Developers Club geek daily blog

2 years, 7 months ago
Underground market of crankcases. Transfer of the book "KingPIN". Chapter 28. "Carder Court"Kevin Poulsen, the editor of the WIRED log, and in blackhat childhood the hacker of Dark Dante, wrote the book about "one acquaintance".

In the book the way from the teenage geek (but at the same time rolling), to the experienced cyberkingpin, and also some methods of work of intelligence agencies on capture of hackers and crankcases is shown.

The quest on transfer of the book began in the summer in Itshny camp for seniors — "The Pin: school students translate the book about hackers", then were connected to transfer also Habrayuzera and even a few edition.

Chapter 28. Court of crankcases

(for transfer thanks of drak0sha)

Kate Mularski it was emaciated.

At first he talked over with the agent in branch of the Secret service on other end of the city. "It seems to me you some troubles threaten". One of uncountable informants heard that Iceman found out incontestable proofs that the Master Splintr was or the informer, the spy of corporate safety, or the federal agent. Iceman temporarily integrated with the former enemy of Silo and prepared the detailed presentation for the manual Carders Market and Dark Market-á. Iceman and Silo obviously wanted to condemn the Master Splintr.

Everything began with the Silo code. Popularity of the Master Splintr as spammer and programmer made him the specialist in the field of reviews of a malicious code DarkMarket-and. It was one of benefits of its secret operation: Mularski will be able to evaluate the latests version of the confidential attacking code and to transfer them to CERT which, in turn, will send them to all anti-virus companies. The malicious code can be found still before it appears in the black market.

This time Mularski charged a code as a training task to one of students of CMU passing training in NCFTA. According to standard procedure the student started the program in the isolated mode on the virtual computer — some kind of program bowl of Petri which can be cleaned later. But he forgot about the USB stick in USB port. On it were loaded an empty form of account about a malicious application with the NCFTA logo and main objectives of research. Before the student realized that occurred, the document appeared in Silo hands.

Six administrators and moderators of DarkMarket received the copy of the Silo code. Now Canadians knew that one of them was a federal agent.

Silo was a dark horse. In real life he was Lloyd Liske, the manager in autoshop of Vancouver and the falsifier of credit cards ruined in several months after the operation Firewall. When he was sentenced to eighteen months of house arrest, Lisk changed the surname about Buckell and a nickname with Canucka and again appeared on a scene of crankcases.

Now the Canadian was untouchable. In circles of law enforcement agencies it was well known that Silo was an informer of police department of Vancouver. That is why it is always backdooring of other hackers: the trojan horse who got into NCFTA was not going to expose operations of law enforcement agencies, Silo simply tried to collect data on members DarkMarket-and for police.

Silo was not too right FBI, but most likely was not going to climb here from skin to open secret operation of bureau. Unfortunately, Iceman learned about investigation and organized raid on collection of information on DarkMarket. At this moment Mularski's imprudence made the business. It as usual came into DarkMarket by means of a cover of KIRE hiding its location. But JiLsi as the exacting chief constantly strained the Master Splintr housekeeping tasks — for example, loading of new advertizing banners — the tasks demanding immediate execution. Sometimes at this time KIRE stayed idle, and he visited at the link directly. Iceman caught it.

Even then, it had to be in relative safety. The office on rendering broadband services was created under the guise of dummy corporation, with phone calling on not listened VoIP to the room of communication. The telephone line should not have been marked. Anyway, it did not occur, and Iceman received the address and defined that it belongs to NCFTA.

Mularski quickly went to the room of communication, carried out by an access card, and was locked inside. He installed the channel for safe communication with Washington. The agent did not embellish the report to the manual. Despite its work on receipt of the secret power for control DarkMarket-and, with support from head department of Justice and officials of bureau, Iceman was going to pick them to pieces in only three weeks after the beginning of work.

Max fought over prevention of detection — he knew that after its attack DarkMarket-and, all its data will be used against it. He considered option of closing Carders Market before exposure of the Master Splintr as an opportunity to avoid what all this would be apprehended just by one more volley in war of crankcases. Instead, he decided to send the new lieutenant, Th3C0rrupted0ne to provide the position.

The court was delayed by "Carder IM" Silo — the free, allegedly ciphered program for an exchange of free messages which the Canadian hacker offered as an alternative AIM and ICQ supporting demonstration of declarations for suppliers of dump. Matrix001 was found from outside DarkMarket-and — JiLsi was occupied with effects from Max's attack on Mazafaka. Also there were Silo with other two Canadians. Silo opened a meeting, having distributed RAR archive with the proofs collected by it and Iceman-ohm.

When some of crankcases opened the file, their antiviruses went mad. At Silo left a backdoor in proofs; not the most promising beginning of summit.

C0rrupted and Silo continued to produce the evidence: showed document templates of Silo that someone in NCFTA received a privileged position on Darkmarket, and an access log stolen Iceman-ohm proved that Mr. Splintr was a mole.

"The indisputable proof", C0rrupted wrote. "We worked hard, trying to make the peace and if it becomes property of the public, law enforcement bodies will pursue us on heels. However, if we report nothing, we will be responsible for all those who will be deceived (Nye ***)."

"All this is valid so", Silo told.

It did not convince Matrix-and. It started own Whois on domain name of Pembrooke Associates and by means of Domains by Proxy received only the anonymous list: in it there were no addresses and telephone numbers. "Mlya," Matrix printed. Whether "You did not even check information and the companies received from Whois, so? Who transferred you these materials?"

"It is not my materials," wrote Silo. "They Iceman-and."

"So you trust any shit sent you? Even without having checked it?"

The certificates provided to Silo did not convince any more Matrix-and: In the NCFTA templates there were structural and spelling errors — as FBI or non-profit organization of safety could make so worthless work? Besides, contempt of Iceman to was well known Darkmarket-at and Silo was an eternal splinter.

The situation was heated. C0rrupted was disconnected, and the others stopped when Silo and Matrix began to be thrown by insults. "You have though something that will force me to believe you?" asked Matrix.

"It is not necessary", at last Silo answered. "I should not trust. Dump (a sja *** s) from my IM … Go for a grid."

Mularski was excluded from a chat, but when it ended, Matrix transferred a log to the Master Splintr (Spyntr?). The agent was glad that in the last second he managed to clean all information: as soon as he learned about Iceman-ovsky plans of its exposure, it contacted the logger of domain names and forced the company to delete all people connected about Pembrooke Associates and their telephone numbers from the registers. Then he requested Anywho to display listing of its confidential telephone line. This cleaning without fail will convince Iceman-and that the Master Splintr is the federal soldier, but more nobody will be able to check truth of its outputs.

Now Mularski began belief on ICQ. He told Matrix-at and to all who listened that he is innocent. He paid attention of crankcases on a log, selecting all cases when it logged into the system from the IP address KIRE. These are my logins, he wrote. I do not know whose others.

Then it was unrolled and attacked. Doubts Iceman-and in JiLsi worked in its advantage. Everything went wrong way, he wrote. JiLsi behaved suspiciously. On the one hand, he charged to the Master Splintr to anybody to speak, the server is already started. With another — JiLsi made impression that DarkMarket is in the country unavailable to the western law enforcement agencies though actually was located in the city of Tampa, State of Florida where cops could get the warrant for a search with ease. It validly was strange.

JiLsi went on about the innocence, but behaved too strange for this purpose. The master Splintr publicly thanked Iceman-and, that that brought business to its attention and told that he will display DarkMarket out of borders of the United States at once.

Mularski contacted law enforcement agencies of Ukraine, and they helped it to receive quickly there a hosting. In a flash, Darkmarket appeared in Eastern Europe. The majority of crankcases had to agree that federals will not manage to perform the operation in the former Soviet republic.

The formal verdict was not sounded, but the unanimous solution determined innocence of the Master Splintr. But they were not so sure of JiLsi.

When disputes ceased, Mularski returned to the normal secret operation. Several weeks later, when he wrote reports, he was called by other agent.

The special agent Michael Shuler was a legend among agents of cybercrimes of Bureau. It cracked computers of Russians during the operation Invita. Now, working in Richmond, the State of Virginia, as the field officer, Shuler reported about violation in the next Capital One. The security police of bank found attack with use of vulnerability in Internet Explorer. They sent to Shuler the copy of a code, and he wanted that Mularski charged to one of geeks of NCFTA to work with it.

Mularski listened as the Sharper described the investigation today. It concentrated on the fake website of news, Financialedge.news.com used for distribution of malicious applications. The domain was registered on the figurehead in Georgia. But when the registrar Go Daddy, checked the records, it found that the same user already registered other address by means of their company.

Cardersmarket.com

Mularski understood all importance of it at once. Iceman represented itself as innocent owner of the website on which there was a discussion of illegal actions. Now the Sharper had proofs that he was also the hacker, greedy to money, who got a network of the issuer of credit cards of America, the fifth on value. "Dude, your business!" Mularski burst out laughing. "You just received case on the guy who is tracked down by our Group II. We need to work on it together."

On other end of the city, secret service agents in local department of Pittsburgh independently too made discovery about Iceman-e: the informant told confidential information that main / the leader/head of Carders Market is also known as the supplier of dump of Digits. In four days after article in USA Today, agents extended this information thanks to the second mole who made controlled purchase at Digits: twenty three dump for $480 in e-gold.

It was more, than there is enough, for charge of a criminal offense.

To be continued

The published transfers and the plan of publications (a status for December 25)
PROLOGUE (School students of GoTo camp)
1. The Key (Grisha, Sasha, Katya, Alyona, Sonya)
2. Deadly Weapons (Young programmers of FSB of the Russian Federation, 23 Aug)
3. The Hungry Programmers (Young programmers of FSB of the Russian Federation)
4. The White Hat (Sasha To, ShiawasenaHoshi)
5. Cyberwar! (ShiawasenaHoshi)
6. I Miss Crime (Valentin)
7. Max Vision (Valentin, 14 Aug)
8. Welcome to America (Alexander Ivanov, 16 Aug)
9. Opportunities (jellyprol)
10. Chris Aragon (Timur Usmanov)
11. Script’s Twenty-Dollar Dumps (Georges)
12. Free Amex! (Greenhouse of social technologies)
13. Villa Siena (Lorian_Grace)
14. The Raid (Georges)
15. UBuyWeRush (Ungswar)
16. Operation Firewall (Georges)
17. Pizza and Plastic (is ready)
18. The Briefing (Georges)
19. Carders Market (Ungswar)
20. The Starlight Room (???)
21. Master Splyntr (Ungswar)
22. Enemies (Alexander Ivanov)
23. Anglerphish (Georges)
24. Exposure (+)
25. Hostile Takeover (fantom)
26. What’s in Your Wallet? (done)
27. Web War One (Lorian_Grace?)
28. Carder Court (drak0sha)
29. One Plat and Six Classics (+)
30. Maksik (+)
31. The Trial (+)
32. The Mall (Shuflin+)
33. Exit Strategy (done)
34. DarkMarket (Valera of an ak Dima)
35. Sentencing (comodohacker+)
36. Aftermath (ex-er-sis?)
EPILOGUE

This article is a translation of the original post at habrahabr.ru/post/274053/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: sysmagazine.com@gmail.com.

We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.

comments powered by Disqus