The dark secrets of a jailed cyber-criminal | Global News Podcast

Welcome to the Global News podcast on YouTube where we go behind the headlines to find out about a major story and why it matters. I'm Janette Jalil and joining me today is our cyber correspondent Joe Tidy. And Joe, you've managed to speak exclusively to a kingpin in the world of cyber crime. Tell us more about that. >> Yeah, it's no exaggeration to say that Tank, as he was known, real name, uh, Vashlav Pentikov, was one of the top dogs of Russian speaking cyber crime. and he had this fascinating career of being at the top of a group called the Jabazus crew in the late 2000s. Um, >> and can you just explain that name for us? >> Yeah, sure. So, um, the the the malware that they were using was called Zeus >> after the Greek god. >> Exactly. And it was part of this uh this this this um group of banking trojans. So, what that does is very sophisticated at the time. They find a way to hack your computer. They were going after medium and and smallsized businesses. And then when you do your banking, business banking, instead of you sending money to the bank, you're sending money to them and they can come in, they can take that money. So the the Jaba bit of the Jabus uh crew name comes from the fact that they managed to uh adapt that Zeus malware to give them a message on the on a platform called Jaba messaging service. So whenever they got into a victim's um account, they would have a little ding that comes up on their their computer saying we've we've got one. Um, and the other thing about uh Tank is that he had this sort of years off once he'd done the Jabazoo crew and they were all arrested. He wasn't. He managed to get away get away from police. Then he went into um he started a business selling coal. Tried to go straight. But then he claims he was being shaken down by the authorities. So he got back into cyber crime and that's when he got into the kind of stuff that we see today. Ransomware, one of the biggest problems in cyber security right now. But just tell us how he started because he started pretty small, didn't he? >> Yeah, he he started as a teenager which is is shocking to some people but actually you know that is that is where all hackers start and normally there's this kind of pathway that we have seen uh and I've done lots of uh stories on on sort of English- speakaking cyber criminals where they get into gaming. So, you know, a teenage boy normally obsessed with games and they start learning how to cheat in that game to beat their friends and then they move from breaking games and hacking games into hacking other things to try and get money and power and infamy and then onto sometimes serious cyber crime which is what happened to um Penukov. But I just found that absolutely fascinating when I talked to him because there is this sort of parallel between he's Ukrainian, Russian speaking Ukrainian. uh he went down the exact same path that we see all the time in English speaking cyber crime as well. There's this kind of like universal pathway to cyber crime it seems. And this is what he told me about how he started. We set up fake websites selling fake goods then use stolen credit card details to buy those products from ourselves. The credit card companies would pay out like it was a real sale. It was a popular trick. >> Did you ever feel guilty? >> We didn't think about consequences. We wanted freedom. independence from our families. What were you buying? >> Beer, good clothes, expensive shoes, and I would show off the money at school. What teenager doesn't like to brag about? I was changing cars like changing clothes. How many did you have? >> At one point I had six. All expensive German ones. >> And not only that, Joe, but he was a DJ by night. >> Yeah, DJ Slava Rich was his uh was his DJ name. I think that was a bit of a sort of side hobby really. He was obviously doing very well in cyber crime by this stage. So he started what you heard there was a was him talking about you know his I think he was about 15 16 17 then he got into the serious stuff like the Jabazoo stuff when he was about 20 or so. Um but yeah he's had an absolutely enormous career in cyber crime which has stretched about 15 years and probably more in fact when you think about the early things he's talking about there. Um but now he is uh facing justice and he's in prison. >> But it did take a long time, didn't it, for the authorities, including the FBI, to catch him? >> Yeah, he was on the FBI most wanted list for nearly 10 years. But even before that, 5 years before that, he was part of this big operation, international operation between the UK and Russia and Ukraine and the US to try and take down the Jabazus crew. And they managed to arrest most of the the guys from that gang. They went after Slava Pentikov and um he won't admit this, he won't say that this is what happened, but a lot of people uh in the law enforcement say that he got some sort of tip off uh from the authorities when he was in Ukraine and managed to evade capture >> and this was in the early 2010s. >> This that's right. Yeah. Um, and then one of the fascinating parts of his story, he says that uh when the heat was on him the most from the Ukrainian authorities, he actually used one of those very expensive cars we just heard about to get away from police in a car chase and and evade capture. And then eventually the police sort of just lost interest and he and he and he went straight. But then, as I say, he got drawn back into cyber crime and that's when he got into ransomware and did some very serious stuff. >> And he was sounding very blas. But what he was also telling you about his time in prison was that uh he'd used it to better himself, to improve his English, to get fit, which which for his victims will be quite a bitter thing to hear. >> I think it will be. And and the other thing is, you know, he's he's he's in a low security prison. Uh we don't know when he'll be out, but it's it's an 18-year sentence, but that's two nine years sentences served concurrently. Um and he is he seems to be in good spirits, good health. Um he has got a very charming way about him. I have to be honest there. You know he didn't get to the top of the cyber crime tree uh in those two periods of cyber crime history through his technical skills. It was and he will admit this. You know I'm a friendly guy. I make friends and he's a very personable um guy. But in prison, yeah, as you say, he he's he's learning different languages, playing lots of sports. We went there and he's um he's in his uh you know prison fatigues, but he's he's in he's in good shape and he clearly spends a lot of time outside. He's still very bitter about being in prison. Uh he he knows what he did was wrong, but he doesn't seem to think it was as bad as the the US authorities would say. Um he doesn't seem to be have that much remorse really for some of the victims. And we spoke to some of them for for our story and and one of them was a sort of mom and pop shop um called Liber's Luggage in Albuquerque and they had um a float of money in their bank which they used for rent and for paying staff, that kind of thing. not a not a large amount of money, only $12,000, but the Jabazus gang and tank stole it. Um, and that set off a chain of a chain of um, you know, situations for the for the family that was extremely stressful. Um, the company survived, but um, hearing the kind of human impact of that hack really brought home to me that, you know, there's a real disconnect between people like Pentikov and other cyber criminals who don't see the victims. I don't feel the the anguish of the victims and the victims themselves who say no it's not just money this is a huge amount of stress the woman who runs um the lever's luggage she said that her mom was as a favor to the family doing the accounts at the time when the hack happened and she was an elderly lady and it was really really horrible because this poor lady blamed herself for the money going missing and then the bank got involved and it was a real horrible time um and we put that to him and he said well yes it's all on insurance I think the the feeling is that western countries and companies, they can handle it. Doesn't matter. There's no victims here. That's not true. >> And how about the fact that he he was said to have targeted a medical center in Vermont where lives were potentially put at risk. >> Yeah, that's that's that's another part of his his cyber crime history. He vehemently denies that he actually did that. He says that although he although he plead ple pleaded guilty that was to get a deal, whatever. Um he says that when when he was at that period of time I think it was 2021 he was one of the leaders of this gang called ICE ID and they had 150,000 computers around the world which they had hacked and they were taking it in turns amongst the gang to sort of separate the the computers out and find out which ones could be good for ransomware which ones could be good for fishing attacks all the different ways that cyber criminals make money. He said [snorts] that he wasn't aware that a hospital was hit and he he denies that he was involved in that. But the only only time he showed any remorse or any regret was when he said that um he learned that he and his crew had taken money from a disabled children's charity, which he said that did actually feel pretty bad. The rest of it though doesn't seem to be bothered. >> And you've also been investigating his former collaborator and friend uh Maxim Yakubets, a Russian hacker who's been sanctioned by the UK government. uh just tell us about the nature of the relationship between these two very prominent men in the world of cyber crime. >> Yeah, in a sense they're kind of they run parallel to each other because Jacobets and uh Pentikov, they were in the same gang together in the early days in the Jabazus crew. But Evil Core, which is the gang that is now allegedly uh what Yakobets is is leading, they went on to become one of the biggest and baddest crews in the history of cyber crime. And in 2019, Yakobets was sanctioned, as you say, by the US authorities along with lots of other people from the gang, accused of stealing hundreds of millions of dollars from from companies around the world through various schemes. They brought part of it was the Jabazoo stuff, but then also lots of other things with ransomware, um hacking companies, for example, allegedly like Garmin, the uh the huge technology company. Um and and the police stood up and they had a picture of Jacobets and they even stole and took some videos from his social network showing Yakobets doing donuts in a Lamborghini around Moscow. You know, the real kind of the the archetypal uh playboy Russian hacker. That is that is what the authorities accuse this individual Max Yakobets of being. Um and although they were friends in the early days, Pentikov says when the sanctions came in, not only he but other people in the cyber crime world did steer clear of Jacobets, which kind of shows that the sanctions do have an impact. >> And Joe, this investigation's taken months. You've written about it uh online. You've got a podcast series on it. Just tell us about this this investigation because I think you you have changed the way you view cyber crime because of of this. >> Yeah. Well, I've I've been following Evilcore for a long time now. Uh since the 2019 um sanctions, I actually went to Russia in 2021 to try and find and speak to Yakobets and Eagle Turv and other people accused of being part of the evil core gang. I spoke to some family members but I didn't get close enough to speak to the individuals sadly um because I wanted to find out you know what is their side of this because often we hear the we we get these naming and shaming operations by the west against uh alleged criminals in Russia we'll never speak to those individuals we we never hear their side so I genuinely wanted to hear that and we went into this podcast series in this investigation with the same attitude let's hear let's try and get as close as we can to the individuals that's why it was fantastic that we managed to get Penikov to talk It wasn't like we took took a lot of work really. We just sent him a letter and he was like, "Yeah, right. I'll talk." He didn't. Why do you think that is? >> I don't know. I think I think partly he recognizes that he has a very good story to tell and I think he wants the world to know all the crazy things he did and what he was in up to. Um, but also I think it's a little bit of boredom. I think he's I think he's a bit bored in prison. That's the impression that me and the producer got. We we we went there and it was a very quiet uh prison in the middle of nowhere. Uh, and I think he he wanted to have someone to chat to basically. Um, but yeah, the evil core uh investigation I think you know there's so much there and talking to Pentikov really made me think hang on a minute there is that and we we've already discussed this but that kind of massive disconnect between what these groups of hackers that get together in online forums think about the world and what the world thinks about them. They think that what they're doing is us versus the West. there's no victims, but you speak to the victims and it really does impact their lives. Also, that there's that kind of um mirror image as well of okay, so the pathway to cyber crime is the same. No matter what country you're into, it it's normally always this universal pathway. Um and also a couple of things he said to me made me really understand the the ecosystem as well. He talked about how, for example, I think it was 2022, someone hacked a hospital in the Russian speaking cyber crime uh communities and they were bragging about they got $20 million in in in ransom and that led to what he describes as a herd mentality. When everyone drops the idea of, oh, we don't go after hospitals, they forget that the morals and ethics go out the window because someone else has done it. Someone else has broken that taboo. And then suddenly you've got hundreds of hackers all going for hospitals as well to try and recreate that payday. It's that kind of insight that you just don't get because these people are first of all very hard to catch. Secondly, they don't want to talk. >> That was fascinating stuff, Joe. Thank you very much. And you can hear more of that interview and other major news stories on the Global News podcast. Listen wherever you normally download your podcast. And if you like this episode, please subscribe to us here on YouTube and let us know any future stories you'd like us to cover in the comment section.