Kingpin: How One Hacker Took Over the Billion Dollar Cyber Crime Underground (18 page)

The briefing for about half a dozen FBI agents was held at a nondescript Calverton, Baltimore, office where the bureau ran its Innocent Images anti–child porn operation. Speaking slowly in a rumbling, midwestern twang, the postal inspector weighed each word like a parcel as he ran through the history of the scene: CardersLibrary spawning CarderPlanet, the legend of King Arthur, the influence of the Russians and Ukrainians, and the rise and fall of Shadowcrew. He threw up a screenshot of CarderPlanet to show the underground’s structure: A site operator was the don. Admins were capos. It was a metaphor to which the FBI was institutionally attuned; hackers were the new mafia.

Operation Firewall, Crabb explained, had left the carders scattered, paranoid, and disorganized. But they were rebuilding. And unlike before,
with Shadowcrew, there was no singular target to go after. Instead, a slew of new, smaller forums was popping up. Crabb didn’t say it, but the Secret Service had treated the carders with half a dose of penicillin; the survivors were immune and plentiful.

Mularski hung on every word. In his brief time at the NCFTA, the agent had seen patterns in the raw intelligence bubbling up from the underground: references to nicknames, coded messages, and forums. It made sense now. It was the carders organizing themselves again.

When Crabb wrapped up his talk and the other agents began to file out, Mularski approached the postal inspector at the head of the table and extended his hand enthusiastically. “This stuff is fascinating,” he said. “I’d love to work with you. I’d love to partner up with you.”

Crabb was surprised by the suggestion; in his experience, a more typical proposal from an FBI agent might take the form “Give me all your information. Thanks, bye.” He met with Mularski and his boss privately and gave the agents a more thorough rundown on the carder scene.

Mularski returned to Pittsburgh, his head swimming. He’d thought he’d left behind the world of Russian spies, double agents, and secret identities. He’d been wrong. And the safe, satisfying routine of his new job was about to be shattered.

ry as he might, Max couldn’t get situated on any of the new forums sprouting in Shadowcrew’s ruins. They were all corrupt, run by dumps vendors hostile to outside competition. In a way, it was a blessing. He could never really trust any of the sites; he knew all too well that the scene was rank with cops and informants.

He finally made up his mind that if he was going to vend, the only sensible venue would be a site he personally controlled. Still thinking of himself as Robin Hood, he came up with the perfect name for his own forum: Sherwood Forest.

Chris approved of the plan—he liked the idea of vending his counterfeit credit cards and driver’s licenses in a safe environment—but hated the name. As an exercise in branding, “
Sherwood Forest” wasn’t going to cut it for a criminal marketplace. The partners went back to the drawing board, and in June 2005 Max used a fake name and bogus address in Anaheim to register Cardersmarket.com.

It was a critical time for Max: He was near the end of his federal supervised release, and if he could make it until midnight, October 10, 2005, he would be a free agent, no longer obliged to play the role of an underemployed computer consultant for the benefit of his probation officer. It should have been easy enough to survive a few more months.
Besides Chris, there were only two people who knew about Max’s double life, both Chris’s friends: Jeff Norminton and Werner Janer, the real estate fraudster who wrote Charity a $5,000 check that helped bootstrap Max’s hacking operation.

Then, in September 2005, Werner Janer got busted.

Since hooking up with Max, Chris had been dropping Janer a few cards here and there—maybe eighty over three years—in exchange for 10 percent of whatever Janer netted from his in-store purchases. That month Janer asked for another batch of two dozen cards—a money shortage had forced him to sell the family home in Los Angeles, and he’d moved to Westport, Connecticut, to make a new start of it. Soon after his arrival he was robbed by a criminal associate of nearly all the proceeds of the house sale, and he needed an income boost to support himself and his wife and three children.

When Chris’s FedEx arrived,
Janer, an avid watch collector, headed straight to Richard’s of Greenwich, a men’s clothing and accessory store that kept an inventory of high-end timepieces. Janer had quality plastic and a matching driver’s license in his pocket, all bearing the name Stephen Leahy. What he didn’t have was a knack for carding. He selected not one, not two, but four Anonimo watches, each worth between $1,000 and $3,000, and asked the store owner to ring each of them up separately on four different Visa cards, which he conspicuously pulled from a deck of a dozen. Two of the hefty transactions were declined, so Janer left with two watches worth a total of $5,777, charged to two Bank of America cards.

A patrol car pulled over Janer about two miles away. While the cops looked over Janer’s genuine driver’s license and asked him if he’d been watch shopping recently, a second cruiser drove by with the store owner in the passenger seat. He eyed Janer and confirmed that they had the right guy.

The cops arrested Janer and searched his car, pulling out the watches,
twenty-eight credit cards, and six California driver’s licenses, each with a different name. When detectives served a search warrant on his house they found more watches and a .22-caliber Walther P22 handgun.

The gun was bad news. Instead of a larceny charge and a probation violation Janer was now facing a federal beef for being a felon in possession of a firearm. Janer wasted no time in offering to lead the feds to the source of the counterfeit cards. In the standard arrangement for snitches, the government agreed to let Janer “proffer” his information under a limited grant of immunity: Nothing he said would be used directly against him. If they found it useful—if it led to arrests—they’d consider recommending a reduced sentence on his gun-possession charge.

In two proffer sessions totaling nearly eight hours, Janer spilled his guts to a local Secret Service agent and a federal prosecutor. He told them about Chris Aragon, his ring of cashers, and “Max the Hacker,” a six-foot-five computer genius who’d been cracking banks from San Francisco hotel rooms.

He didn’t know Max’s last name, he said, but he’d once written a check to the hacker’s girlfriend for $5,000. Her name was Charity Majors.

The Secret Service wrote up the interviews and entered the data into the agency’s computer, but the agency never followed up on the information, and prosecutors declined to grant Janer any special consideration. He was sentenced to twenty-seven months in prison.

Max Vision had dodged a bullet. Janer’s statements sank into a giant government computer—they might as well have been stashed in the cavernous warehouse in the final scene of
Raiders of the Lost Ark
. As long as nobody had occasion to dig them up, Max was safe.

Meanwhile, Max began the process of getting Carders Market up and running. He had plenty of experience setting up legitimate websites, but starting a crime site would take special preparations. For one thing,
he couldn’t just put the Carders Market server on the floor of his safe house—that would make him a sitting duck.

He hacked into a Florida data center run by Affinity Internet and installed a VMware virtual machine on one of its servers—secreting an entire simulated computer on one of its systems. His hidden server grabbed an unused Internet address from Affinity’s pool of addresses. The site would be a ghost ship, not officially owned or operated by anyone.

Max played with different Internet forum software and finally settled on the flexible package vBulletin. He spent months customizing the layout and designing his own templates for the look and feel of the site, styling it in shades of gray and muted gold. The work felt satisfying. For the first time in years, he was creating something instead of stealing. It was just like setting up Whitehats.com, except in those ways in which it was the opposite.

Finally, on the one-year anniversary of the Operation Firewall raids, he conjured a new name in his ever-changing lineup of noms de guerre: Iceman. He chose the handle in part for its commonality: There were lots of Icemen in the underground—there’d even been one on Shadowcrew. If law enforcement tried to track him down, they’d find several mirages on their radar.

Max, as Iceman, launched Cardersmarket.com in late 2005 with little fanfare. Chris joined as the first coadministrator, inventing the handle EasyLivin’ for the site.

From their careful observation of Shadowcrew and the splinter forums that followed, Max and Chris knew that the key to gaining acceptance was to appoint big names who could help run the board and attract still more heavy hitters from their circle of friends. The partners soon managed to draw two household names from the Shadowcrew diaspora.

Bradley Anderson, a forty-one-year-old Cincinnati bachelor, was their first pick. Anderson was a legend as “ncXVI,” a fake-ID expert and author of the self-published book
Shedding Skin
, the bible of identity reinvention.
Their second recruit was Brett Shannon Johnson, thirty-five, a Charleston, South Carolina, identity thief famous online as “Gollumfun,” a founder of both Counterfeit Library and Shadowcrew who’d retired from the latter site before the Secret Service swept in.

After vanishing from the scene for over a year, Johnson was crawling out of retirement—Chris’s sidekick John Giannone had spotted him online that spring and struck up a conversation on ICQ, bringing him up to date on the latest busts and gossip.

Giannone wound up selling Johnson twenty-nine of Max’s dumps for an easy six hundred bucks, then introduced him to Max, who sold him another five hundred cards. “I can see that you and I are going to be doing some good business in the future,” Johnson had told Max.

Johnson accepted Max’s and Chris’s invitation to become an admin on Carders Market, lending the site the experience and contacts of the only Shadowcrew administrator to survive Operation Firewall.

Giannone joined Carders Market as “Zebra,” and Max created a second, secret identity for himself, “Digits.” The alternate handle was a keystone in Max’s new business strategy. Shadowcrew had fallen because prosecutors proved that the founders were themselves buying, selling, and using stolen data—running an informational website wasn’t, in and of itself, illegal, Max reasoned. So Iceman would be the public face of Carders Market but would never buy or sell stolen data. Digits, his alter ego, would handle that, vending the dumps Max was siphoning from the Vancouver pizza joint to anyone who could afford them.

To complete his vision for the site, Max needed one more admin with a particular qualification: a command of the Russian language. He wanted to repair the rift that Operation Firewall had torn between Eastern European carders and their Western counterparts. Two Russian Shadowcrew members had fallen into Cumbajohnny’s VPN trap, and the whole affair had left the Russians deeply suspicious of English-speaking forums.

Max resolved that Carders Market would distinguish itself by having an Eastern European section moderated by a native Russian speaker. He just needed to find one.

Chris offered to help out, and Max accepted. If there was one thing that Chris had proven to his partner, it was that he knew how to recruit new talent.

ine chandeliers hung over the lush velvet booths at Harry Denton’s Starlight Room, the light scattering off a two-hundred-pound mirror ball suspended over the dance floor. Heavy crimson drapes parted from the picture windows like a stage, revealing the glimmering San Francisco skyline beyond.

Positioned on the twenty-first floor of the Sir Francis Drake Hotel, the Starlight Room was an opulent fixture in the city’s teeming nightlife—a flashback to 1930s style, strewn with deep red and gold damask and hand-rubbed silk. More garish than hip, the club kept people coming by hosting regular theme nights. This was Russian Wednesday, and tuxedoed servers were pouring vodka shots at the crowded bar while music from the motherland spilled over the crowd.