Jan 14, 2022

Darkode

It would seem that hackers today can do just about anything they want - from turning on the cellphone in your pocket to holding your life's work hostage. Cyber criminals today have more sophisticated tools, have learned to work collaboratively around the world and have found innovative ways to remain deep undercover in the internet's shadows. This episode, we shine a light into those shadows to see the world from the perspectives of both cybercrime victims and perpetrators.

First we meet mother-daughter duo Alina and Inna Simone, who tell us about being held hostage by criminals who have burrowed into their lives from half a world away. Along the way we learn about the legally sticky spot that unwitting accomplices like Will Wheeler find themselves in.

Then reporter and author Joseph Menn tells us about the surprisingly lucrative professional hacker structure in places throughout the former Soviet Union. Finally, the co-creator of one of the most notorious online marketplaces to ever exist speaks to us and NPR cyber-crime expert Dina Temple-Raston about how a young suburban Boy Scout can turn into a world renowned black hat hacker.

Support Radiolab by becoming a member today at Radiolab.org/donate.

Radiolab is on YouTube! Catch up with new episodes and hear classics from our archive. Plus, find other cool things we did in the past — like miniseries, music videos, short films and animations, behind-the-scenes features, Radiolab live shows, and more. Take a look, explore and subscribe!

THE LAB sticker

Unlock member-only exclusives and support the show

Exclusive Podcast Extras
Entire Podcast Archive
Listen Ad-Free
Behind-the-Scenes Content
Video Extras
Original Music & Playlists

[RADIOLAB INTRO]

LATIF NASSER: Hey this is Radiolab. Last year…

[MUSIC IN] 

[NEWS CLIP: A cyberattack disrupted the colonial pipeline…]

LATIF: Was a big year for cyber crime.

[NEWS CLIP: The FBI confirms it’s investigating 100 different types of ransomware attacks.]

LATIF: According to the FBI, the amount of money taken by ransomware has gone up by more than 1000% over the past five years. And this has got us thinking about this episode we did on this new kind of crime way back in it’s relatively quaint early days in 2015 called Darkode.

[MUSIC OUT]

JAD ABUMRAD: Hey. I'm Jad Abumrad.

ROBERT KRULWICH: I'm Robert Krulwich.

JAD: This is Radiolab and today…

ROBERT: Well, today we're going to tell you a story which we hope does not become your future, but it raises a simple question. We all have computers. We love computers. We depend upon computers. But what if the cost of using your computer becomes more than you're willing to pay? Two stories today, which suggest that we might be at the very beginning of a nightmare.

JAD: [laughs] The first comes from a journalist, Alina Simone and her mother, Inna.

ALINA SIMONE: I mean, do you want to start with my mom? Because it really happened to her. You know, she only got in touch with me maybe on day six.

INNA: Are you talking to me, or her?

ALINA SIMONE: Yeah.

JAD: Okay. So what – yeah, day one. What was the first, first thing that happened?

INNA: On day one, what happened that I called Tufts University IT services – because my husband works at Tufts – complaining that my computer is unbearably, unbearably slow.

JAD: She tells IT, "I don't know what's going on. Every time I try an open a window, it's like 'click ... oop ... click.. oop.'"

INNA: Practically stopped working.

JAD: "What do I do?"

INNA: They checked, whatever, said, "Probably nothing." Rebooted. So did nothing, basically. Then…

JAD: She went away for the weekend.

[MUSIC IN]

INNA: And when I came back I turned the computer on and like it was doing something. And I saw many, many windows…

JAD: Covering her screen. Boop, boop, boop, boop, boop, boop!

INNA: And those windows multiplied.

JAD: Doop, doop, doop.

INNA: I cannot open any of them and I could not figure – but it was very late at night. So…

[MUSIC OUT]

JAD: She went to bed, got up the next day…

INNA: Called the Tufts again, asking for help.

JAD: They had no idea what was going on.

INNA: No.

JAD: But she says at this point, whatever the computer had been doing…

INNA: It was done. All the windows disappeared.

JAD: Except now, anytime she tried to click any of her files…

INNA: The pictures, videos, I cannot open any of them.

[MUSIC IN]

JAD: Instead, every time, this message would pop up.

INNA: And the message says ...

ROBOT: What happened to your files?

INNA: All my files…

ROBOT: All of your files have been protected with a strong encryption….

INNA: Encrypted…

ROBOT: Using CryptoWall. This means that the structure and data within your files have been irrevocably changed…

INNA: And in order to get them back…

ROBOT: To unlock files, you must pay 500 US dollars. If you really value your data, then we suggest that you do not waste valuable time searching for the solutions because they do not exist.

[MUSIC OUT]

ROBERT: You're saying that somebody went into your computer and locked up all of your things?

INNA: Yeah. They gave me the exact count.

ROBOT: 5,726 files encrypted.

ROBERT: Wait. When you say, "they," did you have any image in your head of who ... ?

INNA: My first thought was Russia or Ukraine, which is even better.

ROBERT: Why?...

JAD: Why?...

INNA: Because, you know, everybody talks about excellent, fantastic education there. Especially math. I'm from there, I know.

ALINA SIMONE: You know she's right. They've surpassed the US in educating their kids when it comes to math and science. And they've got a severe underemployment problem, especially outside of the major cities, which is where these viruses often trace down to. Not Moscow and St. Petersburg but we're talking about, you know, backwater.

INNA: I was so positive that it comes from that part of the world that I wrote them in Russian.

JAD: Apparently the criminals, they had provided her a link to a website where she could send them a message. You know, customer support.

INNA: I wrote them [speaks Russian]. I don't know how to translate it in English more accurately. Something like, "I wish you all die," or "Drop dead."

ROBERT: Wish you all die?

INNA: But in Russian language, there is a word “to die” for humans, or another word for animals.

JAD: So you said…

ROBERT: Oh! You used the animal one.

INNA: Yes. Not a curse, but you know – they got the message.

JAD: Now, Inna says she thought about just wiping the computer clean. So that she wouldn't have to pay.But then it occurred to her that her husband had all these files on there…

INNA: Which he needed.

JAD: You know, like business receipts that he hadn't filed yet.

INNA: Which he's lazy to do so he asked me to help.

ALINA SIMONE: And she's right, that like, you know, she has this tax information, this reimbursement information. Ultimately, it's worth more than 500 dollars.

INNA: My husband did not want to pay, I overruled him.

[MUSIC IN]

JAD: So Inna decides…

INNA: To follow the instructions, basically.

ROBOT: One. Download and install Tor browser.

JAD: So she goes and installs this browser called Tor, which apparently…

INNA: Is not traceable.

ROBOT: Two. Run the browser and wait for initialization.

JAD: She does that.

ROBOT: Three. Type in the address bar, K-PI-7-Y-C-R-7-J-A-X-Q…

JAD: Then she's directed to a site where it basically tells her, "Look, if you don't trust us…”

INNA: "We can decrypt one of your files for free, as a sample that when you pay us, you would know that you could really get all your files back."

JAD: Huh.

INNA: And I was curious. I decided that I will try it.

JAD: So she clicked the button that said yes and doo-do-loop!

INNA: I got one file back, but as soon as I did, the clock start ticking.

[MUSIC IN]

JAD: Literally, she says a little clock appeared at the top of the browser.

INNA: They gave me exactly seven days.

ROBOT: 167 hours, 59 minutes, 59 seconds.

JAD: Oh. So you decrypt the thing and then suddenly it's a countdown?

INNA: Yes! They say, "If you won't pay by this date, then the fine will be doubled and if you won't pay in one more week, then you will lose your files forever and you will never get it back."

JAD: Now, in the message it had told Inna that she had to pay that 500 dollar fine not in dollars, but in Bitcoin.

[MUSIC OUT]

INNA: You know, I – this was the first time in my life, ever, I heard the term 'Bitcoins.' So I found this website…

JAD: Called coincafe.

INNA: Where you can buy Bitcoins. And to buy these Bitcoins is a nightmare. It's a torture.

JAD: What she needed to do was exchange 500 bucks for the requisite amount of Bitcoins. And at the time 500 bucks equaled 1.37 Bitcoins. But before she could even make that exchange, she had to fill out all these forms with all these questions.

INNA: "What happened? What is the reason to buy Bitcoin?" And reasons were listed, one of them was ransom. So they knew, they knew…

ROBERT: [laughs] That's a category?!

INNA: Yes. It was the first reason, to pay a ransom to the criminals.

[MUSIC IN]

JAD: Next, she says after you fill out all the forms…

INNA: You have to make a picture and send them a photograph through the internet. Okay? I did not have a camera because…

JAD: She says your camera happened to be in the shop.

INNA: Oh! More than that, I have to make a picture of my husband holding a driver's license. Send them this picture back so they would…

ROBERT: But is this the bank, or the criminals? Or the…

INNA: No! This is the people who sell you Bitcoins…

ROBERT: Oh my god!

INNA: In exchange for your money. I told you that it's a torture. It's unbelievable.

[MUSIC OUT]

JAD: But eventually she was able to find a neighbor, borrow the camera, take the picture she needed to take. Then she had to get the money she wanted to exchange to coincafe and it turns out the preferred way to do it, the most secure way to do it, is not online, but through a money order.

INNA: This was the day right before the Thanksgiving, Wednesday.

JAD: She still had about six days before the deadline, so she thought, "All right, I'll just pop down to the post office, get a money order."

INNA: But…

[NEWS CLIP: Live from Boston, WVT…]

INNA: Lexington and the whole Massachusetts had a terrible, terrible snow storms.

[NEWS CLIP: For a lot of us, this could be the biggest storm so far this winter…]

INNA: Undriveable roads...

[NEWS CLIP: And significant snow, a wet snow at that…]

INNA: But I had to go to the post office.

JAD: So she plows through the snow, almost kills herself, but gets there, gets everything together, sends it off. And it's like, "All right."

INNA: So finally I send everything out. The post office assured me that they will get it on Friday, which is the first working day after the Thanksgiving. Okay, so on Friday…

[MUSIC IN]

JAD: She called coincafe.

INNA: They did not get it. On Saturday, they did not get it. On Monday, in the morning, nothing was delivered. And I was desperate because my deadline was Tuesday, something like 12 o'clock. And I start calling the post office, whatever. Nobody knows anything. They said "Yes, two days, but there is no guarantee."

JAD: Finally…

[MUSIC OUT]

INNA: 4 o'clock in the afternoon on Monday…

JAD: About 24 hours before the deadline…

INNA: They got it.

JAD: Phew!

ROBERT: Yeeeah!

INNA: And they send me Bitcoins in exchange because they got my money.

JAD: But she says when she went online to check her Bitcoin account…

INNA: I'm 13 dollars short. Because of the exchange…

[MUSIC IN] 

ROBERT: [laughs] So you get only 400 and…

INNA: And I start calling them…

JAD: Basically, the exchange rate had changed on her. She had bought it at 500, now it was worth 487.

INNA: I asked them, “How often do you change the exchange rate?” And they said, "Every minute." [laughter] But it's not a joke, every minute. I said, "Are you crazy?" I was a double victim. I was victim² or victim³. You see what I mean? [laughter] Because driving was terrible. I have to stand on my head to get a camera and then I was struggling to send them.

ROBERT: That's the problem with this crime. Like the criminals need a better way to get money from the victim.

INNA: But everything else is traceable.

JAD: I'm on the edge of my seat here. So the – you're 13 dollars short, [laughs] how did you ...

INNA: I am calling. They said, "There is one more way. One more way." “And what is it?” "We have a ATM machine."[laughter] I said, "What?" "Yeah, we can have an ATM machine. Only one." And I said, "Where is it?" "It's in Brooklyn."

ROBERT: Brooklyn, New York?!

INNA: Yeah.

ROBERT: Oh, no!

JAD: 200 miles away.

ROBERT: Wait a second, I don't understand this. There is one ATM that is in the borough of Brooklyn, where you do not live?

INNA: Exactly.

ROBERT: Ah!

JAD: But luckily her daughter, Alina, lives in Brooklyn.

INNA: You asked me how my daughter got involved, that's how.

JAD: So she calls Alina.

ALINA SIMONE: Yeah. My mom called me the night before the ransom was due, so I…

ROBERT: Were you aware of any of this at – up to this point?

ALINA SIMONE: No, no. I remember, you know, it was at night. I had the TV on and I have a toddler, you know, it’s all these things going on. I was probably on my laptop, too. I was doing like 12 things. And my mom called and she was like Upset with a capital U. She started ranting about criminals and ransom [laughter]and I literally thought she was like talking in air quotes. I'm like, "Oh yeah, I know when I go to tech serve and like, yeah, there's extortion!" And my mom was like, "No! Like, no! There's really a ransom! No, they're really criminals!"

JAD: Her mom told her, "Google 'CryptoWall.'"

ALINA SIMONE: And I was like, "Holy [beep], this is really a thing!" Plus, I started Googling, as she suggested I do, and found out that police departments had paid this. That a Sheriff's department in Dickson, Tennessee had just paid it to unlock like, you know, 70 plus thousand case files. And I was like, "Yeah, a lot…"

ROBERT: Oh, so these crooks go after police departments?

ALINA SIMONE: They've gone after governments, universities, corporations…

ROBERT: Oh wow…

ALINA SIMONE: Police departments.

ROBERT: And did the question ever come up in your mind like, "Why my mom?"

ALINA SIMONE: No, not at all. Because like a million people in the US have been infected with crypto…

ROBERT: Really?

JAD: With this very thing?

ALINA SIMONE: Yes.

[MUSIC IN] 

JAD: Anyhow. Next day, less than six hours left, Inna says to Alina, "Please go to this ATM so we can just be done with this whole thing."

INNA: You can cut it later, but I can tell you that in the morning she said, "I have a date for my granddaughter date. To play…”

ALINA SIMONE: Play date.

INNA: "I won't be able to do it until 12 o'clock." And I called again. I said, "Are you crazy? I don't have time."

ALINA SIMONE: So I go out to Greenpoint, to this ATM. And, you know, I just want to add that…

INNA: But you had your play date.

ALINA SIMONE: Well, I canceled my play…[laughter]

INNA: No, you didn't! I called you. You shorten it. You might get a little bit ...

ALINA SIMONE: Right. Okay, so I short – I cut my play date short. Sorry. Forgot that crucial detail. [laughter] And I go out to Greenpoint and they have an ATM, and I'm…

ROBERT: I'm just worried that there's going to be 57 people all lined up at this single ATM that you're…

ALINA SIMONE: There were totally not 57 people. I mean, most people do take care of this remotely. Like there was no one at this ATM. I mean, what was funny about the ATM is like I'm expecting like, "Yeah, I've been to an ATM, like I have a Capital One account. I know what an ATM is." You know, but this was on like, the second floor of a work share space in Brooklyn. It was like in the hallway there was like a bike hanging from a wall, kind of blocking it. And there was like a paper sign, taped to the wall, that just had a printout from the computer that just said, “bitcoin atm,” all lower case letters and an arrow to this phone booth! [laughter]

It looked very Soviet. Like if you've seen photos of those phones with no buttons and there's just a receiver? And it's totally scary...

JAD: Like the red line?

ALINA SIMONE: Yeah, yeah. Like you just pick it up and like somebody is always on the other line, or something. It was like that. It was just this box with a screen and no buttons and a camera eye.

ROBERT: Oh my god!

ALINA SIMONE: And what you do is you hold up your QVC code. Is that what they're called? QVC? What are they called?

UNIDENTIFIED SPEAKER: QRC.

ALINA SIMONE: QRC? QRC?

JAD: The barcode thingy?

ALINA SIMONE: Yeah. Yeah, it's like a barcode. So there's this QRC code and my mom had emailed it to me and was like, "You need to print this out and this is – this essentially gives you access to my account, to top it off," you know? And so I put this QRC code up to the camera eye it kind of went, "Bloop!" And then it was like, "We are accessing your account." And then I got a spiny wheel.

JAD: You got the wheel of death?

ALINA SIMONE: Yes!

JAD: No!

ALINA SIMONE: Ugh, spiny wheel!

[MUSIC IN] 

JAD: Alina starts frantically dialing her mom, the guys at coincafe.

ALINA SIMONE: I called, you know. I left like three phone messages…

INNA: And I, I left five.

ALINA SIMONE: So, finally, they called me back, like 20 minutes later. Said, "Okay, we're sending a technician over to fix the machine," which was very cool. I didn't think that would happen. And so, you know, the technician was there and he fixed the machine and he helps me deposit these 25 dollars. And then, you know, we started talking and he was like, "Yeah, you know ..." He knew my mom because, you know, he'd been talking to her on the phone, he's like, "I feel so bad for your mom. We've been getting so many of these cases." And I'm like, "Why are you, why…”

JAD: "You're getting a lot of these cases?"

ALINA SIMONE: Yeah. I was like, "Why are you guys getting so – why is everyone coming to you?" And he's like, "Oh, I know why. Because in the ransom note, they give a list of preferred vendors, and we are number one…"

[MUSIC OUT]

JAD: Or two.

MIKE HOATS: What [beep] the introduction. What a bad introduction to Bitcoin. Like, "We're going to hold you ransom for all your information until you use this new currency to pay us off." I mean, that's so terrible.

JAD: This is Mike Hoats and John Ha. They are the co-owners of coincafe.

JOHN HA: I had, a few weeks back, a grandmother who was in tears. She was going to lose all of her family photos because the deadline was coming up. You know, crying on the phone to me and it – God! It felt horrible.

JAD: Now, clearly, people who sell Bitcoin just believe that there should be a digital currency that is decentralized, that doesn't rely on the banks. But unfortunately it has become the currency of choice for ransom. [laughter] And so they're in this weird position.

WILL WHEELER: So it's a tricky thing because like I can't sell Bitcoin to someone who I know is going to do something illegal with it. Right?

JAD: That's Will Wheeler who runs a Bitcoin exchange called expresscoin and he says he and the other exchangers are really worried right now that if they keep helping the little guys pay the ransom, in order to get their files back, they are in effect making themselves accessories to a crime.

WILL WHEELER: I finally got a call back from a FinCEN, which is the federal authority for Financial Crimes Enforcement Network. They said that we could perceive paying a ransom as unlawful activity and so they might choose to use that against the company who helps out. Right? And, likely, until we get a straight answer from FinCEN, we'll take the overly cautious approach and start declining these transactions.

ROBERT: Even though, in your heart, you want to help? 

WILL WHEELER: Well, yeah. I mean, do I want to risk being indicted for helping you get your travel receipts reimbursed from your company? And I mean, to me the answer is no.

[MUSIC IN]

JAD: In any case, after Alina deposits the extra 25 bucks in her mom's Bitcoin account, Inna, the mom, goes online.

INNA: Then I clicked and it was gone. But then...

[MUSIC OUT] 

JAD: About an hour later.

INNA: I went to my computer and there was another message. That, "You are late."

JAD: No!

INNA: It turns out that I was two and a half hours late. "You have to pay 1,300 dollars, roughly." : I did not have anybody to turn to.

JAD: So she went to that same website where you can write them a message.

INNA: I wrote them that I was late, but I mentioned the snowstorm, the Thanksgiving, which they probably were not aware of. And, of course, the wonderful US Mail service. I said that I tried and I was only two hours late. And then, all of a sudden, I am getting the message, "You paid in full," without any explanation. Nothing. "You paid." That's it. And I got all my files back.

[MUSIC IN]

ROBERT: Whoa. Do you think that they took pity on her?

JAD: Maybe.

INNA: I felt that it's over. Finally, it's really over.

ROBERT: It does make you wonder like, who these people are?

JAD: We have a story about that up next.

[MUSIC OUT] 

JAD: Hey, I'm Jad Abumrad.

ROBERT: I'm Robert Krulwich.

JAD: This is Radiolab.

ROBERT: So here's the next obvious question, who did this to Inna? Like do we know anything about them?

JAD: When we put that question to Joseph Menn, investigative reporter for Reuters, he's done a ton of work in this area. And his hunch was that Inna's right.

 JOSEPH MENN: We're talking people, Russian-speaking folks, by and large…

JAD: He wrote a book called Fatal System Error, which is sort of a deep dive into the Russian hacking scene. And much of it, as you'd expect, you know, young guys…

JOSEPH MENN: Early 20s.

JAD: Kind of grubby…

JOSEPH MENN: By and large, they do not live a lavish lifestyle. There are guys at the top of these criminal organizations that are very flashy.

[MUSIC IN]

JOSEPH MENN: They are like, sort of pop icons, some of them, in the same way that rap stars are in the US. There's a hacker magazine, which you know, has – has guys with their sports cars and the supermodels, and whatever, you know, buying bottle service at discos at three in the morning.

ROBERT: Those are the guys who will hire the 20 year olds?

JOSEPH MENN: They hire the 20 year olds who are their franchises.

JAD: And he says the 20 year old grunts work at office parks.

[MUSIC OUT]

JOSEPH MENN: Yeah. It's like a call center type of atmosphere.

KELSEY PADGETT: So I – is there like you know...

JAD: That's producer Kelsey Padgett.

KELSEY PADGETT: Ivan in a cubicle at his computer, bored. He has a meeting later with Judy in HR and he's mad about it. Is that the kind of like, environment that these people are in?

JOSEPH MENN: I – for the most part, I think so, yes.

[MUSIC IN]

JAD: The larger point is that it's not just like your lone-wolf, pimply faced hacker anymore. Cyber-crime is now super organized. It is often corporate. It is big business. And the whole sort of economy seems to revolve around these secret sites where people come together to buy and sell things like that ransomware from our last story.

JOSEPH MENN: They're these underground web forums and there's a variety. Some are available – you can reach you on the open internet. The more impressive ones are password-protected. You know, you have to know somebody to get in. The really, really fancy ones, you have to have a couple of people vouch for you.

DINA TEMPLE-RASTON: You actually have to apply with your resume, your hacker's resume. "Here are the things I can bring. These are the kinds of hacking exploits that I've had and therefore I should be part of your exclusive club."

[MUSIC OUT]

JAD: That's Dina Temple-Raston, NPR cyber-crime correspondent. She's been tracking the government's attempts to shut down some of these sites, which she describes as…

DINA TEMPLE-RASTON: Sort of a hacker's black market bazaar. So let's say someone is looking for a bunch of credit card numbers that have been stolen. You can get it there.

JOSEPH MENN: There's – at one price if they're MasterCard Gold, and another price for a higher-level credit, whatever.

DINA TEMPLE-RASTON: Let's say you wanted to know about a boss, or an employee, or a girlfriend…

JAD: You can get this piece of software that allows you to turn on their phone at any time.

DINA TEMPLE-RASTON: You could basically eavesdrop on them because you're in their pocket. And for 300 dollars a month you would actually get customer service.

JOSEPH MENN: And the prices actually keep coming down. It's a very, very evolved, fluid marketplace. There's feedback and there's escrow.

ROBERT: There are feedback forums? Come on! I…

JOSEPH MENN: Absolutely.

ROBERT: That thief was not really – there was – like didn't do the thief – the robbery right? 

JOSEPH MENN: Absolutely. Particularly for something – you'll see it a lot for freshness of credit cards, because, you know, it's easy to say, "Here are 10000 credit card numbers," but if they're credit card numbers had been out for awhile, and get declined to everybody, you've just wasted your money. And these people are called “Rippers” as in, “they're ripping you off.” And they will get banned from the forum.

JAD: Wow. So it's reputational, just like everywhere else?

JOSEPH MENN: Yeah. And it's as good as eBay. If you feel safe doing business on eBay, there's no reason you shouldn't feel safe doing business with the criminals.

JAD: Now, all of this to me, frankly, felt like just a sexy hacker talk until a couple of months ago, Dina started telling us about this one particular site. Actually, the biggest of these kinds of sites that's out there. It's called Darkode.

DINA TEMPLE-RASTON: Yeah. The way it has been described by law enforcement is sort of an amazon.com for hackers.

JAD: Actually, here's specifically how US Attorney David Hickton described it to her in an interview.

DAVID HICKTON: Darkode is the largest English-speaking criminal cyber-crime forum in the world.

DINA TEMPLE-RASTON: And one of the – I think most people know Silk Road and they know, for example, you could get a contract hit on – from Silk Road, and drugs, and guns, and everything else. So would it be right for me to say that this was sort of a Silk Road for hackers?

DAVID HICKTON: Yeah, I wouldn't want to draw that direct comparison. I think it's probably accurate. I would say that all measure of cyber crime that you see and watch around the world was in some form or fashion connected to it.

[MUSIC IN]

JAD: So we got really interested in this world of this site, Darkode, and the people in it. And so, with Dina, we started calling around trying to find anyone that would talk. And after weeks of searching and calling and lawyering, we found a guy who agreed to go on the record.

DANIEL PLACEK: My name is Daniel Placek and I am a reformed hacker.

[MUSIC OUT]

JAD: As far as we know, Dan has never talked about this publicly.

DINA TEMPLE-RASTON: So how did you get involved with Darkode?

DANIEL PLACEK: Well, I was one of the people who created it. A very long time ago.

[MUSIC IN]

JAD: Daniel's story begins not in Russia, but in Milwaukee.

DANIEL PLACEK: Sure. Well let me – let me start with a little bit of context…

JAD: Small middle-class suburb, right outside of Milwaukee.

ROBERT: Do you have brothers and sisters?

DANIEL PLACEK: Two younger brothers and two younger sisters. Big family.

ROBERT: Did you have to share rooms with them or were you in your own little kingdom?

DANIEL PLACEK: I shared a room with both my brothers, for a lot of years.

JAD: In fact, that sort of plays into the story because he says what he would do, to sort of escape, is go to the basement and play video games.

DANIEL PLACEK: So yes, the stereotypical hacker in his parents' basement. I know – I know. It's quite hilarious.

JAD: Dan says his hacking began, innocently enough, when he would monkey with games like Age of Empires.

DANIEL PLACEK: I’d changed the graphics, changed the artificial intelligence in the game, the way it plays, rework it, create new maps, that type of thing. It was something I enjoyed. And slowly throughout my teenage years that developed into something more. I did not get along well with a lot of my peers in grade and middle school. So I spent a lot more time, you know, on the computer and by myself than I did socially, at least at that age.

JAD: And he says one day he was in a chat room, an internet chat room…

DANIEL PLACEK: It was called Game Search.

JAD: Talking with a bunch of other people about video games.

DANIEL PLACEK: And at some point, along the way…

JAD: He meets this guy.

DANIEL PLACEK: You know, this particular guy was into botnets.

ROBERT: “Oh yes, botnets!" We all cry. Yeah. [laughter] Just remind us of what's going on there.

DANIEL PLACEK: Botnets are malware, viruses installed on computers. And botnets, you know, are the way to centrally control a whole lot of infected computers.

JAD: Just to put this in context for second, because I think this is totally fascinating, Joseph Menn says that this whole botnet situation…

JOSEPH MENN: It started with spam. One of the easiest ways to make money on the internet, back pre-2000, was spam.

ROBERT: Spam as in, “penis extensions” and “I’m in Nairobi and…”

JOSEPH MENN: All that stuff. What happened was that the – in the olden days, most servers, mail servers, acted as open relays.

JAD: Meaning the mail people wouldn't really pay attention to who was sending what. So the spammers would spam with abandon.

JOSEPH MENN: And then spam got to be enough of a problem that the techies of the world…

JAD: Decided, "That's it." They started to block people. Like if they found a guy who they thought was sending too many product emails or whatever, they would block his IP address so that he couldn't send any more mail.

JOSEPH MENN: So what the spammers and their contractors then needed to do was to have a bunch of clean IP addresses. And send spam from that. 

JAD: So what they did, which is totally genius, totally evil, is they hired a bunch of programmers to create a bunch of viruses. Disseminated those viruses across the internet. People would accidentally click or open something, get them onto their, you know, computer, and then suddenly the spammers could now remote control our computers at a distance, for whatever they wanted, for maybe just an hour or two a night, to send out their spam. Because these were clean IP addresses.

[MUSIC OUT]

JOSEPH MENN: Of course, what happened is that once the spammers had these botnets…

JAD: They started thinking…

JOSEPH MENN: "Hey, I could do something else with this." And the next thing that came along was denial of service attacks. You can have all of them try to contact ebay.com at the same time and knock over eBay.

DANIEL PLACEK: This first gentleman that I ran into, he had a botnet of well over a thousand computers, which at the time was amazing to me. You know, by today's standards, a thousand for a botnet is nothing.

JAD: Now they can get up into the millions.

DANIEL PLACEK: But back then it was quite incredible to me and…

JAD: Cus he says he was in this chat room, this guy was there, and this guy would get into fights with people. And anytime he did, he'd point his 1000 computer drone army at that enemy and…

DANIEL PLACEK: "F you man, I'm going to knock your internet offline. There's nothing you can do about it." You know, if it was something in a game, he could knock the game server that they were playing on offline. You know, stop their game, things like that. Yeah.

ROBERT: It's like he can take away your ball back in 1935.

JAD: Yes!...

DANIEL PLACEK: That is exactly it. Taking away someone else's ball over the internet.

ROBERT: So this, for some reason, intrigued you?

DANIEL PLACEK: Yes. It was amazing to me. I'm like, "You have control of a thousand computers? Wow!"

[MUSIC IN]

DANIEL PLACEK: You know, how did you do this? You know, I – at the time, I had never heard of botnets. I didn't know about any of this stuff. Like, How did you get the software to do this? How did you get it onto all these computers?

DINA TEMPLE-RASTON: And he was quite happy to tell you all that?

DANIEL PLACEK: Oh, he certainly was. This particular gentleman had a very large ego.

DINA TEMPLE-RASTON: And did you see him as a bad guy?

DANIEL PLACEK: To be honest, I think at that age, I didn't really think about it that deeply. It's the internet. It's a lot harder to kind of quantify right and wrong there. I mean, now, I mean, it's easy to look back at that and say, "Yeah, this is wrong." But it's not like going up to someone and punching them in the face. There's no human connection there. You don't see these people or feel these people.

[MUSIC OUT]

JAD: He says at the time it was just sheer curiosity. So he says he asks this Pied Piper guy to send him some of the bot software that made the botnet go.

DANIEL PLACEK: And that really intrigued me. You know, digging through the source code, trying to understand what does this thing doing, how does it work, how does it tick?

JAD: This guy, was he a good coder?

ROBERT: Like is he good at it?

DANIEL PLACEK: Was he good at it? 

ROBERT: Yeah.

DANIEL PLACEK: No.

ROBERT: No…

DANIEL PLACEK: No. [laughter] I would – you know, in hindsight now, you know, he's what I would classify as a script kitty. You know, someone who…

ROBERT: Yeah!...

DINA TEMPLE-RASTON: Ooh. Script kitty!...[laughter]

ROBERT: I don't know what that is, but it's a whole new curse word.

JAD: Sounds awful…

DANIEL PLACEK: Script kitty. So a script kitty is someone who has just enough technical ability to kind of take some tools and software that other people have created and just use them.

[MUSIC IN]

JAD: Yeah. To fast forward, as Dan went the opposite direction of the script kitties and got better and better and started making these botnets that could literally spy on people as they were using their computers…

DANIEL PLACEK: Interesting to see all the porn that people are watching, that type of thing. [laughter]

JAD: He says he found himself in another chat room.

DANIEL PLACEK: That was called BOTTALK.

JAD: It's the kind of place where hackers swap tips, brag.

DANIEL PLACEK: Like, "Hey, look what I did. I defaced this website, take a look.”

JAD: And he says one day he was talking with a coder friend of his, guy named Zerdo. 

DANIEL PLACEK: We were talking and, "Why don't we set up a community where we can really filter who gets to join? And don't let all these script kitties and idiots in." I actually chose the name. I came up with that nice lame name. [laughs] And…

DINA TEMPLE-RASTON: I actually think it's pretty good…

JAD: It’s kind of a cool name…

ROBERT: What's the name again?...

JAD: Darkode.

ROBERT: Darkode.

DANIEL PLACEK: With a K.

JAD: It's like D-A-R-K-O-D-E, I think. Right? 

DANIEL PLACEK: It seemed cooler with the K.

JAD: Yeah.

DANIEL PLACEK: So we chose the name and started getting the site set up.

JAD: The rules were it would be invite-only.

DANIEL PLACEK: So you had to have an invite.

JAD: And each new person would be required to demonstrate their skill.

DANIEL PLACEK: You know, here's a piece of software that I created…

JAD: Or, here's a video of my botnet in action.

DANIEL PLACEK: And at some points, not too long after it was created, it was decided for one reason or another that you know, hey, we got all these programmers on here, that's great. But, you know, they also want to be able to sell some of the stuff they're making. So let's invite some people who would be willing to buy some of this stuff.

ROBERT: This now begins to sound like a fair. You say, "Oh, I have a burglar's tool. Do you have a door you want a burgle?" And then you're like, "I'll rent you my tool."

DANIEL PLACEK: That's a simplification, but yeah.  People would post and say, "I am looking to buy X," or "Here's this piece of software I created. Here's all the things it does, here's some screenshots of it in action. And here's the price." Could be a certain type of botnet software. It could be buying a botnet itself. You know, if you don't want to build one yourself, you want to buy one that somebody else already created and has going.

ROBERT: You mean, "I can get you onto 200,000 or 20,000 computers. Just give me a check?"

DANIEL PLACEK: Yeah. What they called them were “installs.”

JAD: Installs.

DANIEL PLACEK: You know, "Hey guys, I've got installs and they're 10 dollars per 1,000," something like that.

JAD: Wow.

[MUSIC IN]

JAD: Now, this is something that's sort of surprising to us, that when it comes to botnets, that there's this whole rental market that's frighteningly affordable.

KELLY JACKSON HIGGINS: Yeah, it's bargain basement.

JAD: In fact, we were talking with one reporter, Kelly Jackson Higgins, who's the executive editor of darkreading.com which is a cyber security news site. And she told us…

KELLY JACKSON HIGGINS: You know, you can actually rent a botnet if you really wanted to. You could rent a botnet for one hour for about 38 dollars a month…

JAD: What?!

KELLY JACKSON HIGGINS: And, in some cases, as low as 20  – yes – as low as 20 dollars a month. So it…

JAD: I can rent a botnet for 20 bucks a month?

KELLY JACKSON HIGGINS: You could. It's like renting space, "Here, you want to use this to go do damage somewhere, or you want to make a statement, or you have some plan for it? Do you want to send some spam? Here you go."

DANIEL PLACEK: You could go online right now and probably find somewhere out there on the net, somebody who will sell you access to computers for cents apiece.

JAD: And these are like people's computers, like your computer, my computer. And Dan says as Darkode got bigger and bigger, he began to see more of this kind of activity on the site. Like some guy would have a botnet of 5,000 computers. Another guy would have some software, like, the ransomware. Software guy would then rent the botnet from guy one, install his ransomware, ransom these poor people, then move on.

DANIEL PLACEK: You know, some of the people were doing some pretty unpleasant things. You know, moving more into the kind of financial crimes territory, which is something that I really never had a desire to be involved in.

[MUSIC OUT]

JAD: And it was largely because of that, he says, that in 2009 he decided to get out. But, unfortunately, the next year...

DANIEL PLACEK: I got a lovely visit from the FBI. They promptly ...

JAD: Was it like a, “kick down in your door” type situation?

DANIEL PLACEK: They knocked, they knocked. [laughter] So it was...

JAD: Okay. What was that like?

DANIEL PLACEK: Pretty terrifying, you know. What's – what’s going to happen to me? What's going to happen next?

JAD: And what did happen next?

DANIEL PLACEK: I don't know how much of that I can talk about, but I did cooperate with the government, and I have cooperated with them for the last, you know, five plus years now. It was a kick in the butts. You know, my parents kind of kicked me out. Not – not kicked me out but assisted me with a rapid move out. [laughter] And I've been living on my own since then and became gainfully employed. Had a few jobs, became a little bit more, more serious with my then-girlfriend, who is now my wife. So, you know, it's given me an opportunity over the last five years to really make some serious changes to my life.

[MUSIC IN]

JAD: Meanwhile, over the same five years, Darkode grew into this massive cyber criminal swap meet, where tens of thousands of stolen Social Security numbers were bought and sold. Huge databases of personal information and emails were bought and sold. Malware and software of various kinds are bought and sold. And this continued, according to Dina Temple-Raston, right up into July 15 of this year, July 15, 2015.

[MUSIC OUT]

[ARCHIVE CLIP, David Hickton: Today marks a milestone in our efforts to bring to justice some of the most significant cyber criminals in the world.]

DINA TEMPLE-RASTON: What ended up happening on July 15 is that the FBI had actually got into Darkode with a number of intelligence services from around the world. And they had an 18 month investigation in which they took down, in the end, 28 people.

[ARCHIVE CLIP, David Hickton: The FBI has effectively smashed the hornets' nest and we are in the process of rounding up and charging the hornets.]

DINA TEMPLE-RASTON: But here's – here’s what's amazing, right? So they take down more than two dozen people. Two weeks later, Darkode is up again.

[MUSIC IN]

JAD: It just popped back up?

DINA TEMPLE-RASTON: Just popped back up.

ROBERT: Our deep gratitude to NPR’s Dina Temple-Raston, who's reporting really got us going on this whole project.

JAD: Yeah. Props to Kelsey Padgett, who produced our first segment.

ROBERT: Andy Mills who produced our second segment.

JAD: Thanks also to Andrew Zolli, Michael Shamos…

ROBERT: Gunther Omen…

JAD: Lynn Levy…

ROBERT: Kathy Roter…

JAD: Also, Kathy Tu.

ROBERT: Don't forget attorney David Bacard.

JAD: And the whole crew at the Microsoft Cyber Crimes Unit. And to you Robert, thank you to you.

ROBERT: Why? Why me?

JAD: Because you're part of my botnet.

ROBERT: Because [laughs]...

JAD: I'm Jad Abumrad.

ROBERT: And I'm Robert Krulwich.

JAD: Thanks for listening.

[MICHELLE: Hello, this is Michelle from Kaka'ako, Hawai’i. Radiolab is supported in part by the Alfred P. Sloan Foundation, enhancing public understanding of science and technology in the modern world. More information about Sloan at www.sloan.org. Mahalo!]

[JAD: Science reporting on Radiolab is supported in part by Science Sandbox, a Simons Foundation initiative dedicated to engaging everyone with the process of science.]

[UNIDENTIFIED VOICE: Radiolab was created by Jad Abumrad and is edited by Soren Wheeler. Lulu Miller and Latif Nasser are our co-hosts. Suzie Lechtenberg is our executive producer. Dylan Keefe is our director of sound design. Our staff includes: Simon Adler, Jeremy Bloom, Becca Bressler, Rachael Cusick, W. Harry Fortuna, David Gebel, Maria Paz Gutiérrez, Sindhu Gnanasambandan, Matt Kielty, Annie McEwen, Alex Neason, Sarah Qari, Arianne Wack, Pat Walters and Molly Webster. With help from Tayna Chawla, Shima Oliaee, Sarah Sandbach and Candace Wang. Our fact-checkers are Diane Kelly and Emily Krieger.]

[MUSIC OUT] 

-30-

Copyright © 2021 New York Public Radio. All rights reserved. Visit our website terms of use at www.wnyc.org for further information.

New York Public Radio transcripts are created on a rush deadline, often by contractors. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of programming is the audio record.