Easy Prey

Money Laundering

Organized crime is often imagined as something violent, chaotic, and obvious. But today, it looks far more polished than that. It operates like a multinational business, spread across borders, built on trust networks, specialization, and efficiency rather than brute force. This episode looks at how modern scams, fraud, and money laundering actually work and why they're so hard to spot before serious damage is done. My guest is Geoff White, an investigative journalist who has spent decades covering organized crime, cybercrime, and financial fraud. His reporting has appeared on BBC News, Sky News, The Sunday Times, and other major outlets, and he is also the creator of The Lazarus Heist, the hit podcast and book series exploring North Korea's global hacking operations. His latest book, Rinsed, examines how technology has transformed the world of money laundering. We talk about how modern criminal networks are structured, why scams now rely on patience and psychology rather than speed, and how money laundering functions as a service industry that quietly supports fraud at scale. The conversation also explores why victims are sometimes unknowingly used to move stolen funds, how urgency is weaponized to override judgment, and why slowing down remains one of the most effective defenses people have. Show Notes: * [01:08] Geoff shares his background and why the organized crime + technology overlap is where he's spent his career. * [02:52] Why longer-form work (books, podcasts) is often the only way to explain complex crimes that don't fit into a quick news segment. * [03:56] Old-school enforcement was violence; modern crime groups often can't use that when partners are anonymous and overseas. * [04:23] The trust networks holding global crime together can be more fragile than people assume. * [05:06] The strange "trust inside crime" dynamic especially in ransomware, where criminals must appear "reliable." * [06:18] Competition today looks more like corporate rivalry than street violence, especially in ransomware affiliate ecosystems. * [07:41] Do these groups evolve from traditional cartels or arise from new tech-native criminals? Geoff says it depends on the region. * [09:58] The skill split of elite coders builds ransomware, while newer recruits use social engineering to get initial access. * [11:34] Money laundering adapts fast with crypto, game currencies, NFTs while the core "service business" model stays the same. * [12:46] The "cost" of laundering: fees can be extreme for newcomers, and lower for experienced players with connections. * [13:53] A disturbing case where victims are daisy-chained to launder money and reinforce the romance-scam illusion. * [15:12] Why money mules are treated as disposable and how many don't realize the seriousness until law enforcement shows up. * [16:48] The tactic of letting victims withdraw a little money to make a platform feel legitimate and why it works so well. * [18:09] Geoff connects today's tactics to classic con mechanics ("putting the mark on the send") and the psychology behind it. * [19:22] Geoff describes seeing an "escalator scam" firsthand: small payouts early, then pressure to pay to "unlock" higher earnings. * [21:51] The scary shift is that scams now look polished and patient, stretching across multiple channels and weeks (or longer). * [23:12] The more we "self-custody" money and identity online, the more security responsibility shifts onto individuals. * [24:32] A major crypto seizure case raises a messy question when seized assets grow in value, who gets the upside? * [28:46] Geoff's practical defense: slow down on anything money-related, create space, and don't let urgency steer decisions. * [31:17] Why today's scammers play the long game of months of relationship-building can lead to life-changing losses. * [34:29] Repeat victimization: recovery scams and fake "investigators" often target people right after they've been hit. * [36:08] "Traceable" doesn't mean "recoverable," why freezing and returning stolen crypto is legally and logistically hard. * [38:44] UK reimbursement changes shift liability between sending and receiving banks but there are tradeoffs and open questions. * [41:28] Geoff reacts to US payment quirks (card taken away, tip written in pen) and why it still surprises outsiders. * [45:11] Closing advice is to learn from other people's stories and run "what would I do?" scenarios before a crisis hits. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review. Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Geoff White [https://geoffwhite.tech/] * Geoff White - LinkedIn [https://www.linkedin.com/in/geoffwhitetech/?originalSubdomain=uk] * Geoff White - Instagram [https://www.instagram.com/geoffwhite247/?hl=en] * Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World's Deadliest Crooks [https://www.amazon.com/Rinsed-Cartels-Crypto-Industry-Deadliest-ebook/dp/B0CPBLXQH6] * The Lazarus Heist [https://www.amazon.com/Lazarus-Heist-Based-Hit-podcast-ebook/dp/B09QLTPPBW] * Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global [https://www.amazon.com/Crime-Dot-Com-Viruses-Rigging-ebook/dp/B08DDDTWW3]

Critical Infrastructure Risks

Most cybersecurity conversations focus on stolen data, breached accounts, and attacks that live entirely on screens. This episode looks at a far more consequential threat: what happens when cyberattacks target the physical systems that keep society running. Power, water, transportation, and manufacturing. When those systems fail, the consequences aren't just digital. They're immediate, visible, and sometimes dangerous. My guest is Lesley Carhart, Technical Director of Incident Response at Dragos, a cybersecurity firm focused exclusively on protecting critical infrastructure. Lesley specializes in industrial control systems and operational technology, investigating real-world attacks against power plants, water systems, transportation networks, and industrial facilities built on aging, irreplaceable technology. We talk about why these environments are uniquely vulnerable, how ransomware groups and nation-state actors quietly gain long-term access, and why many compromises go undetected for years. The conversation also explores the limits of traditional cybersecurity thinking, the real-world constraints operators face, and what organizations can realistically do to improve security when failure isn't an option. Show Notes: * [01:30] Lesley Carhart is here and explains what operational technology is and why industrial systems are uniquely vulnerable * [03:40] How decades-old computers still run power plants, water systems, and transportation infrastructure * [06:10] Why industrial environments can't simply patch, upgrade, or shut systems down * [08:25] The mindset shift required when safety and continuity matter more than stopping an intrusion * [10:40] Why air-gapped systems are mostly a myth in modern critical infrastructure * [13:15] How remote access became unavoidable—and one of the biggest risk factors * [16:05] The three main threat categories facing industrial systems: ransomware, insiders, and nation-state actors * [18:45] Why ransomware is especially damaging in power, water, and manufacturing environments * [21:30] How nation-state attackers quietly establish footholds years before taking action * [24:20] Why many industrial compromises go undetected for months—or even years * [27:10] What incident response looks like when you can't just "pull the plug" * [30:05] The most common causes of industrial failures: human error, maintenance issues, and environment * [32:40] A surprising incident that looked like a nation-state attack—but wasn't * [34:55] Why critical infrastructure organizations often feel pressure to pay ransoms * [37:00] Practical starting steps for organizations with aging, mission-critical systems * [39:20] Advice for people interested in industrial cybersecurity and working with legacy technology * [42:10] Why mentorship matters and why Lesley chooses to give back to the field Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review. Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Lesley Carhart [https://tisiphone.net/] * Lesley Carhart - LinkedIn [https://www.linkedin.com/in/lcarhart/?originalSubdomain=au] * Lesley Carhart - Dragos [https://www.dragos.com/lesley-carhart]

Familial Identity Theft

Identity theft is usually framed as an external threat. Hackers, data breaches, anonymous criminals operating somewhere far away. This episode looks at a much harder reality to face: identity theft that happens inside families, often quietly, over many years, and without immediate detection. The damage isn't just financial. It reshapes trust, relationships, and a person's sense of stability long before anyone realizes what's happening. My guest is Axton Betz-Hamilton, an associate professor of financial counseling and planning whose research focuses on familial and child identity theft. Her work is deeply personal. As a teenager, Axton discovered her own credit had been destroyed before she ever had a chance to build it, the result of identity theft that began when she was a child. Years later, she uncovered the truth behind who was responsible and how multiple generations were affected. We talk about how familial identity theft works, why it's so difficult to detect, and what recovery really looks like when the person who caused the harm was someone you trusted. The conversation covers the long road to rebuilding credit, the emotional fallout that often gets overlooked, and the practical steps people can take to protect themselves and their children before damage is done. Show Notes: * [02:15] Axton Betz-Hamilton explains how her parents' identities were stolen in the early 1990s, before consumers had legal protections. * [03:50] Discovering a 10-page credit report at age 19 and realizing her financial life was damaged before it began. * [05:45] What it's like to learn your credit score is in the second percentile nationwide and why that realization changes everything. * [07:10] How early frustration with identity theft shaped Axton's academic path and research focus. * [09:05] The moment evidence surfaced pointing to a family member as the source of the identity theft. * [10:45] Uncovering decades of fraudulent accounts affecting multiple generations within one family. * [12:50] How grief abruptly shifted into investigation after learning the truth about who caused the harm. * [15:20] The long, two-track process of disputing fraudulent credit while slowly rebuilding legitimate credit history. * [17:40] Why some fraudulent accounts had to age off credit reports instead of being removed. * [19:05] How isolation and manipulation can allow familial identity theft to continue undetected for years. * [21:55] Exploring possible motivations behind the theft and how financial behaviors can repeat across generations. * [23:10] The simplest way to detect identity theft is by regularly checking all three credit reports. * [24:30] Why freezing your credit is one of the most effective and underused protection tools. * [26:05] The importance of freezing children's credit to prevent damage that may not surface until adulthood. * [28:00] How modern tools like IRS identity PINs reduce the risk of tax-related identity theft. * [30:15] Using E-Verify freezes to prevent identity theft tied to employment and income. * [33:10] The emotional impact of familial identity theft and why boundaries are often necessary for healing. * [35:00] How family systems fracture when some members believe the victim and others defend the offender. * [36:40] Why mental health support is a critical part of recovery, not an optional one. * [38:00] The Identity Theft Resource Center as a comprehensive support option for victims navigating recovery. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review. Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Axton Betz-Hamilton - South Dakota State University [https://www.sdstate.edu/directory/axton-betz-hamilton] * Axton Betz-Hamilton - LinkedIn [https://www.linkedin.com/in/axton-betz-hamilton-42575112/] * Axton Betz-Hamiliton - Facebook [https://www.facebook.com/DrAxtonBetzHamilton/] * Identity Theft Resource Center [https://www.idtheftcenter.org/] * Annual Credit Report [https://www.annualcreditreport.com/index.action] * IRS - Identity Pin [https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin] * E-Verify [https://www.e-verify.gov/]

Exploiting Trust (Part 2)

Security failures rarely come from cutting-edge attacks or sophisticated tools. They happen in ordinary moments when someone holds a door, follows an instruction without questioning it, or finds a workaround that makes their day easier. Those small, human decisions are often the real entry points, and they tend to compound over time. This episode picks up the second half of our conversation on exploiting trust with FC Barker, a veteran ethical hacker and physical security expert known for legally breaking into banks, government buildings, and high-security facilities around the world. With more than 30 years of experience, FC explains why human behavior, not technology, is consistently the weakest link in security, and how his success in physical breaches almost always depends on people trying to be helpful rather than malicious. The stories he shares range from quietly unsettling to darkly funny, but they all point to the same pattern: security controls fail when they don't account for how people actually work. The discussion goes deeper into why trust, politeness, and unquestioned compliance undermine defenses, how workplace culture encourages risky shortcuts, and what actually helps reduce risk without fear, blame, or expensive overengineering. Show Notes: * [00:00] FC explains why most physical security breaches succeed because someone is trying to be helpful, not because of technical skill. * [02:07] His background in cybersecurity and how physical security testing grew out of traditional penetration testing work. * [04:26] Why trauma and hypervigilance can sharpen situational awareness in security professionals. * [08:55] Early physical security failures are discussed, including poorly placed cameras and people casually sharing sensitive information. * [11:06] FC explains how security controls that interfere with work often lead employees to find unsafe workarounds. * [13:24] A story illustrates how even air-gapped systems fail when people move data for convenience. * [15:32] Trust and rule-following culture are explored as major contributors to physical access failures. * [16:40] FC shares how his near-perfect success rate comes from people helping him gain access without questioning authority. * [17:08] He recounts an incident where employees helped him remove multiple computers from a secure building. * [19:40] A failed engagement is described where internal resistance led to police being called unnecessarily. * [24:00] FC tells the story of accessing a vault and removing a gold bar during a test unknown to senior executives. * [26:53] The preparation required for high-risk physical tests, including staged kidnappings, is explained. * [31:50] Practical advice begins with learning to think like an attacker when assessing your own home or workplace. * [34:02] Situational awareness is discussed as a key deterrent against both physical crime and social engineering. * [36:13] FC explains why security cameras are more useful for investigation than prevention, especially in offices. * [37:41] Camera placement mistakes are covered, including mounting cameras within easy reach. * [39:06] The importance of not advertising valuables or security measures is emphasized. * [41:30] FC discusses personal vigilance and why monitoring finances and subscriptions matters. * [44:00] His book How I Rob Banks is discussed, including the real stories and lessons it contains. * [46:06] FC explains how his company chooses clients and why culture change is a major part of their work. * [50:29] Security improves when systems are designed around real human behavior. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review. Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Cygenta [https://www.cygenta.co.uk/] * Dr. Jessica Barker [https://www.drjessicabarker.com/] * FC aka Freakyclown - LinkedIn [https://www.linkedin.com/in/freakyclown/] * How I Rob Banks: And Other Such Places [https://www.amazon.com/How-Rob-Banks-Other-Places-ebook/dp/B0C3WSZSXM/]

Exploiting Trust (Part 1)

Most security failures don't start with a dramatic breach or a mysterious hacker sitting in a dark room. They usually start quietly. Someone assumes a system is locked down. Someone trusts that a door shouldn't open, or that a machine "just works," or that no one would ever think to look there. Over time, those small assumptions stack up, and that's where things tend to go wrong. Today's guest is FC Barker, a renowned ethical hacker, social engineer, and global keynote speaker with more than three decades of experience legally breaking into organizations to expose their blind spots. Formerly the head of offensive cybersecurity research at Raytheon and now co-founder of cybersecurity firm Cygenta, FC is also the author of How I Robbed Banks, a book packed with true stories from the field. In this conversation, FC shares what he's learned from decades of breaking into places he was hired to protect. The stories range from funny to unsettling, but they all point to the same pattern: technology usually isn't the weakest link. People are. From outdated systems that can't be replaced to everyday workplace habits that quietly invite risk, this episode offers a grounded look at how intrusions really happen and what actually makes environments safer. Show Notes: * [03:06] FC grew up before cybersecurity existed and learned computers when manuals were thicker than the machines themselves. * [05:27] How early internet culture shifted from curiosity-driven exploration to the rise of malicious actors. * [07:15] Why inviting external testers to break into your systems was once an unthinkable idea and how that changed. * [09:35] The danger of internal blind spots and why external validation is often more valuable than internal confidence. * [10:46] Unexpected discoveries during penetration tests, including systems no one remembered were even running. * [12:23] Choosing unusual, esoteric security projects and why unconventional systems often hide the biggest risks. * [12:50] A real-world operation that involved reverse-engineering hardware to shut down power infrastructure in seconds. * [16:29] One of the easiest break-ins ever happens accidentally, proving how fragile some systems really are. * [17:21] The most common technical failure seen across organizations: poor network segmentation. * [18:36] How a routine internal scan accidentally knocked an entire country's banking connection offline. * [20:04] A bank unknowingly runs its internal network on an IP range owned by the U.S. Department of Defense. * [21:43] A mysterious daily network outage turns out to be caused by a single employee's music collection. * [23:07] Plugging into a forgotten network switch triggers a fire during a government penetration test. * [25:15] Why penetration testers are often blamed first even when nothing has been touched yet. * [26:25] Discovering malicious insider code planted by coordinated nation-state actors. * [29:41] Why some outdated systems must remain untouched and why "just update everything" isn't realistic. * [33:15] Implanting covert hardware inside everyday office devices to gain persistent network access. * [35:01] How avoiding people altogether is often the most effective form of social engineering. * [37:10] Why attackers move from the top floors down and how authority bias works without a single word spoken. * [38:35] Clothing, context, and small visual cues that instantly make people assume you belong. * [42:26] A penetration test derailed by an unexpected office costume day—and why randomness can be a defense. * [44:33] A simple exercise anyone can use to start thinking like an attacker by examining their own home. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review. Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Cygenta [https://www.cygenta.co.uk/] * Dr. Jessica Barker [https://www.drjessicabarker.com/] * FC aka Freakyclown - LinkedIn [https://www.linkedin.com/in/freakyclown/] * How I Rob Banks: And Other Such Places [https://www.amazon.com/How-Rob-Banks-Other-Places-ebook/dp/B0C3WSZSXM/]