From Darknet to Defender: An Ex-Cybercriminal’s Guide to Online Safety
Brett Shannon Johnson, a former cybercriminal, now leverages his past to help people protect themselves in the digital world. Once involved in a darknet network, Johnson was eventually arrested but now consults and speaks about cybersecurity.
This article, based on a conversation with Johnson, offers insights into how to build a robust “toolbox” for online safety. Business Insider confirmed Johnson’s criminal history using court documents and news reports. The conversation has been edited for conciseness and clarity.
“I’m a reformed cybercriminal,” Johnson explained, “I used to commit credit card fraud and identity theft, but I’ve thankfully turned my life around.” Johnson’s network, which was shut down in 2004, provided a “trust mechanism” for criminals.
Johnson’s experience gives him a unique perspective on the cybercrime landscape. His advice, as a reformed offender, is valuable. The advice is centered around building a “toolbox” of defenses, emphasizing the need for practical steps, not complex solutions.
Building Your Online Safety ‘Toolbox’
Johnson emphasizes that everyone has a place in the cybercrime spectrum. The approach needed for a CEO will be different for a food service worker. He explains that criminals target the most vulnerable. With this in mind, he offers the following steps:
-
Situational Awareness Online. Johnson stresses the importance of awareness in the digital world, just as it is in the physical world. “Understand that every platform and every website that you go to has predators — every single one.” He advises, even despite the presence of bad actors, to be vigilant. “If we can just have that awareness in the back of our heads, that will automatically raise our security level.”
-
Freeze Your Credit. Freezing your credit with the three major credit bureaus (Experian, Equifax, and TransUnion) is one of the most effective tools to prevent new account fraud. Johnson stresses that credit freezes are free and should be implemented for every member of the family. “A credit freeze stops all new account fraud, so, as a criminal, I cannot pull your credit report.”
-
Set Up Account Alerts. “Every account has value to an attacker.” Johnson urges individuals to set up alerts for their email, social media, banking, and credit card accounts. An easy way to tell if there is suspicious activity.
-
Practice Good Password Security. Hackers often exploit the common habit of using the same or similar passwords across multiple websites. Johnson advises using unique passwords for every login. This helps prevent credential stuffing attacks. He recommends using a password manager to generate and store these unique passwords.
-
Enable Multifactor Authentication (MFA). MFA adds an extra layer of security to accounts and is an outstanding tool. Johnson notes that while it isn’t foolproof, using MFA in conjunction with other tools makes you more secure. He recommends a combination of passkeys, authenticators, and a password manager.
-
Be Mindful of Social Media. Johnson warns against oversharing on social media, as criminals can use the information to build a profile of their targets. “So, watch what you share on social media,” he advises, as criminals seek information like birthdays and vacation plans.
The Cybercriminal’s Mindset
Johnson says that understanding a cybercriminal’s motivations can help people better protect themselves. “These attacks happen for one of three reasons. It’s status, cash, or ideology.” Most attacks, he explains, are cash-based, targeting the easiest and most profitable opportunities. For criminals, the goal is the highest return with minimal effort. Implementing even basic security measures can make you a less attractive target. By taking these steps, individuals can protect themselves from the kinds of crimes that Johnson once committed.
