Developers Club geek daily blog

2 years, 10 months ago
Underground market of crankcases. Transfer of the book "KingPIN". Chapter 29. "One Plat and Six Classics"Kevin Poulsen, the editor of the WIRED log, and in blackhat childhood the hacker of Dark Dante, wrote the book about "one acquaintance".

In the book the way from the teenage geek (but at the same time rolling), to the experienced cyberkingpin, and also some methods of work of intelligence agencies on capture of hackers and crankcases is shown.

The quest on transfer of the book began in the summer in Itshny camp for seniors — "The Pin: school students translate the book about hackers", then were connected to transfer also Habrayuzera and even a few edition.

Chapter 29. One Plat and Six Classics

(for transfer thanks to Vyacheslav Slinkin)

Did not realize Kate Mularski that does when undertook DarkMarket.

Its days became true madness. Every day began at 8 in the morning with check of ICQ of the messages which fell down in a night regarding any work for MasterSplinter-and.

It went to DarkMarket — service functioned. To come across here on Iceman-and it was always extremely heavy.

Then queue of tiresome work on backup of a DB came. Iceman reset tables twice in vain attempts to expose Mularski so now fuss with backups was part of morning routine. It was impossible to forget about investigation: so far the base continued to be copied, the simple script which author was a NCFTA programmer scanned every line regarding 16-place numbers, beginning with digits 3 on 6. The stolen credit cards automatically were sorted by BIN and went to the relevant banks for immediate cancellation.

Then Mularski fluently browsed private messages, selected the most interesting chats and checked them in the FBI-ovsky central database of electronic surveillance under the name ELSUR. The following neskolk was spent hours for writing of the report. Under a nickname of Master Splinter, Mularski began to cash funds for the modest sums. Some banks agreed to promote and shared the available dump with fake names, but real transactions which processing was financed already from budget FBR.ON transferred them the list with numbers PIN of crankcases over all country, financial institutions in turn daily reported on that where and when withdrawal of funds was performed. Mularski transferred information to local agents depending on the city where operations were made that led to regular writing of detailed notes.

At three o'clock, when crankcases began to appear in a network, the "second" life of Mularski turned into a scorching heat.

Everyone tried to learn something from "Splinter". There were different subjects, for example how to fill up vendor which throws customers, complaints or how competently to bring charges. Guys addressed it for free dump or for spam services.

Mularski came back home by the end of day, only again to log in. For plausibility, "Splinter" had to work in a tezha hours, as real crankcases. So passed every evening — a house sofa, the TV set included on the accidental canal and an open beech. It was online in DarkMarket-e, AIM, ICQ — answered questions, assigned reviewers, claimed vendors and banned rippers. In online it was usually till two in the night, and every day dealt with the subway.

For execution of goals, it was necessary to ingratiate. He distributed "gifts" which were allegedly paid from the stolen credit cards, but actually, were paid from means of bureau. Ciao (Cha0), the Turkish criminal leader and the DarkMarket-and administrator wished a lightweight computer which was on sale in states. Mularski sent two such PCs to the address reset from Chao in Turkey. Playing Santa it was necessary to conform to the rules: to remain under cover, creating visibility of earning money without asking excess questions.

For himself he noted that to be the boss in the world of a kiberkraym, rather hard work.

During travel or issue, it had to provide at least in brief the reason of the absence at a forum not to cause suspicions. In January he let the 2007th know in advance that there will be in flight some time, but did not tell where and why flies. It was going to Germany to discuss with prosecutors about Matrix001 — the cofounder DatkMarket-and.

Among other things, Matrix001 was the first-class specialist in the business and in general Jack of all trades. He created and sold fotoshopovsky templates, resorting to the help of "specialists" in production of false credit cards or fake ID. It could provide such templates as: Visa, MasterCard, American Express, U.S. the card of social security, printing of notaries and the driving license existing in northern states. So for example, he sold a template of the American passport at $45, and the Visa card of $125.

The relations between "Splinter" and "Matrik" considerably improved for the last three months: Mularski and the German loved video games and stirred about them at the whole nights. Also they communicated and about affairs — then the German shared that he got money transfers from the sales recently from the city of Eislingen which is in the Southern Germany. It was possible to call it the first catch in exposure of all chain.

Here the issue of following of money was resolved. As well as all crankcases, "Matriks" preferred to carry out payments by means of e-gold (a comment of the translator: E-gold (from English electronic gold — electronic gold) — means of payment for cashless payments via the Internet.), the electronic payment service provider created by the former oncologist by the name of Douglas Jackson (Douglas Jackson) in 1996. (comment of the translator: the song of NTL group is devoted to perhaps this character — Missile defense of the crankcase of Dzhaks) as opposed to PayPal, E-gold was the first virtual currency supported with ingots of silver and gold which were stored in bank safes of London and Dubai.

It was Jackson's dream — to notch the first-class international system without any binding to the government. It was pleasant to criminals. Unlike real bank, E-gold did not apply any means of validation of users; so often such names as "Mickey Mouse" and "No Name" appeared in profiles. To put or cash money in E-gold, users could use any of one hundred exchangers worldwide which could perform both simple money transfers, and anonymous; in addition, they could also accept cash and convert it into E-gold (if the sum did not cover complete an ingot, then it could be subject to "cutting"). Exchangers were also engaged in converting from virtual means in local currency which could be received through Western Union, PayPal or a bank transfer. One company even offered "G-cards" with the preset ATM chip — it would allow to display the owner of E-Gold means by means of any ATM.

It is obvious that E-Gold was for criminals "bread and oil". By December of the 2005th year it was established that more than 3000 accounts appeared in "karting", 3000 more were used for purchase and sale of child porn and 13000 accounts were involved in investment swindles. They were rather easy to be found: so for example in operation connected with child porn, in notes to operation it was possible to observe names, for example "Lolita", in Ponzi the schemes "HYIP" ("High-Yield Investment Program" — "Vysoko-Dokhodnaya Investitsionnaya Programma"). Kardera included some kind of tags of what they bought: "For 3 IDs"; "for dumps"; "10 classics"; "Fame’s dumps"; "10 M/C"; "one plat and six classics"; "20 vclassics"; "18 ssns"; "10 AZIDs"; "4 v classics"; "four cvv2s"; "for 150 classics."

During long time, E-Gold closed eyes to criminal transactions. Their employees of course blocked some profiles connected with child porn, but could do nothing with the fact that malefactors all the same could withdraw money from the account. But the relation of the company sharply changed, after that FBI agents and Secret services, having received the order, carried out an inspection at offices of E-Gold in Melbourne and Florida then brought charge against Jackson for rendering of services of money transfers without license.

Jackson began to investigate voluntarily available base regarding criminal operations and sent "catches" to U.S. Postal Inspection Service — the only agency which did not try to send him to prison.

Its formation "on the way true" was as it is impossible by the way for Mularski. Thanking Gred Krabbu (Greg Crabb) and its command in post office, Mularski requested information on the Matrix001 profiles who was registered under the alias "Ling Ching" from Jackson.

When Jackson browsed base, found out that this record, was originally created under other name: Markus Kellerer, and as the address was specified the city of Ayzlingen (Eislingen) in Germany. In November Mularski sent official request about by this person to representative office of the German National Police through consulate of the USA in Frankfurt (Frankfurt). Germany confirmed — Kellerer was a real person, but not one more alias then Mularski made a reservation on run to Stuttgart (Stuttgart).

Matrix001 was the first figure from DarkMarket brotherhood who managed to be arrested. Mularski undoubtedly would like to find still somebody who had no objection to prattle about video games.

Having returned from Pittsburgh, he plunged into work again, having undertaken a legend of "Yeti" (Iceman). He looked for any mentioning of Iceman-e — there was somebody with such nickname on Shadowcrew and some more references of it in IRC chats. They [cybercriminals] always tried to let on the wrong track. Now Mularski studied idea that Iceman-but does not exist.

There has to be Iceman cooperated with the Canadian informant Lloyd "Saylo" Liske (Lloyd "Silo" Liske) — it was interesting. Saylo worked from Iceman-ohms trying to expose Mularski. It is possible and has no special value, informants often cry out charges, for example KOP or STUKACH to take away suspicions from themselves. But Saylo told the operators in department of police of Vancouver that it cracked a computer Iceman-and and that having even exploited from itself, will not be able to learn its real name or the valid IP address. As a result it turned out that "Saylo" had a set of E-Gold of accounts, one of which was under the name of "Keyzer Souz" (Keyser Söze).

If Lisk was a fan of the movie "Suspects", perhaps, he could try on on himself a skin of the criminal cardinal and feed law enforcement agencies with any nonsense, concerning suspicious figures in the criminal world, using the official position.

Mularski took off for Washington where submitted the theory for Secret services in their headquarters, but came to grief. The matter is that the Confidential department closely cooperated with Department of police of Vancouver and considered Saylo as the good guy.

Secret service pustilp on the wrong track. In laboratory of head office in Pittsburgh, agents output the schemes consisting of the names connected among themselves by lines. Many names were already eliminated. It was their own, constantly changing road to Iceman-at and to its world.

Mularski returned in Pittsburgh and both agencies resumed searches of such person of a cyberspace as Keyser Söze — "with impunity" hacked "Yeti".

To be continued

The published transfers and the plan of publications (a status for December 28)
PROLOGUE (School students of GoTo camp)
1. The Key (Grisha, Sasha, Katya, Alyona, Sonya)
2. Deadly Weapons (Young programmers of FSB of the Russian Federation, 23 Aug)
3. The Hungry Programmers (Young programmers of FSB of the Russian Federation)
4. The White Hat (Sasha To, ShiawasenaHoshi)
5. Cyberwar! (ShiawasenaHoshi)
6. I Miss Crime (Valentin)
7. Max Vision (Valentin, 14 Aug)
8. Welcome to America (Alexander Ivanov, 16 Aug)
9. Opportunities (jellyprol)
10. Chris Aragon (Timur Usmanov)
11. Script’s Twenty-Dollar Dumps (Georges)
12. Free Amex! (Greenhouse of social technologies)
13. Villa Siena (Lorian_Grace)
14. The Raid (Georges)
15. UBuyWeRush (Ungswar)
16. Operation Firewall (Georges)
17. Pizza and Plastic (is ready)
18. The Briefing (Georges)
19. Carders Market (Ungswar)
20. The Starlight Room (???)
21. Master Splyntr (Ungswar)
22. Enemies (Alexander Ivanov)
23. Anglerphish (Georges)
24. Exposure (+)
25. Hostile Takeover (fantom)
26. What’s in Your Wallet? (done)
27. Web War One (Lorian_Grace?)
28. Carder Court (drak0sha)
29. One Plat and Six Classics (+)
30. Maksik (+)
31. The Trial (+)
32. The Mall (Shuflin+)
33. Exit Strategy (done)
34. DarkMarket (Valera of an ak Dima)
35. Sentencing (comodohacker+)
36. Aftermath (ex-er-sis?)
EPILOGUE

This article is a translation of the original post at habrahabr.ru/post/274173/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: sysmagazine.com@gmail.com.

We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.

comments powered by Disqus