Scarcely anybody online is doing the bare minimum necessary to protect themselves from cybercrime, says a notorious convicted cybercriminal.
Brett Johnson was a founding member of ShadowCrew, an early 2000s forum that was the forerunner of much of today’s cybercrime structure, innovating both how online criminals network with each other and how they carry out scams and other computer crimes.
“I was the ‘Catch Me If You Can’ guy for the internet age,” Johnson said, referencing the book and film about a prolific con artist.
In 2004, federal agents — who referred to Johnson as “the godfather of the Dark Web” — infiltrated ShadowCrew, leading to the arrests of most of its leaders, including Johnson, who was convicted of 39 felony charges and served more than seven years in federal prison. Upon his release, Johnson became an adviser for law enforcement and businesses in understanding and defending against his one-time fellow criminals.
Johnson, who will speak at an in-person AARP Hawaii workshop at the Hilo Hawaiian Hotel on Friday, said that cybercrime has evolved since his years in the underworld, but added that much of the underlying psychology criminals prey upon remains the same.
“Most hackers or scammers aren’t trying to get you, specifically,” Johnson said. “They’re trying to get money.”
Therefore, he said, just by enacting very simple precautions, a person can convince criminals that it is a better value proposition to target somebody else.
“In ShadowCrew, you had to know everything,” Johnson said. “Now, they don’t have to understand everything, people use tutorials or off-the-shelf software. Because of this, the numbers have exploded … but 98% of these criminals are not sophisticated, is just that products are being made that allow them to do sophisticated things.”
Johnson pointed to three vital, yet extremely simple tools to protect financial data from infiltration: password managers that allow users to easily maintain unique, secure passwords for multiple platforms; account monitoring systems to ensure that accounts are not accessed or changed without the user’s knowledge; and credit freezes that prevent additional credit accounts from being opened in a user’s name.
“A lot of people don’t do any kind of security, so you really don’t have to do that much to make it harder for them to target you,” Johnson said, adding that 41% of internet routers still use their default administrative password.
Beyond those three tools, Johnson recommended maintaining situational awareness while accessing the internet.
“You know when you’re in a bad neighborhood in real life, so you have to be aware of when you’re in a bad environment online,” Johnson said. “You have to know what information you’re sharing online, and with who … you don’t need to be paranoid, you just need to be able to verify what you’re doing.”
As one of Johnson’s clients is AARP, he said that elderly people are often more easily targeted because they are less tech savvy, but added that millennials have become the age demographic most vulnerable to cybercrime. Johnson said he suspects that millennials have developed a general apathy toward computer crime because of the pervasiveness of technology and its exploitation in everyday life.
“A lot of people don’t understand this technology, and yet they tend to trust it anyway,” Johnson said, adding that the mass media characterization of cybercriminals as “untouchable, ghost-in-the-machine hackers” doesn’t help.
But even though cybercriminals are not as implacable as they’re depicted on film, Johnson said people cannot count on law enforcement to stop them.
“If you’re a victim of these people, you’re never getting that money back,” Johnson said. “If you’re waiting for police to catch them and get what they took, it won’t happen … for ShadowCrew, I was the guy running everything, so eventually, sure, they catch the top guys, but there’s a lot of little guys they’ll never find.”
Johnson’s in-person workshop at the Hilo Hawaiian Hotel will take place Friday at 9 a.m. Attendees can register for the event at aarp.cvent.com/HIFraud. A livestreamed event will also take place at 9 a.m. Saturday at facebook.com/AARPHawaii.
Email Michael Brestovansky at mbrestovansky@hawaiitribune-herald.com.