Read Fatal System Error Online
Authors: Joseph Menn
Tags: #Business & Economics, #General, #Computers, #Security, #Viruses & Malware, #Online Safety & Privacy, #Law, #Computer & Internet, #Social Science, #Criminology
Fatal System Error (25 page)
WHILE CARDERPLANET WAS WREAKING havoc on a global scale, Shadowcrew was doing major damage in the U.S. Shadowcrew grew out of the collaboration of two very different men, a Scottsdale (Arizona) Community College business student in his early twenties named Andrew Mantovani and a former mortgage broker in New Jersey nearly twice his age, David Appleyard. From 2002 until late 2004, “ThnkYouPleaseDie” and “BlackOps” ran the Shadowcrew site, setting the rules for the 4,000 users who registered, those who reviewed the offerings of others, the vendors themselves, and the moderators of discussions. It convened buyers and sellers who collectively swapped in the low millions of credit card numbers along with card-making machinery and other identity-theft goodies. The group rang up at least $4 million in fake credit card charges. In a single transaction in May 2004, a Shadowcrew member sold 110,000 card numbers. Another vendor, Omar Dhanani, promised to turn cash into e-Gold for a 10 percent cut. Mantovani and Appleyard threatened “rippers” who didn’t carry through on their promises, once publishing the real name, address, and photo of a bad supplier.
While Shadowcrew wasn’t especially secretive, the feds still needed to get lucky in order to make their big case. The FBI picked up a high-ranking member named CumbaJohnny, whose real name was Albert Gonzalez, on a low-level fraud rap. Bargaining for his freedom, Gonzalez told them that he was a third administrator of Shadowcrew, along with Mantovani and Appleyard, and that the feds could watch whatever he did. A fourth administrator, Anatoly “Vox” Tyukanov, was in Moscow. The Secret Service took over the case. Having learned that the bad guys favored virtual private networks to disguise their location, the agents came up with an innovative idea. They had Gonzalez tell his cohorts that he had access to an ultra-secure network, and that henceforth they should log in through that. The move gave the agents carte blanche to monitor everything that transpired on the network and made it much easier for them to figure out the real Internet addresses of the villains, which led in turn to their real identities and street addresses.
At 9 P.M. Tuesday, October 26, 2004, most of the Shadowcrew leaders assembled for a mandatory online meeting that Gonzalez orchestrated. Agents with semiautomatic weapons simultaneously raided houses across the country and a few locations overseas. Brandon Monchamp, a moderator who lived with Mantovani in Scottsdale, jumped out of a second-floor window and fled on foot, leaving a loaded assault rifle behind. Officers racing after Monchamp caught him from behind. Also arrested was Nicolas Jacobsen, who used the online handle Ethics. He had offered to crack anyT-Mobile voicemail and email accounts. Jacobsen himself had already scoured four hundred accounts, including those of heiress Paris Hilton and Peter Cavicchia, a Secret Service agent investigating Shadowcrew.
The Cavicchia breach embarrassed the agency. Cavicchia broke internal rules by forwarding work email to his personal address and by accessing both those messages and his office computer via his T-Mobile Sidekick. For that reason, Jacobsen could read some of Cavicchia’s emails, including those listing the ICQ numbers monitored in the Shadowcrew probe. Luckily, the emails didn’t expose Gonzalez as an informant. Gonzalez pursued the anonymous offer for T-Mobile account access and wound up in chats with Jacobsen, who showed him excerpts of the Secret Service emails.
Two days after the Shadowcrew raid, the Justice Department trumpeted twenty-eight arrests in the largest-ever cybercrime roundup. “The Department of Justice is committed to taking on those who deal in identity theft or fraud, whether they act online or off,” Attorney General John Ashcroft said in a press release. Everyone who was both arrested and indicted pleaded guilty, though some just got probation.
But for all the manpower devoted to the case and the enormously positive press accounts of the operation, few top criminals suffered. Two of the four administrators got way clean, including Gonzalez, who would later admit to committing crimes an order of magnitude greater than those he helped solve.
Despite the indictment, nothing ever happened to Tyukanov, the fourth key administrator. He remained free in Moscow, reportedly protected by a Russian general. According to an agent on the case, a lure to get Tyukanov to another, friendlier country for arrest had been set, with the target ready to travel. But Secret Service headquarters nixed the plan, deciding that capturing even one of the heads of Shadowcrew wasn’t worth angering the Russians while the agency was negotiating to reestablish a Moscow office. So Tyukanov was never brought to justice.
Shadowcrew would have been small potatoes without the presence of Tyukanov and other Russians and East Europeans. Those men provided the bulk of the identifying information contained in credit cards’ magnetic stripes, which those in the U.S. resold in smaller quantities. Others in the U.S. acted as cashers, pillaging ATMs or using their U.S. addresses to receive goods purchased with fake credit card information. Then they resold the goods and shipped most of the profit overseas.
“All [the Americans] had back then was just making novelty identification things, dumpster diving, a few small-time hacks here and there, and then a lot of shit-talking,” said fraudster turned FBI informant David R. Thomas, who went by El Mariachi on the boards. “On the Russian side it was more effective, businesslike. They were workaholics. They could pile up millions of dollars and they would still be pounding away at the keyboard 14 hours a day.” Thomas echoed Doug Havard’s amazement that King Arthur could see what was happening with the bank accounts in near-real time. If you said that you had just withdrawn $2,000 from an ATM, he could tell if it was true.
The Russians were essential to Shadowcrew. One law enforcement source explained, “Almost none of what I would describe as downstream wholesaling of track information would have been possible without the hacking by Russian and Eastern European rings.”
The American wing of the Shadowcrew gang constituted organized crime in its own right, though nothing tied the members to more traditional mobs. They practiced ad hoc organized crime, meaning that they got together for a specific purpose instead of starting out as a criminal group and then looking for ways to score. The same went for many other cybercrime groups that coalesced around websites.
In Russia, the Ukraine, and elsewhere, by contrast, the key conspirators in mass cybercrime had at least one major element typically found in traditional organized crime—the ability to metastasize. Many of these mobs started out in cyberspace. But they branched out in at least one significant new direction in an effort to continue their enterprises. That direction was the corruption of government officials, either well-placed individuals in major law-enforcement roles or, in some instances, effectively of the governments themselves.
THE FAILURE TO REACH THE TOP wasn’t the only drawback to the U.S. attacks on Shadowcrew and CarderPlanet. Those sites operated relatively openly, and the agents had one shot at them. Afterward, the vast majority of the users who didn’t face prosecution scattered and formed dozens of smaller, more secretive sites that were far harder to penetrate.
There would be more isolated successes. But sitting in his Moscow hotel, Andy saw that the window he and his colleagues could have used to take on the underground economy was closing.
Looking back on the big cases years later, the Justice Department’s head of cybercrime efforts said the busts were still a success, in part because they shook up the underworld wheeler-dealers. “They were very, very confident that it would be impossible to catch them,” said the department’s Kimberly Kiefer Peretti. “What the Shadowcrew case did was all of a sudden disturb their trust” in making arrangements with people they hadn’t met. “They didn’t know anymore who they were dealing with.” Peretti said the experience also taught agents who the big sellers and hackers were and how they operated, even if they weren’t nabbed at the time.
But it’s also true that the limited prosecutions allowed even small-timers at the major sites to build up enough cash to hire new people, like drug dealers who get a stake and then work their way up. “What is so important about CarderPlanet is that just about every major player in today’s world got started on that website,” a federal agent said. “Individuals that were low-level players back then are some of the biggest players today, from hackers to cashers to ID makers to the money launderers. They all got started on CarderPlanet.”
Many other forums for carders and phishers continued to flourish. One such site, again protected behind passwords, featured a free and detailed fraud tutorial and an offer to share the use of a program for checking whether credit card numbers were still valid. A Bulgarian poster, under the nickname Zeus, gave his email address for anyone willing to sell “fresh cc’s” with the associated data for identifying the cardholder. “I am serious buyer,” he wrote. “Will pay with Western Union.” Breaches at ATM networks, at least those that were disclosed, also got bigger. On one day in November 2008, cashers hit more than a hundred automated tellers from Atlanta to Hong Kong and sucked out $9 million with data stolen from a payment processor owned by the Royal Bank of Scotland.
There were also the matters of how the authorities handled their informants, the crimes they knowingly allowed to continue, and the crimes they unknowingly allowed to continue.
David Thomas, for one, was arrested in November 2002 as he tried to collect $30,000 in merchandise that a CarderPlanet guru named BigBuyer had ordered from
Outpost.com
. The Russians did arrest and imprison BigBuyer, identified in U.S. documents as A. N. Lyashenko, in what probably remains that country’s most significant capture to date. After a few months in jail, Thomas began working as a full-time informant for the FBI, which gave him a computer. As El Mariachi, he was active on the CarderPlanet site and also ran his own identity theft clearinghouse,
TheGrifters.net
. There he helped King Arthur with major phishing and cashing operations. But his collaboration with the FBI didn’t lead to King Arthur’s arrest. Instead, all manner of real identity crimes came together on TheGrifters as the FBI gathered intelligence.
Outpost.com
. The Russians did arrest and imprison BigBuyer, identified in U.S. documents as A. N. Lyashenko, in what probably remains that country’s most significant capture to date. After a few months in jail, Thomas began working as a full-time informant for the FBI, which gave him a computer. As El Mariachi, he was active on the CarderPlanet site and also ran his own identity theft clearinghouse,
TheGrifters.net
. There he helped King Arthur with major phishing and cashing operations. But his collaboration with the FBI didn’t lead to King Arthur’s arrest. Instead, all manner of real identity crimes came together on TheGrifters as the FBI gathered intelligence.
The FBI was clearly happy with the tradeoff. In 2006, the agency went further. An undercover agent, Keith Mularski, invented an Eastern European spammer named Pavel Kaminski, alias Master Splynter, with the assistance of Spamhaus, the private research group. Spamhaus announced that Splyntr was linked to phishing scams, botnets, and carder forums. With that reputation, Mularski infiltrated the leadership of one of CarderPlanet’s many children, a site called DarkMarket. In 2006 he managed to become the site’s top administrator, banishing rippers who stole from other thieves and boosting his credibility in the process. He built the user base to 2,500.
Mularski didn’t fool everyone. Before he ascended to the top spot at DarkMarket, Max Ray “Iceman” Butler, who ran the rival forum CardersMarket, hacked into a DarkMarket server and grabbed logs showing that Master Splynter was logging in not from Eastern Europe but from the Pittsburgh home of an FBI task force. As Butler posted the logs for other scammers to read, Mularski rapidly sanitized his connection and succeeded in convincing many that Butler had fabricated the logs in a power play. Butler was an unusual talent, and his undoing was hastened because he had an ego to match. Not content with running his own underground forum, Butler hacked into his competition. He harvested all their user information, then crashed the sites. When he sent out an email to the users announcing a “merger,” they had little choice but to come to him. Bragging of his ability to keep a site secure, Mularski used the opening to take full control of Dark Market. In September 2008, the FBI and Secret Service worked together and caught Butler, who was suspected of personally hacking Citibank, the Pentagon Federal Credit Union, and other institutions. A recently passed law treating unused credit numbers as stolen goods worth $500 meant that Butler faced as long as decades in prison, the most ever for a cybercrime case. He pleaded guilty in June 2009.
Mularski did good work. As Splynter, he tracked the Internet locations of DarkMarket users and compared some transactions on the board to e-Gold transfers the government won access to in its money-laundering investigation at that Prolexic customer. The combination often gave investigators what they needed to get real names and addresses. Among the biggest busts was that of Cha0, a DarkMarket vendor from Turkey who sold software programs known as “skimmers” to siphon off bank customers’ ATM codes as they were entered. After Cha0 kidnapped and tortured a police informant, Mularski helped get him arrested, along with more than fifty others in multiple countries. “What’s worked for us in taking down spy rings and entire mob families over the years—embedding an undercover agent deep within a criminal organization—worked beautifully in taking down DarkMarket,” said FBI Assistant Director Shawn Henry. After pulling the plug in September 2008, the FBI claimed that Mularski’s team had succeeded in stopping more than $70 million in illegal commerce. When users did post stolen account information on the general discussion boards, Mularski warned the financial institutions. But Mularski conceded that real crimes were committed by board users over ICQ, where Mularski couldn’t see them.
Other books
The Final Judgment by Richard North Patterson
SEVERANCE KILL by Tim Stevens
Memoirs of a beatnik by Di Prima, Diane
To Lure a Proper Lady by Ashlyn Macnamara
Caruso 01 - Boom Town by Trevor Scott
Jake's Wake by Cody Goodfellow, John Skipp
The Girls of Atomic City by Denise Kiernan
The Big Boom by Domenic Stansberry
Vigilante by Robin Parrish
Maybe Always (Maybe Series Book 3) by Ella Miles
