Read Kingpin: How One Hacker Took Over the Billion Dollar Cyber Crime Underground Online
Authors: Kevin Poulsen
Tags: #Technology & Engineering, #Computer hackers, #Commercial criminals - United States, #Commercial criminals, #Social Science, #True Crime, #Computers, #General, #United States, #Criminals & Outlaws, #Computer crimes, #Butler; Max, #Case studies, #Computer crimes - United States, #Biography & Autobiography, #Computer hackers - United States, #Security, #Engineering (General), #Criminology
“I got some heat on me right now,” Giannone said.
“What kind of heat?” Tea asked. Giannone liked to affect an air of danger.
“I go to trial next week.”
Federal criminal trials are rare. Faced with the long prison terms recommended by rigid sentencing guidelines, most defendants opt to take a plea deal in exchange for a slightly shortened sentence or limit their exposure by becoming an informant. Some 87 percent of prosecutions were resolved in this manner in 2006, the year of Giannone’s trial. In another 9 percent of the cases, charges were dismissed before reaching a trial, the government preferring to drop a marginal case rather than risk a loss.
Once a jury is seated, a defendant’s chances for acquittal are about one in ten.
But Giannone liked his odds. Most cases don’t hinge on the undercover work performed by an active computer criminal. Soon after he’d snitched on Giannone, Brett “Gollumfun” Johnson had gone on a four-month cross-country crime spree, pulling his IRS scam in Texas, Arizona, New Mexico, Las Vegas, California, and Florida, where he was finally nabbed in Orlando with nearly $200,000 stuffed in backpacks in his bedroom. He wouldn’t make a very good witness for the prosecution.
The bailiff passed out pads and pencils to the twelve jurors, and the prosecutor began his opening statement, adopting a down-home, country tone.
“I love the Internet,” he said. “The Internet is a fascinating thing. It’s a place where we can entertain ourselves; we can get information; we can watch videos; we can play games; we can buy things. eBay is a great place, you can bid on things. If you can think about it, you can buy it on eBay.
“But, ladies and gentlemen, there’s a side of the Internet that we don’t like to think about. There’s kind of a dark underbelly to the Internet, one where not trinkets or bobbles are bought, sold, and traded. There’s a part of the Internet where people’s
lives
are bought, sold, and traded.…
“You are going to see that side of the Internet. And
I suspect that you are never going to look at the Internet exactly the same way again.”
The trial lasted three days. The prosecutor disposed of Brett Johnson right out of the gate, acknowledging that Gollumfun was a liar and a thief who’d betrayed the trust of his Secret Service handlers. That was why the government wasn’t calling him to testify. The prosecution’s “star witness” would be the computer logs of Giannone’s chats with the informant. The record would speak for itself.
Giannone’s lawyer did his best to attack the logs. “Machines make mistakes.” He argued that because the stolen credit cards were never fraudulently used, there were no victims. He reminded the jurors that nobody died or suffered physical harm.
After one day of deliberation, the verdict came in: guilty. The first federal trial of the carding underground was over. The judge ordered Giannone taken into custody.
A week later, Giannone was summoned from his cell at the Lexington County Jail. He instantly recognized the Secret Service agents waiting by the sally port, two steel doors away from freedom; the two men had been Johnson’s handlers, and they’d testified at Giannone’s trial.
“We want to know who this guy Iceman is,” one of them said.
“
Who’s Iceman?” Giannone answered innocently.
The situation was serious, the agents said; they’d learned that Iceman had threatened to kill the president. Giannone asked for his lawyer, and the agents phoned him on the spot. The attorney consented to an interview in the hope of winning leniency for his client at sentencing.
In a series of meetings over the next three weeks, the agents pulled Giannone out of jail again and again, shuttling him to the same field office where Gollumfun had orchestrated his downfall. Unlike most carders, Giannone had held his mud at his arrest and taken a chance on a trial instead of cutting a snitch deal. But now he was looking down the barrel of a five-year sentence. He was only twenty-one years old.
Giannone told them everything he knew: Iceman lived in San Francisco, did a brisk business in dumps, sometimes used the aliases Digits and Generous to sell his goods. He used hacked Wi-Fi to cover his tracks. A Mongolian woman called Tea was his Russian translator.
Most crucially, he had a partner named Christopher Aragon in Orange County, California. You want Iceman? Get Chris Aragon.
The revelations electrified the agents tracking Iceman. When Keith Mularski typed Chris Aragon’s name into the FBI’s case management system, he found Werner Janer’s 2006 proffer sessions, in which he’d named Chris’s dumps supplier as a tall, ponytailed man he knew as “Max the Hacker.” It got better. Way back in December 2005, Jeff Norminton had been arrested for receiving Janer’s wire transfer on behalf of Aragon. He’d told the FBI about introducing Aragon to the superhacker Max Butler after his release from Taft. The interviewing agent was only interested in real estate fraud and hadn’t pursued the lead.
Now Mularski and his Secret Service counterparts had a name. Giannone’s statements confirmed it. Iceman had told Giannone that he was
once raided as a suspect in the Half-Life 2 source-code theft. Mularski ran another search and saw there were only two U.S. search warrants executed in that investigation: one against Chris Toshok, and one against Max Ray Butler.
Iceman’s identity had been hidden in the government’s computers all along. Giannone had given them the password to unlock it.
Knowing Iceman’s identity wasn’t the same as proving it, though. The feds had enough for a search warrant, but they didn’t have the location of Max’s safe house. Worse, Giannone had tipped them that Iceman used DriveCrypt. That meant that even if they tracked down Max’s address, they couldn’t count on finding evidence on his hard drive. They could bust down Max’s door, then watch him walk out of a courtroom twenty-four hours later on bail or a signature bond. With an international network of fake ID vendors and identity thieves at his beck and call, Max might vanish, never to be seen again.
They needed to sew up the case before making a move. Mularski decided Chris Aragon was the key. Thanks to Norminton, they knew all about the wire transfer and real estate fraud scheme he’d profited from almost five years earlier. If they could nail Aragon for that, they could press him to cooperate against Max.
Unaware of the net tightening around him, Max continued his round-the-clock management of Carders Market as “Aphex.” Not that his new identity was really fooling anyone. He couldn’t resist carrying Iceman’s campaign against DarkMarket’s leaders into his new persona, calling them “idiots and incompetents” and circulating the evidence he’d gathered against Master Splyntr. He was astonished that so many people didn’t believe him. “DarkMarket is founded and run by NCFTA/FBI for Christ sake!”
Th3C0rrupted0ne believed Max and gave up his status on DarkMarket to work as a full-time admin on Max’s board—he was devoting fourteen
hours a day to the site now. But Max didn’t trust him either. It was well-known that C0rrupted lived in Pittsburgh, the home of the NCFTA.
Max had developed a new test function for possible informants, and in March he’d tried it out on the carder, announcing out of the blue that he was working with a terrorist cell “and we should have a shot at killing President Bush this coming weekend.” If C0rrupted was a fed, he’d be obliged to discourage the notional assassination plot, Max figured, or he’d ask for more details.
C0rrupted’s response briefly assuaged Max’s doubts. “Good luck with the president thing. Make sure you get the vice president as well. He is no better.”
There was a lot of work to do on the board. Carders Market was hopping, with over a dozen specialized vendors: DataCorporation, Bolor, Tsar Boris, Perl, and RevenantShadow sold credit card numbers with CVV2s, stolen variously from the United States, UK, and Canada; Yevin vended California driver’s licenses; Notepad would check the validity of dumps for a small fee; Snake Solid moved U.S. and Canadian dumps; Voroshilov offered identity thieves a service that could obtain a victim’s Social Security number and date of birth; DelusionNFX vended hacked online banking logins; Illusionist was Carders Market’s answer to JiLsi, selling novelty templates and credit card images; Imagine competed with EasyLivin’ in the plastics trade.
Max tried to run a tight ship—a “military base,” one carder critic groused. As in his white-hat days, he prized intellectual honesty, refusing to grant special favor to even his closest allies.
In April, C0rrupted prepared a review of Chris’s latest generation of “novelty” IDs and plastics. He found them wanting—for one thing, the signature strips were printed right on the cards; you had to sign them with a felt-tip. He thought the products were worth five stars out of ten, but he asked Max if he should fluff his findings a little. “I know you and Easylivin’ are close, so I wanted to know if I should post a true opinion review about these things that I felt, or if I should not be so harsh?”
“I think definitely post the truth, and if possible back it up with pics etc.,” Max wrote back. “I am tight with Easylivin’, but I think the truth is more important. Besides, if he is covered for, and continues to ship poor quality (damn … it’s really that bad?) then it will reflect badly on you and Carders Market.”
A bad review would cost Chris money. But Max didn’t hesitate when it came to the integrity of his crime site.
hris pulled his Tahoe into the garage at Fashion Island Mall in Newport Beach, parked, and got out with
his new partner, twenty-three-year-old Guy Shitrit. They walked toward the Bloomingdale’s, fake American Express cards in their wallets.
Originally from Israel, Shitrit was a handsome guitar player and ladies’ man whom Chris had met on Carders Market. Shitrit had been running a skimming operation in Miami, recruiting professional strippers at work and equipping them with exceedingly small skimming devices to steal patrons’ magstripe data. When the strip-club managers found out, Shitrit had to get out of town in a hurry. He’d landed in Orange County, where Chris hooked him up with a fake ID, a rental car, and an apartment at the Archstone. Then they hit the stores.
Chris was close now, so close, to getting out.
His wife, Clara, had brought in $780,000 on eBay in a little over three years: 2,609 Coach bags, iPods, Michele watches, and Juicy Couture clothes. She had an employee working twenty hours a week just shipping the ill-gotten merchandise. Chris added to the take with his sales of plastics and novelties on Carders Market, an enterprise that wasn’t helped by Th3C0rrupted0ne’s nitpicking review.
Max, he felt, was ignoring the Whiz List, their blueprint for building one big score and getting out. Chris had finally figured it out: Max didn’t
want to quit. He liked hacking; it was all he wanted to do. So screw him. Chris had his own exit strategy in place. He’d poured his profits into an enterprise for Clara, a denim fashion company called Trendsetter USA that already employed several full-time workers at a bright, pleasant office in Aliso Viejo. Eventually, he was certain, it would be profitable. And 100 percent legit.
Until then, he’d be busy.
Shitrit was a clotheshorse, and they’d already squandered some of their stolen credit on men’s clothing for him. On this visit, they’d stay focused. They walked into the air-conditioned coolness of the Bloomingdale’s and made a beeline for Ladies’ Handbags. The Coach purses rested on small shelves along one wall, individually spotlit like museum exhibits. Chris and Guy each picked some out and went to the register. After some swipes at the point-of-sale terminal, they were headed for the door with $13,000 worth of Coach in their hands.
Chris was breaking his own rules by going in-store himself, but his crew was suddenly thinning. Nancy, who’d helped set up Max’s new safe house, had since moved to Atlanta and was doing only a little cashing there. Liz was becoming paranoid—she was constantly accusing Chris of ripping her off, conveying her displeasure
in meticulous, hand-drawn spreadsheets summing up how much Chris owed her for each in-store appearance: $1,918 from a trip to Vegas; $674 for iPods and GPS systems; $525 for four Coach purses worth $1,750. The “amount paid to me” column was zeroes all the way down. In the meantime, his newest recruit, Sarah, was balking at big-ticket items, though she was still useful for running errands. On Valentine’s Day she bought Chris’s presents for his wife and his girlfriend.
With the demands of vending, starting a legitimate business, and trying to resuscitate his crew, Chris now found it more efficient to pay someone else to make his plastic. He’d met Federico Vigo at UBuyWeRush.
Vigo was looking for a way to pay down a $100,000 debt to the Mexican Mafia, after accepting that amount in front money to import a pallet of
ephedra from China, only to have the product intercepted at the border. Chris put him to work. The counterfeiting gear was moved from the Tea House to Vigo’s office in Northridge, and one of Chris’s gophers was running out to the Valley a couple of times a week to collect the latest batch of credit cards hot off the presses, paying Vigo $10 for each card.
Chris and Guy left the Bloomingdale’s and kept their unhurried pace back to the SUV. Chris popped the back and found a place for the new purchases amid a dozen plain brown department store bags already jostling for space, each filled with purses, watches, and a smattering of men’s clothing. He closed up; they got into the car and started planning their next stop.