Ryan McFarlane

Your track record is 99% conviction rate.

So these systems were all configured the same, and they had similar tool sets and the same kind of encryption everywhere.

So when Danette pled, he actually was able to provide his password for a couple layers of that code.

his work platform so we were starting to be able to essentially peel back the layers of encryption and see what was in each layer of encryption so we'd peel back the first one and we'd get into the linux operating system that they were using and we saw that there was some source code for the encryption software the container software that nicolescu had written

We'd come across a couple of additional TrueCrypt containers and we could unpack some of those and we were doing forensic analysis on these systems and sometimes we'd be able to find a mistake where they left a password somewhere or we were able to get in because somebody would tell us what their password was.

I remember one of the passwords was pizza kitchen in Romanian backwards.

that was his password and it was like a like a 15 letter maybe it was longer than that password and it needed to be in concert with another password and we only got so far so we could only get so far through that encryption because they had been in jail for a bit after being extradited and their passwords were extremely complex

And we could never, never get in past the layer that Nicolescu wrote.

I had actually gone to Quantico.

We have a lab there that specializes in helping in these highly advanced technical situations.

And we brought the source code out there and they analyzed it.

And we spent a lot of time trying to break into it.

And everybody will say, the first rule of encryption is don't write your own.

But in this case, Nicolescu was so good that he wrote a pretty solid piece of encrypted container software.

We took all the evidence that we had collected over this entire case.

We took all of our victim complaints.

Stacey and I went through all the IC3.gov complaints.

We went out and interviewed hundreds of victims, I felt like, at the end of this, and had some of them come testify at trial.

We had a search warrant on a couple of the command and control systems, which I had actually stood up a copy

of that command and control server in our office.