Fatal System Error (22 page)

Read Fatal System Error Online

Authors: Joseph Menn

Tags: #Business & Economics, #General, #Computers, #Security, #Viruses & Malware, #Online Safety & Privacy, #Law, #Computer & Internet, #Social Science, #Criminology

BOOK: Fatal System Error
8.31Mb size Format: txt, pdf, ePub
Maksakov also drew out the more arrestable, Russia-based Zet in online chats. Andy considered Zet to be the most central figure identified so far. Zet had hired Maksakov and knew Stepanov well. He also knew Faust, Pirog, and Milsan. And he was one step away from Brain, who continued to run DDoS servers, and Red Hunter, who was himself one step away from King Arthur.
Through Maksakov, Andy got Zet’s real first name, Alexander, his Internet address, and finally his street address in Astrakhan. In December, Andy and one of Igor’s deputies, Alexei Morning, flew to Astrakhan, an industrial and fishing city sixty miles from the Caspian Sea.
Out of concern for leaks, Igor’s staff practiced the minimum disclosure allowed by their department’s protocol for operations outside of the capital, notifying just the local chief of police, Alexander Petrov, and his No. 2. In Astrakhan, both top officers met Andy and Morning and drove them to a hotel to drop their bags. Then they invited the men to join them for dinner, as it was too late to arrest Zet that day. They went to a standard Russian-style restaurant, with meat salads and vodka. The police chief was a large, chubby man with short and spiky hair and the darker skin typical of the southern region. As the drinks flowed, Petrov was friendly and attentive. He asked Andy if he liked boar hunting. Andy did like hunting. Petrov suggested they go shooting together. Andy said he’d be delighted to, as soon as he’d made his arrest.
No, the police chief told him. We should go tonight, right after dinner. Andy began to get a bad feeling. He managed to get close to Morning, then whispered: “I don’t like this. Pretend to go to the bathroom and then get out of here and flag down a car. Once you’ve got one, honk the horn. I’ll go to the bathroom and out the back door.” Now the grim Russian economy worked to Andy’s advantage. While real taxis were scarce and expensive, most citizens outside of Moscow fortunate enough to own cars were happy to earn a few extra rubles by giving strangers a lift. Morning did his job, Andy made it out, and they drove back to the hotel.
They decided to hole up in Andy’s room, doubling their numbers in case of trouble. They locked the door and did their best to sleep, knowing they would need to be up at 5 A.M. to make the arrest. But the phone rang at 2 A.M., jarring them both upright. “Andy, it’s Igor,” the colonel said. “The man you are going to arrest is the son of the police chief. I will get on the first plane to Astrakhan in the morning with some men. But don’t open your door for anyone.” Andy thought, Oh shit. He hung up, and the two men pushed chairs and whatever else they could find against the door. They had one gun between them, a cheap Russian pistol.
An hour later, at 3 A.M., came a pounding on the hotel room door. “Hotel security,” a voice bellowed. “Open up!” Andy shouted back: “No. We are fine. Go away!” The pounding continued. “Hotel security! You must open this door immediately!” Deciding to show that they were serious, and armed, Morning shouted that he had a gun. The men outside went away. Andy and Morning stayed on full alert, not budging until 9 A.M., when Igor and the cavalry arrived.
Andy wanted to go ahead with the arrest attempt. But when they arrived at the house where their target, like his father named Alexander Petrov, lived with his mother, the younger Petrov and his computer were gone. Igor called in the FSB, which arrested the police chief on suspicion of destroying the evidence on his son’s PC. He was freed after a month and allowed to return to the police force in a lower position. Andy later learned that before his ascent to police chief, the elder Petrov had headed the cybercrime unit of the Astrakhan police department.
ANDY KEPT THE EVENTS of the previous night to himself. If he had spread the word that thugs had shown up at his hotel room, whatever their intent, the U.K. brass might have stopped the case in its tracks, and all his work would have gone for nothing. They might have gone further and complained to the Russian government, leaving relations worse than before he started.
With his father out of power, the younger Petrov had to decide between life on the run or coming in for questioning. He knew the physical evidence against him had been destroyed, so he decided to take his chances with the MVD. Petrov presented himself to Andy and Igor on his home turf, the Astrakhan police department, on Friday, January 28, 2005. Petrov was cocky, sporting a leather jacket and carrying himself as if he had no fear of anyone.
A classic gangster,
Igor thought. “We appreciate you coming in and being willing to tell the truth,” Igor said. Petrov nodded. “You know a lot about computers,” Andy began. “Not me,” Petrov said. “I hardly know how to turn one on.” Andy stared back at the man. Not only was he innocent of any crimes, Petrov insisted, he hadn’t even had a computer since August 2004, when he sold it to someone. Sold it to whom? Petrov couldn’t recall. Igor was not impressed. He arrested Petrov and had him taken to the local prison.
The next day, Igor and Andy went to the prison to try talking to Petrov again. On the ride over, the detectives agreed: Maksakov was the technical mind. Stepanov was the greedy mind, allying with any group that would have him. And Petrov was the criminal mind. Andy was certain a night in prison wouldn’t have shaken him.
But then Andy got a look at Astrakhan’s prison. It was straight out of a Dickens novel. They were greeted by a massive Kavkaz dog, looking like a wolf crossed with a lion, who lunged at them until a chain jerked it to a stop inches away from Andy’s face. After waiting an hour, they were roughly frisked and ordered inside. They were still as freezing cold as they had been outside. It took Andy a moment to realize why: there were bars on the windows, but no glass.
Alcatraz was a luxury hotel,
Andy decided.
Andy crowded into the interrogation room with Igor, one of his deputies, and a translator. The room was bare save for a table, two chairs, and an underpowered radiator. Petrov was brought to the door of the chamber and kept his head down, staring at the ground in front of him. Only when the guards ordered him inside did he raise his eyes to move. Andy struggled to reconcile the man before him with the cocky suspect he had met the previous day.
Petrov continued to deny conducting the DDoS attacks or knowing Milsan. But after investigators showed him the chat logs of his discussions with Maksakov and Stepanov, Petrov admitted that he knew them and that he had monitored the servers and botnets. He feebly claimed that he didn’t realize that they were attacking websites at the time. Despite all the conflicting information, a better picture began to emerge. Stran had been paid by someone to set up the initial wave of assaults, and that group had hired Brain to organize them. Brain had supervised not only the three Russian suspects under arrest but had also worked with, if not given orders to, Milsan. After Andy cut off the server in Houston, Brain went his own way, taking control of that botnet and setting up others. That forced Maksakov to establish a new server to keep doing business, while Milsan created a third. The thing was a Hydra, with heads that multiplied every time Andy made progress.
BETWEEN 2003 AND 2005, DDoS extortionists hit almost all the betting companies. But eventually all of those sites paid, beefed up their defenses, or went out of business. So the multiple gangs went in search of fresh hunting grounds. They attacked companies in all manner of industries. Only one sector got the constant pummeling that the gambling firms had received: the online payment industry, which came under fire about a year after BetCRIS. As before, sound logic led to the focus. The companies were usually small, since the industry had come into being only around the time PayPal was born in a 2000 merger. That meant they generally didn’t have the massive infrastructure that could easily deflect DDoS attacks. Also like the gambling industry, the competition was intense. Every minute of downtime cost a company money and customer loyalty. So Brain went after StormPay, Protx Ltd., and other payment firms that were Prolexic customers.
The good news was that Brain had given Maksakov a user name and password to log onto Bra1n’s server, and he had never disabled it. So much of what Brain did, including the StormPay and Protx attacks, Maksakov watched, either at the café where he was working or in the MVD offices. Usually Brain himself logged on through a virtual private network that disguised where he was dialing from. But once, as Maksakov watched, he logged on from his true Internet address, and Maksakov quickly printed it out. The authorities in Kazakhstan so far hadn’t been of much use. But with the IP address, Andy and Igor finally managed to get Brain identified by his Internet service provider as Alexander Olegovich Grasman, a Kazakh national of German descent who was just eighteen years old.
Because Maksakov’s fate had been kept a secret, he could also log into the exclusive carding forums that allowed hackers to communicate and buy and sell credit card numbers, hacking programs, and the addresses of compromised computers. From what Maksakov could see there and in his surreptitious monitoring, Brain was just getting bigger.
By the end of 2005, Brain was suspected of leading not only DDoS extortion rackets but carding and phishing scams as well. He was being sought by law enforcement in the U.K., U.S., Canada, and Germany. Brain had initially used the server
fbi.pp.ru
in Houston. When that was disconnected, he set up the same controlling software elsewhere. After the Houston shutdown, Andy tracked down the new host server for
fbi.pp.ru
, through a myriad of fake registrations, to a St. Petersburg company called Alfa Holdings. The same server had a wealth of child pornography. The Dept. K office in St. Petersburg reported that Alfa wasn’t related to the Russian company Alfa Telecom but was owned by twenty-one-year-old Mikhail Valentinovich Romanov, alias Scope, who was already suspected of child porn and other illegal activities. The fact that so much of the world’s child pornography traced back to St. Petersburg, they told Andy, wasn’t necessarily because of mob power in the area. By dint of a local law that is unique in Russia, it is not illegal to possess child porn within the city’s limits. It remains illegal to sell or distribute it, if such acts can be proved.
Andy already knew that corruption was a major problem in St. Petersburg. Now it seemed like the city was a center for a lot of the worst online criminal activity as well. That probably wasn’t a coincidence, he thought. But he still hadn’t heard of the Russian Business Network, and the local unit of Dept. K wasn’t volunteering much in the way of lessons.
Andy and Igor flew from Moscow to St. Petersburg and raided the Alfa offices on May 30, 2005. The headquarters was in a ten-story building with so many back stairs and winding passages that Andy thought: rabbit warren. Inside the sprawling offices were three of Romanov’s well-dressed young deputies. Andy spotted one ripping up slips of paper behind his desk and dropping the pieces into a trash can. Andy retrieved them and later reassembled the bits, which had numeric Internet addresses printed on them.
The Alfa employees weren’t nervous in the least. They coolly said they couldn’t discuss the company; only their boss Romanov could talk. They said they had no idea where he was, then clammed up. Remembering what an easy time he had interrogating Maksakov, Andy frowned. These were the professionals. They knew better than to admit a thing.
As Igor’s men searched the office, they found a safe. There was a key, but it was buried in the gravel at the bottom of a fish tank, and in the tank was a large black scorpion. After some nervous trial and error, one of Igor’s men got it out with a stick. Inside the safe was $120,000 in American $100 bills, which the team seized as evidence. The men also found several high-end personal computers. But the massive server they had been expecting was nowhere to be found. A Dept. K man went to the building administrator’s office to ask where the major Internet connection came into the structure. Returning, the detective said it was two floors down.

Other books

The Summer We Came to Life by Deborah Cloyed
Song of the Sea Maid by Rebecca Mascull
Morsamor by Juan Valera
Unlimited by Davis Bunn
BAD TRIP SOUTH by Mosiman, Billie Sue
All Quiet on the Western Front by Erich Maria Remarque