CyberLeveling Logo
Reflections on Cybercrime, Trust, and Responsibility

Reflections on Cybercrime, Trust, and Responsibility

Perspective from Brett Johnson, former ShadowCrew founder

Feb 11, 2026

This post presents a written Q&A focused on reflection, accountability, and prevention in cybercrime. It is not instructional and does not discuss tools, techniques, or operational details. The goal is to document perspective on human and systemic factors that shape cybercrime, rather than to analyze attacks themselves.

Do deepfakes signal the end of “seeing is believing,” or the beginning of a more skeptical internet?

Successful cyberattacks happen in the gap, the span of time between when an action is taken and when the victim realizes something is wrong. The wider that gap, the higher the chance of success.

For fraud to work, whether against an individual or an organization, trust is required. Without trust, people do not hand over information, access, data, or money. Deepfakes reinforce this by making false interactions feel authentic. A video conversation that appears to involve a company’s CEO, for example, tends to increase trust on the other end, while also creating a much wider window for the attack to succeed.

With deepfakes, there is a real risk that organizations will not be able to respond quickly enough to mitigate attacks. There is also a growing risk that we reach a point where people can no longer fully trust what they see or hear online, and in many ways, we are already there.

Online platforms like Twitter, Facebook, LinkedIn, and others are not one-to-one reflections of the physical world. Algorithms, factions, and engagement mechanics create echo chambers where attention is driven by arguments and drama. Online life is not real life, but many people treat it as if it is.

A more skeptical internet? I do not think so. An individual can be smart. Groups are often not. Groups tend to trust without verifying.

When attacks happen frequently enough, groups tend to respond in one of two ways. They become apathetic, or they stop using the platform, product, or service altogether. That may be the best outcome we can realistically expect.

What did you believe about cybercrime early on that you now know was completely wrong?

I used to believe that they were all just a bunch of naïve, innocent tech people with a penchant for making money the old-fashioned way, stealing it. I did not view the attackers as violent or as serious criminals. I was wrong.

The truth is, to quote Monty Python, violence is inherent in the system. The only way to keep true order in any criminal system is through the threat of violence and the willingness to carry that violence out.

The attackers are not naïve. They are not innocent. They are predators looking to profit wherever and however they can. Organized criminal elements are thriving in the online crime space. I did not fully appreciate that in my early days.

What responsibility comes with having lived on the other side?

I had an FBI agent tell me a few years ago that I did not really understand the importance of what I was doing, that I was also laying the path for anyone who might come after me, so do not fuck it up. That is a serious responsibility.

I am responsible for those reformed criminals who come after me. If I screw up, it makes their path much harder. So it is important that I do things right, above board, and truthfully.

More than that, people from law enforcement and other verticals put their careers on the line to give me a chance. Those people did not know if I was going to go back and commit crime or not. I owe them, and it is a debt that cannot really be repaid. So, do not fuck up, Brett.

I am also the guy that shows a criminal can change. That is something the good guys see, yes, but it is also something the bad guys see. It is important to show that real change can occur and that someone can walk away from criminal activity and lead a good life.

More than that, I take it seriously to do the right damn thing. That means saying the things no one else will. It means doing the right thing no matter who is watching and no matter the consequences. It means helping instead of hurting.

That is the responsibility.

What lessons can only be learned through experience, not intelligence?

Everything.

If I am choosing between two people, one book-learned and the other hands-on, I will take the hands-on person ten times out of ten. Intelligence and books only get you so far. Books give you the overall structure. Intelligence gives you the capacity to learn and understand.

But both miss something critical. Willingness. And willingness matters more than anything.

Show me someone who is willing to dive in and learn hands-on, and I will take them any day.

What changes in education do you think would most reduce the number of people drifting into cybercrime?

I think the problem with education is that many people, instructors and students, tend to believe that a degree or a certificate means they are competent and have a degree of mastery in the outside world.

In my experience, there is a huge difference between what someone learns from books and lectures and what actually happens on the street.

What would I change? More hands-on learning. More internships. More talking to and learning from people who actually do the job, and not doing those things as a dog-and-pony show like we are right now.

It is also important to understand that grades are not an indicator of success in the outside world. And it is important to understand that you do not need traditional education in order to be effective and successful in this space.