Underground carders market. Translation of the book "Kingpin". Chapter 6. “I Miss Crime”

Kevin Poulsen, editor of the magazine WIRED, and in his childhood blackhat, the hacker Dark Dante, wrote a book about " one of his acquaintances ."

The book shows the path from a teenager-geek (but at the same time pitching), to a seasoned cyberpahan, as well as some methods of the work of special services to catch hackers and carders.

The beginning and the translation plan are here: “ Shkvoren: schoolchildren translate a book about hackers ”.
Prologue
Chapter 1. "The Key"
Chapter 3. “The Hungry Programmers”
Chapter 5. “Cyberwar!”
Chapter 6. "I miss crime"
Chapter 34. DarkMarket
(we publish as soon as the translations are ready)
')
The logic of choosing a book for working with schoolchildren is as follows:

• there are few books about hackers in Russian (one and a half)
• There are no books about carding in Russian at all (there was one UPD )
• Kevin Poulsen - WIRED Editor, No Stupid Comrade, Authoritative
• to introduce young people to the translation and creativity in Habré and get feedback from elders
• schoolchildren-students-specialists work very sparingly for learning and show the significance of the work
• The text is not very hardcore and is accessible to a wide range, but it touches on issues of information security, vulnerabilities of payment systems, the structure of the carding underground, basic concepts of the Internet infrastructure
• the book illustrates that "feeding" in underground forums - ends badly

Who wants to help with the translation of other chapters write in a personal magisterludi .

Chapter 6. “I Miss Crimes”

On the second of June, in the afternoon, Max opened the door of his two-story house in San José. He greeted Chris Bison and immediately realized that he was in trouble: in addition to the FBI agent, there were three more in costumes on the threshold. Including the gloomy chief of Bison - Pete Trekhon, the head of the computer crimes investigations department.

Within a month after the BIND attack, Max had a lot of trouble. He launched the website whitehats.com, which immediately became very popular among the security men. In addition to the scanner, the site posted fresh CERT alerts, links to patches for BIND, and an impressive amount of material written personally by Max on the ADM worm, where he was examined to the smallest detail. No one in the community suspected that Max Vision, who was behind the whitehats.com project, personally demonstrated the seriousness of the vulnerability in BIND. Max continued to submit reports to the FBI. After receiving the latest report, Beeson sent an e-mail, probably to discuss Max's recent achievements: “What if we meet with you? I know the address, I must have it somewhere written down. ”

Already standing on the threshold Beeson revealed the real reason for the visit. He knew all about Max’s attack on the Pentagon. One of the “suits” - a young Air Force investigator from Washington, who identified himself as Eric Smith - found out that the invasion of BIND was carried out from the house of Max. Beeson had a search warrant.

Max let them in, apologizing. He explained that he only wanted to help. The conversation was peaceful. Max, flattered by the attention, enthusiastically told about the invasion process, describing all the tricks and tricks, and then listened with interest to Smith. It turned out that he tracked down Max through the pop-up messages that he used to notify about the seizure of the system. Messages passed through the Verio dialup and at the official request, the provider issued the phone number of Max - it was easy. Max convinced himself that he was doing something really useful for the entire network, so he did not carefully cover his tracks. The agents asked if anyone else knew about Max’s affairs - it turned out that his boss had something to do with it *. Max said that Digital Jesus - Matt Harigan - did not completely abandon the hacker business and his company is even going to conclude a contract with the NSA.

By order of agents, Max wrote a confession. “I was moved by curiosity and interest, is it really possible. I know that this does not justify me and, believe me, I repent of my deed, but it is possible. "

When Kimi returned home from school, the feds were still searching the house. They, like deer on grazing, turned their heads in its direction in synchronization, realized that this was not a predator and silently returned to their work. As they left, they took away all Max’s computer equipment.

The door closed, leaving the newlyweds alone in what was left of their home. Max barely began to form an apology on Max’s lips, but Kimi angrily cut him off: “I told you not to get caught!”.

FBI agents in Max's crime found a benefit. Trakhon and Beeson returned to the house of Max and gave their former ally a second chance. If Max was counting on condescension, he should have worked for them. And writing reports was not enough. Max was so determined to make amends, save his life and career, that he did not ask for anything in writing. He simply believed that if he helped the FBI agents, they would help him.

Two weeks later, Max received the first assignment. A gang of phone hackers (phreakers) have just taken control of the 3Com telephone system and used it as a personal teleconferencing system. Beeson and Trechon could have connected to their illegal conversation, but they doubted their ability to impersonate hackers. Max studied the latest phreaking techniques and rang the system directly from the FBI operational headquarters while the bureau recorded the call.

Max outlined some of his achievements and mentioned the names of the hackers he knew. That was enough to convince the phreakers that Max was one of them. They opened their heart and reported that they are members of the international gang DarkCYDE, which consists of about 35 participants, most of whom live in Britain and Ireland. DarkCYDE sought to “unite phreakers and hackers from around the world into one powerful digital army,” according to their great manifesto. In fact, it was just children indulging in a phone, just like Max when he was in high school. After the call, Beeson asked Max to stay with the gang. Max chatted with them on IRC and passed the correspondence history to his wardens.

Agents satisfied with Max's work called him a week later to the federal building in San Francisco to issue a new assignment. This time he had to go to Vegas.

Max glanced around at the card tables, covered in linen tablecloths, in the hotel’s Plaza and casino exhibition hall. Dozens of young men in hacker uniforms — in jeans and T-shirts — were squatting in front of workstations or standing slightly apart, pointing at something on the screen. It looked crazy to a man from the outside: spend a weekend in Sin City, knocking on the keyboard like a robot, away from the pool, slot machines and shows. But for hackers, it was a specially organized team competition for penetrating a computer system and capturing a hastily built network. The first team, which will leave its virtual marker for one of the goals, can count on a prize of $ 250, universal honor and extra points for breaking other opponents. New attacks and tricks seemed to flow from hacker fingers, secret exploits got from virtual arsenals for the first time to shoot in public. Def Con, the world's largest hacker congress, captured the flag every year was vivid and emotional, no worse than Fisher vs. Spassky. Kimi was not impressed, but Max was like in paradise. Across the room, the tables were littered with old computer equipment, all kinds of electronics, tools for opening locks, T-shirts, books and copies of 2600 - a popular quarterly hacker magazine.

Max noticed Elais Levy - the famous “white” hacker - and pointed Kimi at him. Levy, also known as Aleph One, moderated the Bugtraq newsletter (this is how the New York Times for computer security) and the author of the express guide to the buffer overflow called "Crumble stack fun for profit and profit for" published in Phrack. Max did not dare to approach the star. What could he tell him?

Max, of course, was not the only mole at Def Con. This event began in 1992 as a modest meeting organized by the former phreaker, and today Def Con has grown into a legendary gathering where about two thousand hackers, computer security experts and onlookers from all over the world gather. They gather here to meet friends live with whom they have made acquaintance on the net, conduct and attend technical reports, buy and sell different things, get drunk, get very drunk at parties until the morning. Def Con was so obviously an attractive event for the government that organizer Jeff Moss came up with the game "Fisheries". The hacker, who allegedly found a government agent in the crowd, had to point at him and report it loudly. If the audience agreed, the hacker took home the coveted T-shirt with the words "I spotted a federal def Def." Often the suspected agent surrendered and kindly showed a token, giving the hacker an easy victory.

Max’s task was still a challenge. Trekhon and Beeson wanted him to gain confidence in fellow hackers, tried to find out their real names and brought PGP to share public keys - this is something like a wax seal, which geeks anxious about security encrypt and sign their emails. At heart, Max was restless. Writing reports for the bureau was a completely different matter, and he had no remorse about receiving data from DarkCYDE phreakers - the guys are too young to get into big trouble. But this task smelled of denunciations. Personal loyalty was recorded very deeply in the firmware of Max, and only one glance at the public Def Con was enough for him to understand: these are his friends. Many hackers stopped their immature mischief, switched to the legal dotcom business, or founded their own companies. They became "white", like Max. At the conference, this mood was perfectly conveyed by a popular T-shirt that says “I miss crimes”.

Max decided to ignore the task of the FBI and began to attend meetings and negotiations. The schedule for this year was the long-awaited release from the “ Cult of the Dead Cow ” team. KVM was literally rock stars in the world of hackers: they recorded and played music, and their presentations at the congress were very theatrical, which made them media favorites. This time the group introduced Back Orifice , a sophisticated remote control program for windows machines. If you managed to trick someone into running Back Orifice, you would get access to their files, see everything that is happening on the screen and even see through their webcam. The program was designed to shame Microsoft for its disgusting security in Windows98. All those present at the Back Orifice presentation were delighted, and this mood was passed on to Max. But even more practical interest for Max was a report on the legality of computer hacking, which was led by Jennifer Granik, a criminal defense attorney from San Francisco. Granik began the presentation of a recent case harassing Carlos Salgado Jr., a hacker from the Bay Area, a 36-year-old computer repairman who better than any other hacker reflects the future of computer crime.

From his room at his parents ’house in Daly City, a few miles south of San Francisco, Salgado hacked into a large technology company and stole a database of eighty thousand records of credit card numbers, their owners, postal codes, and expiration dates. actions. Hackers traveled to credit card numbers before, but what Salgado did would surely give him a place in books on the history of cybercrime. Under the pseudonym “Smak” he entered IRC on #carding channel, where he put the entire list up for sale. This is the same as putting a Boeing 747 at a flea market. At that time, the underground scene of online credit card fraud was a swamp of children and petty hackers who hardly advanced further than the previous generation of scammers who were making copies of checks from garbage cans behind a shopping center. Their typical deals were in the same price categories, and conversations with each other are full of fiction and idiocy. Most of the discussion took place on an open channel, where anyone could come from the organs and read everything. All the safety of carders was based on the assumption that they are not interesting to anyone.

Surprisingly, Salgado found a potential buyer at #carding - a student of the computer science department from San Diego who paid for his studies by pulling out bank statements from mailboxes, getting account numbers from there and forging credit cards. The student had a mass of contacts, which, he believed, could buy the entire stolen base from Smak for a six-digit amount. The deal went a bit wrong when Salgado, who decided to take precautions, hacked the buyer's Internet provider and fumbled in his files. When the student found out about this, he got angry and secretly began working with the FBI. On the morning of May 21, 1997, Salgado arrived at the smoking lounge of San Francisco International Airport to meet his customer. It was supposed that here he would exchange a compact disk with a base for a case in which there would be 260 thousand dollars in cash. Instead, he was arrested by the San Francisco Computer Crime Squad.

The frustrated deal was a revelation to the FBI: Salgado was the first of a new breed of money-hungry hackers, and it represents a threat to the future of e-commerce. Survey results have shown that web users are concerned about the need to send credit card numbers electronically - this is the main reason that keeps them from buying. Now, after many years of trying to win consumer confidence and reward investor confidence, electronic companies have begun to conquer Wall Street. Less than two weeks before Salgado’s arrest, Amazon.com made an IPO and became $ 54 million richer in one day. Salgado's IPO would be higher: the total amount of limits on all credit cards in the database was more than a billion - $ 931,568,535, if you take away the money spent by the rightful holders.

As soon as Salgado was arrested, he confessed to the FBI. Granik told the hackers that this was his big mistake. Despite his cooperation, Salgado was sentenced to thirty months in prison earlier this year.

- So, the FBI wanted me to tell you that the recognition of Salgado helped him, - Granik paused, - This is nonsense. Give up and be silent! - She said, and from the seats came the cheers of approval, - There is no use in talking to the police. If you are going to cooperate, then do it after consulting with a lawyer and processing the transaction. It makes no sense to give them information for free.

In the back of the room, Kimi poked Max under the ribs. All that Granik advised burglars not to do, Max did. He did everything. And Max himself again thought about his agreement with the feds.

• • •

"We have to do something to change in the pattern of our work."
Max read the last message from Chris Beeson and felt the frustration that seemed to radiate from the screen. Max returned to Def Con empty-handed, and then did not appear at a meeting in the federal building, where he was to receive a new task, which infuriated Beeson’s chief, Pete Trachon. In the following lines of the letter, Beeson warned Max about the grim consequences if he continued to play up.

“In the future, failure to attend a meeting without a valid reason will be interpreted as a refusal to cooperate with you. If you refuse to cooperate, we will FORCE to take appropriate action. Pete meets with the prosecutor in YOUR case on Monday. He wants to meet with you soon in our office at 10:00 exactly, MONDAY, 8/17/98. I won't be next week (that's why I wanted to meet you this week), so you'll deal directly with Pete. ”

This time Max came. Trakhon explained that he was interested in Max's boss at MCR, Matt Harigan. The agent was alarmed that the hacker ran a cybersecurity store where other hackers, such as Max, were working, and even trying to qualify for a contract with the NSA. If Max wanted to make the FBI happy, he needed to get Harrigan to admit that he was still burglary and related to Max’s attack on BIND.

The agent gave Max a new form for signature. This was Max’s written consent to install a listening device on him. Trakhon handed him a recording device disguised as a pager.

On the way home, Max pondered the situation. Kharigan was his friend and partner in hacking. The current demand of the FBI makes Max go on an incredible betrayal and become a real Judas for Digital Jesus.

The next day, Max met Harygan at the Denny diner, in San Jose, without the FBI bug. He looked at the other visitors and looked out the window at the parking lot. There could be feds anywhere. He pulled out a piece of paper and stretched it across the bar. "That's what's going on ..."

After the meeting, Max called Jennifer Granik - he took her business card when she finished speaking at Def Con - and she agreed to represent his interests.

Having learned that Max had enlisted the support of a lawyer, Beeson and Trekhon, without losing time, officially demoted him from the informants. Granik started calling the FBI and the prosecutor's office to find out the government’s plans for her new client. Three months later, she finally received the response of the chief prosecutor for cybercrime from Silicon Valley. The United States is no longer interested in working with Max. Now he could only count on returning to prison.

* Harigan's involvement is controversial. Max claims that he was planning an attack on BIND along with Harigan, in the office of MCR and Harigan wrote a program that built a list of targeted government computers. Harigan claims that he was not involved in this attack, but he was aware of Max’s plans.