The underground market of carders. Translation of KingPIN. Chapter 36. Aftermath
Kevin Poulsen, editor of WIRED magazine, and a blackhat hacker Dark Dante as a child, wrote a book about " one of his acquaintances ."
The book shows the path from a teenage geek (but at the same time pitching), to a seasoned cyberpowder, as well as some methods of work of special services to capture hackers and carders.
The quest to translate the book began in the summer in an ITish camp for high school students - " Shkvoren: schoolchildren translate a book about hackers ", then Habrausers and even a little editors joined in the translation.
How to cover the entire network can be found in Chapter 34: “DarkMarket” . The story of the trial and the verdict is set out in the previous chapter: Chapter 35: “The Sentence” .
By the time Max Vision was convicted, the Secret Service was already able to identify the mysterious American hacker who made Maksik one of the coolest carders in the world, and was preparing to condemn him, which would be some mitigation of the situation for Max.
The turning point in that case occurred after the events in Turkey. In July 2007, the Turkish police received information from the Secret Service that Maksik was twenty-five-year-old Maxim Yastremsky, who was resting in Turkey. An undercover agent lured him to a nightclub in Kemer, where police arrested him and seized a laptop. Police found that the laptop’s hard drive was tightly encrypted, much like during a covert operation in Dubai a year earlier, when the cops tried to quietly merge its contents. However, after spending several days in a Turkish prison, Maksik pushed out the desired seventeen-character password. The police removed the encryption from the disk and transferred the contents to the Secret Service, where they began to closely study the data. Of greatest interest to them were the logs of Maksik in ICQ.
One of the interlocutors was different from the rest: a user with UIN 201679996 apparently helped Maksik with an attack on Dave & Buster's restaurant chain and discussed with him some of the previous highly qualified hacks that Maksik announced about himself. Agents checked this UIN and found out the e-mail used during registration: soupnazi@efnet.ru.
SoupNazi is a pseudonym that became known to secret service agents back in 2003 during the arrest of Albert Gonzalez. Gonzalez was an informant who handed over to the secret Shadowcrew carders service, luring them into a fake VPN. His actions led to twenty-one arrests during Operation Firewall - the legendary secret service strike on the carding scene. For many years before Gonzalez’s participation in Shadowcrew, his pseudonym in the IRC was SoupNazi.
It seems that the snitch, who previously allowed the operation Firewall, has now reached a new level and began to commit the largest network thefts in US history.
A month after the Firewall operation, Gonasales received permission to move from New Jersey back to Miami, where he began the second episode of his hacking career. He took the nickname Segvec and impersonated a Ukrainian under the nickname Mazafaka at the East European Forum. Under the motto “Get Rich or Die Trying” (50 Cent’s album title and Maksik’s motto in Shadowcrew), Gonzalez launched a series of multi-million dollar cyber thefts that affected tens of millions of Americans.
On May 8, 2008, the feds detained Gonzalez and his supporters in the United States. Trying to commute the sentence, Gonzalez again collaborated with agents, handing them the encryption key from his own disk (I don’t understand why these guys use encryption ... - approx. translator ), as well as information about all of his associates. He admitted to hacking TJX, OfficeMax, DSW, Forever 21 and Dave & Buster's network. In addition, he also admitted that he assisted Eastern European hackers in breaking into the Hannaford Bros. chain stores, the 7-Eleven's ATM network and the Boston Market, as well as the processing company Heartland Payment Systems, from which the hackers managed to withdraw about 130 million (!) Cards. It was a very lucrative time for a hacker. During the investigation, Gonzalez showed the feds the backyard of his parents, where he buried more than a million dollars in cash. The government has secured the confiscation of the money, as well as the sports BMW Gonzalez and his firearm Glock 27.
Gonzalez recruited his team from the “untouched reservoir” of underground hackers who were not recognized on the white-hat scene. Among them was Jonathan “C0mrade” James. While still a teenager, he hacked into NASA and received six months for this conditionally, by the way, this happened the same week when Max Vision pleaded guilty to the Pentagon hacks in the 2000th. After a short fame and several interviews in popular media, James chose to go backstage and live quietly in the house he inherited from his mother in Miami. Then, in 2004, he allegedly began working with Gonzalez and his assistant Christopher Scott. The feds were convinced that James and Scott had dumped the first card dumps into Maksik’s vaults, and were also responsible for breaking OfficeMax's Wi-Fi network of stores and stealing thousands of encrypted dumps and PINs ... These two provided Gonzales with data, and he negotiated with some other hacker about their decryption. After these attacks, companies that issued stolen cards were forced to reissue about 200,000 cards.
Of all the hackers, Jonathan James paid the highest price for his criminal past. After the May raid in 2008, Jonathan became convinced that the Secret Service would try to hang on him all the crimes of Gonzalez to justify his informant in the eyes of the public. On May 18, a twenty-four-year-old boy went into the bathtub, taking his gun, and shot himself.
" I was disappointed in our justice system."He wrote in his five-page posthumous note." Perhaps this message and what I will do today will reach the public. Anyway, I lost control of the situation, and this is the only thing I can do to fix it all. ” González was sentenced to twenty years in prison in March 2010. His accomplices were sentenced to two to seven years, while in Turkey Maksik was found guilty of breaking Turkish banks and sentenced to thirty years in prison.
After the arrest of Max, underground fraudsters continued to throw people. In the worst cases, they used trojans to steal passwords for online banking of victims and transfer money directly from the attacked computer. The thieves came up with a witty way to solve the problem that once worried Chris Aragon - how, actually, to get the money?
They hired ordinary people for allegedly “work at home,” and the work itself consisted of receiving money and salaries by transfers and further sending the bulk of the money to Eastern Europe through the Western Union system.
In 2009, when this scheme became truly massive for the first time, banks and their customers lost about $ 120 million, and the main target of the attacks was small business.
Meanwhile, dump sales continue to this day, now basically a new generation of "suppliers", although you can meet the old names - Mr. BIN , Prada , Vitrium , The Thief ... Law enforcement agencies however claim that they managed to achieve some long-term results. For example, not a single well-known English-language forum has yet appeared to replace Carders Market and DarkMarket, and Eastern European boards have become more closed and protected.
Serious players began to use encrypted chat servers that work only on invites. The black market is still alive, but the carders have lost a sense of impunity, and their activities have been saturated with paranoia and distrust, thanks mainly to the activities of the FBI, the Secret Service and their post offices, as well as their international partners.
The veil of secrecy that once surrounded hackers and corporations seems to have begun to evaporate, and the law no longer allowed companies to justify their own insecurity ( most likely, this refers to changes in the law, according to which companies were now responsible for the weak protection of their customers' data - approx. translator) Several names of companies affected by the Gonzalez hacks were made public during the trial. Finally, Mularski’s injection to DarkMarket made it clear that the feds do not have to make a deal with the bad guys in order to carry out their raids.
All the most despicable episodes in the computer underground wars took place “from the hand” of informants: for example, Brett “Gollumfun” Johnson (the snitch who worked for some time as the Carders Market administrator) turned the Anglerphish Secret Service operation into a uniform booth when he started doing tax scams on the side.
Albert Gonzalez was also a case in point - after the Firewall operation, the Secret Service paid him about $ 75,000 a year, while he himself made the largest thefts in history at that time. The hacks he conducted after leaving Shadowcrew led to multiple lawsuits. TJX paid ten million dollars to close the lawsuits brought against her in more than forty countries of the world and another 40 million dollars to banks whose cards were compromised. Banks and credit institutions have also filed numerous lawsuits against Heartland Payment Systems (a very large US processing center - approx. Translator ) due to massive transaction processing irregularities.
Gonzalez’s attacks broke a hole in the main defensive bastion of the entire credit card industry: the so-called Payment Card Industry Data Security Standard ( PCI-Data Security Standard ), a standard that describes all the steps that merchants and processing centers should take steps to protect credit card data. Heartland was PCI certified, and Hannaford Brothers got certified even when hackers poked around their systems while stealing data.
When the hype around Gonzalez’s grand thefts subsided, smaller, but much more numerous attacks on various restaurant chains using POS startedPoint of Sale - a system that allows an institution to serve credit cards - approx. translator ). Seven restaurants in Mississippi and Louisiana, which were hacked, found that they all use the same POS processing - Aloha POS, which, incidentally, was one of Max's favorite targets. The restaurants filed a class action lawsuit against the manufacturer and the company that sold them the terminals - Computer World from Louisiana, which supposedly installed remote access software on all terminals and set the password " computer"on each of them. The root cause of all these hacks was just one single security hole, exactly 3.375 inches in size - a magnetic strip on a credit card. This is a technological anachronism, flashback from the era of magnetic tape, and today the United States is almost the only one all over the world, a country that leaves this vulnerability open, more than a hundred countries around the world, in Europe, Asia, even in Canada and Mexico, are already using or are starting to use a much more secure system called EMV, or chip-and-PIN. The new magnetic cards use a microchip built directly into the plastic card ( close to that used in SIM cards).), which uses the cryptographic “handshake” algorithm for authentication in the POS terminal and further communication with the processing center. This system does not allow copying the card even to an attacker who has full access to the data line, since the sequence used during the “handshake” changes every time.
Here I translated the word handshake, although in cryptography this term is usually not translated - approx. translator.
White-hats have developed several attacks on the EMV system, but none of this applies to the current mass dump market. At the moment, the main gap in the new system is the ability to conduct magnetic stripe operations, as a fallback for Americans traveling abroad or tourists visiting the United States. American banks and credit organizations refused to introduce chip-and-PINs due to the space cost of replacing hundreds of thousands of POS terminals with new ones. In the end, the financiers decided that the losses from scammers are acceptable, even if crackers like Iceman roam their networks.
-
This is my first translation, it is objectively somewhat weak, so I ask you to write off all the noted shortcomings in the drugs. Thanks!
The book shows the path from a teenage geek (but at the same time pitching), to a seasoned cyberpowder, as well as some methods of work of special services to capture hackers and carders.
The quest to translate the book began in the summer in an ITish camp for high school students - " Shkvoren: schoolchildren translate a book about hackers ", then Habrausers and even a little editors joined in the translation.
How to cover the entire network can be found in Chapter 34: “DarkMarket” . The story of the trial and the verdict is set out in the previous chapter: Chapter 35: “The Sentence” .
Chapter 36. “Consequences”
By the time Max Vision was convicted, the Secret Service was already able to identify the mysterious American hacker who made Maksik one of the coolest carders in the world, and was preparing to condemn him, which would be some mitigation of the situation for Max.
The turning point in that case occurred after the events in Turkey. In July 2007, the Turkish police received information from the Secret Service that Maksik was twenty-five-year-old Maxim Yastremsky, who was resting in Turkey. An undercover agent lured him to a nightclub in Kemer, where police arrested him and seized a laptop. Police found that the laptop’s hard drive was tightly encrypted, much like during a covert operation in Dubai a year earlier, when the cops tried to quietly merge its contents. However, after spending several days in a Turkish prison, Maksik pushed out the desired seventeen-character password. The police removed the encryption from the disk and transferred the contents to the Secret Service, where they began to closely study the data. Of greatest interest to them were the logs of Maksik in ICQ.
One of the interlocutors was different from the rest: a user with UIN 201679996 apparently helped Maksik with an attack on Dave & Buster's restaurant chain and discussed with him some of the previous highly qualified hacks that Maksik announced about himself. Agents checked this UIN and found out the e-mail used during registration: soupnazi@efnet.ru.
SoupNazi is a pseudonym that became known to secret service agents back in 2003 during the arrest of Albert Gonzalez. Gonzalez was an informant who handed over to the secret Shadowcrew carders service, luring them into a fake VPN. His actions led to twenty-one arrests during Operation Firewall - the legendary secret service strike on the carding scene. For many years before Gonzalez’s participation in Shadowcrew, his pseudonym in the IRC was SoupNazi.
It seems that the snitch, who previously allowed the operation Firewall, has now reached a new level and began to commit the largest network thefts in US history.
A month after the Firewall operation, Gonasales received permission to move from New Jersey back to Miami, where he began the second episode of his hacking career. He took the nickname Segvec and impersonated a Ukrainian under the nickname Mazafaka at the East European Forum. Under the motto “Get Rich or Die Trying” (50 Cent’s album title and Maksik’s motto in Shadowcrew), Gonzalez launched a series of multi-million dollar cyber thefts that affected tens of millions of Americans.
On May 8, 2008, the feds detained Gonzalez and his supporters in the United States. Trying to commute the sentence, Gonzalez again collaborated with agents, handing them the encryption key from his own disk (I don’t understand why these guys use encryption ... - approx. translator ), as well as information about all of his associates. He admitted to hacking TJX, OfficeMax, DSW, Forever 21 and Dave & Buster's network. In addition, he also admitted that he assisted Eastern European hackers in breaking into the Hannaford Bros. chain stores, the 7-Eleven's ATM network and the Boston Market, as well as the processing company Heartland Payment Systems, from which the hackers managed to withdraw about 130 million (!) Cards. It was a very lucrative time for a hacker. During the investigation, Gonzalez showed the feds the backyard of his parents, where he buried more than a million dollars in cash. The government has secured the confiscation of the money, as well as the sports BMW Gonzalez and his firearm Glock 27.
Gonzalez recruited his team from the “untouched reservoir” of underground hackers who were not recognized on the white-hat scene. Among them was Jonathan “C0mrade” James. While still a teenager, he hacked into NASA and received six months for this conditionally, by the way, this happened the same week when Max Vision pleaded guilty to the Pentagon hacks in the 2000th. After a short fame and several interviews in popular media, James chose to go backstage and live quietly in the house he inherited from his mother in Miami. Then, in 2004, he allegedly began working with Gonzalez and his assistant Christopher Scott. The feds were convinced that James and Scott had dumped the first card dumps into Maksik’s vaults, and were also responsible for breaking OfficeMax's Wi-Fi network of stores and stealing thousands of encrypted dumps and PINs ... These two provided Gonzales with data, and he negotiated with some other hacker about their decryption. After these attacks, companies that issued stolen cards were forced to reissue about 200,000 cards.
Of all the hackers, Jonathan James paid the highest price for his criminal past. After the May raid in 2008, Jonathan became convinced that the Secret Service would try to hang on him all the crimes of Gonzalez to justify his informant in the eyes of the public. On May 18, a twenty-four-year-old boy went into the bathtub, taking his gun, and shot himself.
" I was disappointed in our justice system."He wrote in his five-page posthumous note." Perhaps this message and what I will do today will reach the public. Anyway, I lost control of the situation, and this is the only thing I can do to fix it all. ” González was sentenced to twenty years in prison in March 2010. His accomplices were sentenced to two to seven years, while in Turkey Maksik was found guilty of breaking Turkish banks and sentenced to thirty years in prison.
After the arrest of Max, underground fraudsters continued to throw people. In the worst cases, they used trojans to steal passwords for online banking of victims and transfer money directly from the attacked computer. The thieves came up with a witty way to solve the problem that once worried Chris Aragon - how, actually, to get the money?
They hired ordinary people for allegedly “work at home,” and the work itself consisted of receiving money and salaries by transfers and further sending the bulk of the money to Eastern Europe through the Western Union system.
In 2009, when this scheme became truly massive for the first time, banks and their customers lost about $ 120 million, and the main target of the attacks was small business.
Meanwhile, dump sales continue to this day, now basically a new generation of "suppliers", although you can meet the old names - Mr. BIN , Prada , Vitrium , The Thief ... Law enforcement agencies however claim that they managed to achieve some long-term results. For example, not a single well-known English-language forum has yet appeared to replace Carders Market and DarkMarket, and Eastern European boards have become more closed and protected.
Serious players began to use encrypted chat servers that work only on invites. The black market is still alive, but the carders have lost a sense of impunity, and their activities have been saturated with paranoia and distrust, thanks mainly to the activities of the FBI, the Secret Service and their post offices, as well as their international partners.
The veil of secrecy that once surrounded hackers and corporations seems to have begun to evaporate, and the law no longer allowed companies to justify their own insecurity ( most likely, this refers to changes in the law, according to which companies were now responsible for the weak protection of their customers' data - approx. translator) Several names of companies affected by the Gonzalez hacks were made public during the trial. Finally, Mularski’s injection to DarkMarket made it clear that the feds do not have to make a deal with the bad guys in order to carry out their raids.
All the most despicable episodes in the computer underground wars took place “from the hand” of informants: for example, Brett “Gollumfun” Johnson (the snitch who worked for some time as the Carders Market administrator) turned the Anglerphish Secret Service operation into a uniform booth when he started doing tax scams on the side.
Albert Gonzalez was also a case in point - after the Firewall operation, the Secret Service paid him about $ 75,000 a year, while he himself made the largest thefts in history at that time. The hacks he conducted after leaving Shadowcrew led to multiple lawsuits. TJX paid ten million dollars to close the lawsuits brought against her in more than forty countries of the world and another 40 million dollars to banks whose cards were compromised. Banks and credit institutions have also filed numerous lawsuits against Heartland Payment Systems (a very large US processing center - approx. Translator ) due to massive transaction processing irregularities.
Gonzalez’s attacks broke a hole in the main defensive bastion of the entire credit card industry: the so-called Payment Card Industry Data Security Standard ( PCI-Data Security Standard ), a standard that describes all the steps that merchants and processing centers should take steps to protect credit card data. Heartland was PCI certified, and Hannaford Brothers got certified even when hackers poked around their systems while stealing data.
When the hype around Gonzalez’s grand thefts subsided, smaller, but much more numerous attacks on various restaurant chains using POS startedPoint of Sale - a system that allows an institution to serve credit cards - approx. translator ). Seven restaurants in Mississippi and Louisiana, which were hacked, found that they all use the same POS processing - Aloha POS, which, incidentally, was one of Max's favorite targets. The restaurants filed a class action lawsuit against the manufacturer and the company that sold them the terminals - Computer World from Louisiana, which supposedly installed remote access software on all terminals and set the password " computer"on each of them. The root cause of all these hacks was just one single security hole, exactly 3.375 inches in size - a magnetic strip on a credit card. This is a technological anachronism, flashback from the era of magnetic tape, and today the United States is almost the only one all over the world, a country that leaves this vulnerability open, more than a hundred countries around the world, in Europe, Asia, even in Canada and Mexico, are already using or are starting to use a much more secure system called EMV, or chip-and-PIN. The new magnetic cards use a microchip built directly into the plastic card ( close to that used in SIM cards).), which uses the cryptographic “handshake” algorithm for authentication in the POS terminal and further communication with the processing center. This system does not allow copying the card even to an attacker who has full access to the data line, since the sequence used during the “handshake” changes every time.
Here I translated the word handshake, although in cryptography this term is usually not translated - approx. translator.
White-hats have developed several attacks on the EMV system, but none of this applies to the current mass dump market. At the moment, the main gap in the new system is the ability to conduct magnetic stripe operations, as a fallback for Americans traveling abroad or tourists visiting the United States. American banks and credit organizations refused to introduce chip-and-PINs due to the space cost of replacing hundreds of thousands of POS terminals with new ones. In the end, the financiers decided that the losses from scammers are acceptable, even if crackers like Iceman roam their networks.
-
This is my first translation, it is objectively somewhat weak, so I ask you to write off all the noted shortcomings in the drugs. Thanks!
Published translations and publication plan (as of April 3)
PROLOGUE ( GoTo camp students )
1. The Key (Grisha, Sasha, Katya, Alena, Sonya)
2. Deadly Weapons (Young programmers of the FSB of the Russian Federation, Aug 23)
3. The Hungry Programmers (Young programmers of the FSB of the Russian Federation)
4. The White Hat (Sasha K, ShiawasenaHoshi )
5. Cyberwar! ( ShiawasenaHoshi )
6. I Miss Crime (Valentine)
7. Max Vision (Valentine, Aug 14)
8. Welcome to America (Alexander Ivanov, Aug 16)
9. Opportunities (jellyprol)
10. Chris Aragon (Timur Usmanov)
11. Script's Twenty-Dollar Dumps (George)
12. Free Amex! ( Social Technology Greenhouse )
13. Villa Siena (Lorian_Grace)
14. The Raid (Georges)
15. UBuyWeRush (Ungswar)
16. Operation Firewall (Georges)
17. Pizza and Plastic
18. The Briefing (Georges)
19. Carders Market (Ungswar )
20. The Starlight Room (Artem TranslationDesigner Nedrya)
21.Master Splyntr (Ungswar)
22. Enemies (Alexander Ivanov)
23. Anglerphish (Georges)
24. Exposure
25. Hostile Takeover (fantom)
26. What's in Your Wallet?
27. Web War One (Lorian_Grace?)
28. Carder Court (drak0sha)
29. One Plat and Six Classics
30. Maksik (Ignat Ershov)
31. The Trial (Bogdan Zhur)
32. The Mall (Shuflin)
33. Exit Strategу ( r0mk)
34. DarkMarket (Valera aka Dima)
35.Sentencing (Comodohacker)
36. Aftermath (Psychosynthesis, admin ShipInfo )
EPILOGUE
1. The Key (Grisha, Sasha, Katya, Alena, Sonya)
2. Deadly Weapons (Young programmers of the FSB of the Russian Federation, Aug 23)
3. The Hungry Programmers (Young programmers of the FSB of the Russian Federation)
4. The White Hat (Sasha K, ShiawasenaHoshi )
5. Cyberwar! ( ShiawasenaHoshi )
6. I Miss Crime (Valentine)
7. Max Vision (Valentine, Aug 14)
8. Welcome to America (Alexander Ivanov, Aug 16)
9. Opportunities (jellyprol)
10. Chris Aragon (Timur Usmanov)
11. Script's Twenty-Dollar Dumps (George)
12. Free Amex! ( Social Technology Greenhouse )
13. Villa Siena (Lorian_Grace)
14. The Raid (Georges)
15. UBuyWeRush (Ungswar)
16. Operation Firewall (Georges)
17. Pizza and Plastic
18. The Briefing (Georges)
19. Carders Market (Ungswar )
20. The Starlight Room (Artem TranslationDesigner Nedrya)
21.Master Splyntr (Ungswar)
22. Enemies (Alexander Ivanov)
23. Anglerphish (Georges)
24. Exposure
25. Hostile Takeover (fantom)
26. What's in Your Wallet?
27. Web War One (Lorian_Grace?)
28. Carder Court (drak0sha)
29. One Plat and Six Classics
30. Maksik (Ignat Ershov)
31. The Trial (Bogdan Zhur)
32. The Mall (Shuflin)
33. Exit Strategу ( r0mk)
34. DarkMarket (Valera aka Dima)
35.Sentencing (Comodohacker)
36. Aftermath (Psychosynthesis, admin ShipInfo )
EPILOGUE