Kingpin: How One Hacker Took Over the Billion Dollar Cyber Crime Underground (34 page)

Read Kingpin: How One Hacker Took Over the Billion Dollar Cyber Crime Underground Online

Authors: Kevin Poulsen

Tags: #Technology & Engineering, #Computer hackers, #Commercial criminals - United States, #Commercial criminals, #Social Science, #True Crime, #Computers, #General, #United States, #Criminals & Outlaws, #Computer crimes, #Butler; Max, #Case studies, #Computer crimes - United States, #Biography & Autobiography, #Computer hackers - United States, #Security, #Engineering (General), #Criminology

BOOK: Kingpin: How One Hacker Took Over the Billion Dollar Cyber Crime Underground
11.37Mb size Format: txt, pdf, ePub
Chapter 11: Script’s Twenty-Dollar Dumps

  
1
In the spring of 2001, some 150 Russian-speaking computer criminals:
Greg Crabb, U.S. Postal Inspection Service. Roman Vega, currently in U.S. custody, declined comment, as did the Ukrainian widely suspected to be Script.

  
2
The discussion was sparked by:
This history of the carding forums comes from interviews with several veteran carders, court records, interviews with law enforcement officials, and a detailed examination of the archives of Counterfeit Library, CarderPlanet, and Shadowcrew.

  
3
the CVV began driving down fraud costs immediately:
Fraud figures come from a presentation by Steven Johnson, director, Visa USA Public Sector Sales, at the ninth annual GSA SmartPay Conference in Philadelphia, August 23, 2007.

  
4
Chris decided to try some carding himself:
Aragon described his dealings with Script and his first fraudulent purchases.

Chapter 12: Free Amex!

  
1
Max broached his plan obliquely with Charity:
Interview with Charity Majors.

  
2
Internet Explorer can process more than just Web pages:
Drew Copley and eEye Digital Security, “Internet Explorer Object Data Remote Execution Vulnerability,” August 20, 2003. See CERT Vulnerability Note VU#865940. The author located Max’s attack code in a 2003 post to a hacker Web forum, and computer security researcher Marc Maiffret, an executive at eEye, confirmed that it exploited this bug. Max remembers having the vulnerability before it was public but isn’t sure how he obtained it. He says eEye and its researchers never leaked bugs in advance.

  
3
The disk was packed with FBI reports:
Aragon, Max, and Werner Janer all related the story of Max’s intrusion into the FBI agent’s computer. Max, Janer, and another source confirmed the agent’s name. The agent, E. J. Hilbert, insists he was never hacked and that Max likely penetrated an FBI honeypot filled with fake information.

Chapter 13: Villa Siena

  
1
Chris loaded blank PVC cards:
Aragon admits his credit card counterfeiting operation and provided some details in interviews. The author examined Aragon’s counterfeiting gear, and dozens of his finished cards, at the Newport Beach Police Department. The blow-by-blow on how the equipment operates comes from interviews with another experienced card counterfeiter who used the same gear.

  
2
summoned his girls:
Nancy Diaz Silva and Elizabeth Ann Esquere have pleaded guilty for their roles in Aragon’s operation. The other cashers were described variously by Aragon’s former associates Werner Janer, Jonathan Giannone, and Tsengeltsetseg Tsetsendelger.

  
3
They’d be “sticking it to the man”:
The Newport Beach Police Department interviewed one of Aragon’s later cashers, Sarah Jean Gunderson, in 2007. According to the police report: “Aragon stated that it was ‘The man that we are sticking it to.’ Gunderson said she knew it was wrong, however all of her bills were getting paid.” Gunderson has pleaded guilty.

Chapter 14: The Raid

  
1
Chris Toshok awoke to the sound of his doorbell buzzing:
The details of the raid come primarily from Toshok’s blog post “The whole surreal story,”
I am Pleased Precariously
on January 15, 2004.

  
2
The FBI tried to lure Gembe to America:
Cassell Bryan-Low, “Hacker Hitmen,”
Wall Street Journal
, October 6, 2003. Also see the author’s
“Valve Tried to Trick
Half-Life 2
Hacker into Fake Job Interview,”
Wired.com
, November 12, 2008. (
http://www.wired.com/threatlevel/2008/11/valve-tricked-h/
).

  
3
“Call me back when you’re not stoned”:
Aragon and Max both agree they fought over money. This quote was recalled by Aragon.

  
4
sending them to Mexico to be fitted with clean VINs:
Interviews with Werner Janer and Jonathan Giannone. Court records from Aragon’s San Francisco arrest show his car was found to have fake VIN tags, and as part of the case settlement Aragon agreed to forfeit the vehicle. Aragon declined to elaborate on that aspect of his activities in interviews.

Chapter 15: UBuyWeRush

  
1
Cesar had come to the underground by a circuitous course:
Interview with Carranza.

  
2
Selling equipment wasn’t in and of itself illegal:
Carranza pleaded guilty to money laundering in December 2009 for running an e-gold exchange service for carders under the UBuyWeRush brand.
U.S. v. Cesar Carranza
, 1:08-cr-0026 U.S. District Court for the Eastern District of New York. On September 16, 2010, he was sentenced to six years in prison.

  
3
The midsized Commerce Bank in Kansas City, Missouri, may have been the first:
Interview with Mark J. Tomasic, former vice president of bank card security with
Commerce Bank. Also see “Hey, banks, earn your stripes and fight ATM fraud scams,”
Kansas City Star
, June 1, 2008.

  
4
Citibank, the nation’s largest consumer bank by holdings, was the most high-profile victim:
The CVV attacks were widely known as the “Citibank cash-outs” in carding circles. One of King Arthur’s cashers, Kenneth Flury, was prosecuted in the United States after admitting to stealing $384,000 in Citibank ATM withdrawals in ten days in the spring of 2004:
U.S. v. Kenneth J. Flury
, 1:05-cr-00515, U.S. District Court for the Northern District of Ohio. Citibank declined comment. To discourage competitors, masterminds of the cash-outs often claimed to have secret algorithms at their disposal to generate workable magstripes. Max and other carders confirmed this was a myth, as did FBI agent J. Keith Mularski. Any data would work.

  
5
once let it slip to a colleague that King was making $1 million a week:
Joseph Menn, “Fatal System Error,”
Public Affairs
, January 2010.

  
6
Max had passed them all to Chris, who tore into them with a vengeance:
Interview with Max. Werner Janer confirmed that Chris worked on the Citibank cash-outs with Max, but Janer did not know the details. Aragon declined to comment on the cash-outs.

  
7
In just one year:
Avitan Litan, “Criminals Exploit Consumer Bank Account and ATM System Weaknesses,” Gartner report G00129989, July 28, 2005. The loss estimate includes two types of magstripe “discretionary” data that was not being properly verified: the CVV and an optional PIN offset used by some banks.

Chapter 16: Operation Firewall

  
1
Banner ads appeared at the top of the site:
This and other reporting on Shadowcrew’s contents comes from a mirror of the public portion of the site captured in October 2004, immediately before it was shuttered.

  
2
The posts disappeared at once:
Interviews with Max. Aragon independently stated that he and Max tried to warn Shadowcrew members in advance of the Operation Firewall raids.

  
3
The transactions ranged from the petty to the gargantuan:
Transaction details come from the Operation Firewall indictment,
U.S. v. Mantovani et al.
, 2:04-cr-00786, U.S. District Court for the District of New Jersey.

  
4
the Secret Service had noticed Ethics was selling:
Ethics’s hacking of the Secret
Service agent was first reported by the author: “Hacker penetrates T-Mobile systems,”
Securityfocus.com
, January 11, 2005. His use of the BEA Systems exploit came from sources close to the case and was first reported by the author: “Known Hole Aided T-Mobile Breach,”
Wired.com
, February 28, 2005 (
http://www.wired.com/politics/security/news/2005/02/66735
). Also see
U.S. v. Nicolas Lee Jacobsen
, 2:04-mj-02550, U.S. District Court for the Central District of California.

  
5
David Thomas was a lifelong scammer who’d discovered the crime forums:
For Thomas’s history with the forums and the details of his work for the FBI, see Kim Zetter, “I Was a Cybercrook for the FBI,”
Wired.com
, January 20, 2007. A U.S. government source confirmed to the author that Thomas had worked for the bureau while running his forum, the Grifters.

  
6
“You don’t know who you have here”:
From the police report of Thomas’s arrest. “The problem with the Bureau and the Secret Service is they look at the largest biggest deals they can get in on,” Thomas said in a 2005 interview with the author. “They want the big enchilada.”

  
7
Their targets were marked on a map of the United States:
Brian Grow, “Hacker Hunters,”
Businessweek
, May 30, 2005 (
http://www.businessweek.com/magazine
/content/05_22/b3935001_mz001.htm
). The identification of the Secret Service agents’ guns also comes from this story.

  
8
Attorney General John Ashcroft boasted in a press release: “Nineteen Individuals Indicted in Internet ‘Carding’ Conspiracy,”
October 28, 2004 (
http://www.justice.gov/usao/nj/press/files/pdffiles/fire1028rel.pdf
).

Chapter 17: Pizza and Plastic

  
1
His scanning put him inside a Windows machine:
Max, Jonathan Giannone, and Brett Johnson each independently identified the Pizza Schmizza in Vancouver, Washington, as the source of Max’s dumps in this period. The store manager said the restaurant has since changed ownership, and she had no knowledge of a breach.

  
2
Max couldn’t help feeling cheated yet again:
Interviews with Max.

  
3
Giannone was a smart middle-class kid with a coke habit:
Giannone confirmed the cocaine use and all the details of his relationship with Max and Aragon. He discussed the elevator button pressing and the “bank robbery” prank in a chat with another carder, a log of which was provided to the author. Giannone confirmed in an interview
that he discussed the bank robbery hoax but said it was an idle boast, and he didn’t actually pull it off. He said he did not recall the elevator matter.

  
4
Giannone joined Shadowcrew and CarderPlanet under the handle MarkRich:
Giannone’s transition through various handles was confirmed by Giannone in an interview. Posts on the forums reviewed by the author confirm he gave up his original handle after being suspected of informing on an associate while a juvenile.

  
5
launched a DDoS attack against JetBlue:
Giannone also discussed this attack in the abovementioned chat logs. He confirmed it in interviews with the author.

  
6
the teen was running his operations from the computer in his mother’s bedroom:
Interviews with Max.

Chapter 18: The Briefing

  
1
Mularski had wanted to be an FBI agent since his freshman year:
Mularski’s biographical details and his early work at NCFTA come from interviews with Mularski.

  
2
The briefing for about half a dozen FBI agents:
Interviews with J. Keith Mularski and Postal Inspector Greg Crabb.

Chapter 19: Carders Market

  
1
“Sherwood Forest” wasn’t going to cut it for a criminal marketplace:
Aragon’s rejection of the name comes from interviews with Max and a letter Max later wrote his sentencing judge.

  
2
Janer, an avid watch collector, headed straight to Richard’s:
Janer explained his motives in the failed watch caper in interviews, and Aragon confirmed he provided Janer with cards as a favor. The criminal case file describes how he was busted and his subsequent cooperation, which Janer confirmed.
U.S. v. Werner William Janer
, 3:06-cr-00003, U.S. District Court for the District of Connecticut.

  
3
He hacked into a Florida data center run by Affinity Internet:
Court records confirm Carders Market was hosted at Affinity at this time and that Affinity later provided the FBI with a copy of the file system. Max detailed the hack in interviews and in contemporaneous postings to an Internet message board as “Iceman.”

4
“I’m looking to make a good pile of money”:
Chat logs admitted as evidence in
U.S. v. Jonathan Giannone
, 3:06-cr-01011, U.S. District Court for the District of South Carolina. Online chats and message board posts in this book are verbatim when they appear within quotes, except for some minor changes of grammar, punctuation, or spelling for readability.

Chapter 20: The Starlight Room

  
1
Tsengeltsetseg Tsetsendelger was being kissed:
Aragon, Max, and other sources confirm that Tsetsendelger was recruited at the Starlight Room and brought back to Aragon’s hotel. The details come from interviews with Tsetsendelger. Liz and Michelle Esquere declined comment.

Other books

Perversion Process by Miranda Forbes
Almost Crimson by Dasha Kelly
Best Girl by Sylvia Warsh
Fastball (Wilde Players Dirty Romance) by Hargrove,A.M., Laine,Terri E.
Snakehead by Anthony Horowitz
Unexpected Gifts by S. R. Mallery