by Misha Glenny
THIS IS A BORZOI BOOK
PUBLISHED BY ALFRED A. KNOPF
Copyright © 2011 Misha Glenny
All rights reserved. Published in the United States by Alfred A. Knopf, a division of Random House, Inc., New York.
www.aaknopf.com
Knopf, Borzoi Books, and the colophon are registered trademarks of Random House, Inc.
Originally published in Great Britain by the Bodley Head, the Random House Group Limited, London.
eISBN: 978-0-307-95971-3
Cover design by Amy Citron
First United States eBook Edition
v3.1
Contents
Cover
Title Page
Copyright
The Hunt for Lord Cyric
Other Books by This Author
A Note About the Author
Read About DarkMarket
IT WAS in the summer of 2009 and, surrounded by the bold primary colours of the Google headquarters in Mountain View, California, Corey Louie, head of external security, told me about DarkMarket for the first time. I found it hard to envisage the saturnine website devoted to the dark arts of cyber criminality. DarkMarket, as I soon learned, was the notorious English-speaking cybercrime forum that allowed buyers and sellers of stolen identities and credit card data to meet and conduct business in what some may call an ‘entrepreneurial’ setting. I knew straight away that I wanted to learn more about DarkMarket to see if it was worthy of investigation.
It most certainly was. As I began to uncover the website’s structure, run by a hierarchy at whose peak stood five administrators, and comprising of roughly 2,000 users, I realised that to write anything credible about DarkMarket’s history I would have to track down as many members as possible. Then I would have to persuade them to talk. They would need to be representative as well. I needed to find undercover police agents, hackers, members of organised criminal groups, intelligence operatives (if possible) and petty criminals.
Some members were easy to locate—they were in prison. But others were still out there. How could I get to them? One of the most effective ways was by using those forums that are not criminal but where hackers and crackers of all shades chew the digital cud about anything and everything. So I put out a few messages—some coded, some more obvious.
I waited to see if anyone took the bait. They did, although it took many months before they were prepared to talk and even longer before they agreed to meet face to face. These attempts at making contact had other uses—I learned a lot about the language that hackers use, what their interests are and how some have a much greater technical grasp than others.
As I began the process of tracking down the key players in DarkMarket, I became ever more intrigued by one of them: Lord Cyric. There was something more elusive about him than most other posters on the forum.
Some people claimed to know him, others said he had deceived and cheated them; some swore by his rectitude, still more noted that for all his criminal rhetoric, there was no evidence that he had ever committed a crime. A squealer, a hero, a fugitive, a police informant, a hacker. He bullied. He minced. Most of all he got under people’s skin. He certainly got under mine. Halfway through my investigation, I knew I would not rest until I discovered his true identity. My quest remains unfulfilled to this day.
Lord Cyric crops up now and then in my book, DarkMarket. He was a more frequent presence on the forum darkmarket.ws. He is not a central character in the book, although I occasionally allude to his importance. Sometimes I felt I got so close to him that he was almost within reach. At the last moment, however, he seemed to slip from my grasp, an unknowable ethereal being. It is fair to say that Lord Cyric took up large parts of my time and research when I was writing the book.
My fascination for Cyric was prompted by two things. First, there were two key characters in the administration of DarkMarket who the police never bothered to investigate. One was Cyric, the other was the administrator, Shtirlitz, who had spent a long time in the office—admittedly, he was not a very active member but he was important nonetheless. I wanted to know who both these characters were.
Second, my interview with one of the most peculiar DarkMember members, the Turk Mert Ortaç, piqued my interest and triggered what may have been a wild-goose chase, nevertheless it was one of the most absorbing pursuits I’ve ever experienced.
The hunt for Lord Cyric developed into a private obsession, one that later on I learned was shared by several other tenacious researchers—none of them journalists. He assumed a variety of forms in my mind. As I spent hours, days and even weeks trying to establish this, I realised that I was not alone in the search. Many other DarkMarketeers, carders, criminals and cops were equally fascinated, enamoured or appalled by this avatar.
Max Vision, once better known as the hacker Iceman, quite simply loathed Cyric.1 Iceman considered him one of the most troublesome denizens of the carder boards, of which DarkMarket and his own forum, CardersMarket, were the most influential of sites between 2006 and 2008. ‘He was like that irritating pet, Salacious Crumb, that belonged to Jabba the Hutt in Star Wars, constantly yapping about something or other just to annoy you with that irritating cackle of a laugh,’ Iceman recalled.
Then, of course, there was the fictional Lord Cyric created by dozens of imaginations inspired by Dungeons and Dragons. I described this in DarkMarket thus:
The fictional Lord Cyric had become popular among gamers and geeks in the 1980s and early 1990s. He was a self-appointed deity who haunted The Forgotten Realms, a godforsaken fantasy world where warriors roamed to seek out treasure and dark secrets while vanquishing creatures with magical powers and destructive urges. The Realms became a favourite territory for gamers to explore once they had assumed a fantasy role in a team of adventurers playing Dungeons and Dragons. Subsequently, these Badlands of a sub-Tolkienian world appeared in a variety of computer games, including the hugely popular Baldur’s Gate.
They were also described in many novels that were inspired in equal measure by Dungeons and Dragons and the Lord of the Rings. The figure of Lord Cyric had a crucial part to play in the mythology of the Forgotten Realms—in addition to being a god, he was thoroughly evil. More importantly for the world of carding and DarkMarket, Cyric was known inter alia as the Prince of Lies, whose satanic powers included a mastery of deception and illusion as well as the ability to promote strife and intrigue.
Whoever lay behind the avatar in CardersMarket, DarkMarket and elsewhere, he or she wanted to project the concept of what Dungeons and Dragons gamers refer to as ‘chaotic evil’, implying that the character scatters the seeds of mayhem and despair arbitrarily wherever he or she may roam. That certainly fitted DarkMarket’s Lord Cyric as snugly as his penchant for deception, illusion, strife and intrigue. Few carders generated as much hostility in the community as this character did. His speciality was to spread accusations through rumour and innuendo.
By the way, I forgot to mention in my book DarkMarket that the mythical Lord Cyric’s Bane is the name of a tavern in the village of Priapurl, which lies on the Forgotten Realms’ popular tourist destination the Dragon’s Coast. Raise a glass of the local hooch for me if you ever find yourself there!
Whether he intended it or not (I’m fairly confident our Lord Cyric was male), I felt that by his actions alone the man behind the dark lord revealed a fundamental truth about the Internet. In the 1990s, most computer users accepted that the new technology was indubitably a force for good. In the following decade, however, many of the new paths that opened up on the Internet led to this idea being questioned, if not entir
ely scotched.
It would be superfluous to elaborate the countless benefits that the Internet has conferred upon our society but, like most technological breakthroughs, it is a tool that is morally neutral. Until Artificial Intelligence is sufficiently advanced to make moral choices, it will be humans alone who decide whether a technology is put to good use or ill. The dark side of the Internet took a little time, perhaps, to take off. But when it did, it released a firestorm of creativity and imagination. And the fuel that fed the flames was deception.
As stories of hacking bombard us from every angle, it is easy to assume that there is little we can do to protect ourselves from crime and malfeasance on the web as criminal hackers can draw upon vastly superior technical skills than the average computer user. But while such ability is very useful, it is not as valuable as the techniques of ‘social engineering’, the tactic of persuading users to act in a way that is counter to their interests and might end up costing them huge sums of money. This is often the first line of attack that criminals use on the net and for that you don’t even have to know what the word ‘hacking’ means.
Deception is not, of course, restricted to criminals. Facebook is hugely popular in part because it enables its members to manage and fashion their image on the web (the fact that so many of us do such a lousy job by presenting and even promoting the least appealing aspects of our behaviour on Facebook does not undermine the argument). The web acts as a firewall between our real selves and the way we would like the world to perceive us.
Rarely, however, do we manage our image consciously. Furthermore, we also appear to be quite ready to accept what we see, read or hear on the web at face value. If somebody says they are good-looking and possessed of a great sense of humour, we are inclined to believe them. Why that is, I don’t know.
This is dangerous. People tend to believe any nonsense they read on Twitter, for example. Not only does the Internet transform rumours into hard facts much more quickly than any previous method of information dissemination, it also helps those falsehoods to put down deep and stubborn roots. Such an environment enables cunning virtual characters like Lord Cyric to survive and prosper. Despite a police investigation that spanned many parts of the globe and several journalistic probes, nobody had succeeded in identifying him. It was almost as if establishing Lord Cyric’s identity would be the key to unlocking all the deepest secrets of DarkMarket.
Naturally in a forum like DarkMarket, members take greater care with protecting their online identities than might the ordinary public. Sitting in the grim surroundings of the visiting room in Wormwood Scrubs, Renukanth Subramaniam, aka JiLsi, one of DM’s administrators, admitted to me that as an online criminal, you have to start from the assumption that anybody you interact with might turn out to be a law enforcement agent. Cyber thieves, however, are prey to complacency like most people and they will usually let their guard down at some point, revealing either a digital clue that can reveal the location of their computer or some fact that places them in a particular culture, a particular community, a particular town, maybe even in a particular street.
So when you descend into a story like DarkMarket, it is axiomatic that everyone you talk to or encounter is an experienced liar, schooled in the arts of deception and social engineering.
As I began to excavate the website’s secrets, I sometimes felt that I had only succeeded in reaching the first two or three levels of this mysterious virtual cave. I think subconsciously this was because the investigation reminded me of one of the most popular early computer games which I played incessantly soon after moving to Vienna, Austria in the early 1980s—the Colossal Cave Adventure. Using text commands you could walk up or down steps, along passages, discovering treasure or mischievous characters as you went. Sometimes you would encounter your own death. As I stumbled through the Cave I had a strong sense of what it must be like to be blind.
That sense of blindness continued during my exploration of DarkMarket. Had I persisted another year or two, I know that I would have uncovered new subterranean chambers, some large, some small, filled with digital jewels that would both illuminate and throw shadows upon the silhouetted characters who made up this main characters in this drama.
Nonetheless, in the hunt for Lord Cyric, I did come across some remarkable personalities. In February 2009, I spent nine hours interviewing Mert Ortaç in a restaurant and hotel in Istanbul. Mert was the mischievous hacker who Cha0 had physically kidnapped and humiliated by posting a picture on the web of Mert wearing not much but his underpants, holding up a message confessing to his ‘crimes’ purportedly committed against Cha0 and the carding fraternity.2 Cha0 was perhaps the most influential member of DarkMarket and Turkish police arrested his alter ego, Cağatay Evyapan, in September 2008 shortly before the whole website was closed down.
The interview with Mert turned my understanding of the Turkish branch of DarkMarket on its head—and indeed other areas of the website. Most interesting was his claim that not only was Cha0 a Turk but so, too, was Lord Cyric. With absolute confidence, he also gave me a name behind Lord Cyric’s identity. In an even more astonishing claim, he insisted that Cha0 was not Cağatay Evyapan in reality but a certain powerful Turkish businessman whose offices were in Slovenia and Wales (!—go figure) and whom he only knew by his first name: Sahin.
But I am getting ahead of myself. Before I engage with the Cyric enigma, let me explain some of the issues I faced as a writer when dealing with organised crime whether in the real or virtual world.
‘HOW DO you go about writing something like this and how do you talk to the people involved?’ These are the two most frequent questions I am asked about both DarkMarket and my previous book, McMafia. After all, a lot of the people I have interviewed had been at some point, or were still when I was talking to them, involved in major criminal activity.
Some of those interviews have taken place in circumstances that I can only describe as cloak-and-dagger. In Colombia, for example, I interviewed representatives of the FARC, the Marxist group who moonlight as major cocaine distributors. The rendezvous was set for a particular café in the centre of the city of Cali, home to some of the largest narco-cartels in the country. The surrounding countryside is solid FARC territory and on the day before I arrived in town six policemen had been killed by a booby trap laid at one of their control posts. The atmosphere was tense.
Once at the meeting point, I started to receive a series of complex text messages, telling me to head for one landmark after another. Finally I was directed to sit down at another café. I felt a degree of security because I was not in a FARC jungle stronghold (this was critical as the FARC has a track record of kidnapping journalists who have come to interview them and then keeping them captive for years on end in the most inhospitable conditions).
I assumed (correctly as it turned out) that the FARC demanded that I go from place to place in order to observe whether I was being followed or not by intelligence or military agents. Once they had satisfied themselves that I was not, they suddenly appeared beside me.
And it was worth it. They gave me a very detailed and revealing interview. They did not baulk at my questions regarding complicity of their organisation in the cocaine trade, arguing both that this was a legitimate tool in the revolutionary struggle against the government and that in any case everyone was engaged in the game, including people extremely close to the government. Naturally, once we finished the interview, they disappeared as mysteriously as they had materialised.
Of course, they had not simply agreed to speak to me over the phone. It took a lot more than one quick call to set up the interview in the first place. And that reveals a second key issue: it is almost impossible to undertake a serious project of investigative journalism that looks into dodgy matters without engaging help. This applies particularly in foreign countries and still more so if you don’t speak the local language.
Identifying the right person in such situations is by far the most important part of the job. Finding
those people who I call the ‘interlocutors’ with the underworld can occasionally present serious problems but these are rarely insuperable.
Experience can play a key role; it certainly speeds up the process. Having worked as a foreign correspondent for some 25 years, I had made friends and contacts with journalists from across the world. If you are heading for a country, like Colombia, that you have never visited, you will usually be able to dig up somebody who you have met or worked with who is either Colombian or who now works there.
The world is full of journalists who know their local beat incredibly well but who mainly work as ‘fixers’ for international correspondents. In my experience, they are among the most effective reporters in the world, although few people outside the industry have ever heard of them. In this case, I eventually found Juan Pablo who had an excellent track record of successfully mediating between the FARC and foreign correspondents from across the world. He knew exactly what I wanted and how to get it, although it involved putting himself on the line (not for the first time). But of course his extensive local knowledge meant that he was a much better judge as to the level of risk we might face than I could possibly be.
The research for DarkMarket was less hazardous than it was for McMafia. A very important aspect of cybercrime which I explore in the book is that many of those involved in illicit activities would not be engaged in crime were it not for the Internet. This group certainly does not come from what would be considered a traditional criminal milieu nor do its members start out their hacking careers with the specific intention of committing crime. They are usually teenagers, often as young as twelve or thirteen, whose drift into criminality is slow and takes place over months if not years. They eventually find themselves in the new lands of the cyber underworld merely as a consequence of their innate curiosity and the very natural human urge to explore.
Regardless of how they arrived there, however, they understand intuitively that anonymity is vital to their activity on the web. As hackers, they have by definition an advanced ability to mask themselves, which means it is not only tough for the police or intelligence agents to track them down but also for journalists like me. I cannot reveal all the techniques I used for making contact with the characters in DarkMarket but of course a large number of them had been arrested and convicted or were awaiting trial and in those instances that made my job much easier.