by Misha Glenny
Before long he was sweating under the pressure of the interrogation. But this was not the third degree. Instead, for six and a half hours Mert was required to solve a set of fiendishly difficult mathematical problems. Under normal circumstances he would not even have attempted answering them without a computer. His three hosts asked him to use a methodology popular in coding that involved dividing the number fifty-two into odd numbers. It was highly advanced maths and he only had a pen and paper to assist him.
The young computer programmer had already failed the selection exam that would have made him eligible as a probationary member of the Intelligence Agency. He passed his foreign-language test (English) and his maths, but failed his Turkish-language exam abysmally. Nonetheless the Agency was still fascinated by his computer skills. His programming ability was genuinely remarkable and he had an extraordinary record, so they took him on as a freelance collaborator.
Back in 2003 Mert was the subject of a criminal investigation for fraud. He was only seventeen at the time, but he had succeeded in cracking the code that encrypted the smart cards used by the satellite television station Digiturk. This was a lucrative skill. Digiturk had recently won the rights to broadcast the Süper Lig, the wildly popular top flight of Turkish football. To decrypt the channel, subscribers had to buy a smart card from Digiturk and slip it into the satellite receiver before being ushered into soccer heaven.
Once Mert had worked out how to crack these cards, he set about reproducing them for illegal sale on the streets of Istanbul, pulling in significant sums of money in the process. No sooner were the Turkish lire filling up one pocket than they were pouring out of the other. Mert would throw parties for friends whom he would invite up from Ankara, paying for their travel and accommodation once they reached Istanbul. He was never able to control his spending, even later on when he was making considerable sums of money from his carding activities.
Mert’s friends were very important to him, in part because he sometimes found affection hard to come by. Whether he was aware of it or not, he used the Digiturk money to buy friendship – and there were plenty of twenty-somethings in Istanbul who were prepared to become pals with a young man apparently willing to underwrite expensive partying. Of course, whenever the money ran out, most of those characters went missing.
He was also desperate to prove that he was something special (which, given his computer talents, he undoubtedly was). And so he would systematically exaggerate his achievements. As this tendency developed, so did Mert’s consciousness start to float permanently between reality and fantasy. He seemed to lose the ability to distinguish between the two at an early stage. So complete was this meshing that, were he ever to take a lie-detector test, it would probably either go off the scale or not register a blip. Of course, in one respect this meant that he adapted to the culture of the Internet – the valley of lies – with ease.
Following a series of jobs in IT for various companies, Mert was taken on, in June 2006, by the local concession of Toshiba, whose personnel department failed to spot that he was under criminal investigation for the Digiturk fraud. Nonetheless, it did not take long for Mert’s colleagues at Toshiba to start wondering at some of his behaviour. They were also a touch suspicious of the certificate which purported to show that he had a degree in the Science of Cryptology from the University of Cambridge.
The trustees, so read the certificate, ‘have granted this diploma as evidence thereof given in the city of London in the Cambridge at the twenty-second day of june two thousand four’.
Perhaps they conferred the diploma in the Cambridge Arms in the City of London? Wherever the fictitious ceremony had taken place, the certificate was so crude that it hardly merited the epithet ‘counterfeit’.
One of his colleagues at Toshiba’s IT department was struck by how often Mert boasted about his relationship with National Intelligence. He, too, had offered occasional assistance to the spooks, especially in the late 1990s when the Agency had yet to develop its own effective cyber division. But one did not brag about such matters. Mert’s constant mutterings about his close relationship with intelligence really did jar. However, Toshiba kept him for six months because whenever his bosses there asked him to come up with a solution to a problem, he invariably delivered the goods. He struck them as smart, but something told them to keep a close eye on him.
Of an evening, Mert would be called in by his control at the Intelligence Agency and asked to give a forensic assessment of various hard disks and computers, which they had conjured up seemingly from nowhere. He was supposed to gut the files, crack passwords where possible and deliver any incriminating materials. The Agency’s primary responsibility was for Turkey’s domestic security and it was tasked with monitoring the wide range of organisations that the government deemed were engaged in terrorism.
Towards the end of 2006 Toshiba sacked Mert – his attitude was not right, he boasted a little too much about his dubious exploits with credit cards, and yet he was also constantly asking his colleagues for loans or bonus payments.
Mert claimed that he left Toshiba on the instructions of his handlers at National Intelligence. They were working on finding him another cover job, he said.
Just before he began work at his new post, his handler brought him a hard disk that formed part of a highly sensitive investigation. Control wanted to know everything about each file on the disk, whether visible or hidden, accessible or encrypted. The disk belonged to a senior member of a left-wing underground organisation known by its acronym, the DHKP/C.
During the 1990s and early 2000s the DHKP/C had been one of the most violent and effective left-wing organisations committed to armed struggle in Turkey. The Revolutionary People’s Liberation Party/Front (the Party was the political wing and the Front, in theory, the military wing) was a splinter group from Dev Yol, the larger revolutionary movement, which bore the brunt of military repression during the 1970s and 1980s.
This group was no tinpot outfit – it took its politics and its terrorism seriously, concentrating primarily on attacking the collaboration between what it denounced as NATO imperialism and the Turkish military establishment. It carried out successful assassinations against Turkish, American and British citizens who were either influential businessmen or linked to the military. In contrast to most leftist armed outfits, it boasted a sophisticated counter-intelligence capacity and, as such, was one of National Intelligence’s trickiest surveillance targets.
On one raid agents had picked up a laptop, and it was handed to Mert in the guesthouse where he was first interviewed and where he now always worked. His handler explained that the user had been accessing a website called DarkMarket. The handler was also a geek and told Mert that he had followed DarkMarket’s connections as far as a server in Singapore, which looked to him like a proxy. After that, he said, he lost the digital trail. He knew nothing about who was behind this site, although the evidence strongly suggested to him that the DHKP/C was involved in carding as a way of maximising its revenue and perhaps also investigating the use of botnets and whether this might assist the DHKP/C in achieving its goals.
Suddenly DarkMarket was no longer just a criminal website: it was helping to fund a designated terrorist organisation.
Did Mert, the handler asked, know anything about this site?
Mert did not. He, too, tracked DarkMarket’s server back to Singapore, but try as he might he could not trace it any further. This was in fact thanks to Grendel’s sterling efforts. Nonetheless, Mert told his handler he knew somebody who might be better acquainted with DarkMarket.
Mert was tired. National Intelligence invariably expected him to complete these assignments overnight. His new job was working for the Turkish concession of Fox TV. Fox Turkey was not wholly owned by Rupert Murdoch’s News International because, according to Turkish law, a local citizen had to control 51 per cent of the stock. This majority shareholder was a former diplom
at who was known to have links to the police and secret service. At Fox, Mert’s colleagues noticed that he was frequently, if not always, distracted. And that he would find it difficult to finish even simple jobs – not because he couldn’t do them, but because he was up to something else at the same time.
One of Mert’s contacts had asked the young man to keep an eye out for a certain Sadun Özkaya, a middle-class teenager whose parents were worried that he was straying. He had just been extracted from jail, where he was under investigation for fraud. The contact asked Mert to keep Sadun on the straight and narrow – which was like engaging a wolf to preach the benefits of veganism to another wolf, as the two of them lick their chops over the remains of a juicy young lamb.
Mert knew about cryptography and programming; Sadun knew about credit cards. Before long the two were pooling their skills. And, to Mert’s astonishment, Sadun told him that he was a member of DarkMarket, which he visited using two nicknames, Cryptos and PilotM. Within hours Mert Ortaç was logging in as the latter.
O, wonder! thought Mert as he espied the innards of DarkMarket for the first time:
How many goodly creatures are there here!
How beauteous mankind is! O brave new world,
That has such people in’t!
Mert was transfixed. He explored every nook and cranny of the website, looking into its forums, learning to imitate its argot and then trying to uncover its secrets through slightly more devious means. Until now, Mert’s criminal aspirations had been focused on the area of smart-card decryption and selling cloned cards once he had cracked their coding system. Let loose on DarkMarket, he was quickly picking up new tips about credit-card fraud. The combination of these skills would lead him and Sadun into some very murky, if financially nutritious, waters.
Before that, however, he started to map everything about DarkMarket as if it were an underground maze with hidden traps and treasures. His bosses at National Intelligence of course wanted to uncover anything that related to DHKP/C, the terrorist organisation they were investigating. But Mert was more interested in everything else that was going on across the boards.
He very quickly understood that Cha0, Master Splyntr, Shtirlitz and Lord Cyric were key members of the site. By the time Mert started playing on DarkMarket, JiLsi and Matrix001 had already been taken down.
It took him only seconds to figure out that Cha0 was Turkish, although this was entirely by accident and had nothing to do with his hacking skills. He was browsing the advertisements for Cha0’s skimming machines when he spotted a Turkish sign for a doner kebab in the background. On another photo a skimmer for sale was standing next to some Turkish washing powder.
He relayed the news about the heavy Turkish influence on the website to his supervisor at the Intelligence Agency, who became even more interested in DarkMarket: not only were there left-wing terrorists active on the site, but it was actually run by Turks! This could be something major, so it required further investigation. Mert was given the authority to make contact with Cha0 and any other Turks that he found loitering around the DarkMarket board. It was not long before he thought he had identified another – Lord Cyric.
Mert started searching the archives of the early 1990s, when many geeks were using something called the BBS, or Bulletin Board Service, a bridge between an electronic messaging system and the Internet. As he was looking through the logs, his jaw dropped when he came across two familiar nicknames, sitting side by side: Cha0 and Lord Cyric! It would appear, he deduced, that these two masterminds of DarkMarket had known each other for a very long time.
31
A SERVANT OF TWO MASTERS
The fictional Lord Cyric had become popular among gamers and geeks in the 1980s and early 1990s. He was a self-appointed deity who haunted The Forgotten Realms, a godforsaken fantasy world where warriors roamed to seek out treasure and dark secrets while vanquishing creatures with magical powers and destructive urges. The Realms became a favourite territory for gamers to explore once they had assumed a fantasy role in a team of adventurers playing Dungeons and Dragons. Subsequently, these Badlands of a sub-Tolkienian world appeared in a variety of computer games, including the hugely popular Baldur’s Gate.
They were also described in many novels that were inspired in equal measure by Dungeons and Dragons and the Lord of the Rings. The figure of Lord Cyric had a crucial part to play in the mythology of the Forgotten Realms – in addition to being a god, he was thoroughly evil. More importantly for the world of carding and DarkMarket, Cyric was known inter alia as the Prince of Lies, whose satanic powers included a mastery of deception and illusion as well as the ability to promote strife and intrigue.
Whoever lay behind the avatar in CardersMarket, DarkMarket and elsewhere, he or she wanted to project the concept of what Dungeons and Dragons gamers refer to as ‘chaotic evil’, implying that the character scatters the seeds of mayhem and despair arbitrarily wherever he or she may roam. That certainly fitted DarkMarket’s Lord Cyric as snugly as his penchant for deception, illusion, strife and intrigue. Few carders generated as much hostility in the community as this character did. His speciality was to spread accusations through rumour and innuendo.
For reasons never understood, Cyric would pick a target, like RedBrigade, who had exploited Shadowcrew to such lucrative effect in New York. Then he would set out to destroy his reputation among fellow carders with a thousand cuts. A little hint here or a little insinuation there that RedBrigade was not all he appeared, or coded drop-ins to suggest that RedBrigade was in fact working for law and order. His language was snarky and childish, yet carefully designed to cause maximum distress to the target of his attacks.
Yet Cyric had his champions, too – none more stalwart than Cha0. With an oversized brain and a superiority complex to match, Cha0 only ever recognised two computer users as his equal. His contempt for the FBI’s cyber division was boundless, but he warmly acknowledged the hacking skills of Max Vision, aka Iceman, even though the two had often found themselves at loggerheads due to Iceman’s attacks on DarkMarket. And when talking of Lord Cyric, Cha0 almost went so far as to recognise his old friend as being even more elevated in the hackers’ pantheon than he himself was.
In a short space of time, Lord Cyric had succeeded in positioning himself as a key moderator and administrator on boards like The Grifters, CardersMarket and finally DarkMarket. Nobody understood what his game was or what he was trying to achieve, although those whom he targeted immediately assumed that he was working for law enforcement either as an officer or as a confidential informant.
In Pittsburgh, FBI Agent Keith Mularski had no idea. Like many others, he believed that the person behind Lord Cyric lived in Montreal, Canada, but his enquiries of the Royal Canadian Mounted Police cyber division brought him no joy. In fact, although Cyric’s IP addresses could be traced to Montreal, they would occasionally show up as being located in Toronto, which is where some sleuths suspected he really lived.
Several carders picked up and ran with the rumour that Lord Cyric was in reality Brian Krebs, a journalist writing on cyber security who at the time worked for The Washington Post. There was no evidence for this – indeed, quite the contrary, for Krebs is far too serious a writer to risk ruining his reputation by becoming involved with the people he is actually investigating. There followed a slew of rumours, but nobody ever got to the bottom of who Lord Cyric really was or what he was doing.
While exhorting others to indulge in all manner of dubious activities, Lord Cyric never engaged in criminal transactions himself, which reinforced the thesis that he was working for law enforcement or an intelligence agency.
Everybody believed, however, that Lord Cyric had a voluminous knowledge of the carding community and how it worked. And that is why he was much sought after. Carders wanted him to put them in touch with peers whom he could vouch for, or because they wanted to know what he had on them. And the police in t
he US and Western Europe were still searching for him in the hope of recruiting him as part of their crusade against cybercrime.
Cyric was the quintessential figure of the cyber underground – he appeared as if from nowhere; he displayed boundless, if unappealing arrogance; but above all his motivation for spending endless hours posting messages, engaging in often-futile debate and agitating his peers was obscure.
Until Mert Ortaç revealed that two of the most prominent posters on Turkey’s embryonic Internet, the Bulletin Board Service, were nicknamed Cha0 and Lord Cyric, nobody had even begun to pull the threads together.
Using his trademark mixture of charm and duplicity, Mert – posting as PilotM in the late spring of 2007 – introduced himself to Lord Cyric as a third person, a mutual acquaintance of them both. ‘Hey, old boy!’ he messaged him, ‘what are you doing on a board like this?’ Cyric was keen to ask the man masquerading as his old friend exactly the same question! Soon, however, they were chatting happily, especially about encryption issues. Mert noticed that Lord Cyric was an extremely gifted computer engineer, confirming his suspicions about the character’s real identity. After some days or weeks of exchanging ideas and information, Cyric agreed to facilitate a virtual meeting between Cha0 and Mert (still pretending to be somebody else). Using encrypted icq exchanges, Mert started chatting to Cha0 (in Turkish of course).
‘Look,’ Cha0 told Mert, ‘I don’t spend much time in Turkey. I prefer to be abroad.’ He went on that he didn’t much like his compatriots and avoided dealing with them whenever possible. ‘My name,’ he said, ‘is Şahin and I will only speak Turkish if I absolutely have to.’ He was prepared to talk Turkish with Mert because they were introduced by Lord Cyric. ‘He and I are very old friends,’ Cha0 said.