DarkMarket
Page 16
Because Dron had been banned from DarkMarket, his three French partners – Theeeel near Paris, and Lord Kaisersose and Kalouche in Marseilles – would not have noticed that Spencer Frizzell had taken him out of circulation. Nonetheless the Secret Service did not know when Matrix, the most prolific DarkMarket administrator, would be taken down by the German police backed by the Feds. And his surprise removal from the board would probably freak remaining DM members.
In Sweden, Recka knew straight away that law enforcement was on the march. He had been exchanging friendly messages with Matrix on a daily basis, and he didn’t buy the curious post that Matrix popped up with in early June 2007. My mother, Matrix explained, has had a serious accident and so I will be absent for a while. Any experienced cyber thief would immediately have concluded that the police had taken over his nickname (they had) and that this was just a feint.
Lord Kaisersose, Theeeel and company were different, of course – they were French. France was developing a peculiar contribution to cybercrime. French criminals were as doggedly francophone as the rest of their compatriots. France’s language policeman, the Académie française, had observed with unease the exponential growth of English as a global lingua franca during the 1990s. But it was pleased to note that in the digital world most French hackers and geeks were committed to battle against English, the primary source of linguistic impurities.
This meant two things: cybercrime in France was initially genuinely national – nothing like as cross-border as elsewhere in the world. The country had pre-empted the Internet with the roll-out in 1982 of its very effective information technology called Minitel, which transmitted text onto a video screen along conventional phone lines. As a consequence, the French were much further advanced in their understanding of information technology than most of the rest of the world. The Minitel system, through which customers could look up phone numbers, check their bank accounts, send flowers or talk dirty using the messageries roses, was notably more secure against hackers than the Internet, which partly explains why the Web is only now eclipsing Minitel in France. So the French were less vulnerable to early viral infections on the Internet. Furthermore, relatively few French hackers spent time on boards like CarderPlanet, Shadowcrew and DarkMarket.
Second, the advance of spam emails in France has been slow. The returns are far less tempting than those generated by English, Spanish and, latterly, Chinese mass spam mailouts. The market is simply too small. And until recently the eighty or so officers at OCLCTIC did not bother to monitor cyber threats originating in other countries (in contrast to the French military and intelligence communities, which have a highly advanced cyber capability). Operation Lord Kaisersose (the Marseilles crew) and Operation Hard Drive (Dron and Theeeel) went some way towards helping OCLCTIC agents spell out to their political masters why the French police had to engage more effectively with international law enforcement. Perhaps most astonishingly, when OCLCTIC made their arrests – complete with dozens of armed officers charging their way into addresses in Marseilles and outside Paris – there was no coverage at all in the French press: not a single item.
When arresting Theeeel, the police were mildly shocked to find that he was just eighteen years old – the youngest DarkMarketeer to be arrested anywhere in the world. He had become involved in carding to assist the funding of his university studies. If some young women find that they can only make their way through college financially by occasionally selling their bodies, it is quite predictable that young geeks must be tempted to top up their income, too. And as Theeeel discovered, once the money starts rolling in, it’s hard to kick the habit.
At first, French officers believed that Lord Kaisersose belonged to one of the many gangs of petty criminals that populate Marseilles, France’s very own Odessa: another engrossing port with an inimitable culture (and in Marseilles’s case a fabulous cuisine as well). From their surveillance, the cops had learned that one of Kaisersose’s accomplices, Dustin, owned a restaurant an hour outside the city and had form for minor fraud offences.
But when OCLCTIC officers, along with local Marseilles cops, raided the apartment of the suspect, Hakim B, in central Marseilles, they realised that Lord Kaisersose was in a higher league. Apart from the large variety of computer kit, the flat was furnished in a tasteful and elegant manner. Hakim was no street thug. He was a gifted hacker whose brother, Ali B., happened to work for DHL. There are few businesses more valuable to cyber criminals than the international courier trade. With Ali an insider at DHL, Hakim had ample means of shifting goods and cash in and out of Marseilles without anybody noticing. And that was important – because Hakim was one of the biggest resellers of dumps from the Ukrainian carding king, Maksik.
Over a two-year-period Maksik had sold Hakim the details of 28,000 credit cards, which had a ‘cash out’ value of around $10 million. Using his team – Ali, Dustin and one or two others – Hakim would send the cards to ATMs throughout southern France. He was careful never to use any French cards, only American ones. Had the US Secret Service not approached OCLCTIC in this case, Lord Kaisersose would have remained elusive to this day – and very much richer.
25
THE INVISIBLE MAN
Renukanth thought he could start a new life. His exclusion from DarkMarket had triggered a depression that lasted for three weeks. The site that he had nurtured from nothing was the only thing that mattered to him and it had been snatched away. As the winter of 2006 gave way to spring 2007 and his initial shock receded, a strange sense of liberation slowly overcame him. He found he was able to give up smoking crack and drinking. The fog in his brain started to lift and he returned to the gym, in an effort to lose some of the weight that had developed during his days as DarkMarket’s obsessive administrator. JiLsi was small, and it was a short journey from being stick thin to bulbous fat.
After a few weeks he sent a request to the DarkMarket administrators to allow him back onto the site. This they did, although they rejected his request to return as administrator. Instead, they conferred a unique – if meaningless – honorific title, Respected Member.
He could no longer wield the power of life and death over the website’s members, but he continued to assist its smooth functioning. One member had worked a credit card scam at a Texaco garage in Portsmouth on England’s south coast. Somebody had installed a mini-camera in the ceiling above the point-of-sale machine at the checkout. Not only were the cards being skimmed, but their owners were being filmed inputting their PINs. Unfortunately for JiLsi, he agreed to act as Escrow Officer purely as a favour to the other member. But worse than this, he asked another member, Sockaddr, to cash out the cards in the United States. Sockaddr was the primary undercover Secret Service agent on DarkMarket.
But JiLsi’s activity on the board became less frequent – his carding days were coming to an end. Although he had yet to work out what to do next, he was pretty sure that it was time to go straight. He had to extract himself from the mess he was in.
Renu’s sixth sense was also telling him that something strange was happening. He would watch, listen and smell for the faintest rustle, like a deer alert for danger. He thought he had noticed a couple of animals stalking him. From the corner of his eye he became convinced he could see a pack of lions around the Java Bean café. He would also scan the heavens for circling vultures.
Was this paranoia, or were his two parallel lives as Renu and JiLsi in danger of colliding? Whatever the truth, it was best to plan for all conceivable outcomes. He could no longer blithely dismiss the obvious signs: a car parked near the café for too long; strangers dropping into the shop who just didn’t fit – wrong demographic, wrong clothes. After a couple of weeks Renu started varying his route to and from the Java Bean. Sure enough, he had company. These were the lions.
The vultures were members of a less-organised but equally threatening team who had issued warnings regarding certain financial obligations that Renu h
ad assumed after the disastrous episode with the memory stick more than a year earlier. They now wanted their pound of flesh. Might either group be willing to negotiate? Or would he have to flee them both?
Mick Jameson had taken over as lead officer for the JiLsi case a couple of months earlier, in March. For more than half a year his employer, the Serious Organised Crime Agency (SOCA), had been tracking JiLsi following a tip-off from Keith Mularski. Both the US Secret Service and the FBI had been targeting JiLsi for a long time, thanks to his hyperactive posting on virtually every criminal website out there (almost to the point where, if JiLsi wasn’t on your site, you weren’t really kosher). His distinctive chirpy avatar, the pirate with an eye-patch and tricorne, was irrepressible.
SOCA was the only police agency that was privy to both the FBI and the Secret Service DarkMarket operations and, to a degree, Britain’s anti-organised-crime force acted as a passive peace-maker, at least ensuring that the arrest date for Lord Kaisersose and Theeeel in France should be the same one as that for Matrix in Germany and JiLsi in England.
A surveillance team had been focusing their cameras and listening devices on the Java Bean since February. Officers had been tailing Renu. They had clocked him meeting a few people, often speaking in Tamil. They had seen him hand over cash and memory sticks to others, who would pull up in cars before shooting off again. They even stumbled across a second DarkMarket user who also frequented the Java Bean. But it was Renu they wanted. They had taken pictures of his screen with a telephoto lens. One of Jameson’s colleagues had infiltrated DarkMarket as an ordinary member and so they were able to monitor a lot of JiLsi’s postings. In addition, Mularski was feeding them invaluable intelligence. But they did not yet have definitive proof that Renukanth Subramaniam was JiLsi. For that they would need to arrest him.
The various police forces had resolved to move against him in the second week of June. Some measure of agreement had finally been reached between the Secret Service and the FBI – 12th June was D-Day. That plan was then wrecked by the anonymous emails sent to Matrix001. If JiLsi’s arrest was botched, then there was a good chance that word would get out through DarkMarket in a matter of minutes, and many years of painstaking preparation would have been in vain.
And then Jameson’s worst fears were realised – a couple of days after Matrix’s arrest, JiLsi went AWOL. One morning JiLsi had been walking not to the Java Bean, but to the nearby Wembley Park station, heading for the centre of London. As he passed IKEA on the North Circular, London’s traffic-clogged inner ring road, he noticed a peculiar-looking man. Or was it a woman? He couldn’t decide. Androgynous was perhaps the best description. He continued on his way to Wembley Park. Just as he was walking towards the underpass by the Tube station, he noticed a long-haired man on the bridge above who was watching him and talking on his phone.
After hopping on the Jubilee Line into town, JiLsi changed onto the Piccadilly at Green Park before finally getting out at Leicester Square, but, as so many people do at that station, he used the wrong exit and had to double-back towards the square itself.
His heart froze: Mr Androgyny was right there. And going across Leicester Square, packed with tourists and street artists, Renu almost bumped into Mr Long Hair. There was no doubt about it now – he was under serious surveillance.
He dived into a Chinese restaurant and wolfed down some lunch as he considered his options. He emerged into the sunlight before slipping down St Martin’s Street, the lane that narrows into a passageway alongside the National Gallery before arriving at Trafalgar Square.
Milling around Nelson’s Column, visitors were admiring the extraordinary twelve-foot-high statue that occupied the Fourth Plinth, where exhibits are rotated every eighteen months or so. Alison Lapper Pregnant depicted the eponymous British artist naked and with child. Ms Lapper had been born without arms, and the decision to mount the statue caused a great deal of fuss at the time. It drew in the crowds and, as Renu made his way through a tidal wave of tourists, his minders were buffeted behind him. He jumped on the first available bus and made his way upstairs. As it turned left into St Martin’s Lane, he looked down from the upper deck and caught a glimpse of both Mr Androgyny and Mr Long Hair, looking desperately around in search of their vanished quarry.
Renu disappeared. But he wasn’t the only one – JiLsi had made his last-ever posting on the Internet.
A couple of weeks later Renukanth was heading towards one of several properties, which, if he didn’t own, he had certainly taken out a mortgage on. He had almost reached the house, which lay slap bang under the landing path for Heathrow Airport, when his phone rang. It was his mate who lived there, warning Renu to stay away. The police had just raided the house and were brandishing a warrant for his arrest.
SOCA’s lead officer in the JiLsi investigation, Mick Jameson, had already visited Renu’s main address in Coniston Gardens, and a few others as well. Apart from his work as JiLsi on DarkMarket, the Sri Lankan was also a serial mortgage fraudster. He had repeatedly lied about his professional and financial circumstances in an effort to secure funds from lenders on a variety of properties in north, west and south London. Britain was not subject to the same sub-prime frenzy that had seized the financial industry in the US. Nonetheless, the notorious system of self-certification, whereby your word was considered sufficient proof as to your income, combined with the practice of lending up to five times an applicant’s salary (in more sober times, this figure was never more than three) meant that mortgage fraud was relatively easy in the UK. So competitive was the market that turning a blind eye had become best practice in the banking industry.
When the phone call came, though, Renu was more concerned to negotiate the deep waters into which he had swum than to consider the fine print of his various scams. He decided on the spot to go underground. For three weeks he slept rough, avoiding any of the addresses that he assumed were now under some form of surveillance. When he received the tip-off about the police raid he had about £500 with him.
Life had been frenetic and risky before, but Renu had always enjoyed his slightly spook-like existence: never staying long at a single address, surreptitiously passing memory sticks to shady-looking contacts and, of course, being lauded as a master of the carding sites, without anyone knowing who he was. At first, he thought dossing down in cardboard boxes under the arches with a group of alcoholics would contribute to that mystique. But as the money ran out and his lifestyle deteriorated to the point where it was almost hand-to-mouth, Renukanth Subramaniam – unfit, unkempt and unwell – decided that running and hiding were a dead end.
On 3rd July 2007 he walked into Wembley Park police station and gave himself up. The easy part of Operation DarkMarket was complete.
Interlude
THE LAND OF I KNOW NOT WHAT AND I KNOW NOT WHERE
Tallinn, Estonia
Four days before the official voting day of its general election in the spring of 2007, the tiny Baltic country of Estonia, with a population of just 1.25 million, offered its citizens a world first: the opportunity to cast their ballots in a parliamentary election without getting up from their PC. If the experiment worked, the ultimate aim would be to instigate a full ‘virtual election’ four years later in 2011.
Much was at stake if Estonia were to make this significant leap towards a digital future – not only did the systems have to work, but they had to be secure from outside attack as well. A year earlier Estonia had officially inaugurated its Computer Emergency Response Team (CERT), whose main job was to react to any breaches (whether accidental or malicious) in the Internet domain that bears the country’s suffix: .ee. That involves constantly monitoring the flow of Internet traffic in, around and out of the country for any abnormal patterns.
The man responsible for the entire country’s computer security is the quietly spoken Hillar Aarelaid, sporting the look of someone who has only recently got out of bed, and that unwillingl
y. He may appear distracted, but Aarelaid has a single-mindedness that saw him rise through the ranks of Estonia’s police force, where he started as a simple traffic cop in the sticks. ‘But I loved computers, so first I got a transfer here to Tallinn and eventually I was appointed Chief Information Officer for law enforcement throughout the country.’ Just as well – he definitely looks like a geek. He definitely does not look like a cop (except, at a pinch, an undercover narcotics officer from the 1980s), so perhaps it was for sartorial reasons as much as anything else that he left to run CERT in 2006.
On the day of the virtual election in 2007, CERT and Hillar’s former colleagues in law enforcement were on high alert. ‘And sure enough,’ he explained, ‘we spotted somebody had launched a botscan on the electoral system.’ Somebody, it seems, had sent out an automatic probe, which was instructed to search for any ports on the electoral servers that might have been left open by mistake. ‘This was not very serious, as botscans are pretty easy to detect,’ Hillar continued, ‘but nonetheless it was a genuine security threat.’
He then puffed himself up – as much as somebody as laid-back as Hillar can – to announce proudly that ‘Fifteen minutes after we first spotted the botscan a policeman was knocking on the door at an address in Rapla, fifty kilometres south of Tallinn, enquiring of the inhabitant, “Why are you running a botscan against the electoral computers?”’