Transcription performed by Leah Hervoly www.leahtranscribes.com
[START OF RECORDING]
JACK: Just real quick before we get started, this is Part 2 of the series on XBox Underground, so listen to Part 1 first before this one. Alright, let’s get started. [MUSIC] One of my favorite Greek myths is the story of Icarus. He was a young boy stuck on an island. His father made a pair of wings made out of wax and feathers for him to fly away. Icarus put on the wings and was able to fly around. His father told him not to fly too high or too low. Icarus took off and flew away, but forgot about his father’s warning and flew too close to the sun. The wax melted and his wings fell apart. He free-fell and plunged into the sea below and drowned.
JACK (INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. I’m Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS]
JACK: Alright, let’s recap real quick. We left off with this XBox Underground hacking crew having full access to dozens of networks of video game companies like Epic, Activision, EA, Bungee, Microsoft, Zombie Studios, and Steam. We’re going to be hearing more from Skitzo who was sort of watching this whole thing from afar.
SKITZO: It’s not just the XBox that defined this group. The XBox put it on the map. It’s all the other fucking shenanigans that brought it together.
JACK: Of course, we have Sanad, who’s loving the fact that he can play early-release versions of XBox games, but also at the same time, a little worried that things might be going a little too far.
SANAD: Yeah, exactly.
JACK: Then there’s Dylan, who’s just hacking into everything he can, sort of on a total rampage. But at the same time, he’s willing to share this story with us.
DYLAN: Where do we begin?
JACK: There are other hackers involved, too; there’s David who’s doing a lot of Halo modding and he’s fascinated with everything Microsoft. Then there’s Nathan who’s part of the scene. He’s really smart and helps him out sometimes. Then there’s Justin May, or MTW, who got arrested at PAX but is still active in the group. Then there’s other characters like Austin and Anthony who are also doing their own hacks. But they’re all only after video games though, and source code. They all pretty much agreed not to steal any credit cards or empty any PayPal accounts or make any money with this hacking. For the most part, they didn’t dig into any personal data, either.
One of the networks they had access to was Microsoft itself, the makers of the XBox. David was particularly interested in seeing what new stuff Microsoft was doing, and perhaps had a weird fantasy about someday working for the team behind the XBox. They put a lot of focus into poking around this network. They had a few valid logins for the XBox Developer’s Network and they’d log in with different accounts to see what different developers had access to. One day, Dylan logged into an account and noticed a new folder that this developer had access to but other developers didn’t.
DYLAN: [MUSIC] It was like okay, this is not something that’s normally there. We click on this. It was like it wasn’t – it was just called Durango.
JACK: Dylan was looking through this developer’s account which displayed different kinds of hardware components that they had access to. The developer had access to an XBox 360 system, the XBox Kinect, now this Durango system. Hm. What’s a Durango, he thought?
DYLAN: We had no idea what it was.
JACK: Maybe this was some kind of secret project Microsoft was working on.
DYLAN: We were like, well that’s a bit odd. We navigated there.
JACK: In this server was a SharePoint website. After playing around with the URLs of the SharePoint site, they were able to see a listing of a lot of files.
DYLAN: That gave us access to hey, these internal documents.
JACK: Of course, they start grabbing these documents; spec sheets, photos, driver software, source code, and more. They share all this information with their circle of hackers and someone figures it out. This is the specs for the new [00:05:00] XBox which would be later known as the XBox One, but at that time, it was simply code-named Durango. This hacker group was holding in their hands all of the ingredients and blueprints of the next XBox that Microsoft was working on.
DYLAN: We had two pictures of the internals, or the back of the machine, and the internals, and one picture of just the case. Then we had the software itself which was their recovery software. That kind of gave us the basis for okay, let’s just try and build the hardware. [MUSIC] What we found out was they were using a Supermicro case and if you know anything about the XBox 360, it was previously using a Mac Pro G5 at the time. These were just off-the-shelf kind of things.
JACK: Now, when a group of hackers who are becoming experts at reverse-engineering software and are able to look through machine code, and had a few clues to go by, of course they began trying to figure out what hardware it would take to run the software.
DYLAN: Really, we just went into the drivers, saw what the drivers they were using, and compared them to what we saw in the pictures, cross-referenced it, cross-referenced the specs of the machine, an idea of what processor they were using, what graphics card they were using, and pretty soon we had this identical hardware list.
JACK: Everyone is thinking the same thing at this point; let’s build a Durango.
SANAD: They just started going on Newegg and finding all the parts on there.
JACK: People started pitching in to help buy the parts and put these things together. Nathan volunteered to get all the parts shipped to his house, and he’d build the thing.
SANAD: Nathan got all the parts from Newegg. He puts it together and he installs Durango OS on it.
JACK: It worked. Nathan had in his hands pretty much the exact prototype to the next XBox gaming system which nobody had yet except for a few Microsoft developers. This was incredible. I mean, this is something every tech magazine on the planet wished they had, and here this small group of hackers had it and was just keeping it quiet amongst themselves. It was expensive to make though, and didn’t do much more than a regular XBox, so the group decided to sell it off. Nathan was happy to do this since he needed some money to pay for college. The group starts asking around the people they know to see if anyone would be interested in buying it. They did find a buyer, another hacking group heavy into modding XBoxes. They wanted it. They were willing to pay $5,000 for this counterfeit Durango.
DYLAN: Okay, so yeah, the buyer paid – I believe it was five grand US. Yeah, they internationally bank-transferred it to me while I was actually abroad. We didn’t even think this would happen but yeah, it happens, so we were like okay, well, time to send them the hardware.
JACK: Nathan had this unit and the buyer wanted them to send it to Seychelles, an island off the coast of Africa. Justin volunteered to ship it there. Remember Justin, right? He’s the one who got arrested at PAX. Justin and Nathan lived in Delaware and Maryland, so not really that far from each other.
DYLAN: He goes to meet up with Justin, or MTW, and he hands off the unit to MTW to ship out. Now, why they did it that way, I have no idea.
JACK: Justin may have been scamming the post office. Somehow, he was able to get super-cheap shipping. He was able to convince people hey, let me ship it. It’ll be a lot cheaper if I do it. Justin gets the package and ships it off.
DYLAN: Somehow it never got to the destination.
JACK: Justin was the last one to see that Durango. It just disappeared after that. What really went on here? Some speculate it could have just been lost in shipping, or maybe the FBI intercepted it. Maybe Justin was an informant for the FBI and the whole thing was just set up to make Justin look good as an informant. Nobody knows. Now, actually, Sanad didn’t know any of this was going on at the time.
SANAD: Here’s the thing; they would do stuff and then when shit went wrong, that’s when they would tell me. I’m just like, why would you tell me now? You know what I mean? ‘Cause I was obviously the older one out of all of them so I have a little more street smarts, so to say. When certain things seem off and your gut is telling you something’s off, then it’s off. Justin just, I don’t know what it was about him, but he always gave me this weird feeling that he was always up to something fishy.
JACK: But even if people thought Justin was fishy, they still shared various sensitive stuff with him and even though this whole selling of a Durango was shady and really weird, Dylan thought let’s do it again. [MUSIC] He decided to make a second one and sell it.
DYLAN: [00:10:00] We didn’t actually make a second one. That’s the interesting thing. I decided okay, well, we got these photos from when we posted about it before. I was like well, I might as well put it on eBay and see what attention I can get from it.
JACK: So, you took the photos from the first one you built and you stuck it on eBay?
DYLAN: We took the photos which had my username at the time on it, and we stuck it on eBay.
JACK: When Sanad heard about this, he wasn’t happy.
SANAD: Oh, I was pretty ticked off. I even mentioned to them that I was ticked off. I told them to stop. I tried to be as cautious as possible but there was only so much I could do. I couldn’t control the other people.
JACK: The Durango listing on eBay started getting bids like crazy. The listing went viral. It quickly rose past $5,000, past $10,000. People just kept bidding on it. It rose all the way to $20,000. That’s when I believe eBay cancelled the auction. This was a counterfeit item and coveted Microsoft intellectual property. But it was with this that the world became known that the code name for the new XBox was Durango. This eBay listing pissed off David. This was too risky and bold of Dylan. This caught a ton of media attention. For sure Microsoft was going to investigate how this got stolen or created, and they might start coming after him. David got angry and stopped talking to Dylan.
DYLAN: It turned into such a headache because here’s the flip side of it; imagine you’re a partner of Microsoft and you’re seeing that your shit may not be that secure on Microsoft’s side. We want to do audits, we want audits and security, we want logs. How can we trust you guys? Think of the IT team, or security personnels with each respective department. Think of the jobs that were lost, the uncomfortable conversations, the millions of dollars spent trying to mitigate this problem. It’s not fun.
JACK: Microsoft did start investigating this big-time and perhaps they were aware of this hacking long before this, but now they had a smoking gun that something was getting stolen from the strongholds of Microsoft. This wasn’t good for anyone. Microsoft assigned a senior security executive named Miles Hawkes to start investigating the case. A few weeks later the first person falls; Nathan Leroux. This is the guy who was creating some in-game gold in some games, and he was participating in some of the hacks for these companies, and he was the one who put the Durango together. The FBI paid him a visit.
SANAD: I believe him and Dylan were on a video chat or something, and he got raided during that video chat.
DYLAN: I don’t believe I was on a call with him when he was getting raided, no. He was on an anime marathon. He was watching it for probably over a day, yeah. When the police showed up, you could see us, you could see his mug shot. He was completely out of it, yeah. That’s kind of the reasoning behind why he looks so shitty in his mug shot because he really didn’t get any sleep.
JACK: The FBI had a long and serious talk with Nathan. Who knows what they talked about though, and how long it really was? Perhaps they even confiscated all of Nathan’s computers. This was a very intense situation for Nathan. From then on out, he was scared straight. He completely disappeared from the hacking scene and he moved to a new place. He got a straight-and-narrow job in a small game development studio. [MUSIC] From here, things started to break up. There was new air among the group and things had gotten out of hand. It was uncontrollable; there was just too many digital tracks left everywhere. People were getting angry with each other and growing apart. David and Anthony feuded over something and split apart. Sanad went quiet and kept his nose out of trouble. Dylan, well, Dylan just kept at it.
DYLAN: I think at that point we were very much done. We knew we went too deep. We knew something’s gonna happen eventually and I think I kind of took this route of self-destruction where I just was like, you know what? Fuck it.
JACK: A few others pushed on, too. Before Nathan got arrested, he taught Anthony what he knows about creating in-game money and selling it. There’s a popular EA game called FIFA. It’s a soccer game and it’s hugely popular around the world. In the game are coins that you can use to buy extra things like jerseys and improve your players. Millions of people play the game all the time and they want more FIFA [00:15:00] coins to improve their team. Even today, buying and selling FIFA coins is highly lucrative. Nathan found a way to create in-game coins and sell them to people for real money, but he wasn’t really good at it. It was crude and there wasn’t really a good way to do it. But now that Anthony wasn’t really talking to David anymore, Anthony decided to take what Nathan taught him and try to improve it. Austin, who was part of the group too, joined up and started helping Anthony make FIFA coins.
SANAD: They found a way to reverse-engineer the executable to basically have the server spit out unlimited coins. Then they were selling them to some guy in China.
JACK: This was working like, really well. Anthony and Austin started making good money doing this. Because they had hacked into EA and stole source code for FIFA, it made it a lot easier for them to reverse-engineer how to hack it. This was growing more and more profitable every day. They would spend all their time creating FIFA coins and selling them. Meanwhile, back at Microsoft, the investigation as to who was selling the Durangos on eBay heated up. Miles Hawkes, the senior security executive at Microsoft, was making some progress. Somehow, they traced Dylan’s eBay account all the way back to his house in Perth, Australia. Miles gets on a plane and heads down under.
DYLAN: [MUSIC] Yeah, he was their private eye, I guess we will say. I mean, one day he just ended up at the house of my parents’ and I think I wasn’t there at the time. He actually came back the next day and I found out, so I was there for this second time. He came, he wanted to just lay down they’re not there to prosecute anyone, they’re not law enforcement. They don’t care too much. They just want to know what’s going on. I guess that’s where we kind of opened up. Myself and David actually gave them what we knew, what we had, how things were done, how people got onto XBox Live. He kind of took all this info, went back, and that was really it.
SKITZO: Miles visited Howdy. Howdy basically said that he didn’t do shit. I believe he surrendered a kit or two that he had in his garage in plain view. Howdy had this weird dream that he was gonna get a job at Microsoft to do what God knows. But Howdy claimed that he could offer people up in exchange for a job and Miles said thanks for the kits man, gotta go.
JACK: Around this time back in Delaware, Justin, or MTW, the hacker who got arrested at PAX, he was running a major scam operation. Here’s what he was up to. [MUSIC] When you buy a Cisco router and it goes bad, you can call the support line and ask them to do a replacement. This is called an RMA. Because they want you to get your network back up and running as quickly as possible, they send you a replacement router right away. You’re supposed to put your old broken router in the box and send it back to them. Justin knew this and figured out a way to trick Cisco into processing an RMA for him even though he didn’t have a router to send back. Cisco would ship him a brand-new device and he would turn around and sell it. This left Cisco high and dry without any returned device. He was doing this with the Microsoft surface devices, too.
Like, he was doing this hundreds of times, making huge amounts of cash, enough to buy a BMW Coupe for $60,000. Justin was telling David and Dylan and the rest of the crew all about these scams he was doing. Dylan didn’t seem to really care if Justin was an informant because Dylan was sharing tons of information with him anyways. To David, the scams proved Justin was still trustworthy. The amount of scamming that he was doing was way beyond what the feds should be allowing him to do if they were watching him. Even if David didn’t trust Justin, it’s better the devil you know than the devil you don’t. Maybe it’s a good idea to keep an eye on Justin, keep him close. David was attending University of Toronto in Canada, but he was planning a trip to the US. He wanted to go to the annual Defcon conference in Las Vegas, Nevada in the US.
David told Justin about his plans to go to Vegas and right after that, unknown to David, an indictment was created in the US for him. [MUSIC] The indictment had sixteen counts of criminal activity including fraud, identity theft, and conspiracy to steal trade secrets. The indictment listed Sanad, Nathan, and David as co-conspirators. The feds seemed to be moving forward with this case but why now? Maybe the feds figured out David’s plans to go to the US. Maybe it was just time for this operation to crash. I don’t know. However, a closer look at the indictment does reveal something interesting; there’s another person in the indictment only known as Person A. A lot of evidence in the [00:20:00] indictment was provided by this Person A, and in fact, the indictment even says that Person A did some of the hacking in the group too, which means they were part of this crew.
Now we know for sure there is a snitch among the group, and they were tipping off the feds. The indictment said this Person A was a resident of Delaware. For some reason though, David cancelled his trip to Vegas and Defcon. Maybe he got nervous about crossing borders or maybe some other things in his life took precedence, but he just didn’t go. There’s a new character that shows up at this point, an eighteen-year-old named Arman. Arman lived near Redmond, Washington. You know what’s in Redmond, Washington, right? Microsoft’s headquarters. Arman was extremely fascinated with XBoxes and had been following what’s going on in the scene. Arman’s mom was dating a guy who worked at Microsoft. He’d often come over to Arman’s house after work wearing the Microsoft employee badge, and Arman devised a plan.
He acquired a badge cloner and when his mom’s boyfriend came back, he was able to make a duplicate copy of that Microsoft employee badge. With a functioning badge to get into the Microsoft building, he decided to go in there and walk around. To look the part, Arman dressed like a regular employee, wearing clothes with Microsoft logos on it, and looking like he belonged. He went down into the headquarters in the middle of the day, swiped his badge, and got in. He first just wandered around, taking in the sights and sounds. He was particularly in awe of just being there. He was in the belly of the beast of the place he obsessed over. This was where they made the XBox, and some of his favorite video games were made right here in this building. It was cool just seeing the place. I admit, I’ve been on that campus too, and I felt a sense of awe.
There’s like, a soccer field right in the middle of campus and free sodas for everyone. The sheer brainpower that’s walking around there is extraordinary. For about a year, Arman would come and go on the Microsoft campus, becoming familiar with it and learning the layout better and better, all while using a rogue employee badge. Arman dreamed about one day working at Microsoft. He applied for a position at one of Microsoft’s vendors as a quality assurance tester. He continued to dress in Microsoft swag and go on campus and wander around the offices. Eventually he found the office where the engineers and developers were working on the Durango. As he walked through the offices, he spotted one of the actual Durangos. Whoa. This was a real, authentic, official Microsoft XBox One prototype.
Arman spent the last year infiltrating this campus, and it was at this moment that he knew what to do with his access. He waited until the coast was clear, grabbed one of these Durangos he found, shoved it in his backpack, and quickly left the building. Amazing. He got all the way home and unloaded the console. He had a fully working authentic Durango now. He was absolutely brimming with excitement from the rush of this. It’s really hard to contain this kind of excitement; he reached out to Austin, one of the members of this XBox Underground, to tell him about it. At this point, Austin kind of was done doing things with XBox Underground and was making a shift to selling FIFA coins with Anthony. Arman told Austin that he had an authentic Durango and he wanted to know if Austin wanted one, too. Austin asked at what price? Arman wanted logins to the XBox Developer Network and a few thousand dollars for it.
Austin called up Dave in Ontario and told him about Arman. Dave was baffled by this deal but was too curious to turn it down. They were put in touch with each other. Dave and Austin both agreed to buy one so Arman formed a new plan. [MUSIC] In September 2012, Arman gets dressed in his full Microsoft attire and gets a big, oversized backpack, and he gets ready to go into the headquarters. He waits until about 9:00 p.m., walks up to the building, swipes his badge, and he’s in. Business as usual, no problem. He knows the place well so he knows where to go to try to look for Durangos. He’s walking through the office looking for them. He’s getting nervous, he’s getting sweaty palms, he’s looking around a lot. He hears footsteps; he dives into a cubicle and waits for the footsteps to go away. As soon as the footsteps go away, he scurries up the stairs to the fifth floor where he thinks he can find the Durangos.
When he opens the door to the fifth floor, it’s totally dark. Perfect, he thought. He starts walking through the office in the dark, but some motion detectors sensed him and the lights flicked right on. This spooked him so he goes back into the stairwell and down two flights of stairs. He opens the door into the office and wanders around there, walking through [00:25:00] rows of cubicles. He finally comes across a cubicle with a pair of Durangos in it. Sitting on top of one of them is a black, high-heeled shoe. He looks around. Nobody’s there. He grabs both Durangos, jams them in his backpack and takes off for the door, leaving the black high-heeled shoe right there on the floor. He goes into the lobby, walks to the door, goes outside, finds his car, and drives home. Success. Arman ships the two Durangos to Dave and Austin and gets his cash and logins.
Awesome, he thought. Dave was amazed too, but then Arman got a call from that Microsoft vendor that he applied to saying he got the job as a quality assurance tester. Whoa. I’ll take it, Arman said, and went to work for them. Microsoft discovered these three Durangos were now stolen and started investigating. [MUSIC] They found some security footage showing Arman leaving the building, and this was enough to identify Arman and get him arrested. Microsoft wanted the Durangos back really bad, and Arman was only eighteen and was scared of the legal troubles he was facing. He begged David and Austin to return the Durangos. Back in Australia, Dylan did some thinking and thought you know what? Maybe it’s time to tell Epic he’s the hacker. He called them up and told them hi, I’m the one who hacked you.
DYLAN: Basically that. I actually went back to the IT guy’s, the original IT guy’s Gmail, looked at the phone number linked to his account, and I called his personal mobile. As a naive kid, I believe I probably said something like oh, I’m the guy who hacked you. I don’t think they took it too seriously. They were like oh, well, they were trying to F with us or something. But then I kind of mentioned – it was like no, no, can we sort this out? That’s where we made a disclosure; not a responsible disclosure because I can’t be a responsible asshole at that point in time, but it was definitely a disclosure nonetheless. They actually said – and this was – if they’ll confirm that or not, they’ll say the FBI would not help them at all, so they were pretty happy with the fact that we at least gave them the information that they wanted all along.
JACK: Dylan had the audacity to ask for a reward for telling Epic how he hacked into them. Dylan even gave them his address in Australia.
DYLAN: Yeah. I asked them, I was like – I just said can I have some swag or something? I guess I ended up with a poster, a signed poster. Yeah. Probably the first kind of reward I ever got. It’s still funny because it’s like, we did all these things wrong but we still got rewarded in the end.
JACK: Since that eBay listing, Sanad distanced himself from the group, but he did have the Durango software and wanted to see if he could get it working on one of his own computers.
SANAD: I realized that you can install Durango OS on any type of hardware. It didn’t have to be that specific hardware. I put it on a Gateway blade server and it loaded completely fine.
JACK: This was exciting for Sanad, to be able to play around on the XBox One long before it came out for the public? So cool.
SANAD: There was always one problem with the counterfeit Durangos; the video driver from the Durango OS for some weird reason didn’t work properly with the cards that you’d buy from retail. The picture was always shifted. There was no way to center it. I tried to mess with it a little bit ‘cause it was based off of Windows 8 at the time. I even tried taking the drivers from Windows 8 and popping them in there, trying to see if I could fix it. [00:30:00] No matter what I did, it stayed that way.
JACK: Sanad kept tinkering with this video issue and is still playing on those dev kits, playing stolen games and a lot of retail games, too. At this point he actually has a massive collection of gaming consoles and games.
SANAD: One day out of the blue, somebody on IRC messages me. I can’t remember his handle but he was talking to me about stuff. I had my guard up. This guy messages me and he starts talking about Durango stuff. [MUSIC] I thought maybe he was trying to get the software off me to make his own Durango. He was like no, no, no, I already have the software; I got it from Nathan.
JACK: Remember, Nathan was raided and arrested earlier.
SANAD: I’m like okay. Then he’s like, oh, Nathan’s sitting with me. I’m like okay, ‘cause he had a Baltimore IP address. I kind of was still weirded out by it but then he started talking about some internal XBox 360 boot loader that got leaked and he even sent me the file. Then he tried to explain what it was but he really didn’t know what he was talking about. I guess he had somebody else hop on and explain it as quote, unquote, “Nathan,” and then it made more sense to what it was. Then I’m like let me see the picture of your Durango. He takes a picture with – he wrote out his alias and a timestamp on it.
I look at the screen and the one problem that we could never fix was apparently working for him which was the video issue. I asked him about it and he’s like oh, I figured out a way to reassign the drivers and blah, blah, blah. To me it just seemed off. My response to him was I think you’re a UC. He just starts going off on me. He’s like you think I’m an undercover? This, that, whatever. I mean, let’s be realistic; if I say to somebody, I think you’re a UC, how many people are gonna know that stands for undercover? I was just like alright. I’m like, this dude’s totally a cop so I stop talking to him.
JACK: A couple of days go by. He doesn’t hear anything from that guy anymore but then comes a day that Sanad will always remember.
SANAD: It was December 4th, 2012 at 5:30 in the morning. [MUSIC] I have insomnia issues so I was taking sleeping meds at the time. For some weird reason they didn’t kick in until like 3:30 in the morning. Two hours later, I wake up to loud banging on my door. I’m just like who is it? They’re like, it’s the police, open up, open up. I’m thinking police? Maybe the house is on fire or something, maybe something happened or something, you know what I mean? I go to open my door and they had kicked and banged it so hard that the doorknob jammed. I’m just like, I can’t open it. They’re like, stand back. Next thing I know the door flings open. I see a shield and then guns pointed at my face. I’m in my boxers, mind you, so I just put my hands up in the air instantly.
JACK: It’s the FBI. Now, Sanad is Middle Eastern and he thought all this is probably for the hacking but he didn’t want to admit anything before he knew for sure.
SANAD: They pull me outside and it’s freezing cold. Like I said, it’s in December. My neighbors are driving by thinking that I killed the president or something because of how many FBI agents they sent to my house. It had to have been at least four dozen. There was close to fifty agents there. It was insane. I’m like what’s going on? What’s going on? The Special Agent in charge was like oh, we’ve gotta finish clearing the house and then we’ll pull you back in and we’ll talk to you. I’m like, okay. They pull us in; it was me and my dad which by the way, my dad’s like, he’s not dark skinned but he’s got a really tan complexion. He looked like he was a ghost. He was just white. They have him in the family room and me in the kitchen. They’re asking my dad, you know, your son took the project Durango. My dad’s like, the truck?
He had no idea what the hell they were talking about. They were like your son stole millions and millions of dollars and this, that, and whatever. My dad’s like no, he didn’t. He’s like, I would know if my son had millions and millions of dollars. I told the agent I’m like, he doesn’t know anything. Stop bothering him. You guys aren’t gonna get anything out of him ‘cause he really doesn’t know anything. They stop questioning him. Then they go to me and they’re like alright, they’re like, we want to show you something. He pulls out a little manilla folder and the first thing he pulls out is a picture of the Durango. I’m like okay, well, he probably [00:35:00] obviously saw that on eBay or something. Then he starts talking about Epic Games and Valve, and all this, that, and whatever. Then he pulls out chat logs between me and other people. That’s when I realized somebody set us up.
JACK: Now remember, Nathan was also raided by the FBI. You might think that all these chat logs were something they took from Nathan’s computers.
SANAD: No, they had logs from dating way before Nathan.
JACK: This was not something Nathan would have had. It would have been someone who was around much earlier than that. Sanad knew that someone in their circle had to have been an informant tipping off the FBI, providing chat logs and screenshots to them, giving up real names and locations for people. Sanad was pissed.
SANAD: The level of anxiety was through the roof. It was just so much going on. These guys with masks came in the house and went right to my room. It was insane. The only time I’ve ever seen anything like that was in the movies.
JACK: The FBI began confiscating everything from Sanad. He had a lot of stuff, too. First the FBI started taking all of the XBox dev kits from Sanad.
SANAD: There was quite a bit, probably around twenty of them.
JACK: Jeez, that’s a lot of dev kits. He had three retail XBoxes too, and a ton of other games and consoles.
SANAD: Yeah, they took a Dreamcast, they took a Nintendo 64, they took – I had a binder with a whole bunch of internal Microsoft disks and internal Sony disks and stuff like that that they took. There was a whole bunch of miscellaneous stuff they took. They got so lazy or tired or whatever of writing stuff down that they started labeling stuff like ‘bag of microchips,’ ‘bag of CDs.’ There was just so much stuff. They were literally there for like, five hours clearing up everything. My seizure list was four pages hand-written.
One of the agents goes oh, my buddy does this thing where he gets all the old Sega Genesis games and stuff like that, and he plays them. He has a whole bunch on one thing. I’m like yeah, those are emulators and ROMs and I’m pretty sure that’s piracy. Then the agent in charge was like hey, we’re not talking about that right now. I’m looking at him like, so it’s okay if you guys do it but as soon as somebody else does it, it’s not okay? I was a little ticked off. I was having anxiety and I was taking Klonopin at the time for my anxiety. He literally wouldn’t give me my medication. He sat the pill bottle in front of him and said these could be anything.
JACK: They also found some drugs that Sanad had.
SANAD: Yeah, I had some pot. The agent pulls my bowl out and brings it to me and he’s like what’s in this? I said pot. He goes, I’m gonna have it tested. I’m like, okay. He calls up the local narcotics people and they come and they scrape a little off it and he’s like yeah, it’s pot. He literally just left everything where it was. He left the pot and the bowl right on my desk when they left.
JACK: Sanad smoked cigarettes and weed but wasn’t really into any other drugs. All this was just on a casual and small scale. I don’t know if the police just overlooked it or didn’t care, or felt sorry for him but yeah, they left the pot. After the FBI finished seizing everything, they didn’t take him to jail. They let him stay home and said they’ll follow up with him later for next steps. They left a search warrant with Sanad to keep and he wanted to show the others this search warrant.
SANAD: I posted it on Facebook and Dylan saw it and decided to dox the Special Agent in charge, and the judge from Newark that signed the search warrant. He put a hit out on both of them. He put a hit out on some forum on the Special Agent in charge and the judge. I don’t know if it was a joke or you know, but still, it made me look really, really bad.
DYLAN: I went about discovering who they were, their personal information. Yeah, I probably did dox them a bit because I believe I actually posted a text file with their information.
JACK: Dylan did talk about putting a hit on the agents but this was just some sick joke that this young kid did. Nothing ever came of it.
DYLAN: As far as federal agents went, that was a stupid thing for me to say, but I did actually say it, yeah.
JACK: You kind of have this attitude of when the shit gets bad, you kind of just…
DYLAN: Dig the hole deeper. Yeah, that used to be the general way I dealt with things, I think. I was a naïve kid. I think it kind of shows how careless I was, how out there I was.
JACK: [MUSIC] When a computer experiences a [00:40:00] kernel panic, there’s no telling what it might do. It might crash. It might corrupt files. It might reboot. It might not do anything. But when Dylan would have a kernel panic, you couldn’t predict what he would do, either. Despite all of this going on, Dylan was still hacking into places everywhere because it’s an absolute thrill to get into places you’re not supposed to get into and grab stuff you’re not supposed to see, and play games you’re not supposed to play. One night, Dylan, still only seventeen years old, was focused on trying to hack into a game studio. His late-night hacking sessions were typical and this one lasted all the way to when the sun started to come up the next day.
DYLAN: I noticed oh, it’s pretty early in the morning and there’s police outside the house. [MUSIC] I guess this panic set in. I was like, shit. There was at least a dozen armed police. They were armed; they weren’t just normal police officers so I knew shit, something’s up.
JACK: It’s always so weird to me to hear that hackers get this huge army coming after them.
DYLAN: I think it’s still even to the day, you’re a hacker. Obviously, you’re a very dangerous person.
JACK: The police have their weapons drawn and start approaching the house.
DYLAN: I realized this is game-over. I powered off as many machines as I could, hid one of my laptops inside the roof cavity. I was like oh fuck, oh fuck, oh fuck. They initially knocked. They were actually about to ram the door but one of my parents actually opened it, I believe, to which they quickly searched the entire house to make sure it was all clear. They apprehended me. Yeah, so then we ended up sitting down. They wanted to – they told me basically what it’s for. I went, okay. I was very quiet to them. I didn’t really have anything to say. I guess I was even more maybe arrogant, maybe you could say, towards them.
It took them a good – I’d say it was a good several hours they spent seizing everything. Basically, it was any hardware at first, followed by any documentation. They took school bags; they took whatever they could. I actually purchased a few servers at auction which I didn’t power these up yet, but when I actually got them, they had their hard drives but no RAM. To this day I have no idea if they had anything on them. All I know was they came from the Ministry of Defense. It was the Department of Defense’s [inaudible]. They had their asset stickers there. It didn’t look good. The guy that’s being done for X, Y, and Z to do with IT happens to have these military servers.
JACK: Dylan had three XBox dev kits, one retail XBox. They took his Blackberry, two MacBooks, an iMac.
DYLAN: Yeah, then my actual PC itself. Quite a lot was taken. I think we estimated about probably $50,000, a hundred grand maybe worth of hardware.
JACK: You might be wondering how Dylan could afford all this stuff at seventeen. I wondered this too, and Dylan didn’t admit publically to me how he acquired the money. My guess is that Dylan did things outside of hacking and got away from his computer from time to time and figured out a way to make money like other rebellious seventeen-year-olds would. The police took Dylan down to the station to be processed. They tried to get a recorded confession from him while he was there.
DYLAN: I believe they asked are you gonna talk? I just didn’t even look at them. I didn’t say anything, didn’t look at them.
JACK: He didn’t really cooperate that well with the police.
DYLAN: I think I was pissed off, actually. I think I was more pissed off that I was caught. As naïve as it sounds, I think it was just we thought we’d get caught but then when we did get caught it was a bit of a surprise. I don’t think it was the sort of surprise that someone who’s scared; it was sort of surprises well, finally.
JACK: He knew he went too far and this day was coming. I think at this point he just wanted this whole thing to be over with.
DYLAN: Honestly, I think that was really where it’s at because we did so much that we just wanted it over. There was no easy way out. Everyone had that kind of attitude; how do we [00:45:00] make our exit ‘cause we’re too loud. Everyone knows. How do we exit?
JACK: The police arrested Dylan and would keep him there unless he paid his bail.
DYLAN: Yeah, so as soon as I was released on bail, on minor reconnaissance, basically, I actually went straight to the Apple store and tweeted from one of their Macs that I was arrested and raided. You think you’d learn, right, after getting arrested. No, it went from there. It was like no, okay, I’m just gonna basically tweet about it. I was like hey, I got raided.
JACK: This arrest scared Dylan and he stopped hacking for a while after that. He came home to absolutely no computers. The police even found the one hiding in his ceiling so he just spent some time thinking about this whole thing for a while. [MUSIC] Meanwhile, back in Canada, Dave is still attending University of Toronto and still doing some hacking. He had a Volkswagen Golf R at the time. He loved that car. He souped it up a lot, too. It looked slick. He wanted to buy a new bumper for it, make it look even cooler. He found a place in the states who was willing to sell it to him but for some reason, they wouldn’t ship to Canada. Justin offered to have it shipped to his house. Dave was paranoid about entering the US.
He planned many trips there but cancelled them last minute. But for some reason, he decided this time he’s going to go through with it. David liked this plan; they would ship the bumper to Justin’s house and David would drive eight hours down to Delaware and pick up the bumper, grab a bite to eat with Justin, drive back. David’s father was also in on the plan so they could take turns driving. David and his father get the family car ready and off they go. They head south from Toronto and go across the bridge into New York State. They have to go through a border patrol checkpoint. They stop the car at the checkpoint. The guard there takes their driver’s license and looks at it. They run it through the computer. After a few minutes the guard comes back to the car and says what’s Xenon? Xenon was David’s hacker name. This was his online name, his Twitter name, forum handles, and so much more was connected to this name.
David’s heart sank. The blood rushed out of his face. He was puzzled that this checkpoint guard knew this. He tried to explain to the guard that it’s nothing and he tried to play it cool. But before he knew it, a few men in dark uniforms started approaching the car. David’s dad said something’s wrong. Step out of the vehicle, one agent shouted and David and his father were whisked into a detention room. They told his father that his son was not coming back to Canada for a long time. His father was sad and couldn’t believe this, and put his head in his hands. David tried to say it’s gonna be okay dad, but his father couldn’t hear him.
David was arrested by the US police and taken to jail. David was taken into custody in a jail in Delaware and there he took a plea deal to help educate the companies he hacked to show them how he got in. David was cooperative and helpful at explaining how these exploits were used. Prosecutors were even a little impressed with how much knowledge he had as a young man to be able to do all this. Meanwhile over in New Jersey, Sanad is just trying to live his life.
SANAD: It was the end of September and I get a phone call. [MUSIC] It was some agent from Newark. He’s like hey, are you gonna be home tomorrow as October 1st? I was like yeah, why? He’s like oh, we’re just gonna come bring back some of your stuff that we didn’t need for the case and blah, blah, blah. I’m just like alright, well you guys are in Newark. I could totally come pick it up. He’s like no, no, it’s no big deal. We’ll come tomorrow and we’ll drop it off. He’s like, that’s our job. I’m like, okay. 8:30 in the morning, my door’s getting banged on. They’re like arrest warrant, arrest warrant. They sent like, fifteen, twenty agents to come arrest me when I would have gladly went over there and they could have just arrested me, like, self-turned-in. I don’t know why they went through all that trouble. It almost seems like they wanted to go out for the ride. They lock me up that day. They bring me to Delaware to arraign me.
JACK: Sanad absolutely hated being in jail and asked to be let out on bail. He’d rather be put on probation or anything. He wanted to be out of there. They told him if they let him out, he’d have to be under strict conditions.
SANAD: At the time I was like, I don’t care what the conditions are. Just get me out of here.
JACK: They agree and let him out on probation.
SANAD: I meet up with the probation officer in Delaware. He’s like, you’re gonna be on an ankle monitor, it’s gonna be GPS monitored. We’re not gonna do the phone line one ‘cause we want to know where you are at all times. There’s no [00:50:00] computer access, no internet access, no internet capable devices, no video games, blah, blah, blah. He’s like, you’re gonna submit to drug tests and this, that, whatever. I’m like, okay.
JACK: Sanad was happy to be out of jail but quickly lost himself.
SANAD: [MUSIC] Little did I know how hard it would be to completely go from having internet in your life to not having it at all.
JACK: He wasn’t even allowed to have cable TV since that could also be used for internet. He got real bored, real quick. Somehow during this time, he finally got a copy of the indictment that was against him.
SANAD: I get a copy of the indictment and I start reading about Person A from Wilmington, Delaware. We all only knew one person from Wilmington, Delaware; Justin.
JACK: Sanad was pretty upset that Justin would do that but at the same time, he wasn’t surprised since the whole incident at PAX, he’s always been very suspicious. But this solved the mystery of when he was raided that so many chat logs were in his file. But combine this with the boredom of his probation conditions, things weren’t going well for Sanad.
SANAD: I was literally a prisoner in my home. It was insane. I started losing it a little bit. I got to the point where I just didn’t even want to charge the ankle monitor anymore, and I was just sick and tired of it. I started losing it. My friends were afraid to come see me. I got so bored I couldn’t live with myself anymore. I was just like you know what? I’m just not gonna charge this bracelet anymore. I stopped charging it. The first time, I get a phone call at like 3:00 in the morning. It’s my pre-trial officer. She’s like, you need to plug your bracelet in and charge it up right now. I’m like alright, whatever. I charge it.
A few days later I decide to stop charging it again. Then April 1st of 2014, the phone starts ringing early in the morning. I’m like, who the hell’s calling at this time? I go to the family room, I pick up the phone, and this one guy’s like yeah, we’re the US Marshalls in the New Jersey State Police. We have an arrest warrant for Mr. Nesheiwat. I’m like, it’s April 1st; somebody’s gotta be playing a trick on me. I look out the window and there was a US Marshall standing right there. I open the door, he just walks right in, and he pulls out the chains and everything. He’s like, you’re coming with us.
JACK: During Sanad’s probation, David was still in jail. The police put David in the back of a van to drive him to court to talk to a judge, some pre-hearing thing. But there’s someone else in the back seat too, a twenty-year-old white guy; lanky, freckled, long hair. David recognized him. It was Nathan. Nathan had been arrested too and now all three of them were in custody facing court appearances. This was the first time David met Nathan in person and here they are in the back of a police van. After Nathan was raided, he was done with hacking. It freaked him out and now that he was arrested on the way to court, this freaked him out all over again. He wasn’t taking this well. David told him that it was Dylan who took this all too far. Dylan’s an asshole. David even told Nathan you can rat on me or do whatever because you don’t deserve this shit. Let’s just do what we gotta do and get outta here.
David felt bad for Nathan because of all the people in the group, Nathan was the least involved and had one of the best futures ahead of him. The three of them would go in front of a judge many times, this time with just a set bail. David opted out of getting out on bail but Nathan did want out. The judge did grant him bail. Nathan paid his bail and went to live with his parents in Maryland. He had to wear an ankle monitor at all times and report his whereabouts frequently. While living there, Nathan grew increasingly paranoid. He was scared. He didn’t want to go to prison. He thought he wasn’t tough enough for it. He thought he was going to get raped or murdered there. It was just too much to bear the thought of it, so on June 16 he clipped off his ankle monitor and made a run for it.
[MUSIC] He paid a friend to drive him four hundred miles north to the border of Canada. There they would try to smuggle him into Canada somehow. They drove seven hours to the border and they arrived at the checkpoint. They tried to act as inconspicuous as possible; just gonna pass right on through. But for some reason the car was stopped by the guards at the checkpoint. They’re just a few hundred feet from the border. Canada was so close. Border guards weren’t letting them in though, and started coming to the car. Nathan panicked and got out of the car and started running for the border. He was on the bridge and on the other side of the river was Canada. If only he could get there, everything would be okay. He ran as fast as he could, even [00:55:00] contemplating jumping off the bridge at one point, but the border guards caught up to him and surrounded him.
To Nathan, jail was not an option at all. In a moment of total fear and rage, he pulled out a knife out of his pocket and began stabbing himself all over, including the neck, until he collapsed. Nathan woke up in an intensive care unit in Ontario, Canada. He had wounds and bandages all over but he soon stabilized. They took him back to the US and put him back in jail. I can only imagine the deep depression that Nathan must have felt being there. I mean, it seems like he would rather die than go to jail. They took him to the very place he hated most of all. If you had to pick between jail and death and you got both, how terrible would you feel? Such a horror. Now he has to stay in jail and wait for his court hearing. [MUSIC] David, Sanad, and Nathan were all back in jail at this point, some of them returning for a second time. They were all being held in the same jail but really weren’t allowed to see each other.
SANAD: Nathan I met before Dave. They brought him to put him into a suicide watch room which was on the unit I was in. As soon as I saw him – he looked way different. He had a scar on his neck close to his cheekbone, almost. I guess he tried to cut his own throat. His hair was very short. I’ve never seen his hair short like that. They had him on suicide watch. They wouldn’t let me talk to him. A few days later they sent him to a different unit. Then I met Dave when we went to go to our plea hearing. When I walked on the elevator, the first thing he said to me was hey, Sonic.
JACK: Sonic is Sanad’s hacker name. This was the first time the two of them met in real life.
SANAD: We both rode on the same van together, we sat in the same bullpen together. I mean, I had nothing to say at first. Then when we sat in the van and started talking, he was like you know Person A is Justin, right? I’m like yeah, I know.
JACK: They all waited in jail for about a year for their trial to begin. The three of them come together for their trial; Sanad, Nathan, and David.
SANAD: We ended up pleading guilty to conspiracy and the two charges were unlawful access to a secure computer network and criminal copyright infringement.
JACK: Sanad was worried that he’d have to go to prison for five years but the judge told him he only had to serve eighteen months in prison. The judge also told David that he had eighteen months in prison. But the judge gave Nathan twenty-four months. After Sanad and Nathan were sentenced, they were put in a holding cell together. Sanad’s sentenced included time served and since he already was in jail for fifteen months, this meant he only had to do another three months before getting out. That wasn’t so bad. Nathan wasn’t taking this at all.
SANAD: It was pretty bad. Nathan was crying, like a lot. I actually felt really bad for him. I tried to talk to him a little bit and he just really didn’t want to hear it. He was very distraught.
JACK: David, Sanad, and Nathan were all locked up in prison to serve out their time. Back on the other side of the globe in Perth, Dylan was facing a world of legal battles.
DYLAN: I guess I pled not guilty to the sense that they tried to hit me with everything when it wasn’t everything that I did. At the start they put a lot of false charges on me.
JACK: They were saying he had child exploitation material on his computers and other things that he didn’t actually have or do. Waiting for his trial seemed to take forever. He battled with courts for three years.
DYLAN: What was happening was I wanted a trial by jury and they didn’t really like that, but that was my legal right so this hearing was for it go from the Children’s Court to move to the District Court.
JACK: This again delayed all kinds of stuff and caused more complications for the courts.
DYLAN: They basically said okay, so we’re gonna move it. No one really objected it. But we’re gonna take your passport. [MUSIC] Before then, I was able to travel. I was able to do whatever I wanted. I was traveling, even. I had no problem going abroad and back. But all of a sudden, three years later, I’m a flight risk? It was an odd way to do it. I guess what I didn’t like was I was losing my freedom there. Three years later, you’re already passed what you did as a kid. You’re not focused on that anymore. Yeah, so they basically wanted to take my passport. Within forty-eight hours I had to surrender it. Within six hours I was on my way to Dubai.
JACK: Where were you trying to – what was your destination?
DYLAN: My destination was [01:00:00] one of three countries. I ended up with the Czech Republic.
JACK: ‘Cause that’s where you have some roots, right?
DYLAN: That’s where I have citizenship, yeah.
JACK: Oh, okay.
DYLAN: As a citizen, there was – you can’t really be extradited as a citizen.
JACK: Dylan’s mom was originally from the Czech Republic but moved to Perth. In fact, Dylan was a Czech citizen so he felt safe to hide out there for a while. At first it was fine, no police. The Australian government didn’t actually try to come after him. Hm. This might work.
DYLAN: Until they eventually actually charged my mother. Because she was on my bail application, they charged her with perversion of justice.
JACK: His mom was being blamed for driving him to the airport and giving him money to leave. Dylan says he used his own money and took a taxi to the airport, but he wasn’t there to testify so the jury believed she was guilty. They sent her to prison.
DYLAN: Eighteen months for perversion of justice for not even what was alleged, but just because the jury believed.
JACK: Dylan’s mom served a full eighteen months in prison and then was released.
DYLAN: She could have had a new trial but I guess it’s the sense of you just want it all done with.
DYLAN: Yeah, it’s kind of the harsh reality of everything. Someone’s gotta go down for something.
JACK: Your poor mom, though.
DYLAN: I know, I know. For something that she didn’t even do.
JACK: She’s gotta hate you at this point. What is your relationship now?
DYLAN: It’s great. It’s not bad. I don’t think anyone holds it against me. I think everyone that sees it is that – these police misused their power. They abused it a bit further than they should have, took it a bit too far, and that’s just how it was. If you ask them now, they’re not actively pursuing me. They don’t care about me. I sometimes put it as I’m probably the most unwanted fugitive.
JACK: Since then Dylan has never been convicted, nor served any prison time for his hacking, nor has he ever returned to Australia, the place where he spent his entire life living.
DYLAN: I lost quite a lot in this. Yeah, it hits a toll on you, always.
JACK: Now Dylan is living in the UK and isn’t worried about all his past catching up to him. He thinks that enough time has passed and if something was gonna happen, it would have happened by now. He even gives talks openly at conferences and discusses what he did. It’s weird to me, I know, but perhaps you just can’t catch everyone sometimes. There were a lot of people in this hacking circle and half got away. Dylan was one who got away, and now that the Statute of Limitations are up in the US, which is the only one who really wanted him, then it actually does seem over. Currently, he’s working as a security researcher in the UK and he applies his knowledge to help find vulnerabilities in other companies. But everything he does is now legal.
DYLAN: 100% legal, 100% above board. I keep very good records of conversations, very good records and logs of what we access, what we do.
JACK: Yeah, somehow, he has no fear at all about police coming after him anymore.
DYLAN: Look, I’ve worked with police. I’m active in the community. I go to every single InfoSec convention, London XYZ, you know. I’m not hiding ‘cause I’m not doing anything wrong. I did something when I was a kid, when I was a teenager, an underage teenager. It was wrong. I learned from that. I don’t judge someone on their past. I think judge someone on their present. We all do stupid things in our past. We can’t change that but we can always make a better picture for ourselves.
JACK: [MUSIC] As Sanad sat in prison and looked over his court documents, something didn’t add up. Austin was added to his indictment as a co-conspirator. He’s the one who was doing a lot of hacking with them and then went off to make FIFA coins with Anthony. Austin was listed as a co-conspirator in the indictment and was also facing charges. Okay, this makes sense but something’s missing here; where was Austin? He was actually in court, but very briefly, and wasn’t arrested and didn’t get sentenced even though it lists him as a co-conspirator.
SANAD: I kept wondering why Austin never got locked up. His sentencing was supposed to be around the time I was supposed to be getting released. He never had sentencing. I never knew that he was bringing in those four other people on that case.
JACK: There was a separate case going on. When Austin and Anthony were hacking the FIFA game to make [01:05:00] coins and sell them, they got some people pretty angry and the police went after Austin. But Austin didn’t serve time for that case, either. Instead, Anthony and a few other guys were brought to court for that case.
SANAD: He gave up four people in exchange for his time.
JACK: Skitzo thinks that Austin may have bribed his way out of jail. But for whatever reason, Austin was let go and Anthony was left high and dry, holding a mountain of legal problems. The courts wanted to convict Anthony of one count of conspiracy to commit wire fraud. Anthony’s lawyers were hopeful that they could get the case thrown out because it clearly said in EA’s terms that FIFA coins had no monetary value. Acquiring them and selling them should not have violated any laws. But Anthony had sold a lot of coins, millions of dollars worth, along with a few other people who were involved. Anthony was still a bit worried. As his trial date got closer and after seeing David, Sanad, and Nathan end up in prison, he got more nervous about what would happen to him. He had to wait for months for his court day to come. The waiting was stressful and depressing for Anthony. By this time, Sanad had been released from prison for a while.
SANAD: I was talking to another friend of mine and we’re just talking about everything. Actually, I asked him; I said oh, how’s Anthony doing? You still talk to him? He’s like, Anthony’s dead. I’m like, what? He’s like yeah, he died. I’m like, get outta here. You must be joking or something. Then I started reading articles online and stuff and it was a reality.
JACK: Anthony died from a mix of alcohol and medication. Those close to him say it was not suicide.
SANAD: I mean, honestly, it still has me kind of screwed up.
JACK: Anthony was twenty-seven years old when he died and was worth four million dollars, which I’m pretty sure he got that by selling those FIFA coins. It was that lucrative. When the crew learned about Anthony’s death and put the pieces together, they thought Austin probably turned him in. This created a new sense of bitterness towards Austin.
SANAD: Austin, I never liked. I talked to him one time. He came into the picture way after me. I never liked the kid. It wasn’t that I didn’t trust him; I just didn’t like him.
JACK: At this point all three of them, Sanad, David, and Nathan were all done with prison and they were out. There was various levels of probation for all of them. David went back to Canada and still wonders how all this got out of hand. He just wanted to play around but things just went too far. He went back to school and finished his degree, and he still owns that VW Golf R. He’s trying to build a career in security. But Nathan didn’t have such a good experience after prison. In fact, the last few years were particularly rough on him. Nathan’s incredibly smart. Some in the circle even call him a genius.
DYLAN: I really saw Nathan as a very great person, very talented programmer, very kind, really.
JACK: His family wasn’t able to fully pay for his schooling but during all that hacking, he was going to University of Maryland. In fact, Nathan wasn’t even hacking that much with the group.
DYLAN: Nathan didn’t play a big role in it but Nathan was still part of the core group at the time.
JACK: He focused more on school even though he could barely afford it. When they sold the Durango, Dylan gave him a cut of the sales. While Dylan spent his money getting more computers, Nathan spent his share on something else.
DYLAN: He decided to stick his money into his college fees.
JACK: He was really just part of the family, and such a nice guy. They felt bad that Nathan not only had to go through all this, but got even more of a sentence. David even told them back in the van, you don’t deserve this shit. Rat on me or do whatever you have to. While Nathan was out on bail living in Maryland with his family, he came out and told his family he was gay. After professing his homosexuality, he lost some of the support he needed which is another reason he tried to run for the Canadian border. When he got caught and was brought back to the place he hated more than anything in life, he actually came out as transgender and started identifying as a woman. Nathan began calling herself Holly. To spend two years in prison as a male identifying as a female has to be really, really rough. It’s like doing prison on hard mode.
Without the support she needed from loved ones, it must have been horrible for Holly. It makes sense why she had such a hard time after the sentencing. When she got out of prison, Holly didn’t see a positive future ahead for herself. I don’t know what the situation was, whether she had a bad probation officer or a bad home life situation, but [01:10:00] it got extremely depressing for her. You can feel especially depressed if it feels like no one cares for you. About a year after Holly was let out of prison, she ended up in Fresno, California. From there, she met up with another woman and they decided to do something together. They got some supplies and checked into a Motel 6. Well, I’ll let the local Fresno news station, KSEE 24 explain the rest.
REPORTER: You can see it right behind me, this Motel 6 now surrounded by police, fire engines, and Chief Jerry Dyer just briefed us minutes ago. He says that two motel workers were smelling toxic fumes coming from a motel room. This call came in as a possible hazmat situation. According to Chief Dyer, it’s some sort of sulfuric acid.
CHIEF: Also confirmed that there’s two deceased females. There is some type of a chemical-making process inside. There appeared to be respirators on the two females. We’re not certain at this point whether or not this is a murder-suicide or maybe a double suicide or accidental death.
JACK: [MUSIC] While all these people were getting arrested and sent to prison, Justin, or MTW, or Person A continued to scam Cisco and Microsoft by requesting replacements for devices he didn’t have. He was pulling in tons of cash doing this, too, and somehow, he was doing this under the watchful eye of the feds. But now that the feds caught everyone they were after, they didn’t have a need for Justin anymore. I think they revoked his free pass. Justin got arrested and pled guilty to thirty-five counts of mail fraud and laundering. The court documents showed that he issued hundreds and hundreds of returns, or RMAs, like Cisco 3850 switches and Microsoft Surfaces.
The records indicate he made about $300,000 from these scams. Justin is currently sitting in a jail waiting for his sentencing hearing. He could be facing years in prison for all this scamming he did. [MUSIC] When Sanad got out of prison, he had to go through probation. He had to check with a probation officer and follow strict rules. But he didn’t get along with this probation officer at all. After prison, Sanad got a full-time job and started going to school full-time. But the probation officer kept pushing him.
SANAD: She had the nerve to tell me you could do more with yourself. Like, I don’t know how much more you want me to do. Not many people will work full-time and go to school full-time as is.
JACK: One of the terms of his probation was that he would be allowed to use a computer if he went to school, but his probation officer refused to let him use one.
SANAD: You know how hard it is to go through college without a computer?
JACK: During this time, the probation officer visits Sanad at his home a bunch of times and checks on him, but he starts just hating how she’s treating him.
SANAD: She kept pushing my buttons, pushing my buttons, pushing my buttons. Everything that I would ever ask her would always be a no. For example, I would want to go down and see my sister in Virginia or something, and it’s no. She would come up with the craziest reasons to why she wouldn’t let me do anything. It was December of 2015, the whole thing in San Bernardino had happened. I just started this job at a vaper shop, I’m there for a few weeks, and these two guys come in. As soon as I saw them, I’m just like, these guys are federal agents. We go to the back room in the shop and they sit across the table from me and I’m sitting down. They start asking me questions. They’re like oh, can you tell us about your encrypted chatting and your chatting over XBox Live and PlayStation network, and all this stuff.
I’m like, that’s all in my paperwork. They’re like oh, this is completely different from the Baltimore investigation. I’m like, why do I feel like I’m being interrogated? I’m not sure if it’s because the whole thing with Dylan leaking the information on the Special Agent and the judge. They wouldn’t show me their actual badges with the names on them. They just showed me their little shields. Then he was like, I’m Agent So-and-so and this is Agent So-and-so. We’re from the JTTF and I had no clue what the hell the JTTF was. I’m like, what’s the JTTF? He’s like, the Joint Terrorism Task Force. He says this; my heart literally stopped for a couple seconds. My mouth dropped. I was in complete shock. Why are these people here? He starts talking about the San Bernardino thing and all this other stuff. I stop him and I’m like, honestly, I’m like, I feel like you guys are just [01:15:00] here because I’m Middle Eastern.
JACK: Suddenly Sanad feels like he’s being interrogated as a possible terrorist and it really bothers him. Under the Patriot Act, suspected terrorists can be treated very differently than regular criminals, but Sanad’s boss stands up for him and she starts telling them hey, he’s already served his time. Leave him alone. So, they leave but Sanad finds out that the two agents first had a chat with the probation officer who told them to go visit him at work. This really bothered Sanad so much more.
SANAD: Like, you’ve been to my house so many times and you know I’m not a violent person. Why didn’t you just tell them to come to my house and talk to me? Why would you let them come to my job? When I confront her about it and she saw how upset I was, she had the nerve to tell me well, you just need to move on from this.
JACK: The pressure from this probation officer was just growing more and more for Sanad. It was just too much for him to handle at this point. [MUSIC] Even though he was living at home and his dad was there for him, Sanad was in a dark place. It was a really bad time, even worse than prison.
SANAD: I was depressed. They put me through so much that I was just sick and tired of it.
JACK: The pressure was enormous. The depression was unignorable. Everyone has a breaking point and this was Sanad’s breaking point. He couldn’t deal with this anymore so he bought some heroin, too much for any one person to need. One night when the depression got too bad and everything was just too much, he fixed up some needles.
SANAD: I tried to overdose on opiates, specifically heroin.
JACK: He loaded up the needle with what he knew was too much, then he shot up. He closed his eyes. Everything went dark. He fell over onto the floor. His dad was home at the time.
SANAD: Yeah, they heard a thump and then they went to my room. They found me laying on the floor, unconscious.
JACK: His father called 911 and the paramedics arrived quickly and injected him with Narcan, a medication used to block the effects of opioids. Within a few minutes, the Narcan kicked in and Sanad came back to.
SANAD: Oh God, it was the most painful feeling in my life. I honestly felt like I got hit by a truck. My whole body just felt so sore and achy. It was an extremely horrible feeling.
JACK: They took him to the hospital for treatment and his probation officer visited him there. Sanad asked if she’s going to violate him for taking the drugs but she told him no, she won’t. He takes it easy for a while to recover from this incident.
SANAD: There was a family wedding that my family wanted me to go with them to. It was out of state. It was in New York so I had to get permission. So, I call her up to ask her for permission and that’s when she was like, we’re not letting you go out of state. We’re violating you. Mind you, where I was going was only an hour away from where I lived anyway.
JACK: The violation is bad on probation. It means you might have to go back to prison or serve some jail time, or get more probation. Whatever the violation was, Sanad was not seeing a bright future for himself.
SANAD: It got to the point where I was like well, they’re violating me, I might as well just get as high as possible. [MUSIC] Things started getting really out of hand. I literally went into the court room beyond blitzed. It just got really, really bad so they put me in Essex County for three weeks, and then they put me in a rehab program in Newark, New Jersey which honestly, that place was a complete joke. It was literally a money mill.
JACK: Sanad spends four months in rehab then gets to come home. But the rehab worked though; he’s feeling clean, he’s got no urges to take any drugs. He’s doing good. But then he gets sick.
SANAD: I get yearly bronchitis so I coughed so hard one day that one of my ribs snapped. It was the most painful feeling I’ve ever had in my life. I can’t even stress how painful it was. I go to the hospital. The orthopaedist puts me on Oxycodone and I’m on it for quite some time. Before I’m supposed to get off, I tell the probation officer, I’m like look, I need to go on something, [01:20:00] Suboxone or something to slowly come off this. I’m like, if you guys cut me off this, I’m going to get sick.
JACK: People who are on opioids like Oxycodone for even just five days have a high percentage of becoming addicted to other opioids like heroin. He asked his probation officer for help coming off of it so he doesn’t relapse.
SANAD: She’s like no, you’re just trying to use it as a crutch, and that’s all you’re trying to do. Her boss is agreeing with her. He straight up called me a frequent flier. She gives me this hard time and basically, they kick me out. They’re like no, we’re not doing it. Of course, I get sick, and the only thing I knew that would take away that feeling was more opiates. Oxycodone’s not very easy to find on the street. The only thing I knew what to get was heroin because that’s the easiest thing to find in New Jersey.
JACK: Sanad begins doing heroin to get his fix but soon after that, the probation officer finds out he’s on it. She shows no sympathy for him and brings him directly to court to see a judge.
SANAD: When I went to court, the judge was like, I understand you broke your rib and I know how painful that can be, but I’m doing this to save your life. Then she gave me nine months in federal prison and another year of probation.
JACK: Sanad serves his nine months in prison which he has many more stories about being in the SHU, and other issues that went on there. When he gets out, he gets permission to move to West Virginia to live with his sister. Perhaps a change of scenery will help him serve his probation better.
SANAD: Honestly, my probation officer down here is awesome. She does not bother me. She’s basically like, look, just pass your drug tests. Don’t catch any new charges, don’t use any unauthorized computers, we’re good.
JACK: Yeah, so tell me about your computer usage today. What are you allowed to use computer-wise?
SANAD: The smart phone that I’m talking to you on, and it has monitoring software on it.
JACK: [MUSIC] In the last eight years, Sanad has not been able to use any technology other than this phone he’s allowed to use. No video games at all. No video games for eight years. But in August of 2019, just last month, his probation was done. He served all his time and now he can go and play video games if he wants. He said that on midnight of that night he was gonna go play Halo. In case you’re wondering how I made this episode, Sanad’s phone sucks and since that’s all I could talk to him with, I found a person in West Virginia to help. Her name is Diane. She had a mic and was willing to record this interview for me. I appreciate Diane’s patience.
SANAD: I’ll let her know. He said he really appreciates your patience.
JACK: Oh, and Sanad has been sober for a year now and feeling much better about life. All this brings us to today. Wow, what a magical time to look back and see what the XBox had to go through to become what it is today. The XBox hacker scene in the 2010’s was a special era to be part of.
SKITZO: I really don’t think something like this will ever happen again, of how fucking wild and insane it was. It was anarchy.
JACK: Why wouldn’t it happen again?
SKITZO: On the console side shit’s locked down like a motherfucker now.
JACK: That’s ‘cause someone ruined it.
SKITZO: Yeah, we did. Thanks, MTW. No, but I mean, as I said, the overlap of groups and communities and stuff like that, the wild west that PartnerNet was. Things now are on The Wild List and stuff like that. Security is taken to a different level. Based on the Microsoft side of things, there’s no dev kits anymore. There’s no specialty or proprietary-made units anymore. Security is a huge, huge focus now and rightfully so. It’s been how many years since the XBox One has been released, and you don’t really hear anything being done. Not to say that there isn’t work being done in the background, I’m sure there is, but it’s not public. You don’t really hear much of anything public. From what I’ve heard, it’s a very tight-knit group and even at that point it’s – not much is being done progress-wise that is worth this shit, let’s put it that way. If I’m wrong, so be it, but this is what has been conveyed to me.
JACK (OUTRO): [OUTRO MUSIC] You’ve been listening to Darknet Diaries. Thank you so much to Sanad, Dylan, and Skitzo for sharing this amazing, incredible story with us. You guys are unbelievable. Oh, yeah, bunnie, thank you too. [01:25:00] Think this story is too crazy to be true? Well, this was actually the cover article for Wired Magazine back in the May 2018 issue which was written by Brendan Koerner, so thanks Brendan for all your work you did on that story, too. But you can also go to darknetdiaries.com where you can see links to news articles, photos, indictments, and all kinds of court documents that I had to meticulously comb through to fact-check this story. Amazingly enough, it all checks out. Hey Dylan, I heard you got harassed by a vendor once and got kind of shoved and pushed around. You want to tell us that story?
DYLAN: Okay, yeah. Where do we begin?
JACK: Oh, actually, wait. Let’s do this; that’ll be a bonus episode that will be available for Patreon users in a few weeks so if you want to hear that story, go to patreon.com/darknetdiaries and look for it in a couple weeks. This episode was created by me, the best warthog driver you ever did see, yee-haw, Jack Rhysider. Editing assistance is from my personal Cortana Damienne. The theme music and other songs for this episode was created by Breakmaster Chief Cylinder. [ANGRY ROBOT NOISES]
[OUTRO MUSIC ENDS]
[END OF RECORDING]