by Misha Glenny
Once detailed to the Autodesk case, Crabb traced the fraud by checking where customers of the counterfeit programs were sending their money. It turned out they would make payments into bank accounts belonging to fifteen ‘mules’, US citizens dotted around the country. Money-laundering and scams depend upon these (largely) unwitting characters, who respond to advertisements offering good returns on work carried out from your home computer. Successful candidates are then required to place their bank accounts at the disposal of their new employer. In the Autodesk case, the mules would receive $200 and then forward $180, holding back $20 as their commission. They sent the money to a bank in Latvia, one of the three Baltic states whose role in both cybercrime and the broader issue of cyber security is out of all proportion to their combined population of seven million.
With the help of the Latvian police, Crabb discovered that the final destination of the monies was a set of bank accounts in Ternopil, western Ukraine. The accounts all belonged to a certain Maksym Kovalchuk or his wife.
Crabb realised that Kovalchuk by himself was not going to bring down the US economy. By the standards of major organised-crime groups, he was earning peanuts from this particular scam, galling though it was for Autodesk. Instead, Crabb worked on cracking open Kovalchuk’s email account to discover if there were any other secrets there, and at some point he hit upon a ‘unique capability’ to monitor Kovalchuk’s communications – which one can only interpret to mean that Crabb either hacked into his target’s computer or persuaded Kovalchuk’s email host to give him access. Whatever the truth, the ‘unique capability’ was to have a far-reaching impact on the real world, because almost as soon as he had started reading the emails, Crabb realised that Kovalchuk was involved in a project that was much bigger than the Autodesk scam: the development of a website called CarderPlanet.
Although the primary focus of his investigation remained Kovalchuk and his connection with the scam, Crabb began to map CarderPlanet’s Family tree, almost as a sideline. Unaware that he was being monitored by a US agency, Kovalchuk was fairly free with his conversation and so a combination of luck and diligent investigative work had put Crabb in an enviable position. Not only was he ahead of the game with Kovalchuk himself, but the inspector had even stolen a march on Western intelligence agencies as well. By partially penetrating the most dynamic cyber-criminal community in the world, he had succeeded where the Western spooks had so far failed.
Yet while Crabb was able to learn a great deal about what was going on in Ukraine’s hacking community, there was not much he could do about it. He couldn’t even bust Kovalchuk. Not only did the United States have no extradition treaty with Ukraine, but the political circumstances prevailing in this enormous East European country were most infelicitous. Leonid Kuchma was President of this country, which embodied a vast network of corrupt relationships between oligarchs and organised crime. Furthermore, the United States was competing with Europe and Russia for influence over the country, and at this time the prevailing wind was blowing from Moscow with some force. As long as he stayed in Ukraine, Kovalchuk was safe.
In the midst of this, in late 2002 while Inspector Crabb was still in San Francisco, he was called in by the security department of Visa, whose headquarters happen to be located there, too. Their people were frustrated by the inordinate success of a hacker named Boa, who had successfully stolen or assisted others in stealing tens of thousands of credit cards through his notorious website the Boa Factory. Crabb’s ears pricked up – he knew that name, Boa, from various conversations he had seen on Kovalchuk’s account. Hadn’t Kovalchuk been buying a lot from Boa Factory and learning the tricks of the trade from it, as well as discussing the development of CarderPlanet? The postal inspector was rapidly homing in on Boa and Script as the two key figures behind CarderPlanet. Discreetly, through Interpol, he put out a note to other law-enforcement agencies requesting that they be in touch should they pick up any Ukrainians suspected of high-tech crime.
In late February 2003 Roman Vega was returning from a business trip to his home in Malta when one of his friends asked him to drop off and see him in Nicosia, Cyprus. He spent an evening drinking and reminiscing with his pal about their adventures in Burma in 1991 when they were part of the team that sent the first ham-radio broadcast from the military-run state.
On returning to his room at the Hotel Castelli, Vega had an unpleasant surprise awaiting him in the form of Modesto Poyiadjis, a local police inspector, who promptly arrested the Ukrainian as an accessory to a credit-card fraud perpetrated by another Ukrainian guest whom Vega had allowed to stay in his room (a bad move, as it turned out). For Vega, it was the beginning of a relationship with law enforcement in Cyprus and the United States that can only be described as Kafkaesque.
After Poyiadjis had checked through the Interpol records, he made contact with Greg Crabb, the lead officer in the US investigation of Boa. He told the man from the US Postal Inspectorate that he believed Roman Vega was none other than Boa. Crabb could barely contain his excitement. Even before the call was over, in his mind he was booking the first flight to Nicosia. It was not just the prospect of attempting to extradite one of the masterminds behind CarderPlanet . . . they had his laptop! If the Cypriots had managed to work out who his alter ego was without really knowing what they were dealing with, just imagine what an investigator like Crabb could extract from that hard disk.
‘Boa’s arrest came as a huge shock,’ said the CarderPlanet member Xhora, echoing what many of his cyber compatriots on the Planet felt at the time. Boa had been the man who had made CarderPlanet fun, as well as interesting and lucrative. Because he was that much older and more experienced than the rest of the Planet’s inhabitants, many assumed that he would be invulnerable to inconveniences like law enforcement.
At the same time, Script was accumulating ever greater power and cash as a result of his control over CarderPlanet. ‘His interviews were designed to make the site more popular and to increase his business,’ said another CP devotee, Null _ Name, ‘and in this he succeeded. There was a flood of new members into the site. And the atmosphere changed. It was not the same.’
The cosy camaraderie of CarderPlanet’s early days was, it is true, fast disappearing. Nonetheless the website was generating more money than ever. The English section of the forum was now up and running, and before long carders from all over the world were signing into the site. But in far-away San Francisco, Greg Crabb was feasting on Boa’s hard disk, mining it for the thousand secrets that had passed back and forth between Boa and Script. ‘I never needed to interview Boa,’ said Crabb, ‘I’m not even interested in what the guy has to say because I had his hard disk – there was nothing new he could tell me!’
In fact, Crabb may not have mined the computer for everything he wanted. It seems that at some point, US law enforcement cracked one of the encryption systems on the VAIO laptop, but its owner had also reinforced it with a powerful system, Handy Bits EasyCrypto (downloadable for free), which would have prevented access to about 80 per cent of the computer files.
On the carder forums, bitterness lingers to this day because members assumed that Roman Vega had ratted on Golubov. This is untrue – any intelligence on Golubov was extracted from the VAIO computer. Not only did Vega himself remain silent, at considerable personal cost, but he has now spent almost a decade in various Cypriot and American jails, even though he has never been convicted of a single crime.
Despite all the new information, there was still nothing Crabb could do about Script. He was in the Ukraine – unlike Maksym Kovalchuk, who was arrested with his wife for the Autodesk fraud in a Bangkok milk-bar three months after Roman Vega had been picked up in Nicosia. Just as Vega was extradited to California from Cyprus, so Kovalchuk headed to the West Coast from Thailand.
Script had no intention of leaving his home country and, to protect himself further, he announced on CarderPlanet in early 2004 that he was resigning his authority and would be leaving the site for good.
Script, it seems, was going straight. But there was one thing he hadn’t bargained for.
Revolution.
8
SCRIPT REWRITE
Boris Borisovich Popov called his office to say that he was feeling under the weather. The doctor had told him he would have to take it easy for a few days, he explained. Some colleagues were surprised. Boris Borisovich’s slight build and adolescent features occasionally resembled those of a sickly child, but he was probably the most industrious and most disciplined man among them. ‘Working with him was a pleasure,’ one of them remarked later, ‘you couldn’t find anyone better in the whole service.’
Despite crying off work, Popov did not take to his bed, but – fit as a fiddle – walked out of his apartment, hailed a cab and made his way to Kiev’s Borispol airport, where he checked in for a flight to Odessa. Originally from Donetsk in eastern Ukraine and with Russian as his mother-tongue, his presence down south would not arouse suspicion provided he kept his wits about him.
On arrival in Odessa, he took a bus into town. It was a hot July day. The temperature was in the low eighties, but was made pleasant by a cheerful breeze coming off the Black Sea. Before long, Popov had found the private apartment he had rented. Within hours his three teammates had turned up – Natasha Obrizan and Messrs Grishko and Baranets. ‘We couldn’t stay in a hotel,’ explained Boris, ‘because we didn’t trust the local police.’ Only one other person in the whole country knew they were in Odessa: the Minister of the Interior.
Six months earlier Ukraine had undergone a dramatic convulsion – the Orange Revolution. This exceptionally fertile country, with the potential to provide the continent of Europe with more or less all the food it needs, was no stranger to drama. Twentieth-century regimes included extreme nationalism, autocracy, communism and fascism, each responsible for visiting their own brand of terrifying violence on the country’s population: civil war, mass starvation, genocide, deportation and widespread poverty.
The most enduring domestic legacy of this chaotic history has been the division of Ukraine into two geographic and two Slavic language camps: west and east; Ukrainian and Russian. The capital Kiev sits between the two like a wobbly bridge, hoping to reconcile the sometimes hostile traditions. In the darkest days of the twentieth century the west of the country became linked in some people’s minds with fascism and Germany, while the east was regarded a bulwark of communism and Muscovy.
This split is not always so clear – pockets of Ukrainian speakers are found in the east, while pro-Russian candidates often pick up unexpected votes in parts of the west. Nonetheless, it is a useful rule of thumb. Since independence, Kiev and the western provinces have striven for closer ties with the European Union and NATO, while the east has sought to strengthen its links with Russia. Indeed, many eastern Ukrainians still feel they belong in every sense to their giant neighbour.
Until 2004 successive Ukrainian governments and presidents had supported a pro-Russian line, much to the satisfaction of the east and the unhappiness of the Ukrainian nationalists in the west. As a consequence, relations with the EU, NATO and the USA were frosty – Ukrainian government officials were hosted as often in US jails, convicted of money-laundering and other McMafia activities, as they were in the White House.
But as civil servants, politicians and oligarchs lined their pockets at the expense of ordinary citizens, whose living standards collapsed before and after the turn of the millennium, a fresh political movement coalesced around two ‘new-style’ politicians, Viktor Yushchenko and Yulia Tymoshenko. Only later did it emerge that they were cut from similar cloth to their opponents. Yushchenko hit the headlines in September 2004 after somebody tried to poison him with dioxin (almost certainly the work of Russia’s KGB). He survived the assassination attempt, albeit with severe facial disfigurement, and announced that he would continue to stand for election as President.
The campaign to oust the old guard caught the imagination of young Ukrainians, who transformed it into a festival of politics dubbed the Orange Revolution. Student activists from Serbia in the Balkans who had helped bring down their own dictator, Slobodan Miloševi´c, arrived in Kiev to school the budding street-politicians of their near-neighbours. Neo-con proselytisers from the US poured into the country, sensing a real opportunity to give Moscow a bloody nose and drag Ukraine closer into NATO’s orbit.
From the start there were international implications to the sudden surge in political activity. By the time Yushchenko was finally declared President and Tymoshenko Prime Minister in January 2005, Ukraine had become a very live testbed for Russian–US relations that were steadily deteriorating. Both the new leaders not only affirmed Ukraine’s commitment to join the EU, but also announced their hope that the country would become a NATO member before too long. Even though this was destined to fail (it was, after all, only supported by 30 per cent of Ukrainian voters), Moscow interpreted their action as all but a declaration of war.
In the four years since he had first stumbled across Maksym Kovalchuk, the man who sold fake Autodesk products, Inspector Gregg Crabb had been patiently developing relationships with his colleagues from Ukrainian law enforcement’s baffling array of agencies. But while he had made important contacts, they politely turned down his requests for the arrest of Dimitry Golubov, aka Script.
The dramatic events of December 2004 and January 2005, when Yushchenko and Tymoshenko came to power, changed all that. Crabb realised that the Orange Revolution represented an opportunity that could not be missed. Early after the tumultuous events he received a call from the US Embassy in Kiev. Ukraine’s Interior Ministry, he learned, had already been purged of the old hardliners and a new team, more inclined to work with the West, had been installed. ‘Get over here quick!’ the embassy told him. The man from the Postal Inspection Service didn’t need a second invitation.
He made it to Kiev in June 2005 and presented his evidence on the Golubov case to Interior Ministry officials. Two weeks later Inspector Popov of the Anti-Organised Crime Department was on his way to Odessa with instructions to track down and arrest the elusive Script.
Popov knew this was a tough assignment. Above all he was worried about any leaks, because if news of the raid were to arrive in Odessa before he did, the whole operation would collapse before it began. As an accomplished carder who by this stage had finally achieved the status of ‘dollar millionaire’ many times over, Golubov would have bought himself the protection of local law-enforcement agencies. Among his own, he was invincible.
Dovzhenko Street lies two miles south of Odessa’s city centre. The streets are lined with trees and it is counted among the city’s more fashionable addresses. Golubov was living at his grandmother’s apartment, so when Popov and his team pitched up they were surprised to find a thick steel door blocking their access. After moving into position, Popov signalled to his colleagues. ‘Open up! Police,’ they shouted while banging on the immovable door. Greeted by silence, they strained to hear anything behind the steel barrier – one of them thought they detected some shuffling, but despite their efforts, the door remained firmly barred.
As Popov was wondering whether to call in some heavy equipment, the sharp smell of burning paper hit their nostrils. ‘Christ!’ he thought, ‘he’s started destroying evidence!’ Popov lost no time in alerting the emergency services, and before long a fire engine was on its way. With the heat intensifying, the firemen smashed open a hole in the apartment wall and started to spray foam through it. When it looked as if his grandma’s apartment was about
to be flooded by industrial chemicals, Golubov finally decided the game was up and at last opened the door.
It was a bizarre scene. Not only did Popov discover Golubov’s records on fire, but the hacker was feeding computer disks through a Raskat. Had Golubov merely deleted files from his various computers, this would have presented little challenge to anyone with rudimentary skills in computer forensics seeking to reconstruct them. You can burn paper – it is much harder to burn computer files. But the Russian-designed Raskat could deploy powerful electromagnetic waves in order to obliterate data completely. Golubov had been caught red-handed, and Popov accompanied him to Kiev where he was incarcerated.
Vega and Golubov were now both under lock and key (as were several other vital members of CarderPlanet’s family). Both strenuously denied that they are Boa and Script. Neither has yet been convicted of a crime – indeed, the former has spent seven years in American jails without ever having gone to full trial, raising serious questions about the
efficacy of the US criminal justice system.
Whatever the precise cause, the stuffing had been knocked out of CarderPlanet. The visionary website for hackers and crackers may have disappeared but its legacy was immense – it has revolutionised criminality on the web.
Furthermore, large-scale cybercrime had already broken out of its Ukrainian origins. In the final two years of CarderPlanet the administrators had encouraged the development of an English-language forum that had been running alongside the Russian discussion boards. This forum spread the Spirit of Odessa to hackers and carders the world over. Two of its members were novices, but they were intrigued by the new world of professional carding. One had adopted a jolly pirate as his avatar and the other an image from many geeks’ favourite film: enter JiLsi and Matrix001.
