Declassified Untold Stories of American Spies_8of8_Operation Firewall The Takedown of Shadowcrew
Category
📺
TVTranscript
00:00Tonight, the Information Superhighway, an online network called Internet.
00:10Back in the early 2000s, the Internet was the wild, wild west.
00:15Nothing had happened up until that point that says, oh, you better be aware what you're
00:19doing on the Internet.
00:23We saw the emergence of these websites where individuals could go to commit credit card
00:30theft, counterfeit identity documents.
00:33This is the 21st century's version of burglary.
00:38You can buy anything that is stolen at bottom dollar prices, and that money could be for
00:43terrorist financing, child exploitation, human trafficking.
00:47There's no way to know.
00:49It was a criminal world, completely unknown to all law enforcement.
00:56As a former FBI agent and chairman of the House Intelligence Committee, I had oversight
01:00of all 16 of our nation's intelligence agencies.
01:04My name is Mike Rogers.
01:07I had access to classified information gathered by our operatives, people who risked everything
01:13for the United States and our families.
01:16You don't know their faces or their names.
01:18You don't know the real stories from the people who lived the fear and the pressure
01:23until now.
01:34The Secret Service is the oldest law enforcement agency that exists.
01:40The first thing that comes to mind is the guys in the sunglasses and dark suits around
01:45the president, the vice president.
01:47And that's what the Secret Service is known for.
01:49What a lot of people don't know is that the organization was founded in 1865.
01:54It was one of the last acts done by President Lincoln.
01:58And it was established to combat counterfeiting of U.S. currency.
02:03Not until 1901 did the Secret Service have protective responsibilities, so that was some
02:0835 years later.
02:10Before 9-11, the main focus was protection, counterfeit currency, and it was traditional
02:15bank fraud.
02:17Things like where someone goes into a store and uses a card that's not theirs, things
02:20like check fraud.
02:22But in 2001, 2002, we started to notice that bank fraud was occurring in a different way.
02:28We noticed people were doing it more and more online.
02:32But there were no internet cops.
02:33These criminal enterprises were not on our radar at all.
02:38The global criminal economy that was being created, law enforcement in general was unprepared
02:42for it.
02:43There was a shift in how crime was committed, and it was entirely new to us.
02:53This case started in 2003 when I got transferred from the counterfeit squad to the fraud squad.
02:57And there were four cases on my desk when I got there.
03:00There was one case with a series of ATM photos of an individual who was taking hundreds of
03:05thousands of dollars out of ATMs in the New York City, New Jersey area.
03:14The point of him taking out that much cash that quickly, it bothered me that someone
03:20was doing this.
03:21And it was something on a scale that had never been seen before, where someone could take
03:25out $50,000, $60,000 from one ATM at one pop.
03:29His face annoyed me.
03:30It was like a smug look.
03:34So at that time, I basically took that folder and started at the beginning of an investigation
03:39where you are just cold calling banks and saying, are you seeing what we're seeing?
03:45So then banks start sending in photos and videos of the same person with the same haircut
03:50walking into an ATM vestibule.
03:53Multiple victims, multiple banks across the New York, New Jersey area.
03:58That face.
04:02We later found out that he would order white plastic online.
04:06And white plastic is just sort of like a hotel key that you can encode debit card information
04:12onto with a magnetic strip, that black strip that goes across the back.
04:17So with one swipe of some downloaded software and a little device, you can take hacked data,
04:23would be re-encoded on that white plastic, and then use them in an ATM.
04:29He would walk in anywhere between 30, 40, 50 different pieces of white plastic.
04:34Some would work, some wouldn't.
04:37He would often do this late at night, not only to hopefully not get caught, but also
04:42because after midnight, the new limits would go into effect for each card and for the ATM.
04:50Our goal was hoping we would find a pattern and we would do surveillance on those ATM
04:54machines and then hopefully grab him that way.
04:58He was very good about not using the same one twice and about randomizing how we went
05:03about it.
05:05The only thing we knew was the picture and the videos that we had from those ATM vestibules.
05:11So we became extremely frustrated because we had zero other leads for months.
05:21But no matter how smart someone is, arrogance always comes with it.
05:25No matter how good you are, you will eventually slip.
05:30So we waited, and one day we got a call from NYPD who said, I think they have your guy.
05:37An individual had just been arrested using a New York ATM machine.
05:43He was dressed very strangely and he was an ATM machine for over 15 or 20 minutes because
05:51of cashing out before the end of the day and at the beginning of the next day.
05:56We were pretty pumped up.
06:00So I sent two agents into New York City, into that precinct to verify whether or not it
06:04was him.
06:05They got a good look at him and called me immediately without even talking to him and
06:09said, this is our guy.
06:11That's when we found out his name was Albert Gonzalez.
06:15When he was in the holding cell is when we finally realized that he was wearing a wig
06:19and he ended up taking it off and handed it over with a smile because he knew that
06:24the one piece of evidence that we were always going to have was an ATM photo.
06:28So we had to have some type of disguise in order to really prevent us from IDing.
06:33Ultimately, we wanted information from him.
06:35We wanted to know how he was doing it because we hadn't really seen it before.
06:39And we wanted to know who he was working with.
06:41There was no way he was doing this alone.
06:44The agents attempted to talk to Albert Gonzalez and to see whether or not he was going to
06:48cooperate.
06:49At that point in time, the answer was emphatically no.
06:54So we left.
06:58Time was on our side with him.
06:59When you look at someone who is pretty thin, seems like more of a white collar type criminal,
07:06seems scared, the best thing you can do is to leave them there and let them get mixed
07:11in with some of those more hardened criminals.
07:14Albert was a drug user.
07:15He was a very frail individual.
07:18He was very scared of going to prison.
07:21So it took 24 hours for him to call us and say, I want to talk.
07:25And the first condition of that conversation had to be that he had to give us permission
07:30to search his apartment.
07:34So he agreed to sign what's called a consent to search.
07:37And we went to Kearney, New Jersey.
07:38It was a studio apartment.
07:41Typically when you do a search warrant, it's not like the movies where you go in and start
07:44ransacking the place.
07:45You want to be pretty methodical about what you do.
07:50The apartment was not well kept.
07:52It was pretty messy.
07:54He had all of the white plastic spread out on a table.
07:59And we found upwards of 30 different computer books, programming, networking, stacked up
08:06in a corner.
08:08The binders were broken and they were highlighted and there were notes in them.
08:13And they saw all these hard drives, keyboards, and the screens that he was using.
08:22We realized that this was something larger than what we had expected.
08:27It dawned on me then that Albert was involved in hacking and this was going to be something
08:33big.
08:35And that's when everything changed.
08:44After Albert Gonzalez was arrested by NYPD for ATM fraud, he gave us permission to search
08:50everything in his apartment.
08:54And we found upwards of 30 different computer books, programming, networking, stacked up
09:00in a corner.
09:02It dawned on me then that Albert was involved in hacking and this was going to be something
09:08big.
09:09And then we found $30,000 in cash in a black box.
09:16A massive amount of ecstasy, ketamine.
09:22Being in a school zone and having that much drugs sometimes doubles the sentencing.
09:27He was looking at 20 years in prison for just what we had in his apartment.
09:32And so he wanted a reduced sentence and we wanted an introduction into his world.
09:40Ultimately, we wanted information from him.
09:42We wanted to know how he was hacking credit card data and we wanted to know who he was
09:46working with.
09:47There was no way he was doing this alone.
09:49And it had to be on the internet because it was too complex.
09:53It really sets a level of intrigue.
09:56What is he doing?
09:57How far is he taking it?
09:58Who is this guy?
10:03For the Secret Service to investigate cases like this, there's a huge risk.
10:09When I started briefing bosses about this, no one was a fan.
10:14Investigations back in the day were street investigations.
10:17You arrested someone in the physical world in person.
10:20Bosses would come by and say, look, there's no criminals in your computer.
10:22Get out on the streets and arrest someone.
10:24It was not a traditional physical world that we were used to.
10:29The Secret Service does not like risk.
10:31Failure is not an option.
10:33It was a complex case.
10:35It was, we're not really sure what you have.
10:37We're not really sure if we're going to support it.
10:40But without risk, there's no reward.
10:43Nobody really knew where this investigation was going to end up, what we were going to
10:46be able to uncover.
10:48And I think that's what intrigued a lot of people to go ahead and take a chance and move
10:52forward with the investigation.
10:56So the bail was dropped and he was turned over to us.
11:01Once I started debriefing him, I wanted to know how he started from his first hacks all
11:08the way up into the day that he was arrested.
11:11Albert was born and raised in Miami.
11:13He learned computers as a kid.
11:14He was self-taught.
11:17His first computer ended up getting malware on it.
11:20It annoyed him.
11:21And his goal was to figure out how it happened and who did it.
11:25And that's how he got into computers.
11:27And over time, Albert became capable of just about anything when it comes to computers,
11:33network intrusions, etc.
11:35We learned that Albert had been involved in intrusions or attempted intrusions into NASA
11:40and to the government of India also.
11:41He was 14 years old at the time.
11:44It became a game to him.
11:48So what we learned through the debriefings with him was that he was conducting criminal
11:53activity through a global criminal website for hacking and fraud with 4,000 members
11:59called Shadow Crew.
12:04This was a completely new criminal enterprise that only operated online.
12:09This was so unique and so new and so unfathomable.
12:16And they were completely anonymous.
12:20So what we learned through the briefings with him is that Shadow Crew was started by
12:23two individuals in the U.S. about a year before Albert Gonzalez's arrest.
12:29Shadow Crew was a global marketplace for online crime.
12:33These hackers are hacking into company systems in order to get access to credit card information
12:39of consumers and sell it.
12:42All of this was completely new.
12:43I mean, we had been investigating hackers.
12:45Most of the time it was solo, lone wolf hackers.
12:48And this was now organized criminal groups online.
12:51This was identity theft on a scale we had never seen.
12:55The Shadow Crew website was a black and blue site.
12:59It said Shadow Crew across the top and underneath it their logo was, for those who like to play
13:03in the shadows.
13:06The webpage had various rows in it that were dedicated to certain forums organized in a
13:11way that you could identify the types of criminals you wanted to interact with.
13:16If you've ever seen the movie Star Wars, when they're looking for someone to fly them somewhere,
13:21they go into this one bar and you have all these funky creatures operating.
13:25That kind of is what these websites are.
13:26You had all these different characters that specialize in all different kinds of financial
13:31crime that were available for hire.
13:33It was an eBay for cybercrime.
13:36The scale, the breadth, the depth, the speed at which it moved just completely wiped out
13:41any type of case that you would have in the physical world of traditional investigation.
13:47Some of the things you could buy were stolen identity documents, stolen credit card information,
13:52a healthcare card, a driver's license, maybe a passport.
13:57Another item was the FULZ, F-U-L-L-Z, which is FULL WALLET.
14:01What they referred to as FULL INFO were not only did you have the card number, but you
14:05had everything about the victim's identity, where they lived, their social security number.
14:11But it wasn't just a one-stop shop for identity theft.
14:15There were tutorials, for instance, about what countries to go to that don't have extradition
14:20treaties.
14:21How to hack with anonymity.
14:22What was shocking to me is the criminals had no shame in posting about their criminal activity
14:27fairly openly.
14:31Information is power.
14:32Information is the new currency.
14:33And you can take any type of information that you can get that you're not supposed to have
14:38and use it against people for blackmail.
14:40You can use it to profit from.
14:42You may be arrested for a crime that you didn't commit.
14:46You don't realize the significance until you become a victim.
14:51Cybercrime was a level now that was almost out of control.
14:55It was a dangerous trend.
15:00Shadow crew needed to be stopped.
15:03Cybercrime was new and evolving.
15:05The Secret Service had to learn how to conduct these investigations.
15:09And so the Secret Service offered Albert a deal that, quite frankly, he couldn't refuse.
15:16If he helped us as an informant, we would help him.
15:20What did you want him to help you do?
15:22Take down shadow crew.
15:32After Albert Gonzalez was arrested, the Secret Service became aware of an international hacking
15:37organization called Shadow Crew.
15:41Never in my wildest dreams did I think that in 2003, 2004, we were going to find one person
15:47in Manhattan who was going to open up an entirely new world for us.
15:53And so we offered Albert a deal that if we got the charges dropped, he would have to
15:59be an informant fighting cybercrime in the federal government's investigation into Shadow
16:05Crew.
16:10When Albert agreed to cooperate and became an informant, the idea was to send him back
16:14in to the Shadow Crew site and introduce a number of us in an undercover capacity so
16:20that we could collect our own intelligence and our own information.
16:24But there were a number of stresses right up front.
16:27One of them being, where were we going to do this?
16:31It's not like he could walk into a Secret Service office and plug in and get a Secret
16:34Service IP address and go log into Shadow Crew, because we knew that Shadow Crew was
16:38blogging IP addresses.
16:39And if he logged in from a government agency, the whole thing would have been blown.
16:44So we had to find a location, one that was anonymous.
16:47It had to have high speed internet.
16:49We had to fill it with servers and computers to be able to record everything that we wanted.
16:54And we had to do this all within a certain period of time because we were worried that
16:58he was going to get found out.
17:01So we chose a location in Jersey City on an old army base, and then I needed help from
17:07other agents.
17:08You want to bring in people that have subject matter expertise, whether it's task force
17:14related, whether it's cyber, whether it's electronic crime.
17:17So I basically went around and recruited five other agents who had different backgrounds,
17:23and we decided to call Operation Firewall.
17:28Firewalls keep people out, and that was really the only term that I knew that was technical
17:34related, and it sounded cool.
17:38We also had a trial attorney assigned to us, and that attorney was Kim Peretti.
17:44In 2003, I was working at the Department of Justice's computer crime section in Washington,
17:49D.C.
17:50Kim had a very challenging job in that she had to take all this information and put it
17:55in a way where we could convince the jury, judges, and others that this case should be
18:00prosecuted.
18:01It was exciting, and it was something that we needed to figure out how to investigate.
18:06It was all new territory.
18:10So in the bunker, there was a large room with computer screens where they were monitoring
18:14the activity on Shadow Crew.
18:17The agents that not only had a visual of the source, but could also see everything that
18:22Albert was typing.
18:26At this point, Albert wasn't communicating that well.
18:30We had taken all of his drugs, we had taken all of his money, and he was going through
18:34withdrawal.
18:36You could see it in his face, you could see it in his weight loss that he was struggling.
18:41So I ended up kind of nursing him along, and he eventually started to think a little more
18:47clearly.
18:48His interaction was more social.
18:51We started to worry about him a little bit less, and I think he learned how to get a
18:55different high in that cat and mouse game that other informants get of being able to
19:01play both sides.
19:04So Albert was guiding us on it.
19:07So we would have conversations and say, let's go do X, and then he would put his brain on
19:12top of it and go, no, we need to go do Y.
19:15That's not going to work for us.
19:17I'm going to get found out.
19:18The whole thing is going to get blown.
19:20He was a good teacher, so we learned from him.
19:23We found that the structure of Shadow Crew is set up like the mafia, of people who are
19:27bosses all the way down to customers.
19:31The highest level role was the administrator.
19:33They were really the CEO, and they were in charge of deciding the strategy of the criminal
19:38organization and also the day-to-day functions of the site.
19:42And then you had about 3,900 users.
19:47So in order to build our case and charge criminals, we had to buy things from those
19:52criminals using the Shadow Crew website.
19:55Albert had a number of screen names, but the main screen name was Kumbajani.
20:00We were using Albert to purchase contraband from other criminals to build charges against
20:06those individuals.
20:07We bought credit cards, passports, driver's licenses, cashier's checks.
20:11But Albert couldn't buy everything, so Albert had to continually introduce new agents in
20:16an undercover capacity and vouch for them to get them on the website.
20:20Were you a member of Shadow Crew?
20:22Yeah.
20:23What was your screen name?
20:25I can't.
20:26I'm not giving up my screen name.
20:28Why can't you tell me?
20:35I don't know.
20:36I can tell you mine.
20:37I won't tell you anyone else's.
20:39Okay, so I was eating one to two chocolate Wendy's Frosties a day.
20:45I think they're around 1,500 calories.
20:47And I looked at my Frosty drink while I was trying to figure out what screen name I was
20:51going to use, and I started calling myself Mr. Frosty.
20:55We were making it up as we went along.
20:58Fake it till you make it.
21:05We started to amass physical evidence.
21:07It was fast and easy to buy stolen goods.
21:11The hard part was, who did we just buy them from?
21:15It's very scary, and what people could do with this information was even scarier.
21:20A criminal can live a completely different life under somebody else's identity and can
21:25do massive heists into financial services companies and other companies.
21:30Just like they could knock down your door and rob you and beat you.
21:34It's just the same in the virtual world, but they don't have to leave their house.
21:40We started to realize that the only way for us to really have an impact was to take over
21:45the website so that we could basically destroy the entire criminal network.
21:51And in this world, admins ran the site.
21:54They were the bosses.
21:56So we needed Albert to get promoted up through the ranks, to become an admin.
22:02His ability to talk to the hacking world and our ability to give him the direction he needed
22:08elevated him very, very quickly through ShadowCrew.
22:14And he ultimately started gaining more authority than other people to the point where
22:19Albert was elected as an admin.
22:25Albert worked his way up the organization to a level that people in ShadowCrew and even
22:33other rival organizations trusted because Kumbhajani, that had a name.
22:39Albert was a goldmine.
22:44And so now the ultimate goal was to take the top targets, build cases against them,
22:48identify them, and arrest them all at once.
22:51But these individuals didn't think they could be discovered because there was no physical meetings.
22:56They thought they couldn't be touched. They thought they were Teflon.
23:01Was this person sitting in New York at an internet cafe?
23:03Were they at a government office in Russia?
23:05We knew what ShadowCrew was doing. We knew how they were doing it.
23:08We just didn't know who they were.
23:18We'd amassed all this evidence and we had built great cases against the members
23:22of an international hacking website called ShadowCrew.
23:26But it wasn't like the traditional investigation.
23:29These criminals were able to hide behind the internet.
23:33At that time, all we had identified was the screen name that would pop up on the chat
23:38when we would communicate with them.
23:40These are human beings. You need to know their name, their address, where they are and who they are
23:46in order to be able to prosecute the individuals and arrest them.
23:50Some of the nicknames they used were Deck, MacGyver, Velour, D&D Silencer.
23:55Mint Floss, Liquid Technique.
23:59You can't arrest Mint Floss, Velour or Scarface.
24:03You can't arrest somebody if you don't know who they are.
24:06Many of the ShadowCrew members had never talked to each other, had never met in person.
24:11Their interactions were completely online.
24:15Most of their efforts went into anonymity.
24:18We needed to take the digital world and push it into the physical world
24:22if we were really going to take this down.
24:25The next step is identification.
24:27That was where most of the effort went pretty quickly,
24:30but we weren't doing that well in identifying them.
24:33We spent months striking out.
24:36I'm taking a lot of risk here because I'm running this investigation
24:39and I was completely stressed out.
24:42We'd get an IP address, we'd find it.
24:44That's a 70-year-old female in Wisconsin.
24:47There's no way that's her.
24:49They were using her IP address to do their illegal activity.
24:52And we were also trying to pull everything we could
24:55out of every chat they had, every post they made,
24:58for clues on who they were and where they were.
25:01One of the great examples I recall is taking the handle
25:05that someone used, the online nickname,
25:07and running it in Google to discover that they had also used
25:11that online name to sell their father's car online.
25:16So we were able to piece together pieces from the face,
25:20pieces from the physical world, with the criminal world,
25:24to ultimately identify who they were.
25:26It was very much a cat-and-mouse game.
25:31But how we really broke the case,
25:34Albert came up with an idea of a VPN.
25:39A VPN is a virtual private network, an anonymizing service,
25:43that encrypts your internet activity,
25:46which means law enforcement can't see it.
25:50So we had built up Albert's reputation so much on Shadow Crew
25:54that he then had the ability to very easily say to folks,
25:57hey, use the VPN, you'll never get caught.
26:00And what they didn't realize is that we were wiretapping
26:03everything that they were doing.
26:06And then we were able to identify the IP address
26:10that was used to log into the VPN and trace it back
26:14to an actual home from where they were connecting.
26:20We started matching a real name to a screen name pretty quickly.
26:24We were using their own technology against them.
26:28The VPN really changed the game.
26:31So now all of our focus was to put agents on the ground
26:34to start physically identifying these people
26:37by bringing the new world back into the old world.
26:42It's traditional law enforcement technique
26:45that ultimately finds these people out.
26:49With one of these individuals, the agents did a ruse
26:51and pretended to deliver a pizza to the individual's house.
26:54He never had ordered a pizza, but what he did,
26:57since he was talking to our source at the time online,
26:59he came back and said, can you believe this?
27:01Someone just tried to deliver a pizza to my house.
27:04You use whatever resources you need to get what you want.
27:11DOJ only gave us permission to wiretap for 30 days.
27:14So we had to do a takedown.
27:17There's no way I can apprehend 4,000 individuals.
27:19That's where you really have to have these strategy sessions
27:22to figure out which of those individuals that we believe
27:25will have the biggest impact if they're arrested and taken offline.
27:29The ultimate goal was to take the top targets
27:32and arrest them all at once.
27:36It was a high bar.
27:38We wanted to indict them for credit card fraud,
27:41for identity theft, for wire fraud,
27:45for access device fraud and computer fraud
27:47and unauthorized computer access.
27:49Our target list had boiled down to 28 people.
27:5321 of those were in the U.S.
27:55Seven were scattered between seven different countries.
27:59One of these countries was in South America.
28:01A predominant amount were in Europe.
28:03Belarus, Sweden, Poland, the U.K.
28:07But how do you take 28 people across the globe
28:11and arrest them all at once?
28:15The good thing is, is that a secret service
28:17was able to leverage the relationships
28:19with our law enforcement partners in these different countries
28:22to help apprehend these individuals overseas.
28:26And the idea was to get all the top targets together
28:29all at the same time in front of their computers
28:31to that VPN for some big announcement.
28:34The announcement that we were going to make
28:36that we thought would lure enough people into being online
28:39was that Albert was going to retire as the administrator of the site
28:44and hopefully turn it over to someone else.
28:46Albert became almost a rock star in the community itself.
28:50Him making an announcement, people are going to pay attention.
28:53We had to make sure that this was all done simultaneous
28:57so that they could not encrypt their data,
28:59destroy their data, or flee.
29:04It had to be perfectly timed.
29:07Because once any one of the thousands of members
29:11or knew that law enforcement was behind the Shadow Crew organization,
29:16it was over.
29:17Each of these individuals likely had a stash
29:20of counterfeit identity documents
29:22and they could disappear in a moment's time.
29:25Forever.
29:26If we didn't execute the takedown perfectly,
29:28we would blow the whole case.
29:31The Shadow Crew website target list had boiled down to 28 people
29:35because those were the 28 people that we could identify.
29:38And we had to do a takedown.
29:41The idea was to lure those people online together
29:44into a virtual private network all at once
29:47for a big announcement that Albert was going to retire
29:50as the administrator of the site.
29:52We had to do a takedown.
29:54The Shadow Crew website target list had boiled down to 28 people
29:57because those were the 28 people that we could identify.
30:01We had to lure Albert as the administrator of the site
30:04and hopefully turn it over to someone else.
30:06So we could do a simultaneous international takedown
30:09and arrest these people.
30:13A year and a half of an investigation
30:16and all the good and the bad built up to October 26, 2004.
30:22We chose Sunday because that was the night
30:25that we knew we had the highest percentage
30:27to have individuals sitting at their computers.
30:31We would automatically have the evidence we're looking for
30:33to corroborate our story and our transactions
30:36and identify additional transactions.
30:38If the criminals knew we were going to be searching
30:41their premises, they might press a button
30:44and delete the evidence.
30:46In our case, a no-knock warrant was critical.
30:50A no-knock warrant is you don't knock on the door.
30:53You knock the door down.
30:57We had to convince judges to allow us to use flashbangs
31:00to keep them from getting away from their keyboards
31:02so they wouldn't encrypt data.
31:04Flashbangs are typically used for drugs, guns,
31:06high crime areas where you want to sort of shock folks
31:10and we wanted to make sure there was a bang involved in it.
31:13But we did feel like being that it was such a logistic nightmare
31:17that there was a chance that all of a sudden, poof,
31:21the smoke goes off and there's nobody behind that keyboard.
31:25The entire takedown was going to be coordinated
31:28out of headquarters.
31:30There was a command center where all of the bosses
31:32and headquarters people were.
31:34And then, just like it started, it was me and Albert
31:37in a room on a computer.
31:39We had to disperse teams to all the locations globally.
31:44We had multiple screens.
31:46We had all of our locations mapped out on the map.
31:50Around 4 p.m. is when we started to get ready
31:54and started to chat.
31:59Around 6 o'clock, we got enough targets online
32:03and we started the conversation of,
32:06this is the announcement.
32:08We moved like pieces of a jigsaw puzzle
32:11when the teams were in place.
32:13The team member agent would give the high sign
32:16and once all 28 high signs were up, we went for it.
32:20And almost every chat went dark.
32:23We were getting real-time information
32:26on what was occurring in the field.
32:28It was nerve-wracking because we saw, in one case,
32:31agents reporting back that someone
32:33was jumping out of a window.
32:35Other cases, criminals were in a car
32:37and there was a car chase.
32:39The arrests occurred everywhere from New York
32:42to Phoenix to California,
32:45countries like Belarus, Sweden, Poland, the U.K.
32:50Every time we had a successful arrest,
32:52we would announce it in the room
32:54and the whole room would erupt in cheers
32:56and it's like you score a touchdown.
33:01As part of the shadow crew takedown,
33:03we arrested 28 individuals.
33:05We seized over 100 computers
33:07and we executed 27 search warrants.
33:10About an hour after the takedown,
33:12what we did was we changed their front page
33:14to say the Secret Service has been monitoring your criminal record.
33:18We locked the website so nobody could access
33:20any of the information on it anymore
33:22and all they could see is that front page.
33:25The amount of information we were able to obtain,
33:28the success we had in identifying
33:30and apprehending the individuals
33:32were beyond our wildest dreams.
33:34Out of the original 28 that were arrested,
33:37all 28 pled guilty
33:39because we built a phenomenal case against them.
33:41There was no way out of it.
33:43We wanted to send a message to these organizations
33:45that they weren't untouchable by law enforcement
33:47and law enforcement had the ability
33:49to pursue them and apprehend them.
33:53We were ecstatic.
33:55We were proud of each other
33:57and we were able to look at each other and go,
33:59holy shit, we just did this
34:01and no one else has.
34:05I'm sure Albert was conflicted
34:07and he was like,
34:09I don't know what to do.
34:12I'm sure Albert was conflicted.
34:14He was responsible for helping us make these arrests
34:16and these were people that he built relationships with
34:18over the years.
34:20I liked him.
34:22I wouldn't have worked with him
34:24as long as I did if I didn't like him.
34:26I had a level of respect for him
34:28that anyone would have with someone
34:30who's extremely intelligent
34:32and knows something that you know nothing about
34:34and is willing to teach you.
34:37After Operation Firewall,
34:39there was a disruption
34:41in the hacker community.
34:43They speculated that somebody
34:45was an informant.
34:49We were worried about Albert's safety.
34:51We didn't want him to stay in New Jersey
34:53so we sent him back to Miami
34:55to live with his family.
34:57We thought that was a good place
34:59for him to sort of settle down,
35:01get a little more grounded
35:03and back into a normal life
35:05while we figured out what to do next.
35:07About a year later,
35:09I got transferred to Miami
35:11in June of 2005.
35:13And I started working
35:15with Albert again
35:17after the Firewall takedown
35:19around November of 2005.
35:21Same exact thing.
35:23So we started
35:25getting a target list together
35:27but it came to a point where
35:29we weren't making the arrests
35:31that I thought we should be making
35:34So he wasn't showing up on time,
35:36wasn't showing up at all
35:38and I didn't want him there
35:40if his head wasn't in the game
35:42and he didn't really want to be there.
35:44So in the spring of 2007,
35:46I asked him to leave
35:48and we cut ties.
35:52Millions of shoppers may have had
35:54their credit card information ripped off.
35:56Somebody hacked into a computer system
35:58used by some popular department stores
36:00right here in our area.
36:03It was noticed in December and reported to authorities.
36:05Visa alone estimates 20 million
36:07of their cards were involved in the breach.
36:11Since the success of Operation Firewall,
36:13the Secret Service had continued
36:15to investigate online crime
36:17and several years later
36:19there was a series of high-profile
36:21data breaches that were reported
36:23so we began working
36:25with the Secret Service to investigate.
36:2740 million credit card
36:29and debit numbers from TJ Maxx
36:31As we're seeing, this conspiracy
36:33stretched far beyond TJ Maxx.
36:35We're also looking at nine other retailers.
36:37Dave & Buster's,
36:39Office Maxx, Sports Authority,
36:41Barnes & Noble.
36:43Companies were getting hacked at an alarming rate
36:45and they were stealing credit card numbers.
36:47We thought these crimes were connected
36:49and then when we started investigating
36:51and were able to pull the malicious files
36:53and code they were using on systems
36:55and match them to other victims,
36:57we knew they were connected.
37:00The talent that was needed to do that
37:02was at the top of the list.
37:04We started linking those attacks
37:06to different individuals and criminal groups
37:08and it appeared that one of the online
37:10handles we had been looking at
37:12that was involved in some of these data breaches
37:14was actually linked
37:16to Albert Gonzalez through an email address.
37:21After everything that we did
37:23to then find out that he was screwing
37:25all of us behind our back,
37:27that's a tough pill to swallow.
37:30The Retail Industry
37:34The retail industry got a wake-up call
37:36earlier this year when TJX,
37:38parent company of TJ Maxx and Marshalls,
37:40disclosed that it had suffered
37:42the worst high-tech heist
37:44in shopping history.
37:46Beginning in 2006,
37:48there was a series of high-profile
37:50data breaches that were reported
37:52to the Department of Justice
37:54and we started linking those attacks
37:56to different individuals and criminal groups
37:59and a central figure
38:01for all of those breaches
38:03was Albert Gonzalez.
38:07And so on May 7th, 2008,
38:09Albert Gonzalez
38:11and four co-conspirators
38:13were arrested.
38:15Albert Gonzalez is awaiting trial on allegations
38:17he orchestrated the largest
38:19data breach in history.
38:21He and his accomplices are accused of acquiring
38:23130 million credit
38:25and debit card numbers from five large companies.
38:29When we arrested him, we found him with a BMW
38:31and a jet ski and Rolex watches.
38:33He was spending some time in luxury
38:35apartments and had a $80,000
38:37birthday party in a nice hotel
38:39in New York.
38:41And Secret Service dug up
38:43$1.4 million
38:45in his parents' yard.
38:47It was the proceeds of his crime.
38:49Hacking was like a sport
38:51to him. He was addicted
38:53and he couldn't stop.
38:55In 2009,
38:57Albert Gonzalez pled guilty
38:59to multiple counts of
39:01conspiracy, wire fraud,
39:03computer fraud, access device
39:05fraud and aggravated
39:07identity theft as related to
39:09numerous hacks and intrusions.
39:11He was sentenced to 20 years imprisonment
39:13which at that time
39:15was a massive sentence.
39:17I think it was a just sentence.
39:19It sent the message
39:21to the criminal world that this is
39:23now being taken very seriously
39:25and was proportionate to the amount of
39:27criminal activity that he was convicted for.
39:35I felt betrayed
39:37because it was personal to me.
39:39There were phases
39:41of the personal relationship
39:43that we went through. Drugs
39:45and withdraw and getting him through
39:47that and then building up that trust
39:49and then getting to the point where
39:51you're ecstatic over a huge
39:53investigation that had never
39:55been done before that
39:57he was partly responsible for.
39:59I felt we had
40:01turned him around but
40:03for me it was
40:05how much of it
40:07was a lie.
40:11Especially because
40:13the career that I have now
40:15every day
40:17I have
40:19to think about the fact
40:21that he helped me get here.
40:23It pisses me off.
40:27But no matter
40:29what happened with Albert
40:31at the end, it doesn't take away from
40:33everything that was done and accomplished
40:35by all the men and women of the Secret Service.
40:39Operation Firewall
40:41was the largest international
40:43takedown that the Secret Service had ever
40:45undertaken. It was also
40:47the first time it had done a lot of things
40:49that it had never done in the investigative realm.
40:53I did not really realize the
40:55impact of Operation Firewall
40:57until much later. The Secret
40:59Service still uses a lot
41:01of the same investigative
41:03tactics that were learned in
41:05Firewall. This case is really about
41:07the transformation of physical
41:09crime to online crime
41:11and the way law enforcement
41:13and intelligence has to adapt
41:15to that transformation.
41:17In the age of connectivity, hackers
41:19are becoming the most dangerous criminals
41:21in the world. Credit Bureau Equifax
41:23hacked and the personal information of more
41:25than 140 million Americans
41:27breached. You look at how many
41:29people have had their identities stolen now, it's
41:31close to the entire population
41:33of the U.S. has been compromised in some
41:35way or another. Hack organizations
41:37are now state sponsored
41:39or terrorism related.
41:41Whatever technology we have,
41:43criminals have access to as well.
41:45They're learning, they're advancing
41:47their techniques, but law enforcement
41:49is also learning and advancing
41:51its techniques. Now we're seeing
41:53the evolution of your information
41:55becoming power and
41:57how it gets used against you.
41:59It's a new
42:01world.