DarkMarket, the multi-million dollar cyber-exchange for
criminal credit card cloners that was shut down by the FBI last
week, had its origins in an earlier cybermarket run jointly by
Russian and English-speaking criminals.
This was revealed by Sharon Lemon, deputy director of the UK's
Serious Organised Crime Agency (Soca), which helped arrest 11 UK
members out of the 56 DarkMarket members collared so far.
The web has spawned a host of
cybercrimal gangs with exotic names such as the International
Association for the Administration of Criminal Activity,
CarderPlanet, Theftservices.com, the Russian Business Network (now
believed to be based in China), and Shadowcrew. Many of them were
related and run by the same people.
"CarderPlanet was the daddy of them all," said Lemon. This was a
site where criminals could exchange information and materials to
enable them to clone payment cards from stolen credentials. It was
run jointly by Russian and English-speaking criminals until 2004
when it split along language lines, she said.
The suspected Russian administrator, King_Arthur, closed the
site because it was attracting too much attention from law
enforcement agencies, said Lemon. Master Splynter, the FBI agent
who infiltrated DarkMarket and became its administrator, posted the
same reason for closing DarkMarket on 4 October.
Some of the people behind CarderPlanet went on to form
Shadowcrew and DarkMarket, said Lemon. But King_Arthur is still at
large and believed to be living in Russia. Despite good
co-operation between Moscow and London in the past, the present
diplomatic freeze makes investigations problematic, she added.
Setting up an information exchange is
simple.Traces left in the Internet Archive, suggest that DarkMarket
used off the shelf software to set up a bulletin board to post
details about carding goods wanted and offered. The software,
vBulletin,costs only $180 for a full licence or $100 for an
annual licence.
Details of how and where to log into criminal sites like
DarkMarket are shared in secret, often on internet relay chat (IRC)
forums. The volume of traffic on the internet makes it extremely
difficult to pinpoint exchanges with criminal intent. In addition,
many criminals use codewords and encryption to avoid detection. As
a result, infiltration and/or sting operations are more likely to
show success.
Law enforcement agencies have been content to let it be known
that they run sting operations. This raises paranoia levels among
gangs and probably deters casual chancers. But it is unlikely to
deter serious, organised crime gangs because the rewards are
rich.
Lemon said carder sites have traded millions of card details
(for example, DarkMarket's
price list), creating an underground economy worth millions of
pounds. When he was arrested following
another sting
operation, Bryn Wellman, the Shadowcrew member who is now
serving six years for his part in the carding site, had with him
enough material to steal £250,000 in just six weeks, said Lemon.
She said when DarkMarket closedit saved banks and their customers
at least $70m.
Most victims were in North America, Western Europe and
Australasia.The criminals who ran and benefited from DarkMarket
operated from multiple jurisdictions. The arrests so far have taken
place in the UK, the US, Germany and Turkey. More may follow as
investigations continue.
The DarkMarket sting
DarkMarket was exposed last monthas an FBI sting operation by
theGerman public broadcaster Südwestrundfunk. The FBI confirmed
that its agent, named as Keith Mularski, had infiltrated DarkMarket
by posing as a cyber crook.
Master Splynter ran the site for up to 15 hours a day. He saw
millions of dollars traded for stolen financial information such as
credit card data, log-in credentials (user names and passwords),
and electronic equipment such as skimmers to carry out financial
crimes.
The UK's Serous Organised Crime Agency (Soca) joined the
investigation in early 2006, close to the start of the operation,
Deputy director of Soca's cyber division Sharon Lemon said Soca had
been interested in some of the suspects "for some time". "We have
close relations with the FBI, so we agreed to pursue the case
jointly," she said.
Master Splynter'sefforts in keeping untrustworthy criminals off
the DarkMarket site gave up to 2,500 members a false sense of
confidence, while law enforcement officials watched their every
move. "They did a good job of trying to be secure, and they felt
secure. There was honour among thieves, so to speak," he said.
Shawn Henry, the assistant director of the FBI's cyber division,
said the bureau used the techniques pioneered to take down spy
rings and mob families, namely embedding an undercover agent deep
in the criminal organisation. "[It] worked beautifully in taking
down DarkMarket," he said.