Subscribe
Share
Share
Embed
Welcome to Bare Metal Cyber, the podcast that bridges cybersecurity and education in a way that’s engaging, informative, and practical. Hosted by Dr. Jason Edwards, a seasoned cybersecurity expert and educator, this weekly podcast brings to life the insights, tips, and stories from his widely-read LinkedIn articles. Each episode dives into pressing cybersecurity topics, real-world challenges, and actionable advice to empower professionals, educators, and learners alike. Whether navigating the complexities of cyber defense or looking for ways to integrate cybersecurity into education, Bare Metal Cyber delivers valuable perspectives to help you stay ahead in an ever-evolving digital world. Subscribe and join the thousands already benefiting from Jason’s expertise!
Hey everybody,
welcome back to Cyber Talks.
I'm Dr. Jason Edwards,
and today we're talking about tracking
school swatters and shooters through
online leakage and holding them
accountable before violence occurs.
Our guest is Detective Richard Wistocki,
who retired after thirty years in law
enforcement and more than two decades as
an internet crimes investigator and SWAT
operator.
He's a national trainer,
creator of several key Illinois laws on
sexting, swatting, and SRO certification,
and now leads BeSureConsulting.com,
helping schools and law enforcement
nationwide.
We'll hit the essentials of his three-day
class,
what schools and LEOs must capture when
threats appear online,
and how exigent circumstances work,
and how fast identification supports both
safety and mental health intervention.
So let's jump in.
So welcome, Rich.
Well, thanks for having me.
Great.
So tell me about yourself.
Tell me about what you do and we'll
get started.
Sure.
So I've been retired from the Naperville,
Illinois Police Department since twenty
eighteen.
I spent twenty eight years there,
spent five years in patrol.
And nineteen ninety five,
I went into juvenile investigations.
And then in nineteen ninety eight,
we had our first Internet predator come
from Brentwood, Tennessee,
all the way up to Naperville to pick
up a thirteen year old at the corner
of her block, took her to a hotel,
raped her, think I didn't kill her.
and let her go back home.
So when her parents brought her back to
the Naperville Police Department,
he met her on this thing.
I don't know if your audience even
remembers this archaic thing called
America Online.
So when I teach young officers throughout
the country, I ask them that question.
They're like, yeah,
don't know what that is.
So AOL, just to be exact.
So the fact of the matter is we
didn't know what an IP was.
We didn't know what geolocation metadata
was.
We didn't know anything about ECPA or
anything like that.
So we took over her account, became her.
And then six months later, he came in,
tried to do it again.
This time he met me and my SWAT
team.
So that was the start of our Internet
Crimes Unit in Naperville.
So we started collaborating with other
departments, Chicago, Arlington Heights,
Bolingbroke, Woodridge, Batavia, Geneva.
And so we started having our own mini
task force.
Well, then in two thousand,
the Department of Justice,
Office of Juvenile Justice Delinquency
Prevention,
came up with this new task force called
the Internet Crimes Against Children,
ICAC.
Today,
there's over seven thousand detectives
like myself.
There are six sixty one ICACs throughout
the United States.
Illinois has two.
That's where I'm from.
And we are specifically trained in child
exploitation.
Well.
What had happened in twenty twenty one and
now at this point,
I've arrested over three hundred Internet
predators on social networking,
gaming platforms, file sharing,
all that stuff, cyber tips.
And so an interesting study came out in
twenty twenty one by the Secret Service,
by Dr. Al-Athari.
And what Dr.
Al-Athari found was that ninety three
percent.
of the school shooters over the last
twelve years had posted online what they
were going to do before they did it.
And that was shocking to me.
And so as you look through some of
the leakage that she gave examples of,
I'm like, wait a minute.
In child exploitation,
we use a protocol called the Exigent
Circumstance Protocol.
And what that says is when death or
great bodily harm is about to be committed
or committed now,
we can invoke exigency on somebody who
wants to shoot up a school and find
out who they are within two hours.
So what I did was I put this
program together and I read that study and
they just came out with a new one.
So I can't wait to dig in as
far as what our success has been, right?
And so I figured, you know,
we need to start training to the failures,
right?
Not to the successes.
Where are we failing and not catching
school squatters and school shooters?
And what I decided to do is that
I put together a three-day program.
program where it involves school
administration being your i.t people at
the school your social workers your deans
your principals assistant principal
superintendents and put them together with
law enforcement okay
So when I did that,
it has been a widely successful program.
And we'll get into the nuts and bolts
of the program.
But as far as what I'm doing,
we train at Be Sure Consulting.
We have seven team members.
If you go to my site,
besureconsulting.com,
we have seven team members and they're all
ICAC or current SROs.
And we train about three hundred thousand
students a year.
And our job is to empower students not
to be victim.
So here's how our team starts out every
student presentation.
No one is allowed to make you feel
bad about yourself online.
No one.
No one is allowed to make you do
something you know you shouldn't be doing
like this.
Sextortion or suicide.
I am telling you, Jason,
there are so many kids who are cyber
bullying.
Here's what the new cyber bullying is.
And I'll put up a slide, right?
I'll say,
how many of you kids have received this
text message over the last year?
And I put it up by button one,
button two, button three.
No one likes you.
You're so ugly.
Why don't you just go kill yourself?
And I have anywhere from twenty to fifty
kids raising their hands.
Our kids, elementary, middle school,
high school, they're all doing this.
And then the second question I follow up
with,
out of the kids who raised their hand
to receive this text message,
how many of you know that the person
who sent you that message is in this
auditorium right now?
And half of them will keep their hands
up.
Our kids are doing it to each other.
So we need to be training our kids,
right?
So what do the two have to do
with school shootings and swattings?
It's easy.
One of the failures in school shootings
that we found was that kids are hesitant
to report because why?
Snitches get stitches, right?
So that's why kids won't report.
But yet when we see a leak,
even in today's news, right?
The school shooter, or not the shooter,
but the assassin of President Trump,
When you look at his leakage,
he's practicing shooting a gun,
shows what he wants to do.
And it's all there,
but nobody picks up on it and nobody
understands ECPA,
the Attractive Communications Privacy Act.
OK, so what I did in my class,
you want me to go to my slides
now?
And yeah, and, you know,
I was going to say real quick, too,
because, you know,
you're talking about this thing with kids
and stuff.
There was just me and my wife watched
that entire Netflix show about the mom who
was bullying her own daughter.
I lost my voice because I was screaming
at the TV so much in that in
that in that series.
We could have solved that in two hours,
you know, two years.
Thank God it took me the entire series.
I was like, what the heck?
Because there's a certain part of your
brain where you're like,
you just can't believe that someone would
do this thing, right?
And I think that's a problem with little
school shooters and stuff.
I think people just have a reference for
that, right?
They can't believe it.
Even though it's happened, it's still,
I mean, one thing I tell people too,
because I have a couple of friends of
mine and they're like, oh,
US schools and violence.
And I'm like,
you don't understand how big the school
system is in the United States.
There are seventy million children under
the age of eighteen in our schools.
That is the population of France.
Yeah.
I mean,
so you look at like the crime rate
of France compared to the U.S.
public school system.
That's an equivalent.
And of course, the fact that you have,
you know,
just mostly immature children in the
United States with availability of certain
weapons and stuff.
But like they don't realize how big our
school system is.
Right.
right enormous you know so you know out
of the three hundred thousand students we
taught last year we had forty kids come
to us after the presentation saying that
that happened to me and i didn't tell
anybody
Because they're terrified, right?
You know, they're scared.
And then like, you know, yeah,
it's a horrible thing.
Yeah.
Yeah.
Our mission is to empower these kids to
come forward.
Like, for example, I was and this year,
we're up to sixteen,
sixteen kids already out of the thirty
schools that we've taught.
Sixteen kids have come forward.
I was in I was in a very
affluent suburb in St.
Charles, Illinois,
and I was at a Catholic school.
And this eighth grader told me that she
was on Roblox.
She was talking to someone who she thought
was her age when her parents weren't home.
She invited him over and he was twenty
something year old and she let him in.
And he sexualized her.
You know, so again, you know,
we have to be training our students how
to report this and what predators are
doing.
Jesus.
OK,
so let's go ahead and bring up the
slides because, you know,
you just get angry as a father, right?
Yeah, it certainly does.
OK,
so so what I do in my class,
the first step that we do is I
hand out flash drives.
to everybody in in my class and everybody
has to bring a computer they have to
bring a pc or a mac so what
we do is we i give them a
flash drive filled with go buys right
search warrants subpoenas language uh
preservations
And I give them the language on what
they need already pre-done for their
cases.
OK, so everybody downloads that.
So for your viewers,
go ahead and scan my QR and you
pull out your phones if you want to
pause this or whatever to scan this.
And this is my contact.
If you want to get in touch with
me, I'm available to anybody, twenty four,
seven,
whoever has an issue or wants information
on the classes that to bring to your
area.
And I'll put a direct link in the
content of this video.
Okay, great.
We already talked about my background.
Currently,
I'm a reserve deputy sheriff with the
Putnam County, Tennessee Sheriff's Office.
I do everything remotely for them.
And when it comes to internet crime,
as we all know,
I don't have to be in the office,
right?
I can do the search warrants and do
the portals,
talk to social networks remotely.
So that's what we do.
So one of the biggest things that we
need to train is that we need to
train our students.
We all heard of see something,
say something, right?
That's not enough.
We have to train our students
See something, say something,
report something.
We have to show them what evidence we
need, and we'll cover that.
There's five pieces of evidence that we
need to be training our students and our
staff on what law enforcement needs when
an incident arises,
whether it's cyberbullying, sextortion,
stalking,
or school swatters or school shooters.
Whenever that leakage comes out,
here are the five things that we need.
It's really important that our students
understand the time is of the essence,
right?
So, twenty four seven,
we have access to do the portals of
the social network.
So TikTok, Snapchat, Instagram, Facebook,
they all have already set up portals that
are credentialed for law enforcement.
So in the class.
All the law enforcement agents and the
school officials will create their portals
to obtain information in a timely manner.
So when we train our students,
a lot of times I have to put
them in the thought process.
So I was a sniper for twenty three
years.
Right.
So in sniper school,
they always show you that what makes your
decision on where you're going to build
your hide, right?
Where are you going to be able to
get the most intel as a sniper?
So we play this game in our brain,
right?
What do I gain?
What do I lose by going up there?
What do I gain?
What do I lose by being down there?
So I play the same game with our
kids.
What do you gain?
What do you lose by coming forward?
All right,
let's talk about what do you gain by
not saying anything?
Well,
the respect and confidentiality of your
friend who's telling you he's going to
shoot at the school.
What do you lose by not saying anything?
Well, my friend could possibly die.
I could be saving lives in my school.
I could be protecting people,
my teachers that I love.
So do you gain more by saying something
or do you lose more by saying something?
And we gain more by saying something,
right?
This is the mindset we have to put
our kids in.
Unfortunately,
these are the times we live in.
But not only is it only for school
shooters, we're talking cyber stalking,
sextortion,
predators talking to their kids and kids
confide in each other, right?
So it's also important is what kind of
friend are you
to not tell a responsible adult when your
friend is going through something so
horrible, right?
And the only reason why they're telling
you is because they trust you,
but maybe they're so scared that they're
reaching out for help, right?
So these are the things that we,
this is step one in the fall of
all these dominoes that has to start with
training our students because they're in
it, right?
They're in the leakage.
They're in Discord.
They're in Snapchat groups.
They're playing Roblox and they're in
these Roblox chat rooms.
So this is where the threats come about
and we have to show them how to
report.
So to give you an example of some
of the leakage, I won't play this.
I'll just I'll just tell you what
happened.
So we teach a lot in Michigan.
I teach probably there six times a year
at law enforcement agencies.
So a Pontiac SRO who had great
relationships with his students, right?
And he trained the students to come
forward if they see anything.
So what had happened was the student came
to him and said, hey,
these two guys are beefing on Snapchat.
They're talking about shooting up the
graduation.
So he took the information,
got the five pieces of information from
his student.
He sent it over to investigations and they
work with the FBI and they executed search
warrants on these two guys in Snapchat.
And they found the messages that they
already buried their guns at the
graduation site.
They hid them.
And so when they executed the search
warrants,
they were able to grab these guys up,
recover the guns,
and they stopped an unbelievable tragic
event that was going to happen at the
graduation.
I mean, you had pregnant moms, babies,
children, grandmas,
and they were going to shoot up.
They had a mini AR and I think
there was a switch on that Glock that
they found and numerous ammunition.
They were going to shoot the school.
And how was it stopped?
A student came forward with the Snapchat.
And that officer knew exactly what to do.
Their detectives at Pontiac knew exactly
what to do.
And they stopped it before it happened
through the leakage.
And that is what we have to do.
And there's success stories like this time
and time again.
Last year,
we stopped forty two school shootings.
This year,
we are in the seventh week of school.
And my SROs that I've trained have already
stopped fourteen.
Wow.
Yeah.
Just by doing this class.
So I want to kind of do a
deep dive into this.
So here are the five pieces of evidence
that your audience needs to understand
that we need.
And we have to show our students this.
We have to show our school administration
this.
And let's face it, Jason,
a lot of police officers have no training
in cybercrime.
None.
So when they come to my school, like...
When my training,
like I was in Fort Worth,
after I was done in Fort Worth,
they had four school leakage and bombing
threats that they solved within two hours
each.
And they know the importance of it.
So we go through this.
Here's the five pieces of evidence.
Number one,
I need screen captures of everything.
The chat, the profile, the pictures,
the videos, screen capture,
screen capture everything,
print it up and make it a file
somewhere.
Number two,
I need the user ID or the gamer
tag or the fake phone number or that
email address making the threat.
Once I have screenshots of that,
print it out and make it a file
because these are the offending accounts,
right?
Now,
I get a lot of heat for this
third one,
but you have to understand where I'm
coming from.
A lot of school officials and law
enforcement officers who have not been
trained
will tell a student who wants to come
forward with this information, oh,
just report it to the social network.
They'll take care of everything for you.
No problem.
That is wrong information to tell our
students.
Here's why.
If the student and their parents don't
want anything to do with this and they
don't care who it is, yes,
by all means,
report it to the social network in abuse.
However,
if you want law enforcement to make this
person accountable for what they're
saying,
do not report it to the abuse section.
Here's why.
When you report something to the abuse
section, it goes to the TOS team,
the Terms of Service team.
They will review it for if there's a
violation of community standards and a
violation of law.
If there is,
there is a potential for the social
network or gaming platform to delete this
account for the violation.
So does cyber bullying and cyber stalking
happen only once, Jason?
No, it happens five, ten, fifteen,
twenty times.
So on the first couple of times when
you report it and now on the fifth
time, the parents like, you know what?
I'm sick of it.
I'm going to the police.
They better take a report.
So they go to the police.
You take a report.
Now, this is all going on now,
has been going on for a few weeks
at the social network.
Right.
So now the police officer takes a report.
They send it to investigation.
This time could be anywhere from three to
seven days.
Now, the detective who is trained,
hopefully, will send a preservation,
will send a search warrant or subpoena to
the social network.
Well, in that time lag,
the social network may have deleted the
account already.
And so when law enforcement sends a search
warrant, it's already been deleted.
There's nothing there.
Now,
the only social network that I know of
that does this and is a law enforcement
partner is Snapchat.
When Snapchat does,
there's an abuse report,
they automatically preserve the data for
law enforcement automatically.
But not a lot of the social networks
and gaming platforms will do that.
But because Snapchat is a law enforcement
partner, they do that automatically,
which is fantastic.
So, but others don't.
So I'm telling school officials and
children who are victims,
don't report to the social network if you
want law enforcement to do the case, okay?
Now, number four,
If there has not been any sexual abuse
or physical abuse, don't do this step.
Because if there has been sexual abuse or
physical abuse,
that victim has to go to a child
advocacy center for interview, okay?
But if that's not happening,
I need a detailed type statement as to
what happened and how it made them feel.
It goes something like this.
I was in Roblox.
My gamer tag was this.
I was playing with gamer tag so-and-so.
After about two months,
we went to Discord DM.
So we went to Discord DM.
He told me that he had guns and
what school do I go to?
He asked me if I wanted my school
swatted.
And this has actually happened when I was
teaching in South Carolina.
The girl on Discord said, you know,
it's funny.
I was on Discord the other day.
My friend from Roblox told me that if
he asked me if I wanted my school
swatted so I didn't have to go to
school tomorrow.
But when the school got shut down,
she came forward and we were able to
track him through his discord and then
everything else that he had.
So he did, this kid did,
he was twenty years old,
did seven swaddings that day, New Jersey,
Florida,
and where we were in South Carolina,
in North Charleston.
So it's really important that we have a
detailed type statement as to what
happened, how it made him feel.
Now,
We need everything printed out and saved
on a flash drive.
Not one flash drive, two flash drives,
because sometimes it's got to lose stuff.
So we want the victim to keep on
his backup just in case detectives don't
have that initial flash drive.
Why do we need the flash drive?
We need the flash drive because when we
go into the law enforcement portal that's
credentialed,
they want us to prove that this threat
actually happened.
How do we do that?
We have to have a digital form of
threat.
So now the officer,
all they have to do is plug that
flash drive into their computer,
go into the portal, upload the threat,
upload the social network,
upload the statement from the victim.
And with that, boom,
they see exactly that there is a threat.
And within one hour, Jason,
that social network will tell us eight
things that we need to have.
And we'll cover the eight things here in
a little bit.
So these are called,
and I'll get to this.
So in this class,
we cover the potential threats.
What are they?
We'll cover the history of the school
shooter.
We'll cover the most frequent proximal
warning behaviors as indicated by BTAM,
Behavior Threat Assessment Analysis.
What is the cyber investigation process?
And we're gonna cover all of this stuff
here today,
just kind of like an overview of what
the class entails.
So here is the foundation of the three-day
class.
It is ECPA,
the Electronics Communications Privacy
Act, okay?
This, believe it or not,
this was born in nineteen eighty six.
So what it says for local law enforcement.
We are entitled and we'll just read it
here.
If the provider Snapchat, Instagram,
TikTok, in good faith,
believes that an emergency involving
danger of death or serious physical injury
to any person requires disclosure without
delay.
Supreme Court says that it can be anywhere
from one to two hours.
of communications relating to the
emergency in twenty seven oh two.
Provide similar exceptions for the
disclosure of non content information.
So let me set this,
let me set you up here for non
content information.
OK, so I've created a flow chart.
Let me let me get this up and
I'll share this with you real,
real quick and pull this over.
And by non-content information,
we mean basically just their account
information, stuff like that?
Yes.
So we'll get into – this will open
up for me.
Sure.
I'll probably have to go to my website
to pull it up.
Okay.
I'll list it out for you.
And again,
it's really important that our audience
understands what non-content information
is, okay?
So we'll start with the first one,
subscriber information with financial
data, emails associated to the account,
telethon numbers associated to the
account,
devices associated to the account,
history of IPs for as long as the
account has existed,
and this is gonna play an important part,
port source information,
any and all accounts associated to this
account, and any and all UDID,
UUID or Apple ID information.
So let me go through this so our
viewers understands what non-content
related information is.
And you can do this with a subpoena.
So what ECPA says,
Local law enforcement has four avenues of
obtaining data under this federal
guideline.
The most important part of any Internet
investigation, no matter what it is,
is preservation.
OK,
I show my my officers that when a
student comes in and wants to report a
cyber crime, you tell them, OK, sit down.
Here are the five things that I need.
I need it right now.
The only thing my officer should be
thinking of while the student is obtaining
the data is I got to do my
preservation.
I got to do my preservation.
So what happens is as they're doing the
five things,
they're going to log into the portal,
hit preservation,
put the account details in and bam.
So for ninety days forward,
anything that kid does, who's our suspect?
It's all going to be recorded.
OK,
because what do kids do after they report
something to the authorities?
They will then go on their socials and
say, I just went to the cops.
They're screwed now.
And send it to their group chat and
so on and so on and so on.
Right.
So what does that do?
Ultimately,
her group message is going to get to
the suspect.
And when the suspect finds out that
somebody dimed them out,
what are they going to do?
They're going to delete everything.
And if we don't have a preservation
intact, we're going to lose it.
Right?
So preservation is the number one thing
that I'm training people to do.
Number two,
we can do a subpoena on any account.
Now in a subpoena,
we can only ask for these seven or
eight non-content related pieces of
information.
That's it.
Okay?
Nothing more than that.
In a search warrant,
not only can we get the non-content
information, we can also get messages,
friends lists,
pictures and videos,
and in all geolocation metadata.
We can find out so much more with
a search warrant because that's a court
order signed by a judge.
So that's number three.
Number four is the exigent circumstance
protocol.
When death or great bodily harm is about
to be committed or committed now,
you can attest and invoke this protocol to
saying, yes,
there is a threat of violence and death
in the school.
And within one hour,
the social network is going to respond
with these eight things.
once the one hour has passed and i
have these eight things i take this ip
i run it in max mine or ip
to location that is that is step three
right so versus preservation then we do an
exigent on the user id the gamertag the
fake phone number or the email address
that'll give us these eight things then we
take that ip we run it in max
mind that tells us who the provider is
Once we know the provider,
we do preservation,
exigent to the provider.
In the second hour,
we will find out where that message and
that suspect is.
Within two hours,
we can find out where the slaughter is
or the leakage from the school shooter.
Okay?
Now,
something really important in these eight
things.
Subscriber information, what is it?
Name, credit card information, right?
Emails associated.
This is really important because there are
three ways we identify a social network.
User ID, phone number, and email address.
The reasons why it is so important for
school officials to attend this training
is because I asked them this question.
How many of your schools are you
collecting data upon registration
the personal cell phone number of every
student and the personal email of every
student.
And you believe it or not,
some schools don't collect that data.
So in the class,
they'll learn why it's important to
collect that data.
And of course,
parents are going to know why do you
need that data?
It's a safety issue.
If God forbid something happens to your
child,
Our SROs and our school administrators can
locate them through their social networks
if we have that data,
their personal cell phone number and or
their email address,
because that's how we identify social
network accounts, okay?
Now, devices associated to the account.
Again, I show them, you know,
a lot of kids will say,
it wasn't me, I was hacked.
I didn't send that message out.
Repudiation, right, yeah.
Yeah, right.
So where do we look when someone's hacked?
The device that connected to the account
and the IP that connected the device,
right?
So when we have that information through
our non-content information,
we can verify that, yes,
this kid was hacked.
Or not.
Okay.
Or not.
So that's a big part of our student
presentation.
I asked them the question.
I said,
how many of you ever heard someone that
said, it wasn't me.
Somebody hacked my stuff.
And I take them through an investigation
on how we can prove that they were
hacked or not.
And they're like, oh, crap.
So they can't use that excuse anymore.
Oh yeah, with cyber,
we've been doing that for a long time,
right?
I didn't surf to that website.
Someone must have used my computer, right?
Repudiation has been something we've dealt
with for twenty-some years.
Right, right, right.
But the biggest one is number five here.
Number five.
The mistake that detectives make when
they're doing these swattings or when
they're doing these school shooter leakage
is that when the leakage comes out,
here's what they'll ask for in their
exigence or their search warrants.
Give me the IP that made the threat.
That's wrong.
The appropriate ask is give me any and
all IPs for as long as the account
has existed.
Because what we're gonna get with that,
not only because when you ask for the
IP that made the threat,
you're gonna get a VPN and you're dead
in the water.
But when you ask for any and all
IPs for as long as the account has
existed, you're gonna see all their login,
logout times,
You're gonna see all their,
where they were signing on with their
phone when they're at school.
So IP logs tell a story, don't they?
They can tell you where you live,
where you work, who you hang out with,
what kind of phone you have.
They tell a story.
But if we're not asking for the story
in any and all IPs for as long
as the account has existed,
we're gonna miss it.
Let me give you an example.
So I have contracts with about,
Twenty five school districts all over the
country.
So my team and I handle all of
their online crime,
their reputation of the school.
We handle all the presentations for
parents, students and faculty.
Anytime there's an allegation,
we prepare all the evidence for the law
enforcement agency.
So we're kind of like their personal SRO,
if you would.
Right.
So one of my schools called me and
they said, Rich, we just got swatted.
But unfortunately,
sometimes in my schools,
I have the police departments don't
appreciate that the school has hired us
Because they think it makes them look bad
when all in all,
we're just trying to give them the right
information.
So if they're not trained,
we don't want them looking at the wrong
information, right?
Well, that was this thing.
So law enforcement, in my experience,
are like,
that Naperville guy is not going to come
here and tell us what to do.
That's the type of bravado that law
enforcement has, unfortunately.
so um at this particular school a threat
was made uh in an email that we
have two pressure cooker bombs you've got
fifteen minutes to clear the school
because i'm loading my ar in the bathroom
you'll never find me that was the threat
so
What had happened was instead of calling
law enforcement agency,
calling me and depending on me,
the superintendents gave me a heads up.
Hey, law enforcement's working on this.
I'm like, all right, what's the threat?
Send me the threat.
So he sent me the threat.
I said, all right.
I said, was this them?
Was that them?
I'm not sure.
So.
They came to the conclusion.
The superintendent called me an hour
later.
They said they've located where it came
from.
It came from Pakistan.
And also there was another school that got
hit with the same guy.
That VPN also came from Pakistan.
So it's somebody in Pakistan.
It's somebody in Pakistan.
No need to look.
Carry on.
Well, then an hour later,
the superintendent says, Rich,
we just got this voicemail left on our
voicemail, my voicemail machine.
And it stated,
how do you like me now, Mother Everest?
How do you like me now?
Hi, everybody's got off school now.
And that kid didn't sound Pakistani.
So what actually happened was there was
one kid in this school district and
another kid in the California district
using the same VPN to do the school
swatting.
Two different kids.
Had they asked for
Any and all IPs for as long as
the account has existed,
they would have found out who the suspect
was.
But because they weren't listening to me,
right,
or they weren't listening to the training
I provided to them, because, you know,
some detectives just are not trained in
cyber.
And they asked for the IP that made
the threat.
And that's a mistake.
They could have found out who it was,
but they didn't want to listen to the
advice that I was giving them.
And then I wanted to see the IPs,
right?
And they wouldn't share the IPs with me.
So, you know, it's obvious that, you know,
the mistakes that law enforcement makes
that they never been cyber trained,
they don't know how to ask for it.
So how you ask for it is so
important.
So important.
Um, okay.
Let me, let me go back here again.
Um, where's my timer?
How long do we have?
Oh, there it is.
All right.
Let me just get into, um,
the importance of what the current reality
is okay so the unfortunate thing is i
want to use this as an example this
was the georgia school shooter okay um
For everybody,
your audience needs to know,
when it comes to child exploitation
online,
all that information gets sent to the
National Center of Missing and Exploited
Children, to NECMEC, right?
And then NECMEC will geolocate where the
suspects are,
and then they'll assign that case that's
reported to one of seven thousand people
like myself in the ICAC.
We call that a cyber tip.
Now,
when threats happen to shoot up a school
or shoot up a building,
that information goes directly to the FBI.
OK, now, unfortunately, you know,
when I ask the question in my class
to my officers that are there,
I ask them, I have a question.
How many of you have ever been on
a search warrant authored by the U.S.
attorney for a juvenile?
And nobody raised their hand.
Second question.
How many have worked in operation with the
FBI where the FBI took the juvenile into
custody?
Nobody raises their hand.
Why?
Because there's no mechanism to handle
juveniles in the federal system.
So the FBI has to leave it to
the locals to handle the situation.
Okay.
Now, as an example,
in this case in Georgia,
what had happened was, I mean,
I can play it,
but it's probably faster for me to explain
it.
So I'll narrate this a little bit.
Can you hear it?
Somebody from your old address learned
traditions and made a threat to shoot up
a school.
For real?
I don't know anything about him saying
shit like that,
and I'm going to be mad as hell
if he did.
And then all the guns will go away.
So this dad had numerous guns in his
house, unsecured.
I do feel bad about this.
Newly released body cam video shows a
Georgia investigator confronting both Colt
and Colin Gray.
The teen accused of killing four people at
a high school and his father.
The footage gives us an inside look at
the investigation that spawned from an FBI
tip more than a year before the teen
allegedly opened fire.
We are taking a closer look at that
right now as both of the people being
questioned now sit behind bars.
Welcome to society.
Presented by law and crime, Jesse Weber.
you.
Biggest biggest updates from the school
shooting in Winder, Georgia.
And now we have got some bombshell footage
for you.
We have gotten our hands on body camera
footage showing Jackson County
investigators questioning Colt Gray,
the accused shooter,
And his father, Colin,
who's also been criminally charged,
about a threat posted on the video game
social media platform Discord.
This was back in May of twenty-three.
Which again,
is really problematic for the father,
who's accused of supplying his son with a
gun, seemingly knowing that he had issues.
But here's what happened.
Here's what happened here.
So the FBI had gotten had gotten it.
Someone was someone was getting an echo.
Can you explain the video?
Maybe it might be.
Yeah.
So what had happened?
I just want to get that one part
out.
What had happened was the FBI got the
tip.
When they saw it was a juvenile.
Right.
And the tip was this kid is going
to shoot the school.
He's already got his guns getting ready to
do it.
Right.
So they give it to the locals.
Now,
it's unclear to me who sat on that
case.
Did the FBI sit on it for a
month or did the locals sit on it
for a month?
I don't know.
So I don't want to speculate.
But what had happened was during that
time,
they had moved from the location of where
the IP was out of the house in
the one section of Georgia,
wherever they were living,
and they moved to another and he's renting
a house.
There was a breakup between mom and dad
because she wasn't paying the bills or
whatever.
So because the local law enforcement
agency didn't know anything about cyber,
when it's a month or two,
I have to see the IP logs.
Had they done an update exigent on
Discord,
they would have seen the new location.
so here is how we break it up
in our class in the first instance when
the leakage comes out we find out who
the kid is in two hours right now
the common denominator among school
shooters somewhere in their upbringing
when they were a child they were either
sexually physically emotionally or
mentally abused one of those fours
happened to that child and then when they
try to go in the mainstream in school
they're ostracized right they're beat up
they're bullied whatever
They have mental health issues at this
point.
What we subscribe is that when you find
this kid,
you should really get him to a hospital.
Or if you need to take him in
custody, take him into custody.
That's phase one.
Phase one is finding them in two hours.
Phase two is that where are we going
to find our kids' deepest,
darkest feelings and secrets and messages?
We're going to find them in their social
networks.
So before going to this kid's house,
we needed to be doing a search warrant
on his Discord, on his whatever he has,
right?
There we're going to find our deepest,
darkest secrets in planning.
If that's positive, which it was here,
right?
We needed then to,
now we know the kid's got mental health
issues.
There's guns in the house.
And and we need to go after that.
So phase three is when phase two is
positive.
We execute a search warrant into the
house.
We grab the guns and we stop the
school shooting.
OK.
Had they done the search warrant,
either exigent or search warrant on the
social network,
they would have seen the IPs have changed.
Had they then executed a search warrant,
and my mantra is that when you have
all these IPs and evidence that there's
gun in the house,
don't you dare go in that house without
a search warrant.
Because what happens is every single time
when a school shooter is confronted,
did you post this?
Yeah, but I was just kidding.
Law enforcement wipes their hand and they
walk away.
Or do you have guns in the house?
No.
Do you mind if we check?
You got a search warrant?
No.
And you're not coming in.
We have to be ready for that in
our investigations, okay?
Had they gone into that house,
not only would they have secured the guns
to stop the shooting,
you know what else they would have find,
Jason?
The common thread of school shooters is
that they are very researched.
They research and the godfather of all the
school shootings
is Sandy Hook, Adam Lanza.
Why do school shooters idolize Adam Lanza?
Because he had a thirty two person body
count and the amount of times law
enforcement went to go talk to him and
he thwarted all of it and survived all
of it because they never went into his
house.
Had they gone into the Georgia shooter's
house, he had a shrine.
Of Adam Lanza and Nicholas Cruz all over
his wall.
Jesus.
Had they done the search warrant,
they would have found that.
Well, how would the parents not find that?
That's why he was charged.
Yeah, exactly.
That's why he was charged.
He allowed this to happen.
He knew his kid had emotional problems.
He says himself,
I'm at that school almost every day.
And I just want to protect my son.
So I'll stop my share here.
And it's just so important that we are
doing these trainings of our students,
training our faculty.
Let me hit one more point.
That's really important, this whole thing.
Another breakdown that Dr.
El-Athari found was that school districts
were not telling their SRO or local law
enforcement that there was an issue.
So here's the first question based on
that.
Here's the first question I ask my
students when I'm teaching them in the
first day.
First question,
how many of you SROs are sick and
tired of not being told about threats
until things go sideways and they all
raise their hands?
I say, keep your hands up.
School officials, see these hands up?
If you continue to keep things away from
your SROs, you are gonna get kids killed.
This gotta stop.
The issue becomes,
I have to give everybody on the same
page.
And there are a lot of school
administrators, Jason,
that will hide behind FERPA.
I can't give that officer the information
because they're not a school
administrator.
It's a FERPA violation.
It is not.
It is an exception to FERPA that when
there is some type of threat of safety,
they have to cooperate with their law
enforcement people.
But here's another misunderstanding.
We always go back to,
and I'll end on this.
What does your MOU say?
Your Memorandum of Understanding.
So every SRO has to have an MOU
signed by their city council or mayor,
their chief, the superintendent,
and the school board.
What does your MOU say?
And here's what FERPA says.
If in the MOU,
your SRO is listed as a school
administrator,
they have access to all data from the
schools.
Now,
there's some crazy like principals and
superintendents that won't even let their
SROs look at camera footage,
video footage in their schools because
they say it's a FERPA violation.
So when I get those complaints in my
class, I'm like, well,
what does your MOU say?
So.
And this is the reason why I passed
and I wrote the SRO mandatory
certification in the state of Illinois.
Because our SROs have to be uniquely
trained and certified by a national
organization called NASRO,
the National Association of School
Resource Officers.
I'm the cyber trainer with NASRO.
So I train all NASRO participants.
There's twelve weeks in the summer.
I'm in a different state training NASRO
every week.
NASRO.
Participants or members in every state.
So what happens is,
is that we have to under natural follow
their adaptation,
which is called the triad.
Every natural practitioner has to follow
the triad.
Here's what it says.
And this is their their ethos.
I am first a school administrator in my
duties.
Secondly,
I'm a mentor for the students and the
parents.
And third,
I'm a police officer in that order.
Now as cops, we know we're cops,
and that is up here, right?
That's our first priority.
But in the eyes of the students, parents,
And school administration and the MOU,
I am a school administrator first.
What FERPA says is that if he's considered
a school administrator,
he has access to all data.
And that's where we need to be when
we're training our school staff and law
enforcement.
Do you find that's a majority of cases
where they don't trust the SRO,
or is that just a very fine minority?
I say it's...
I'd actually say at this point,
it's probably a sixty forty split,
sixty four cooperating and forty percent
not.
And that's just based on my experience
with my SROs.
And I train six thousand of them a
year.
And we have these conversations all the
time.
Right.
And when I ask that question,
I would say seventy five percent of the
officers, they laugh,
they giggle and they shake their head and
they raise their hand.
And that's why I have to have.
These principals,
assistant principals and superintendents.
Look,
let's take the example of the six million
dollar settlement with the first grade
teacher was shot in the stomach by a
first grader.
Right.
Same thing.
The school never told law enforcement this
kid was a problem.
They never told their staff this was a
problem.
They try to keep it hush hush.
And this is what happens.
When we go back to,
there's the Claire Davis Safety Act.
The Claire Davis Safety Act is running
through the United States,
started in Colorado, went to Texas,
in California,
that they are taking away the immunity
from school officials,
school administrators who hide the data.
If it is found that they hid it,
they are civilly responsible to the
victims if they hide the information.
But it's after the fact.
You should just do it before, right?
Absolutely.
I don't know why you have an SRO
there if you're not going to have them
participate.
It's not like this isn't the Gestapo or
some crap.
These are people that are there to help
you.
Look at the Monroe County,
Indiana school district.
They de-armed.
They took away the guns away from the
SROs,
but yet they'll have a sheriff's deputy in
the lobby sitting there for eight hours.
Absolutely ridiculous.
And it's not like there's been a high
incidence of SROs losing their weapons in
schools.
No, it's more so teachers.
Yeah.
It's more so teachers.
Yeah.
Yeah.
So, I mean,
and I'm sure that teachers support this.
It's just, you know,
I guess administrators and the way things
are nowadays, right?
Yeah, you know, there's a climate that,
you know,
a lot of administrators do not believe
that there should be police officers in
schools.
It's a false narrative.
And they don't understand that they abide
by something called the triad.
But again,
when law enforcement agencies don't abide
by the triad,
if a law enforcement agency thinks that
their SRO is only there to hold security,
break up fights and arrest kids,
that SRO program is going to crash and
burn.
Well, we live in an environment, look,
and aside from whatever the politics of
this are,
there's not going to be less guns tomorrow
or less threats tomorrow or less children
tomorrow.
Like I said earlier,
it's the population of France in our
school system, right?
I mean,
almost the population of Turkey and some
other countries there too, right?
You know, I mean,
and you look at it,
that's an enormous amount of kids,
regardless if ninety nine point nine
percent of them.
are good kids,
that one percent is still an incredible
amount of kids, right,
that you have to defend from.
And especially with peer pressure and,
you know,
violence in movies and the stuff we have
nowadays and just
know i know here in texas i think
one of the things a lot of us
parents were cheering and our children
were going to smother us with pillows was
that they can't have cell phones in
schools anymore so you know but you know
small steps but look how much it took
just to get that back yeah and the
the data is is unbelievable the amount of
grades growing up lack of uh online crime
and and all that stuff lack of
victimization when you keep this the
phones out of the schools
the the results are amazing grades
incidents it's just fantastic yeah and and
you know well and the amount of personal
complaints for my children at the
beginning of the year up now it's just
of course you know they've they've gotten
past it and so yeah it's always funny
your kids are always like you know i
would have let you know i needed lunch
money but i'm like yeah okay
Yeah,
I'm pretty sure the state of Texas will
be okay if you don't have lunch money
for a day.
But awesome, Rich, I appreciate it.
So also we'll put Rich's contact
information down in the event.
Also, not only can you ask questions here,
we have YouTube, other stuff as well.
If you'd like to contact Rich,
we'll have that information there as well.
And remember, of course,
besureconsulting.com.
So Rich,
I appreciate you coming today and thanks
for everything.
Yeah, one other thing that we do
We know that Department of Homeland
Security has federal grant money for each
state.
And this three-day class, like in Indiana,
Illinois, they fund it.
So you just got to ask for it
and it's free.
Another thing that we do is that if
you want to bring the class to your
school district or your law enforcement
area, you can bring it.
If you want to host it,
you get two spots free.
And then every everybody else pays three
hundred dollars for a three day training.
So one department can send three people
for under a thousand dollars and you just
scan the QR code or I'll send you
an invoice.
And but there has to be twenty five
or more people to make the class go.
So like next week,
we're going to be in Gwinnett County,
Georgia.
Then we're going to go to Utah and
North Carolina.
So South Carolina.
And so that's how they're doing it.
If you host it and put it out
that they're hosting it,
it's just nobody's got ten thousand
dollars sitting in a bank account.
Right.
Especially nowadays.
So if we can do it piecemeal,
we can make this training happen.
And if the host agency wants to do
it, they can do it for free.
Awesome.
Excellent.
And of course you get your frequent flyer
miles out of it.
So let's help Rich with his frequent flyer
miles.
Awesome.
All right.
Well, thanks, Rich.
I appreciate you coming in.
I appreciate you.
Have a good day and enjoy the holidays.
Thank you.
All right,
so that's our cyber talk with Detective
Richard Wistocki, which was awesome,
by the way,
a lot of stuff I didn't even know
about.
And of course,
tracking school swatters and shooters and
just all kinds of stuff that's going on
in our kids' schools today, right?
How important that is.
If you want to bring this training to
your district or agency, of course,
check out Rich's work at
besureconsulting.com.
Links will be in the chat in the
comment section below.
And of course,
if you'd like to participate in one of
these cyber talks,
if you have a great discussion you'd like
to have,
Get a hold of me through
baremetalcyber.com or on LinkedIn.
And as always,
I appreciate you coming today and thanks
for everything.