98 - Idriss Qibaa - The Stalker Who Sold Fear Online

Shaun Most people in twenty twenty five would never just leave their front door open, their credit cards or identity information just lying around. But many times that's what we're doing online, sharing so much personal information out on platforms like Facebook and Instagram. And we often don't give it a second thought.

John For many shady people on the internet, that's an opportunity to take advantage of unsuspecting people, including those who are older or less tech savvy, as well as influencers, small business owners and celebrities who have come to depend on their social media and have it tied to their brand. These bad actors use their influence and skills to exert leverage and power over others. And in one recent case, use that power to threaten, humiliate, and destroy people's reputations and livelihoods.

Shaun Hi, and welcome to Sins and Survivors, a Las Vegas true crime podcast where we focus on cases that deal with domestic violence as well as missing persons and unsolved cases. I'm your host, Sean.

John And I'm your co-host, John.

Shaun This week we are turning to an area of John's expertise technology and online safety. We did some Tech Corner episodes in twenty twenty three back in our first season, and we said we'd return to that when there was good reason to. So today, we're highlighting a particularly bad actor who trapped unsuspecting people online with promises of account banning or unbanning on their social media. Lockout recovery services for folks who were locked out of their accounts and reselling personal information. So, John, why don't you get us started with what you're talking about this week?

John The person we're talking about is Idris Danny Kayaba, who is involved in some pretty sketchy activities. He was a twenty seven year old Moroccan national living in Las Vegas who in an interview said that as recently as twenty eighteen, he was working construction, living paycheck to paycheck and kind of living out of his car, and he just stumbled into this line of work, although he wasn't really clear about how that happened. He operated a business called unlocked for life under the name unlocked for life, LLC, and he had a slew of different aliases that he used online in these various platforms. Danny is what his clients, or more accurately, his victims, knew him by unlocked, unlocked for Life on Instagram and unlocked Uncensored on telegram. It's worth noting that all of those IDs seem to be gone at this point, so you can't really find them on Instagram anymore. Or telegram.

Shaun You said telegram. Can you explain what telegram is for anyone out there listening who doesn't know.

John Telegram is a messaging app like WhatsApp or signal. It's much less regulated than something like Meta's Facebook Messenger. It has no content moderation. It's encrypted for end to end privacy, just like signal is. Anyone can create an anonymous telegram user with no validation at all. You can create huge group chats and public channels to reach potentially millions of people. It also allows for self-destructing messages like WhatsApp does, which disappear after a preset time, allowing for people to remove evidence. So it's like a mix of chat and a public feed. Legitimate businesses can use it too. But all of those features make it a popular place for scammers who deal in stolen data and the kinds of account recovery schemes that Idris was running.

Shaun So Idris kind of fell into this work, as he called it. So some of the services that his company unlocked for life offered included were things like account banning or unbanning, or recovering locked accounts on Instagram, Snapchat or TikTok. And he said that he had special tools that he had developed and he had access to insiders, whatever that means. I know that you have some experience in losing an account, getting locked out of an account, so I thought that would be an interesting story for you to share with everyone here.

John I got a text message, a DM on Instagram from someone I knew and the message said, hey, you know I'm having a problem with my account. Can you help me reset it? I need someone to read me the code after you click this link, ostensibly to get their password reset because it had been hacked. Well, in reality, what they did was they generated that link from my account. So when I clicked it and I gave them that code, it gave them the ability to reset my password, which they did. And then they changed my phone number to theirs, which I didn't know. So I couldn't reset it anymore because it wasn't going to send me a message anymore. And then when I messaged them from your account, they changed my handle entirely, so I didn't even know where it was. My account was basically gone. I had no idea where to find it or how to contact this person anymore, and for a while it was just gone. I never considered going to an unlocked service or anything like that, but his goal, which I learned later, was to just keep repeating that process. So he would hack accounts like he did with my friend, and then reach out to people who that person was friends with to try to hack other accounts. And eventually he was hoping that he would get someone that would pay him to give them their accounts back, or he would reach someone who had a large following that had monetized their posts, and he could use the audience.

Shaun And I think looking back on it, it was easy for you as someone who works in tech and is known among your friends, to be someone who's like an expert on some level in social media and it stuff for someone to reach out to and ask for help with unlocking their account like that was not that was not something really uncommon.

John No, it was really common, actually, that people ask me for help.

Shaun All the time. Yeah.

John And I felt so dumb when my account got hacked. I felt so dumb. But it happens. And it was someone that I knew. And I actually ended up reaching out to that person afterwards. And they were like, yeah, that person's collecting my followers accounts now. I eventually did get the account back because I happened to happen to know somebody who worked at meta, and they walked down and spoke to a database administrator who could change the ownership back to me after I sent them proof that I was actually me. And I was vouched for by this person who worked there. But that's really rare. You can't really depend on that. It's hard to get in touch with somebody who works at meta, so you can't really depend on that at all. But that's the only really official way to get an account back like that. So these services that promise they can get your account back are called trappers. And like I said, I didn't work with one of them, but they're very common. And they're always trying to gain access to accounts with large followings. And I'm not anywhere near the level of someone who would have gone after. He's more after celebrity accounts, things like that. But he went after people with large Instagram audiences with large incomes from their social accounts, people that could afford to pay him his ransom to get their account back.

Shaun So for people who are older or not tech savvy, and even small businesses who depend on their online presence. Losing their social media account can just be the beginning in many cases. The trapper turns out to be the one who hacked the account in the first place, and then they're turning around and offering account recovery services to the people that they hacked. So Idris went even further. He offered a scam of ongoing account protection, which was just an ongoing monthly fee to maintain account access. The types of accounts that Idris dealt with were companies like dispensaries, people allegedly involved in selling drugs, not just your average person. And he would charge insane amounts like seven thousand five hundred dollars for account recovery and even more for the ongoing protection. Which sounds to me like something you'd hear about the Mafia doing to small businesses.

John Absolutely. And around the time of April, between April and June of twenty twenty four, the FBI. Las Vegas Violent Crimes Task Force was investigating multiple victim complaints about Idris or the person who would turn out to be Idris, because they didn't know who he was at the time. They collected digital evidence, text threads, telegram posts linking Ciorba to threats, extortion and doxing across several states. And that part's important for later. We know all this because thankfully, he was arrested on July twenty fifth, twenty twenty four, right here in Las Vegas by the FBI after a criminal complaint and arrest warrant were issued. That complaint, which surprisingly just contains two counts of interstate threats, was filed in the US District Court for the District of Nevada. From there, he was taken into custody by the US marshals after a grand jury indicted him. And if you're wondering how investigators finally caught him, the answer is simple, he told on himself. So remember that interview we talked about earlier? He went on a podcast called No Jumper with Adam twenty two. If you're not familiar with No Jumper, it's a podcast and a YouTube channel based out of LA hosted by Adam, twenty two. Like I said, he's known for interviewing rappers, internet personalities and people from the corners of social media. Most of us kind of only ever hear about sometimes controversial and sometimes just being honest, just plain weird. The show has a huge following, mostly because the guests tend to say things that they probably shouldn't say on camera, and that's what happened here. Idris went on no jumper and essentially walked everyone through how his whole operation worked. He bragged about the money he made, the people he controlled and what he could do to their lives online. He talked about how he charged people to restore their accounts, how he charged them protection fees, how he ran a reseller and a mentor program to train others on how to do this. You can listen to that whole interview and hear him spilling all of the beans, and we will link that podcast episode in the show notes. So, I mean, a huge shout out to Adam, twenty two for what he does in his interview with Kayaba. Kayaba bragged that he was making six hundred and twenty thousand dollars a month from his schemes, which was essentially extorting money from Instagram and TikTok users. He also talked about dealing in what's called tlos, which were crucial in how he would dox people online.

Shaun Will you please explain what a TLO is? Because I'm still not even sure what it is.

John Yes. So a TLO report is often called skip trace data. TLO comes from the name of the company that originated it. It's called the last one, TLO. The last one, a data pioneer named Hank Asher started that company, TLO and he created a next generation data platform which contained billions of public and proprietary records. TransUnion, the credit union, bought that company in twenty thirteen after Asher died, and they kept and rebranded the platform to t o exp, which is now called TransUnion Locator Service Expert Platform. It's a skip tracing tool that's used by debt collectors, investigators, law enforcement to locate people and verify identities and family relationships. So if you ever get a call from a debt collector and wonder how they could possibly get to you through your family, this is probably how they use credit bureau information, addresses, phone numbers, and public data. And it's only supposed to be available to those with legitimate reasons for accessing it. Cuba did not have authorized access. The FBI affidavit says that he had posted samples of what he called TLO files on the website. Agents compared all of that with law enforcement databases and confirmed that that data was all real. That means that he either bought the reports on the dark web, received them from someone with legitimate access, or used someone's leaked credentials within those systems, and we don't know which. So what did he do with that data? He resold it on his website as Intel packages or Intel drops to other trappers for them to use, and that helped him build his credibility and clout in those shady circles. He would also post or threaten to post his victims private data like names, addresses, social security numbers, relatives information either on the site or on his huge channel on telegram, and he would use them to validate his threats. So he would send screenshots or PDFs of the information to prove to people that he knew where they lived or what their Social Security number was before demanding money. He basically used the files as leverage, proof that he could find you or ruin you, or whatever it was if you didn't pay him.

Shaun So most people don't even know what a TLO is or that it even exists. But this definitely blurs the line between losing an online account and perhaps being afraid for your life.

John Absolutely. He was engaged in cyberstalking, and I had no idea what a TLO was before I started doing this research. So it's really likely that most people have no idea what that is, or even that it exists. Like you said.

Shaun The criminal complaint had some examples of what he did to his victims, including screenshots of the text messages. All of his victims were only identified in the criminal complaint using their initials, and will only mention their initials here to protect their privacy as well. So here are a couple of examples from the criminal complaint. JT was a well known social media influencer who ran pages like Cali Plug and The Blacklist XYZ. Kayaba initially offered to sell him a username for around five thousand dollars. When JT turned him down because of the price, JT s Instagram account was suddenly disabled and Kayaba demanded ten thousand dollars to restore it. JT eventually paid eight thousand five hundred dollars in cash to get the account back, but he still continued to be threatened As a businessman from San Diego, paid twenty five thousand dollars for the rights to the username at ace, but never got it. When ATI tried to get his money back, Kayaba demanded one hundred thousand dollars instead, and the messages that followed included direct threats to ATI's daughter and other family members. And one final example E, a journalist and comedian, contacted Kayaba about her blocked Instagram and then was spammed with more than two thousand SMS messages. Kayaba told her that he had her social security number and he would blast it out, demanding twenty thousand dollars to stop the attacks.

John As we said, Kayaba was tried in the district court here in Nevada. There really wasn't a trial because he pleaded guilty to two felony counts of interstate threats, one for a Beverly Hills dentist he terrorized with hundreds of texts, and another for a Las Vegas landlord and realtor that he harassed after a rental dispute. Both involved threats that crossed interstate lines, which made them both federal crimes. Note that there were other victims that we didn't mention in the list, but the government pursued those that they had the most evidence for, and referenced the other ones in the long list of victims to help show intent and build the case. He was sentenced to thirty six months in federal prison at Victorville Federal Correctional Institution, a medium security facility in Adelanto, California, and he will be released on February fourteen, twenty twenty seven, and he will be around thirty one years old. He also had to pay a fine of seventy five thousand dollars and pay two hundred thousand dollars in restitution. We'll talk more about that in our swing shift overtime episode. But for a person who's pulling down six hundred and twenty thousand dollars a month in income from this work, it seems really light. So if you want to hear that discussion, head over to podcast Go subscribe and you can listen to that. The case here itself is interesting, but in reality our goal is to help people. And in this case, I want to talk through how this can affect you potentially and how you can protect yourself. There are a few simple things you can do to make yourself a harder target. First up though, I want to remind you how you might be targeted by unscrupulous people online. You might be targeted by an account recovery or unlock scam, with people claiming that they can restore or somehow verify your social media accounts. And oftentimes it's going to be the same person who may or may not have attacked your account in the first place. You might be the victim of phishing, or spear phishing or smishing. So those are fake emails or text messages that look like they're from banks or meta, or the State of California Department of Transportation asking you to pay for a moving violation or something like that. For example, I saw one recently from the California Toll Road Payment system. Allegedly, it was a scam text that sends a link that steals credit card information. There's also social engineering DMs. That's the one that got me. So when a friend of yours asks for help resetting their account, you click the link and you lose your account. There's also the family emergency or imposter call scam, where scammer might call you and claim that a relative has been hurt, or has been arrested or owes money, or perhaps hit somebody with a car or something like that, and they will push you for payment in the form of a credit card payment or something like that. Sometimes they will even use AI cloned voices for that, so be aware of that. And then of course there's doxing and data abuse. Criminals can get personal data from leaks or skip trace databases like the TLO files that Kayaba used and use it to intimidate or extort. So how can you protect yourself? What I always tell people is never immediately click a link in an email or a text, even if they look real. Unless you're one hundred percent what the source is, you have to look at the return address and hover over the link to make sure that the link is going where you think it is. But instead, to be safe, what you can do is just open a new browser window and type in the site directly. So for example, if you get an email and you're not sure it's real from Capital One, you can just open up a new browser window and go to Capital One yourself and log in and see if it's real. Or you can call Capital One and find out if it's real. That applies to text messages too. I very rarely click on a link that I get in a text message. Another best practice is to get yourself an authenticator app like Google Authenticator or Authy rather than using text message codes, because if someone steals your password, they can't access your account without that code. They could potentially clone your cell phone, though, and get those codes for you. If you're using just text message validation, it's always important to use complex passwords that are at least twelve characters long. Mixing upper lowercase numbers and symbols and change them frequently. And you can use a password manager like one password or Bitwarden to keep them secure and unique. If you're looking to recover your account, that recovery is only going to happen through the official channels. So if it's a Facebook account or an Instagram account, that's only going to happen through meta. So help! Dot instagram.com, facebook.com, slash hacked and they have pretty good tools for that these days. No legitimate meta employee will DM you to fix your account, and no one can verify you for a fee. We also recommend that you lock down your personal data. So we, for example, have all of our credit bureaus frozen so you can log into Experian, TransUnion and Equifax, recommend you have an account with all of them. And if you freeze your account, it's free, reversible, and it stops new accounts from being opened in your name. We also use a data removal service called Incogni, but you can use Delete Me or any other data removal service that is reputable to reduce what data is available on public information sites like People Finder and other broker sites. But essentially, just remember that if you're targeted by this sort of a scam, that fear and urgency are your red flags and they're your enemy. You have to slow down, confirm all the details, and verify through some other channel before acting. If you are targeted by a scam like this, make sure you don't just delete everything. Take screenshots of texts and URLs before deleting or blocking people and report to the authorities. You can report to the FBI's Internet Crime Complaint Center at IC3 dot gov. And for impostor or family emergency scams, you can report to report fraud Ftc.gov. And you can forward spam texts to seven seven two six spam or just report them to your carrier. And remember, don't pay or negotiate. Extortionists are rarely going to stop coming after you for money after just one payment.

Shaun And it's important that you mentioned if your credit is locked and someone claims they have your social number and they're going to make it public. If your credit is locked, is that something that would scare you to make you pay urgently? If you already know your credit is protected?

John You should never pay urgently. If someone tells you they have your Social security number, you should report that to the authorities. But yes, they can open a new account in your name if all of your credit is frozen. Absolutely. So you shouldn't act rashly if that happens. All these scams rely on all that urgency and fear and panic. So you just have to slow down, verify, and you're basically going to take away their power. Remember to think of your online accounts like you think of your home. Lock the doors. Know who you let in and don't trust strangers with the spare key. Remember to harden the target. If you're a hard target, most attackers will move on to someone easier.

Shaun Those are really good tips on this. Really helpful. And even though Cuba Cuiaba is locked up. We know that. Him just talking on that podcast probably educated a lot more people about how they could run scams like this. And there are so many bad actors out there.

John And it's not clear to me how many people he got that information out to because he was selling those TLO Intel drops to other trappers. So always be aware of that.

Shaun Yeah, and I had never thought that before that there were folks that would steal your account simply for simply so they could make you pay so you could get it back, and that there's a whole industry of that kind of account stealing out there. I hadn't thought about that before we started talking about this case. Before we conclude this episode, we're going to talk about missing person Daniel Reza. This year. As we mentioned in previous episodes, we're going to cover a missing person's case on every one of our episodes this season and probably throughout this whole year. The Las Vegas Metro Police earlier this year published a missing persons Cold Case website, and we want to continue to highlight people on this list in hopes that someone can come forward with a lead or any information to help these families. Daniel Reza has been missing since August twenty fifth, twenty nineteen, so just over six years. He was thirty five years old when he was last seen. Today he would be forty one. His parents names are Fernando and Ida, and they were first alerted that Daniel was missing by his roommate, who told Fernando that Daniel had been missing for about two days. It was reported that he was last seen in the area of Warm Springs and Decatur, which would be the southwest part of town. But according to Red Rock Search and Rescue, he was last seen on a trail at Mount Charleston. They have said that he was spotted on several trails during that week, which was the week leading up to Labor Day that year, and his car was located at the Cathedral Trail trailhead on Mount Charleston, but Daniel never returned to it. Red Rock Search and Rescue and the Las Vegas Metro Police searched for him, along with the Air Force's thirty fourth Weapons Squadron, which is based at Nellis Air Force Base, along with multiple hikers and folks on ATVs. They used helicopters to try and find him, but unfortunately, the family's GoFundMe explained that search and rescue efforts were called off after officials felt they had exhausted all measures available, which was approximately a week after he went missing. Reza is described as being a fair skinned Hispanic male, five foot ten, one hundred and eighty five pounds, with brown eyes and brown or black hair, and you can see photos of him on our social media this week. On the day he disappeared, he was possibly wearing a long sleeved blue shirt and blue jeans. Red Rock Search and Rescue posted photos of the gear Daniel was using or wearing, including a blue backpack, a wooden hiking stick, a tan sun hat with a colorful logo of mountains that says Spring Valley and a black hooded jacket. He was also known to be carrying a blue battery operated lantern. If you have any information about Daniel, please contact the Lvmpd at Missing Persons at Lvmpd. Com. Thank you for listening as always and supporting the show. We really appreciate it. And we remind you that what happens here happens everywhere.

John Thanks for listening. Visit sin's podcast. Subscribe for exclusive bonus content and to listen ad free. Remember to like and follow us on Instagram, Facebook, TikTok and threads at medicines and survivors. If you're enjoying the podcast, please leave us a review on your podcast platform of choice. You can contact us at http://www.sinsandsurvivors.com.

Shaun If you or someone you know is affected by domestic violence or need support, please reach out to local resources or the National Domestic Violence Hotline. A list of resources is available on our website. And survivors and survivors, a Las Vegas true crime podcast is researched, written and produced by your host, Sean and John. The information shared in this podcast is accurate at the time of recording. If you have questions, concerns or corrections, please email us. Links to source material for this episode can be found on our website and http://www.sinsandsurvivors.com.

John The views and opinions expressed in this podcast are solely those of the podcast creators, hosts, and their guests. All individuals are innocent until proven guilty. This content does not constitute legal advice. Listeners are encouraged to consult with legal professionals for guidance.

Copyright & Usage Notice

This transcript is the intellectual property of Sins & Survivors, a Las Vegas true crime podcast.
All content—including script, commentary, and original material—is protected under applicable U.S. copyright law.
No part of this document may be reproduced, distributed, or used in any form without prior written permission from the creators.

For media or educational inquiries, licensing requests, or permissions, please contact:
john@sinsandsurvivors.com or shaun@sinsandsurvivors.com

© Sins & Survivors Podcast. All Rights Reserved.