Skip to content
Modern WisdomModern Wisdom

The United States' Most Wanted Hacker - Brett Johnson

Brett Johnson is referred to by the United States Secret Service as "The Original Internet Godfather", he was the Founder and Leader of Counterfeit Library and Shadow Crew and has been a central figure in the cybercrime world for almost 20 years. Brett has been a lifelong criminal, he was committing crimes from inside the Secret Service's own offices, then after being sent to prison he escaped from prison and went on the run to Disneyland, all while defrauding millions. This story is one of the wildest things I've ever heard. Expect to learn what it feels like to be on the FBI's Most Wanted list, what actually happened with the Solar Winds hack, how Brett was involved in the origins of the darknet, his thoughts on Ross Ulbricht and Silk Road, the closest calls Brett had to being killed, how he evaded capture for so long, whether he thinks Julian Assange is a criminal or a hero and much more... Sponsors: Get the Whoop 4.0 for free and get your first month for free at http://join.whoop.com/modernwisdom (discount automatically applied) Get 83% discount & 3 months free from Surfshark VPN at https://surfshark.deals/MODERNWISDOM (use code MODERNWISDOM) Extra Stuff: Check out Brett's website - https://www.anglerphish.com/ Follow Brett on Twitter - https://twitter.com/GOllumfun Get my free Reading List of 100 books to read before you die → https://chriswillx.com/books/ To support me on Patreon (thank you): https://www.patreon.com/modernwisdom #cybercrime #hacking #fbi - 00:00 Intro 00:20 What Does it Mean to Be on US Most Wanted List? 05:30 How Shadow Crew Began 19:49 What Motivated Brett? 27:44 Behind The Solar Winds Hack 31:16 Which Countries Commit the Most Cybercrimes? 41:10 How Much Violence is Involved in Cybercrime? 47:27 Experiencing Jail 1:02:17 Coping with Crime Triggers 1:14:23 Where to Find Brett - Get my free Reading List of 100 life-changing books here - https://chriswillx.com/books/ Listen to all episodes on audio: Apple Podcasts: https://apple.co/2MNqIgw Spotify: https://spoti.fi/2LSimPn - Get in touch in the comments below or head to... Instagram: https://www.instagram.com/chriswillx Twitter: https://www.twitter.com/chriswillx Email: https://chriswillx.com/contact/

Brett JohnsonguestChris Williamsonhost
Jul 23, 20221h 15mWatch on YouTube ↗

CHAPTERS

  1. 0:00 – 5:32

    Making the Most Wanted list: the fear, isolation, and paranoia of being on the run

    Brett recounts how he ended up on the U.S. Most Wanted list after continuing crimes even while cooperating with the Secret Service. He describes the psychological toll: constant vigilance, loneliness, and a daily swing between relief and dread.

    • Stealing $600k in four months and waking up to “U.S. Most Wanted”
    • Life on the run: no friends, no trust, constant movement
    • Hypervigilance and self-generated anxiety worse than law enforcement pressure
    • Coping with isolation and desperation while hiding
  2. 5:32 – 10:34

    Childhood roots of a criminal mindset and the path into early internet fraud

    Brett traces his criminal behavior back to childhood, describing family dynamics, neglect, and early shoplifting. He links later fraud to attachment issues and a belief that love is earned through providing—by any means necessary.

    • Early exposure to fraud through his mother and a “provide at all costs” mentality
    • Progression through various offline crimes before the internet era
    • Anxious attachment and ‘buying love’ through money and gifts
    • First online scams: eBay fraud and learning how victims delay reporting
  3. 10:34 – 12:38

    Scaling up: piracy schemes, fake IDs, and the bridge to organized cybercrime

    He explains how small scams expanded into higher-volume schemes involving pirated software, hardware mods, and satellite card fraud. A failed attempt to buy a fake driver’s license becomes a catalyst for building criminal platforms rather than relying on untrusted contacts.

    • Pirated software sales and modding cable/satellite access
    • Decision to stop fulfilling orders and exploit low-reporting incentives
    • Need for fake identity documents to launder and cash out
    • Getting scammed by a scammer and treating it as “cost of doing business”
  4. 12:38 – 14:39

    ShadowCrew’s origin story: building the first cybercrime marketplace with “trust” tools

    Brett describes creating Counterfeit Library and then ShadowCrew, positioning them as precursors to modern darknet markets. The innovation wasn’t just crime—it was infrastructure: reputation, escrow, vouching, and persistent forums that enabled global collaboration.

    • From IRC chat rooms (high-risk, low-trust) to structured criminal forums
    • Trust mechanisms: vouching, escrow, reviews, skill-level reputation
    • ShadowCrew as an ‘eBay for criminal activity’ and coordination across time zones
    • Forbes cover and rapid international law-enforcement action
  5. 14:39 – 17:43

    How ShadowCrew fell: ATM cash-out exploits, Albert Gonzalez, and operational compromise

    The conversation shifts to the mechanics of credit/debit fraud and the CVV1/track data exploit era. Brett explains how high-profit ATM cash-outs drew attention and how an insider-turned-informant helped law enforcement dismantle the community.

    • Track data and why full Track 2 mattered for ATM withdrawals
    • CVV1-era weakness: banks not hashing Track 2, enabling crude encoding tricks
    • Profit jump from CNP fraud to ATM cash-outs (monthly to daily scale)
    • Albert Gonzalez’s arrest, cooperation, and the VPN-driven takedown
  6. 17:43 – 19:49

    Money laundering at scale: tax-return identity theft, backpacks of cash, and offshore trails

    Brett details his most profitable operation: filing fraudulent returns using identities of deceased individuals. He also explains the practical reality of laundering massive cash flows through businesses and international banking corridors—and how long it took authorities to trace seizures.

    • Tax-return identity theft workflow and speed (returns filed every ~6 minutes)
    • ATM route planning, repeated cash-outs, and literal rooms of cash
    • Using cash businesses and multi-country banking to obscure funds
    • Arrest timeline and lingering untraceable funds
  7. 19:49 – 23:07

    Why keep going when you’re rich? Ego, status, and online ‘god mode’

    Chris challenges the idea that money was the primary driver, and Brett agrees it evolved into status-seeking. They compare cybercrime prestige dynamics to online communities like WallStreetBets, where attention and reputation become the real reward.

    • Motivation shift from providing love to pursuing status and control
    • Being a gatekeeper for transactions as a power and ego engine
    • Echo chambers and identity reinforcement in online communities
    • Respect as currency: unique capability elevates rank in criminal circles
  8. 23:07 – 27:44

    Most ‘hackers’ aren’t coders: social engineering, repurposed tools, and known exploits

    Brett breaks down cybercrime into data gathering, execution, and cash-out, arguing most attackers rely on social engineering rather than elite programming. He also emphasizes that many major breaches and ransomware campaigns succeed through known vulnerabilities and poor patching discipline.

    • Only a small fraction of attackers are true technical innovators
    • Three-part model: gather data → commit crime → cash out
    • Off-the-shelf tools (Tor, VMs, Kali) repurposed for crime
    • Ransomware-as-a-service and why deployment/social engineering is hardest
    • Most attacks leverage known exploits, not zero-days (e.g., patch delays)
  9. 27:44 – 31:16

    SolarWinds and nation-state operations: supply-chain compromise and long-tail damage

    Brett frames SolarWinds as a historic breach driven by systemic security negligence and a supply-chain attack model. The discussion expands into other nation-state incidents like NotPetya, highlighting how even sophisticated operations often begin with preventable weaknesses.

    • SolarWinds as a supply-chain breach with massive downstream access
    • Security failures: weak credentials, ignored audits, profit over protection
    • Attribution and the role of state-tolerated groups
    • NotPetya’s destructive design and use of already-known exploits
    • Long-term strategic damage through email and network visibility
  10. 31:16 – 36:46

    Who dominates cybercrime: geopolitics, safe havens, and why enforcement lags

    Brett ranks countries most associated with cybercrime capability and volume, arguing that geopolitical tolerance and lack of consequences matter as much as talent. Chris and Brett discuss how cultural expectations shape responses and why some states function as de facto sanctuaries.

    • Leaderboard discussion: Russia, China, North Korea, Iran, Ukraine, Brazil, etc.
    • State tolerance: ‘allowed as long as you don’t target home country’ dynamic
    • U.S. reluctance to assign blame or impose consequences
    • Colonial Pipeline framed as another ‘known exploit’ failure
  11. 36:46 – 41:10

    Assange, Manning, Snowden: where journalism ends and criminality begins

    Brett offers a nuanced take on Julian Assange, arguing that advising on how to obtain classified data crosses a line. He contrasts Manning and Snowden through the lens of accountability—who stayed to face charges versus who fled prosecution.

    • Assange’s brilliance and perceived shift from publishing to participation
    • The legal/ethical distinction: receiving leaks vs facilitating acquisition
    • Respect for Manning’s willingness to face court consequences
    • Criticism of Snowden for fleeing to avoid prosecution
  12. 41:10 – 42:44

    Violence enters cybercrime: drugs, gangs, and higher stakes

    Brett explains that early cybercrime communities were largely non-violent, but violence rose as profits and threats increased. Allowing drugs into marketplaces changed the participant base, bringing in gangs and escalating incentives to use force to avoid long sentences.

    • Early era: mostly scams and theft without physical violence
    • First major violence signal: torture/kidnapping images used as deterrence
    • Drug listings shift the culture and attract more dangerous actors
    • Higher penalties increase willingness to commit violence
  13. 42:44 – 47:27

    Working with the Secret Service—then committing crimes inside their office

    Brett recounts his cooperation arrangement: working in Secret Service offices to identify targets and build investigations. He then describes exploiting lax supervision and weak evidence handling to continue buying stolen data and setting up new fraud—until a polygraph and investigation unravel it.

    • Role as a monitored cooperator: surf forums, identify targets, build cases
    • Operational failures: boredom, poor review of logs/DVDs, weak oversight
    • Crimes committed while inside: buying stolen cards and tax fraud inputs
    • Polygraph failure, bond issues, and the launch of a cross-country spree
  14. 47:27 – 55:23

    Jail and prison reality: violence risk, race politics, and survival through ‘value’

    Brett describes county jail as chaotic and dangerous, and federal prison as inmate-run with strict racial structures. A misunderstanding about “computer crime” nearly gets him attacked, and being publicly labeled an informant raises the stakes—leading him to survive by teaching fraud and acting as a liaison in tense inmate dynamics.

    • County jail vs prison: mixed populations and higher volatility in jail
    • Racial organization and being “met at the door” by prison power structures
    • ‘Computer crime’ misread as child porn; the danger of labels and rumors
    • Wired article outing him as an informant and the fallout
    • Survival strategy: teaching fraud and mediating conflicts around vulnerable inmates
  15. 55:23 – 1:04:27

    Escape, CBT, and reentry: triggers, relapse risk, and rebuilding a lawful life

    He explains his non-dramatic escape from minimum security, the punishment that followed, and how cognitive behavioral therapy helped reframe his behavior. After release, he confronts employment barriers and triggers to reoffend, relapses briefly, and ultimately rebuilds life through accountability, support networks, and work in cybersecurity advocacy.

    • Escape from a minimum-security camp and solitary confinement consequences
    • CBT in prison: thoughts → feelings → actions framework
    • Post-release barriers: probation limits, employability challenges, poverty pressure
    • Triggers: fear of not providing and stress about stability
    • External accountability: family honesty, FBI support, and building a legitimate career
  16. 1:04:27 – 1:15:32

    Rehabilitation at scale and practical protection tips: ‘AA for crime’ and cyber hygiene

    Chris and Brett explore whether recovery structures like AA could help prevent recidivism, emphasizing mentorship, CBT, and social support. They close with where to find Brett and a concise list of consumer security actions to reduce victimization.

    • Argument against labeling most criminals as sociopaths; focus on bad decisions and context
    • Need for a support ‘village’ and structured post-release accountability
    • Cost framing: society pays for rehab now or incarceration later
    • Where to find Brett: YouTube and LinkedIn
    • Three tips: freeze credit, monitor/alert accounts, use a password manager

Get more out of YouTube videos.

High quality summaries for YouTube videos. Accurate transcripts to search & find moments. Powered by ChatGPT & Claude AI.

iOSAndroidClaudeChrome