Underground carders market. Translation of the book "KingPIN". Chapter 28. "Carder Court"

Kevin Poulsen, editor of the magazine WIRED, and in his childhood blackhat, the hacker Dark Dante, wrote a book about " one of his acquaintances ."

The book shows the path from a teenager-geek (but at the same time pitching), to a seasoned cyber-pahan, as well as some methods of the work of the special services to catch hackers and carders.

The book translation quest started in the summer in the IT camp for high school students - “ Kingpin: schoolchildren translate a book about hackers ”, then Habrayusers and even a little editorial staff joined the translation.
')

Chapter 28. The Court of Carders

(for the translation thanks to drak0sha)

Kate Mularski was exhausted.

He first spoke with an agent in the Secret Service branch at the other end of the city. "I think you face some trouble." One of the countless informants had heard that Iceman had found irrefutable evidence that Master Splintr was either a snitch, corporate security spy, or federal agent. Iceman temporarily teamed up with his former enemy Silo and prepared a detailed presentation for the leadership of Carders Market and the Dark Market. Iceman and Silo clearly wanted to sue Splintr's Masters.

It all started with code Silo. The fame of Master Splintr as a spammer and programmer made him an expert in the field of reviews of the DarkMarket malicious code. This was one of the advantages of his covert operation: Mularsky will be able to evaluate the latest versions of the secret attack code and transfer them to CERT, which, in turn, will send them to all anti-virus companies. The malicious code can be detected even before it appears on the black market.

This time, Mularsky commissioned the code as a training assignment to one of the CMU students undergoing internship at the NCFTA. According to the standard procedure, the student launched the program in an isolated mode on a virtual machine - a kind of software Petri dish, which can be cleaned afterwards. But he forgot about the flash drive in the USB port. An empty report form about a malicious program with the NCFTA logo and the main objectives of the study were loaded onto it. Before the student realized what had happened, the document was in the hands of Silo.

Six DarkMarket administrators and moderators received a copy of the Silo code. Now Canadians knew that one of them was a federal agent.

Silo was a dark horse. In real life, he was Lloyd Liske, a manager at a Vancouver auto shop and a credit card falsifier, ravaged a few months after the Firewall operation. When he was sentenced to eighteen months of house arrest, Liske changed his last name from Buckell and the nickname from Canucka and reappeared on the carders scene.

Now the Canadian was untouchable. In law enforcement circles, it was well known that Silo was an informant for the Vancouver Police Department. That's why he was always backdooring other hackers: a Trojan horse that had infiltrated the NCFTA was not going to expose law enforcement operations, Silo just tried to gather information on members of DarkMarket for the police.

Silo was not too faithful to the FBI, but most likely he did not intend to crawl out of his skin to reveal the secret bureau operation. Unfortunately, Iceman learned about intelligence and organized a raid to gather information on DarkMarket. It was at this moment that Moularsky’s recklessness did her job. He went to DarkMarket as usual with the KIRE shell hiding its location. But JiLsi, as a demanding boss, constantly straightened Master Splintr with maintenance tasks — for example, loading new banner ads — tasks that need to be completed immediately. Sometimes at this time, KIRE was inactive, and he went to the link directly. Iceman caught it.

Even then, he had to be relatively safe. The broadband service office was created under the guise of a fictitious corporation, with a telephone that called un-listenable VoIP to the communications room. The telephone line should not have been spotted. Somehow, this did not happen, and Iceman received the address and determined that it belongs to the NCFTA.

Mularski quickly went to the communications room, ran an access card, and locked himself inside. He established a channel for secure communication with Washington. The agent has not embellished his report to management. Despite his work on obtaining secret power to control DarkMarket, with support from the Main Justice Department and bureau officials, Iceman was going to smash them to pieces just three weeks after starting work.

Max struggled to prevent detection - he knew that after his attack DarkMarket, all his data would be used against him. He considered the option of closing the Carders Market prior to the exposure of Master Splintra, as an opportunity to avoid what would all be perceived as just another salvo in the war of carders. Instead, he decided to send his new lieutenant, Th3C0rrupted0ne, to present his position.

The court detained “Carder IM” Silo - a free, supposedly encrypted free messaging program that the Canadian hacker offered as an alternative to AIM and ICQ, which supports the display of ads for suppliers of dumps. Matrix001 showed up by DarkMarket - JiLsi was busy with the consequences of Max’s attack on Mazafaka. Silo was also present with the other two Canadians. Silo opened the meeting by distributing the RAR archive with evidence collected by him and Iceman.

When some of the carders opened the file, their antiviruses went wild. Silo left the backdoor in evidence; not the most promising start of the summit.

C0rrupted and Silo continued to provide evidence: Silo document templates showed that someone at the NCFTA received a privileged position on the Darkmarket, and access logs stolen by the Iceman proved that Mr. Splintr was a mole.

“Indisputable evidence,” wrote C0rrupted. “We have been working hard, trying to make peace, and if this becomes public knowledge, law enforcement will haunt us. However, if we do not inform, we will be responsible for all those who are deceived (na ***). ”

“All this is true,” said Silo.

This did not convince the Matrix. He launched his own Whois in the Pembrooke Associates domain name and, using Domains by Proxy, received only an anonymous list: it did not contain addresses and telephone numbers. "Blah," printed Matrix. “You have not even verified the information and the companies obtained from Whois, have you?” Who gave you these materials? ”

“These are not my materials,” wrote Silo. "They are Iceman."

“So you believe any shit you got? Without even checking it out? ”

The testimonies provided by Silo no longer convinced Matrix: There were structural and spelling errors in the NCFTA patterns — how could the FBI or the non-profit security organization do such a crappy job? In addition, Iceman’s contempt for the Darkmarket was well known, and Silo was an eternal thorn.

The situation was tense. C0rrupted was disconnected, and the rest fell silent when Silo and Matrix began to throw insults. “Do you have anything that makes me believe you?” Asked Matrix.

“Don't,” Silo finally answered. “Do not believe me. Get out of my IM ... go to jail. ”

Mulari was excluded from the chat, but when it ended, Matrix passed the logs to Master Splintr (Spyntr?). The agent was glad that at the last second he had cleared all the information: as soon as he found out about Iceman’s plans to expose him, he contacted the domain name registrar and forced the company to remove all people associated with Pembrooke Associates and their phone numbers from their registries. Then he asked Anywho to list his secret phone line. This purge will certainly convince Iceman that the Master Splintr is a federal, but no one else can verify the truth of his conclusions.

Now Mularski started the conviction on ICQ. He told Matrix and to everyone who listened that he was innocent. He drew the attention of carders to the logs, highlighting all cases when he logged into the system from the KIRE IP address. These are my logins, he wrote. I do not know whose rest.

Then he turned and attacked. Iceman's doubts in JiLsi worked in his favor. Everything went awry, he wrote. JiLsi behaved suspiciously. On the one hand, he instructed Master Splintru not to tell anyone, the server is already running. On the other - JiLsi created the impression that DarkMarket was in a country inaccessible to Western law enforcement, although it was actually located in Tampa, Florida, where the cops could easily get a search warrant. It really was weird.

JiLsi asserted his innocence, but behaved too weird for that. Master Splintr publicly thanked Iceman for bringing the matter to his attention and saying that he would immediately take DarkMarket outside the United States.

Mularski contacted the law enforcement agencies of Ukraine, and they helped him quickly get hosting there. In the blink of an eye, Darkmarket ended up in Eastern Europe. Most carders had to agree that the feds would not be able to conduct their operation in the former Soviet republic.

The formal verdict was not voiced, but the innocence of Master Splintr was determined by unanimous decision. But they were not so sure of JiLsi.

When the controversy subsided, Mularski returned to his usual covert operation. A few weeks later, when he wrote the reports, another agent called him.

Special Agent Michael Schuler was a legend among the Bureau's cybercrime agents. It was he who hacked into Russian computers during Operation Invita. Now working in Richmond, Va., As a field officer, Schuler reported a violation in nearby Capital One. The bank security service detected an attack using a vulnerability in Internet Explorer. They sent Schuler a copy of the code, and he wanted Mularsky to instruct one of the NCFTA geeks to work with him.

Mularski listened as Schuler described his investigation to date. He focused on the fake news site, Financialedge.news.com, used to distribute malware. The domain has been registered to a figurehead in Georgia. But when Go Daddy checked his records, he found that the same user had already registered another address with the help of their company.

Cardersmarket.com

Mularski immediately realized the importance of this. Iceman presented himself as the innocent owner of the site where the discussion of illegal actions took place. Now Shuler had evidence that he was also a money-hungry hacker who had penetrated the network of America’s fifth largest credit card issuer. “Dude, you have a business!” Mularski laughed. “You just got the case for the guy who is being tracked down by our Group II. We need to work on it together. ”

At the other end of the city, agents of the Secret Service in the local branch of Pittsburgh independently also made a discovery about Iceman: the informant relayed confidential information that the main / leader / head of the Carders Market is also known as the supplier of dumps of Digits. Four days after the article in USA Today, agents pulled out this information thanks to the second mole who made a controlled purchase from Digits: twenty-three dumps for $ 480 in e-gold.

That was more than enough for a felony charge.

To be continued