by Misha Glenny
Buy bulk freshly hacked emails. Check.
Buy Dark Mailer, the spammer’s wet dream. Check.
Buy proxies. Check.
Buy hosting. Check.
Design new Citibank page. Check.
Put in pop-up box that never goes away until a card number and pin are entered. Check.
Set up email address for the account numbers and passwords to roll into. Check.
Every day RedBrigade would go phish. He looked at the account details of one Dr H.M. Hebeurt from upstate New York. ‘Hmmm . . . she lives close by. Fuck me, she’s making 50k a month and her fucking husband is pulling in more than 72k!’ Looking closer, he saw the target worked on Wall Street. Maybe if he had made better choices, he pondered, he could be stealing legally like this guy . . . But he could not allow himself to indulge in fantasies like that – instead he just started calculating. Okay: two checking accs, two saving accs, one overdraft acc and one credit card . . . $2,000 from each. Total $12,000 from a single phish.
And everyday fifty of these little phishies swam into his account.
The spree in New York’s Washington Mutual lasted just over a fortnight, netting him almost $300,000. Just as well, because his average weekly outgoings were in the region of $70,000. Every two or three months he would buy a new top-of-the-range Merc or BMW. First-class travel was axiomatic. He thought as much about purchasing a $10,000 Breitling watch as we might before buying a newspaper. He had a beautiful apartment on the Upper East Side, but only slept there two or three nights a week because he enjoyed the city’s luxury hotels. RedBrigade was earning more money than a Premiership footballer in England, but without the 50 per cent tax rate.
Nothing was out of his reach. He’d peel off the fifty-dollar bills and would see that look on the face of the cashier, meaning, ‘Who the fuck is this guy?’ He figured they thought he must be either a Trustafarian or a dope dealer. But in the Age of Plastic the super-rich were as likely to dress in T-shirt and jeans as in a Savile Row suit. Either way, the merchants always took the money – the jewellers, the car dealers, the wine sellers, the hoteliers – no questions asked. They could never be sure: perhaps this unshaven guy might own Google? And in any case, who cares how he made his money?
One thing kept bugging him. He had too much cash. One evening he came home with $77,000 in his pocket to add to the $300,000 already lying about the apartment. There was also $110,000 worth of money orders. RedBrigade had set up a global cash-out operation,
so he would supply the card and account data to an East European middle man, who would organise the raids on ATMs before sending RedBrigade the cash. For that operation he had to start banking again himself. He was tired of trying to stay under the Reporting Guidelines – any transaction of more than $10,000 had to be registered with the Treasury under anti-money-laundering rules. Shit, he thought, who would have known how difficult it could be to get rid of money!
He was preparing another cash-out of $77,000. It would have been a simple stroll for a few blocks from his apartment, and then he thought, ‘I’ve got so much money here, I can’t be arsed.’ He knew there was something very wrong with the whole picture. But the only thing that kept going through his mind was: ‘CarderPlanet was one thing, but who would ever believe this Shadowcrew shit? Who would believe that I can walk into banks, day in, day out, and exit with fifty grand in my pocket? It’s insane!’
When CarderPlanet finally closed down in 2004, it boasted not just the Russian- and English-language forums, but had added Korean, Chinese and even Arabic sections. ‘CarderPlanet was a game-changer,’ said E.J. Hilbert, a former FBI Special Investigator who spent several years on the investigation into the website, ‘all the successors to CarderPlanet took the site as their model. It is no exaggeration to say that it spread the practice of criminal hacking to all four corners of the globe.’
Websites modelled on CarderPlanet sprang up everywhere: theftservices.com, darknet.com, thegrifters.net and scandinaviancarding.com. There were many more, including one bound by the delightful acronym parodying American academic communities, IAACA (International Association for the Advancement of Criminal Activity).
But none succeeded like Shadowcrew during its two years of existence. And RedBrigade was one of the many carders on Shadowcrew who hit the jackpot. Law enforcement was just beginning to become aware of the extent of the business. Banks were effectively clueless, ordinary folk oblivious.
Hackers were streets ahead, and Mammon ruled everywhere – the hedge-fund managers, the oligarchs, the oil sheikhs, the Latin American mobile-phone moguls, the newly empowered black economic elite in South Africa, the old white economic elite in South Africa, Chinese manufacturers of global knick-knacks, techno gurus from Bangalore to Silicon Valley.
Hundreds of carders made vast fortunes during Shadowcrew, many of them sufficiently naive to piss it all away on the trappings of arriviste wealth. In those days there were no checks on your computer’s IP address when you made purchases over the Web. There was no Address Verification System on the credit card: you could ship goods anywhere in the world (except Russia and other former Soviet countries), regardless of where the card was issued, and nobody would cross-check it at any stage.
This novel crime took root well beyond its Ukrainian- and Russian-language nursery. It began to globalise spontaneously. RedBrigade recalled how established Asian criminals would now communicate with college kids from Massachusetts who were talking to East Europeans, whose computers overflowed with credit-card ‘dumps’. Behind some of the nicknames on Shadowcrew were criminal agglomerates like All Seeing Phantom, revered among his peers.
A good ten years older than most Shadowcrew members,
RedBrigade saw no advantage in gaining recognition and respect by attempting to climb the hierarchy. He failed to see why ordinary members were in such awe of the moderators and administrators of the boards. Despite its success, Shadowcrew’s managers had a puerile, almost brat-like aspect to their behaviour – hardly surprising as most were in their late teens or early twenties. He observed that CarderPlanet had been established and developed by real criminals, whereas many of the Shadowcrew team were dilettantes whose boundless hubris was fed by the unfathomable sums of money they were making.
The further RedBrigade kept away from these characters, the less likely he was to be spotted by law enforcement. All but a tiny minority of Shadowcrew members were unaware that the Secret Service had achieved deep penetration of the website.
In April 2003 Albert Gonzales, a young American of Cuban origin and one of the most senior Shadowcrew members, had been busted. He was known to the carders as CumbaJohnny. But they did not know that after his arrest he had turned informant, which was the critical breakthrough for the Secret Service. Gonzales ran a so-called Virtual Private Network (VPN) through which the website’s leading actors communicated with one another. A properly maintained VPN renders detection by law enforcement very hard, if not impossible – unless of course the guy administering the administrators is also administering to the cops, as Gonzales was.
On 26th October 2004 the US Secret Service launched a series of raids across the United States, which led to the initial arrest and indictment of nineteen individuals for their role in shadowcrew.com. Several more were picked up later.
‘Shadowcrew,’ ran the indictment for criminal conspiracy, ‘was an international organisation of approximately 4,000 members which promoted and facilitated a wide variety of criminal activities.’ It was the biggest outing for the Secret Service’s young posse of cybercops. The indictment presented in a New Jersey district court sounded dramatic. ‘Administrators,’ it continued, ‘collectively controlled the direction of the organisation, handling day-to-day management decisions as well as long-term strategic planning for its continued viability . . . The administrators had full access to the computer servers hosting the Shadowcrew website and, correspondingly, had ultimate responsi
bility for the physical administration, maintenance and security of these computer servers as well as for the content of the website.’
The media engaged with the Shadowcrew takedown in a rush of excitement, going so far as to suggest that this was the virtual equivalent of crushing the Corleone clan in Sicily. Coverage was helped because one of the indicted was a woman, Karin Andersson, aka Kafka, although the Secret Service had actually failed to uncover that the real criminal was her boyfriend, who was simply using her computer and IP address to commit crimes. Hardly a surprise, given that 96 per cent of hackers are male.
Doubtless the arrests were justified. But were the ‘administrators’ the guys making the money from Shadowcrew? No, they were not. It is true that among them were some so-called ‘monetisers’ (chief among them Gonzales who, notwithstanding his close ties to the Secret Service, later engineered an even more notorious bust – the hacking of T.J. Maxx’s credit-card database).
But the cops faced a problem that would frequently recur: hackers are not typical criminals. True, their skills are exploited by real criminals to commit real crimes against real people. But the hackers are often oblivious to this aspect of their activity. They are Script’s ‘lone wolves’, often uninterested in amassing a fortune and more concerned to elevate themselves as masters within their peer group. ‘You have to understand,’ JiLsi explained, looking back on the carding experience, ‘that this was all a game. It was like playing Grand Theft Auto, except you are doing it for real. You pit yourself against living and breathing cops. And that makes the buzz so much bigger! It is about respect. It is about . . .’ JiLsi paused for effect, ‘your reputation.’
In one regard, however, the Shadowcrew bust of criminals operating on the Internet replicated the effect of a major takedown of a mafia organisation in the real world. It created a carding vacuum and triggered a monumental struggle for supremacy among the next generation of carders, who coalesced around two new websites that emerged the following year: CardersMarket and DarkMarket.
Part IV
14
THE ICEMAN COMETH
Santa Clara, California, October 1998
Max Vision was surprised when Chris and Mike, his two contacts from the FBI office in San Francisco, turned up at his front door in Santa Clara. He didn’t recognise the third man, although later he learned that this was the FBI’s computer-crime boss. But then this was not a social call. ‘We’re building a case on you, Max,’ they said. ‘You’ve really screwed up on this one.’
In a state of mild shock, Vision turned over his computer and everything else – he did not want to appear to be obstructing justice and, at the same time, he was not yet sure what the problem was.
His life was good – great, even. After putting a torrid adolescence behind him, he had moved from Iowa into a region where neither geeks nor unkempt long hair and ponytails were considered unusual or inelegant. Nor would they find it odd that he had changed his name to Vision from the more prosaic Butler. He had quickly become accustomed to the lotus-eating lifestyle of the West Coast and, to top it all, he was deeply in love with his intended bride, Kimi.
In his mid-twenties, Max Vision was a computer-security genius and one of the most respected and highly valued consultants in the Bay Area. He was also a civic-minded chap, who set up the website whitehats.com, which was dedicated to helping people and companies ensure themselves against malicious cyber attacks. Mr Vision would post the latest ‘vulnerabilities’ to which popular software was prone and explain how to patch them up.
Vulnerabilities were meat and drink to hackers, offering one of the main routes into third-party computers. They were digital holes in the armour of software and computer systems, which the manufacturer had failed to spot. Once a company like Microsoft or Adobe noticed that a hacker had penetrated Windows or a ubiquitous application like PDF Reader by using a particular vulnerability, it was then able to close it or ‘patch it’ by writing a specific security fix, as it is known. Next, it would alert its customers to download the fix and install it, thus blocking that route into the customer’s computer. If the user failed to update the fix, the computer could still fall foul of a virus exploiting that particular vulnerability, should it come calling.
Super security hackers like Vision would often spot vulnerabilities before anybody else and so, in the spirit of good neighbourliness, he offered practical advice to users on how to protect themselves.
But his good deeds went further. He also gave his services free of charge to the FBI station in San Francisco, and the Feds were only too happy to accept the help.
No challenge on the Web was too great for Max Vision, no vulnerability too small for him to spot. But of course in order to seek out those vulnerabilities, he needed to probe computer systems all the time. He knew this put him at the centre of a profound dilemma that affected the computing industry with serious ramifications. In order to protect yourself from criminal or ‘blackhat’ hackers, it was sometimes necessary as a ‘whitehat’ hacker to ascertain how to break into systems – an act that might in itself have been illegal.
It is almost unavoidable for ‘whitehats’ to sniff around large public computer systems, just as ‘blackhats’ do. The difference is that the ‘whitehats’ will not exploit for personal gain any vulnerability they find. The ‘blackhats’ probably will.
Operating out of the little house he shared with Kimi, Vision found that whenever he came across a network anomaly or problem, he could not resist the urge to correct it. In 1998 he discovered a dangerous vulnerability on the networks serving a series of government agencies, including parts of the Pentagon. This was a hole in their defences through which all manner of mischievous worms could wriggle. Literally hundreds of thousands of government computers could be compromised by skilled hackers working anywhere in the world. Again demonstrating his patriotic commitment, Vision filled these holes with digital cement to ensure the security of his nation: nobody would be able to exploit this vulnerability ever again in those particular government departments.
Then came a turning point.
Both at the time and in retrospect it seemed insignificant. It was minuscule, an act so fleeting it was barely recorded by time: an electronic pulse almost impossible to conceptualise; one stroke of a key; one letter in pages upon pages of computer code, nothing but the Pavlovian twitch of a born hacker. For in all those government computers Max Vision left one tiny little hole open through which only he could crawl and, a little later, an eagle-eyed cyber investigator from the United States Air Force spotted that hole and traced it back to its architect.
And that is why his friends from the FBI came knocking on his door in Santa Clara, with the intimation that dark clouds were gathering. ‘You’ve been causing all sorts of problems, Max,’ they said. ‘This is a national security issue – that’s why the Air Force is here.’
Vision was upset and indignant. He had emailed the authorities in advance, telling them about his suspicions regarding the vulnerability and how he planned to scan them as a test.
How serious was this crime? His actions had not been motivated by financial or any other type of gain. On the contrary, he had performed a considerable favour to the federal agencies involved. Among other services, Vision had made safe the computer systems of military bases and nuclear research facilities, including the Brookhaven and Livermore National Labs. And given that the damage he had caused was minimal and that he had stolen nothing, how wise was it to prosecute one of America’s most gifted computer operators for this offence?
The airman’s discovery not only led to Max Vision’s arrest on charges of releasing a malicious worm. The consequences were even more dire: that tiny hole drilled into the entry ports of computer networks grew and grew until it was transformed into an unholy abyss, the Taft Correctional Institution, a federal prison that lies in the desert north of LA. Vision was going to prison as a mature skilled hacker,
not as a criminal. He had only encountered professional criminals when his contacts at the FBI were shooting the breeze with him. That was about to change, of course, as Max (and his hacking skills) was deposited in a low-security prison, many of whose inmates were incarcerated for fraud and other financial crimes.
Things looked bad for Max. But they were about to get worse. Not only had he received a two-year sentence in Taft, but a month after he arrived there, Kimi announced she was leaving him.
Abandoned by his wife for another man, forsaken by his erstwhile friends in the FBI, Max Vision tumbled down the abyss, at the bottom of which lay a deep depression. Here he landed next to a fellow inmate, one Jeffrey Normington, who extended a hand of friendship when nobody else would.
On his release from prison, Vision was unable to find regular work that paid more than the minimum wage. He applied for jobs and was offered senior positions in security companies abroad, but as he was on parole, he was not eligible for a passport. In Silicon Valley, nobody wanted to employ someone whose CV included an indelible conviction for computer crime.
His debts mounted as his despair deepened. Then one day friend Normington reappeared, promising a path out of the abyss and back into California’s sunshine. The route was littered with goodies. Normington promised him a top-of-the-line Alienware laptop, a must-have but expensive accessory for hackers. That was just for starters. He said he’d find Vision an apartment and pay for it. Normington would arrange everything.
In exchange for a few favours.
Crime was not Vision’s sole option. There were other avenues to explore. He could have gone to friends and family. But he was tired, he felt abandoned and Normington was convincing. Another turning point; another wrong turn.
Max Vision, all-round good guy, was discarded back into an abyss. In his place, Iceman emerged – all-round bad guy, albeit one whose alter ego, Vision, had form as a collaborator with the Feds.