Issue link: http://tcnj.uberflip.com/i/1126054
25 SPRING 2019 data for financial fraud, extortion, and even physical violence. So those of us in the Department of Justice learned how to infiltrate online groups, conduct online undercover investigations, gather electronic evidence, walk into courtrooms, and present that evidence to judges and juries to convict individuals of crime on proof beyond a reasonable doubt. And what we found is that the proof was in these. [Picks up his smartphone from the desk.] What is this? Looks like an iPhone. It's a witness. It's the best witness out there. Why? Because it has a long, perfect memory. It is constantly with its companion, and it has no bias. It tells you exactly what it knows. It can provide irrefutable evidence of what happened. I've also conducted searches into hundreds of people's social media and email accounts. So, by the time we actually engage with a suspect of a cybercrime, we know everything about them. We've hacked them — with court approval, with search warrants. That's one of the most satisfying aspects of my time in the Justice Department: We were chasing criminals who were using technology to hurt people, and we had turned the tables on them. We had hacked the hackers. A great example of you hacking the hackers was the "Xbox Underground" case that came to light in 2014. It started with a group of teenagers who'd try to hack the new version of the Xbox before it came out — then one thing led to another, and they ended up commiing a lot of serious crimes. Yeah, they did a lot. They hacked the Army. They actually had so much information, they were able to pull off a physical burglary of a secure building on the Redmond campus of Microsoft, where they stole a prototype Xbox One. These were young kids, in their teens and 20s who loved technology. And they found a digital candy store — they were able to move freely through some of the largest companies in the world, and they were fascinated by what they were finding and invigorated by it, seeing what else they could do. They were in multiple countries, had never met in real life, didn't even know each other's names. They engaged in a crime spree that just went on and on and on. What they did not know is that we had hacked them, and we were watching them. Then, as they came into custody, we would show them what we knew, and they all just would plead guilty. But one of the things I made them do was talk to the companies about what they had done and how they had done it, so the companies could improve their security. Is it fair to say that the security of a company can sometimes come down to the strength of the password of an individual employee? Oh, the security of any organization depends on every individual user. Each human being is what we call a potential attack vector, and the organization can be compromised through that Cybersecurity lawyer Ed McAndrew