DarkMarket had Anglo-Russian ancestors, says Soca

DarkMarket , ...

DarkMarket, the multi-million dollar cyber-exchange for criminal credit card cloners that was shut down by the FBI last week, had its origins in an earlier cybermarket run jointly by Russian and English-speaking criminals.

This was revealed by Sharon Lemon, deputy director of the UK's Serious Organised Crime Agency (Soca), which helped arrest 11 UK members out of the 56 DarkMarket members collared so far.

The web has spawned a host of cybercrimal gangs with exotic names such as the International Association for the Administration of Criminal Activity, CarderPlanet, Theftservices.com, the Russian Business Network (now believed to be based in China), and Shadowcrew. Many of them were related and run by the same people.

"CarderPlanet was the daddy of them all," said Lemon. This was a site where criminals could exchange information and materials to enable them to clone payment cards from stolen credentials. It was run jointly by Russian and English-speaking criminals until 2004 when it split along language lines, she said.

The suspected Russian administrator, King_Arthur, closed the site because it was attracting too much attention from law enforcement agencies, said Lemon. Master Splynter, the FBI agent who infiltrated DarkMarket and became its administrator, posted the same reason for closing DarkMarket on 4 October.

Some of the people behind CarderPlanet went on to form Shadowcrew and DarkMarket, said Lemon. But King_Arthur is still at large and believed to be living in Russia. Despite good co-operation between Moscow and London in the past, the present diplomatic freeze makes investigations problematic, she added.

Setting up an information exchange is simple.Traces left in the Internet Archive, suggest that DarkMarket used off the shelf software to set up a bulletin board to post details about carding goods wanted and offered. The software, vBulletin,costs only $180 for a full licence or $100 for an annual licence.

Details of how and where to log into criminal sites like DarkMarket are shared in secret, often on internet relay chat (IRC) forums. The volume of traffic on the internet makes it extremely difficult to pinpoint exchanges with criminal intent. In addition, many criminals use codewords and encryption to avoid detection. As a result, infiltration and/or sting operations are more likely to show success.

Law enforcement agencies have been content to let it be known that they run sting operations. This raises paranoia levels among gangs and probably deters casual chancers. But it is unlikely to deter serious, organised crime gangs because the rewards are rich.

Lemon said carder sites have traded millions of card details (for example, DarkMarket's price list), creating an underground economy worth millions of pounds. When he was arrested following another sting operation, Bryn Wellman, the Shadowcrew member who is now serving six years for his part in the carding site, had with him enough material to steal £250,000 in just six weeks, said Lemon. She said when DarkMarket closedit saved banks and their customers at least $70m.

Most victims were in North America, Western Europe and Australasia.The criminals who ran and benefited from DarkMarket operated from multiple jurisdictions. The arrests so far have taken place in the UK, the US, Germany and Turkey. More may follow as investigations continue.

The DarkMarket sting

DarkMarket was exposed last monthas an FBI sting operation by theGerman public broadcaster Südwestrundfunk. The FBI confirmed that its agent, named as Keith Mularski, had infiltrated DarkMarket by posing as a cyber crook.

Master Splynter ran the site for up to 15 hours a day. He saw millions of dollars traded for stolen financial information such as credit card data, log-in credentials (user names and passwords), and electronic equipment such as skimmers to carry out financial crimes.

The UK's Serous Organised Crime Agency (Soca) joined the investigation in early 2006, close to the start of the operation, Deputy director of Soca's cyber division Sharon Lemon said Soca had been interested in some of the suspects "for some time". "We have close relations with the FBI, so we agreed to pursue the case jointly," she said.

Master Splynter'sefforts in keeping untrustworthy criminals off the DarkMarket site gave up to 2,500 members a false sense of confidence, while law enforcement officials watched their every move. "They did a good job of trying to be secure, and they felt secure. There was honour among thieves, so to speak," he said.

Shawn Henry, the assistant director of the FBI's cyber division, said the bureau used the techniques pioneered to take down spy rings and mob families, namely embedding an undercover agent deep in the criminal organisation. "[It] worked beautifully in taking down DarkMarket," he said.

Read more on IT risk management