The underground market of carders. Translation of KingPIN. Chapter 10. “Cris Aragon”

Kevin Poulsen, editor of WIRED magazine, and a blackhat hacker Dark Dante as a child, wrote a book about " one of his acquaintances ."

The book shows the path from a teenage geek (but at the same time pitching), to a seasoned cyberpowder, as well as some methods of work of special services to capture hackers and carders.

The beginning and the translation plan is here: " Kingpin: students are translating a book about hackers ."

The logic of choosing a book for working with schoolchildren is as follows:

• books about hackers in Russian are few (one and a half)
• there are no books about carding in Russian at all ( UPD was found alone )
• Kevin Poulsen - WIRED editor, not a stupid fellow, authoritative
• to involve young people in translation and creativity on Habré and to receive feedback from seniors
• work in soldering schoolchildren-students-specialists are very effective for learning and shows the importance of work
• the text is not very hardcore and accessible to a wide range, but it touches on information security, vulnerabilities of payment systems, the structure of the carding underground, the basic concepts of Internet infrastructure
• the book illustrates that “feeding” in clandestine forums ends poorly

Who wants to help with the translation of other chapters, write in a personal magisterludi .

(Regarding the priority, I am asked a lot of questions and advised to publish the chapters in turn. I would also like that, but alas, because I work with a lot of people who, for example, have already transferred 80% of the chapter, and then they have force majeure by 2 weeks. On the one hand, I don’t feel like pushing them, on the other hand, postponing the publication of those people who have already translated the next chapter is not entirely honest with them. Therefore, I’m publishing it.)

Chapter 10. “Cris Aragon”

(thanks to Find_The_Truth habruiser for help with the translation )

Chris Aragon
Max met his future crime friend and partner, Chris Aragon, in little Italy, San Francisco - North Beach, where the ragged strip bars and fortune-tellers coexisted with pleasant, tasteless bakeries and flyers with hot pasta. The meeting was scheduled in a cafe near the City Lights bookstore, the cradle of a hipster generation in the 50s, in the direction of Vesuvio cafe, whose walls were decorated with paintings of wine bottles and peace symbols. Down the hill, above the financial district, resting against the sky, stood the Pyramid of Transamerica.

Norminton introduced Chris Max to the muffled banging of coffee cups and saucers. These two got along right away. Forty-one-year-old Chris was a student in an Eastern theological school, a vegetarian who practiced yoga to concentrate his mind. Max, with his hippie manners, seemed to find a soul mate. They even read general books. And, like Max, Chris repeatedly had problems with the police.

It all started in Colorado when Chris was twenty-one years old. He worked as a massage therapist at the resort, receiving enough to pay rent and maintain cocaine addiction. Once he met an exuberant veteran, Albert C, whom he met in a tavern when he was serving his sentence. Xi was on the run and he needed money to leave the country. Chris was from a privileged family - his mother, Marlene Aragon, worked in Hollywood as a talented singer. Not so long ago, she had the joy of participating in the children's morning cartoon Call Super Friends on ABC, voicing the revenge cat Sorceress Chita. However, he also loved the romantic images of criminals - in his apartment on the wall hung a poster representing the cover of the Waylon Jennings album Lady Love the Fugitives. Chris took Albert into the business and took pleasure in the brave, albeit unsuccessful,

The first robbery at Aspen Saving & Loan started off quite well: it was morning when Chris, in a white and blue bandana covering his braces, sent an 11mm automatic machine gun at the bank manager to open the safe. He and Albert pushed the manager inside, where they found a cleaning lady hiding under a table that called the police. Woeful criminals fled in a hurry. The second robbery, in the Pitkin County Bank, ended before it began. Chris’s partner hid in a garbage can in the yard, planning to jump out with weapons when the first employees began to come to work. The plan was destroyed when Chris, observing from across the street, saw a garbage truck approaching a tank. The third robbery was planned better. On July 22, 1981, Chris and Albert visited the Chevrolet Salon in Rifle and stated that we would like to try a ride on the new Chevrolet Camaro. The unlucky salesman insisted that he go with them, however, as soon as they left the city, Chris stopped on the side of the road, and Albert threw the seller out of the car, threatening with a gun. Having tied the poor man with a rope, gagging his mouth, the robbers threw him into the field, rushing off in a silver sports car.

The next day, at 4:50 a.m., Chris drove the stolen Camaro up to Valley Bank and Trust in Glenwood Springs, where city dwellers spent their money on a thriving travel business. Chris himself was a client of this bank. He waited while driving, while Albert, wearing sunglasses and a leather briefcase, entered the bank. A few minutes later, Albert ran out with $ 10,000 and jumped into Camaro, on which they rushed off.

Chris drove south of the city on a dirt road that curled through rocky red hills around Glenwood Spring. Then they drove down the path, where his girlfriend was waiting with another car. Triumphing and rejoicing, Chris stopped with a skid and picked up a pillar of dust. He hopped and shouted: “We did it!” When a police car, riding on a cloud of dust, found robbers. Chris and Albert rushed up the rocky and overgrown mountains. When Chris tripped and fell on a cactus, two police officers caught up and caught him. Chris dropped his gun and surrendered. From this story, Chris taught a lesson: the stupidest thing in this robbery was a weapon and a stolen car. When, in 1986, Chris was released ahead of schedule after five years in federal prison, he became interested in credit card fraud and even had little success. After that, he met a huckster from Mexico, whom he met in a tavern. Chris helped him with the delivery of two thousand pounds (907 kg) of marijuana to a twenty-acre ranch near Riverside, California, but was immediately arrested during an undercover operation by the drug department. In September 1991, Chris was sent to prison again.

When Chris came out in 1996, he was thirty-five years old - part of his childhood and more than half of his conscious life he left behind bars. He promised himself not to break the law from now on. With the help of his mother, he founded a business called Mission Pacific Capital, which leases computer and business equipment for start-up companies that tried to be in the wake of the dot-com race.

Neatly trimmed, pleasant, with a bewitching look, Chris easily fit into the role of a businessman in Southern California. After a life full of problems and uncertainties, the charms of ordinary life accessible to the middle class seemed exotic. He loved going to conferences, meeting with employees, hiring new people, chatting with colleagues. At one of the marketing conferences, Chris met Clara Shao Yen, a stylish woman with Chinese roots who emigrated from Brazil. Fascinated by the beauty and intelligence of Clara, he soon married her. Under the leadership of Chris Mission, Pacific has earned a reputation as an innovative company, one of the first to offer instant contracts over the Internet that helped the company gain tens of thousands of customers across the country. A bank robber and a drug dealer in the past, Chris had two prominent Orange County business partners and twenty-one employees who worked in a spacious office, not far from Pacific Coast Highway. Klara periodically "appeared" in advertising magazines and on the company's website to help the company with promotion. By the 2000s, the couple was noted on all fronts - they bought a luxurious house in Newport Beach, gave birth to a son and made a bet on improving the business to a huge extent.

This spring the dream died. The bubble of Internet companies burst and the flow of new companies, which was the foundation of Mission Pacific, began to dry up. And after that, large companies, like American Express, entered the sphere of leasing, crowding out small firms. Chris's company was one of dozens of leasing offices that were destined to collapse and burn out. He began to lay off employees, but this was not enough, and he had to admit to the rest that the company would no longer be able to pay for their work. Chris went to work in another leasing company, where he was soon reduced when a wave of layoffs swept over the sale of the company to a large bank. Meanwhile, his wife gave birth to a second boy. Therefore, when Jeff Norminton appeared to discuss the superhacker whom he met in Taft, Chris was ready to meet.

By the time he and Max met at the North Beach restaurant, Chris had already sponsored the Norminton scheme, providing the specific equipment that the Norminton said the hacker needed. Now that Chris met Max live, he was eager to see him at work. After several hours of talking, the three men left the cafe to find a place where they could hack. They went up to the twenty-seventh floor of the Holiday Inn in Chinatown, a few blocks from the hotel. They asked Max to choose a room higher than the road. Max aimed at the window, turned on the laptop, connected the antenna and started scanning Wi-Fi networks.

In 2003, the world was just beginning a big journey into the wireless world, bringing with it a big hole in defense. The revolution began with Apple’s AirPort wireless access point, later joined by iron makers Linksys and Netgear. As iron prices fell, more and more companies and ordinary users got rid of the web of blue Ethernet cables. However, the creation and integration of companies across the country into a wireless network was a hacker’s dream. In most cases, these networks used the 802.11b wireless standard, which included an encryption scheme, which, in theory, was protected from hacking, wiretapping, and connecting to someone else's network. In 2011, researchers from the University of California at Berkeley highlighted a number of serious flaws in this scheme, which allowed it to be hacked with affordable equipment and the right software. From a practical point of view, it was not necessary to resort to any technical black magic. To speed up the transition to new equipment, access point manufacturers turned off encryption by default. Companies simply used the equipment from the factory, not tinkering with the settings, naively assuming that the walls of the office would save their network from hacking from the street.

A few months before Max went to jail, a whitehat hacker came up with a sport called wardraving to show the extent of San Francisco's leaky networks. After installing the antenna on the roof of his Saturn, a whitehat hacker rode the streets of the city while his laptop scanned Wi-Fi access points. After an hour in the financial district of the city, its installation found about eighty networks. Since then, a year and a half has passed, and San Francisco, like any other big city, is mired in an invisible network of Internet traffic, accessible to anyone who wants to dive into it.

Hacking from home - for idiots and teenagers, - Max found out in his own hard way. Thanks to Wi-Fi, now he could work from almost anywhere, while remaining anonymous. This time, if the police get on Max’s trail, then all they get is one of the poor providers that Max used to connect.

The antenna Max used was huge - a two-foot-wide parabolic wire mesh that instantly tracked dozens of networks from the air surrounding Holiday Inn. He chose one of the networks and showed Chris how it works. Using a vulnerability scanner - the same software that he used penetration tests - he could scan large fragments of Internet addresses in search of known vulnerabilities, as if throwing a network into the sea of ​​the Internet. Security holes were everywhere. It was not a problem for Max to break into the networks of a financial institution or a trading corporation. It was in Norminton and Chris to decide what data they needed and how they wanted to use it. Chris is exhausted. This hacker, six and a half feet tall, semi-vegetarian, knew his job, even if he was rotten to the bone.

Chris introduced Max to one of his prison acquaintances, a real estate fraudster Werner Caner, whom Chris met at Terminal Island in the 92nd year. Caner offered Max $ 5,000 if he hacked into a personal enemy’s computer. He wrote a check to Charity, so Max did not have to explain this income to his supervising officer. The money received gave Max a little respite. He began flying to Orange County, making a mistake in the name on the ticket, so that the officers did not have information that Chris had violated the boundaries of Bay Erie, which were allowed to him under supervision. Max and Norminton hacked for a week, seeding in Chris's garage.

He downloaded a list of small financial companies from the website of the Federal Deposit Insurance Corporation, suggesting that they were the most vulnerable to attacks, and ran a script to scan each bank for known security holes. An electronic bell rang through the entire garage, signaling the completion of the scan. The worm went through all the banks and pulled out the names of customers, financial data and verification numbers of checks. The generalized approach meant that Max would again be disappointed, as was the case with the last legal penetration test. Hacking a single goal can be difficult, depending on the goal, it can even be impossible. But scanning hundreds and thousands of systems gives you the guarantee that you can find something weak. It was a game of numbers, like trying to open a car door accidentally left open in a huge parking lot.

Only Charity had a full idea of ​​what Max was doing, and she did not like it. Trying to get her location, Chris and Norminton invited a young couple to Orange County for the weekend, planning to go to Disneyland. Charity saw that Max and Chris were getting along, but something was haunting her. He was too slippery and sugary. Max switched to small e-commerce sites, where he collected a history of transactions in which credit card numbers were sometimes found. However, this hack was not targeted, neither Chris nor Norminton knew exactly what they would do with the extracted data. Fortunately, Chris had the money. Werner Caner owed him $ 50,000 and was ready to transfer money to any account convenient for Chris. Expecting to get legal, cold, tangible cash in his hands, Chris asked Norminton what he would do

The first part of the transfer went as expected, and Norminton and his friend came with Chris and received $ 30,000 in 100 dollar bills. The next day, however, went wrong, - Norminton said that his friend was sick and he needed to rest a day.
In truth, Norminton recognized the source of the money - it was a piece of Chris in the Dzhaner case, where he helped in the fraud with real estate. It was dirty money, and now Norminton was in that scheme. The next morning, Chris found a Honda, which he lent to Norminton, parked near his office - one wheel was broken and a fresh dent was visible on the wing. There was a note from Norminton in the cabin: “The FBI is chasing me. I'm getting out of town. ” Chris called Norminton's friend, guessing what they would say to him: “We are well, and we have already removed the remaining $ 20,000. I gave them to Norminton. Didn't you get them? ” Chris spotted Max through Charity and brought down a flurry of questions: what did Max know about the whereabouts of Norminton? Where is his money? Max was surprised no less than Chris by the disappearance of Norminton. Having discussed the details,

Max and Chris are mired in a routine. Once a month, Chris flew in or traveled north and met with Max in San Francisco, where they sat at the hotel. They brought Max's huge antenna up the stairs to their room and mounted it on a tripod, pointing out the window. Then Max tuned, looking for an access point with strong reception and high speed. They noticed that when hacking Wi-Fi, the height was not so much important as the view from the window. If they didn’t succeed, Chris could always ask for another room, explaining that he couldn’t catch the cellular signal or the fear of heights.

For Max, this was work, saying goodbye to Charity, he disappeared for a week at one of the city’s best hotels, in Hilton, in Westin, W, or Hyatt. Under the clang of trams that drove through the streets, Max scanned the network, grabbing any information that came across to him, not knowing what to do with it. It occurred to him to hack into the computer of Kimi and her boyfriend with whom she had left. Max planned to hack her address book in order to send out a letter on her behalf in which he would tell how she had betrayed him. He thought everyone should know that Kimi’s new life is based on betrayal.

He did not do this. He had Charity. Kimi moved, so nothing can be changed if you try to shame her. Chris signed the divorce papers shortly after. Returning to work, he began a search in Google to decide on further hacking actions - “What are other scammers doing?”, “How can I use stolen data?” He was surprised when he found answers to his questions on two sites: CarderPlanet and ShadowCrew.

To be continued