The Hunt for Lord Cyric: An eShort Follow-Up to DarkMarket
Page 3
Nonetheless, this endless burrowing was not pointless. I was directed to some fascinating and long exchanges on other forums, often including contributions from Lord Cyric himself. One thing I had to conclude from his writing was that Cyric’s mother tongue was almost certainly English, which once more cast doubt on Mert’s assertion that KS, the Turkish businessman, was Cyric.
Unless, of course, Cyric was more than one person. This was only speculation, as footprints on the web are usually an indication of character and behaviour. They should never be taken as proof.
My main reason for so craving the DM archive was that I was certain it would give me an insight into the psychology of carders and hackers. They are a highly competitive group, made up of individuals who are often very smart but with many contradictory elements of their personality. They are obsessive but also impulsive. Hence so many of them are also extremely unpredictable. It was during those late nights I spent trawling messages that I began to get used to their intemperate language, their advanced paranoia and an ideology that is part-criminal, part-anarchist and part-supremacist, inasmuch as they consider themselves superior to non-hackers/carders.
I knew that if I could follow the DarkMarket posts from the lead actors in this drama, then I would be able to divine a great deal from their linguistic and behavioural characteristics. I would also begin to find a sharper focus for the chronology of events. My primary sources were the interviews I had undertaken with both law enforcement and the criminal world. But as all investigative journalists know, the subjective accounts of key people have to be taken with a very large pinch of salt (especially in a community like DarkMarket where, as criminals and undercover cops, the members were practised liars and dissemblers out of necessity).
On many occasions, I would listen to the most sincere testimony of one DarkMarket member which appeared to be quite credible—I would have no especial reason to disbelieve it. But sometime after, I would interview another member, or perhaps one of the cops, whose description of events was often different in key places. Without the archive, it was impossible to identify who was lying and who was telling the truth. And although the archive would not solve every problem, I would be able to use it to interpret the power relations that existed within DarkMarket both among members and the administrators. The bejewelled centre was the private messages that only the administrators could read—that could tell me more than even a dozen interviews.
But even though I never found the DarkMarket archive, I found court documents that were extremely illuminating. Above all, the legal documentation linked to the two DarkMarket related cases that were heard in Baden-Württemberg in Germany helped me establish a very clear timeline (at least up until Matrix001’s arrest in May 2007). Perhaps most helpful was the trial of Dietmar Lingel, the German police officer accused of having alerted Matrix001 that he was being investigated and also of having leaked Keith Mularski’s identity. I attended several days of Lingel’s complex but fascinating trial.4 He was acquitted of all charges (and on the evidence I heard I believe the magistrate could not possibly have convicted him). But the proceedings revealed the extraordinary difficulties and some crucial mistakes that were made in the international investigation into several DarkMarket members. It certainly made it clear how unbelievably difficult it is coordinating something of this magnitude and complexity.
Later on, documents I found in Turkey helped to clarify the several competing versions of events in that country, too. But first I had to find out as much about Cha0 and Turkey as possible.
SO WHO was Cha0 and what was crimeenforcers.com, his personal crime consultancy business? CrimeEnforcers earned serious money and it was through this site that Cha0 sold his ‘skimmers’, machines that could be attached to ATMs in order to record innocent customers’ credit card details and PIN numbers. He joined DarkMarket in February 2006, chiefly in order to advertise his growing business.
The evidence from DarkMarket was clear: Cha0 and Lord Cyric enjoyed a very close relationship. I needed Cha0 to confirm this but there was one big problem: he was incarcerated near the city of Tekirdağ in the west of the country in one of Turkey’s thirteen top-level security prisons. When I first applied to visit him, I received polite slightly amused smiles. No foreign journalist had ever been granted permission to visit an inmate at one of these facilities. But then none who had tried had the good fortunate to be working with Sebnem, my fixer and translator. She got in touch with everybody involved in the case. We went from government office to government office in Ankara, pleading our case—sometimes receiving a warm smile and commitment to do something about it, sometimes a derisive snort. We went so far as to appeal to the Minister of Justice personally who, a year after I had made the initial request to visit Cha0, gave his permission.
Once that had happened things moved quickly. One Thursday in March 2011, I received a phone call telling me that I would be able to visit Cağatay Evyapan in Tekirdağ the following Tuesday. Just my luck—I received this message after returning from the Chinese Embassy where I had handed in my passport to have a visa application processed. The Chinese refused to return it early saying that I could have it on Tuesday morning at the earliest. So I had to beg the Turkish authorities to allow me to visit Evyapan on Wednesday. But the reply came back that he was going to moved to Istanbul later that week and if the order came to move him on Wednesday, then I would not be permitted to see him.
I had to take that chance—I knew that I would never get a second go at this, if only because the Justice Minister had suddenly moved jobs and I would have been back at square one! I flew out a day late to Istanbul, picked up a four-wheel drive hire car because I had arrived in the middle of huge snowstorm.
It was a dramatic journey with vehicles that had skidded littering the side of the road. Even with the Jeep, we swayed back and forward on the roads heading west out of Istanbul.
The prison was a grim site—set away from the town on a hill. I describe the visit in DarkMarket but the inmate I spoke to there remains imprinted on my mind. I only wish I could have spent more time talking to Cha0 (even so we spoke for three hours) but without all the various officials surrounding us.
Cha0 confirmed when I met him that he knew Lord Cyric well and when I suggested that the phantom character might be the businessman KS, he laughed scornfully. ‘You’ve been talking to the Turkish police, haven’t you?’
Well, of course, I had been talking to the Turkish police but it wasn’t they who had told me about KS. Cha0 knew exactly who KS was but dismissed any idea that he could be Lord Cyric. He refused to tell me his name but insisted that Cyric was not Turkish and, yes, they had been friends for a long time.
So if Cha0, who was arrested in September 2008 in Istanbul and whom everybody knew to be a proper criminal, was cooperating with Lord Cyric, could whoever Cyric was really be a police agent?
Cha0’s testimony was one of the reasons why I had my doubts as to whether Cyric had struck a deal with law enforcement like his friend El Mariachi. But in addition, Agent Mularski also seemed keen to find out who he was. Later on, I was able to deduce that Mularski was telling the truth—he didn’t know who Cyric was and was almost as determined as I was to find out.
A little earlier when I was perusing the court documents in the Matrix001 case in southern Germany, I was suddenly struck by something else. There was another administrator that nobody had mentioned. His name was Shtirlitz. I was getting used to the fact that new evidence and characters would appear out of the blue and that such events almost always entailed reassessing the work I had done until this point.
I was also being to realise that if the police were reluctant to discuss a prominent member of a carding forum, it usually meant one of two things: either he was a Confidential Informant and possibly even an Undercover Agent or they had absolutely no idea who he was.
The longer I engaged with DarkMarket, the more I came to realise an important fact about the criminals involved. They played very different roles
in this game. The most vulnerable to arrest and detection were the administrators. Although the administrators wielded considerable power within the forums and received much acclamation for it, the work was difficult and frequently unrewarding. Their relationship with law enforcement was also variegated. Cha0, for example, claims to have known from the outset that Master Splyntr really was an FBI agent whereas others, like Matrix, clearly did not.
When CarderPlanet, the original carding website, emerged in Ukraine, its members regarded the administrators, or The Family as they were known, as demi-gods. Everyone wanted to get close to the two founders, Script and Boa, who appeared so worldly and inventive.
But by the time DarkMarket came along, very few people wanted to take on the onerous responsibility of actually running the site. According to JiLsi, who made the fateful decision to invite Agent Mularski to become an administrator on DarkMarket, the only reason he finally chose the FBI undercover operative was because nobody else would do it.
JiLsi’s motivation for running the site was relatively straightforward. He craved recognition. He was having a hard time in his real life and the virtual criminal world was one in which, by contrast, he could shine. His colleagues admired his tireless work even if he was by common consent occasionally rather sloppy.
Neither JiLsi nor Matrix made much money from their work on DarkMarket but they were good hackers. They had learned to work computers inside and out from their teenage years which made them invaluable as administrators. It also, of course, ensured that they were very visible on the web. They left a huge digital trail that eventually enabled police to track them down quite easily (in both cases, they made the error of giving up too many personal details to the digital currency operation, E-Gold). JiLsi and Matrix are fine examples of what I call the First Circle of cyber criminals—often technically gifted, rarely motivated by money and more usual by the desire for recognition and prone to making basic errors, probably out of complacency.
Cha0, too, had strewn much evidence behind him even though he had a much higher standard of security than JiLsi and Matrix. He conformed much more to the Second Circle of cyber criminals—they are primarily driven by money; they are often involved in organised criminal rings, and they do not necessarily possess advanced computer skills. In Cha0’s case, he was a Circle 2 operator but with a profound knowledge of security and hacking.
The Third Circle comprises the criminals that the police never catch. They are sometimes seen fleetingly; their digital fingerprints or their MO (they way they work) cropping up now and again. This Third Circle is growing as serious criminals find ever more ingenious ways to distance themselves between the commission and execution of a crime on the web and the reaping of rewards.
Like Lord Cyric, Shtirlitz was a mystery. He looked like somebody from the First Circle and yet his elusive nature suggested, he was more at home in the Third. Again after some painstaking and often very tedious research, I ascertained that whoever lay behind this nickname had been an active member of the original carding forum, CarderPlanet, whose Ukrainian founders I describe in DarkMarket. That, admittedly, was not so hard to find out because the CarderPlanet archive can be found on the web and Shtirlitz had clearly been quite busy there. Also, a senior CarderPlanet member confirmed to me that Shtirlitz was Russian and an active carder. During those early days he was definitely not law enforcement.
But then I noticed something else. On some occasions, he spelt his name Stirlitz, on others Shtirlitz. What was the significance of the additional ‘h’ in the first spelling?
The original Shtirlitz was the fictional creation of a Russian author during the Soviet period. He was a James Bond-style double agent during the Second World War who, time and again, would save the Soviet motherland by providing vital intelligence from Berlin where he was stationed. Given the duplicitous nature of the fictional Shtirlitz, I always thought it was a rather good nickname for a cyber criminal. In Russian, this German name is spelt . If transliterated directly into English, it is spelt Shtirlitz. But if it is transliterated via German, it is written Stirlitz. Another mystery to be solved.
Just because Shtirlitz was once recognised to be a bona fide criminal activist that doesn’t mean that he remained so. It is perfectly conceivable that he was compromised by law enforcement and persuaded to work as a Confidential Informer. And it is my surmise that this explained the shift in the spelling of the name. But it is also possible that he either left carding or was arrested or just disappeared and that his online identity was assumed by law enforcement. I cannot say exactly why (without revealing a very covert source) but I am 99 per cent sure that the Shtirlitz on CarderPlanet was an American law enforcement official.
SOON AFTER my visit to Cha0, I was sitting at my desk in London one afternoon when the phone rang. It was KS, the Turkish businessman, in a state of real distress. ‘I have just received a call from Agent Mularski of the FBI, accusing me of being Lord Cyric on DarkMarket,’ he explained. ‘Is this something you told him?’ he wanted to know.
I was almost as astonished as KS because I had not told Agent Mularski about the information Mert had given me regarding KS’s possible identity as Cyric. That being the case, Mularski must have got the information from somebody else which seemed to strengthen the case for KS indeed being Cyric.
I calmed KS down and said I would make some enquiries—I also suggested that I go and visit him in his new home in Kiev, the capital of Ukraine, where he had fled for personal reasons, as far as I could make out.
I called Mularski straight away and asked him the source of his information. The only thing the agent would tell me is that his source was not from Turkey but from Western Europe.
When I arrived in Kiev, KS passionately refuted the accusation that he was Lord Cyric and I had no reason to disbelieve him—I certainly didn’t have any proof that could nail him. Nonetheless, there were curiosities about his story. The company that he had founded (and since been ousted from in Toronto) provided the server for Fernerbahçe Football Club—this was the club that in Mert Ortaç’s account both Lord Cyric and Cha0 (Sahin and Cağatay) supported. I checked up Turkey’s major football clubs—all their websites were hosted by servers in Turkey. Why would Fernerbahçe choose an obscure service provider in Toronto? My enquiries at the club remained unanswered. There were other peculiarities. KS’s movements (they were strange) coincided with the appearance and disappearance of Lord Cyric on the boards. And KS did confirm that he had worked, as Mert Ortaç had claimed, for the RCMP and the FBI.
At around the same time, Stephen Zack, the phantom Lord Cyric with a phone number in Montreal, started answering his calls. Regrettably, he never picked up when I rang but he did talk to some other carders I was in touch with. Zack stated baldly that he was Lord Cyric and furthermore he admitted to working on occasions with law enforcement. I later learned that Keith Mularski also tried to make contact with Zack. The circumstances implied that Mularski did not have prior contact with Zack, who has since disappeared as inexplicably as he reappeared. He may have been Lord Cyric but he may equally have been a fantasist.
As I write this I am still trying to confirm that Zack was indeed Lord Cyric. But the nature of this thing means it is extremely difficult. There are strong indications that I have, indeed, finally found the man but there are some disturbing implications to this if true.
Above all, I am plagued by the question why Mert Ortaç would have created such a fabulously surreal but detailed story about Cha0 and Lord Cyric. Was he being manipulated by political forces who wanted to demonstrate that DarkMarket had sinister links to the Turkish Deep State? But why did he choose to tell me? To be honest, he did not know me from Adam when I first got in touch with him and much of his story can be verified. Something is still going on behind DarkMarket and not even I, after two years of intense study, can truly understand it.
Cyric is the one figure on DarkMarket who appeared to act as a link between law enforcement and the criminals. More than anyone he appear
s to have been aware to what degree DarkMarket was, as Wired magazine dubbed it, an FBI sting site and to what extent it was a successful criminal website that culled tens of millions of pounds for its members annually.
But his case also demonstrates that the more we drown in information, the less sure we can be of the truth. Writing real history in the digital age is going to be fraught with problems with which we have not yet fully engaged. How do we establish the truth in a medium so infatuated with deception?
The hunt continues.
1 See Book 1, Part IV of DarkMarket for the Iceman story.
2 See Book 2, Part III of DarkMarket.
3 See Book 2, Part IV of DarkMarket.
4 Read about the Lingel case in Book 2, Part IV of DarkMarket.
Also by Misha Glenny
DarkMarket
McMafia
The Balkans: Nationalism, War and the Great Powers, 1804–1999
The Fall of Yugoslavia
The Rebirth of History: Eastern Europe in the Age of Democracy
A Note About the Author
Misha Glenny is a former BBC Central Europe correspondent. Glenny covered the fall of Communism and the wars in the former Yugoslavia. He is the author of McMafia; The Rebirth of History; The Fall of Yugoslavia (which won the Overseas Press Club Award in 1993 for Best Book on Foreign Affairs); and The Balkans: Nationalism, War and the Great Powers, 1804–1999. He has been regularly consulted by the U.S. and European governments on major policy issues. Misha Glenny lives in London.