Underground carders market. Translation of the book "KingPIN". Chapter 29. “One Plat and Six Classics”

Kevin Poulsen, editor of the magazine WIRED, and in his childhood blackhat, the hacker Dark Dante, wrote a book about " one of his acquaintances ."

The book shows the path from a teenager-geek (but at the same time pitching), to a seasoned cyber-pahan, as well as some methods of the work of the special services to catch hackers and carders.

The book translation quest started in the summer in the IT camp for high school students - “ Kingpin: schoolchildren translate a book about hackers ”, then Habrayusers and even a little editorial staff joined the translation.
')

Chapter 29. One Plat and Six Classics

(for the translation thanks to Vyacheslav Slinkin)

Kate Mularsky was not aware of what he was doing when DarkMarket took over.

His days were real madness. Every day began at 8 am with checking icq messages dropped during the night for any work for MasterSplinter.

He went to DarkMarket - the service was functioning. Stumbling on Iceman here has always been extremely difficult.

Then it was the turn of the tedious job of backing up the database. Iceman twice dropped the tables in vain attempts to bring Mularski to the clear water, so now the back-scuffling was a part of the morning routine. It was impossible to forget about the investigation: while the database continued to be copied, a simple script written by the NCFTA programmer scanned each line for 16-digit numbers starting with numbers 3 to 6. The stolen credit cards were automatically sorted by BIN and sent to the appropriate banks for immediate cancellations.

Then Mularski scanned private messages, selected the most interesting chat rooms and checked them in the FBI central electronic surveillance database called ELSUR. The next few hours were spent writing the report. Under the name Master Splinter, Mularski began to cash in modest amounts. Some banks agreed to contribute and shared the existing dumps with fake names, but with real transactions, the processing of which was already funded from the FBI budget. He gave them a list of PIN card numbers across the country, financial institutions in turn reported daily on where and when the withdrawal was made means. Mularski passed on information to local agents depending on the city where the operations took place, which led to regular writing of detailed notes.

At three o'clock, when the carders began to appear on the network, the “second” life of Mularski was turning into hell.

Everyone was trying to learn something from the “Splinter”. There were different topics, such as how to fill up a vendor who throws customers, complaints, or how to correctly charge. The guys turned to him for free dumps or for spam services.

Mularski was returning home at the end of the day, only to log in again. For plausibility, the “Splinter” had to work in the same watch as the real carders. This was the way every evening - a home sofa, a TV set included on a random channel and an open beech. He was online in DarkMarket, AIM, ICQ - answered questions, assigned reviewers, claimed vendors and banned rippers. In online, he was usually until two in the morning, and every day he dealt with the subway.

To fulfill their goals, it was necessary to ingratiate themselves. He handed out “gifts” that were allegedly paid for with stolen credit cards, but in fact, were paid from the bureau funds. Chao (Cha0), a Turkish crime boss and administrator of DarkMarket, wanted a lightweight computer that was sold in the states. Mularski sent two such PCs to an address dumped in Chao in Turkey. Playing in Santa, you had to follow the rules: stay under cover, creating the appearance of making money without asking any questions.

For himself, he noted that to be the boss in the world of cyberkraim is quite hard work.

While traveling or vacation, he had to at least briefly provide the reason for his absence from the forum, so as not to arouse suspicion. In January 2007, he made it known in advance that he would be flying for some time, but did not say where he was going and why. He was going to Germany to discuss with the prosecutors about Matrix001 - the co-founder of DatkMarket.

Among other things, Matrix001 was a first-class specialist in his field and generally a jack of all trades. He created and sold photoshop templates, resorting to the help of "experts" in the manufacture of fake credit cards or fake IDs. He could provide such templates as: Visa, MasterCard, American Express, US social security card, notary stamps and driver's license valid in the northern states. For example, the pattern of a US passport he sold for $ 45, and a Visa card $ 125.

The relationship between “Splinter” and “Matrix” has improved significantly over the past three months: Mularski and German loved video games and chatted about them all night. They also talked about business - then the German shared with the fact that he recently received money transfers from his sales from the city of Eislingen which is located in southern Germany. This could be called the first clue in exposing the entire chain.

Here the issue of following money was decided. Like all carders, “Matrix” preferred to make payments through e-gold (approx. Translator: E-gold (from English electronic gold - electronic gold) - a means of payment for cashless payments via the Internet.), An electronic payment system created by the former an oncologist named Douglas Jackson (Douglas Jackson) in 1996. (Approx. Translator: Perhaps this character is dedicated to the song of the NTL group - About Carders Jaks) In contrast to PayPal, E-gold was the first virtual currency supported by silver and gold bars that were stored in banking vaults of London and Dubai.

It was Jackson's dream to sip a first-class international system without any attachment to the government. The criminals liked him. Unlike a real bank, E-gold did not use any means of user validation; so often in profiles such names as “Mickey Mouse” and “No Name” appeared. To deposit or cash out money in E-gold, users could use any of the hundreds of exchangers around the world, which could make both simple money transfers and anonymous ones; among other things, they could also accept cash and convert it into E-gold (if the amount did not cover the full ingot, then it could be subject to “cutting”). The exchangers were also engaged in the conversion of virtual funds into local currency, which could be obtained through Western Union, PayPal or bank transfer. One company even offered “G-cards” with a pre-installed ATM chip - this would allow the owner of E-Gold to withdraw funds through any ATM.

It is obvious that E-Gold was for bread and butter criminals. By December 2005, it was found that more than 3000 accounts appeared in the “carding”, another 3000 were used to buy and sell child porn and 13000 accounts were involved in investment scams. They were easy enough to detect: for example, in the operation related to child porn, in the notes to the operation one could observe names, for example “Lolita”, in the Ponzi schemes “HYIP” (“High-Yield Investment Program” - “High-Profitable Investment Program "). The carders included some sort of tag of what they were buying: “For 3 IDs”; “For dumps”; “10 classics”; “Fame's dumps”; “10 M / C”; “One plat and six classics”; “20 vclassics”; “18 ssns”; “10 AZIDs”; “4 v classics”; “four cvv2s”; “for 150 classics.”

For a long time, E-Gold turned a blind eye to criminal deals. Their employees, of course, blocked some profiles related to child porn, but they couldn’t do anything about the fact that intruders could still withdraw money from the account. But the company's attitude changed dramatically after the FBI agents and the Secret Services received a warrant, they inspected the offices of E-Gold in Melbourne and Florida, and then charged with Jackson for providing money transfer services without a license.

Jackson began to voluntarily investigate the existing base for criminal operations and sent “hooks” to the US Postal Inspection Service — the only agency that did not attempt to put him in jail.

His becoming “on the right path” was most welcome for Mularski. Thanks to Gred Crabb and his post office team, Mularsky asked Jackson for information about the Matrix001 profiles, which was registered under the pseudonym “Ling Ching”.

When Jackson looked through the database, he discovered that this record was originally created under a different name: Markus Kellerer, and the address was the city of Eislingen in Germany. In November, Mularsky sent an official request for this person to the representation of the German National Police through the US Consulate in Frankfurt. Germany confirmed that Kellerer was a real person, not another pseudonym, after which Mularski booked a place on a flight to Stuttgart (Stuttgart).

Matrix001 was the first figure from the DarkMarket fraternity who was arrested. Mularsky would certainly like to find someone else who was not averse to rattling about video games.

Returning from Pittsburgh, he again plunged into work, taking hold of the legend of the "Snowman" (Iceman). He was looking for any mention of Iceman — there was someone with such a nickname on Shadowcrew and several more mentions of him in the IRC chat rooms. They [cybercriminals] have always tried to set off on the wrong track. Now Mularsky was working on the idea that Iceman does not exist.

Iceman must have collaborated with Canadian informant Lloyd “Silo” Liske (Lloyd “Silo” Liske) - it was interesting. Silo worked with Iceman trying to bring Mularski to clean water. This is possible and does not matter much; informants often shout charges, such as KOP or STUKACH, to divert suspicions from themselves. But Silo told his operators at the Vancouver police department that he hacked the Iceman's computer, and that even squeezing all the juice out of himself would not be able to find out his real name or a valid IP address. As a result, it turned out that “Silo” had many E-Gold accounts, one of which was under the name “Keyser Söze” (Keyser Söze).

If Liske was a fan of the film “Suspicious Persons”, perhaps he could try on the skin of a criminal cardinal and feed the law enforcement agencies with all sorts of nonsense regarding suspicious figures in the criminal world, using his official position.

Mularski flew to Washington, where he presented his theory for the Secret Services at their headquarters, but was a fiasco. The fact is that the Secret Department worked closely with the Vancouver Police Department and considered Sylo as a good guy.

The secret service set off on its own false trail. In the laboratories of the head office in Pittsburgh, agents deduced diagrams consisting of names interconnected by lines. Many names have already been deleted. It was their own ever-changing road to Iceman and his world.

Mularsky returned to Pittsburgh, and both agencies resumed the search for such a person in cyberspace as Keyser Söze, the “snowman” hacked “with impunity”.

To be continued