Underground carders market. Translation of the book "KingPIN". Chapter 9. "Opportunities"

Kevin Poulsen, editor of the magazine WIRED, and in his childhood blackhat, the hacker Dark Dante, wrote a book about " one of his acquaintances ."

The book shows the path from a teenager-geek (but at the same time pitching), to a seasoned cyberpahan, as well as some methods of the work of special services to catch hackers and carders.

The beginning and the translation plan are here: “ Shkvoren: schoolchildren translate a book about hackers ”.
Prologue
Chapter 1. "The Key"
Chapter 3. “The Hungry Programmers”
Chapter 5. “Cyberwar!”
Chapter 6. "I miss crime"
Chapter 8. “Welcome to America”
Chapter 34. DarkMarket
(we publish as soon as the translations are ready)
')
The logic of choosing a book for working with schoolchildren is as follows:

• there are few books about hackers in Russian (one and a half)
• There are no books about carding in Russian at all (there was one UPD )
• Kevin Poulsen - WIRED Editor, No Stupid Comrade, Authoritative
• to introduce young people to the translation and creativity in Habré and get feedback from elders
• schoolchildren-students-specialists work very sparingly for learning and show the significance of the work
• The text is not very hardcore and is accessible to a wide range, but it touches on issues of information security, vulnerabilities of payment systems, the structure of the carding underground, basic concepts of the Internet infrastructure
• the book illustrates that "feeding" in underground forums - ends badly

Who wants to help with the translation of other chapters write in a personal magisterludi .

Chapter 9. Opportunities

(thanks for the translation thanks to jellyprol )

Max put on a blazer and crumpled cargo pants for sentencing and watched in silence as the lawyers began a legal debate on his case. Jennifer Granik, a defense attorney, told Judge James Ware that Max deserves commutation of the sentence for her work as an equalizer. The prosecutor chose the opposite point of view. Max, he claimed, pretended that he had become an FBI informant while secretly committing crimes against the US government. It was worse than if he had never collaborated with them.

It was an unusual sentence for a computer criminal. A dozen of Max's colleagues from the world of security who dedicated their lives to fighting hackers wrote a guarantee to Max Judge Vär. Dragos Ruey, a prominent security evangelist from Canada, called Max "a brilliant innovator in this environment." French programmer Renault Derezu recognized Max's advance help that made possible the emergence of Nessus, Derese's vulnerability scanner and one of the most important free security tools available.
“The potential given to Max and his clear vision of Internet security ... he would be more useful to society as a whole than staying with us as a computer security specialist ... instead of spending time in the cell and seeing how his computer talent is experiencing a slow but undoubted decline” .

From a technical worker from New Zealand: “Without the work that Max did ... for my company and for many other projects it would be much harder to protect yourself from hackers” From a fan from Silicon Valley: “Taking Max into our community of security professionals significantly damaged our ability to protect oneself. ”A former employee of the Department of Defense wrote:“ Putting this person in prison would be just a mockery. ”

Several people from Hungries also wrote letters, as did Max’s mother and his sister. In her letter, Kimi pleaded for the release of Max. “He saved my life when he helped get away from abuse and taught me the importance of self-esteem,” she wrote. “He gave me shelter when I had nowhere to live. He took very good care of me when I was seriously ill, saved my life and took me to the emergency room again when I said that “I am fine,” even when I was dying. ”

When the lawyers ran out of arguments, Max spoke for himself, with sincere courtesy he always stood away from his computer. His attack, he explained, was born of good intentions. He just wanted to close the BIND hole, but lost his head. "I became too noticeable," he said quietly. “It’s hard to explain the feelings of someone who got into the computer security environment. ... I felt that at that time I was in a race. That if I go inside and quickly close the hole, I could do it before people with worse intentions take advantage of it.

"What I did was reprehensible," continued Max. "My reputation among computer security specialists was damaged. My family and friends suffered"

Judge Ver listened attentively, but he had already made a decision. Releasing Max without imprisonment would convey the wrong message to other hackers. “This is necessary for those who want to take your steps so that they know that the result is a prison,” said the judge.

Sentence: eighteen months in prison, followed by three years during which Max is forbidden to use the Internet without the permission of the officer on conditional release. The prosecutor demanded that the judge immediately take Max into custody, but Ver rejected the demand and gave the hacker a month to bring his affairs in order and return him to the marshals.

* * *

Max and Kimi moved to Vancouver, closer to the Kimi family. When they returned home, Max lost no time in organizing Whitehats.com and arachNIDS in order to survive his conclusion. He set the automatic payment of traffic bills and wrote out a list of tasks for Kimi to take care of them in his absence. Now she was at the head of arachNIDS, he said, pointing to a server located on the floor of their apartment. The pair sheltered two kittens to provide Kimi’s company during the absence of Max and named them in honor of Elric’s two swords from Melnibone. The orange kitten was named Mournblade, the gray kitty was named Stormbringer.

Max spent the last weekend at liberty in front of his keyboard, preparing to transfer arachNIDS to the management of Kimi. It was Monday, Max finished his business on time. On June 25, 2001, Max was imprisoned in the county prison before being transported to a new home, Taft Federal Prison, George Wackenhuth's corporate-owned property, located near the small town of central California. Max was worried about this because it was another injustice, like returning to Idaho. He was sent back to prison, not for what he hacked, but for refusing Matt Harigan. He was punished for his loyalty, once again becoming a victim of the wayward system of justice. He made Judge Vära doubt who even looked at the details of his case.

Kimi was left to the mercy of fate, left alone for the first time after she met Max. After all the talk about the fact that they will always be together, he chose the direction that guarantees their separation. Two months later, Kimi talked to him on the prison phone when she listened to the pop! and the acrid smell of smoke filled her nostrils. The Max server motherboard flashed. Max tried to reassure her, all she needed to do was replace the motherboard. He could do it in a dream. Max described the whole process to her, but Kimi realized that she did not want to go to jail as a hacker's wife.

In August, she went to the Burning Man festival in Nevada to forget her problems. When she returned home, she was on the phone and reported bad news to Max. She met another. This was another betrayal. Max took the news with terrible calm, asked her about every detail: what drugs did she use when she cheated on him? What position did they use? He wanted to hear her asking for forgiveness from him; he would give him in the blink of an eye. But this was not what she asked. She wanted a divorce. “I don’t know, perhaps you can stop thinking about our future,” she said.

In search of cancellation, Kimi got on a flight to California and went to Taft, where she nervously sat in the waiting room, her eyes were jumping on the walls with placards depicting the network of Vackenhuth prisons throughout the country. When Max was taken to the visiting room, he took his place next to the stainless steel picnic table and began his appeal. He really thought about the future, he told her, he made plans for their future together. “I talked to some people,” he said, lowering his voice to a whisper. "People with whom, I think, could work."

Jeffrey James Norminthor was at the end of his twenty-seven month stay when Max met him at Taft. At thirty-four, Normintor had the imperturbable appearance of a rowdy, with a thick neck, an oversized forehead, and a dimple of Kirk Douglas on his chin. An alcoholic and an experienced crook, he was a financial wizard who did his job better when he was half sober. He started drinking Coors Lights as soon as he got out of bed, and by the end of the day he became useless, but during the best perception, between morning sobriety and midday blurriness, Norminton was a master of the game for a major, criminal wizard, who could create seven-figure sums from the air .

Norminton's last prank required little more than a phone and a fax machine. The goal was the Entrust Group, the Pennsylvania Investment House. On a summer day in 1997, Norminton picked up the phone and called Entrust Vice President, posing as the investment manager for Highland Federal Bank, a real bank in Santa Monica, California. Standing out with confidence and charm, the fraudster persuaded Entrust to acquire deposit certificates of the bank, promising the vice president to return the rollback to 6.2 percent after one year of investment. When Entrust with pleasure transferred $ 270,000 to Highland, the money settled into the account of the front company Norminton’s accomplice, created on behalf of Entrust. At the bank, the transaction looked like the investment house had transferred money from one of its branches to another. The fraudsters immediately removed everything except $ 10,000 and re-launched the scam, this time Norminton's partner made a call to the same vice-president on behalf of another bank, City National, offering a greater kickback. Entrust immediately sent two transactions totaling $ 800,000.

Norminton was ruined by his ambition. He sent an accomplice to City National to collect $ 700,000 in one check. It seemed to the bank employee to be suspicious and he sent the money back to the real Entrust. At the next cashing out, the FBI officers were already waiting. The outstanding financial mind was now languishing, waiting in Taft.

A blessing in disguise, without a conclusion, he would not have met a talented hacker who wants to return to the system. Norminton clearly understood that he sees Max’s real potential, and now they went for a walk together every day, exchanging stories and fantasies about how they could work together after they were released. Under the leadership of Norminton, Max could quickly learn how to break into brokerage companies, where they could operate with overflowing trading accounts and merge them into offshore banks. One big jackpot and they have enough money for the rest of their lives.

Five months later, Norminton and his plans were sent home to sunny Orange, California, while Max was serving another year in Taft, tired of poor nutrition, being under surveillance, the sound of chains and keys. In August 2002, Max was prematurely released and sent to a sixty-one-seat rehabilitation center in Auckland, where he shared a room with five other former prisoners.

Kimi met with Max to share his divorce documents. She had everything seriously with the guy she met at the Burning Man festival; the time has come, she said, so that Max would let her go. Max refused to sign documents.

The relative freedom of Max in the rehabilitation center was shaky, the institution demanded that he get paid work, otherwise he would return to prison, remote work was prohibited. He appealed to his old acquaintances from Silicon Valley and realized that his potential for employment was undermined by the wide publicity of his hacker conviction and the year of prison.

Desperate, he borrowed a laptop from one of the Hungry Programmers and quickly printed a message about hiring to computer security experts who used to admire him.

“I appeared in places that prisons transfer prisoners as manual labor, 5:30 am, and have not yet found a job,” he wrote. “My situation is just ridiculous.” He offered his services at discounted prices. “I am ready to work for a minimum payment for the next few months. Of course, if there is a vacancy in a computer security company in this region. ... The last half-dozen employers paid me at least $ 100 / hour for my time, now I ask only about $ 6.75 "

The consultant responded to the request, agreeing to give Max a job from his home office in Fremont, they were separated by a short train ride from a rehabilitation center. He paid Max ten dollars an hour for helping to set up servers, returning to Max’s past, for his first job with his father when he was a teenager. Tim Spencer lent Max a bike for everyday commuting to the train station. Max was released from the rehabilitation center in two months and the Hungry Programmers became active again and provided him with asylum. He moved to an apartment in San Francisco, sharing them with Chris Toshok, Seth Alves - a veteran of the Meridian master key and the former girl of Toshok - Charity Major. Despite prison fantasies, he and Norminton were secretly preparing, Max was determined to go forward. He resumed his search for work. But vacancies were denied to ex-prisoners.
Even the Honeynet Project, where he donated his knowledge and experience a few years earlier, was wary of it.

His work began to take place in a different direction: he began dating the female partner Charity Majors, a guy who escaped from Idaho, who created her as a personification from the virtual world, portrayed her with fingernails of different colors and wearing contact lenses that color her eyes as incredible emerald sheen. Money was a problem for each of them: Charity worked as a system administrator for a porn site in Nevada, earning money in the Silver State, which could have been bad for San Francisco. Max was almost aground.

One of Max’s former clients from Silicon Valley tried to help Max by signing a $ 5,000 contract with him for performing a penetration test on the company’s network. The company liked Max and in fact they were not particularly worried about whether he would make a report, but the hacker got down to business seriously. He attacked the company's firewalls for months, waiting for one of the easy victories to which he was used like a white hat. But he was surprised. The security corporation has improved since he worked with them. He could not make a hole in the network of his only client. His 100% successful reputation has cracked.

“I have never had unsuccessful system penetrations before,” Max said to Charity. “Honey, you haven’t touched the computer for years,” she said. "It will take some time. Don't feel like you have to do this today. ”
Max tried harder, but it only made him more disappointed with his powerlessness. In conclusion, he tried something new. Instead of searching for vulnerabilities on the company's servers, he individually selected several employees.

A lot of people are familiar with these attacks from the “client side”, hacker spam letters falling into their mailbox with a link, which is an e-card or a funny picture. Download the executable file, and if you ignore the danger message on your Windows computer and install the program, your computer will not be yours for long.

In 2003, the indecent secret of these attacks was that even experienced users, those who know that they do not need to install unfamiliar programs, could be infected. "Browser extensions" were mostly to blame. In the nineties, a terrible war with Netscape for controlling the browser market, prompted Microsoft to add unnecessary features and functionality to Internet Explorer. Each added feature extended the ability to attack the browser. More code - more bugs. Now Internet Explorer holes constantly come to the surface. They usually open first with one of the good guys: Microsoft’s own programmers or white hat, who often, but not always, warn the company before they tell in detail about the hole on BugTraq.

But as soon as the hole was published, the race begins. Black hats are working on the application of the bug by setting up Web pages using the attacking code and then users are deceived after visiting these pages. Even just viewing the web page will give control over the victim's computer without any signs of infection. Even if the bugs are not published, the bad guys can understand them by decompiling vulnerabilities from Microsoft patches. Security experts are horrified to see that the time between the publication of a vulnerability and its use of black hats is reduced from months to days. In a badly developing scenario, black hats find a bug first: the zero-day vulnerability leaving the good guys catching up. With new patches, Microsoft comes out almost every week, even vigilant corporations tend to lag behind in their installation, and the average user often doesn't close all the holes.

A global survey of one hundred thousand Internet Explorer users, conducted around the same time as Max’s attempts, found that 45 percent of users suffered from unprotected remote access vulnerabilities; a decrease in the share of American users only slightly reduced the number, to 36 percent. Attack Max was effective. After gaining access to the computer of an employee using Windows, he went to the company's network from the inside, collected several trophies and jumped out as a monster tearing his chest out of Alien.

“It happened, then I decided to get rid of my old penetration test model and included client-oriented attacks as an indispensable part of the test,” he later wrote a white-hat colleague. "I was sure that now his reputation is 100 percent"

But instead of gratitude, the last report of Max was accepted with indignation. The use of an attack from the client’s flank in the penetration test was virtually obscene; If you were hired to do physical security checks at a corporate headquarters, you should not embarrass anyone to rob a worker’s home and steal keys. The client chided him; they paid Max for the attack on their servers, not on the workers.

Max began to ask himself: does he have a future in computer security? His former friends in the community are excited. Hiverworld, where Max was previously at employee 21, changed his executive team and won $ 11 million in venture capital and changed his name to nCircle Network Security.Marty Roesch left the company to lead to the success of Snort-to, to which Max contributed, a company he called Soursefire from Maryland. Both companies were on the road to success, nCircle started the expansion that gathered 160 employees in the early years and Sourcefire sent an IPO to the NASDAQ. In some alternative universe, in which Max never cracked the Pentagon, or never used Verio dialup, or simply kept his mouth shut and denounced Matt Nerygan, the hacker would be on top of one of those companies having financial success and a reward, interesting job. Instead, he could only watch from the side.

He was a wanderer, clinging to money, and worried about what to do with his freedom. This happened when he was checking incoming messages on Whitehats.com, he found an anonymous note from an “old friend from Shaft”. It was Max's code phrase, worked out with Jeff Nominton. Max wore Jeff in the room of the St. Francis Hotel, where they planned. Norminton was not released for good behavior: His judge, who pronounced the verdict, demanded monthly samples of urine, so that the rehabilitation center officer was sure that he did not start drinking again. What was the problem since he started drinking. After he refused two tests, the court ordered him to test for drugs and alcohol at a rehabilitation center in Pasadena.

He came out in three weeks and now, he was looking for a scam after which there would be enough zeros to run to Mexico. It is time to implement the plans made in prison, Norminton said. He was ready to finance Max in his new career as a professional hacker. Max was ready. He tried to live honestly for a long time, he was tired of punishment. He knew that he wore out the hospitality of the Hungry Programmers house, even if they did not complain. His diet consisted of noodles and vegetables. He had no health insurance or dental problems that cost thousands for their treatment.

Room service interrupted the conversation to deliver the hospitality basket. Norminton showed the attendant to put the basket in the bathroom, turning on the shower, and closing the door when the basket was delivered. They made it laughing, Max gave Norminton a short shopping list, things needed to start, one high-performance Alienware laptop. And the antenna. Large antenna. There was only a small problem. Norminton was stranded. They needed to invite someone else for start-up capital. Luckily, Jeff knew such a guy.