Todays Guest :Brett Johnson

Introduction :Keynote Speaker and Consultant on Cybersecurity, Cybercrime, and identity Theft.

Website : AnglerPhish.com

Satish: You’re listening to the Digital Identity Show. This is hosted by Satish KARRY and today, on our show I have Brett Johnson. He is a cyber security, cyber crime, fraud and identity theft expert.He is a keynote speaker at quite a few of the fraud conferences. If you have been to the conferences , I’m sure you’ve already heard about him. Hey Brett, welcome to the show.

Brett: Hey, thank you for having me. I appreciate it.

Satish: Yeah. Who is Brett Johnson?

Brett: I’m not sure it’s that simple. Who is Brett Johnson? Well formerly, I was a United States most wanted cyber criminal. I committed 39 felony crimes, ended up on the United States most wanted list. I escaped from prison. I guess I’m most notorious for creating the first organized cyber crime community. It was called Shadow Crew. It was a precursor to today’s darknet and darknet markets, and it laid the foundation for the way modern cyber crime channels still operate today. That was in my past, of course.
Now, today, I work with the good guys. A lot of people refer to me as the digital, catch-me-if-you-can gentleman, these days. I work with law enforcement, consumer groups, merchants, Fortune 50, Fortune 500 companies. I speak all over the planet, and basically I use the knowledge that I gained as a criminal, to help keep people safe from the type of person that I used to be.

Satish: Oh, wow. very interesting. Looks like a very exciting life. I’m sure it must have been tough and challenging too, but I’m glad that you’re on the show and you know, you get to see, I’m sure you are in touch with a lot of the cyber crime that’s happening around the world, keeping track of it. I think identity theft is one of the most prominent ones these days with a lot of digital transactions happening. Is that so, and what is really identity theft?

Brett: You’re absolutely right. Most of the… so if you look at a breach or an attack, 92% of every single attack begins with a phishing attempt. And of those phishing attempts, what they’re mostly looking for a lot of the time is PII, personal identification information. So you’re looking at stealing someone’s identity in order to profit from that person. When I say steal identity, it could be either identification numbers, like if you’re in United States, it’s a social security number. If you’re in Canada, it’s the social insurance number, whatever number identifies you with the government. Not only that, but the credit report, any type of identifying information that’s associated with that person, that a criminal could use to profit. That’s really what identity theft is. So it can be bank logins, credit card numbers, it can be merchant account logins, anything that would identify you within a specific type of system that a criminal could use that means of identification, to profit.

Satish: Okay. How did you get into this space, right? So there’s a transformation from being on the other side to the place where, “Okay, I have enough information, there’s a lot of good I can do.” And how did that transformation happen? Give us a little bit of an insight and what is really driving that.

Brett: Sure. So the transformation for me happened… I was arrested in 2005 by the Secret Service, the United States Secret Service. At that point, they gave me a job working for them. Actually I was consulting and helping them understand how cyber crime operated and also targeting individuals for them. While I worked with the Secret Service, I continued to break the law. Finally, after a year of working for them, I went on a cross-country crime spree, ended up on the United States most wanted list in prison, after that. Now, while in prison is where I actually started to accept my responsibility. Before that, I had always blamed my crime on other people. I’d said that I committed crime to help support my family or my sister or my wife, stuff like that. It took about two and a half years in prison for me to realize that no, I committed crime because I chose to.

Brett: I chose to victimize all those people to steal all that money. That was my choice to do that. No one made me do that. So, coming to that realization, you really… I mean for me, I could not really go back to that. So I got out in 2011. I was fortunate enough my wife, she ended up finding me. So I credit my wife, my sister, and the Federal Bureau of Investigation as the three real entities that turned me around, that turned me from a life of crime into this legal citizen today. I’m very grateful, very thankful for that. But that’s really the transformation there. Now I’m a… now I speak all over the planet. I consult with all these groups and companies and it’s a good life. It’s a life that I never thought that I would have and I’m not sure I deserve the life, but I’m very grateful for it.

Satish: Oh, it’s a very good story and it’s realistic and you’re right here. I think that that’s a very good combination. I’m glad that I have you on my show.

Brett: Thank you.

Satish: As we speak through it, what are the latest trends you’ve been seeing in the last six months or so? What has really caught your attention?

Brett: Sure. So, what’s interesting about cyber crime is there really is nothing new. So you go through these cycles of things over and over again. For example, when I was committing crime in the mid-2000’s, one of the big crimes that was going on at that point was gift card fraud. So we’re seeing right now this resurgence of gift card fraud, all of a sudden. We’re seeing a lot of account takeovers. Back then we called them COB’s for change of billing. Sometime over the past 10 or 15 years that’s changed to ATO for account takeover. But we see a lot of ATO stuff. We still see phishing is very prevalent. We’re seeing more of this transition of committing crime. If you look at why cyber crime is committed, there’s three reasons. It’s either committed for cash, status, or ideology. Typically, over 99% of the time it’s for cash.

People are trying to steal money. We’re staring to see, we’re starting to see this transition of cyber crime committed for cash over the cyber crime for ideology. If you look at the  Petya attack that happened. That’s an ideological attach that, it was one country, Russia basically targeting another country, Ukraine. And of course it got outside of the Ukraine’s boundaries. It hit Maersk, it hit a couple of pharmaceutical companies that have not been publicized yet. As we see more, and cyber crime continues to develop, we’re going to continue to see that shift from monetary over to ideology because now people are starting to understand that yes, cash is important, but it’s nowhere near as important or damaging as an attack due to ideology.

Satish: That sounds very interesting. I think that not only puts… it puts a lot of responsibility on the InfoSec team to really handle that. Right? So you’re not just looking at cash, you’re just looking at a much more larger organization and it’s organized and, I think the defense mechanisms have to build up or gear up for that kind of an attack. So thanks a lot, Brett, appreciate you being on the call and being on the show and hopefully we can get you back soon. Thanks a lot for your time.

Brett: I’ll look forward to it. Thank you so much. And you have a pleasant day.

Satish: Thank you.