WEBVTT

00:00.000 --> 00:07.160
So I'm no fan of stealing data, per se. Darknet markets are one thing. You're buyers and sellers,

00:07.560 --> 00:12.900
right? They make their own choices. It's consensual, basically, between both parties,

00:13.360 --> 00:19.060
in that particular case. But taking someone's personal information without their permission,

00:19.360 --> 00:25.500
definitely in my opinion, crosses a line, as does basically any crime with an actual victim.

00:25.500 --> 00:31.460
Now, that said, I respect the intellect that it actually takes to be a threat actor,

00:31.720 --> 00:37.860
because it takes a lot. And I would say that Intel Broker had it in spades. Over the years,

00:38.140 --> 00:43.780
I knew him. And I like to think I knew him fairly well. He was always honorable,

00:44.200 --> 00:48.760
straightforward, and generous for this time for anyone that needed help or had questions.

00:49.260 --> 00:54.820
Even threat actors can have honor. And his story is one that I feel deserves to be told,

00:54.820 --> 00:57.980
unfortunately, we won't have time to actually do that here.

00:58.340 --> 01:07.060
Now, on June 9th of 2025, I received a fairly expected message through one of my privacy-centric

01:07.780 --> 01:12.920
communication channels that I actually have. A mutual friend had facilitated the actual

01:12.920 --> 01:18.160
contact. And the message was really straightforward and simple. It just said,

01:18.160 --> 01:27.340
Hi, Sam, it's me, IB. Now, even though I expected it, I needed to actually verify it was actually him.

01:27.760 --> 01:32.660
We always kind of default to the don't trust verify model that I always say.

01:32.880 --> 01:38.580
He didn't have access to PGP, but we had something else. We had shared memories and

01:38.580 --> 01:43.860
shared secrets. I asked him some questions that I knew only he would have the answers to

01:43.860 --> 01:51.560
and he aced them. Then I asked him to delete the answers to maintain security, which would help out

01:51.560 --> 01:56.100
if the phone hadn't been compromised and say the guards found it afterwards.

01:56.580 --> 02:01.000
This whole conversation took place with him sitting in a prison cell. But anyways,

02:01.120 --> 02:06.080
I had him delete the answers to maintain that. So if the phone got taken or whatever,

02:06.360 --> 02:10.640
they wouldn't have those shared secrets, which he did without argument.

02:10.640 --> 02:16.680
And Intel broker told me that he was okay, but that he had been planning a trip up north and

02:16.680 --> 02:21.720
accidentally crossed into Finland, where he got checked at the border, which makes sense and

02:21.720 --> 02:27.940
arrested. And this is a man who breached your poll, right? He owned breach forms for a short

02:27.940 --> 02:33.240
period of time and penetrated Fortune 500 companies like they were basically running

02:33.240 --> 02:39.960
on Wordpress with default settings. He was messaging me from a German prison cell at

02:42.200 --> 03:03.540
the time. Okay, so this is the cell. There's my cell next to it. Here's the door. Here's the window.

03:04.060 --> 03:11.500
So I take you back to December 16th of 2024, when I actually sat down with Intel broker

03:11.500 --> 03:17.860
for what would become unbeknownst to him and me, his final interview as a free man.

03:18.580 --> 03:25.560
We'd been talking for years after he actually reached out as a fan of this channel that you're

03:25.560 --> 03:31.300
watching, which blew my mind. The hands down, I have so many of you out there that are like,

03:31.780 --> 03:35.220
I would say like infinitely more qualified and interesting than I am. But

03:35.220 --> 03:43.080
it's just crazy how awesome the subscribers are on this channel. Anyways, here's this guy who

03:43.080 --> 03:51.140
compromises like major corporations. He kicks governments to the teeth. He's pounding on

03:51.140 --> 03:59.260
Ellie on a regular basis and for fun in a lot of cases. And in his side time, he's watching my

03:59.260 --> 04:08.000
YouTube videos, which is awesome. The interview actually revealed some brilliance, but definitely

04:08.000 --> 04:13.300
also revealed him actually burning out. And he said that in the interview, if you want to go back

04:13.300 --> 04:18.620
and see it, you'll see what I'm talking about. I asked him why he got into hacking. He didn't

04:18.620 --> 04:24.140
give me some massive manifesto about fighting the system and fighting the man. He just

04:24.140 --> 04:31.560
basically said it was for money, for living expenses and rent, for keeping a roof over his head.

04:31.780 --> 04:37.200
And I think a lot of us can definitely vibe with that statement because I think a lot of people

04:37.200 --> 04:43.120
are in that position right now. And that's just the reality that most people, I think,

04:43.160 --> 04:49.640
don't really understand about people like him. They're incredibly brilliant. Many are down to

04:49.640 --> 04:58.240
earth. And this is what they can do. So it's what they do. He credited his abilities to Asperger's,

04:58.520 --> 05:05.660
saying it gave him the focus and pattern recognition needed for work. Whether true or not,

05:05.960 --> 05:09.440
I don't really know. He was already talking about wanting to get out when he was mentioning

05:09.440 --> 05:16.000
stuff like legitimate work, like red teaming or bug hunting and starting a family. The burnout

05:16.000 --> 05:23.980
basically was real and eating at him. As someone who broke the law and created businesses from a

05:23.980 --> 05:31.380
scratch, I can say that doing it legally now from my standpoint is much easier. Like you pay

05:31.380 --> 05:36.540
less than taxes, which I know sounds insane, but really, it's true in the long run. When the

05:36.540 --> 05:42.380
feds bust you, they take everything. You're keeping anything. Plus, you have restitution

05:42.380 --> 05:45.860
and then you have to work for 12 cents an hour while you're incarcerated

05:46.620 --> 05:53.660
or you go to solitary. So there's that. Anyways, we fast forward to the actual arrest,

05:54.020 --> 06:00.000
right? February 22nd, 2025. And French authorities working with the FBI arrested

06:00.000 --> 06:05.400
Intel broker at, or that's like the public story that we're getting fed anyways by them.

06:05.600 --> 06:11.140
I personally don't know how much truth there is to that. I tend to have a healthy distrust

06:11.140 --> 06:18.600
for federal forces in general. I don't want to say I don't think it's true, but based on what I heard

06:18.600 --> 06:25.180
from him, there's a chance that it might be. Like the feds lie even in France, right? So Intel

06:25.180 --> 06:32.580
broker had been living in Russia for years, a really kind of classic move for cyber-crimerosis.

06:32.760 --> 06:36.780
Since Russia doesn't really extradite to the United States and generally we use you alone

06:36.780 --> 06:41.040
if you don't target Russian interests, including to be a Serbia national,

06:41.800 --> 06:49.120
which added another layer to the judicial complexity. I should say since Serbia really

06:49.120 --> 06:56.560
isn't eager to ship people to American federal prisons for crimes. So from this relatively

06:56.560 --> 07:01.840
safe position, he essentially orchestrated some of the most significant breaches

07:02.560 --> 07:07.380
that I've actually witnessed. I don't want to say in real time, but I've seen disclosed in real time.

07:07.940 --> 07:14.160
Now I don't mean like size-wise. I mean like inconsistency because it was right on a regular

07:14.160 --> 07:19.720
basis and with kind of hardened targets. So he ended up crossing the border in Finland.

07:20.240 --> 07:27.480
And from how we phrased it, it seemed accidental. It didn't seem intentional. So Finland had

07:27.480 --> 07:34.160
basically closed all its borders with Russia in December of 2023. That was because they were claiming

07:34.160 --> 07:43.700
that Moscow was basically weaponizing migration. The entire 1340 kilometer border is now one of

07:43.700 --> 07:48.860
the most monitored front lines in Europe with stuff like thermal cameras and sensors and

07:48.860 --> 07:55.100
arm guards and all that kind of stuff. And Intel broker basically tried to cross it, which

07:55.660 --> 08:05.540
makes absolute sense if you know who he is. He's gonna try to break in. And his prison messages

08:05.540 --> 08:14.960
that he sent basically gives clues about why someone operationally careful most of the time,

08:15.060 --> 08:21.360
because we don't actually know how we got busted, the price something stupid. It's always

08:21.360 --> 08:25.560
something stupid. I just hope it's not something like it's obvious, like

08:26.760 --> 08:33.840
ridiculously obvious. Anyways, I digress. Like he had mentioned stuff like mental health issues and

08:33.840 --> 08:40.680
needing to stay in Germany for medical reasons. He cited stress and anxiety. And that makes sense

08:40.680 --> 08:45.280
given what he's going through. It was the first time he's been incarcerated. And everyone has

08:45.280 --> 08:52.580
those feelings. I published our actual interview on April 15th of 2025. By then he had already

08:52.580 --> 08:59.640
been in custody for like two months or something. According to, if we listen to them, nobody in the

08:59.640 --> 09:06.700
scene, just sever crime scene, actually knew. And that's myself included. I released it

09:06.700 --> 09:10.980
when breach forms went dark, because it was a great time to release it, right? Like it was

09:10.980 --> 09:17.200
advantageous to release it at that point. And I called it a shutdown, not a seizure, because

09:18.040 --> 09:25.200
there was really no federal banner and the feds love to flag their victories. Like,

09:25.340 --> 09:29.180
that's kind of their thing. So the forms went absolutely crazy with speculation,

09:29.660 --> 09:33.980
of course, telegram where no threat actor should be as a bunch of threat actors.

09:33.980 --> 09:43.680
But people analyzed his last post and everything basically kind of looking for clues. And from

09:43.680 --> 09:51.680
my perspective, it was kind of simple, like he just clearly said in the interview that he was

09:51.680 --> 09:58.980
tired and basically wanted to retire. And that's what I took it as, right? Like that interview

09:58.980 --> 10:07.760
was recorded in December of 2024. So he, at that point, probably was already starting to retire.

10:08.220 --> 10:14.840
And that's why he chilled out on posting. He really didn't post much from that point on, on

10:14.840 --> 10:19.440
breach forms. At that point, he did kind of retire and he stepped back and then

10:20.100 --> 10:26.180
breach forms basically took itself down. And then they tried saying that they, well,

10:26.180 --> 10:33.380
we took it down because there was a zero day and might have made the form vulnerable. Like,

10:33.440 --> 10:38.680
yes, no, it's a zero day. Why don't you just look at what it exploits and patch it? Like,

10:39.100 --> 10:45.100
if there's no patch, like, and who's just going to stumble upon the zero day? And I never even

10:45.100 --> 10:49.760
disclosed what it was. And I guess side issue, he had already basically been retired then, right?

10:50.160 --> 10:55.920
So while the cyber community kind of spun all these different ideas of what it could be,

10:56.900 --> 11:01.160
he was kind of learning firsthand that European detention facilities

11:01.700 --> 11:07.660
vary wildly in their treatment of prisoners, especially high profile ones like himself.

11:08.060 --> 11:13.780
They'd been moving him constantly. And the feds call this diesel therapy. We call it dead here in

11:13.780 --> 11:21.480
the US because the smell of the bus fumes that you have to get on and endure for hours,

11:21.480 --> 11:26.720
basically, when you're in the bus being transported. So when I got that message on

11:26.720 --> 11:31.980
June 9th, I gave him a bunch of legal advice. And I had to be certain though that it was him,

11:32.080 --> 11:37.240
like I said before, and federal agencies basically love to try and fake personas

11:37.240 --> 11:44.080
to try and map networks and gather intel and even through facilitating third parties

11:44.760 --> 11:49.320
that seem trustworthy, right? Trust just isn't enough, right? So once verified,

11:49.840 --> 11:56.720
the full picture really came into play. He had sent a video of his cell and so I'd started

11:56.720 --> 12:02.600
analyzing that, like what kind of cells allow for hot blades, work at a beam, and I did a lot of

12:02.600 --> 12:09.300
OSINT basically is what it boils down to. I was able to see outside of his window, I could see the

12:09.300 --> 12:15.540
kind of buildings and he had a phone. So what I had asked him after looking at all these

12:15.540 --> 12:20.020
buildings and stuff, and I'd gotten it kind of narrowed down to a couple of different countries,

12:20.140 --> 12:25.560
but that's obviously a massive net. So I had asked him, hey, can you open up Google map?

12:26.500 --> 12:30.800
So based off that, I was actually able to figure out where he was based on the view

12:31.380 --> 12:36.180
of him like in position to where in the prison was. It wasn't really useful to me,

12:37.000 --> 12:41.580
but it was an interesting experiment to try to confirm that he was really there.

12:41.580 --> 12:47.620
So with all that information, this is where he was. So originally, I'd actually been connected to

12:47.620 --> 12:54.480
him through a third party and the third party was a trustworthy source, right? Like, I think,

12:54.680 --> 12:59.320
anyways, I've known them for a while too, but you know, went through anyways, verified with

12:59.320 --> 13:04.820
with Intel broker and kind of the, I saw like the full picture at that point. He was in a

13:04.820 --> 13:12.040
German detention facility, high security facility, facing extradition to Israel or the United States

13:12.040 --> 13:17.700
with multiple countries competing for him. And by the sound of it, France won that auction.

13:18.320 --> 13:27.340
This is the international equivalent of basically excited people at a hanging yelling obscenities

13:27.990 --> 13:31.640
as someone's about to get hung, right? Like, but they all want to be able to

13:31.640 --> 13:37.860
want to pull a switch and be the one to hang them. So US federal prison, if he went there,

13:38.100 --> 13:46.160
means at least 25 years, like minimum based on my assessment of hypothetically what the charges

13:46.160 --> 13:54.080
would be. If they actually launch a criminal complaint or indictment, then I'll actually

13:54.080 --> 13:59.260
be able to get a more realistic view of it. But they get them, they're going to hit them

13:59.260 --> 14:03.740
as hard as they can. And it's going to be something like 25, probably a least. But

14:03.740 --> 14:11.080
Israel detention, on the other hand, operates on a completely different level altogether.

14:11.740 --> 14:17.000
Like, and I told him straight that like, in Israel, though, they're going to start with torture

14:17.000 --> 14:24.220
like sensory deprivation, starvation, beatings, medical experiments, grape, all of these things

14:24.220 --> 14:30.060
are documented facts from the UN, the Human Rights Watch, and Amnesty International.

14:30.460 --> 14:35.100
It's not just like something I made up. So I gave him the best advice that I could,

14:35.680 --> 14:41.820
starting off with really simple stuff like go to court, clean, shave your face, don't laugh,

14:42.000 --> 14:47.680
don't joke, don't smile, like don't let the judge think that you think that this is a game.

14:48.640 --> 14:55.940
Document everything. The arrest date, what they said, timeline of events, all that kind of stuff.

14:56.800 --> 15:03.560
And also frame everything in a humanitarian kind of concern about Israeli detention,

15:04.140 --> 15:08.980
citing UN reports and the European Convention on Human Rights, emphasize that

15:08.980 --> 15:16.140
he wasn't fleeing but seeking due process. Stick to the actual story that he told in the

15:16.140 --> 15:21.100
interview basically about being retired because that'll show that he wasn't actually a criminal

15:21.100 --> 15:25.360
at the point of him actually getting caught, which matters. All these things matter.

15:25.860 --> 15:31.920
So I told him exactly how to frame it. I gave him quotes. I told him to say basically,

15:31.960 --> 15:38.200
I understand both the United States and Israel seek my extradition and I respectfully request

15:38.200 --> 15:44.180
this court prioritizes the United States based on humanitarian grounds and procedural

15:44.180 --> 15:51.040
consequences. Now our friendship over the years of correspondence that we've had it has

15:52.160 --> 15:56.740
been really interesting. Intel Broker basically repeatedly offered to help me

15:57.200 --> 16:03.800
a bunch of different ways and crazy amounts of generosity, right? Like six figures kind of

16:03.800 --> 16:10.780
stuff. And yeah, I had to turn them down every time. And we'd have long discussions about

16:12.040 --> 16:18.780
me grinding and him battling with stuff like alcoholism. But it was really cool that like

16:18.780 --> 16:24.740
whenever I hit a rough patch, hit offer to something and the offer is enough. Like I

16:24.740 --> 16:31.540
always declined and not because like I didn't need help or like because I was too proud to

16:31.540 --> 16:37.040
take any help. It would have made my life a lot easier to be honest. But like

16:38.240 --> 16:43.760
it's because the United States conspiracy laws are just brutal. They're absolutely

16:43.760 --> 16:49.860
unforgiving and it's a catch all to wrap people up. So accepting money from, for example,

16:50.520 --> 16:59.680
a cybercriminal knowingly basically puts you in part of the conspiracy in a federal

16:59.680 --> 17:07.380
prosecutor's eyes essentially. But those offers revealed like who he was beyond the

17:07.380 --> 17:14.700
hacker persona for me, right? Like this wasn't some cartoon villain cackling while stealing your data.

17:15.180 --> 17:24.440
This was someone who saw a friend struggling and wanted to help someone who they saw was

17:24.440 --> 17:31.140
was actually worth it. Someone who despite operating in like a really distrustful world,

17:31.400 --> 17:40.620
right? Full of mistrust and paranoia maintained his human connections and human dignity. And

17:40.620 --> 17:45.960
again, even though I never accepted it was like it's the offer alone that really

17:46.780 --> 17:53.300
meant a lot coming from someone like him. Now our last exchange was June 15th and I

17:53.300 --> 17:59.940
basically sent him message saying are you there and got nothing. Not that day and nothing

17:59.940 --> 18:05.660
since and that's really sucked. Intel Broker who maintained a presence across multiple platforms

18:05.660 --> 18:14.480
for years like the guy who survived FBI takedowns and had went and taken the site back from the

18:14.480 --> 18:22.360
FBI when they seized breach forms the very last time had completely gone dark and maybe

18:22.360 --> 18:28.740
he was transferred. Maybe they found his phone. Maybe his lawyers got through to him.

18:28.960 --> 18:38.840
Either way, his silence to me really hit differently than previous absences. 10 days later on June 25th,

18:38.960 --> 18:45.340
2025, social media exploded with claims that Intel Broker had been arrested. The problem

18:45.340 --> 18:51.580
essentially was that he was locked up and had been since February again or so they say.

18:51.580 --> 18:57.780
The French administrators were arrested on June 23rd and had probably been under surveillance

18:57.780 --> 19:05.680
since February. Using stuff like confusion as a weapon is really kind of straight out of

19:05.680 --> 19:13.280
the Fed's playbook. Now Intel Broker's story is ultimately about the cost of living outside

19:13.280 --> 19:18.820
of the law in general. And you'd say he made money probably millions. I wouldn't doubt that.

19:18.820 --> 19:25.280
He definitely proved corporate security is often just security theater and he built an empire with

19:25.280 --> 19:31.240
breach forms which he came to own, started off as a mod and built his way up in commanded

19:31.240 --> 19:36.480
respect across the global cyber crime ecosystem. But what did it cost him?

19:37.940 --> 19:45.140
What could he have done with that intelligence that wouldn't have cost him essentially his life?

19:45.700 --> 19:51.500
It'd definitely be his life if he goes to Israel and it'll be a life sentence if he goes to the United

19:51.500 --> 19:58.080
States. So kind of either way, it's just, it's going to suck. But he endured years of paranoia,

19:58.440 --> 20:03.360
never knowing if the knock would be federal agents, never able to fully trust anyone. Living

20:03.360 --> 20:08.340
in countries chosen for non extradition, treaties rather than kind of quality of life

20:08.340 --> 20:13.740
and watching legitimate opportunities pass by because accepting them would mean exposure.

20:13.740 --> 20:19.860
And during our December interview, he basically told me straight up that the mental stress and

20:19.860 --> 20:25.900
paranoia just aren't worth it in the long run. Having been on the run from law enforcement

20:25.900 --> 20:34.200
for 15 years myself, I know the feeling. I totally get it. He warned others about it and even

20:34.200 --> 20:44.180
while being unable to actually escape himself. So I didn't make this video as a like news item,

20:44.520 --> 20:51.100
which I usually do. I made it to basically talk about my friend and not the evil hacker people

20:51.100 --> 20:59.120
see threat actors as and not the guy who broke into your pole or took breach forms back from

20:59.120 --> 21:05.680
the Fed, just a guy, not some scary boogeyman dropping shells everywhere. I told him that I

21:05.680 --> 21:11.040
could file paperwork, chicken, I could absolutely write up stuff and file a form and I would have

21:11.040 --> 21:17.120
done that. And he just really didn't wasn't really up for anything. It seemed like so.

21:18.100 --> 21:21.800
But that's what friends do at the end of the day, in my opinion. And that's true,

21:21.800 --> 21:29.880
especially when one is facing extradition to countries that view hackers as terrorists and

21:30.700 --> 21:38.740
punish them with human rights violations and exchange. So even when logic says distance yourself

21:38.740 --> 21:43.760
or protect yourself or protect your interests. But I tend to not do that. I tend to be loyal

21:43.760 --> 21:49.720
to a fault because at the end of the day, like we're all human. And even the ghosts

21:50.280 --> 21:56.920
that are in the machines are human. And when I warned him about things like Israeli prison

21:56.920 --> 22:02.380
conditions, and that that was the reality of the incarceration there, I think

22:03.860 --> 22:07.700
I don't think I don't know if it actually got through. And that's what that's what really

22:07.700 --> 22:11.820
sucks at the end of the day. You can only tell someone I can tell you about prison,

22:11.920 --> 22:16.460
but you really don't understand it unless you're actually there. It's not something

22:16.460 --> 22:20.880
that can be understood. So like watching Oz or there's a fist fight in the guard,

22:21.160 --> 22:27.360
runs and steps inside like that's, that's make believe land. But you're always better off

22:28.020 --> 22:33.540
expecting the worst. That's what I found and preparing mentally for worst case scenarios,

22:33.960 --> 22:39.580
rather than expecting something better and being disappointed or shocked.

22:40.020 --> 22:43.460
And that's why I tried to shell shock them because that might be his reality.

22:43.460 --> 22:52.000
Like they'll be tons of people talking badly about him now. And that's because he's busted,

22:52.180 --> 22:57.180
pointing out shortcomings, laughing at him. And that's just kind of how it goes, right?

22:57.800 --> 23:03.100
He has a legend for people to make fun of someone like that. It would be like,

23:03.740 --> 23:10.080
I don't know, making fun of Tiger Woods for missing a hole in one or making fun of some

23:10.080 --> 23:15.160
basketball player. I'm not into sports, but I'm saying that's how that's how I see it.

23:15.180 --> 23:20.780
That's just stupid. They do criticize who could never actually do even a core of things that

23:20.780 --> 23:25.460
that person can do. So that's it. And I'm in that case too. If I do an episode,

23:25.700 --> 23:32.460
I'll be criticizing him for some I can't do either. I do hope to find out what it was that

23:33.340 --> 23:37.600
actually got him though, how they connected those pieces. I'm really interested to see that.

23:38.400 --> 23:46.060
Anyways, I do the same thing here with dark net vendors who make dumb offset mistakes.

23:46.340 --> 23:52.080
That's just how it goes. Like until you become non-existent, right? And people move on to the

23:52.080 --> 23:58.040
next headline. All the while, your memory fades until people actually forget you even existed.

23:58.280 --> 24:02.760
I just wanted to show the part that the French authorities didn't actually show.

24:03.540 --> 24:11.020
And that's of a human being that's brilliant enough to penetrate anything security-wise,

24:11.320 --> 24:16.400
but still human enough to need things that require leaving in the shadows.

24:16.920 --> 24:21.780
Now, I wish you'd taken my advice and gone into research or teaching, which I told them

24:21.780 --> 24:27.540
multiple times. And I hope that one day I'll be able to speak to my friend again.

24:29.940 --> 24:34.080
I don't want him to come to the US to serve his time, because they'll give him a crazy amount of

24:34.080 --> 24:38.320
time. But at the same time, I do, because it would be great to be able to actually see him

24:39.780 --> 24:45.160
and say hi and visit with him. Yeah, I'll send him books and all that stuff. But anyways,

24:45.400 --> 24:52.120
that I guess, yeah, it always sucks when goes through a rough patch. He's never mean to me

24:52.120 --> 24:57.120
or cool to me. He's always good to me kind. So it just, to me, it's unfortunate. Another

24:57.120 --> 25:00.680
bunch of you out there are going to be like, well, who's a hugger? Screw that, dude. He stole people's

25:00.680 --> 25:06.060
stuff. And I completely understand that perspective. But anyways, thank you for listening to me ramble

25:06.060 --> 25:11.820
and rant about this. When more news comes out about this, if it does, we don't really know,

25:12.700 --> 25:16.660
I'll definitely cover it here. So in any case, thank you for watching to the end,

25:16.740 --> 25:17.820
and I'll see you in the next video.