by Misha Glenny
Finally, there is the critical issue of hackers’ relationships. Most – but not all – hackers find it much easier to form relationships in the impersonal environment of the Internet than they do in real life. The interesting question is why.
Hackers usually enter the fray as adolescents, exactly at the time when a great majority find it difficult to establish relationships, especially with the opposite sex. So, at least in part, their difficulties in this area are entirely natural. But Chiesa has also identified that an abnormally high number of hackers have described problems in communicating with family, above all with their parents.
Reading Chiesa’s research and having spent a great deal of time interviewing different types of hackers put me in mind of the work of Simon Baron-Cohen, Professor of Developmental Psychopathology at Cambridge University. His pioneering work on autism has led to a deeper understanding of the spectrum of male/female behavioural patterns. In essence, typical males show an enhanced ability to ‘systematise’ the external world, whereas typical females show a greater skill at ‘empathising’. This is not to say that all women are poor map-readers and that all men are hopeless listeners, merely that there is a pronounced tendency in each gender towards either ‘systematising’ among men or ‘empathising’ among women.
Baron-Cohen’s subsequent research led to him uncovering a link between the extreme male mind, which in certain circumstances could be described as ‘autistic’, and high levels of testosterone to which a foetus may be exposed in the womb. His thesis is controversial, but in many respects convincing, and without question of value when considering hackers and their behavioural patterns. Hackers are not, of course, all autistic; in fact very few of them are (although some celebrated ones, such as Gary McKinnon, wanted in the United States for hacking into the Pentagon, have been diagnosed with Asperger’s syndrome). But they do appear to conform to many of the clinical observations recorded by Professor Baron-Cohen of personalities who sit quite far down the ‘male’ end of the spectrum.
With further research, this could mean that it will be possible to identify hacker personality types among children who are still at school. In this way, peers and mentors could encourage their skills while, at the same time, offering them ethical guidance so that their abilities can be channelled in positive directions. The word ‘hacker’ tends to carry pejorative overtones. But the capacity to hack is in fact an asset, both personal and societal. Computers and networks will never be safe if they are not protected by advanced hackers. Some such individuals are already working to that end. In my experience, 90 per cent of the hackers involved in criminal activities expressed a powerful desire to work within the licit security industry – and, even with a criminal conviction, they should surely be given the chance.
Adewale Taiwo, aka Freddybb
On 1st January 2009 Adewale Taiwo was sentenced to four years’ imprisonment by Hull Crown Court for conspiracy to defraud between June 2004 and February 2008. He had pleaded guilty the previous November to one count, having already admitted to defrauding just under £600,000 from bank accounts around the world. The judge recommended that, on completion of his sentence, he be deported to Nigeria.
With time discounted for good behaviour, Taiwo was due for release on 29th August 2010. Two weeks earlier he had appeared in court in Grimsby, across the Humber estuary from Hull. This was a hearing stipulated by Britain’s Proceeds of Crime Act, one of Tony Blair’s rare sensible amendments to the criminal-justice system, which enables the state to recover assets from criminals. It was a farcical end to a serious case. The prosecutor had mislaid a key file, triggering an unexpected reaction from the bearded Judge Graham Robinson, whose initial good humour quickly turned sour. He announced that he was not going to reschedule the hearing and so the two sides should therefore come to an agreement more or less immediately. This placed Adewale in a very strong position. The judge finally accepted a figure of just over £53,000, which had been whittled down from the initial assessment of £353,067. Taiwo announced that he would not be paying, which meant that he would have to serve an extra year in prison. In fact, on 7th April 2011 he was deported to Nigeria. One of the most intelligent characters to grace the carding boards, Taiwo almost succeeded in sustaining his dual life as a gifted chemical engineer and a cyber criminal.
Detective Sergeant Chris Dawson
DS Chris Dawson had worked on Freddybb’s case with exceptional diligence, putting in many of his own hours to ensure that the jumble of figures, dates and technological detail was comprehensible to any lay person when it reached court. In a break for consultations during Taiwo’s Proceeds of Crime hearing, Dawson thought he heard Taiwo say, ‘Fuck it, I’m not paying.’ When the judge left the courtroom, the detective stormed out in a fury caused by the incompetence of the English judicial system.
He continues to work as a senior homicide officer in Hull.
Dimitry Golubov
Following his arrest in Odessa, the hacker Dimitry Golubov spent five and a half months in prison, during which time he was interrogated by American law-enforcement officials, including Greg Crabb of the US Postal Inspection Service. However, on the intervention of two Ukrainian MPs, he was released and finally exonerated of any wrongdoing by a court in Kiev in 2009.
Six foot two, with a charismatic blue-eyed gaze, Golubov denies any relationship with Script although there are inconsistencies in his version of events, and the digital evidence in the hands of American law enforcement tells a very different story (this included data uncovered on Roman Vega’s computer that Script was Golubov).
Script faded away after his release from custody, but Golubov returned with a renewed commitment to social change and enterprise by forming The Internet Party of Ukraine. Still based in Odessa, Golubov has developed a political programme that aims at fighting corruption, pornography and drug-dealing on the Internet. He is confident that within a decade he will be elected either Prime Minister or President of the Ukraine, and although at the moment that looks like an outside bet, his drive and ambition should be taken seriously. The Internet Party has fielded dozens of candidates at local council elections in Odessa, and although, so far, it has only won a single seat, there is no question that the movement is growing throughout the country.
Strangely, though, despite his organisation’s fierce moral stands on some criminal issues, such as child pornography, Golubov has launched a campaign to secure the release of the notorious carder Maksik from his thirty-year jail sentence in Turkey.
Roman Vega
Roman Vega has been incarcerated since his arrest in Nicosia in February 2003. Transferred to California in June 2004 at the request of the United States, he has been in custody ever since, but has never been tried. At the time of writing he is a prisoner in the Metropolitan Detention Center, Brooklyn, a dour facility near Gowanus Bay. During this entire period Vega has had no visitors except for his legal representatives.
In August 2007 a hearing was scheduled in front of Judge Charles R. Breyer in the Northern District of California. Prosecution and defence were ready to sign off on a plea bargain, which would have seen Vega released, having already served the forty-six months’ sentence that the lawyers had agreed. On the afternoon before his release a prosecutor from the Eastern District of New York filed a whole new set of charges, requesting Vega’s transfer to Brooklyn. The charges were in substance identical to the Californian ones. The prosecuting counsel in New York, however, chose a different statute under which to file the charges, to avoid a double-jeopardy ruling.
The transcript of the court hearing makes it clear that Judge Breyer, a brother of the Supreme Court member Stephen Breyer, was embarrassed and angered by the tactics of New York’s Eastern District. The new indictment was based on information furnished by agents of the US Secret Service.
After Vega arrived in Brooklyn, the Secret Service offered him a deal: if he were to testify against Dimitry Golubov and other members of Ukraine’s establishment (not hackers, but senior poli
tical figures), then they would drop the charges. But if he refused, they would bring further charges against him filed in different states of the Union. They would continue until he agreed to cooperate.
Regardless of what Vega has or has not done, he has already spent three times longer in jail than those sentenced for their activity in Shadowcrew, with two unresolved cases still hanging over him and the threat of more in the wings. Vega has been suffering from advanced dental decay for several years and is in constant pain, often unable to eat properly. He has been refused medical assistance by the Bureau of Prisons and the US Marshall Service.
There is no prospect of Vega being released in the foreseeable future.
Maksym Kovalchuk, aka Blade
Kovalchuk was arrested in May 2003 in Thailand and extradited to the United States, where he served four years in jail. The FBI consented to a negotiated plea agreement and he was released in late 2007, after which he returned to anonymity in the Ukraine. The FBI’s decision to release him contrasts starkly with the Secret Service’s tactic of holding onto Roman Vega.
Renukanth Subramaniam, aka JiLsi
On 26th February 2010 Subramaniam pleaded guilty to one charge of credit-card fraud and four charges of mortgage fraud, for which the judge at Blackfriars Crown Court sentenced him to four years’ imprisonment. At the time of writing he is an inmate at West London’s Wormwood Scrubs prison, whose alumni include the composer Sir Michael Tippett and the Rolling Stones guitarist, Keith Richards.
With time off for good behaviour, Subramaniam is expected to be released in late July 2012. The bulk of his case relates not to DarkMarket but to mortgage fraud. The prosecution included five such instances (although three of these applications were turned down by the financial institutions). While mortgage fraud is a crime in its own right, the prosecution suggested a link between Subramaniam’s earnings from DarkMarket and his ability to pay the mortgages. In fact, Subramaniam argues that he was not responsible for the mortgage payments, as he applied for the loans on behalf of friends who were not eligible to do so themselves. Additionally, Subramaniam is awaiting the outcome of his Proceeds of Crime hearing to see whether he is liable to further forfeiture of funds. Under the terms of his Prevention of Crime Order, he will have no unsupervised access to computers for five years following his release from prison.
Detlef Hartmann, aka Matrix001
On 9th October 2007 the Regional Court in Stuttgart ruled that Hartmann should stand trial on thirteen counts of credit-card fraud. However, the same court announced that the motion to prosecute him on a charge of Forming a Criminal Conspiracy was rejected. With the more serious charge dropped, Hartmann was released from Stammheim prison, where he had spent the previous four months. The key decision preventing his prosecution on the charge of conspiracy lay in the court’s interpretation of Germany’s Basic Law, its constitution, which states that a member of a conspiracy must feel part of a ‘unified group’ in which there is presumed ‘the subordination of the individual to the will of the collective’. The judge argued that the fluid nature of the Internet and the membership structures of DarkMarket did not meet these criteria – a ruling that, of course, has important implications for the development of laws relating to crime on the Internet in Germany.
In July 2008 Hartmann received a suspended sentence of twenty-one months for the fraud charges. He has since taken up his studies in graphic design again and has completely broken any links with the underground.
RedBrigade
He has largely gone straight and is currently in Europe.
Max Vision, aka Max Butler, aka Iceman
On 12th February 2010 Max Vision was sentenced by a court in Pittsburgh to thirteen years behind bars, the longest jail term ever handed down by an American court for hacking. The prosecution calculated that his hacking resulted in credit-card losses of more than $85 million. He is now an inmate at the low-security Federal Correctional Institution Lompoc in southern California, where he is allowed no access to computers of any sort.
Vision’s hacking ability is unparalleled – he is unquestionably one of the smartest men serving time in the United States. At a closed conference in the autumn of 2010 I discussed his case with one of the most senior officials from the Department of Homeland Security to deal with cyber threats. He agreed with me that having a computer user of Vision’s ability languishing in jail was probably a misuse of the US’s human assets, but pointed out that Vision’s ego – almost as large as his intellect – had also played a major part in the affair.
Nicholas Joehle, aka Dron
Joehle has been released from prison, having served his sentence for credit-card fraud and the illegal manufacture of skimming machines.
Hakim B, aka Lord Kaisersose
Lord Kaisersose is in Marseilles still awaiting trial, but on bail. France is another country where the wheels of justice could use a spot of grease.
Cha0
Cha0 is either running his businesses in Slovenia or in jail, depending on whether the real Cha0 is Şahin or Çağatay Evyapan. The latter is on remand at one of Turkey’s highest-security facilities in Tekirdağ. His trial is due to begin this year, but the prosecutor has dropped the more serious charges relating to organised crime.
Mert Ortaç, aka SLayraCkEr
Mert was on remand in an Istanbul prison facing charges relating to the Akbank case when he was released on a technicality in March 2010. He was rearrested in November 2010 and, at the time of writing, is still on remand. Of all those involved in DarkMarket, Mert was one of the most gifted, if wayward and unpredictable, characters.
Keith Mularski and Bilal Şen
They are both back out patrolling the mean streets of cyber.
Lord Cyric
Who is he? The hunt continues . . .
A NOTE ON SOURCES
The bulk of the information in this book is provided by roughly 200 hours of interviews which I conducted between 2009 and 2011. Leonida Krushelnycky also undertook several hours of interviews.
In addition to this, I have relied on two main documentary sources. The first are the court records from a number of trials related to the websites CarderPlanet, Shadowcrew and DarkMarket. The second are the archives of the websites themselves, in particular the former two which are readily available on the web. Unfortunately, the DarkMarket archive is less accessible. I know of only one and that is in the possession of the FBI who, for operational reasons, are not at liberty to share it.
There is a considerable amount of literature on the issues of cyber crime, cyber industrial espionage and cyber warfare, much of it found on the Internet. For thoroughness, I would highlight the work of Kevin Poulsen and his team whose blog, Threat Level, is both well-written and properly researched. I would recommend two books dealing specifically with cyber crime, Kevin Poulsen’s Kingpin and Joseph Menn’s Fatal System Error. For a broader introduction into some of the challenges emerging as a consequence of Internet technology, Jonathan Zittrain’s The Future of the Internet: And How to Stop It should be the first port of call.
Other blogs of real value include Krebsonsecurity by Brian Krebs; Bruce Schneier’s newsletter, Crypto-gram; the blog of F-Secure, the Finnish Computer Security company; and, finally, Dancho Danchev and Ryan Naraine’s Zero Day blog on Znet.
ACKNOWLEDGEMENTS
Writing this book presented many challenges which I could never have met had it not been for the generous assistance I received from a number of friends and colleagues around the world.
In Britain, two people played a vital role. Leonida Krushelnycky has proved to be an indefatigable researcher, often uncovering vital material long after I had given up any hope of finding it. But for her efforts, the book would have been considerably poorer. Vesna Vucenovic ensured that the administration of this project was as painless as one could hope.
On my travels, I had the fortune to encounter two journalists whose patience and cheerfulness matched their professionalism and skill which were of the highest or
der. Kai Laufen helped me understand the complexities of German justice. But his contribution was still greater because of the contacts he helped me make and the hospitality he offered. Equally, I would have been completely lost in Istanbul, and Turkey, were it not for Şebnem Arsu. Tenacious, unfailingly polite and able to conjure up a solution when all appeared lost, I owe her a considerable debt.
From the various police forces around the world who have discussed DarkMarket with me, I must highlight Agent Keith J. Mularski of the FBI, Inspector Bilal Şen of the Anti-Smuggling and Organized Crime Department of the Turkish Police, and Detective Sergeant Chris Dawson of the Humberside police. All three have given up much of their valuable time to talk to me in the most illuminating fashion and were always happy to clarify anything I had not fully grasped. I would also like to thank the officers from the Serious Organised Crime Agency in London and Christian Aghroum, formerly of OCLCTIC in Paris.
From a rather different perspective, RioRita in Ukraine was a mine of information about CarderPlanet and beyond – my special thanks to him. I learned as much about the nuts and bolts of cyber crime from RedBrigade, I owe him a great deal for his friendliness and good-natured response to my countless requests for information and analysis.
Matrix001 and JiLsi were always willing to share their knowledge about the details of DarkMarket and their assessment of specific events. In Pittsburgh, I found Max Vision to be a brilliant and helpful interlocutor. All three have my sincere thanks.
Çag˘atay Evyapan and Mert Ortaç were two of the most interesting personalities I have met in the past three years even if they don’t see eye to eye themselves. I would like to convey my gratitude to both of them despite the difficulty of their current situations.
In Estonia, Madis Tüür was an exemplary guide to the politics and history of the country, not to mention an ever entertaining host.
