The underground market of carders. Translation of KingPIN. Chapter 30. Maksik

    Hi, Habrachitateli!
    Thank you for your patience (when tearing through the clumsiness of the translation, inconsistency of chapters and inconsistency of proper names), likes and tips. (And for translators it’s a mega-aspect, but there will be a separate post about this) I have good news - there is a spark of hope that the book will be published in paper (“IMF”) and with a professional translation. Your response is needed (necessary / not necessary / give two / I will redeem the entire circulation / books must be burned). At the end of the chapter - a survey or write in a personal.


    Kevin Poulsen, editor of WIRED magazine, and a blackhat hacker Dark Dante as a child, wrote a book about " one of his acquaintances ."

    The book shows the path from a teenage geek (but at the same time pitching), to a seasoned cyberpowder, as well as some methods of work of special services to capture hackers and carders.

    The quest to translate the book began in the summer in an ITish camp for high school students - " Shkvoren: schoolchildren translate a book about hackers ", then Habrausers and even a little editors joined in the translation.

    Chapter 30. Maksik

    (thanks for translation to Ignat Ershov)

    Max could see what was happening. With the FBI agent at the helm, DarkMarket went to the point of putting many carders behind bars. But, like Cassandra from Greek mythology, he was cursed to know the future, and that no one believed him.

    Between a USA Today article and his failed attempt to expose Master Splyntr, Max felt the heat go down on him. In November, he announced Iceman’s resignation and staged a show transferring the site to Th3C0rrupted0ne.
    He isolated himself from society until the situation calmed down and three weeks later he took the bulletin board back under a different pseudonym. Iceman is dead; long live “Aphex.”

    Max was tired of his cramped quarters at Post Street Towers, so Chris dragged Nancy, one of his coffers, to San Francisco to rent a one-room apartment for Max at Foxstone’s Archstone Tower Complex in the business district. She was placed as a sales representative for Capital Solutions, a corporation opposite Aragon, used to launder part of his profits. Ty, returning from a trip to Mongolia, was given the task of being in the apartment and accepting the delivery of the bed paid with her legal American Express card. Chris later settled with her.

    By January 2007, Max was back at work in his new shelter with a bunch of WiFi deployed around. Fox Plaza was a giant step toward luxury compared to Post Street Towers, but Max could afford it - he could pay a monthly rent after only a couple of successful days trading dumps. Like Digits, Max has now been recognized by some carders as the second most successful magnetic strip seller in the world.

    The first place on the list was firmly taken by the Ukrainian, known as Maksik. Maksik worked outside the carder forums by launching his own web-shop of stolen cards at Maksik.cc. Customers would first send Maksik a prepayment via egold, WebMoney, postal order or Western Union. Thus, they would buy access to his website, where they could already choose the dumps they wanted by BIN and type of card and place of registration. For his part, Maksik would press a button to confirm the transaction, and the buyer would receive an email with the dumps that he ordered directly from Maksik's huge database of stolen cards.

    Products from Maksik were phenomenal, with a high percentage of success at the checkout and with a huge selection of BINs. Like Max, Maksik's cards were received when they were held at PoS terminals of outlets. But instead of scoring points in small shops and restaurants, Maksik got his cards from a much smaller number of gigantic goals: Polo Ralph Lauren in 2004; Office Max in 2005. Within three months, Discount Shoe Warehouse lost 1.4 million cards received from 108 stores in 25 states that went directly to the Maksik database. In July 2005, a record number of 45.6 million dumps were stolen from TJX's TJ Maxx, Marshalls, and HomeGoods distribution network.

    Это было то время, когда подобные утечки могли оставаться в секрете между хакерами, компаниями, и федеральными правоохранительными органами, а пострадавшие клиенты держались в неведении. Чтобы подтолкнуть компании сообщать об утечках, некоторые агенты ФБР следовали негласному принципу убирать имена компаний из обвинительных актов и пресс–релизов, защищая корпорации от плохой рекламы в виду их ничтожной безопасности. В случае 1997 года с Карлосом Сальгадо младшим – первая крупномасштабная онлайн кража кредитных карт – власти убедили судью, выносящего приговор, навсегда опечатать судебный протокол, из-за страха, что пострадавшую компанию ждет “потеря бизнеса в виду сложившегося мнения, что компьютерные системы могут быть уязвимы.” Следовательно, восемьдесят тысяч жертв никогда не были уведомлены, что их имена, адреса и номера кредитных карт были выставлены на продажу в IRC.

    In 2003, California effectively terminated such cover-ups when SB1386, the first national law on mandatory leak disclosure, was passed by the legislature. The law required hacked organizations that ran businesses in the Golden State to quickly alert potential victims of identity theft about a leak. In subsequent years, forty-five other states passed similar laws. Now, not a single significant leak of customer data has remained a secret for a long time since the discovery of the company and banks.

    The headings around the gaps in giant stores only added shine to Maksik's product - he did not try to hide the fact that he traded dumps from retail chains. When the attack on TJX appeared on the news in January 2007, the details that were released also confirmed what many carders already suspected: the Ukrainian had a hacker in the USA supplying him with dumps. Maksik was the intermediary of a mysterious hacker from the states.

    In mid-2006, the hacker was apparently in Miami, where he parked at two TJX-owned Marshalls stores and hacked into their WiFi. From here, he jumped into the local network and made his way to the corporate headquarters, where he launched a packet sniffer to catch live credit card transactions from Marshalls, TJ Maxx, and HomeGoods stores across the country. Sniffer, as will be later discovered by the investigation, worked undetected for seven months.

    Max had a rival in America, and damn good.

    Thanks to the hacker Maksik and Max Vision, the popular opinion among consumers that web transactions were safer than shopping in real life has now become completely wrong. In 2007, most compromised cards were stolen from retail stores and restaurants. Penetration into huge stores led to the compromise of millions of cards at a time, but holes at small points of sale were more common - a Visa analysis found that 83 percent of credit card leaks were from stores that process a million or fewer Visa transactions per year, with the majority of thefts in restaurants.

    Max tried to keep the sources of his dumps secret, falsely asserting in posts on the forum that the data was obtained from credit card processing centers in order to lead investigators astray. But Visa knew that PoS terminals in restaurants were under attack. In November 2006, the company issued a brochure for the food services industry warning of hacker attacks that occur through VNC and other remote access programs. Despite this, Max continued to find a steady stream of vulnerable eateries.

    But this was not enough for Max. He did not go into the data theft business to be the second of the best. Maksik cost him money. Even Chris now bought from two: from Max, and from Maksik, depending on which seller would offer him a profitable deal with the best dumps.

    At the direction of Max, Ti made friends with the Ukrainian for several months and urged him to start trading at the Carders Market. Maksik politely refused and offered to visit him someday in Ukraine. Having been refused, Max dropped his gloves and gave the Trojan program to send to Maksik, hoping to gain control of the Ukrainian dump database. Maksik ridiculed a hacking attempt.

    Perhaps it would be more comfortable for Max if he knew that he was not the only one who was disappointed with Maksik’s serious security.

    Federal law enforcement agencies have been tracking Maksik since he became the most powerful criminal in Operation Firewall. Secret Service agent, working undercover, bought dumps from him. Postal Inspector Greg Crabb worked with law enforcement agencies in Europe to capture the carders who had business with Maksik, and now he has provided the information to the Ukrainian National Police. In early 2006, Ukrainians finally established that Maksik is someone Maxim Yastremsky from Kharkov. But they did not have sufficient evidence to arrest.

    The United States has refocused on calculating the source of Maksik's hacks. Egold once again provided a starting point. The Secret Service analyzed Maksik's accounts in the egold database and found that from February to May 2006, Maksik transferred $ 410,750 from his account to Segvec, a dump seller for Mazafaka, supposedly located in Eastern Europe. The outgoing transfer implied that Segvec is not one of Maksik’s clients, but a supplier that receives its share.

    The feds got a chance for more accurate information in June 2006, when Maksik was vacationing in Dubai. Secret Service agents from San Diego worked with the local police to sneak-and-peek into his room, where they secretly copied his hard drive for analysis. But it was a dead end. Important material on his disk was encrypted with a program called Pretty Good Privacy (Note: “Strong Privacy”). This was quite enough to stop the Secret Service on its way.

    Carders, such as Maksik and Max, were at the forefront in mastering the unexpected gift of the computer revolution: cryptographic programs are so strong that, in theory, even the NSS could not break them.

    In the 1990s, the Department of Justice and the FBI, Louis Frech, tried very hard to make such encryption illegal in the United States, fearing that it would be mastered by organized crime, pedophiles, terrorists, and hackers. These efforts were doomed. American mathematicians spent decades deciding to develop and publish highly reliable encryption algorithms that competed with their own government certified systems; the genie was released from the bottle. In 1991, a US programmer and activist named Phil Zimmerman released the free Pretty Good Privacy program (Note: “Secure Privacy”), which was available over the Internet.

    But this did not stop the attempts of law enforcement and intelligence. In 1993, the Clinton administration began production of the so-called Clipper Chip, an NSB-developed encryption chip designed for use on computers and phones, designed with a “key recovery” feature that would allow authorities to crack the cipher legally if necessary. The chip had a complete failure in the market and by 1996 the project had died.

    After that, lawmakers began to act slowly in the opposite direction, talking about revising the export restrictions of the Cold War era, which classified strong encryption as “weapons”, which were mostly banned for export. The restrictions forced technology companies to remove strong ciphers from key Internet software, weakening online security; at the same time, foreign companies were not bound by law and were in a good position to get ahead of America in the encryption market.

    The feds responded with a stern counter-offer that would make it a five-year criminal offense to sell any encryption software in America without a built-in “back door” for law enforcement agencies and secret agents of the authorities. In a resolution of the House Subcommittee in 1997, a lawyer from the Ministry of Justice warned that hackers would become the main consumers of legitimate encryption, and used the arrest of Carlos Salgado to confirm his position. Salgado encrypted a CDROM containing eighty thousand stolen credit card numbers. The FBI was able to access them only due to the fact that the hacker gave the key to a fake buyer.

    “This time we were lucky because Salgado’s buyer worked for the FBI,” the statement said. “But if we were to investigate this case in a different way, the law enforcement agencies would not be able to get into the information on Salgado’s CDROM. “Crimes like this have serious consequences regarding the ability of law enforcement agencies to protect commercial data, along with privacy.”

    But the feds lost encryption and by 2005, unbreakable encryption was easily accessible to anyone who wanted it. Predictions about the death were mostly not justified; most criminals were not technically savvy enough to use encryption.

    Max, however, was. If all his trading had failed and the feds would have made their way through the door of his refuge, they would have discovered that everything he collected during the crime, from credit card numbers to hacker code, was encrypted using an encryption program made in Israel called DriveCrypt - A 1,344-bit military-grade cipher, which he purchased for about $ 60.

    He expected the authorities to arrest him anyway and demand a key phrase from him. He would claim to forget her. A federal judge of any place would order him to reveal the secret key, and he would refuse. He will be under suspicion, maybe a year, and then released. Without his files, the authorities would not have any evidence of real crimes committed by him. No chance left - Max was sure. He was unattainable.

    To be continued

    Published translations and publication plan (as of February 25)
    PROLOGUE (GoTo camp students)
    1. The Key (Grisha, Sasha, Katya, Alena, Sonya)
    2. Deadly Weapons (Young programmers of the FSB of the Russian Federation, Aug 23)
    3. The Hungry Programmers (Young programmers of the FSB of the Russian Federation)
    4. The White Hat (Sasha K, ShiawasenaHoshi )
    5. Cyberwar! ( ShiawasenaHoshi )
    6. I Miss Crime (Valentine)
    7. Max Vision (Valentine, Aug 14)
    8. Welcome to America (Alexander Ivanov, Aug 16)
    9. Opportunities (jellyprol)
    10.Chris Aragon (Timur Usmanov)
    11. Script's Twenty-Dollar Dumps (George)
    12. Free Amex! ( Social Technology Greenhouse )
    13. Villa Siena (Lorian_Grace)
    14. The Raid (George)
    15. UBuyWeRush (Ungswar)
    16. Operation Firewall (George)
    17. Pizza and Plastic (done)
    18. The Briefing (George)
    19. Carders Market (Ungswar)
    20. The Starlight Room (Artem TranslationDesigner Nedrya)
    21.Master Splyntr (Ungswar)
    22. Enemies (Alexander Ivanov)
    23. Anglerphish (Georges)
    24. Exposure (+)
    25. Hostile Takeover (fantom)
    26. What's in Your Wallet? (done)
    27. Web War One (Lorian_Grace?)
    28. Carder Court (drak0sha)
    29. One Plat and Six Classics (+)
    30. Maksik (Ignat Ershov)
    31. The Trial (+)
    32. The Mall (Shuflin +)
    33. Exit Strateg y (done)
    34. DarkMarket (Valera aka Dima)
    35. Sentencing (comodohacker +)
    36. Aftermath (ex-er-sis?)
    EPILOGUE

    Only registered users can participate in the survey. Please come in.

    If the book comes out at IMF

    • 25.3% buy a paper version 32
    • 30.1% buy an electronic version 38
    • 38% free download 48
    • 2.3% ready to pre-order 3
    • 0.7% I can help with PR 1
    • 3.1% other 4

    Also popular now: