DarkMarket: Cyberthieves, Cybercops and You
Page 13
siloadmin: listen matrix
siloadmin: I know the shit looks fake, typos etc
siloadmin: but thats what was pulled
siloadmin: I didnt make this shit up
matrix001: no company in the whole world would ever have such a document
matrix001: its totally ridiculous
This could quite easily have been a set-up and the exchange convinced Matrix of exactly that. Accusing rival boards of being a sting operation organised by law enforcement was a common practice designed to scare off members so that they would join the competition. If members were to desert DarkMarket, Matrix was convinced Iceman and CardersMarket would recruit them immediately and that might threaten DarkMarket’s very existence.
Furthermore, silo, dystopia and c0rrupted0ne appeared very keen – perhaps too keen – for Matrix to open another file, a compressed zip file, known as an rar. Zip files were some of the most notorious carriers of trojan infections, and he was certain this one was designed by the CardersMarket crew to suck all DarkMarket’s secrets from his computer. He began to wonder whether Iceman and his cohorts were now on stage two of an audacious plan, designed by the FBI, to wipe out DarkMarket.
It was by now about a quarter-past nine on a freezing November morning in central Germany, but Matrix knew he had to act swiftly. He immediately contacted his fellow DM administrators and warned them that Iceman and his cohorts were about to denounce DM:
matrix001: I did not download the file and open it, therefore i said my rar is not working
matrix001: I bet it was a trojan
matrix001: and if you check the info they passed it’s quite bogus . . .
matrix001: But take a read yourself . . .
19
DONNIE BRASCO
Pittsburgh, October 2006
Special Agent Keith J. Mularski of the FBI’s Cyber Division was distraught, and it wasn’t just because the Steelers were having a mediocre season after the previous February’s sensational victory in the Super Bowl. As a season ticket holder at Heinz Field, the Steelers’ home stadium, Mularski had always acknowledged that football was not a matter of life and death – it was more important than that. But for once his problems were even more serious than football.
For months and months he had been working as a cyber Donnie Brasco, immersing himself in the Web’s ever-expanding pool of criminality. True, his life was never in danger the way that Agent Joe Pistone’s had been when he assumed the identity of Brasco in the lairs of New York’s toughest mafia families. But it had taken Mularski a hell of a lot of work securing his bosses’ agreement for the unprecedented operation to go undercover in cyberspace. It was expensive to mount and contained the great danger of being denounced as entrapment. So FBI chiefs were scrutinising his every move for signs of a slip-up. What had just happened was no slip-up, though. It was a head-on collision.
The timing was atrocious. He had come a long way without his cover being blown. He was on the verge of enlisting the help of several foreign law-enforcement agencies to assist in his long-term strategy of executing a spectacular series of busts around the world. He had created and then nurtured a character, chosen a name and back story, and this figment had become real for many global cyber thieves in a remarkably short space of time. Mularski was a close confidant to several of his targets.
Now, because of the carelessness of a colleague who had left a file with a trace of the National Cyber Forensics Training Alliance letterhead on a computer, he was threatened with exposure and the collapse of an immensely intricate operation.
This was also the FBI’s first major foray into cybercrime. Until now the US Postal Inspection Service, but above all the US Secret Service, had dominated cyber investigations. By 2004 it was clear that cybercrime was one of the fastest growing sectors of organised criminal activity worldwide. More and more organisations, institutions and individuals were being hacked into. Credit cards were the biggest problem, because of the sheer volume being misused or stolen. But large companies were now victims of industrial espionage in which their commercial secrets were being stolen and sold on to competitors by some of the very hackers who were involved in credit-card fraud. Cisco Systems had allowed a Chinese competitor to steal and copy the plans for one of its most advanced servers – so not even supposedly computer-savvy corporations were immune.
The haphazard approach to network security, both in government and in private industry, was beginning to spook the White House, Congress and the Pentagon. Most government agencies and ministries were either unaware of their vulnerability or so overwhelmed by the number of attacks launched against them that they buried their heads in the sand, in the hope that the problem might just disappear.
However, that was not an option for the Pentagon. It was swamped trying to manage the fallout from Titan Rain, a series of sustained attacks on the Defense Department’s computer systems, originating in China and designed to gouge out all the classified secrets sitting in unwisely exposed files.
The big banks were still reeling from the so-called pvv (pin verification value) vulnerability that had cost Citibank and the Bank of America tens of millions in stolen cash during the Shadowcrew period, and although they had solved that problem, hundreds of other banks were still spewing out cash from their ATMs to carders.
In a word: chaos.
The implications were not hard to fathom. Before long, large amounts of taxpayers’ dollars would be diverted into the related problems of cybercrime, cyber industrial espionage and cyber warfare. No self-respecting law-enforcement agency would want to forgo a slice. From the FBI’s vantage point, the US Secret Service stood to gorge itself on three-quarters of a rich budgetary cake. First mover among the cybercops, and still basking in the glory of the Shadowcrew takedown, the US Secret Service was naturally eager to assert its primacy in this embryonic field.
The FBI, the largest and most powerful law-enforcement agency in America, had other thoughts. Its Director, Robert Mueller, was keen to move into cyber both to get the funding but also because he was instrumental in trying to refashion the FBI to become less of a police force and more of a domestic intelligence agency. Mularksi’s plan was not merely about busting criminals, it was about gathering information as well. This change of direction at the very top helped overcome the objections of some senior officials and Mularski, who had backed his request to mount the bold undercover operation with a dazzling presentation, got his authorisation. So when the Iceman fingered him, it was not just Operation DarkMarket that was teetering on the brink of failure. If this went south, those future tax dollars went with it and the apparent ability of the FBI to manage cyber operations. A heavy burden weighed on Mularski’s shoulders.
His initial reaction was despair. The game was up, he thought, and his hard-working team would have to prepare a humiliating explanation for the hierarchy, some of whom would be muttering, ‘We told you so!’ But one of the reasons the FBI had selected Mularski for its agent-training programme in the first place was because he was quick-witted in tight spots. And it was only minutes before he decided he would not give up without a fight.
The fortunes of Mularski’s family had closely followed those of twentieth-century Pittsburgh. His great-great-grandfather had secured a passage from Hamburg in 1892, arriving in Baltimore with just a dollar in his pocket. Keith may have been an all-American boy, but the ethnic identity of many of the city’s European communities remained strong – Polish, in Mularski’s case.
Interspersed among the modest wooden houses, Art Deco cinemas and dance halls of Pittsburgh’s now-picturesque South Side are the churches and community centres of the many Slavic communities – Czech, Polish, Serbian, Slovak, Ukrainian and more – who gravitated towards this strategically placed city in western Pennsylvania. Andrij and Julia Warhola, a couple of Rusyns from rural north-eastern Slovakia, emigrated to Pittsburgh in the early twentieth century before dropping the final ‘a’ of their surname and giving birth to one of the most influential
figures in twentieth-century art.
Mighty steel bridges and inscriptions to the Norfolk and Western Railway are some of the reminders of Pittsburgh’s central contribution to America’s global economic dominance of the twentieth century. Steel from these factories was moulded into battleships, planes, cars and industrial plant that spread across the world. Decades have passed since the black clouds that spewed from the steel-producing hydra last cloaked the city in darkness, distributing poisonous particles that once conferred the highest incidence of pulmonary disease in the United States.
The smog no longer hangs over the city, and Pittsburgh is now regarded as one of the most desirable places to live in the entire United States. The sun shines brightly and, after fifteen years of poverty and decline, the city quietly refashioned itself during the 1990s as an East Coast centre of the high-tech industry.
Mularski was one of those who fled the city in the 1980s after graduating in history from Duquesne University. At the time, there was nothing left. His father could have been the reincarnation of Willy Loman. One of the first to suffer the downturn in the stumbling giant’s fortunes, Mularski senior was laid off from his sales job in the 1970s and had been unable to find another post. The family lived precariously off the earnings of Keith’s mother, an executive assistant.
Pittsburgh’s population had shrunk by one-third in young Keith’s lifetime. He had no intention of watching it waste away any further, so he moved with his new wife to Washington DC. Taken on by a large furniture retailer that operated countrywide, Mularski demonstrated real skills in management and sales. At first glance, the work of a sales manager appeared to have little in common with cybercrime, but the techniques he learned with the company provided firm foundations for his work as a cybercop with the FBI.
‘Social engineering’ – the art of persuading somebody to do something that is objectively not in their interest – lies at the heart of cybercrime. How, the crook ponders, can I persuade my target to give up their password? To open an email with a trojan hidden within its code? Even to turn a computer on?
There are some obvious options available to the cyber thief. The two tried-and-tested methods are free music downloads and pornography. The sexual drive is one of the most powerful of all – it has to be, because in evolutionary terms finding a mate has often proved a hazardous business. We are prepared to take huge risks to satisfy our sexual desires, and computer-virus manufacturers were swift to grasp this. The promise of a pair of breasts is often all that is needed to tempt an unsuspecting user to press on a hyperlink that will download a destructive piece of malware onto his machine. If he’s lucky, he’ll actually be redirected to the picture, although that’s scant compensation for handing over all the secrets on his desktop to a faceless controller far away. Not by chance was one of the most successful viruses spread via email with the subject line ‘I Love You’.
While sales managers tend not to spread viruses, they are, like cyber thieves, accomplished engineers of the human soul. Their job is to convince potential customers to invest in items that are either unwanted or unnecessary. ‘To sell something you have to someone who wants it – that’s not business,’ the mobster king, Meyer Lansky once remarked. ‘But to sell something you don’t have to someone else who doesn’t want it – that is business.’ At the very least, sales managers can persuade customers to buy more expensive items. So when the recently minted Agent Keith Mularski was accepted into the infant Cyber Division of the FBI, he brought with him a prized asset – the ability to cajole, josh, empathise, exhort, inveigle and entice. For a cop, he was a very convincing criminal.
By the year 2000 Pittsburgh had been transformed. It had always benefited from huge philanthropic bequests. Stamped everywhere around town are the marks of Carnegie, Heinz and Mellon, collosi of America’s industrial surge on either side of the turn of the twentieth century. Part of the city’s reinvention after the collapse of manufacturing lay in its investment in computer science and technology at the Carnegie Mellon University (CMU), rated as one of the world’s top twenty higher-education establishments.
Founded by the towering Scottish-born industrialist, Andrew Carnegie, the university began as a technical school and merged with the Mellon Institute of Industrial Research in 1967. During the bleak years of the 1980s and early 1990s, the CMU studied the demise of Pittsburgh and researched ways of resuscitating it. The university was also well known for its work in the area of computer security. Outside of the Massachusetts Institute of Technology and Silicon Valley, Pittsburgh arose as a rare outpost of intense geekdom in the United States, with a specialist bent towards security issues.
The expertise of the CMU explains much about the new Pittsburgh, including the emergence in 1997 of the National Cyber Forensics Training Alliance, a not-for-profit organisation with support from the banks and various corporations, aimed at bringing together professionals from academia, the private sector, law enforcement and intelligence to act in the face of growing network insecurity. And that is why Keith Mularski returned home soon after the millennium to work in the unassuming glass-fronted offices on 2000 Technology Drive.
As he stared out of one of those windows on the fourth floor, he was aware how he was almost single-handedly responsible for this entire FBI operation. He was working with a great team, but it was he who had persuaded his bosses, in the teeth of deep scepticism, to give him the go-ahead. It wasn’t only the reputation of the Feds and their budgetary concerns on the line – it was his job, for God’s sake.
Then he remembered what he was really good at: sales. Or, better still, social engineering.
When the news flashed around the criminal bulletin boards that DarkMarket belonged to the Feds, he calmed down, reminding himself that self-pity helped no one. He needed to launch a counter-attack immediately. He approached Grendel, perhaps the most mysterious DarkMarketeer of all. In real life, Grendel worked for an entirely legitimate high-end security company in Germany, but he also offered his services against payment to major cyber criminals. DarkMarket depended on his Virtual Private Network (VPN), which was an almost complete guarantee of anonymity – but beyond that, Grendel had also constructed four ‘shells’, software that can render users effectively invisible.
Grendel was able to produce the previous verifiable logins from the shells, none of which mentioned Pembrooke Associates anywhere. Mularski proudly boasted to all members of both CardersMarket and DarkMarket that this was his VPN service, and the only person to have come up with the Pembrooke Associates login was . . . Iceman. Using his sales techniques, the Nemesis Mularski was flipping the searchlight away from himself and shining it right into Iceman’s eyes.
The typos on the headed notepaper that Matrix001 had spotted were the cherry on the cake. Iceman had a history of flinging wild accusations at anyone who irritated him and, during his tenure as the master of CardersMarket, almost everyone had irritated him at one point or another. He had few friends out there. Equally, the idea that Iceman was up to his old tricks as a confidential informer for the Feds took root once again – a thesis that Mularski fanned energetically.
Far from destroying DarkMarket, Iceman had achieved the opposite. It emerged stronger than ever and was now recognised by almost everyone as the primary English-language criminal carding site in the world. Mularksi’s quick thinking had averted a real disaster.
20
A CUNNING PLAN
JiLsi was as pleased as punch. CardersMarket and Iceman were still on their feet, but reeling from the counter-punches that followed the revelations about DarkMarket as a sting site. A majority of carders now believed (wrongly) that CardersMarket was the sting site and DarkMarket kosher. In consequence, DarkMarket started growing again, towards its eventual membership of 2,000.
Of course there were still rumours that maybe all was not what it seemed among the administrators of DarkMarket, but by this stage there were as many pack animals among the carders as there were ‘lone wolves’ from the pioneering days o
f cybercrime. The pack had turned on Iceman and was running with DarkMarket.
By December 2006 the DarkMarketeers were doing a sterling job. JiLsi was proud of his achievements – at last he was a respected family member, recognised for his selfless and efficient work. He had built up a great team: Matrix, Master Splyntr and Cha0 were first-class administrators, and all members had confidence in their escrow service. Shtirlitz and Lord Cyric provided back up and credibility. They were quick to spot rippers and scammers, summarily dealing with these bottom feeders whenever they emerged from the cyber sewers. Ever more deals were being struck between members, and the revenues began their ascent towards the golden days of Shadowcrew and CarderPlanet.
It had been more than two years since the Shadowcrew bust and a sense of complacency had also set in. The ‘lone wolves’, who now comprised a minority on the boards, never let their guard down. They took care not to incriminate themselves. Recka, the fraud king from Sweden, scrupulously avoided the trade in American credit or debit cards, as this would place him squarely in the sites of US law enforcement; the Swedes and other Europeans he could handle, but he was careful not to poke the Americans in the eye.
But many of the carders, especially the younger ones, were lax in their security, eschewing the use of encryption in their icq chats and failing to maintain proper VPN and tunnelling systems to mask their IP addresses. In Pittsburgh, however, Mularksi was steadily building a database with a program of his own design, which was able to cross-reference the activities of individual carders – he was reading their messages, logging their icq and IP addresses and, where possible, linking these to E-Gold accounts.
Unbeknownst to the users of this digital currency facility, government agencies had enjoyed full access to the records of E-Gold, the carders’ favourite method of transferring money among themselves, since February 2006. This followed the arrest of its founder, Douglas Jackson, in Florida on suspicion that the service was being used for money-laundering. Few (if any) of the cyber criminals, though, had put two and two together with respect to E-Gold. Russians eschewed such Western-based companies, registered in Belize, preferring WebMoney instead, based in Moscow beyond the reach of Western law enforcement.