Underground carders market. Translation of the book "KingPIN". Chapter 36. "Aftermath"

Kevin Poulsen, editor of the magazine WIRED, and in his childhood blackhat, the hacker Dark Dante, wrote a book about " one of his acquaintances ."

The book shows the path from a teenager-geek (but at the same time pitching), to a seasoned cyber-pahan, as well as some methods of the work of the special services to catch hackers and carders.

The book quest for book translation began in the summer at ITish camp for high school students - “ Shkvoren: schoolchildren translate a book about hackers, ” then Habrayusers and even a little editorial staff joined the translation.
')
You can read about how the entire network is covered in Chapter 34: “DarkMarket” . The story of the trial and sentence is set out in the previous chapter: Chapter 35: "Verdict . "

Chapter 36. "Consequences"

By the time Max Vision was convicted, the Secret Service was already able to identify the mysterious American hacker who had made Maksik one of the coolest carders of the world, and was preparing to condemn him, which would be a certain mitigation of the situation for Max.

The turning point in that case occurred after the events in Turkey. In July 2007, the Turkish police received information from the Secret Service that Maksik was twenty-five years old Maxim Yastremsky, who was resting in Turkey. An undercover agent lured him to a nightclub in Kemer, where police arrested him and seized a laptop. The police found that the hard disk of the laptop was tightly encrypted, about the same as during a hidden operation in Dubai, a year earlier, when the cops were trying to quietly merge its contents. However, after spending several days in a Turkish prison, Maksik expelled the necessary seventeen-character password. The police removed the encryption from the disk and transferred the contents to the Secret Service, where they began to scrutinize the data. Of greatest interest to them were the logs of Maksik in ICQ.

One of the interlocutors differed from the rest: a user with UIN 201679996, apparently, helped Maksik with an attack on Dave & Buster's restaurant chain and discussed with him some of the previous highly skilled hacks that Maksik had declared about himself. The agents checked this UIN and found out the e-mail used during registration: soupnazi@efnet.ru.

SoupNazi is a pseudonym that became known to secret service agents as early as 2003 when Albert Gonzales was arrested. Gonzalez was an informant who turned in to the secret service of the Shadowcrew carders, luring them into a fake VPN. His actions led to twenty-one arrests during Operation Firewall - the legendary attack of the secret service on the carding scene. For many years before Gonzalez participated in Shadowcrew, his pseudonym at IRC was SoupNazi.

It seems that the informer, who had previously allowed the operation of Firewall, has now reached a new level and has begun to commit the largest network thefts in US history.

A month after the Firewall operation, Gonasales received permission to move from New Jersey back home to Miami, where he began the second episode of his hacking career. He took the nickname Segvec and pretended to be a Ukrainian under the nickname Mazafaka at the East European Forum. Under the motto “Become Rich or Die Trying” (50 Cent's album name and Maksik's motto at Shadowcrew), Gonzalez began a series of multi-million cyber attacks that affected tens of millions of Americans.

On May 8, 2008, the feds detained Gonzalez and his supporters in the United States. Trying to soften the sentence, Gonzalez once again collaborated with the agents, handing them the encryption key from his own disk ( I don’t understand what these guys generally use encryption ... - note of the translator ), as well as information about all his associates. He admitted to hacking TJX, OfficeMax, DSW, Forever 21 and Dave & Buster's networks. In addition, he also admitted that he helped Eastern European hackers by hacking Hannaford Bros., 7-Eleven's ATM network and Boston Market, and the Heartland Payment Systems processing company, from which hackers managed to divert about 130 million (!) Cards. It was a very profitable time for a hacker. During the investigation, Gonzalez showed the feds the backyard of his parents, where he buried more than a million dollars in cash. The government has secured the confiscation of this money, as well as the sporting BMW Gonzalez and his gunshot Glock 27.

Gonzalez recruited his team from the "untouched reservoir" of underground hackers who were not recognized in the white-hat scene. Among them was Jonathan “C0mrade” James. While still a teenager, he hacked NASA and received six months for it conditionally, by the way, it happened the same week when Max Vision pleaded guilty to the Pentagon hacks in the 2000th. After a brief glory and several interviews in popular media, James chose to go backstage and live peacefully in the house he inherited from his mother in Miami. Then, in 2004, he allegedly began working with Gonzalez and his assistant, Christopher Scott. The feds were convinced that James and Scott took out the first dumps of cards in the Maksik’s vaults, and were also responsible for hacking into OfficeMax’s Wi-Fi network and stealing thousands of encrypted dumps and PINs ... These two provided Gonzales with data, and he agreed with some other hacker at the expense of their decryption. After these attacks, the companies that issued the stolen cards were forced to reissue about 200,000 cards.

Of all the hackers, Jonathan James paid the highest price for his criminal record. After the May raid in 2008, Jonathan made sure that the Secret Service would try to hang on him all the crimes of Gonzalez in order to justify his informant in the eyes of the public. On May 18, a twenty-four-year-old boy went into the bath, took his gun, and shot himself.

“ I was disappointed in our justice system, ” he wrote in his five-page posthumous note. “Perhaps this message and what I will do today will reach the public consciousness. Anyway, I lost control of the situation, and this is the only thing I can do to make things right. ”In March 2010, Gonzalez was sentenced to twenty years in prison. His accomplices received from two to seven years. Meanwhile, in Turkey, Maksik was convicted of hacking into Turkish banks and sentenced to thirty years in prison.

After the arrest of Max, the fraudsters from the underground continued to throw people. In the worst cases, they used Trojans to steal passwords for online banking of victims and transfer money directly from the attacked computer. The thieves came up with a reasonably ingenious way to solve the problem that once worried Chris Aragon - how, in fact, get the money?

They hired ordinary people to, allegedly, “work from home”, and the work itself consisted in receiving money and salary with transfers and further sending the main part of money to Eastern Europe through the Western Union system.

In 2009, when this scheme became really massive for the first time, banks and their customers lost about $ 120 million, and the main target of the attacks was small business.

Meanwhile, sales of dumps continue to this day, now mostly by the new generation of “suppliers”, although you can also find the old names - Mr. BIN , Prada , Vitrium , The Thief ... Law enforcement agencies, however, claim that they managed to achieve some long-term results. For example, no known English-speaking forum has yet appeared to replace the Carders Market and DarkMarket, and the East European boards have become more closed and protected.

Serious players began to use encrypted chat servers, working only by invite. The black market is still alive, but the carders have lost their sense of impunity, and their activities are saturated with paranoia and distrust, thanks mainly to the activities of the FBI, the Secret Service and their post offices, as well as their international partners.

The veil of secrecy that once surrounded hackers and corporations seems to have begun to evaporate, and the law no longer allowed companies to justify their own insecurity ( most likely, it means changes in the law, according to which companies are now responsible for the weak protection of their clients' data - approx. translator ). Several names of companies affected by hacking Gonzalez, were made public during the trial. And finally, the prick put by Mularski DarkMarket'u, made it clear that the feds do not have to make a deal with the bad guys to conduct their raids.

All the most vile episodes in the computer underground wars took place "from the hands of" informers: for example, Brett "Gollumfun" Johnson (a snitch who worked for some time as the administrator of Carders Market) turned the operation of the Anglerphish Secret Service into a uniform farce when he began to turn the tax frauds on the side.

Albert Gonzalez was also a case in point - after the Firewall operation, the Secret Service paid him about $ 75,000 a year, while he himself was turning the biggest thefts in history at that time. The hacks he carried out after leaving Shadowcrew resulted in multiple litigation. TJX paid ten million dollars to close legal cases filed against it in more than forty countries of the world and another 40 million dollars to banks whose cards were compromised. Banks and credit organizations also filed many lawsuits against Heartland Payment Systems (a very large American processing center - approx. Translator ) due to massive violations of transaction processing.

Gonzalez’s attacks punched a real hole in the main defense bastion of the entire credit card industry: the so-called Payment Card Industry Data Security Standard ( PCI-Data Security Standard, standard for data security of the credit card industry - translator's comment ), a standard that describes all the steps that merchants and processing centers must undertake to protect credit card data. Heartland was PCI certified, and Hannaford Brothers was certified even when hackers poked around their systems while continuing to steal data.

When the hype around the grandiose thefts of Gonzalez has subsided, smaller, but much more numerous attacks have begun on various restaurant chains that use POS ( Point of Sale - a system that allows an institution to serve credit cards - translator's comment ). Seven restaurants in Mississippi and Louisiana, which were hacked, found that they all use the same POS processing - Aloha POS, which, by the way, was one of Max's favorite targets. The restaurants filed a class action lawsuit against the manufacturer and the company that sold them the terminals - Computer World from Louisiana, which allegedly installed remote access software on all terminals and set the password " computer " on each of them. The root cause of all these hacks was just one single security hole, exactly 3.375 inches in size - a magnetic stripe on a credit card. This is a technological anachronism, flashback from the era of tape cassettes, and today the United States is practically the only country in the world that leaves this vulnerability open. More than a hundred countries around the world, in Europe, Asia, even Canada and Mexico, are already using or starting to use a much more secure system called EMV, or chip-and-PIN. Instead of a passive magnetic stripe, new cards use a microchip embedded directly into the plastic of the card ( close to that used in SIM cards - approx. Translator ), which uses a cryptographic “handshake” algorithm for authentication in the POS terminal and further communication with the process center. This system does not allow the card to be copied even to a hacker who has full access to the data line, since the sequence used during the “handshake” changes each time.

Here I translated the word handshake, although this term is usually not translated into cryptography - approx. translator.

White-hats have developed several attacks on the EMV system, but none of this is applicable in today's massive dump market. At the moment, the main breach in the new system is the ability to conduct operations on the magnetic strip, as a backup option for Americans traveling abroad or tourists visiting the United States. American banks and credit organizations refused to introduce chip-and-PIN, due to the space cost of replacing hundreds of thousands of POS-terminals with new ones. In the end, the financiers decided that the losses from the scammers are quite acceptable, even if crackers like Iceman roam their networks.


-

This is my first translation, it is objectively somewhat weak, so I ask to write off all the noted flaws in the LS. Thank!