The Federal Investigative Bureau is focused on one thing and one thing only: combating criminal activity. A domestic intelligence and security service of the United States, they take the law into their own hands, going underground into some of the darkest realms of the criminal world.
But not all cases are easy to crack, especially when it comes to one Ukrainian hacker. He kept the FBI on their toes with twists and turns at every corner.
Technology has changed the world
If there's one thing we can all agree on is that technology has changed the world we live in. Most of us are working in offices or at home off our phones. Twenty years ago, the idea of us having wireless headphones was something unheard of.
And now, we have them! But today, we're pushing the boundaries with technology and changing the way we work and communicate with one another. But with the good comes the bad, as we all know.
But with the good, comes the bad
With the increase of technology, life has become a lot easier. However, along the good comes the bad. The easier our lives become with technology, the more open we are to being attacked.
Hackers exist worldwide, focusing on stealing our personal information, using it to sell on the dark web, or commit fraud. The world isn't all rainbows and sunshine. You're about to find out the other side of the internet, the darker side.
Who are hackers?
There's no one-size-fits-all description of a hacker. A hacker can be a woman or man, short or tall, young or old. But the one thing they have in common is using their technical knowledge to achieve a goal online.
Usually, these goals aren't meant to make the world a better place. Typically, hackers enter systems without authorization, using the information for their own benefit. That being said, there are hackers who focus on exposing the truth behind shady companies as well.
Work that pays
Why do hackers do what they do? You may be thinking that these people have nothing better to do with their time than to cause mayhem online, but that's not necessarily true.
Many of these hackers come from post-Soviet countries or eastern Europe, are from low-income families, and don't have any job opportunities. So, instead of sitting at home doing nothing, they try to make money the only way they know how: by hacking.
The FBI had a run for their money
It's not every day where you see the FBI having a run for their money. Usually, they're the ones who are chasing down criminals and catching them off-guard. But this time, the tables turned, and the FBI were finding themselves chasing an unknown man.
Who was this guy who was causing them so much trouble? More importantly, are all hackers as hard to pin down as this one? Or was he just an exception from the rest? It's time for the answer.
One hacker outshines the rest
Not all hackers are the same. You have your beginner hackers, and you're intermediate ones. But we're not talking about an amateur hacker here. We're talking about the best of the best.
This particular man has hacking abilities, unlike any other. It's time you were introduced to Max Popov, the hacker who tricked the FBI. That's quite a title to achieve when you think about it. Not many people can say they fooled the FBI.
Popov had a post-Soviet upbringing
Max Popov grew up in the 1,000-year-old city of Zhytomyr, which is two hours west of Kyiv. Living in the post-Soviet era world, Popov was attracted to computers and learned the basics of computers at school.
Though he didn't learn on a Macbook, his first encounter with a computer was on a chunky Ukrainian-made IMB XT clone called a Poisk-I. But it was when he was 15-years-old that his father brought home a PC and modem. And that's when Popov had his first taste of the internet.
He was addicted to cyberpunk fiction
Like most kids in the 90s, he was drawn to the movie Hackers, as well as cyberpunk fiction. From these two things, we became inspired. He knew he was going to be a computer vigilante, and he was going to profit from it. He found fellow mercenaries on the internet from post-Soviet era countries - and there were lots of them.
In the late 90s, the Soviet Union had an increase of intelligent computer programmers; the only problem was that there lacked job opportunities. To make money, they turn to hack US e-commerce sites.
His talent wasn't in hacking
But Popov wasn't as technical as many of his colleagues. However, his talent didn't lie in his technical skills; his talent was to manipulate and manage people and his gift for learning languages.
He started profiting from hacking by cashing out stolen credit card numbers and using his fluent English to phone in fraudulent order to US retailers and cell phone companies. The business was going well for Popov until stores caught onto the scheme.
Popov decided to test his luck at extortion
When business goes down, you look for other opportunities, and that's what Popov did. He decided to test his luck at extortion. He and his team would hack into company computers, steal their customer data.
And then Popov would call these companies, offering his services as a security consultant to keep the data leak from going public. It's not a bad plan. He was able to hack into company data and then use that hack to make a profit. But all good things must come to an end.
But things didn't work out as planned
But it was only a matter of time until someone was going to catch on to what he was doing. In 2000, he and his team cracked an electronic payment provider, stealing the credit card information of 38,000 customers.
It continued to other companies, with Popov then contacting the company and offering his services. His fee ranged from $50,000 to $500,000. But one company called the FBI and completely destroyed Popov's get-rich scheme. But then he started to contemplate a different idea...
Popov, the first defector
Popov was getting tired of his life in Zhytomyr, and he was receiving pressure from local thugs. So, he thought about turning himself into American law enforcement. That way, he could escape from Ukraine and change his life.
In his head, he believed by doing this; we would be a reformed hacker and become a security expert in the land of freedom and opportunity. But would this idea go as planned? Well, he was going to have to give it a try to find out.
He had American dreams
When you're living in a rough environment outside of America, you see the US as an amazing place to live. Well, that's what everyone outside of America has been told. It's the land of opportunity, the stereotype of America is that all you have to do is go there and you'll make it.
So, Popov saw this chance as a way to start fresh and live the life he always dreamed of. A life of financial security and freedom - something that he didn't believe he had now.
He had been played
When he arrived in America, he ended up sitting in jail, working as an informant for the FBI. If he refused to continue, he would go to prison. However, when he was on the phone with the FBI previously, they told him a different story.
Naturally, reality shocked Popov as he realized he had just been played. However, he wasn't going to let them get the last laugh. Popov had his own trick up his sleeve.
Popov wasn't that big of a fool
After his arrest, Popov was placed under 24-hour surveillance in an FBI safe house, where he was instructed to talk to his Russian friends while the FBI recorded everything.
However, Popov wasn't stupid. While he pretended to cooperate with the FBI, he was warning his friends that he'd been forced into a US government sting. But why didn't the FBI see any of this? Well, they didn't realize that Popov was going to be that gutsy.
The FBI was slow to catch up
Why was the FBI so slow to realize that Popov was playing a game on them? Well, they didn't translate the logs right away. It took them months to get the logs translated, and by that time, it was too late.
Angry, the FBI took Popov from the safe house and threw him into a small county jail in Virginia. While he was defiant, he was scared. Prosecutors were ready to indict him, and his hopes of having a better future were all crashing down on him.
New FBI blood
And while prosecutors wanted to slam the book at him, an up-and-coming agent, Hilbert, saw a potential to use Popov to fight cybercrime. Throughout the 90s, hacking was a recreational activity; however, in the 2000s, it had become a serious business, especially in eastern Europe.
Websites were being hacked, emails were being loaded with spam, and credit card fraud was becoming all too common. Hilbert saw Popov as his chance to have a serious shot at cracking online hacking.
Hilbert wanted to make a name for himself
Hilbert was a high school history teacher but decided to walk away from his career at the age of 29 and pursue his childhood dream of becoming an FBI agent. When he was brought onto the team, he was given the role of a cybercrime agent.
In his first case, he linked a computer intrusion at a California company to a famous hacker in Russia's Ural Mountains. With his help alone, he managed to lure the suspect to Seattle and arrest him.
Hilbert was the complete opposite of Popov
If you put these two men beside each other, they were complete opposites. Hilbert was a straightlaced looking man who sported a kind of 1950s sitcom dad vibe. He had a firm gaze and crisply combed brown hair.
In other words, at first glance, you thought these two men were from completely different worlds. But looks can be deceiving, as we have all learned at one point in our lives or another. These two men have more in common than you probably think.
Hilbert wasn't as straightlaced as he looked
Though Hilbert didn't look like your typical hacker, looks can be deceiving. Of course, he was nowhere near to Popov's level of skills, but he did have some prior experience. When Hilbert was a child, he grew up in a suburban neighborhood near San Diego where he dabbled in amateur hacking himself.
When he was hacking, he used the name Idolin, which is an ancient term for ghost or spirit. The good thing was Hilbert understood the mentality of a hacker.
A deal was made
Hilbert didn't want to let go of Popov, so they decided to make a deal. Popovi would serve his time while working off his charges by going undercover for the FBI. But this time, Popov wouldn't have to set up his friends. Instead, his targets were people he had no connection with.
To make Popov feel better about the situation, Hilbert called his an intelligence-gathering mission, giving Popov the impression he was like James Bond. Popov signed the plea deal and accepted the government's offer. It was time to get to work.
Popov was a prankster
If there's one thing Popov couldn't do, it was hiding his skills. He loved to show off his abilities. Moments after he landed in California, he was playing around with the legal research computer at the Santa Ana Jail law library.
He figured out that the machine was connected to the jail computer network, and in a couple of seconds, he was able to have profane comments spilling out of the printers around the enter facility. The jail staff had to even put him on lockdown.
Operation Ant City
Popov was brought to Hilbert for his first day at work. Popov was led to a small room. Inside was a desk, table, and Windows machines. Hand-cuffed to the computer table, Popov had his first mission: Operation Ant City.
With a new identity, he began to connect to the underground chat world, as he portrayed himself as a hot-shot Ukrainian scanner that has addition for stolen credit cards. His first target was a mysterious man who went by the name of "Script."
Progress was made
After weeks of chatting with Script, Popov negotiated a deal and offered to buy $400 worth of credit card numbers. Script agreed and sent him the information. However, for Script, it was a huge mistake.
By sending contraband to Popov in California, Script committed a federal crime in US jurisdiction. This evidence would help Hilbert and persuade the Ukrainian police to arrest Script. Though it worked, Script was only jailed for six months before being released.
Hilbert had a strategy
Hilbert had developed a unique strategy. The idea was to spread a little money around so Popov could make contact, and while they had the card numbers, Hilbert would partner with credit card companies to identify the source of the breach.
Popov was a natural professional and worked his way down, striking deals and collecting crucial intelligence for Hilbert. They were an amazing team, and Hilbert wanted to thank him; however, he knew his acts of kindness were limited.
A small act of kindness goes a long way
Popov was living his days working 10 hours, while at night, he would return back to his jail cell. It wasn't the best experience. But on Thanksgiving, Hilbert decided to surprise Popov. When Popov arrived for work, he found a projector set up, facing the wall.
Hilbert turned it on, and the screen started to show The Fellowship of the Ring. For lunch, Popov was given a complete Thanksgiving meal. Popov was truly touched by this act of kindness as Hilbert gave the time out of his day to spend with him instead of his own family.
A major hacking scheme happened
And then, a major hacking scheme happened. There was an intrusion into the credit card payment processor Data Processing International which exposed 8 million cards. It was huge.
Popov began investigating, with one of his contacts volunteering information about who the three hackers who did this were. Of course, they had to make a deal. Before they were going to make a deal, they had to negotiate.
The plan was clear
Popov said he wanted to buy all 8 million cards, but wanted a sample first. The sample was crucial as it let Hilbert confirm that the cards came from the DPI breach. But his contact rejected the offer as it didn't show that Popov had $200,000 in the bank.
So, Hilbert came up with a plan. Popov, dressed in street clothes, went to a bank that agreed to corporate with them. Hilber video recorded Popov in that bank's backroom, counting $200,000 in cash.
The planned work effortlessly
But was Popov's contact convinced? The video seemed to satisfy his contact. Popov managed to convince his contact to apply to the company he was working for and address his application to "Anatoly Feldman."
The contact used all his personal information, including his national ID card. The company Popov worked for was obviously fake, but the contact didn't seem to think of it. This just went to further show that these hackers were really looking for employment.
Popov didn't escape jail time
Even though he played a crucial role in identifying hackers and preventing further fraud from taking place, he wasn't in the clear yet. In 2003, Popov was taken out of the Santa Ana Jail to be sentenced in front of US district judge David Carter.
For the past eight months, he was spending his days on the Ant City operation, with his nights behind bars. The government recommended that Popov be sentenced to time served and three years of court supervision.
Life after prison
After his eight months behind bars, Popov was released in Orange County, California, only 8 miles away from Disneyland. His freedom was not what he expected. He had no green card, no social security, and no way to get a job. The FBI rented out an apartment near the beach for him and paid him a $1000-a-month stipend to continue working on the Ant City operation.
But suburban life wasn't an easy adjustment. A couple of months after, a drunk man walked up to him and started to verbally harass him. Popov punched the man in the face and called the FBI in a panic. He released he wanted to go home.
Popov got to go home
Life after prison wasn't going well for him, as you can see. So, he decided that the best way for him to go home. He was granted permission from Judge Carter to visit Ukraine, only under the condition that he returned to California to serve out the remainder of his three years of supervised release. Popov agreed.
So, Hilbert drove him to the airport and said good-bye. Their good-bye was bitter-sweet as they both knew they were not going to see each other again.
Ant City was a closed case
After Popov was on a plane back to Ukraine, the Ant City operation was a closed case. The operation was a successful one at that. Hilbert said that the operation had removed 400,000 credit cards off the black market and alerted over 700 companies that Eastern European hackers breached their security systems.
From this operation alone, ten suspects were charged; however, none of them were extradited. Nevertheless, for Hilbert, this was a huge achievement, and he hoped his hard work would go recognized.
Popov never returned to America
The moment Popov went on a plane back to Ukraine, everyone knew there was no chance he was going to fly back to continue serving his time in America. To be honest, we're not sure many people would fly back to the US to serve the rest of their sentence.
I guess, this was the government's way of thanking Popov for his help in the Ant City operation. In the end, he was really lucky. The alternative would have been sitting in prison.
The FBI becomes the victim
But it wasn't the last time Hilbert would hear from Popov. On New Year's Eve in 2004, Hilbert's phone rang. Popov said, "Hey, you know what? I got something new here."
Popov continued to say there had been a huge security breach, and it looks like the victim was the FBI. Now, this isn't something Hilbert expected to hear from Popov. If there's one thing the FBI cannot be is a victim. So, Hilbert took the tip seriously and probed for more information.
Popov gave a helping hand
Popov had been watching a Russian hacker gang that was hacking into an AT&T data center, where email servers of the US government were located. One of those email servers was the FBI.gov address. That's not good. Popov wanted to help Hilbert and handed over two documents, one of them being a spreadsheet of FBI and Secret Service cyber-crime targets.
Popov then directed Hilbert where the underground chat room of these hackers was located. Hilbert managed to talk to Sokolov, a Russian hacker and have him admitted to document theft and AT&T intrusion.
Playing both sides
This was a huge success for Hilbert, but it looks like the party was coming to an end. It turned out that Popov had his hands dirty. Other companies were being hacked by the Russian hacker gang, and Popov was offering his help to those companies, including the FBI.
For the right price, he would prevent code from being stolen and leaked out online. But not all companies were falling for it. Multinational EMC saw Popov's offer as an extortion attempt and reported it to the authorities.
Popov changed careers
In a moment of panic, Hilbert messaged Popov and told him to stop doing what he's doing as he was messing up the AT&T case. At some time, it was discovered that Popov was hacking companies and then offering his services to prevent data leakage.
That way, he would get paid twice. Not bad thinking, but since then, Popov decided to take a step back from hacking and try to live a normal life. If you ask him about hacking the FBI, he says he has no regrets.
Hilbert goes under investigation
After the FBI hacking incident, Hilbert went on with work, investigating new assignments. However, with time, he noticed something was off. As time passed, agents he was friendly with stopped talking to him, and he was snubbed for incentive awards. He applied for supervisor jobs, and was rejected, told never to apply again.
What was going on? It turned out the FBI was investigating one of their own agents: him. For the past year, he was being investigated for fraud against the government conspiracy and leaking confidential information to Popov.
Giving up the badge
This discovery broke Hilbert. Being in the FBI was his dream job, and this investigation stopped him from climbing up the ladder. He decided to look for jobs in the private sector, and in 2007, he walked into his boss's office, placed his gun and badge on the table, and quit his job.
After eight years working his dream job, it was finally over. It took another two years for Hilbert to be cleared by the Justice Department and the investigation to end.
An unexpected phone call
Over six years had passed since Hilbert and Popov had seen or spoken to each other. By this time, Hilbert had a new career as a consultant and was enjoying life. Why did Popov call? Did he have a tip? An offer? No. He calls to show gratitude.
"He called me up to thank me for the way I treated him and for his time in jail and the way it was handled," Hilbert told Poulsen over lunch at a family restaurant in Orange County early in 2013. "Now he's gone home and changed his life, and he's got a family now, and he owes me everything—his words."
Popov never forgot Thanksgiving dinner
After all the chases, the back and forth tricks played on each other; there's one thing that Popov never forgot: Thanksgiving dinner. In his darkest of moments, Hilbert gave a helping hand to Popov, showing him humanity and compassion.
Was he a hacker? Yes. But did that make him a monster? No. While Popov struggled during this prison time in the United States, Hilbert was the glimpse of light Popov needed to get through this time.