Underground carders market. Translation of the book "KingPIN". Chapter 27. "Web War One"
The most long-awaited chapter. And the question: "So we will publish a book in Russian or not?"
Kevin Poulsen, editor of the magazine WIRED, and in his childhood blackhat, the hacker Dark Dante, wrote a book about " one of his acquaintances ."
The book shows the path from a teenager-geek (but at the same time pitching), to a seasoned cyber-pahan, as well as some methods of the work of the special services to catch hackers and carders.
')
The book quest for book translation began in the summer at ITish camp for high school students - “ Shkvoren: schoolchildren translate a book about hackers, ” then Habrayusers and even a little editorial staff joined the translation.
The second breath "quest for the translation of the book" was due to the company Edison .
How Max was arrested read in Chapter 33: “Exit Strategy” , as the entire network covered Chapter 34: “DarkMarket” .
Kate Mularski was standing at the podium, the presentation filled the entire LCD screen behind. In front of him sat around the table in the conference room, fifteen senior FBI officials and specialists from the Ministry of Justice. They were all focused. Mularsky offered them something new, and they had never done such a thing before.
Authorization of the first level was a rare thing for the bureau. First of all, Mularsky wrote a twenty-page document, revealing all aspects of the plan and collecting legal assessments from the FBI on each of them. The general council of the agency was encouraged by the prospects: the approval of the plan created a precedent acceptable for future operations under the cover of the network.
The main obstacle for the evaluation committee of such activities in the Ministry of Justice was the question of responsibility for the fact that the sites managed by the US government were allowed to commit a crime.
The question was: how could Mularsky mitigate this harm, so that innocent people and organizations would not suffer. The answer was ready: the criminal activity on DarkMarket will continue, with or without the participation of the FBI. However, if the Bureau controls the server and Master Splinter controls the site, the FBI will be able to stop the spread of a significant portion of the stolen data that would otherwise freely pass through the black market. The document suggested that any financial data would be immediately sent to the affected banks, and as a result, stolen credit cards could be blocked before they were used.
The meeting lasted 20 minutes. Returning to Pittsburgh on October 7, Mularsky gave the go-ahead to master DarkMarket. Iceman was still listed as a target for the operation, but JiLsi and other leaders of the site became the main targets.
When his wife went to bed, Mularsky settled in front of the sofa, turned on the TV and wrote JiLsi on ICQ. After exchanging innocent jokes, they finally got down to business.
DarkMarket was again under a DDoS attack, and Mularsky, under the pseudonym of Master Splinter, was ready to transfer the site to a secure server. JiLSi had only one word to say, and problems with Aismen would be a thing of the past.
JiLsi showed some fears, because DarkMarket was his brainchild, he did not want to look like a community as if he had lost control of him. Mularski explained that this would not be a problem, since Master Splinter would be a secret administrator. No one but two of them will know that the site is now controlled by a new person. For all the others, the Splinter will remain an ordinary moderator.
“Okay,” JiLsi replied, “prepare your server. We are moving. ”Mularski immediately got down to business. He rented a server from the company “Planet”, based in Texas, and then went into darker affairs, buying DDoS protection from a Russian under the name Quasatron for $ 500 a month. Payment was made in electronic currency. Quasatron configured the site so that its public part was at Staminus, a hosting company with a wide channel and resistance to similar attacks. Their systems could withstand such a flow, and the Quasatron software sent only the necessary traffic to the real DarkMarket server behind the scenes.
Everything was done as an Eastern European hacker would have done. When Mularsky wanted to access the site’s backend, he used KIRE, a Virginia-based company that had shell accounts, allowing IRC users to connect to chat rooms without opening their home IP. No one will know that the Polish spam king comes to the site from Pittsburgh.
As soon as this move was made, Mularsky went to court and received a warrant to search his own server, which allowed him to see all user bases, access logs and private messages.
The last remained. After Shadowcrew, it was commonplace for carder forums to force users to accept an agreement according to which any illegal information was banned on the site, and removed all responsibility from the organizers for it. The hosts of the forums were confident that the confused language of the law could protect them. DarkMarket had a particularly long and detailed user agreement, so no one noticed that Master Splinter added a line.
“Using this forum, you agree that the administration can read personal correspondence on the forum to make sure that the agreement is fulfilled,” he wrote, “or for some other purpose.”
“I think it’s important to note that Iceman is rather stupidly dreaming of becoming a hacker, and hacks websites just for fun.”
El Mariachi knew well for which strings to pull the Iceman.
After this insidious capture, Dave Thomas returned to the “Life on the Road” blog to continually insult his opponent, calling him “Iceboy”, “Officer Ice”, and “a bloody piece of poop on his shoes”. He called Iceman to meet him in person and resolve the dispute in a manly way. Then he said that he could hire a hitman to track the carder for the rest of his life.
Max responded with ever increasing rage. He did not forget the difficulties and costs that fell on him when he was looking for a new host, after Thomas had disconnected him in Florida. The aggression, which he had restrained in himself ever since, burped out of his womb and poured out through the tips of his fingers. "- * Insults, not too acceptable in the Habré * - I could tear you to hell with my bare hands, but a coward like you will immediately call the cops and climb up for a weapon, just seeing me." Better pray that I will never go anywhere, for when you meet you will look like an even bigger dummy than now, but I will not have the slightest remorse and break your neck. ”
Reassured, he sent Thomas a letter. He was thinking about turning off the Card Market, and leaving his Iceman figure. No, it would not mean that he gives up; on the contrary, this would prove to be the most serious threat to the Thomas campaign.
Have you read The Art of War, idiot? You know nothing about me.
I know all about you.
I will kill the Card Market, I will kill the Iceman, and what will you do? A fight with a shadow? You are hopeless ... I am an enemy who will constantly overpower you, because you have NO PROTECTION, and NO GOAL.
I am your biggest nightmare, you and your family will suffer for the money I lost because of you for a very, very long time.
Two days later, Max testified was serious. He hacked the El Marianchi site, "The Gifters," which Thomas turned into a semi-legal site to monitor carders' forums. He cleared the entire hard drive ... The site never went up again.
Iceman proclaimed his triumph in the final blog post. “I have nothing to prove. Now, having thrown the informer David Thomas of the fighters, I will leave you. ”He wrote.
“Unlike you, I do my business. Learn a lesson. Go ahead and leave it all. ”
But Max was not allowed to go back into the shadows. Two reporters from USA Today discovered a public war of carders and received confirmation of hostile takeovers from companies that watched the forums. On the morning after Max proclaimed victory over El Mariachi, the delivery service delivered two million copies of the newspaper throughout Thursday across the country. On the first page of the business section there was a story about the seizure of carder sites by Aysmen.
By indulging his ego and entering into a public confrontation with David Thomas, Max led Eisman to the pages of the largest daily newspaper in the States.
“The Secret Service and the FBI refuse to comment on Iceman’s actions,” the article stated. “But even so, the actions of this mysterious person illustrate the growing threat of cybercrime, which is largely the fruit of some forums.” The article was not a surprise, reporters contacted Aisman, and Max sent them a long commentary expressing his position. His opinion was not published, and the article only made Max even more impudent. He even added a quote from it to the header of the entrance page to the Card Market: “He created the Vol-Mart underground”.
Max showed the article to Charity. "It seems I raised a hefty wave."
Chris was furious when he heard about Max talking to journalists. He watched Max spend countless hours arguing with Thomas, and now he also gave an interview ?!
“You have lost all reason,” he remarked.
Max tightened up. Applications in the Market Carders flowed like a river. The article seemed to make all street hooligans hope for success in this area.
The site took three hundred new inhabitants for the night. Two weeks later they were still arriving.
He dropped most of the responsibilities on administrators. There was something to do besides this. The swift attack against financial organizations was very successful, but the firewalls of banks were the easiest part. Bank of America and Capital One, in particular, were huge organizations, and Max simply got lost in their extensive networks. He could easily spend years on any of them just in search of the data he needed for a serious result. Max had serious problems with motivation for this dulling work: breaking networks was fun, and now it is over.
Instead, Max postponed the issue with the banks, concentrating on the war of the carders ... The new hosting provider, Max, received constant complaints about criminal activity in the Carders Market. Max saw one of the emails sent from an anonymous account. On a whim, he tried to enter there using JiLsi data. And suddenly, everything came up. This meant that JiLsi was trying to destroy Max.
He then engaged in breaking into the JiLsi account on the Russian forum Mazafaka and sent an avalanche of messages with simple content: "I am federal." Then Max publicly demonstrated this evidence of the atrocities of JiLsi. Denunciations to the hosting company, from his point of view, were very mean tactics.
DarkMarket was not polite enough to die immediately. Max could just drop the database, but it wouldn't work very much - the site was revived before ... His DDoS attacks stopped being effective. DarkMarket went to an expensive broadband hoster, and created dedicated servers for mail and databases. Suddenly, this site turned out to be a tough nut to crack.
Then, up to Max came quite intriguing rumors about DarkMarket.
The story included Silo, a Canadian hacker, known for his amazing ability to juggle dozens of people in the community, at ease changing the style for each of them. The second famous skill of Silo was that he was obsessed with hacking other carders. He constantly published hidden code software that allowed spying on colleagues.
These two traits played into the hands of Silo when he registered with DarkMarket under the new guise and published the hacking software for an assessment. Being true to himself, Silo hid in the program a function that sends user files to one of his servers.
Looking at the results, he discovered a small cache of empty Word templates that included the complaint form of the malware. The templates contained the logo of an organization known as the National Cybercrime Alliance in Pittsburgh. Max checked them out. The feds. Someone from DarkMarket worked for the government.
Ready to investigate, Max used the backdoor again. This time he went on reconnaissance. He entered the console from the root, derived a recent entry history. He then displayed the entire list in a separate window and began to check the public registration records for each IP used by the administration.
When he reached Master Splinter, he stopped. The spammer who introduced himself as a Pole came from an address owned by a corporation in the United States called Pembrooke Associates.
He checked the Whois.net registrations for the Pembetal.com site.
Their mailbox was in Warrendale, Pennsylvania, twenty miles from Pittsburgh. There was also a phone number.
Another click of the mouse, another browser window with a reverse phone directory on Anywho.com. He entered the phone number and got the real address: 2000, Technological passage, Pittsburgh, Pennsylvania.
This was the same address that belonged to the National Cybercrime Alliance.
Master Splinter was a FED.
To be continued
Kevin Poulsen, editor of the magazine WIRED, and in his childhood blackhat, the hacker Dark Dante, wrote a book about " one of his acquaintances ."
The book shows the path from a teenager-geek (but at the same time pitching), to a seasoned cyber-pahan, as well as some methods of the work of the special services to catch hackers and carders.
')
The book quest for book translation began in the summer at ITish camp for high school students - “ Shkvoren: schoolchildren translate a book about hackers, ” then Habrayusers and even a little editorial staff joined the translation.
The second breath "quest for the translation of the book" was due to the company Edison .
How Max was arrested read in Chapter 33: “Exit Strategy” , as the entire network covered Chapter 34: “DarkMarket” .
Chapter 27. "The First Network War"
(for the translation thanks to Lorian_Grace)Kate Mularski was standing at the podium, the presentation filled the entire LCD screen behind. In front of him sat around the table in the conference room, fifteen senior FBI officials and specialists from the Ministry of Justice. They were all focused. Mularsky offered them something new, and they had never done such a thing before.
Authorization of the first level was a rare thing for the bureau. First of all, Mularsky wrote a twenty-page document, revealing all aspects of the plan and collecting legal assessments from the FBI on each of them. The general council of the agency was encouraged by the prospects: the approval of the plan created a precedent acceptable for future operations under the cover of the network.
The main obstacle for the evaluation committee of such activities in the Ministry of Justice was the question of responsibility for the fact that the sites managed by the US government were allowed to commit a crime.
The question was: how could Mularsky mitigate this harm, so that innocent people and organizations would not suffer. The answer was ready: the criminal activity on DarkMarket will continue, with or without the participation of the FBI. However, if the Bureau controls the server and Master Splinter controls the site, the FBI will be able to stop the spread of a significant portion of the stolen data that would otherwise freely pass through the black market. The document suggested that any financial data would be immediately sent to the affected banks, and as a result, stolen credit cards could be blocked before they were used.
The meeting lasted 20 minutes. Returning to Pittsburgh on October 7, Mularsky gave the go-ahead to master DarkMarket. Iceman was still listed as a target for the operation, but JiLsi and other leaders of the site became the main targets.
When his wife went to bed, Mularsky settled in front of the sofa, turned on the TV and wrote JiLsi on ICQ. After exchanging innocent jokes, they finally got down to business.
DarkMarket was again under a DDoS attack, and Mularsky, under the pseudonym of Master Splinter, was ready to transfer the site to a secure server. JiLSi had only one word to say, and problems with Aismen would be a thing of the past.
JiLsi showed some fears, because DarkMarket was his brainchild, he did not want to look like a community as if he had lost control of him. Mularski explained that this would not be a problem, since Master Splinter would be a secret administrator. No one but two of them will know that the site is now controlled by a new person. For all the others, the Splinter will remain an ordinary moderator.
“Okay,” JiLsi replied, “prepare your server. We are moving. ”Mularski immediately got down to business. He rented a server from the company “Planet”, based in Texas, and then went into darker affairs, buying DDoS protection from a Russian under the name Quasatron for $ 500 a month. Payment was made in electronic currency. Quasatron configured the site so that its public part was at Staminus, a hosting company with a wide channel and resistance to similar attacks. Their systems could withstand such a flow, and the Quasatron software sent only the necessary traffic to the real DarkMarket server behind the scenes.
Everything was done as an Eastern European hacker would have done. When Mularsky wanted to access the site’s backend, he used KIRE, a Virginia-based company that had shell accounts, allowing IRC users to connect to chat rooms without opening their home IP. No one will know that the Polish spam king comes to the site from Pittsburgh.
As soon as this move was made, Mularsky went to court and received a warrant to search his own server, which allowed him to see all user bases, access logs and private messages.
The last remained. After Shadowcrew, it was commonplace for carder forums to force users to accept an agreement according to which any illegal information was banned on the site, and removed all responsibility from the organizers for it. The hosts of the forums were confident that the confused language of the law could protect them. DarkMarket had a particularly long and detailed user agreement, so no one noticed that Master Splinter added a line.
“Using this forum, you agree that the administration can read personal correspondence on the forum to make sure that the agreement is fulfilled,” he wrote, “or for some other purpose.”
“I think it’s important to note that Iceman is rather stupidly dreaming of becoming a hacker, and hacks websites just for fun.”
El Mariachi knew well for which strings to pull the Iceman.
After this insidious capture, Dave Thomas returned to the “Life on the Road” blog to continually insult his opponent, calling him “Iceboy”, “Officer Ice”, and “a bloody piece of poop on his shoes”. He called Iceman to meet him in person and resolve the dispute in a manly way. Then he said that he could hire a hitman to track the carder for the rest of his life.
Max responded with ever increasing rage. He did not forget the difficulties and costs that fell on him when he was looking for a new host, after Thomas had disconnected him in Florida. The aggression, which he had restrained in himself ever since, burped out of his womb and poured out through the tips of his fingers. "- * Insults, not too acceptable in the Habré * - I could tear you to hell with my bare hands, but a coward like you will immediately call the cops and climb up for a weapon, just seeing me." Better pray that I will never go anywhere, for when you meet you will look like an even bigger dummy than now, but I will not have the slightest remorse and break your neck. ”
Reassured, he sent Thomas a letter. He was thinking about turning off the Card Market, and leaving his Iceman figure. No, it would not mean that he gives up; on the contrary, this would prove to be the most serious threat to the Thomas campaign.
Have you read The Art of War, idiot? You know nothing about me.
I know all about you.
I will kill the Card Market, I will kill the Iceman, and what will you do? A fight with a shadow? You are hopeless ... I am an enemy who will constantly overpower you, because you have NO PROTECTION, and NO GOAL.
I am your biggest nightmare, you and your family will suffer for the money I lost because of you for a very, very long time.
Two days later, Max testified was serious. He hacked the El Marianchi site, "The Gifters," which Thomas turned into a semi-legal site to monitor carders' forums. He cleared the entire hard drive ... The site never went up again.
Iceman proclaimed his triumph in the final blog post. “I have nothing to prove. Now, having thrown the informer David Thomas of the fighters, I will leave you. ”He wrote.
“Unlike you, I do my business. Learn a lesson. Go ahead and leave it all. ”
But Max was not allowed to go back into the shadows. Two reporters from USA Today discovered a public war of carders and received confirmation of hostile takeovers from companies that watched the forums. On the morning after Max proclaimed victory over El Mariachi, the delivery service delivered two million copies of the newspaper throughout Thursday across the country. On the first page of the business section there was a story about the seizure of carder sites by Aysmen.
By indulging his ego and entering into a public confrontation with David Thomas, Max led Eisman to the pages of the largest daily newspaper in the States.
“The Secret Service and the FBI refuse to comment on Iceman’s actions,” the article stated. “But even so, the actions of this mysterious person illustrate the growing threat of cybercrime, which is largely the fruit of some forums.” The article was not a surprise, reporters contacted Aisman, and Max sent them a long commentary expressing his position. His opinion was not published, and the article only made Max even more impudent. He even added a quote from it to the header of the entrance page to the Card Market: “He created the Vol-Mart underground”.
Max showed the article to Charity. "It seems I raised a hefty wave."
Chris was furious when he heard about Max talking to journalists. He watched Max spend countless hours arguing with Thomas, and now he also gave an interview ?!
“You have lost all reason,” he remarked.
Max tightened up. Applications in the Market Carders flowed like a river. The article seemed to make all street hooligans hope for success in this area.
The site took three hundred new inhabitants for the night. Two weeks later they were still arriving.
He dropped most of the responsibilities on administrators. There was something to do besides this. The swift attack against financial organizations was very successful, but the firewalls of banks were the easiest part. Bank of America and Capital One, in particular, were huge organizations, and Max simply got lost in their extensive networks. He could easily spend years on any of them just in search of the data he needed for a serious result. Max had serious problems with motivation for this dulling work: breaking networks was fun, and now it is over.
Instead, Max postponed the issue with the banks, concentrating on the war of the carders ... The new hosting provider, Max, received constant complaints about criminal activity in the Carders Market. Max saw one of the emails sent from an anonymous account. On a whim, he tried to enter there using JiLsi data. And suddenly, everything came up. This meant that JiLsi was trying to destroy Max.
He then engaged in breaking into the JiLsi account on the Russian forum Mazafaka and sent an avalanche of messages with simple content: "I am federal." Then Max publicly demonstrated this evidence of the atrocities of JiLsi. Denunciations to the hosting company, from his point of view, were very mean tactics.
DarkMarket was not polite enough to die immediately. Max could just drop the database, but it wouldn't work very much - the site was revived before ... His DDoS attacks stopped being effective. DarkMarket went to an expensive broadband hoster, and created dedicated servers for mail and databases. Suddenly, this site turned out to be a tough nut to crack.
Then, up to Max came quite intriguing rumors about DarkMarket.
The story included Silo, a Canadian hacker, known for his amazing ability to juggle dozens of people in the community, at ease changing the style for each of them. The second famous skill of Silo was that he was obsessed with hacking other carders. He constantly published hidden code software that allowed spying on colleagues.
These two traits played into the hands of Silo when he registered with DarkMarket under the new guise and published the hacking software for an assessment. Being true to himself, Silo hid in the program a function that sends user files to one of his servers.
Looking at the results, he discovered a small cache of empty Word templates that included the complaint form of the malware. The templates contained the logo of an organization known as the National Cybercrime Alliance in Pittsburgh. Max checked them out. The feds. Someone from DarkMarket worked for the government.
Ready to investigate, Max used the backdoor again. This time he went on reconnaissance. He entered the console from the root, derived a recent entry history. He then displayed the entire list in a separate window and began to check the public registration records for each IP used by the administration.
When he reached Master Splinter, he stopped. The spammer who introduced himself as a Pole came from an address owned by a corporation in the United States called Pembrooke Associates.
He checked the Whois.net registrations for the Pembetal.com site.
Their mailbox was in Warrendale, Pennsylvania, twenty miles from Pittsburgh. There was also a phone number.
Another click of the mouse, another browser window with a reverse phone directory on Anywho.com. He entered the phone number and got the real address: 2000, Technological passage, Pittsburgh, Pennsylvania.
This was the same address that belonged to the National Cybercrime Alliance.
Master Splinter was a FED.
To be continued
Published translations and publication plan (April 21)
PROLOGUE ( GoTo camp students)
1. The Key (Grisha, Sasha, Katya, Alena, Sonya)
2. Deadly Weapons (Young programmers of the Federal Security Service of the Russian Federation, August 23)
3. The Hungry Programmers (Young programmers of the Federal Security Service of the Russian Federation)
4. The White Hat (Sasha K, ShiawasenaHoshi )
5. Cyberwar! ( ShiawasenaHoshi )
6. I Miss Crime (Valentin)
7. Max Vision (Valentine, August 14)
8. Welcome to America (Alexander Ivanov, Aug 16)
9. Opportunities (jellyprol)
10. Chris Aragon (Timur Usmanov)
11. Script's Twenty-Dollar Dumps (Georges)
12. Free Amex! ( Greenhouse social technology )
13. Villa Siena (Lorian_Grace)
14. The Raid (Georges)
15. UBuyWeRush (Ungswar)
16. Operation Firewall (Georges)
17. Pizza and Plastic (done)
18. The Briefing (Georges)
19. Carders Market (Ungswar)
20. The Starlight Room (Artem TranslationDesigner Nedrya)
21. Master Splyntr (Ungswar)
22. Enemies (Alexander Ivanov)
23. Anglerphish (Georges)
24. Exposure (+)
25. Hostile Takeover (fantom)
26. What's in Your Wallet? (done)
27. Web War One (Lorian_Grace?)
28. Carder Court (drak0sha)
29. One Plat and Six Classics (+)
30. Maksik (Ignat Ershov)
31. The Trial (Bogdan Jour)
32. The Mall (Shuflin)
33. Exit Strateg y (r0mk)
34. DarkMarket (Valera aka Dima)
35. Sentencing (comodohacker +)
36. Aftermath (ex-er-sis?)
EPILOGUE
1. The Key (Grisha, Sasha, Katya, Alena, Sonya)
2. Deadly Weapons (Young programmers of the Federal Security Service of the Russian Federation, August 23)
3. The Hungry Programmers (Young programmers of the Federal Security Service of the Russian Federation)
4. The White Hat (Sasha K, ShiawasenaHoshi )
5. Cyberwar! ( ShiawasenaHoshi )
6. I Miss Crime (Valentin)
7. Max Vision (Valentine, August 14)
8. Welcome to America (Alexander Ivanov, Aug 16)
9. Opportunities (jellyprol)
10. Chris Aragon (Timur Usmanov)
11. Script's Twenty-Dollar Dumps (Georges)
12. Free Amex! ( Greenhouse social technology )
13. Villa Siena (Lorian_Grace)
14. The Raid (Georges)
15. UBuyWeRush (Ungswar)
16. Operation Firewall (Georges)
17. Pizza and Plastic (done)
18. The Briefing (Georges)
19. Carders Market (Ungswar)
20. The Starlight Room (Artem TranslationDesigner Nedrya)
21. Master Splyntr (Ungswar)
22. Enemies (Alexander Ivanov)
23. Anglerphish (Georges)
24. Exposure (+)
25. Hostile Takeover (fantom)
26. What's in Your Wallet? (done)
27. Web War One (Lorian_Grace?)
28. Carder Court (drak0sha)
29. One Plat and Six Classics (+)
30. Maksik (Ignat Ershov)
31. The Trial (Bogdan Jour)
32. The Mall (Shuflin)
33. Exit Strateg y (r0mk)
34. DarkMarket (Valera aka Dima)
35. Sentencing (comodohacker +)
36. Aftermath (ex-er-sis?)
EPILOGUE
Source: https://habr.com/ru/post/281763/
All Articles