DarkMarket: Cyberthieves, Cybercops and You

Home > Other > DarkMarket: Cyberthieves, Cybercops and You > Page 14
DarkMarket: Cyberthieves, Cybercops and You Page 14

by Misha Glenny


  Armed with this growing body of evidence, Mularski made contact with the police in a number of European countries as autumn turned to winter in 2006. He talked to the Serious Organised Crime Agency (SOCA) in the United Kingdom, to the Federal Police in Germany and, later on, to the regional force in Baden-Württemberg.

  He also approached the OCLCTIC in Paris, the recently formed and prosaically named Central Office in the Struggle Against Information and Communication Technology-related Crime. The reception he received here was a touch chilly. The French police are generally keen to cooperate with the United States, especially in the areas of terrorism and cybercrime, but traditional suspicion of America and its intentions in Europe still runs deep in French society. Any government that appears to be cosying up to the US is in danger of losing electoral brownie points, and so it cautions its organs to be circumspect in their dealings with Washington agencies.

  The boss of OCLCTIC, Christian Aghroum, thought it ridiculous that every time he and his officers sought the assistance of a company like Microsoft, they ran the risk of an outcry, containing predictable accusations of the police being in the pocket of giant American corporations. The fact was, Aghroum knew, that you couldn’t really start combating cybercrime unless you had a degree of cooperation with companies like Microsoft. Articulate, and a shrewd analyst of the political minefield that surrounds international policing, Aghroum was resigned to the fact that neither politicians nor the public in France had any idea about cybercrime and what you need in order to defeat it. Most French people seemed to harbour the illusion that you can combat and contain transnational crime from within your own borders, especially if the criminal in question could not speak French.

  But Mularski was in for an even greater shock than the well-known issue of Gallic anti-Americanism. OCLCTIC, he was told, had already been working for several months with the US Secret Service on a case related to . . . DarkMarket. A parallel investigation was under way and he had known nothing about it. Moreover, the US Secret Service showed no inclination to share information about their investigation. A few months earlier the boss of the Secret Service’s Criminal Investigation Division had testified to Congress that due to its close cooperation with ‘other federal, state and local enforcement . . . we are are able to provide a comprehensive network of intelligence-sharing, resource-sharing and technical expertise’. He forgot to tell that to the team investigating DarkMarket, because they refused even to share with the FBI who they were targeting. Matters were about to get complicated for cybercops and cyber thieves alike.

  Most DarkMarketeers were not focusing on law enforcement at the time (except the ones collaborating with Mularski). Rather, they wanted to assert the site’s supremacy by finishing off Iceman. JiLsi took it upon himself to administer the fatal blow. If he succeeded, it would be his finest hour and his reputation would be considerably enhanced. He had also had enough of Iceman’s repeated incursions, which created endless extra work for him; and the bilious rhetoric, Iceman’s trademark, was also getting to him.

  JiLsi’s plan was simple. He created an anonymous email account, which he used to send messages to Iceman’s Internet Service Provider. He warned the ISP that CardersMarket, which it hosted, was a criminal site and its owners were involved in major credit-card fraud. When Iceman discovered the account from which the denunciatory emails were being sent, he used JiLsi’s password, MSR206 (the name of the legendary credit-card cloning machine used by all good carders), and – hey presto! – it worked. Iceman discovered JiLsi was bad-mouthing him to his own ISP. This was unforgivable. JiLsi had indeed crossed a line that no (dis)honest carder should ever breach, regardless of how bad relations became: he had ratted on a member of the fraternity. Worse than that, he had been caught doing it.

  Iceman disseminated the news far and wide. Before long it came to the attention of Cha0.

  In the aftermath of the Iceman accusations, everyone was still feeling a little jittery. Were the Feds on the case? But more than this, if they were, ‘Who the fuck was working with them?’, as one of the DM administrators put it. Iceman, Splyntr, c0rrupted0ne or Silo from CardersMarket; Shtirlitz, the enigmatic ‘Russian’; or perhaps DarkMarket’s new moderator, Lord Cyric? Or someone else?

  The two people whom nobody had hitherto accused of working for the police were Matrix001 and JiLsi. They had occasionally accused the latter of incompetence (and not without reason). But police work? Never. Iceman had long known JiLsi’s password from his hacking forays. But now everyone appeared to know it. There was some suspicion that a third party had infiltrated a trojan onto JiLsi’s beloved memory stick and that they were now monitoring every keystroke he made, thus becoming privy to DarkMarket’s deepest secrets. Or maybe JiLsi was not who he said he was . . . maybe he was somehow connected with the mystery company from 2000 Technology Drive – Pembrooke Associates?

  A few days before Christmas 2006, JiLsi logged onto DarkMarket as usual to check out the traffic. He wasn’t on for long before heading out again to attend to his real-life affairs. That afternoon he was back. ‘Username: JiLsi,’ he typed. ‘Password: MSR206.’ In a blink, the machine returned ‘Incorrect Username or Password’. Automatically JiLsi tried again, assuming he had made a typo. The result was the same. He tried again and again.

  There was no room for doubt: JiLsi, spiritual owner and chief administrator of DarkMarket, had been excluded from his own site. Panicked, he tried to log onto www.mazafaka.ru. No dice. The Vouched – another of his sites – no entry.

  It wasn’t long before cold turkey kicked in. JiLsi had never known such a painful downward spiral. His entire life had been snatched away from him – or at least the only thing that really meant anything to him. He was angry, hurt and upset. Who had done this, and why? His response was to lose himself in the anaesthetic qualities of Martell chased by a pipe of crack. The pain receded for an evening and a night, but he awoke to a misery more intense than the previous day.

  JiLsi finally managed to establish icq contact with Cha0. The chat left him reeling. ‘We know you have been working for Scotland Yard and the High-Tech Crime Unit,’ Cha0 told him. ‘Your decision to rat on Iceman was the ultimate proof. We know that you are working with law enforcement. You have been excluded from all sites.’

  JiLsi was speechless. Everything he had worked for had disappeared in an instant, and now he was the fall guy. What next? Where to? Despair and drift, JiLsi, despair and drift.

  Part V

  21

  THE DRON LEGACY

  Calgary, Alberta, 2006

  From his early days advertising on Shadowcrew, Dron had always received the warmest reviews for his work. ‘I received Dron’s skimmer yesterday afternoon,’ one satisfied customer posted on DarkMarket. ‘Spent the evening testing it and am very, very impressed. Dron has got a first-rate product here, one that’s well worth your time and money.’

  Dron had been as good as his word. ‘Shipping was fast. The packaging was discreet,’ the poster continued. But it wasn’t the efficient dispatch of goods that made Dron so popular, it was the aftercare service he provided that ensured clients came back for more. ‘Now, customer service, for me, that’s really where Dron comes through. He sent updates to his buyers on a regular basis and when I emailed with my concerns or questions, I invariably had a reply within twenty-four hours. Pretty damn impressive.’

  Thanks in large part to the Internet, the culture of consumer rights and expectations has finally filtered through into the criminal world. If a criminal was shafted by a vendor on the Internet, it would be difficult to track the offender down and deploy the traditional method of expressing one’s unhappiness at shoddy service – physical violence. Instead, criminals selling illegal wares over the Web have to compete by offering the best service.

  In another age, Dron would have risen swiftly to the top. He may have left school at fifteen, but he combined this entrepreneurial flair with a creative streak. It was after his father had taught him how to play the stock ma
rket on the Internet that he came across the criminal bulletin boards and, as a twenty-four-year-old, signed up to Shadowcrew, DarkMarket’s most successful predecessor, in the spring of 2004.

  But his greatest skill lay in an innate engineering ability. From scratch, he taught himself how to design and build skimmers that fitted the two most popular ATMs around the world. These were complicated and intricate devices and worth every penny of the $5,000 he charged for each one (discounts offered on bulk sales, naturally). Not only would he respond to queries from customers, but he dispatched each product with an instruction manual, the appropriate software and a free USB cable.

  His library also revealed how seriously he took his job. Alongside Document Fraud and Other Crimes of Deception stood Holograms and Holography and Secrets of a Back Alley ID Man. But perhaps his most important volume was Methods of Disguise. When dropping into one of his home town’s many Internet cafés in order to manage his sales and marketing over the Web, Dron would generally wear a black baseball cap and black jacket. But for his forays into the post office, or when he was cashing out a credit card as payment for one of his skimmers, he would prefer a red cap and blue windcheater.

  The United States Secret Service had first spotted Dron as a significant presence on Shadowcrew. Of course, the administrator on Shadowcrew, Cumbajohnny, was an informant for the Secret Service. But Dron did not belong to Cumbajohnny’s Virtual Private Network, the chief means by which the Secret Service monitored members’ activity. He was not in the United States, nor was he an easy target. Hence he was not a priority. But the Secret Service did not forget Dron. Instead, they started to build a relationship with him.

  Although a youngster compared to the US Postal Inspection Service, the Secret Service has the longest history in fighting cybercrime. The US SS was formed in 1865, not to provide armed protection for the President – that was one of Congress’s central responses to the assassination of President McKinley in 1901. The original and abiding purpose of the agency was to detect, investigate and then seek the prosecution of anybody found manufacturing or dealing in counterfeit currency. Soon after it was established, Congress also charged the agency with investigating financial fraud.

  In the wake of the Second World War, the Bretton Woods agreements established the United States as the undisputed leader of Western economies and the dollar as the chosen reserve currency in the capitalist world. Although the Soviet Union and China rejected the dollar’s supremacy, both communist superpowers were nonetheless eager to accumulate as many greenbacks as possible. In a world where most governments kept a tight rein on foreign-exchange flows across their borders, the ubiquity of the dollar as a form of payment greatly increased the attraction of issuing counterfeit US currency.

  The result was an internationalisation of the Secret Service’s operations, as crooks and governments around the world sought either to enrich themselves or to undermine American power by printing their own dollar bills. Wherever you are reading this, you can be fairly confident in the knowledge that there is a Secret Service operative in a nearby location. But while the agency has a long arm, there are nooks and crannies that not even it can reach – in the 1990s, for example, the superdollar spread around the world. The US government believes that these batches of fabulously accurate but nonetheless fake $100 bills emanated from printing presses in North Korea – one of the few areas that are off-limits to the Men in Black.

  Taking a bullet for the Prez and chasing dodgy dollars are tough enough jobs, but in 1984 Congress requested a further expansion of Secret Service activity to include the investigation of credit- and debit-card fraud, counterfeit documents and computer fraud.

  Over the next two decades the organisation that is, by some way, the most secretive American law-enforcement agency developed a specialisation in cybercrime, leading to an operational capability second to none. But the Secret Service employs only 6,500 people. The FBI, by contrast, is almost 30,000 strong. More recently, the US SS has been absorbed into the Department for Homeland Security, which has wounded its pride. There is no love lost between the two agencies. Whether this is due to the Secret Service’s inferiority complex or the FBI’s superiority complex is hard to tell – it’s probably a bit of both. Either way, they have a history of niggling disputes, which impact on major operational issues.

  After the Shadowcrew takedown, the Secret Service decided to nurture a relationship with Dron, who had joined DarkMarket in late 2005, where his reputation as a seller of skimming machines grew so rapidly that he soon established his own website, www.atmskimmers.com. For many months the Buffalo office of the Secret Service toiled to establish Dron’s whereabouts. The vendor was using the Israeli email service Safemail, because he knew that the company blocked the sender’s IP address, which meant that the recipient could not track him down. The Secret Service finally got its break in January 2006 when Safemail agreed to release Dron’s IP addresses after the US SS’s request had forced its way through Israel’s dilatory criminal-justice system. Dron, it turned out, was using a variety of computers located throughout the Calgary area in Canada’s oil-boom province, Alberta.

  The next eighteen months were to prove an exacting period for Detective Spencer Frizzell of the Calgary Police Service. The Secret Service offices in Buffalo and Vancouver would provide him with one IP address, which they received from Safemail each time the undercover agent exchanged an email with Dron. These addresses always belonged to some Internet café or other. By the time he had actually located the place, the bird had of course flown. Until he started on this case, Detective Frizzell had no idea that there were so many Internet cafés in Calgary or how popular they were. He felt increasingly as if he were looking for a needle in a haystack.

  For months, Dron’s use of Internet cafés appeared to be random. One day he would pop up here, the next day three miles away. Sometimes he disappeared from Calgary altogether, raising the fear that he was gone for good. But he always returned and, after several months, Frizzell had a major breakthrough. Pinning flags on a map, he spotted that all of Dron’s Internet cafés were close to the stops on Calgary’s Light Rail Transit, on the line that runs from Somerset to Crowfoot. He also noted two or three shops that Dron seemed to favour.

  That meant he had enough information to apply for a surveillance team. He came up against the usual objections that cybercops the world over encounter. Who are the victims in Calgary? What is your evidence of turnover due to criminal activity?

  Frizzell received his authorisation, but only for a limited period and with very few human resources. Generally, when he received a tip-off from the Secret Service that Dron was online, he would grab anyone he could from the office and head out for somewhere along the Light Rail Transit.

  The Calgary detective performed a heroic job for more than a year, slowly narrowing down the suspects until he was convinced he had the man. What he didn’t know was that he was at just one of the sharp ends of a larger Secret Service operation that included not only Dron, but also a number of targets in Europe. The US SS had contacted SOCA in London and the OCLCTIC in Paris. ‘That’s the way we operate,’ said the Secret Service spokesman, Edwin Donovan. ‘We really push out our collaborative effort, working with police all over the world. We go to the agency that’s working these type of crimes and say that we have this target – and of course sharing information is a key in these cases.’

  So the Secret Service was sharing information with the police in Britain, Canada and France. But one group of agents they still weren’t sharing it with was their colleagues at the FBI. The evident rancour between the two US agencies sowed confusion among the Europeans – in the end, the French worked with the US SS, the Germans with the FBI and the British politely balanced the two. This resulted in a moment of profound irony, as the only people in the world who knew that the FBI and Secret Service were targeting the same person, JiLsi, belonged to a foreign police force, the Serious Organised Crime Agency in London. It got worse – officers from SOCA
realised that the competing American forces were actually investigating each other’s undercover agents as suspected criminals. Eventually a senior British civil servant gently informed a higher authority in Washington that perhaps the FBI and the Secret Service should put aside their differences, at least for the duration of the investigation.

  22

  DUDE YOU FUCKED UP

  Baden-Württemberg, 2007

  It was a pleasant evening in early May, although it didn’t feel much like springtime to Matrix001. The external world receded as his mouth dried and his eyes ran over the email one more time.

  Your landline is tapped.

  Cops in UK, Germany, France are onto you . . . Hide evidence.

  Warn others . . . Cops know matrix-001 is detlef hartmann from eislingen . . .

  You only got a few weeks before cops hit in uk and france . . . Warn all carders you can get hold of.

  What did this mean? Who did it come from? He looked at the sender’s address again: [email protected]. That was probably randomly generated. And it was impossible to identify anything about the author, except that his English appeared to be fluent.

  Matrix decided he should consult his fellow DarkMarket administrators and a couple of other confidants. What, he asked, did they all make of this? Their replies were oddly bland, in some cases almost indifferent, mere warnings for him to keep an eye out.

  In Pittsburgh, Keith Mularski felt anything but indifferent. The email extracts that he and the others had received from Matrix meant only one thing: the operation was being leaked. And if it was being leaked to Matrix, who else was being tipped off? The timing could hardly be worse, as for several months the FBI had been planning the first wave of DarkMarket arrests. It was bad enough having to deal with an uncooperative Secret Service. The German police from the federal state of Baden-Württemberg (LKA) had heard that their French colleagues were preparing a DarkMarket related bust, but the French police had snubbed them, saying that their presence at a planning meeting in Paris with Britain’s SOCA and the Secret Service would be unnecessary.

 

‹ Prev