Broken English and an AI Chat Window: The Perfect Hack

[00:00:03] Ever notice it's always the overconfident leader that thinks cybercrime doesn't apply to them who gets selected and hurt the most? Moving Target. Books 1 and 2, out now. Hardcover, paperback, Kindle, and audiobook. Amazon, Barnes & Noble, and independent bookstores. Book 3, coming soon. Be a Moving Target.

[00:00:43] Ever notice that the hacker in the movies always looks the same? Kid in a hoodie, basement, green code raining down on the screen? That guy doesn't exist. The man who breached 14 companies and tried to steal $4 million in cryptocurrency typed in broken English. His instructions to his own tools read like a note written on a napkin. He used phrases like,

[00:01:12] Recon This or Try Vet, even spelled wrong. That was the skill level. And in the age of AI in 2026, well, he still got in and breached 14 different companies. How? Because he had an accomplice. One that never sleeps. One that writes better flawless code in a few minutes than most professional developers can physically do in an entire day.

[00:01:42] He leveraged AI. He lied to it. He socially engineered AI itself. And in the end, it believed him. Don't miss this episode because by the end of this, you're going to know his name, his city, his home address, and exactly how he did everything.

[00:02:02] Why? Not because we doxxed him or trying to expose him. Because he handed it all over himself and never even noticed he was doing it. This is Cybercrime Junkies. And now the show.

[00:02:37] So I wanted to share the story with you because people keep talking about AI risk, but they talk about them academically. Like it's all for some LinkedIn post. But this is the true power of AI. We've said a thousand times on this show that cybercrime is organized crime. And the reason it became organized is because it's so lucrative. But more than that, it's because of its popularity.

[00:03:05] And the reason it's popular is there are so many more people that have criminal minds, that have criminal intent, than there are people with actual technical skills. What the power of AI does is bridge that gap. People with criminal intent, who don't know how to code, who frankly aren't good at their job at all, can now break into 14 different companies and try and extort $4 million.

[00:03:35] That's what this case is about because that's what happened in reality this year. This guy was an idiot, though, and made a lot of mistakes. But the next hundred people that do this will improve on his work and not make those same mistakes.

[00:03:54] Meanwhile, most small business leaders and midsize leadership, they're still acting like it's 2000 and griping about annual boring security awareness training that gives bad advice anyway. Or they don't invest in AI and roll it out properly. And they don't value the role of the CISO, the role of the consigliere in technology, which is the security leadership.

[00:04:22] I'm just trying to get through to them while they're still in business. So let's get into it. Have you ever noticed how every hacker movie has the same guy? Hoodie up, basement lit up by monitor glows, fingers moving faster than a human should be able to move, green code raining down on the screen like something out of the Matrix. That guy doesn't exist. He never really did.

[00:04:52] But we keep filming him because it's a better story than the truth. The truth? The man who breached 14 companies and tried to walk away with $4 million in stolen, extorted funds was not a genius. He was not a state-sponsored operative, was not part of any large organized crime unit. He was not sophisticated at all. He wasn't even good at his job.

[00:05:22] He typed like someone hunting for the right key, like your grandpa or some boomer that you see hunting and pecking. His grammar was terrible. His instructions to his own AI tools read like a man leaving himself a note on a napkin. Recon this. Try that. That's it. That's the level of sophistication we're talking about.

[00:05:48] And yet he still breached 14 companies. Actually breached them. He didn't do it alone. He had an accomplice. One that never sleeps, never hesitates, and writes better code in a few minutes than most professionals write in a day. He had AI.

[00:06:10] So let's get into how not only was he able to do this, but he did some things that are going to blow your mind. He actually went through and disclosed everything about himself that now is public. The true risk is what happens next when people don't do these bonehead mistakes. See, here's the part that bothers us more than the breach itself.

[00:06:37] The guy didn't have any actual hacking skills. None. Researchers who called him, it's a group called the OA Labs, they said it plainly. The prompting, the AI prompts, instructions that he gave to AI were vague. His grammar was bad. At points, they suspect he used a second, simpler AI just to help him write better instructions for the first one. Think about what that means.

[00:07:05] The skill ceiling for cybercrime just lowered. It used to take years planning skill, a computer science background sometimes, time in forums, learning from people who had already been caught. Now it takes a chat window and the willingness to lie to AI. He used a tool called Clawed, which we've talked about on the show. We use it every day.

[00:07:33] It's built by Anthropic. It is outstanding. We've built agents. We've built artifacts, web apps, you name it. And it's really, really good. It's one of the most capable commercial AI systems on the planet. It's also, Anthropic is also the creator of Mythos, which we're going to be getting into in future episodes here. Because this is like the epicenter.

[00:08:01] This is like the beginning, the infantile stages of what is coming with Mythos. That's what we hear in the story. And he got it to help him, despite his lack of skill. And he didn't get in and breach these companies, these 14 different companies through some brilliant method or this fancy exploit, this cool way of cracking the code. And he didn't even write the code himself.

[00:08:28] He got help by telling it a story. And here's the question that's got to be eating at you. If he was careful enough to fool a trained AI system for weeks, careful enough to breach 14 companies without even one of them catching him, how does somebody that careful end up fully identified with his name, location, and address?

[00:08:56] So stay with that question because we're going to get into that. Every con, every criminal act essentially works the same way. You don't break the lock. You convince the person holding the key that you're supposed to have it. That's how social engineering works. So here's what he told AI is he said he was a red teamer. He was authorized. He was legitimate. He was hired to test these companies' defenses so that he can help them patch what was broken.

[00:09:26] I mean, red teaming is real. It's the legitimate part of cybersecurity. Ethical hackers hired and authorized. They attack a company's systems on purpose to find the holes before criminal does. Its defense disguised as offense. This man weaponized that disguise without the defense. He told the AI that he was one of the good guys. And because the AI had been trained to help good guys do their jobs, it believed him.

[00:09:55] It mapped out all of the exploits. It wrote the code. It walked him through how to profit off the very companies he claimed to be protecting. It showed him how to sell the stolen data, how to run extortion, and how to execute direct theft. People who get breached are not necessarily the weakest link.

[00:10:22] The weakest link is the absence of governance. The lack of a system that checks whether the story being told is actually true. It's the adult in the room. This AI has governance. It had rules. It just didn't have a way to verify the man on the other end and whether that man was telling the truth. That's not a flaw unique to artificial intelligence.

[00:10:49] That's the oldest flaw in humankind and in cybersecurity. We've been falling for I'm supposed to be here since the first con man put on a uniform that wasn't his. This guy fooled the machine. What he hadn't done yet was fool himself into thinking it would stay quiet forever. So here's where it gets interesting because the AI didn't fall for everything, which is part of the reason why we love Claude.

[00:11:19] When asked to help him calculate the dollar value of the data that he stole to draft up an extortion strategy in the system, then started to push back. See, real red teamwork stops at finding the hole in the network, right? It doesn't actually steal the data and sell it on the dark web, right? It doesn't actually do that.

[00:11:48] Because that's not ethical. And the AI caught that. Actual red teaming doesn't put a price tag on what's behind it. And the AI recognized that shift from defense to profit and it started to refuse. And when he tried to go further, when he tried to point the tool at a specific person, at that person's family, at their private accounts, the system completely shut him down.

[00:12:18] No persona saved him. No story worked. And he tried over and over. Legitimate security testing never goes after somebody's spouse or somebody's kids. The AI knew that line existed and it held it. Now, one question that raises in my mind is this. What if he didn't use Claude? They probably had to use Claude because of its power and code. But what if he used a less ethical AI platform?

[00:12:48] He likely could have been able to find out how to target those individual people. But I'm curious what you think. Like, what do you think about that? I don't know. I don't know the answer. And I would love to hear what you have to say. Comment. Ping me. Reach out to me at cybercrimejunkies.com. I want to know what you actually think because some of the other platforms, we've talked about

[00:13:12] this in other episodes, Claude seems to be the most governed by ethics and morals. They post it right on there. They have their whole thing built on it. Others don't seem to have that. They clearly don't. Stay with us. We'll be right back.

[00:13:37] Ever notice it's always the overconfident leader that thinks cybercrime doesn't apply to them who gets selected and hurt the most? Moving Target. Books one and two, out now. Hardcover, paperback, Kindle, and audiobook. Amazon, Barnes & Noble, and independent bookstores. Book three, coming soon. Be a moving target.

[00:14:10] So what's going to happen when they catch up? There's another part that people aren't really talking about. Not the breach itself, but the actual boundary of ethics. Because if a machine that's been lied to for weeks can still recognize the one line that separates a security test from a personal attack, that tells you something about how that line was built. Not perfectly, not without some gaps, clearly, but built with good intent.

[00:14:40] That's part of the reason why we like Claude. He hit a wall going after someone else's privacy. He had no idea he himself was about to demolish his own. So here's the funny part, because I only like stories with ridiculous humor or sarcasm. Every criminal eventually makes the mistake that ends the run. We've seen it. We've interviewed over 100 different former cyber criminals here on this show.

[00:15:10] Go back, look at them on other episodes. They're great people now, especially the ones that have been redeemed and are doing good work. But they all have the same story, right? They all make the single mistakes that end the run. In the end, it works out. But so here, it wasn't just one mistake. It was three, three different mistakes.

[00:15:35] And he made every one of them himself voluntarily without anybody forcing him to do that. First, he installed his AI agent directly onto the servers he'd already broken into. Let me say that again. He installed his AI agent directly onto the servers he already broke into. Not on a private laptop. Not on anything that could stay hidden. Not behind a VPN.

[00:16:03] Directly onto the victim's machines. Which means every word he typed, every instruction, every lie, every way he tried to socially engineer AI itself, every time he tried to get it to extort and sell on the dark web, all of that, every step of his plan. This genius saved it in plain text on a server that belonged to somebody else.

[00:16:32] He treated that chat window like a diary. Like a friend who'd never repeat what he said. He forgot the oldest rule in crime and law enforcement. Anything you type to a machine has to live somewhere. The internet and technology never forgets.

[00:16:55] And if that somewhere belongs to the person you're robbing, you've just handed them the entire case against you. So Einstein did that. Second, in the middle of running an active criminal operation across 14 companies, he slowed down and paused. He asked AI to clean up his resume. His actual resume.

[00:17:25] While committing felonies, he was job hunting. And third, and this is the one that finished the job. One of his own personal servers started acting strange. He panicked, thinking somebody might be on to him. And he asked AI to check who was connecting to it. The AI listed back several different addresses. He looked at them and typed four words to confirm it.

[00:17:54] Yeah, they were my own. He just confirmed his own home internet address. In writing, inside a log file sitting on a server he didn't control. Here it is. The answer to the question from the top of this episode. Researchers pulled his resume. Full name, education history, LinkedIn profile sitting right there in plain text.

[00:18:21] Then they pulled the IP address pattern, a residential connection, active in a tight window of hours every single day. Going dark at the exact same time every night like a man who needs some sleep before work in the morning. Put it all together and there's no mystery left to solve. He's a young man living in Addis Ababa, Ethiopia.

[00:18:49] Researchers have his name, his education, his online footprint, his home address down to the city block. Not part of a city kit. Not a state actor. One man with a chat window who built the case against himself in real time and never even noticed he was doing it. So let's be clear about what this actually was. Because it's easy to laugh at the resume story and miss the point underneath it. Fourteen companies had their systems entered without permission. Data was taken.

[00:19:19] An attempt was made to extort four million dollars. That's not a prank. That's not a tech curiosity. That's a crime full stop. And it deserves to be treated like one. What makes it different from the cybercrime we've covered before isn't the intent. Criminal intent hasn't changed. What changed is the staffing model. Organized crime used to require organization.

[00:19:47] You need lots of people. A coder. A money launderer. Someone who understands the target systems. Roles. Hierarchy. Division of labor. That's what makes it organized in the first place. This man needed none of that. He needed one tool that could do the coding. The reconnaissance. And most of the planning by itself. The organization collapsed into a single operator and a chat window.

[00:20:15] That's what I find interesting here. Because that's what makes this more dangerous. Organized crime is one thing. But it is what it is. This can be millions of different cell networks. Global. And that to me is the actual headline here. Not that AI got tricked. Machines can be tricked. So can people. That's not even news. The headline is that the barrier to entry for serious cybercrime just dropped to almost

[00:20:45] nothing. This guy was a moron. And he succeeded until he stepped on himself. You just need a lie good enough to tell a machine and the patience to keep telling it. If the barrier just fell that far for this guy, ask yourself who else just walked through. Here's what gets lost in a story this strange sometimes too. 14 companies. Real employees. Real customers.

[00:21:15] Somewhere in those 14 companies is an IT person who got a call they weren't ready for. A business owner who had to explain to clients why their data might be out there now. And maybe an employee who gets blamed for a door that was never theirs to lock in the first place. That's the part that never makes the headline. The headline is amateur hacker uses AI.

[00:21:39] The headline never says somebody's name, somebody's password, somebody's trust got handed to a stranger because their employer thought a firewall was the finish line instead of the starting point. The story is funny right up until you remember there's a real company on the other end of it doing real cleanup, having a very honest, real conversation with customers who are wondering what the hell happened and if they're next.

[00:22:07] And somewhere in that list of 14, there's a business owner who still doesn't know it's happened yet. So here's a question. And it's not how do we stop AI, it's this. The exact same tool that let this man do damage is the tool that lets defenders find vulnerabilities before criminals do. Same capability, same reasoning, same code writing ability. The line between weapon and shield isn't the technology.

[00:22:36] It's the intent of the person holding it. Lock the tool down hard enough to stop every amateur with a lie and a chat window. You've also taken the most powerful diagnostic instrument away from the legitimate researchers trying to patch the holes first. Leave it open enough for legitimate researcher. And then you still leave the door open for exactly what just happened in this story.

[00:23:06] Nobody solved that yet. Not even Anthropic. Not OpenAge. Not Google. Definitely not Microsoft. Not anyone building these systems right now. And anyone telling you they have a clean answer is trying to sell you something. What we do know is this. The guardrails work some of the time. They held the line on the worst requests here. The personal ones. They failed on the rest.

[00:23:36] Because the system believed a story. It had no way to verify. That's not unique to machines. That's every business that's ever been socially engineered by a man in uniform who didn't belong there. You don't need to understand AI architecture to take something useful from this story. If you run an organization or are in leadership of any size, any industry, here's the one thing this story should change about how you operate.

[00:24:05] Starting Monday of next week. Treat every AI tool inside your company the same way you treat a new employee with full system access and no background check. You wouldn't hand a stranger root access to your servers because they showed up wearing a badge and said the right words. Don't hand that access to an AI agent without the same scrutiny.

[00:24:30] Log what it's asked to do and limit what it's allowed to touch. Have a human check the story before the access gets granted. The lock on your door was never the point. The point was always whether you checked who was asking to come in. This one didn't check carefully enough. 14 companies paid for that gap.

[00:24:58] He's in Addis Ababa right now. Name known. Address known. Undone by his own resume. Sitting in a log file he never thought anyone would read. But the next one won't make that mistake. The next one won't run the agent on a victim's server. Won't paste a real name in the chat. Won't confirm a home address to a machine that's quietly writing down everything he says. The next one is going to be smarter.

[00:25:26] And the tool will be exactly as capable or more capable as it was this time. Be a moving target. This is Cybercrime Junkies. Hey everyone. David Mauro. Creator and host of Cybercrime Junkies. And author of the new nonfiction moving target book series.

[00:25:55] If you're a leader in an organization. Curious how to roll out AI safely. Or if you have questions on your incident response plan. How to run tabletop exercises. Or looking for 24-7 eyes on glass. To protect you. And keep you growing without interruption. And I invite you to sit down with me and my team at NetGain Technologies. We've been around since 1984 before cybersecurity even existed. A simple conversation.

[00:26:23] Absolutely no pressure and no salesy fluff. And you will walk away with a great roadmap no matter what. So if improving your IT. Bolstering your security. Or rolling out AI interests you. Contact me directly today. At dmorrow at netgainit.com That's d-m-a-u-r-o at netgainit.com Find out more on our website at netgainit. That's netgainit.