Book Read Free

DarkMarket: Cyberthieves, Cybercops and You

Page 19

by Misha Glenny


  But today he had no time to reflect on Pittsburgh’s snow-clad post-industrial aesthetic. He had just read something disturbing on the DarkMarket boards. According to apparently reliable information coming out of Istanbul, Cha0, the cyber criminal under investigation by Inspector Şen, was ‘one of the big boys, rich and powerful’. For a Turk, the phrase was easy to decode: the target had friends in high places, a Turkish copper’s worst nightmare.

  Inspector Şen had been working at the National Cyber Forensics Training Alliance for almost three months. On his first day he had been waiting in reception to be greeted by the organisation’s boss when by chance Agent Keith J. Mularski strolled in, bright and charming as always. He introduced himself and, on learning that Bilal was from Turkey, immediately started telling him everything he knew about Cha0, DarkMarket’s notorious administrator and master criminal. Mularski and Şen were a splendid match.

  When he entered the office area on the fourth floor of 2000 Technology Drive, the Turkish policeman was struck by the appearance of the place, which looked more like an insurance company than the frenetic high-tech environment familiar from TV programmes like CSI New York. One room that was tucked away was littered with the tools of computer forensics, machines that offer up the innermost secrets of any digital device. But this tech examination room was barely visible and was sealed to prevent the intrusion of any trojan or other malware from contaminating objects under investigation (as with their organic counterparts, computer viruses are sometimes airborne). That aside, the offices were quiet, orderly and unremarkable.

  On that first morning, Keith showed Bilal the whiteboard in his office with the name ‘Cha0’ atop the pyramid of criminals connected to DarkMarket. Inside, the Turkish policeman felt a twinge of shame. With the support of colleagues in Britain and Germany, the Feds had taken down two of DarkMarket’s most energetic administrators, JiLsi and Matrix, six months earlier. Arrests had already been made in Britain, Germany, Canada and France, and further arrests in the United States were being prepared. So the officer from Ankara felt it a stain on his national pride as well as on his personal reputation that his fellow Turk was now among the most-wanted cyber criminals in the world.

  Turkish police, and particularly its organised-crime department, had come a long way in the previous decade, and Bilal was determined to prove that even with many fewer resources available to him than to his counterparts in Western Europe and America, the young Cyber Crime Unit based in the Turkish capital, Ankara, was capable of playing in the big league.

  Police officers from around the world were always dropping in and out of the FBI offices. They came to learn from their American counterparts, but also to build networks of mutual assistance. Cooperation between police forces from different countries usually groaned under the weight of intolerable bureaucratic procedures, and personal friendship among cops was the quickest way to bypass that.

  Bilal had come on a three-month attachment. As a Turk, he was a novel, if potentially very useful contact for the Feds. In 2003 he had been one of the two co-founders of the tiny Cyber Crime Unit in Turkey’s Anti-Smuggling and Organised Crime Division. And compared to the perpetrators, the inspector had no resources.

  For his part, Bilal Şen wanted to learn from the FBI. Not that he was inexperienced. He had joined the police as a fifteen-year-old in 1989, signing up for the gruelling eight-year officer training course – the longest in the world. This was odd, as with his small stature and thoughtful manner, Inspector Şen resembled a Turkish Hercule Poirot more than the traditional image of a tough Balkan cop moulded by rural bandits, urban narco syndicates and a brutalised criminal-justice system.

  Police college had proved a taxing regime. However, what pained Bilal most were not the spartan quarters and unforgiving assault courses, but the complete absence of computers. From a young age he had taken any opportunity to sneak into the local games arcade in his home town of Eskışehir that sits midway between Istanbul and Ankara in northern Anatolia. He was only about six years old when he came across the game River Raid. Every minute of his spare time was spent flying a two-dimensional fighter plane up a river, firing on tiny helicopters, ships, tanks and dirigibles while trying to refuel at the same time. Gripped by that mysterious fusion of repetition and occasional reward that keeps so many children, adolescents and young adults glued to their computer screens, Bilal had an obsession with games that mirrored that of many proto-hackers at the same age. Equally, he was gripped by the same determination to win.

  Perhaps that stubbornness helped the raw recruit through his first posting at a village police station in the middle of Anatolian nowhere. Although this was by now the mid-1990s, the only machine here was an ancient manual typewriter. Taking down witness statements was considered below his dignity as an officer, but Bilal was so determined to improve his typing that he spent many an hour banging on those keys. When he wasn’t doing that, this remarkable autodidact was teaching himself Mandarin.

  When he applied to join Ankara’s elite Organised Crime Unit, the chief there asked Bilal why he was learning Chinese. ‘With China opening its doors to the outside world,’ he answered, ‘we are soon going to need Mandarin-speakers in the Department for Organised Crime.’ That reply swung it for him and he landed the job.

  Once in the Turkish capital, the young detective signed up for a Masters at Ankara University, again off his own bat and in his spare time. He selected a topic unknown and unstudied in Turkey – ‘The Opportunities and Risks of E-Government’ – in which he considered the relationship between privacy, civil rights and cybercrime.

  Bilal Şen began to monitor the proliferation of Internet crime in his country, one of the few Turkish policeman with the capacity to do so – the only other organs of state already aware of the strategic importance of cyber security were the military and civilian intelligence agencies, but they, of course, never advertised their capabilities or motives.

  Together with a colleague, Bilal set himself the Herculean task of persuading the unwieldy Interior Ministry to divert some of its precious funds to the establishment of a Cyber Crime Unit. It took three years of pleading, cajoling and politicking. Fortunately, he had a collaborator who had mastered the Ottoman art of striking the right tone with the appropriate bureaucrats in the Interior Ministry.

  As with all the cybercrime units springing up in police forces around the world, Turkey’s new department was able to exploit the fact that virtually nobody else in the ministry understood the dark side of computers. Once given the go-ahead, the two men found themselves oddly free from outside interference, as nobody else had a clue what they were doing and they were hardly a burden on the Exchequer.

  While the Inspector’s own government was scarcely aware of his work, his counterparts way across the Atlantic had soon taken note of his achievements. In the summer of 2007 as police in Germany and Britain arrested the DarkMarket administrators, Matrix001 and JiLsi, Turkey’s cybercrime team had put one of the most notorious cyber criminals, Maksik, behind bars. A major player on DarkMarket (he had supplied amongst others the French hacker, Lord Kaisersose in Marseilles with ‘dumps’), Maksym Yastremsky from the north-eastern Ukrainian city of Kharkov had assumed he would be safe in Turkey – not only did no cyber criminal ever get arrested there, but relations between Ukraine and Turkey had never been more cordial, especially in the underworld.

  The Ukrainians also adored the country for its gorgeous coast – Antalya’s beautiful beaches had become a de rigueur destination for cyber thieves from both nations.

  The US Secret Service had been tracking Maksik for two years. They had successfully stolen the secrets of his laptop in 2006 and then set up meetings between him and an undercover Secret Service agent in Thailand, Dubai and Turkey. In the past, cooperating with the Turkish police had proven awkward, if not downright impossible. But in arresting Maksik while he was languishing in Antalya’s blistering sunshine, Turkish police had sent out a signal that on cybercrime, they were keen to coope
rate and they had the know-how to do it.

  Although the JiLsis and Matrixes of this world were no longer treading the DarkMarket boards, the rest of the crew were still active – indeed, DarkMarket was again experiencing a surge of criminal activity. Ironically, the key to that revival lay in the arrest of another cyber criminal: Iceman.

  In September 2007 US law-enforcement officers had finally tracked down Max Vision at his hideaway apartment in downtown San Francisco. CardersMarket had crumbled with Iceman’s demise and so, while mazafaka controlled the Russian carding scene, DarkMarket was now the unchallenged champion of English-speaking cyber criminals. Directly or indirectly the site was still generating hundreds of thousands of pounds of illegal profits every month and it remained as popular as ever among carders and hackers.

  There were now three key players on DarkMarket: Cha0, Master Splyntr and Shtirlitz. The mysterious Lord Cyric would soon join them. Cyric’s presence on the carding scene was generating enmity and adoration in equal measure among carders. Those who loathed him believed him to be the FBI plant, Mularski, although there was also a suspicion that Master Splyntr and Shtirlitz were actually working for, or with, US law enforcement. The one thing that everyone agreed upon, whether cop or hacker, was that the most serious criminal remaining on the board was Cha0.

  In contrast to their bulging dossiers on his fellow DarkMarketeers, Mularski and Şen knew just two salient facts about Cha0 himself: he lived in Istanbul; and he had a thriving business selling so-called ‘skimmers,’ that essential tool of the fraudster in the Age of Plastic. But the detectives had no real name for Cha0; no physical address; no IP address and no known associates. Either Cha0 didn’t exist (not impossible) or he never made mistakes.

  If it was the latter, then Cha0 would appear to have perfected a system of disguising his digital tracks so that the forensic sleuths found it impossible to home in on his location. Part of that masking system was provided by Grendel, who helped out DarkMarket (against payment) in his spare time. This was ironic as Grendel was also providing the shell system that disguised the location of Mularski’s servers. Grendel had originally been invited to provide these services to DarkMarket by JiLsi – in real life he worked for an IT security company in Germany. It was ironic, but somehow very DarkMarket, that he ended up offering security to criminals and cops alike on the website.

  Despite intense efforts, Bilal Şen had failed to match Cha0’s style (or MO, as the police describe it) with any known criminals in Turkey itself. The two fundamental aspects of the Internet’s darkside seemed to coincide in his personality: he was a geek with mesmeric technical skills, but he was also a gifted criminal who attended to every last detail and left nothing to chance. It was also possible that Cha0 was the collective name of a well-organised syndicate, although linguistic analysis strongly suggested that only one person was actually formulating his posts and messages on the Internet.

  So when Bilal got the message from Istanbul that Cha0 was ‘one of the big boys’, he was not only worried, but he knew that from now on he would have to tread carefully even in a country that was modernising as fast as Turkey.

  After the millennium Turkey had become an increasingly attractive venue for hackers, crackers and cyber criminals. In the late 1990s much cyber criminal activity had clustered in certain regions of the so-called BRIC countries. An economist from Goldman Sachs had conferred this acronym on Brazil, Russia, India and China as the leading countries of the emerging markets, the second tier of global power after the G8 (though, politically, Russia straddles the two).

  The BRICs shared important social and economic characteristics. Their economies were moving and opening after several decades of stagnation. They had large populations whose combined efforts registered huge growth rates, while a resurgence in exuberant and sometimes aggressive nationalism accompanied the transition to the status of dynamic global actor. Their education systems offered excellent basic skills. But, combined with extreme inequalities of wealth, this spawned a new class of young men, poor and unemployed, but – in contrast to earlier generations – with great material aspirations as they absorbed the consumer messages that are an intrinsic part of globalisation. To meet these aspirations, a minority started beavering away in Internet cafés, safe from detection by law enforcement or indeed anyone else, where they found myriad online opportunities to educate themselves in the art of hacking.

  Turkey qualified as an honorary BRIC, with an economy that, when compared to Russia’s, for example, looked much more dynamic. The country’s population, at around eighty million, and its growth rates were increasing even faster than those of the acknowledged BRICs. Everyone recognised its strategic importance, nestling against the Black Sea and Mediterranean Sea while bordering Bulgaria, Greece, Iran, Iraq, Syria, Armenia: there is barely a neighbour that hasn’t experienced a major upheaval or war in the past two decades. The unpredictable has been ever present in Turkish politics but, as the millennium turned, Turkey’s burgeoning economic power and sophistication emphasised its pivotal role in several vital geo-strategic regions – the Middle East, Central Asia, the Black Sea and the Balkans.

  The country had been slow to develop its Internet infrastructure in the 1990s, but in recent years it had begun to catch up rapidly. Istanbul, Turkey’s economic engine, hosted an explosion of successful start-ups along with the design, media and service companies that benefited from them.

  On the downside, the size of the country, its improving infrastructure and the broadening education of the youthful middle class represented an opportunity for cybercrime. Until Bilal Şen’s unit was properly up and running in 2005, there was little to prevent crackers and hackers from operating on the Web from inside Turkey without fear of detection. The Cyber Crime Unit was beginning to make a difference, but it was an uphill struggle. If Inspector Şen were able to track down Cha0, it would be an important feather in the unit’s cap.

  But just before the Inspector was due to return to Turkey from Pittsburgh in mid-March 2008, he received another alert that further complicated his investigation into Cha0. This time his Istanbul contacts provided details of a baffling interview given to a well-known news organisation, Haber 7, by a Turkish hacker named Kier, who confessed that he was a fugitive from the law.

  Haber 7’s reputation was based in part on the spiritual backing it received from a huge domestic Islamist movement, called The Gülen Community, which promoted the philosophy of its leader, Fethullah Gülen, who was living in exile in the United States. As a Community news organisation, Haber 7 was broadly sympathetic to the governing AK Party, which was pro-Islamic but democratic.

  The young hacker, Kier, had approached the news organisation to claim that not only did he know Cha0, but, he hinted, the person or people behind DarkMarket’s most successful mystery avatar were planning to expand his/their criminal empire. The article included a photograph of the hacker talking in an Istanbul café. The photograph was taken from the back, but some of the hacker’s profile was visible.

  Bilal did not yet know that the hacker was a young man named Mert Ortaç. This odd character was thought to be an accomplice of another cyber criminal called Cryptos, who had been arrested in January 2008 for allegedly hacking into the Akbank, one of Turkey’s biggest financial institutions. In many respects, the Akbank case was a bigger deal than DarkMarket because the team had actually hacked into the bank’s main system, by means of a vulnerability in its operating system. But neither the Istanbul police nor the Anti-Organised Crime Division had the faintest idea where Ortaç had been hiding. And suddenly he popped up talking to a journalist.

  Despite being under surveillance both by the Istanbul police and by a posse of intelligence agents, Ortaç told the paper that he had given them all the slip in December 2007 and gone underground. He had surfaced only once to convey his strange and fragmented tale to the newspaper.

  The Istanbul police were red-faced about his cameo appearance. The implications of his interview – the ease with w
hich he had evaded capture – were troubling. To compound the police’s misery, the hacker warned them that the arrests in the Akbank case would have no impact on the security of Turkish banks because an altogether more formidable criminal was now in the process of skinning them for all the money he could – and that his name was Cha0. (Bilal Şen, of course, had heard of Cha0, but this was the first time he had been talked about in public – and by a mystery man.)

  Ortaç had alleged that Cha0 was being protected by government officials. The interview at least confirmed for Şen that Cha0 existed. Nonetheless, when he read it, the Inspector felt himself looking into the abyss. Who could possibly be protecting Cha0, and why?

  27

  THE SUBLIME PORTAL

  Looking up from his notes, Inspector Şen felt his unease gradually mutate into fear. Now, it emerged that Cha0 himself had sent a message to the news channel Haber 7 in response to Ortaç’s interview. It was an extraordinary outburst, seasoned with strong pinches of megalomania and iron conviction. ‘I am the ultimate Law Enforcer on DarkMarket,’ he thundered. ‘I prevent the work of cops and rippers. I create the rules and everyone will obey.’

  The Inspector’s contacts soon indicated that Cha0 might well be beyond the law. Şen spoke to his oldest friend in the Istanbul police. It was frightening stuff: both men were worried that Cha0 might have a mole inside the police, who would obviously be informing his boss of the investigation’s progress. If they were unable to trust their team, their backup and, most importantly, their superiors, then how could they possibly take the case any further?

  In the first interview Mert Ortaç had spoken a great deal about the secret police and other forces at work in the DarkMarket case. In some countries, this might smack of conspiracy paranoia, but in Turkey it would be unwise to discount it. Mert had implied that the entire DarkMarket operation could touch people at the very peak of economic, military or political power.

 

‹ Prev