Security Unfiltered

Power Without Stealth: Should America Flex In Cyberspace Or Starve Cartels Online

Joe South Episode 215

Share episode

Send us a text

We trace Jake’s unlikely route from journalism to the White House, how DEF CON’s Voting Village began, and why imposter syndrome can be a secret advantage when paired with relentless learning. Then we pull apart cyber strategy, Stuxnet’s signal value, and a plan to choke fentanyl through targeted offensive operations against cartels’ digital lifelines.

• launching a policy career by building expert networks
• founding the DEF CON Voting Village and publishing policy insights
• managing imposter syndrome with trusted advisors and study
• shifting from shields up to active defense in cyber
• why Stuxnet’s visibility served a political goal
• using law enforcement cyber tactics beyond ransomware
• how fentanyl economics and pill presses scaled harm
• China’s precursor role and Sinaloa’s market pivot
• Coast Guard and HSI authorities for upstream disruption
• making fentanyl unprofitable through targeted cyber pressure

Find Jake on LinkedIn: Jake Bronn
Book: Fentanyl, The Mass Poisoning Of America And The Cartel Behind It


Support the show

Follow the Podcast on Social Media!

Tesla Referral Code: https://ts.la/joseph675128

YouTube: https://www.youtube.com/@securityunfilteredpodcast

Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast

Affiliates
➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh
➡️ OffGrid Coupon Code: JOE

➡️ Unplugged Phone: https://unplugged.com/
Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout

*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

SPEAKER_01:

How's it going, Jake? It's uh it's great to get you on the podcast. I know we've had to reschedule a couple times, but you know, I really appreciate your flexibility and you know, really happy to have you on.

SPEAKER_00:

Oh, thanks for having me. I I uh I love this show, so really happy.

SPEAKER_01:

Yeah, no, that that's great to hear. It's it's weird, you know. When I started this podcast, my goal was, you know, if 10 people listen to this thing, it's a success, right? Like who's gonna who's gonna find me? You know, what's the discoverability look like? Like all that stuff. I just had no clue. You know, and now every once in a while when I when I go somewhere, at least to like, you know, security conferences or you know, different speaking events, right? People will come up and say that they love the podcast and you know they really enjoyed and whatnot. And I I get messages from people, you know, saying that they love it, which is something I just really never even expected. And now, you know, on YouTube I have like over 75,000 subscribers, which is 75,000 more than I thought that I'd ever get, you know.

SPEAKER_00:

That's awesome. Yeah, congratulations. I mean, it's I mean, it's a testament to the hard work and the super engaging content. And of course, the amazing guests you have, you know. I mean, I think it's really all attributed to them.

SPEAKER_01:

Yeah, it's probably like heavily weighted on the guests rather than anything else that I'm providing, right? I mean, it's have heavily weighted. But yeah, you know, Jake, why don't we start with with your background, right? How did you get into it? How did you kind of get into you know cybersecurity? There's so much with your background that I want to like dive into, so I apologize for limiting the small talk for myself because you know I'm just really fascinated with your background.

SPEAKER_00:

Oh, no problem. Um, that's the easiest thing for me to talk about. So thanks for for starting, starting there. So, you know, the the whole reason I got into national security in general before I'd ever even heard of cybersecurity was um I went to Taiwan after undergrad because I knew I like to travel, but I didn't know really anything else about what I like to do. I wound up working at an English language newspaper there. And uh two things happened while I was there. One, the 2000 election happened. So I was like covering that in Taipei, really just from the AP and Reuters Newswires, um, but got super interested in it and became kind of had that thing that journalists often have early in their career where it's like, oh, well, I prefer to do this stuff than report on it. And at the same time, or about the same time, I was reading James Baker's book. He was the the chief of staff to President Reagan and then the Secretary of State under George, the first George Bush. And I, you know, he said, look, if you want to get in national security, there's a couple ways to do it. One, you could join the military, which obviously today's Veterans Day, thanks to all our service members for everything they've done and a very noble profession, and kind of work your way up the ranks to general or whatever, and you know, so on. Or you could join the State Department, go stamp passports in Bangladesh for 20 years and also a noble profession, and something you could work your way at the food chain. And then he said, or uh, you could help elect a president. And if you do that, then when you go in, you go in as a senior executive in in the administration. I was like, I like that uh that path better just because it's faster. Um, and so gotten when I came back out involved in politics and worked on the first Obama campaign and was a deputy national field director there. Again, couldn't spell cybersecurity, and they made me White House liaison to Homeland Security. And I was actually working on this big data, getting this big data sharing agreement with the European Union or passed through the European Union. It was an agreement between the US and the EU. DHS Homeland Security was the lead for it. And so we were the lead negotiator with the European Union and getting this thing passed. So my job was basically to whip votes in the European Parliament, the Commission, and the and the European Council. You know, we were lucky enough to get it through. It was a really fascinating project. The team that was working on it, led by my former boss, Jane Hall Lut, who was the deputy cabinet secretary at Homeland Security at the time, is, you know, hanging out after we, you know, got the thing passed, kind of celebrating at a at a bar in Brussels. And we're sitting there having a drink, and I think she was having a red wine and I was having a beer. I'm a very lowbrow person. And and she says, Hey, the White House has asked me to lead cybersecurity for Homeland Security, and I want you to help me do it. And I was like, ma'am, I can't spell cybersecurity. And she said, That's okay. Nobody else in policy can either. Only the IT people know what it is, and and no one understands what they're saying anyway. So, you know, we'll figure it out together. So literally, that's how I got into cyber. And then from there over time, you know, one thing kind of leads to another. And oh, you we start off with the initial kind of mundane tasking on cyber workforce, and then that led me to work closely with Jeff Moss and wound up getting because we we put him on the advisory board that helped us do it. That got me super involved in DEF CON. And after Hillary won, or after Hillary lost, sorry, after Trump won, I called up Jeff because the year before DEF CON had gotten all this coverage because they hacked into cars for their first time. And so this was 2017, right after the 2016 election. And I I remember vividly, I'm on the phone with Jeff in at San Francisco Airport. So I'm going through SFO security and talking to him because there's always a line, even if you have clear. And uh so I'm on the phone and I'm like, hey, you know all that with all the press you guys got around hacking cars last year, I'm like, you know what would be really fucking cool that I bet you would just, you know, blow the doors off with all the attention it would get is what if we hacked voting machines this year at DEF CON and Jeff was like, huh, hold on. He goes on eBay, he looks up voting machines, buys a pallet of voting machines. And by the way, that making model was currently in use at the time. I I forget if that one's still in use now, but it was at the time in hundreds of jurisdictions across the country. And like he goes, That's a good fucking idea. Let me call you back. So he hangs up, I go, I fly, I have no idea what's gonna happen. He calls Matt Blaze and Hari Hursty and says, Hey, I know we've been talking about doing something like this for a long time. You know, now seems the time to do it. And so that's how the voting village started. Because I, of course, don't know what the hell I'm doing. And Hari and Matt, you know, know all this stuff better than probably any two humans on the planet. So anyway, that's how we wound up doing the voting village. And then from there, helped Biden on the campaign and then got made, what the hell was I? I was senior counselor to the secretary for the first couple years. Um, again, oddly enough, I mean, hopefully we'll get a chance to talk about this at some point. I got assigned to work on fentanyl, which again, I couldn't spell fentanyl. They were like, hey, you know, you're gonna be the point person in the front office on this. And I'm like, I literally, I'm like, I don't really care about drug policy. I don't know anything about fentanyl. And they're like, well, too bad. There's only so many people up here, and you're it. So literally the first six months I worked on it, every time I typed the word fentanyl, a little squiggly line, red squiggly line would come under it because I like literally could not spell the word the first six months I was I was working on it. And then uh, you know, again, hopefully we can go into this later, but I got that. Uh, me and a bunch of other people got that counterfentanol effort stood up, and then I got detailed up to the White House to be the principal deputy national cyber director. And there I was, I was asked the reason that Kemba Walden, who was the director at the time, and then Rob Kanaki, who was the uh basically the the deputy, the principal deputy at the time, recruited me was because they had just finished finished the national cyber strategy and they wanted somebody that a knuckle dragger like me to come in and and uh harass everybody who's to implement it. And so I I was useless when it came to to actual technical policy, but when it came to berating people and making them fulfill their what they were assigned to do in the strategy, that I turns out I was actually okay at, I guess. And so that's what I did there. And then and then finally we started working on water security a lot at the end, and then I'll wrap up here, it's probably too long of an answer, kind of to come full circle. Uh and I, Moss, and I are sitting at a at a restaurant bar in Berlin on the margins of the Munich Security Conference back in 204, 20. And Jeff's like, hey, when you leave, you know, it would be great to have you come back to DEF CON and do something like you did with the voting village. Like, because we used to put out these annual reports on the policy findings that using the technical findings that came out of the village, we would then uh do this assessment of, okay, what's the policy implications of those findings? Jeff was like, we should do something like that for all of DEF CON. And I was like, that's a great idea. And as you have very unique information that comes out of DEF CON. A lot of people hold their best and brightest findings so they can release it at their DEF CON talk and so on, not to mention what happens in the villages. And uh, and I said, you know, we should also do something like we tried to do in the voting village where we asked for volunteers to help local election offices improve their security. But in this case, maybe we should do the same thing, but for water, because of Vol Typhoon, we know the Chinese are pre-positioning Malburner on our water utilities, the Russians are hacking it, there's ransomware, Iranians, blah, blah, blah. And the government's not gonna step in. And so Jeff was like, okay, yeah, let's do it. And so that's how we came up with Project Franklin, um, named after Benjamin Franklin, as you'll see with the bifocals here. And the Ben Franklin here, although he's a hacker in this case, so it's purple or blue, I think, I guess, depending on how you see colors. And so then we said, great, so we're gonna use the name Benjamin Franklin or call it Franklin, and it's because we're gonna do an annual report, like Ben Franklin's Poor Richards Alman Act that he did every year, and this volunteer program to support water utilities, which is kind of part and parcel with one of the other important things Ben Franklin did, which was start the first ever volunteer fire brigade in America back in the 1700s, which we're now starting, the first ever volunteer hacker program to support water utilities.

SPEAKER_01:

Tell me what it's like going into a position, you know, at the at the national level, right? National advisory level. That that's what I'll call it, you know. I don't I don't know a better term or whatever. But, you know, going into a role in a situation at that level with having limited knowledge, you know, of the of the domain, of the expertise, right? Because, you know, I I ask because in cybersecurity specifically, we are extremely harsh with people that don't know what they're talking about, like abnormally harsh. And you know, like that's why I'm like fearing going to DEF CON and talking about my PhD, because I'm sure there's gonna be some genius in the crowd that's a lot smarter than me, that has like three PhDs, that is gonna be like, oh, your math here was wrong. And it's like, okay, well, this is going off to a right, uh, a really good start, you know, right? Like that's what that's what I fear with with going to DEF CON and presenting, which I'm gonna have to unfortunately get over in the next couple years here. But like, what is that like? How do you how do you ramp yourself up to be able to, you know, then intelligently talk to people at that level, you know, and get things done? Because, like you said, you know, at some point in your career, you were, you know, really engaged with ensuring that people got the work done that they were supposed to get done. And a part of that is also being able to tell when they're maybe even not telling the whole truth of getting something done, right? Like I encountered that recently, maybe not recently, but like pretty often within cybersecurity within different organizations, where you know, like you're the security guy, and now you have to go and convince 150 developers to do something a certain way or interact with their application a certain way or code it a certain way, patch vulnerabilities, you know, whatever it might be. And you're holding them accountable. And I'm not a dev, I am not a dev at all, you know, but I have to know it well enough to hear when someone's lying to me, right? And and and to know that they're lying to me and to know exactly where they're lying to me at. Like, you know, devs have devs are really smart people, and so they will they will throw so much stuff at you in different ways and see which sticks, which lie you buy, and everything else like that, and then they'll just play it out, right? Not that they're not that they're intentionally malicious, but they have 150 hours worth of work to do it in 40 hours, and so they try to weasel their way out of you know, the difference there, the 110 hours, which anyone would do, right? So how do you how do you step into something like that and and figure it out? I mean, that's really impressive.

SPEAKER_00:

I mean, I think there's a few things. Number one, by the way, you think the hacker community is bad, you should meet the immigration community. And that's what I started out in um when I first got to homelade security. Oh my God, the different sides of that debate, they all say they're experts, they all hate each other. No matter what position you take, you're wrong. In particular, if you're an outsider, everything you say is wrong, even if you're right. And what I what I didn't understand, or what took me several months to appreciate when I got there, why I I had total imposter syndrome. I mean, I graduated from Loyola and I'm surrounded by people from the Ivy League, you know, I'm from Nebraska. They're all from, you know, Manhattan or Boston or, you know, wherever, all this stuff. And what I what I realized, I don't know, six months a year into the Obama administration is I'm like, you know, these other people my age, you know, my contemporaries, early 30s, whatever at the time, I was like, God, they I don't think they're that much smarter than me per se. They just wake up in the morning at the ripe old age of 31 or 28 or whatever, thinking they should be writing immigration policy for the United States. Whereas I wake up in the morning hoping I don't get kicked out of the all the meetings I'm gonna be in today when everybody realizes I have no idea what the hell I'm talking about. And so kind of once you get over that, that that makes a big difference. Number two is I cheat. I totally cheat. I like one of the first things I did at DHS was I I got Jeff Moss appointed to the Homeland Security Advisory Board for the secretary, so I could call up Jeff and say, hey, what do you think of this? And then I went and said, set up a proposed and then got uh approved on an advisory committee just for cybersecurity, which I picked every me. I I went to some people like Jeff and a few others, and handpicked all the people for, appointed them, got them appointed, and made them kind of have me to thank for their employment to the appointment to this like foo foo, you know, presidential advisory board. And so then I could go to them with questions and say, can you please tell me what the what we should do about X, Y, and Z? Um so on. And that that persists today in my class. I teach at University of Chicago. Every week I have a speaker. And you would think it's like, oh, because the kids love it. It's like, no, because I don't know what the hell I'm talking about, but all these brilliant people I have speak to my class do. So the phonophren thing is like so important, you know, when you're in a in a space where you don't know what you're doing. And then finally I I I read everything, you know, like when I started doing fentanyl, when I started doing fentanyl, when I started working on fentanyl, I literally every read every book on cartels that I could get my hands on, every book on fentanyl I could get my hands on. Now that we do the almanac, um, I listen to probably at least 40 talks from DEF CON every year just to kind of get a sense of what everybody's talking about, what's important, what's new, what's what's old news, what's, you know, whatever. And so just, you know, the continuous learning in life, man, that God, that matters so much. And as you know, in so many ways, whether it be for mental health or other types of wellness and so on, or just keeping you excited about life and and also being able to do your job, you know. So anyway, those those are the things I I used, for better or worse.

SPEAKER_01:

How long did it take you to get over your imposter syndrome?

SPEAKER_00:

I mean, I still have it all all the time, you know. You know, I won't name names, but you know, I get invited to these things sometimes to, you know, be at a round table. I'll go I'll okay, I'll give you an example. So you know, it in Munich, so the Munich National Security Conference is like the preeminent national security conference for all the national security leaders in the world. Like, you know, literally, Zelensky speaks at it, Putin speaks at it, you know, Angela Merkel, Barack Obama, uh, you know, you know, name your big time person across she, President She has spoken at it. I mean, like, you know, the the creme de la creme of security and foreign policy across the world. I had wanted to get invited to this thing my entire professional life. I I used to offer to staff any senior person who was going to it just so I could get in and be on the margins of it, which I never got taken up on, by the way. And then when I was in the White House, I I got, you know, I was go able to go as a White House official, asked to speak at the sidecar cyber conference they have as part of it, and then attended a bunch of meetings from there. So I I get, you know, when going to this, I had total imposter syndrome, imposter syndrome still, you know, you know, at the the dinners I'd get invited to with all these highfalutin people that are, you know, there are these, there was this one I was at with, you know, the the foreign minister of ex-European country, the national security advisor of another, you know, the the army chief of some major African military organization, you know, et cetera, et cetera. And I'm just sitting there going, what the hell am I gonna say in this meeting that all these people, you know, are gonna care about? And, you know, you just you do your best, you know, and try and be authentic. And, you know, and and by the way, DEF CON has been an un an unending well of content and and information that I'm able to use in these types of meetings that nobody else has access to. But when I'm when I'm sitting there in the Munich dinner and and I'm like, well, you know, the the village, you know, our our AI village was hacking AI the last year and and really came up with the notion that we don't really even know what red teaming is when it comes to AI. And people like, huh, that's interesting. You know, and it's like, you know, I just have to survey what's what went on in DEF CON that year, and all of a sudden I'm the smartest guy in the room, even though I didn't come up with any of it. You know it uh like I said, do your best and be authentic.

SPEAKER_01:

It makes a lot of sense. You know, there's there's a book out there, and I can't remember the name of the book. I also did not read this book, but a good friend of mine, he read the book and he said that I resemble like a bit of like a connector role, you know, within I don't know, like within whatever.

SPEAKER_00:

Oh my god, I know what books you're talking about. But but it sounds I'll remember it anyway. Go ahead.

SPEAKER_01:

Yeah, it it sounds like you're you're kind of similar, right, in in some ways, where you're able to pull in the right people at the right time for the right specialty or need or whatever might be. I feel like that's I mean, people would probably like hear it and be like, oh, well, Joe's talking himself right. Like, but it's a really valuable skill set to be able to have that. And the podcast actually allows me to leverage that, you know, quite a bit, right? Where it's like, yeah, I did talk to the NVIDIA AI security expert that is like literally hacking AIs every single day. Let me go hit him up and get his thoughts on this because it's 30 seconds, I'm not gonna bother him, you know. Again, like he's one of those people where every single time I talk to him, I feel bad for speaking to him because he's literally so smart, I just feel like I'm wasting, you know, his his valuable brain energy, you know, even just speaking to him. But he always makes me feel like a lot at the White House.

SPEAKER_00:

Yeah. Especially the White House, because there's just so many incredibly smart people there. As much as we all say Washington sucks and everybody's stupid, like all administrations are dealing with these incredibly hard problems. They hire most administrations, at least the best experts they can get their hands on, et cetera. I definitely had the same experience as you were. The guy who oversaw our AI policy, um, Ben Rhodes, or not Ben Rhodes, Ben Buchanan, just brilliant guy, you know, brilliant guy. And and super nice, totally down to earth and everything. But, you know, at the same time, you're like, well, I'm not gonna go bother him for some random, you know, whatever, you know, thing I article I just read that I want to ask his opinion on because, you know, he's kind of writing AI policy for the United States right now, which, you know, in some level, that's AI policy for the world, or at least a major contributing aspect of it. So I'm gonna I'll leave him alone. But yeah, I I experience that exact same thing.

SPEAKER_01:

Yeah, it's it's important to really only you. know make that connection or reach out when at least for me right that's what I've found is that it's really important to reach out with like valuable stuff. You know, like it it has to be like, hey, there's literally nowhere else that I can go. You know, I'll I'll give you an example, right? So I'm working on my PhD with you know deploying zero trust onto communication satellites to prepare them for post quantum encryption. Because I figured I feel like that's where the future of you know cybersecurity and cyber warfare is going. And so I always like to try and get a little bit of ahead of, you know, where the market is presently to prepare myself, you know, to kind of future proof myself so to speak on the job market to some extent, you know, with that discipline. And you know, with that, I'm talking to satellite experts, people that put you know communication satellites into space because I don't know anything about satellites, like literally nothing. Even to this day I I feel like I'm pretty dumb in that area, which I'm getting my PhD in, you know, talking to quantum experts, people that have literally sent, you know, quantum messages to and from satellites from the ground, you know, to another satellite and back to the ground, right? And I've been trying to get a hold of the founder of Zero Trust. And sure enough, you know, after seven, eight months of trying, I finally found a connection that was able to to tie us together, you know, to make it actually happen. Right. But it's that it's that journey and me going to him and saying like hey there's there is literally no one else right like I Google Zero Trust and your name comes up. Like that's that is it. It's your name. You know like I go and I ask ChatGPT and grok and whoever like hey give me the zero trust experts that I can go to and literally your name is the first one in the list every single time and I say what if I can't get him the response every single time is you have to get him. So it's like you know they give me nine other experts and I say well what if I can't get number one and they're like you got to get number one like don't even bother with the other nine. You know not not to say that the other nine are not smart or intelligent or anything like that. I'm sure that they know their stuff inside and out but you know it speaks volumes when it's like hey I'm not coming to you because like I could go to anyone else. Like I'm coming to you because I can't go to anyone else you know right right yeah it's it's interesting.

SPEAKER_00:

Okay, sorry.

SPEAKER_01:

Uh I I was just gonna say like it's interesting. I feel like I I feel like because I I spent I'll give you a quick rundown you know of my background right so I got my I got my bachelor's at UIC in criminal justice with minor in economics and international relations fully intended University of Illinois Champaign Chicago University of Illinois Chicago yeah wow are you in Chicago right now?

SPEAKER_00:

Jesus I should have done this from your from your studio I'm I'm on the in the South Loop right now.

SPEAKER_01:

Anyway go ahead oh okay yeah we'll we'll definitely meet up sometime for some some food and drink sometime. Perfect but yeah you know I I got my bachelor's in that with you know the full intention of going into the federal government right I I I applied to basically every agency I told them all the same thing like hey look you know I'm I'm young I'm 22 I have I'm not married I have no kids you can throw me into the darkest hole on earth you know and I will have the time of my life because this is all I've wanted to do. This is all that I know that I wanted to do you know for a long time right and every single time I got told no and that I had to wait until I'm 30 to go into any of these agencies. And you know my rebuttal was like hey guys you do understand that by the time I'm 30, it's not going to be very tempting to go into the federal government and do that work. Like I'll probably have a family I'll probably be making three times what you're gonna pay me. Like I'll have kids like you think I want to go to I don't know Afghanistan or something when I have kids like no I want to stay out of that hemisphere of the earth you know like that sort of thing. And so like that's how I kind of like you know found my way into cybersecurity because in doing that search I had some light IT background from college and I said okay well you know this whole process with the agencies is like two years. So I can't be sitting around for two years with student loans and not paying them. Let's go into IT and just you know kind of figure it out right until until I get that thing. And uh you know the agency part never came around and so I found myself in cybersecurity and you know here I am now kind of like quadrupling down on the industry because I I love it. You know I love that I can pick hacking vehicles and I can spend my entire career hacking vehicles and not know everything in that domain. You know like that that's that's what I love. It like itches some part of my brain that's like irresistible you know I have to like dive into this rabbit hole and just keep going.

SPEAKER_00:

Yeah I know there's there's so many interesting things to your point I mean you just walk around DEF CON you know and it's like you know every year there's like a new village that you're like oh God I of course somebody's hacking that I you know I'd never even thought of that before but you know and you can kind of you know go all in on satellites or vehicles or voting machines or you know AI or whatever. It was I took my my daughter there for the well she's actually been there a bunch of times when she was younger but this year she actually asked to go and she's a teenager. I was like what you you want to go on a trip with your father to some like you know not teeny bopper concert DEF CON the most like degenerate uh cybersecurity conference on the planet. Yeah exactly but you know like she got super into a few of the things there you know like she's you know loved the lockpicking stuff she got really into the some of the cipher things and oh of course the tinfoil hat thing although I don't know how technical that is but but anyway and they're all you know there's these areas that you're like God you know you could you could spend a whole career just on this one thing you know but but uh as most people are you know you you kind of get bored of stuff after a few years and it's not like you need to leave cyber you just go into a different aspect of it.

SPEAKER_01:

Yeah yeah that that's what I've told people I I know a couple of people that are like kind of burnt out from where they are in cyber and I'm just saying I just tell them like well go pick something else within cyber like it's not it's not locked down to this one thing you know like you can go and do whatever you want to do. So I I wanted to ask you I wanted to get your opinion on the current security posture of the federal government in terms of you know where kind of where we sit in the world with capabilities. And this is why I asked that because you know you look at nation states like Russia China Iran North Korea they're very offensive right they're they're very much on the offensive side they're not shy about like even hiding that they did it. It's actually quite easy to attribute it most of the time when they did it you know the last major cyber attack that I could think of that America allegedly had their hand in was Stuxnet. And that was you know 2014 or whatever that might have been. But like even then it's pretty like it's difficult to make that attribution it's only it's only making that attribution based on like the skill sets and capabilities within the nation and whatnot. But from a cybersecurity point of view right I don't want to call myself an expert but as someone that's been in the field and is experienced and whatnot we're kind of like rolling the dice it feels like right like everyone else is kind of showing off their capabilities like China you know pen tests the electrical grid every once in a while right they're trying to get into the water systems every once in a while you know in America I'm sure that we're probably doing something similar you know over there. I mean I I don't know but in terms of showing of force and showing of capability and things like that it's kind of like a it's a slippery slope but it's also a balance. And so where do you think we're going in terms of the policy side and the actual execution of say you know a showing of of force in cyberspace because I ask it I ask it because you know I talked to a cyber warfare officer that works for you know one of the intelligence agencies and he has since completely disappeared off of the internet. Like they did a really good job of scrubbing him off of the internet after he talked to me. I'm sure he got into a lot of trouble. The episode never even went live it'll go live next August because it's like five years after after we spoke but you know I was talking to him send it to me I mean I'm I made it some earlier episodes that one though I'm I'll send it to you privately you know if you want to if you want to hear it like this week but but yeah I was talking to him and you know from what it sounded like it sounded like we have insane capability. Right I one of the questions I asked him was have you ever been handed a target package that you just like couldn't hack or you couldn't find a way to compromise you know whatever it might have been. And he said no. I said well how many have you actually done you know like how many we talking here and he said that the number was over 200 right where like he's literally handed something they say get in you have this time frame do whatever you need to to get in. And he gets in every single time he said it doesn't matter where they are it doesn't matter if they're in China doesn't matter if they're in Iran doesn't matter if they're in Russia like I'm getting in no matter what and he also said that that's like a part of a part of the training that they go through right because their training is like two and a half years long and and I'm someone that you know contemplated going into the military at one point in time. So I'm very familiar with like special forces selection and everything else like that. So it takes like two years, two and a half years to train up these special forces guys right they spend somewhere around like$20 million training up just one guy to be in this role for hopefully the next you know 10, 15 years. And for him he said that it's it's basically the same it's like the same level of difficulty but in cyberspace because every single day you are handed a new package you're handed a new task you're hacking Wi-Fi one day then you're hacking an Oracle server the next day and whatever it might be right and if you make one mistake one command one line in your code that's incorrect like you're dropped right there. Right? They they just ship you off that day you know so you know I I I say all that to try and get your thoughts on it because I'm sure that you see it from a very different angle that you know me being a little peon in the cybersecurity industry just doesn't see. But like from our point of view it's like man we have a lot of capability but if we keep on sitting around and playing you know being a sitting duck we're just gonna get hacked forever. You know?

SPEAKER_00:

Yeah I mean I I think so first off yes we have you know exquisite capability as as the IC say as well and you know our cyber warriors are you know if not the best on the planet they I mean we have some of the best on the planet. I mean our our you know teams in general are as good or better than anybody else out there. And and you know common views are that our our teams are the best. I and and I'm you know that's not to downplay our adversaries and and have too much confidence and think they they can't get access. Obviously they do all the time but you know supposedly you know we have the best cyber warrior capability on the planet. I I do think that you know you are seeing a shift right now and it's it'll be it'll be interesting to see how this plays out. You know in in Biden for example you know Jen Easterly was all about shields up you know defense, defense defense. And that was probably the most well known cyber branding you know effort that came out of of the last four years. Now the Trump administration doesn't really seem to care much about any of that stuff. But they're very into active defense, meaning, you know, we'll we're gonna go hack you to stop you from hacking us. Which you know it's not like that wasn't happening beforehand. I mean of course it was I think they're just putting a bigger emphasis on it. And obviously they've de-emphasized CISA you know what being more outspoken about it, I don't know exactly what that gets us, except in the case of like Stuxnet, where we had a very real political outcome we were seeking, which was the Iranians to stop or pause their nuclear program so we could get under the table to negotiate with us for the Iran Nuke deal. And in that case, you know, it was in our interest to get found out. And because we wanted them to know that no matter what they did, they could bury their centrifuges and concrete vaults in the middle of the desert and with no internet connections, you know, for you know anywhere near them, like true definition of air gapped and we'd still get in and get in repeatedly even when they took everything out and bought all new equipment and restarted again and then we were right back in. And so letting them know being being let letting that get out and us able to flex our muscle muscles and show we're 10 feet tall was important because there was a political end to it. I think that Russia and China, Iran, North Korea are doing a similar thing where they're trying to flex their muscle and and show that you know there are forces to be reckoned with. I think most of our nation state competitors view us as 10 feet tall and know we're a force to be reckoned with the kind of chest thumping unless there's a specific purpose for it like there was to get the Iranians to the table for the Iran nuke deal nuke deal it's it's not always useful at the end of the day. But like there are times when of course it it is useful like in the Iran case and and to your point it you know for places like Iran for North Korea for example I think it'd it'd probably be in our interest to show that we can shut down their their nuclear program and everything else with cyber if we wanted to presuming we can do that. I'm not I'm not saying we can I have I haven't gotten a brief a classified briefing on it or anything but something like that could make sense but you know it the other thing we have to like weigh all this stuff with and not to get esoteric and like high in the sky polyin of bullshit but like we're America and I'm putting aside things that are going on now and however people feel about what's what's going on you know over the last 11 months or so, you know, if we want the world to to behave in a way that we want them to behave around ideals, around democracy, human rights, you know, basic freedoms, stuff like that, we kind of have to walk the walk and talk the talk. And if we act like just another, you know, nation state thug walking around with a slightly bigger club than everybody else and we're just going to beat everybody into submission. I don't know if that's like elevating, you know, you know the view of the world about these ideals we're shooting for. And by the way, as Jeff Moss says all the time, you know, so much of what we're doing is about a fight for the undecided, you know, the the not the authoritarians and not the very entrenched, you know, humanitarian democracies in the world, but everybody kind of in the middle, like the turkeys of the world and others like that, you know, what are we doing to make them feel like our world is a better world to be a part of than the other guys? You know, we kind of have to it's a pain in the ass. It's harder than it is being an authoritarian, you know, shipbag. But at the end of the day, I mean if if FDR and Churchill were right and I think they were, you know, kind of asking nations to think about this in a bigger way and be a part of a united global community that seeks peace and so on is is way more in our favor than, you know, just being the toughest kid on the block. Sorry that's way probably more than he wanted but anyway.

SPEAKER_01:

No it's uh it's interesting to get you know your side of it right because it my point of view isn't always going to be like a 100% correct you know representation of of my opinion and what it is in the in the world at different levels, right? So like it's always valuable to hear everyone's opinion in my opinion, right? So with Stuxnet, you were you were mentioning that it was a bit more advantageous for us to actually like kind of show that force right which is interesting to me because I I read the Kim Zeter book Zero Day on Stuxnet, right? So she kind of talks about the timeline of the evolution of Stuxnet to some degree where you know in the very beginning it was extremely you know built upon being stealthy not being able to detect it you know being present even though they rebuilt those uh centrifuges and the entire facility they ripped every wire out of the walls and everything and it was still present which just still blows my mind to to this day that that you know is a thing, right? Makes me a little bit more paranoid too. But at some point in time after actually doing it for a couple of years and not being detected that she she rec or not that she recognized it but the Symantec researcher recognized that there was a shift in the code where it was a little bit more noisy that it was actually like trying to actively get out of the network and you know relay different data. So you know I I guess my question then is you know is that because in the book and obviously you didn't write the book or anything like that but in the book they mention at some point in time Israel probably got involved and Israel's a little bit more offensive right they're a little bit more like out there, you know? And so when they got involved they were a little bit more aggressive and they started to want you know the data to come back right and it kind of left out America being a part of that decision almost that decision tree to some extent. So it's interesting to hear you say that it was also a part like in our national interest which it makes sense. It makes sense that that was a part of the national interest for you know that sort of thing to become more visible I guess right but it's always been painted in a way that's it's like oh well America didn't make it to be more more visible like we made it to be as stealthy as possible. Someone else you know some other partnering country are the ones that messed it up right because I guess in cybersecurity world that would be a failure right like you break the stealth part of your attack like great job you got found out you're done for us it ends right there.

SPEAKER_00:

Yeah and I think I know there's been a lot of reporting that makes that point that it was just they just got caught. But if you look at what what else was going on in the world at that moment particularly about the the Iran Nuke deal and and so on that we were the political aims of the program because again that program was not about hacking the nuclear program of Iran per se it was about President Bush wanting to prevent a third war with a Islamic country and and then later as as you know things kind of kept going and the the Obama administration was trying to bring the Iranians to the to the table you know that's when all this comes out. And so you know I I I disagree with a lot of the reporting that's been um on this that says that it was all an accident which I I know that the relationship with Israel is fraught and so on but there's real political ends to to when that that was found out and how and why and so on and so forth. Well one of the ways though that I do think we can be actually achieve what you're talking about maybe in less of a military way in a less of a military way is it with law enforcement. And if I can by the way just shamelessly plug my book here for 30 seconds and I'll go into the thing. So I just Bloomsbury didn't even talk about fentanyl yet yes no that's okay. Well I'll mention a couple cyber aspects of it right now. So Bloomsbury just published a book that I wrote called Fentanyl A Fighting the Mass Poisoning of America and the main cartel behind it. And in that you would think I mean as I said at the beginning of the program, you know I had no interest in working on fentanyl I didn't know what fentanyl I didn't know anything about fentanyl. I'm not a drug policy person. It's not an issue that it's ever you know interested me or Whatever. Fentanyl, though, is is very different. Most people that take fentanyl, particularly initially, don't even know they're taking it. It's laced in something else they're taking. It's far more like a poison, a mass poisoning than it is like the new, the next crack cocaine epidemic or something. Anyway, one of the things that we go into or that I go into is what law enforcement is doing right now with in cyberspace, going after groups like, for example, the the Silk Road folks. I mean, I think that story is relatively well known. I uh use as kind of a starting point to to talk about this. So of course, that's the online drug marketplace. That's like Amazon started out for drugs, then became anything you wanted, you know, weapons, poison, you know, all kinds of bad things, all the bad things. And it turns out that, yes, the FBI was involved and so on, but also DHS was really involved, homeland security via HSI, which is actually part of ICE. They've been getting a, you know, a lot of press these days because of everything going on. But what most people don't know is that they have a significant cyber capability, which I had no idea about, despite having worked at DHS for years, until we started this effort. And they've built capabilities over the years where they have regular kind of gumshoe law enforcement folks that train on how to hack into dark web marketplaces, how to impersonate bad guys on uh in these marketplaces or in other parts of uh the dark web and so on. So, for example, the guy at HSI who was doing the Silk Road program had gotten his way in, impersonated another criminal, and was an actual administrator of the entire Silk Road for months or maybe even years before they took down the guy who ran it. And uh it that capability is somewhat nascent in law enforcement, but really could be stepped up dramatically to go after some of these criminal organizations that are out there. And what I found out when I was in the White House working on the national cyber strategy was that when you talk about transnational criminal organizations and cyber, everybody's just talking about ransomware. And what we don't do enough of is go after the big criminal organizations that are doing a host of other bad things in the country, like cell fentanyl, for example, and hack them, go after their finances, go after their money laundering, go after the individuals involved in the organization, impersonate bad guys and turn them against each other, which we do in law enforcement all the time in other capacities, and so on and so forth. And I do think that, you know, there where it's clear that you're dealing with bad guys. You know, the cartel is is, you know, not a good, not a good organization and and they don't do good things. There isn't like a there isn't a gray zone really. It's it's just bad. And uh we don't tout what we can do to them in cyberspace. And in fact, we don't fund a lot of the government that does have the authorities to go out and and hack the Sinaloa cartel or the Russian mob or groups like that. And and we should. And in that case, we should really flex our muscle. Every time we take down their crypto wallets, every time we identify who their brokers are and and you know, find ways to arrest those people and so on and so forth. That should be stuff that we're touting from the mountaintops to make all these criminal organizations think we're 10 feet tall. Well, no, particularly in relation to them, that we are 10 feet tall, and that we can do to them exactly what we did to the Iranians is get into their shorts in a way that they will never get us out. Now, I think there's there's been scant attention paid to that, and I think we could achieve a lot of what you're talking about if we were to do that ourselves.

SPEAKER_01:

Yeah, that's actually a really good point. I've never thought about it from like the cartel angle, but that would actually, I mean, honestly, that would, you know, prevent like boots on the ground, so to speak, maybe not so to speak, but literally, you know, Mexico and Venezuela and you know, wherever else the the cartels are. Do you think that there's hesitancy of doing that due to potential like internal threats already present to the nation? Like potentially, like if we start, let's say, I don't know, digitally attacking one of these cartels, and they already have embedded, you know, cartel enterprises within the United States, which it hasn't been, you know, that mainstream in the reporting, but there's been some light reporting on it where like they're finding you know cartel safe houses in like Montana, right? And in the mountains in California, you know, like yeah, so they definitely have a presence, but do you think they're weighing that risk where it's like, all right, if we start attacking them over there, they could start launching attacks, like real attacks, you know, physical attacks here. But I'm also thinking about the capabilities, right? So like what are their what are their their capabilities, right? So like it's not like it's not like they're going into a country like in Europe where they don't have a Second Amendment, you know, like the cartel probably understands, like, hey, there's 400 million Americans and there's like 500 million guns in America. The likelihood of having a you know a grand successful attack, at least in my head, is fairly low. Like you may get like maybe able to make some progress in terms of that, like as dark as that probably sounds to say progress with that, but like eventually there's a citizen there that would do the right thing, or there's police there that would do the right thing, right? So what's what's your thoughts on that? Because there's a lot of different angles with it, and I'm probably not seeing them all or thinking of it.

SPEAKER_00:

No, I it's it's uh and I know just because I I mean this is what I did for for several years at at DHS. It's more like this hasn't occurred to anyone because it's just not how I mean for some people like the folks I talked to who did the Silk Road case and as well as one since then to them, it occurs or it occurs to them all the time. That's who I initially talked to about it, but for the most part, it doesn't because law enforcement by and large is pretty kinetic. There's cyber divisions, but they're like I was saying before, they deal with cybercrime, not uh regular crime. The cartel is certainly the particularly the Sinaloa cartel and and CJNG, the other big one in Mexico, uh, are becoming more cyber capable. But we don't worry about blowback as much with them as we would with doing it to like the Russians or the Chinese or something. So for example, we launched this massive blitz against the cartel late in 23, where DEA rounded up a few dozen of their senior most lieutenants. Treasure the Treasury Department did sanctions against some of the Chinese chemical companies, supplying them with precursor chemicals for fentanyl. State Department did a bunch of most wanted stuff to make sure their leadership couldn't travel around the world without getting arrested. And then we at DHS stood up this massive thing where we arrested literally a few thousand foot soldiers, several thousand pounds of fentanyl, et cetera, et cetera. And with that effort and subsequent waves of it, you know, fentanyl deaths drop by almost 40%, actually 30% a year later. But the cartels know that for them to try and attack back in kind would instigate exactly what they don't want, which is an actual invasion of Mexico, like military force being used to hunt them down and so on and so forth. And they they know not to do this largely from this incident where they they kill the DEA agent in Kikikamarena.

SPEAKER_01:

Yeah.

SPEAKER_00:

And and then the kind of hellfire that got rained down on them afterwards by the U.S. government, there's now kind of an unspoken rule that they they don't go after Americans. They particularly don't go after law enforcement at all. And so I think that there is a lot more we could do. So for example, the Coast Guard. The U.S. Coast Guard is both a military organization and a law enforcement organization. One of the big things that hinders law enforcement from being able to do what NSA or Cybercom does is they don't have access to the tools. I mean, they can buy stuff, but they don't, they don't have what those guys have. But Coast Guard has the authority to work on Cybercom and NSA platforms. They also can use law enforcement authorities when they're doing it because they're also a law enforcement organization. And so they could, a lot of things need to be worked out, but they you could have a small team of Coast Guard hackers sitting on Cybercom infrastructure, targeting the cartels and and really wreaking havoc in ways that we have yet to do. And part of the reason we don't do it with CyberCom and NSA is because when we ask them about this, they always come back and say, okay, sure. What group of guys and gals do you want us to take off of hacking Russia, China, North Korea, and Iran to go do this? And we're like, well, none. And they're like, all right, then what are we talking about? And so, you know, this, this, this, this could there, there's a bunch of like bureaucratic bullshit reasons we're not doing it that could be worked out and provide much of the shock and awe that you're talking about from a cyber perspective against these guys that are killing more Americans than in Vietnam or World War II did. You know, fentanyl kills more people than in either of those wars, not to mention 9-11. And uh we just haven't done it yet. So I, you know, if you were asked me, were to ask me where I would hope to see cyber, offensive cyber go from a federal government perspective in the next in the coming years, I would say I'd love to see law enforcement really step up their cap their offensive capabilities against transnational criminal organizations, particularly the Sinaloa cartels and the Sinaloa cartel and those selling fentanyl in the US.

SPEAKER_01:

That's fascinating. I never knew that about the Coast Guard. And it's it's you know, I I I laugh when you when you say that that was their response at the at the agencies to be like, all right, well, who do you want me to take off of you know these other priorities, right? Because we use the exact same logic, you know, in in companies. It's like, oh, okay, that's great. You want me to do that? So that tool that we just spent$10 million on, who do you want me to take off of that one? Because I have five people working on it and we got two more years worth of work. You know, like that's like the easiest argument to either get more funding or have people leave you alone.

SPEAKER_00:

Yes, exactly. I know. And it was like constant, you know, we could never get around it. We'd be like eventually we at the end of the day, we were begging them, we were just like, look, for whatever you guys are doing in Latin America, if anything comes up against the car that that's cartel-related or fentanyl related, will you just send it to us? Because they would, through hacking the Chinese or the Russians or whoever, like periodically may come up upon stuff related to the cartels and fentanyl, because you know, a lot of that stuff intersects in different places. And it was like, can we please have your scraps? How about that? You know? But we can do better. You know, we uh there's there's ways to do better. HSI has really remarkable cyber capabilities. It, you know, it's sad, like with how controversial they are right now, that they actually have probably the least or the most a mission with the most public support ever, which is that they go all after online child exploitation. Yeah. So child pornography and stuff like that, which like everybody is against that. You know, no one is against. I mean, we even work with the Chinese and the Iranians and the North Koreans on, you know, child porn because everybody's against it.

SPEAKER_01:

That's like the worst of the worst.

SPEAKER_00:

It is the worst of the worst, right? And they've built up some amazing cyber capabilities because of that mission set over the years that now could be used, you know, for other things to go after the cartels and so on, and and you know, it isn't to the to the level it could be.

SPEAKER_01:

Hmm. That's uh it's interesting. Okay, do you we we went over time? I'm sorry about that. Do you have like 10 or 15 more minutes?

SPEAKER_00:

We started late because I had to piss, so it's fine.

SPEAKER_01:

Okay, so I can put half of the blame on you then. But are you good? Are you good for like another 10-15 minutes? Because I would love to dive into it. Yeah, let me just look.

SPEAKER_00:

I think so.

SPEAKER_01:

Okay, yeah. I just want to make sure I always try to like stay on time, you know, because everyone's so busy. But this is the end of my day, and my boss knows when I go live, just leave me alone. So but you're good?

SPEAKER_00:

Yeah, yeah. We can keep going another 10-15 minutes, sure.

SPEAKER_01:

Okay. So, so with fentanyl.

SPEAKER_00:

We don't have to play my beep anymore. I I'm happy to talk about it as much as you want, but I said my piece, so don't feel obligated to do that if you don't want.

SPEAKER_01:

No, I'm well genuinely curious about it. So, so with fentanyl, you know, can you talk about maybe what you found in terms of other countries' involvement with the cartels, creating the fentanyl, lacing it, getting it over the border? Like, you know, because so, you know, this is kind of the narrative that we've been told the past couple years is that China basically sends the precursor straight over to Latin America. They sent, you know, a whole bunch of scientists to and chemists. And the way that it they make it sound is that like, you know, what was the extent of it that you found in your own, you know, research with it? Like, is China's government like legitimately involved in it, or is it like a Chinese cartel that's partnering with like a Latin American cartel? Or, you know, what is what is actually going on there? Because, you know, studying criminal justice 2010 through 2014, right? Like, I I think the big drug at the time was heroin meth and this new thing called crocodile that basically ate the skin on whatever appendage you threw, you know, you injected it into your body, and and people were like still still for some reason doing it after losing an arm and everything else, right? So like those were the big things at that time. And then fentanyl kind of like just recently like came up, right? And it almost like stoked, I feel like it stoked a whole bunch of fear in people because you know, my daughter, my daughter was born and she spent some time in the NICU, and I was like, oh, what painkiller are you gonna give her? You know, because she had like a chest tube in. She's totally fine now, but she had a chest tube in, and they said fentanyl. I was like, fentanyl, like she's a newborn, and they were like, I know, I understand, it's highly calculated, it is triple checked, like she's not she's not gonna OD. Like, okay, you know. So like that was my mentality, and I was in a hospital, right? So, like, what's what did you find through your own, through your own research and findings?

SPEAKER_00:

Yeah, so I guess I'll I'll try and take these things in turn. So on the China side, we looked into this extensively to see if there was a government connection. And we could not find any evidence that it was directed by the government. Now, the one thing that we always said was like, man, if they're not directing it, fine. But if I was gonna like lead into a war with the United States, having something like this killing the demographic, that's most likely to be the folks who are gonna fight in this war, meaning, you know, young, you know, non-college educated men, uh, you know, this certainly wouldn't be a bad way to do it. So, but again, we we looked and looked and looked and had, you know, a lot spooks and everything trying to figure this out, and we could not find a connection where it was directed by the government. That being said, you know, it's China. If they wanted to shut it down, they could totally shut it down. I mean, there's lots of crime in China, but you know, when when Trump in his first term, to his credit, got Xi to agree to not allow finished fentanyl to illicitly come to the United States. I mean, it it went from a a waterfall of a constant, you know, flow of fentanyl to the US to a trickle overnight. So in theory, they could they could do the same thing with with the precursors going to Mexico. And to that end, I guess I wanted to put uh maybe an amendment on what you just said. So it's not like the precursors are flowing to Latin America. The precursors are are flowing to Mexico and almost exclusively to the Sinaloa cartel. Some of it goes to CJNG, their main rival, but almost all of it goes to the Sinaloa cartel. And there's there's a couple of reasons for this because I think you were like, well, why the hell is this happening? And it's not really being driven by the Chinese, it's being driven by market demand or in many ways the lack thereof in the US. So the Sinaloa cartel's been around in one form or another for over 100 years. They're the size of a Fortune 50 company, El Chapo, who's the famous former head of it, they thought was worth about$40 billion a year, depending on these estimates you looked at. I know he's one of the richest men in the world. And they they had a big problem though, which was that their two main commodities that they made all their money off of was weed and coke. Well, the problem for them was we've legalized weed basically in the country, even in states where it's not legal, they're not getting it from Sinaloa, they're getting it from the next door state where it is. Two, uh cocaine, which used to be super popular, like about 6.7% of the population. Um, 6.7%, I can't say those two were numbers without doing that because of my kids. Um anyway, 6.7% of the population in 1985 at the height of cocaine said they had done fentanyl in the last month. Today that number's down to 0.3%. 0.3%, not even 1% of the population has said they do cocaine the last month. So it's like if you're McDonald's and all of a sudden French fries and Big Macs are not popular anymore. Like, what the hell do you do? And there's no bailouts for you know narco tycoons. So so they they adjusted. And in the span of just 10 years, they did two things. They took over the migration trade. So you cannot cross the southwest quarter of the United States without paying off Cinelo or CJ and G. And that was considered like a dirty business for them. They never got involved, it was other other folks who were who did that. And and then two, they got involved in in these uh other uh designer drugs like meth initially and then fentanyl. And what they liked about fentanyl was that it was super addictive and super cheap. So they could cut their, and unlike meth, it wasn't a speedy drug. It was like more of like a drug that made you high. So they could cut their coke and their heroin with it and increase their profits, but heroin has never been that popular and coke was less popular, so they needed to do something else. And they this all coincided with about the time that we were weaning everybody off oxycotton and Vicodin and all the prescription opioids that, you know, that epidemic started in the 2000s, 2010s. So some industrious guy, gal, whatever, in the Cineloa cartel, presumably, figured out, like, oh, well, I could always, I could, I could make fake oxycontin pills and put fentanyl in them. Part of the reason the cartel was never in the illicit prescription drug market is they're not Pfizer. They don't have massive facilities to build or to make fake prescription drugs. But once you've got fentanyl, all you need is a pill press to make your drug look like oxycotton or tramadol or Xanax or Adderall or whatever. And now you're in business. And we had a whole operation at Homeland Security, by the way, that just sought to find the pill presses that were going from China to the cartel and confiscate those so they couldn't make fentanyl look like these other drugs. Once they got into the illicit prescription drug market, Ali barred the door. It was like, didn't matter that they were killing all these people because they were all net new customers that never would have done coke or heroin in the past. So they didn't care about all the people they were killing off. I mean they didn't care about that to begin with, but it wasn't like it was killing their customer base, their reliable customer base, like the other stuff. And it opened up this massive new market to them. And all of a sudden now it becomes, you know, one of their main lines of effort is basically poisoning Americans. Because again, almost nobody's looking for fentanyl. In fact, most people who use drugs are avoided like the plague. They have all these ways of trying to not take it. And so that that's kind of how it happened. It was really because the Cinaloa cartel needed to make up a massive nut because they lost so much money off weed and coke. Yeah. I remember when this was like laid out to me and a bunch of agents and Intel people and military folks and so on in this one conference room. Because we we all would sit there and be like, why are they doing this? They're killing off their own users. And then when this was all explained and we understood how it got them into the illicit prescription drug market with all these other users, it was like, fuck. Like this makes business sense for them. Once it makes business sense for them, man, it's so hard to stop.

SPEAKER_01:

Yeah.

SPEAKER_00:

I mean, they're basically a business enterprise. Yeah. Where we had the head of head of their Department of Justice, this guy Gertz, who basically says to us in a meeting. Like once the precursors are here in Mexico, game over. Like we just can't, you know, they can't find it fast enough. We can't stop the finished drugs from getting here, et cetera, et cetera. Which is part of the reason why I think the cyber component of this is so important. It's like so much of those deals are being done online that we had more offensive cyber capability going after the Chinese brokers, going after the chemical companies, going after the money laundering and other stuff that Cartel is doing. We could get after this way upstream from where we are now.

SPEAKER_01:

That's essentially the only way to do it without invading, right? I mean, and that's the only way to stop that operation without actually boots on the ground. You know, you disrupt it from a cyber perspective, you just infiltrate every digital avenue of their business. And you, you know, you cause so much pain for them that it's like, okay, we're either going to get our defenses up or we're going to stop doing this. And it'll be a whole lot easier for them to just stop doing it, you know?

SPEAKER_00:

Yeah. I mean, that was my my whole point then and and now with everything going on with Latin America. It's like, you know, no one will ever end criminality. No president, no party, no country. Nobody will ever end criminality. As long as humans have been have been alive, criminality has been alive. I mean, hell, it's it's alive in the animal kingdom, you know? But we could end fentanyl. And you just have to raise the pressure so much on this one thing that's killing so many people, 10 times more than any other drug, that they're like, you know what, it's just not worth it. Forget it. We'll go back to doing other bad things, just not that one. And I think, you know, we may be in a position right now that is very much the position Bush was in, where he was like, I don't want to go to war with another, yet a third country, give me other options. And they come back with a cyber option, and that was the most viable. And, you know, um, I I do think that extraordinary measures should be taken to stop fentanyl. I would not like us th to see us invade Mexico, of course. But, you know, the cyber option may be the kind of not panacea, but the broad approach that could uh, you know, infiltrate every aspect of the cartel that has yet gone unused, you know, in any real sense, in any uh ubiquitous sense as it relates to the cartel that could really, you know, degrade and disrupt their operations such that they stop. I mean, after we launched that big Blue Lotus campaign that I mentioned, where we, you know, arrested thousands of people, DA did their thing in state and treasury and blah, blah, blah a few months later, they literally uh hung decapitated bodies from main some of the main overpasses in Juarez. I think I forget which city, I think it was Juarez. And these big sheets written on and on the sheet said, you know, these are the bodies of the people who were overseeing fentanyl distribution in the United States. Like anybody else who starts this has the same fate coming towards them. Now, a lot of my law enforcement guys are like, yeah, yeah, they use they use our attacks as ways to go take out their rivals all the time. But the point is, what they don't normally do is come out and say, hey, you know, the gringos came after us and we're so concerned about this that we're gonna do this Mia Culpa, even if it does wind up being somewhat of a bullshit Mia Culpa, like that does not does not happen. I mean, we've had an impact on them. I'm I'm sure with the current administration who's who's picked up a lot of where we left off and has done in a lot much more in in many respects, is getting similar responses. You know, I think that turning up the heat on one specific thing they do is the way to get them to stop doing it.

SPEAKER_01:

Yeah, it's interesting. So I have I have one final question before we we end the super long podcast. But, you know, during your time in the government, the Edward Snowden leaks like came out and you know, he fled to several different countries, ended up in Russia. You know, at that time, I was actually really actively trying to go into the federal government. And so I had different, I don't want to call them sources, but I had good friends that were in different positions within the government that were saying that essentially the only way that he was allowed to stay, you know, in China for the couple weeks that he did was that he basically sold them, you know, everything that he knew, like lists of you know operatives in the country and everything else, right? And then he would go on to another place, do the same thing, end up in Russia, and for some reason Russia still still has him there, right? Is that is there is there any truth to that to your knowledge? Because I ask, because that is something that has never really been told or mentioned. And the movie, it's weird, right? The movie, the book, everything like that paints him as being someone that couldn't report something within the government because no one would listen to him, and so he like took it upon himself as some righteous warrior to go and flee the country and you know, tell everyone about this thing. But still, like there's there's approved methods of reporting things, and if you weren't comfortable with it, you didn't have to work on it. And you know, like there's literal councils where you report something that you don't believe in, it gets thoroughly reviewed, and sometimes it gets shut down, and sometimes approval comes through to keep it going because of the value that it provides, right? And that is something that working with the federal government that you just have to live with. Like that's that's literally something that they that they drill into you in the interview process. I've experienced it myself, is like, like, hey, it's not up to you to make this decision, it's up to someone else to make that decision. You're supposed to live with it. If you can't live with it, you could work at a different office, you could ch switch agencies, you could do all these other things, you know, like all that stuff. Like they give you all of those resources. So is there any truth to him selling, you know, basically maybe not secrets necessarily, but like people who we had in the country that, you know, for instance, China may have not known that we had in the country in a certain capacity and whatnot. Do you know anything about that? Don't say anything classified.

SPEAKER_00:

So I wouldn't. So I mean, look, I'd I'd have I'd ascribe somewhat more credence to the claim that he was doing this all, you know, with positive intent throughout. I think at the beginning he probably started with positive intent. But the idea that he was doing it, I would have a lot more sympathy for that, for the idea that it was positive throughout if he was like hiding out at the Vatican or something and getting political asylum there, as opposed to Russia, you know?

SPEAKER_01:

Yeah, or he went to Europe, you know, like it's like okay, you're you're not trying to do something you're not necessarily supposed to do, you know?

SPEAKER_00:

Yeah, I I think that the the theory that I have heard from very reliable people that I subscribe to, what I and I believe is in the press, may not in the movie, I don't think, but in the press, is that he started out thinking he was doing the right thing. He thought that there was this grave injustice that was happening, blah blah. You know, rightly or wrongly, people have their own opinions on it, whatever. And he was like, I'm gonna be a whistleblower. And at some point in the you know, what can be a noble thing, being a whistleblower if the government's wrong is is a good thing to be, you know. I mean, thank God for you know, the thousands of whistleblowers throughout history that have stopped governments from doing bad things. But at some point in the process of he went from whistleblower to asset that was being ran by, we believe the Russians. Maybe, you know, there was a Chinese component to it, particularly in as you're referring to when he had the the time that he spent, I believe, in Hong Kong before he before he made his way to Russia. And however it started, where it wound up was he was essentially selling secrets to, at the very least, the Russians, probably the Chinese, because he had to go through China to get there. I I don't know of anybody else he may have sold them to, but at least those two countries are kind of what I believe common knowledge is and kind of the national security establishment.

SPEAKER_01:

Yeah, it's so crazy, you know, because like that part is never talked about. And I I just I remember being in one of my classes, and you know, the professor like sparks a debate about the you know legality of Edward Snowden and you know what he's doing. And I and you know, I I like had the class in an uproar pretty quickly because you know, I was the only one in the class where it was like, yeah, what he did was wrong. Like straight up, full blown, it was just wrong, plain and simple. And like people were just like going off on me. And you know, the professor is a lawyer for the SEC, you know, and she's like the only one that basically wasn't attacking me, you know. Because it's like this guy made it to China and then left China. So that that implies that he had a deal previously set up with another entity to get him to China and then through China because China would never, ever let him leave China as soon as he gets there and they find out what he has and what he knows, what he did. Never would they let him leave. That would be the biggest intelligence failure in the history of the world if China were to ever let him leave under any other pretense. And then he magically finds his way to Russia and Russia welcomes it him in. Like, it's like, come on, guys, like there's obviously something we're not being told here. Like, we're not gonna know everything in the government, you know. So that was my whole, you know, kind of experience with it. And also he decided to get caught while I was on the plane to Germany, and like the the fact that like you know, we were spying on German Germany at the time was released while I was on the plane, and I get into customs and they like wanted to hold me there for two hours. Like it was crazy because they thought like I was gonna do something. I'm like, guys, I'm literally in college. Like, go check my transcripts.

SPEAKER_00:

Yeah, oh, I can tell you, like now when I go to Russia or China, I mean I haven't been to Russia in years, as you can imagine. But even the last time I was there in the early days of Obama, when supposedly we were resetting, you know, the relationship and everything. I mean, I was followed everywhere. I mean, there were like, you know, they as you can imagine, you know, they they were all over all my devices and and everything else. And in China, God, when we did the first DEF CON China, um, I remember Jeff and I sitting there, a few other people laughing because the surveillance was so ridiculous that like there'd be guys like in the bushes, but the bushes barely went up to their waist, and they'd be sitting there with these huge cameras taking pictures of us and recording what we're saying, and we're all just like I mean, we're right here. I mean, you can just go sit at the next table. I mean, it's no different than what you're basically doing right now. You know, the surveillance was just so oppressive.

SPEAKER_01:

It's like just give me your recorder, I'll put it in my pocket.

SPEAKER_00:

Yeah, right, exactly, exactly. But you know, I mean, to your point, I remember. I mean, I was I was somewhat of a I wasn't somewhat, I was very much a novice, you know, national security person at the time. And I remember saying to this kind of taking the conversation full circle, saying to to Jane Lute, the the woman who brought me into cyber former deputy secretary of DHS, I was like, Jane, I don't understand what's going on. Why haven't we just killed this guy? Don't I mean, shouldn't his car just driven off a bridge or something at this point? Like, why is this even and she's like, Because we're America, that's why. Like, and he's a U.S. citizen. Like, we just don't do that stuff, you know. You know, whereas you look cross-eyed at Putin and all of a sudden there's arsenic in your coffee, you know, we you know, even if you live in Peru. Not to mention London, where they actually did that.

SPEAKER_01:

Um decide to run against them in a political election.

SPEAKER_00:

Yeah, right, exactly. And look, don't get me wrong, we do bad things, and we've done a lot of bad things over the years. You know, uh because we actually do care about human rights and freedom and rule of law and so on, you know, that guy's able to still be alive in Russia today and every once in a while pop up and you know, do a PSA for the Kremlin on how bad America is.

SPEAKER_02:

So you know.

SPEAKER_00:

I'll tell you one thing. If he was Russia Chinese, he would have been disappeared. He would not be with us. He would not be with us today.

SPEAKER_01:

He'd he'd definitely be disappeared. Yes. Well, you know, Jake, it it's been a fantastic conversation. Absolutely fascinating. I feel like I could talk to you for another two hours. So we're 100%, you know, gonna go grab lunch or drink sometime and you know, definitely talk talk a bit more. I'm sure I'll have you back on the podcast as well.

SPEAKER_00:

Well, I I'd love to do it. It's been great talking to you too. It's funny my staffer was like, oh, you got make sure you prep for this. I'm like, this is about DEF CON stuff. I can talk to about this forever. It's like the thing I like talking about, you know? So hopefully I didn't ramble on too much and definitely look forward to getting a drink here in Chicago someday and and hopefully at DEF CON this summer.

SPEAKER_01:

Yeah, yeah, absolutely. Well, we'll definitely be in touch. But before I let you go, how about you tell my audience, you know, where they could find you if they wanted to connect with you and where they could find your book? Great.

SPEAKER_00:

You can find me on LinkedIn. That's my my main area that I am, just my name, Jake Bronn. And you can get my book on Amazon, Barnes and Noble, et cetera. It's called Fentanol, the Mass Poisoning of Cart of Fentanol, the Mass Poisoning of America and the cartel behind it.

SPEAKER_01:

Awesome. Thanks. Yeah, yeah, definitely. Well, thanks, everyone. I hope you enjoyed this episode.

Head Shot

Joe South

Host