JThe Internet has connected nearly everyone on the planet to a global network of information and influence, providing humanity’s best and brightest minds with unparalleled capabilities for collaboration. At least that was the idea, more often than not these days it serves as a popular way to scam your terminal online loved ones out of large sums of money. Just ask Brett Johnson, a reformed scammer who, in his heyday, was good at separating fools from their money, that he founded a comprehensive online learning forum to train a new generation of digital scammers.
Johnson’s cautionary tale in one of the many contents of the new book, Fool Me Once: Scams, Stories and Secrets of the Trillion Dollar Fraud Industry, from Harvard Business Review Press. In it, DePaul University professor of forensic accounting, Dr. Kelly Richmond Pope, chronicles some of the most heinous financial misdeeds of the 20th and 21st centuries – from Bernie Madoff’s pyramid schemes to Enron and VW, and every Nigerian prince in between – exploring how the scams worked and why they often left their mark unwise.
Harvard Business Review Press
Reprinted with permission from Harvard Business Review Press. Extract of Fool Me Once: Scams, Stories and Secrets of the Trillion Dollar Fraud Industry by Kelly Richmond Pope. Copyright 2023 Kelly Richmond Pope. All rights reserved.
Cyber Monday
I was doing my morning reading before class, and a story about a reformed cybercriminal caught my eye. I always wanted to learn more about cybercrime, but I had never interacted with a convicted cyberoffender. It was my chance.
I did a quick Google search and found his personal website. I reached out, explained my interest in her story, and waited. In the evening I received an email from gollum@anglerphish.com. I immediately had my suspicions, but it was a legitimate address from Brett Johnson, the man in the article.
After a few email exchanges, we called each other. He was super nice and had the voice of a radio DJ. I invited him to come talk to my class at DePaul.
“I teach Monday nights for the next eight weeks, so whatever works for you will work for me,” I said.
“How about I jump in my car and come visit your class next Monday?” he said.
I was a bit shocked – Birmingham, Alabama was a long drive – but immediately accepted his offer.
Brett was born and raised in Hazard, Kentucky, “one of those areas like the Florida Panhandle and parts of Louisiana where if you’re not lucky enough to get a job, you can get involved in some kind of scam, hustle, cheat, whatever you want to call it,” he said.
Maybe there was something in the water because his whole family had been involved in fraud. Insurance fraud, falsification of documents, drug trafficking, illegal coal mining. You name it, Brett’s family did it.
Young Brett was a natural liar. Growing up, he participated in family scams.
Eventually, he kicked off on his own. His first scam: in 1994, he faked his own car accident. Second scam: the eBay fraud.
It hit its peak in the mid-90s, during the heyday of Beanie Baby. The Royal Blue Peanut, essentially a cobalt stuffed elephant toy, sold for up to $1,700. Only five hundred dolls were made, making this one of the most valuable Beanie Babies.
Brett was trying to earn some extra cash. A Beanie Baby scam seemed quick and easy.
He advertised on eBay that he was selling Royal Blue Peanut for $1,500. Except he was actually selling a gray Beanie Baby that he had dipped in blue dye to look like Royal Blue Peanut for $1,500.
He accepted an offer and asked the winner to send a US money order. “It protects us both,” he said over email. “As soon as I have that and it clears up, I’ll send you your elephant.”
The bidder sent the money order to Brett; Brett cashed it in and sent her version of the blue Beanie Baby. The phone rang almost immediately.
“This is not my order !” shouted a voice on the other line.
Brett’s response was quick. “Madam, you have ordered a blue elephant. I sent you a bluish elephant.
Brett gave her the run around for a few weeks until she finally disappeared.
This experience taught Brett two very important lessons about cybercrime:
Brett continued to hone his skills and graduated as a pirated software vendor. From pirated software, he moved on to installing mod chips (a small electronic device used to disable artificial restrictions in computers or entertainment devices) in gaming systems so owners could play pirated games. Then he started installing mod chips in cable boxes that turned on all pay-per-view programs on customer TV channels for free. Then it was about programming DSS satellite cards (the DSS satellite card provides access to TV channels).
He was getting requests for his cable boxes from customers all over the United States and Canada. He was on a roll. Eventually, it occurred to him: why even fill in the decoder command? Just take the money and run. He knew that no customer would complain about losing money in an illegal transaction. He stole even more money with this updated version of his decoder scam, but soon grew concerned about being reported for money laundering. He decided he needed a fake driver’s license so he could open a bank account and launder the cash withdrawn from the ATM.
He found someone online who was selling fake licenses. He sent a picture, $200, and waited. He waited and waited. Then reality hit him in the face: he had been ripped off. The nerve.
No one hates being cheated more than someone who cheats for a living. Brett was so frustrated that he started ShadowCrew.com, an online forum where people could learn the ins and outs of cybercrime. Forbes called it “a single market for identity theft.” The ShadowCrew operated from August 2002 to November 2004, attracting up to four thousand criminals or would-be criminals. It is considered the forerunner of today’s cybercrime forums and marketplaces; Brett is known as the godfather of cybercrime.
“Before ShadowCrew, the only way to commit a crime online was through a continuous chat room,” he told my students. “It’s called an IRC chat session and stands for Internet Relay Chat.” The problem with those rolling chat screens was that you didn’t know if you were talking to a cop or a crook. Either was possible.
ShadowCrew gave criminals a trust mechanism. It was a great communication channel where people from different time zones could reference conversations. “By looking at someone’s screen name, you could tell if you could trust that person, if you could network with that person, or if you could learn from that person,” he said. The dark web screen name became the criminal’s brand name. They keep this brand name throughout their criminal tenure and it helps build trust with others, so the pseudonym is important.
When Brett was in class, he showed my students how information ends up on the dark web. “You can find social security numbers, home addresses, driver’s license numbers, credit card numbers on the dark web for $3,” he explained. All the information is there, practically begging to be taken.
In 2004, authorities arrested twenty-eight men in six countries, claiming they had swapped 1.7 million stolen card numbers and caused $4.3 million in losses. But Brett escaped. He was placed on the Secret Service’s most wanted list. After four months on the run, he was arrested.
Brett has been in and out of prison five times and spent 7.5 years in federal prison. Today, he considers himself a reformed white-collar offender.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission. All prices correct at time of publication.
