Honeypot VPNs: the 'Cumbajohnny' example - CONFIRMED

Encouraging best practices in the VPN industry via independent, community-certified verification of clean installers and clean basic service operations. Let's reward the good, and make the bad a little bit less tempting 〰 github repo#cleanVPN
User avatar
Posts: 612
Joined: Sun Dec 16, 2012 6:34 am

Honeypot VPNs: the 'Cumbajohnny' example - CONFIRMED

Post by Pattern_Juggled » Mon Jan 14, 2013 8:47 am

Cybercrime Paper: Kingpin, by Kevin Poulsen
Written by: HNet
[tab=30] *Note: This was my term paper for my Cybercrime class

Kingpin: How one Hacker Took over the Billion-Dollar Cybercime Underground
By Kevin Poulsen

Max Butler grew up in the small town of Meridian, Idaho just outside of Boise. From this small community grew one of the most notorious card traders in the world. Taking over the underground trader circles by undercutting or stealing other card traders information and shutting down their sites. While this book has many other players involved or had run-ins with the law similar to Max, the primary focus of this paper is on Max Butler and his rise and fall in the digital underground.

Max developed an interest in computer from his father who owned a computer shop, comprised of the old giant computers that corporations used. Max began programming in the BASIC language at eight years old and was hooked. At around the age of fourteen his parents divorced. This hit the young Max hard, “the divorce devastated the teenager and seemed to reduce him to two modes of operation: relaxed, and full-bore insane. When his manic side flared, the world was too slow to keep up; his brain moved at light speed and focused like a laser on whatever task was before him.” (Poulsen 13) Because of this intense side of Max his friends would try to keep things from him. His friends had found a key in the school and after discovering it was the master key to the schools locks, decided to save it for a high school prank. When Max found out he talked his friend into going in to the school. “Max and John entered the school that very night and went berserk. One or both of them scrawled messages on the walls, sprayed fire extinguishers in the hallways, and plundered the locked closet in the chemistry lab. Max carted off an assortment of chemicals and piled them into the backseat of his car.” (Poulsen 15) The chemical theft was eventually traced back to Max and he was convinced of first-degree burglary and grand theft. Upon his conviction he was sent for a psychiatric evaluation and was diagnosed as bipolar. Because the theft was at the school he was expelled and sent to live with his father in Boise. This was his first conviction by law enforcement, but not his first run in with the law.

While in high school, Max would read through print outs from bulletin board systems or BBS’s, which were the hang outs of the pre-internet era. Max followed the exploits of the phone phreaking scene with contributors like Taran King, Knight Lighting and the Phone Phanatic among others. “A typical issue was packed with tutorials on packet-switched networks like Telenet and Tymnet guides to telephone-company computers like COSMOS, and inside looks at large-scale operating systems powering mainframe and mini-computers in air-conditioned equipment rooms and around the globe.” (Poulsen 14) On these boards Max’s first re-branding began, he called himself “Lord Max.” One night while using his Commodore 64 to scan free long-distance code, he caught the attention of the secret service. They came to his house, and because he was a juvenile they gave him a warning, this first of many run-ins with law enforcement.

Once in college, Max had access to the Internet which by today would be in it’s infancy at just seven years old and primarily only accessed by universities, government agencies and large corporations. He soon found a whole new world online where you could interact with people all over the world in an online environment called a MUD or “multi-user dungeons,” based loosely on the game Dungeons and Dragons. He soon joined a MUD called TinyMUD that deviated from the traditional MUD formate of Dungeons and Dragons and was more of a social room. He urged his girlfriend at the time to join the TinyMUD. After a period of time the two grew apart and eventually she dumped him in the chat room. This infuriated Max and he threatened her life. The rooms administrators were able to trace the ip address back to Max. The local sheriffs department called and requested a copy of Max’s computer files. The University denied this request to the sheriff but did lock Max out of the network. In a last ditch effort for Max to save his relationship with his now ex-girlfriend, he invited her over to his house. After reassuring her that everything was fine and nothing would happen, she came into the house and to his room. Once there she confessed that she met someone else and was no longer interested in Max. After speaking with her new interest Max lost his cool and at some point put his hands around her throat. After letting her go, charges were pressed against him. He was offered a misdemeanor deal, but just prior to his hearing Max saw his ex and her new interest. After a confrontation with them, Max drove a van so close to them that they could feel the breeze from it. The deal was off and Max was convicted and ordered to server five years in a state prison.

Such a tragic end to a promising year. Max was working with his father in his computer store. Declared his major in computer science at Boise State University. “Like all students, he was given an account on the school’s shared UNIX system. Like a few of them, he started hacking the computer right away.” (Poulsen 20) This was expected from students by the administrators and was often over looked as long as there wasn’t any damage being done. However, Max always wanting to push the limits started looking into other systems security earning him a short bad form the network. All the promising skills he was developing at school came to an end with the conviction. However other opportunities presented themselves after Max had gotten out of prison.

Once Max was out of prison he found some work through a temp agency but was often unrewarding. This sent Max to start looking around the old stomping grounds of the Internet. Internet Relay Chat (IRC) and found himself in “warez” or pirated software chat rooms. Again, changing his identity, this time to “Ghost23,” enjoying the challenges of cracking software, that his day job did not provide for him, causing Max to get careless. He was storing the warez on a corporate server. The ISP took notice and was able to trace it back to him.

Max’s friend Tim got together with a group of college friends and other like minded individuals in San Fransisco’s silicon valley and started “Hungry Programmers.” When Tim heard of Max’s release, several of the members who knew him went up for a homecoming party. After learning that Max was having a hard time keeping jobs because of his criminal record, he offered max to come down and try and make a name for himself in the booming silicon valley, re-branding himself at Max Vision.

Landing himself a job as a system administrator, Max was full of hope for his new lease on life until “a process server showed up at his cubicle to hand him a $300,000 lawsuit filed by the Software Publishers Association, an industry group that had decided to use his piracy bust to send a message.” (Poulsen 27) Because Max re-branded himself many did not realize he was the one in press. This worked out for Max because after the press left he was only fined a few thousand dollars and some consulting work. The incident also introduced Max to the FBI. Agent Chris Beeson asked Max for his help in the new digital underground, where criminals much more dangerous than Max or people like him were starting to hide out. Max began writing various reports on different warez sites or groups and sending the reports into the FBI.

Doing the right thing made Max feel great, like he was helping people, a do gooder. Instead of breaking in to peoples computers or cracking software Max considered himself a “White Hat” hacker. A white hat hacker is someone “who identifies a security weakness in a computer system or network but, instead of taking malicious advantage of it, exposes the weakness in a way that will allow the system’s owners to fix the breach before it can be taken advantage by others.” (TechTarget) However, Max could not leave his more mischievous “Ghost23” personality behind him and would often let his curiosity get the best of himself. Tim got a call from a system administrator who traced someone poking around their network back to the hungry programmers. Tim knew it was Max and told him that he needed to get permission before going into someone else’s network. Confused by this because Max through of himself as a good guy and would understand that his work was for good.

Max had met a new love interest and moved in with her, at the same time started working as a consultant for Matt Harrigan, “Digital Jesus”, who owned Microcosm Computer Resources. Max would be doing what he loved and getting paid for it, breaking into computer systems. While doing legal hacking Max would often dig around other systems to help find errors. One such system was the Berkeley Internet Name Domain (BIND), “Developed in the early 1980s with a grant from the Pentagon’s Defense Advance Research Project Agency (DARPA), BIND implemented the scalable Domain Name System (DNS), a kind of distributed telephone directory that translates stings like Yahoo.com, which humans understand, into the numeric addresses the network comprehends.” (Poulsen 35) This program made using the Internet much easier and understandable for the average person. Instead of having to remember four sets of numbers known as an Internet protocol (IP) address, you would just have to type in the name of the web site like the before mentioned Yahoo. Max found a flaw, more specifically a line of code: “bcopy (fname, anbuf, alen = (char*)*cpp – fname);” (Poulsen 35) that would completely change Max’s new life. When the exploit became published Max contacted his FBI contact Chris Beeson and informed him that the exploit was very dangerous and could easily be exploited. Max had a plan in mind to stop others from exploiting this vulnerability on government computers. To Max he was again the do gooder and thought he would not get in trouble because he was helping, not hurting the government. “His code would operate in three rapid fire stages. It would begin by flinging a virtual grappling hook through the BIND hole, executing commands that forced the machine to reach out over the Internet and import a 230-byte script. That script, in turn, would connect it to a different host infiltrated by Max, where it would download a hefty package of evil called a rootkit.” (Poulsen 38). A rootkit is a program that allows the creator access to the infected machine to have “root” or complete access to the machine. Not only would Max patch the machines he would also have access to them if he wanted or needed it. This was part of the flaw that would eventaully catch up with him. Instead of notifying the FBI of what could be done or just running the program to scan, exploit the vulnerability, and then patch it without leaving a hole open, Max’s problems would have been less severe. Max’s attack caught the attention of Vern Paxson who was developing a new kind of program that would eventually become know as an Intrusion Detection System. Max caught the message being sent from Paxson to Carnegie Mellon University’s Computer Emergency Response Team (CERT) and sent an anonymous email to Paxson that what he was doing was for the greater good. Satisfied with his work, he shut down the program and started working on another project along the same lines. Instead of scanning computers for the vulnerability Max created a site, whitehats.com, that when the user came to it. They could request their machine be scanned and patched.

The illegal patching Max had conducted on government computers caught up with him when Chris Beeson knocked on his door and served him a warrant and told him that they knew all about what he had done. Along with Chris was Eric Smith, an Air Force investigator. Max went on to explain how he had conducted the search and patch in great detail. Eric explained to Max how exactly they were able to trace the attack back to him. While there the agents had Max write up a confession and asked if anyone else was involved and he indicated that his boss, Matt Harrigan, knew what Max had been up to. The agents took advantage of Max’s situation and convinced him to work for them, beyond just writing reports. His first assignment was to infiltrate an international group of phone phreaks called DarkCYDE, keeping the logs from his IRC chats and forwarding them on the FBI. Max’s next assignment was to visit Def Con, the world’s largest hacker conference. Max’s purpose there was to get other hackers real names and exchange encryption keys used in email exchanges. Max still felt loyal to his fellow hackers and wasn’t really interested in getting the information the FBI wanted and instead attended talks and parties. One such talk was done by Jennifer Granick on the legalities of computer hacking. Her talk went on to say that you need to get a lawyer before speaking or making any kind of deal with law enforcement. All the things that Max had already done, giving him mixed feelings about what he had already done. These feelings made Max feel that the relationship with Chris Beeson wasn’t working out along with the emails he received after missing appointments that if he was unwilling to cooperate that there would be repercussions. Eventually Max did show up for a meeting, at which time was informed that the FBI was interested Max’s boss, Matt Harrigan because he was bidding on a contract with the National Security Agency (NSA) and wanted to know what his involvement in the BIND attack was. The FBI wanted him to wear a wire and meet with Matt, Max did meet Matt but changed his mind about wearing the wire. Telling Matt what was going on and calling Jennifer Granick to see if she would represent him. Several months after the FBI dropped Max as an informant, when he got a lawyer; he was informed that he was going to be prosecuted for the BIND attack.

While waiting for the trial Max started consulting on his own, claiming that there wasn’t a system he couldn’t get into. In the wake of his site whitehats.com and the movement from blackhats to whitehats in the security community where white hats would openly disclose and discuss computer vulnerabilities. “Keeping bugs private only benefited two groups: the bad guys who were exploiting them, and vendors like Microsoft that preferred to fix security holes without confessing the details of their screwups.” (Poulsen 50) Because of these bugs, Bugtraq provided an outlet for those searching for security flaws a legal way to present their findings. Marty Roesch developed a program called Snort that would monitor for these security flaws and indicate to the operator running the software that an attack had or was occurring. Max saw this program as an opportunity to continue doing good for the community. “In a single sleepless night, Max more than doubled the count, whipping up 490 signatures.” (Poulsen 52) Putting these files on his whitehats.com website and giving it the name Advance Reference Archive of Current Heuristics for Network Intrusion Detection Systems, or arachNIDS. Putting both Max and Snort into the security communities star ranks. With this latest project done, he moved to another promising project known as the Honeynet Project. A honeypot is a server, or software that tricks an attacker into thinking they are in a “live” machine. While the attacker is looking around the honeypot tracks their movements and records them for further analysis. With all this positive work in the security community an opportunity was presented to Max to work for a new company named Hiverworld, where some of the Hungry Programmers had already found work and Marty Roesch, the creator of Snort was just hired on. The company was looking to take the success of Snort and go beyond it to stop attack outright.

The day Max was supposed to work the FBI knocked on his door. Instead of answering the door, he called his lawyer Granick to figure out what he should do and was advised to turn himself in. Max called Hiverworld and told them that he would not be able to make it in for a few days and would let them know why as soon as possible, but the local press beat him to it and broadcast the incident on the news, causing Hiverworld to cancel its job offer. Max was being charged on fifteen counts of illegal interception of communications, computer intrusion and possession of stolen passwords. Max had supporters from all over the world trying to convince the judge that Max was really one of the good guys and that his contributions to the security community had made a huge difference in the way computer security was moving. “The prosecutor took the opposite position. Max he argued, had pretended to be an FBI informant while secretly committing crimes against the U.S. government. It was worse than if he had never cooperated at all.” (Poulsen 62) Even with all the support Max had received, Judge Ware had already made up his mind and that letting Max off with a light sentence would send the wrong message to the hacker community. Max was sentenced to eighteen months in prison and three years on probation. Max felt that this was another injustice, like his prison term in Idaho, for protecting Matt Harrigan. The judge allowed him a month to get his affairs in order; he turned over his websites and the server holding arachNIDS to Kimi. Shortly after Max was in prison he was on the phone with Kimi when the server stopped working. Max tried getting her to fix it, Kimi realized when she wasn’t cut out for this kind of life and soon wanted a divorce.

While in prison, Max’s life would change dramatically through the people he met while serving his term. One person in particular he met Jeffery James Norminton, a con man with a knack for high-stakes cons. While Jeffery got out shortly after meeting Max, Max still had another year on his term. He was released early to a halfway house where Max was allowed some freedom and required to find a job. In desperation after finding it hard to land a job after such a high profile court case, Max sent out emails to several people who had once respected him asking for any kind of work. Max determined to go straight did find work building servers and with help from his Hungry Programmer friends was able to find a place to live once he was let out of the halfway house.

With Kimi out of Max’s life, he fell for one of his housemates, Charity. Still looking to get back into the security community, Max still was asking for work and did manage to land a small contract to run a penetration test on the company’s network. Despite Max’s best efforts he was unable to breach the companies’ security. Security had improved dramatically while Max was in prison, after running out of options he tried something different. He targeted the companies’ users, known as a client side attack. This is the most common type of attack because it works nearly 100% of the time. Users are considered the weakest part of any companies’ security structure. This can be done either by calling a user and getting them to go to a website and clicking on a link that will download malware or through emails and opening up a file that is infected with malware. Max had used this technique back in 2003 and even today it is just as easily done. Despite Max gaining access to the companies’ website, they were outraged. They had agreed to a physical security test on their servers. Max began to rethink if he was cut out for computer security.

Max received a surprising email from Jeff and later met up with him. The two had made plans in prison to break into the financial system and steal enough money to retire. Max struggling to make ends meet while the people he had worked with prior to his prison sentence were doing very well for themselves. Because both were broke and Max needed new equipment to pull off the job they had to go to an outside source to get the funding needed. Jeff introduced Max to Chris Aragon and the two hit it off immediately. Like Jeff and Max, Chris had a criminal background of mainly botched bank robberies, credit card fraud and eventually drug smuggling. After prison Chris went straight starting a company as a lease broker for all the new companies starting up during the dot-com boom. When the dot-com bubble burst, Chris’s company went under, taking a job at another lease broker he was eventually let go. When he heard about the opportunity from Jeff, he took it. With the necessary funding and equipment, Max provided them with a demonstration of what he planned on doing. Getting a hotel room high above San Francisco, Max used a wireless antenna to pick up wireless access points that were just coming on to the market. These wireless access points were ideal because there was either no security or it was very weak allowing for remote access to the internet. Max learning the hard way, not to hack from home used a very large antenna to scan the horizon for open wifi connections to use for his attacks.

They began looking for security holes in financial institutions and when one was found they would go in and pull out customer information. This eventually led to small commerce sites pulling the same information. They were unsure what to do with all the information they had been gathering. Chris had some money coming in from another fraud job he had done. Jeff and a friend went to collect part of the money and then give it to Chris. Jeff ended up stealing the second part of the money and took off. With the third member of the crew out of the picture Max and Chris focused on what to do with the information Max had been collecting. While searching on Google he came across two sites where he could put his information to good use, CarderPlanet and ShadowCrew. CarderPlanet was based in Eastern Europe and ShadowCrew in the United States. These sites were a portal for anyone who wanted to obtain a fake identity, sell credit card information, and create fake credit cards among other things. Chris decided to test out some of the cards and see if they really work. After paying for the credit card numbers, some equipment to reprogram gift or credit cards with the new numbers he determined that the best places to use them were where employees don’t actually handle the cards to notice they were fakes. After a successful run, Chris informed friends and soon had a small network. Chris informed Max that fake credit cards are where the money is.

Max just needed to get the magnetic strip information Chris needed for the cards and knew exactly where the best place to get that information was. “There were thousands of potential sources sitting in plain sight, right on CarderPlanet and ShadowCrew. The carders themselves would be his prey.” (Poulsen 87) Crafting his attack with a trojan horse known as Bitfrost Trojan. Setting up a page with manufactured AMEX card numbers and posing as another well know carder, he posted a link to the page he created and waited for other carders to go to the page and open the file. The file had the Trojan horse hidden in it and would infect everyone who clicked on the file. Max just had to sit back and wait for the machines with the Trojan to respond back to Max. Once he had access he would look around their computers and take whenever credit card information he could find along with whatever other information he thought could be useful. With the Trojan in place he would be able to return whenever he needed taking new information from them when available. While Max was going though one of his victim’s computers he noticed a program called Camtasia and its purpose it to record the users computers screen. This didn’t seem right and Max dug further and discovered the victim’s computer was full of FBI reports. Instead of turning this victim into the carder community Max and Chris decided to hold onto this information in case something bad happened to them.

With a steady stream of card information coming in from Max, Chris started building up his end by getting a house in the suburbs, getting the necessary equipment to make fake cards and identification. Once the cards were made, Chris would have a crew made up mostly of young women to go out and make various purchases, bring the goods to a drop point where he would pay them and then have the goods sold on eBay or various other auction sites. Max was being paid almost $10,000 a month for his work.

Action from Max’s past was catching up with him again. While living with one of the Hungry Programmers, he had managed to get the source code for half-life two. The FBI tracked the code back, once the FBI found out it was Max Vision, they finished up their search and worked to obtain a warrant for Max’s new place. Max had a head start on them and was able to hide the computers he was using for his new enterprise. After the brief exchange with the FBI things were getting back to normal again. As Max and Chris started making more and more money their distrust for each other grew. Max felt that Chris was shorting him on their pay arrangement because Chris liked to party, was spending a lot of money on his habit, and was getting sloppy with his conduct after a close call in San Francisco where he used some fake cards to pay for a hotel and was picked up. For Chris the investigation went nowhere and was sentenced to probation.

Max had stumbled across one of the biggest security breaches in the credit and debit card history. The CCV, the security code on the back of cards, was not being checked by the majority of banks. It was designed to help prevent against large withdrawals or fraudulent purchases. Because of this breach, PIN numbers were the considered gold in the carder community. “Max plugged himself into the Citibank cash-out in his own way: He Trojaned an American mule named Tux, and started intercepting the PINs and account numbers the carder was getting from his supplier.” (Poulsen 110) Max believed the source was King Arthur, who was in charge of CarderPlant. His hunch turned out to be right and Max undercut Tux by telling King that Tux was ripping him off. Max now was King’s cash-out mule. Max passed this onto Chris who would max out the withdraw limit and then sent out his crew to max out the card by shopping, this completely annoying Max because the cards were designed to have cash taken out. Max had to resort to a Plan B where he would not give everything over to Chris, but began to withdraw money himself, sending a cut to King. This was very lucrative for Max and was able to move into a $6000 a-month rental and installed a safe for $250,000 all in cash.

Always keeping a low profile in the ShadowCrew site, Max felt something was changing for the worse. The site had added a new administrator who was offering a VPN, virtual private network, where members communicate in private for a price. “But VPNs have one well-known weakness: everything transpiring over the network has to be funneled through a central point, unencrypted and vulnerable to eavesdropping.” (Poulsen 113) Max had written a program called Privmsg that could reconstruct an IRC chat on a hacked honeypot. This looked very close to Max and he didn’t trust the new administrator Albert “Cumbajohnny” Gonzalez. Max was right, Cumbajohnny was an informant for the Secret Service. The VPN was their equipment and were able to track down several of the other carders. Cumbajohnny even managed to take down the rival site CarderPlanet and even his own site was now closed.

Because Max had kept a low profile he was able to escape the madness of the two sites closing and many of its members in jail. Leaving the high profile life style behind and getting back with Chris. Because his usual source of card information was gone, Max was just shooting in the dark looking for anything he could find. Always scanning the internet for machines that were vulnerable hoping to find something, and find something Max did. He was inside of a computer and realized it was the back end system of a point of sale terminal for a pizza shop. The customer’s information was being saved in plain text saving every transaction. Max sorted out all the card numbers and then provided Chris with some new numbers from a direct source. Because there were so many cards Max and Chris decided to start selling the information to other carders. Max still didn’t trust Chris completely and installed a back door on to Chris computer and discovered he was being cheated. Because Chris knew too much about Max for him to completely drop him he recruited someone he thought he could control better, Chris’s sidekick John Giannone. The relationship for Max was working out and life started to return to normal for Max, he was in heaven as a professional hacker doing what he loved. Having trouble finding a good place to sell his goods, Max decided to start his own site CarderMarket.

Max thought his problems were behind him when Jeff ran out. One problem was that Max and Chris would occasionally give Jeff’s partner Werner cards from time to time. While trying to start over on the other side of the country he was robbed by an old criminal associate he was given a new batch of cards and almost immediately messed up while purchasing some high end watches. When the police picked him up he spilled everything about Chris and “Max the Hacker,” and that his girlfriend’s name was Charity Majors. Luckily the report got lost in the shuffle.

Ready to launch his new site under the name “Iceman” because it was a common name used online. Reaching out to the old “big names” of the carding circle to join his site, Max established his site and was the one to go to. Max also set up a new account for himself after seeing that the government went after the administrators who were also selling, calling his new account “Digital.” Max also wanted to bridge the gap between the western carders and the Russian ones. Chris had come across such a girl through the young women he used as his crew who he called Tea that would eventually come to work closely with Max on trying to penetrate the Eastern European carders.

Building a site in the wake of several federal busts and international carder sites shutting down, a lot of people were suspicious of each other and many had good reasons to be. For many of the bigger names they agreed to make deals for lesser sentences if they helped bring in others. One such person was Brett “Gollumfun” Johnson, who was eventually outed by the group and during a search of his apartment Secret Service agents found several hiding places full of cards. Including cards that lead back to John Giannone.

In the mean time Max was using a vulnerability in RealVNC, a program that allowed for remote access and control of machines. Scanning the internet for the vulnerability Max would stumble across the necessary machines to pull the card information he needed. While things were going successfully in his hacking endeavors, thing on CardersMarket weren’t. As mentioned before people were suspicious of FEDs in the rooms and one such user was out to get Max, this user was Dave “El Mariachi” Thomas. He began looking at the details of Max’s registration for CardersMarket and the trails often lead to areas where law enforcement had a lot of influence. Dave managed to get CardersMarket kicked out of their hosting service causing Max to scramble for a new host and he found one, in one of the most unlikely places, Iran. With personality issues and other competing sites, Max was hatching a plan to take out the competition on the other English speaking carder sites and force them to use his own. Penetrating the various sites my either poor passwords, vulnerabilities in SQL used for databases; Max set out to show the carder community by taking over the sites, removing the forums and then shutting them down. Once completed Max moved on to the Eastern European sites and gaining access but not taking down the sites. Taking all the members and add them to his site. Out of all the sites Max took over DarkMarket, a UK carder site, managed to get back on its feet. Max having another site to compete with reached out to one of the new members he had acquired. Master Splynter was a well known spammer and had his own botnet, which is a group of computers that have been hacked and sit idle until a command is sent to it. Often used for spam or distributed denial of service attacks (DDoS) that can take down individual or corporate websites by over flowing the number of requests coming in, over loading the website and shutting it down. Master Splynter was really what Max was being accused of, a FED. Keith Mularski managed to penetrate the carder community as Master Splynter, creating a back story as a spammer from a large take down operation in which spammers from all over the world were targeted. Providing him with the credibility he needed to fit it. Keith was right in the middle of DarkMarket and CarderMarket going to war with each other and had high level access to both sites. With Max winning out in the battle, JiLsi, the operator of DarkMarket turned to Master Splynter for help. Taking advantage of the situation, Master Splynter told him he could set up a secure server that would stop his problems. After Keith received permission from the FBI to set up a server it was just a matter of convincing JiLsi to make the transfer. After another DDoS attack the site was finally transferred over.

The battle with El Mariachi was escalating to the point where Max wiped the hard drive clean of his site, “the Grifters” and made an announcement that he had one. The only problem with this was Dave “El Mariachi” Thomas had been talking to a reporter and the whole ordeal was soon on USA Today. With the additional attention to the site, Max was over loaded with verification requests and had to push off the work on to other administrators. After freeing up some of the responsibility to others Max could focus back on his hacking until a Canadian hacker names Silo brought it to his attention that Master Splynter may be a FED. Max made it his mission to find out if this was true. After doing some digging Max was able to track an IP address Master Splyter used back to a dummy corporation set up by the National Cyber Forensics and Training Alliance in Pittsburgh, confirming he was a FED. Keith quickly did damage control by having the information removed before others could verify the information. Master Splynter took quick advantage of the situation and turned on JiLsi claiming that he was a Fed and moving the server out the US and in to the Ukraine thanks to some police contacts there as quickly as possible.

With Master Splynter getting away and no one believing Max he decided it was time to retire from the site and letting Th3Corruptedone take over, which would be another mistake for Max. But he was drawn back after a few weeks under a new name “Aphex.” Max now lying low wouldn’t help him because of the problems with other people he had associated with. When Giannone was busted for selling cards, he tried his best to keep Max, Chris and Tea out of it. After he was found guilty and waiting for his sentenceing, the same Secret Service agents who testified at his trial started interviewing him to find out who else he had worked with. Giannone eventually spilled everything. Where Max was living, that Tea was his Russian translator and more importantly that Chris was the best way to get to Max. Giannone felt no remorse telling on Chris since there friendship had gone south. Chris’s bust came from a carless day of buying merchandise himself. The store was suspicious and called the cops. Once busted Chris used the same story he used before except the officer wasn’t buying it. Already running his name through their criminal database brought up a history of crimes. Starting with the only address they could find on him, his wife’s new legitimate business. Only one problem with it was she was running their eBay store out of the back where they would sell the goods Chris’s crew would buy. She was arrested on the spot; next the officers went to their house and found loads of blank cards.

With Chris’s arrest and later finding out Giannone had be arrested, everywhere Max looked there was someone following him. He had every right to be. The Feds were closing in gathering more from federal informants in the carder community. Even Tea was picked up and then confessed everything. On Wednesday, September 5, 2007 the agents had enough information on Max to make an arrest. Thinking he was safe because his computers were using encryption, unknown to Max was because the computers were on, they were able to get the encryption key out of memory and began searching his hard drive. “They had everything: five terabytes of hacking tools, phishing emails, dossiers he’d complied on his online friends and enemies, and 1.8 million credit cards accounts from over a thousand banks.”(Poulsen 228)They also had a copy of Max’s server thanks to Th3Corruptedone, who was a Secret Service agent. Max plead guilty to two counts of wire fraud and was sentenced to thirteen years in prison and $27.5 million in restitution.

Max tried his best to be a good security expert but the draw to the underground was too much for him. He enjoyed the rush and the freedom of it. His adventure from small time computer nerd to big time underground kingpin, had several run-ins with very prominent people in the early years of the internet and the security industry. Max had such a talent with computers; the only drawback was his on / off type personality. When he committed, he committed all the way. Thanks to this book, many of its reads will become much more aware of how serious and extensive credit cards theft had been while Max was ruling the underground in the U.S. This has also pushed the Eastern European markets further underground and much more difficult to penetrate. Max’s story has opened my eyes to what happens to peoples credit cards and has made me much more proactive in monitoring my accounts and informing others to do so too but either reading the book to telling them what can happen and how it is done.


TechTarget. (2001, May). Search security: White hat. Retrieved from http://searchsecurity.techtarget.com/de ... /white-hat

Poulsen, K. (2011). Kingpin, how one hacker took over the billion-dollar cybercrime underground. New York, NY: Crown Publishers.
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

[list]✨ ✨ ✨[/list]
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github

User avatar
Posts: 612
Joined: Sun Dec 16, 2012 6:34 am

Another victim of the FBI's exposed VPN honeypot

Post by Pattern_Juggled » Wed Jul 03, 2013 5:08 pm

9 Years After Shadowcrew, Feds Get Their Hands on Fugitive Cybercrook
BY KIM ZETTER | 07.01.131:50 PM

Nine years after the Shadowcrew carding forum was shuttered in a Secret Service sting operation, a Bulgarian accused of carding activities has been brought to the U.S. to face charges after nearly a decade on the lam.

Aleksi Kolarov, 30, was charged in 2004 in connection with an identity theft ring accused of trafficking in more than a million stolen bank card numbers. He was arrested in Paraguay in 2011 and has been held there ever since.

He arrived in the U.S. only on Friday, after being extradited, to face criminal charges in Newark, New Jersey. When nabbed in a hotel in Asuncion, he had hundreds of thousands of dollars in cash on him in multiple currencies, counterfeit bank cards and equipment for encoding account details on the magnetic stripe of the cards, authorities say.

Kolarov has been charged with one count each of conspiracy, transferring false identification documents and offering access devices without authorization.

Shadowcrew was an underground marketplace where carders and identity thieves from around the world converged to plan conspiracies, and buy and sell bank account credentials, carding equipment and other products and services.

The group was infiltrated by the Secret Service after one of its prominent members, Albert Gonzalez, was arrested in New York and flipped. Gonzalez, who became an administrator of Shadowcrew with top-level access and the respect of many of his associates, helped the Secret Service run the marketplace out of their offices in New Jersey in a scheme dubbed Operation Firewall. Gonzalez enticed Shadowcrew members to use a VPN that he said would let them communicate securely. In truth, the channel was monitored by authorities who had the ability to record and read messages in the clear.

In 2004, the Secret Service and other authorities made multiple arrests of more than a dozen members of the underground forum, but Kolarov eluded them until he was picked up in 2011 in Paraguay. Nineteen people were charged in a single indictment, of which three still remain at large, according to authorities.

Kolarov went by the online nic APK. According to an indictment, he was a vendor on Shadowcrew. At various times he offered a counterfeit UK passport and traveler’s checks.
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

[list]✨ ✨ ✨[/list]
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github