attack is structured and methodical.
JACK: Think of it like Ocean's Eleven.
IRA: I don't even want to call it Ocean's Eleven 'cause that's kind of amateurish hours.
JACK: This team is about to embark on a mission where over a billion dollars are at stake.
IRA: The first time you steal a billion dollars, it's a bit of a rush. After you've done this so many times, it's almost expected.
JACK (INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. I'm Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS]
JACK: I've been told that some of my listeners are nine year olds. Crazy, huh? So hey, what's up, kids? But because of this I'm gonna have to give warnings as needed and in this particular episode it does have bad language. Sorry, kids. You've been warned. I want you to meet Ira Winkler.
IRA: Hey there.
JACK: Eight years ago I heard Ira talk at a security conference and he blew me away. It's one of those talks that I'll never forget and I'm very excited to be able to talk to him again because he leads a very interesting life. Ira looks at the world differently than you or I. He's quick to see a vulnerability either in a person or a building or a computer and exploit it. He's good at this because of his background. He was fascinated early on by the human brain so he got a college degree in psychology. After getting a degree he had a hard time finding a job. He thought maybe the US government would hire him so he took their aptitude test.
IRA: Did really well; basically, if I got a clearance I got a job. I got the clearance. They said wow, you have really good computer aptitude. You want a computer internship? I'm like no, I hate computers. I want nothing to do with them. They're like, what about cryptanalysis? It'll be like playing games. I'm like I don't want to look at ones and zeros all day.
JACK: But he didn't see any better option.
IRA: Finally I took a job as an Intelligence Analyst for the National Signals Intelligence Operations Center which was known as NSTOC which was the only room that actually looks cool in NSA.
JACK: Part of this job was to decipher encrypted messages. This is called cryptanalysis. Here within the walls of the NSA he was learning about computer security. He was understanding what encryption is secure and what isn't in a very real world, hands-on way. He taught himself how to program to do his job better but...
IRA: Ironically I hated cryptanalysis. I hated computers. My first technical computer job was programming super computers to do cryptanalysis so that was bizarre.
JACK: He eventually moved to another department, this time doing research and development for a tactical signals intelligence.
IRA: It's where I was running around Europe helping people in little green trucks do stuff.
JACK: Do stuff. Ira is secretive about what he did at the NSA because he has to be. The Signal's Intelligence is collecting information from the enemy and the enemies are everywhere. There's always a threat [00:05:00] brooding somewhere, possibly in other countries planning an attack on us, or terrorist groups meeting to discuss their next steps. Signal's intelligence is knowing what the enemy is up to. You do this by finding where they are and then figure out a way to intercept those conversations. While running around in Europe helping people in little green trucks, Ira became more worldly and started to learn how spies operate. But eventually he left the NSA and joined a contracting company. He did various IT tasks but then one day a new contract job was given to him.
IRA: They were like well, we have a contract to find out as much about the company as possible without breaking into their computer systems.
JACK: Basically the contract was to use social engineering against an investment bank to see if he could get access to it. Now keep in mind this is the early 90s so not a lot was known about social engineering at the time.
IRA: I just started going ahead and basically, my intelligence background -- having worked in NSA, working with a bunch of other intelligence agencies along the way and stuff, I just used essentially basic human elicitation techniques to lie to people over the phone.
JACK: Human elicitation is the act of getting someone to tell you a piece of information. With his experience and intelligence-gathering at the NSA and being a psychology major, Ira took an interest to this and did pretty good at getting people to tell him information they shouldn't be telling him. For instance, he might start out by simply asking an employee for a phone number and getting it, and then slowly asking for more and more stuff until he has a whole phone directory. Eventually the person's giving him loads of information that they shouldn't be giving him.
IRA: I'd get them to slowly give away information and then I started getting lots of login IDs and passwords. I even got the investment bank to send me a computer preconfigured for their VPN. That was fun.
JACK: Getting people to tell him information they shouldn't be telling him came naturally and he realized he was good at this.
IRA: By the end of three days I had supposedly used their IDs and logins to make financial transactions.
JACK: By using just a phone and his wits, Ira was eventually able to take over the bank. He gave a talk at a security conference and wrote an article about how he did this. People responded in ways he didn't see coming. They were so impressed with his methods and abilities.
IRA: Then when it got really well-publicized and people started coming to me to do weirder and weirder stuff, they were like well, we want you to come into our company as a temporary employee and rob us blind. So I did.
JACK: That's how Ira's career got started as a social engineer and penetration tester. He was paid to test whether he could access places he shouldn't be allowed to access, or get information he shouldn't be allowed to get because this is what bad guys will try to do and companies wanted to protect themselves. As the jobs got weirder and weirder he got better and better at gaining unauthorized access. He eventually started getting so many jobs that he started his own security consulting company. [MUSIC] But here's where things get totally crazy.
Ira has a background in national intelligence and is very familiar with how spies operate. Like, real military-trained spies. He met many of them at his time working for the government so when he started doing his own penetration testing he would ask some of his spy friends to help him on certain missions. Over time Ira was able to build a crack team of highly trained special agents to help him break into buildings and steal information. Ira started taking on bigger jobs and using his crew to get into some of the most secure buildings, buildings such as nuclear reactor facilities and banks. Ira became known as one of the best to hire to do penetration testing because he brings a team like nobody else can.
IRA: I like to call them more espionage simulations. I specialize in putting together teams of former Special Forces and intelligence officers to actually go after organizations like real high-level adversaries would.
JACK: Yeah. The media has called him the modern-day James Bond. Depending on the job, he'll put together an elite team for the task. For instance, there's Stu.
IRA: Stu's a former Navy seal.
JACK: He's extremely fit, agile, tactical, and has years of training in espionage and raiding. Yeah, raiding. He knows where to look for weak points in a structure, knows how to use a grappling hook, and he's good at going undetected by security. He helps Ira whenever there's a need for physical intrusions.
IRA: Stu has an innate nature. Frankly one time, he took advantage of a situation much quicker than -- I'm mad at myself I didn't do this. But we were once in a security room having our pictures taken for badges and the guard walks out. He's like I've got to go to the other room and pick up the badges. Stu's like, Ira, lean against the door for a second. So I go lean against the door. Stu goes behind the desk and pulls up a bunch of blank badges, like valid security badges, and grabs them.
JACK: These are some of the things Ira tests for. Him and Stu look for physical vulnerabilities like this and report them. [MUSIC] Then there's Tony.
IRA: Former Army counterintelligence officer.
JACK: Tony has been trained to look for threats against his [00:10:00] country. He's good at collecting this information by using traditional spying techniques; gaining physical access to a building, stealing documents, or simply doing social engineering.
IRA: Tony is also good on the physical side but we primarily used him for the telephone social engineering. He would be an intelligence specialist in human intelligence. He was trained in counterintelligence so he would know how to conduct interviews, he would know how to elicit information, and so on.
JACK: Tony has been trained to follow a process to get someone to divulge information that would in essence, betray their own country. He's tricky and clever and extremely good at what he does.
IRA: There's a process of establishing a relationship and elevating the relationship to the point where you get people to slowly divulge non-important information to where you slowly raise the stake of what level of information they give out 'til at some point they're pretty much over the hump and they're screwed.
JACK: Tony comes across as a nice guy in every man, someone who you might think as a good, wholesome gentleman. He's calm and courteous which comes in handy when you're trying to get information from every day, normal people who might not even know they have valuable information to divulge, like say, the front desk receptionist.
IRA: He has this nice -- you know, just a slow speaker. He's kind of like you expect to see when you're driving through Kansas and stop to ask for directions. You would swear he was a good old country boy.
JACK: Then there's Stan. Stan is kind of my favorite.
IRA: Stan was a Colonel in the GRU before he defected over.
JACK: The GRU is Russia's foreign intelligence agency similar to the CIA. They're often trained to follow spies or be deployed in foreign lands and collect information. Stan has extensive training in intelligence-gathering.
IRA: Stan's background, besides him being a Russian operative, his primary target while he was in the GRU was against China. He speaks fluent Mandarin. He also reads Chinese and all that before he came to the US where he was obviously focused on targeting US intelligence-type stuff.
JACK: Stan came to the US to collect data on US government and report it back to Russia. He's a masterful spy. He would often go to Washington DC and hang out in bars. He'd ask someone for a cigarette and start a conversation. He'd learn they work for a government agency; no surprise in Washington DC. But over time Stan would build trust with that person and get them to divulge government secrets.
IRA: Stan was referred to me as one of the most successful GRU agents targeting the US in history. Stan literally gets people to betray his country under penalty of death, which is a different level of social engineering than getting somebody to give up a password. We use him to target an organization the way a real foreign operative would, because everybody thinks of spying like James Bond but the actual traditional espionage is done by spies like Stan. What they try to do is they try to find access to people with information and get them to divulge it either knowingly or unknowingly to him. This is kind of like, I don't even want to call it Ocean's Eleven 'cause that's kind of amateurish hours.
JACK: Stu, Tony, and Stan have had training in some of the most advanced places in the world and have enough experience to have mastered their craft. This is just some of the members of Ira's team. Their combined skills make them potentially one of the most advanced hacking teams in the world.
IRA: I just know them from my intelligence background but here's the difference between somebody who goes around, I'm a social engineer; it's like you know these people if they get caught they just give the get out of jail free card. You're talking about Stan, who was in China being monitored, who had radioactive powder put on his doorknob so it was easier to track him. Stan knew any moment in time he could be pulled off the street, tortured, and killed. Stu, Navy seal; he knows any point in time, he gets captured, he's dead. We're talking about people who have a fundamental aversion to be captured, not because they're afraid they'll have to pull out their get out of jail free card and it'll be embarrassing. We're talking people who know to do this because their lives depended on it.
JACK: [MUSIC] As Ira's reputation went up as an elite pen tester, he got a contract from one of the biggest companies in the world.
IRA: Global 5 company.
JACK: They wanted him to do an espionage simulation against them to see how vulnerable they are. Now, a Global 5 company is worth hundreds of billions of dollars which means the company has a lot to lose. One thing in particular that would cause a lot of financial damage is all the research and development information. It's the stuff like the source code for their systems or all the technology they're coming out with in the next few years.
IRA: That was our primary target, to prove we could get access to all the RND data.
JACK: If this were to be stolen by another competitor [00:15:00] or government it could cost them billions of dollars. Ira's job was to find as many weaknesses as possible to help secure them.
IRA: Primarily it was just, I hate to say it, grab 'em by the balls and squeeze.
JACK: Ira started researching and planning the mission. He first figured out the location of the RND department which turned out to be in a small town in the middle of nowhere. He used Google Maps and other tools to learn more. There was a fence around the whole property and stationed guards to restrict people from being able to drive in. He determined the building was going to be locked and the data he was looking for would be in their computer operations center. He was able to make some phone calls and figure all this out pretty quickly. As he sized up the job he knew he was gonna need some help so he assigned Stu, Tony, and Stan to the mission. All four of them fly to the small town where the research and development office was located. The team arrives one by one; the ex-NSA agent, the Navy seal, the Army counterintelligence officer, and the Russian spy.
IRA: Tony ironically was responsible for following Russian spies around Europe while he was in the army. It was kind of funny to have him stay and working on the project together. I flew in late at night and all I wanted was a stupid bottle of water that the hotel didn't have so I'm driving around trying to -- in this little strip mall type of place and all of a sudden, I'm driving around late at night, and I look in my rear-view mirror and there's a car behind me. I was driving pretty slow, which is unusual for me 'cause I was looking to see what stores might be open. Anyway, I moved over to let the car go by me and then the car moves over with me.
Then it's like, am I being followed? So I switched lanes once again and the car follows me again. I'm like, I'm being followed. [MUSIC] Most people think okay, speed off. That's not what you do when you're being followed in the real world. One of the gas station -- open up with a little Quick Mark in it. Basically I'm driving and I do make the sharp turn like I'm gonna drive past, and I make the sharp turn into the gas station, pull my car up to where I can get out of the car and go straight into the door of the Quick Mark, blocking everything. What happened was the car pulls behind me. It turns out to be an unmarked police car.
I'm kind of relieved it’s a police car. The cop gets out. I go what the hell were you following me for? He's like, why were you cutting over? I go 'cause I was being followed. The guy couldn't argue with me. He goes well, you were driving kind of, you know, you were driving below the -- I go when is driving below the speed limit an area of concern? Like, a crime? It was kind of funny but I was calling out the cop for following me.
JACK: The squad begins the mission. First they scout the building and watch what people are wearing as they come and go. They notice which points of entries there are and how traffic flows. Then they regroup to put clothes on to physically blend in with other employees. Ira puts on a shirt with the corporate logo on it. They suited up and got ready and at last, they're all set. It's now go time. All four of them get in the car and drive to the building.
IRA: We ended up going there. They had a campus-like setting for their RND center.
JACK: There was a guard gate to get onto the campus with actual guards checking everyone coming through. But there was a lot of traffic that morning.
IRA: Everybody was just lined up coming off the main road and stuff. You hold up something that looks like a badge and they don't check. Nobody wants to slow down the morning rush hour. They just waved us through. We knew where their computer operation center was so this was like day one. Drove everybody in and then we're like okay, let's get in. I told everybody yeah, hold on a second. Let's just stand here by the door.
JACK: The team waits around acting inconspicuous while Ira forms a plan. He tries the door; it's locked. He thinks maybe he can tailgate someone in and waits for someone to come out.
IRA: Then I started hearing somebody come out. There was a crypto-lock on the door and I just started acting like I'm pressing buttons. The guy goes out, holds the door open for me, I and my team go in. They quickly orient themselves in the building and start heading to the computer operations center. They act like they belong, walking deliberately but not too fast, scanning the room but careful not to be obvious. They try to blend in and go unnoticed. They eventually found the room they were looking for and gained access to it. Once there...
IRA: We find out that all their critical servers were left logged on as admin. Pretty much, we just added a new dot R post-entry for when we had control over, so we were able to basically get a trusted relationship on all of the critical servers within the room without causing any significant damage. Then the technical operation was done. While we were walking around though, [00:20:00] Stan was walking -- he's like what are these Chinese-American dictionaries doing on the shelf here? I'm like have you seen US colleges lately, Stan? Sarcastically. Stan's like I'll look into this. Anyway, we were done day one where Stu and I were like, we physically compromised every -- the critical information we needed.
JACK: They head back to the car with the feeling of mission accomplished. But Ira's done this so much he doesn't really get excited anymore.
IRA: Well, the first time you steal a billion dollars it's a bit of a rush. After you've done this so many times it's almost expected. Frankly, it was really unclimactic to actually take over control of all their computers in the RND center.
JACK: There were still a couple more objectives that the team wanted to do. Tony made some phone calls and was trying to get people to tell him usernames and passwords over the phone.
IRA: Of course, Tony was able to get information right and left.
JACK: Stan was doing what spies do; he was going around town doing a counterintelligence assessment. Basically he was looking around for anything suspicious. Ira began compiling his findings in a report, showing exactly how much damage he could have done to the company with what he found. But because the team finished early they had a few days with nothing to do in this small town.
IRA: We had time to kill. We drove around, looked at different restaurants and so on, and figure out where we're gonna go. A couple days later, after I go -- I remember, I'm like done. I moved on to a different project while Stan was doing his counterintelligence assessment of the area. Calls me up two days later, goes Ira, there are black duck eggs on the menu. I'm like, what the fuck? Is this what we're paying you for? He's like Ira, my naïve American friend, he goes don’t you know black duck eggs, delicacy China. Then you start putting it together.
He goes Ira I go to Chinese restaurant number one that we drive past. Chinese restaurant number one; people friendly, food not so good. I go, Chinese restaurant number two, walk in, menu written only in Chinese. Delicacies you can't get in San Francisco let alone this little piece of shit town in the middle of nowhere. I start talking to them in Mandarin and they get very, very worried. What funny Russian guy doing talking fluent Mandarin? Then he's like Ira, this special menu only Chinese people would appreciate. Number two, you hold meeting there. They give you free meeting room and then they give you big discount if you want to hold meeting there. I'm sure there must be recordings.
JACK: Stan started adding up all the signs. This restaurant was very unusual but only someone fluent in Chinese culture would recognize how unusual it was.
IRA: Stan essentially found the Chinese intelligence operation operating across the street.
JACK: A Chinese intelligence operation in the middle of this small town, directly across the street from the research and development center of a Global 5 company led Ira and the team to one conclusion; it's a high probability that this Chinese restaurant was there to steal trade secrets from the company and send them back to China's government agencies. This restaurant may have been used to recruit employees of the company and help gather information. Often temp employees are converted to spies, being there for only a short time means you're less likely to get caught. Or perhaps they would simply record all conversations that took place in that restaurant, hoping to catch secrets or something more sinister.
IRA: What they do is they set up a social situation where people come in, see that they can read the special menu. They talk to them, say my friend, I see you like our special menu. Are you from China? Are you here on a VISA? Do you have family back there? Would you like your family to stay alive? Is your loyalty to this temporary employer or is your loyalty to your motherland? You know, a whole bunch of stuff like that. That's how Chinese intelligence operations acts and there's been multiple times Stan has found Chinese intelligence operations operating out of Chinese social clubs in different areas and so on. Stan comes up with these what-the-fuck moments but he's good at what he does. Oh yeah, and he goes oh, by the way, I was followed.
I go how do you know you were followed? He goes oh, they were not very good. I go why weren't they very good? He's like well, I think I find them, I start making lots of right turns and they keep following me around the block. Then I made a U-turn and they're not very good. I go why aren't they very good? They hit a pole when they went to make a U-turn to follow me. I go I just hope they weren't corporate security or we're screwed. [MUSIC] We reported it to the security manager and the CSO and the CSO was like what the fuck am I supposed to do about China? I'm taking care of their computers.
JACK: This Chief Security Officer has seen a lot of pen test reports, but not even in his wildest imagination was a Chinese intelligence operation even a possibility.
IRA: We're like well, you should talk to the FBI, find out if the FBI knows this or whatever. The guy was like, I don't know. Stan, because of his situation, he obviously has to stay in touch with the FBI so Stan informed the FBI [00:25:00] about the operation.
JACK: But there's one last step, the biggest one. Ira needs to present his findings to the CEO in a way that the CEO can understand.
IRA: In this case what happened was, after three days I'm like okay, here's your mergers and acquisitions data which is worth billions because of the negotiation points that you would have. If other companies knew what you were targeting and so on, again, it could ruin things. Here's your new technologies coming out in three years, we have full control of your entire network. Again, I was showing him the business value of all the loss of the vulnerabilities found. 'Cause there's a difference between finding vulnerabilities and demonstrating the potential cost of the vulnerabilities that matters.
JACK: This is another thing that impresses me about Ira; he doesn’t simply put in the report what is vulnerable but he gives a clear dollar amount to the CEO of how much a theft like this could cost the company. When the CEO sees vulnerabilities in terms of dollar amounts, action happens much quicker because they're speaking the same language.
IRA: In this case all the research and development, frankly China would have loved to get their hands on it if they didn't already have it. If you were going to ask me, I'll bet China did have it by that point in time.
JACK: Years later the company gets a new CSO and Ira asks him about the Chinese intelligence operation across the street. The CSO told Ira...
IRA: Oh yeah, we actually made a dozen arrests out of that restaurant.
JACK: The FBI was able to dismantle this Chinese intelligence operation. This could have went on for years if it wasn't for Ira and his team, a squad so good that they can blend into their surroundings anywhere in the world, disappearing into crowds, gathering information. Not acting like James Bond and shooting up the place and making a scene, but instead they're more stealthy and they might be the one asking you for a smoke at the bar or calling you up and asking for help. Perhaps the next time you go out you can start looking for anything out of place. Someone might be acting too nice but also asking a lot of questions or you might notice that guy in the corner of the Chinese restaurant eating alone with a Russian accent. The spies are among us.
JACK (OUTRO): [OUTRO MUSIC] You've been listening to Darknet Diaries. If you liked Ira's story and want to hear more, you're in luck. He wrote numerous books. Spies Among Us is one of the books he wrote which has great stories just like this one. He tells the story about how his team was able to steal nuclear reactor plans in under three hours. He's currently in the process of updating that book so look for a newer version of that soon. If you want to know more of how to protect your company from attacks like this, check out the book Advanced Persistent Security.
You can also go to securementum.com to learn more about what Ira does. If you want to know more about Stan check out the book Through the Eyes of the Enemy. It's Stan's autobiography and Ira actually helped co-author the book. Links to these will be in the show notes. This show is made by me, Jack Rhysider. Story editing is by Stephanie Jenz. Some songs were made by Wesley Slover and the theme music is made by the esoteric Breakmaster Cylinder. Also please visit darknetdiaries.com/donate to help support this show. It really means a lot to me. Thank you.
[OUTRO MUSIC ENDS]
[END OF RECORDING]
Transcription performed by Leah Hervoly
Transcription performed by Leah Hervoly www.leahtranscribes.com