- Brett Johnson is a reformed cybercriminal who now helps protect people from the types of crimes he used to commit.
- He says it's important for people to build a toolbox to protect themselves from bad actors.
This as-told-to-essay is based on a conversation with Brett Shannon Johnson, a former cybercriminal turned cybersecurity expert. Insider confirmed Johnson's criminal history using court documents and contemporaneous news reports. The conversation has been edited for length and clarity.
I'm a reformed cybercriminal who used to steal identities and commit credit card fraud, but I've thankfully turned my life around.
I helped build and run an early version of the "darknet," which provided a trust mechanism that many criminals continue to use to this day. In October 2004, the Secret Service arrested 33 people associated with my network. They picked me up four months later and offered me a job as an informant. I'm the idiot who continued to break the law for the next 10 months while working for the Secret Service until they found out about it.
I was arrested, sent to prison, and served out my time. I've been given the opportunity to turn my life around, and I took it.
I'm now a cybersecurity expert at a fraud-prevention company, and I help protect internet users from the types of crimes I used to commit.
How to build a toolbox for online safety
Whenever I give a presentation about protecting yourself online, I tell people to think of it as building a toolbox. The criminal has a toolbox, and in it, they have a variety of tools with which to attack you. As a defender, you need to have a toolbox, as well.
The good thing is that the tools you need aren't horribly sophisticated.
The first thing: freeze your credit by contacting the three main credit agencies to block access to your credit accounts. It's free, and it's the best tool to stop new account fraud. It's a good idea to freeze the credit of every single person in your family, including kids, because kids are often targeted for identity theft.
The second most important step is to place alerts on accounts where you can - whether it's your credit, bank, tax records, retail accounts, email accounts, or whatever. Make sure you have alerts on those accounts that communicate whenever they're accessed or used.
The third thing I tell people is to get a password manager. A majority of people on this planet use the same or similar password logins across multiple websites, and hackers know that. I use the Google Chrome password manager, and it's free. It generates unique passwords for every log-in and saves them for you.
Lastly, set up multifactor authentication for your accounts. It's an outstanding tool. It's not bulletproof, but when you use it in conjunction with other tools, you become much more secure.
Getting inside the mind of a cybercriminal
If you think about it, most of the time, cybercriminals are motivated by cash. If it's a cash-based attack, the attacker is looking for the lowest-hanging fruit. They're looking for easy access because it will give them the largest return on their investment. If you have a toolbox with just those four tools, you are far more secure than most people in the US.
It's important for people to be aware of their environment and develop situational awareness online. We're good at understanding when to be on guard in the physical world, but we need to do a better job of understanding that there are also predators on the internet.