.

I Was a Cybercrook for the FBI

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Feb 03, 2007 10:53 am

I Was a Cybercrook for the FBI

Very interesting article by Kim Zetter of Wired Magazine:

By the time David Thomas eased his Cadillac into the parking lot of an office complex in Issaquah, Washington, he already suspected the police were on to him.

An empty Crown Victoria in one of the parking spaces confirmed it. "That's heat right there," he told his two passengers -- 29-year-old girlfriend Bridget Trevino, and his crime partner Kim Marvin Taylor, a balding, middle-aged master of fake identities he'd met on the internet.

It was November 2002, and Thomas, then a 44-year-old Texan, was in Washington to collect more than $30,000 in merchandise that a Ukrainian known as "Big Buyer" ordered from Outpost.com with stolen credit card numbers. His job was to collect the goods from a mail drop, fence them on eBay and wire the money to Russia, pocketing 40 percent of the take before moving to another city to repeat the scam.

But things didn't go as planned.

Ignoring Thomas' suspicions, Taylor walked into the Meadow Creek Professional Center to collect the Outpost shipment, and found the cops waiting for him. Thomas and his girlfriend tried to escape in the Cadillac but were caught half a mile away.

An ID badge that Taylor wore when he was arrested indicated that he worked for Microsoft. But that was no more accurate than the two-dozen other employee badges he possessed for E-Trade and AT&T Broadband, or the 15 driver's licenses from various states that featured his congenial face and a dozen aliases. Nor did Thomas' California driver's license help authorities identify him. Although it had his picture, the name and address on the ID belonged to a producer for the A&E channel.

With so many fake IDs in play it was unclear to police exactly who they had in custody. Then as they read Thomas his rights, he told them: "Get me some federal agents and I'll give you a case involving the Russians and millions of dollars."

Thus was the beginning of Thomas' turn to the other side. For 18 months beginning in April 2003, Thomas worked as a "paid asset" for the FBI running a website for identity and credit card thieves from a government-supplied apartment in the tony Queen Anne neighborhood of Seattle.

From bedrise to bedrest, seven days a week, he rode the boards and forums of his and other carding sites using the online nickname El Mariachi. He recorded private messages and IRC chats for the FBI as "carders" schemed to, among other things, sell stolen credit and debit card numbers, defraud the George Bush and John Kerry campaign sites, drain hundreds of thousands of dollars from bank and investment accounts, sell access to Paris Hilton's T-Mobile account and run phishing scams against U.S. Bank and the FDIC. He did it all while battling denial-of-service attacks against his site and dodging attempts by his old partner Taylor and other carders to track his whereabouts and out him as a fed.

Just as his enemies were closing in on him in September 2004, the FBI pulled the plug on his work and cut him loose. But not before Thomas had given authorities a valuable look at the internet's underworld, even though the strain of leading a double life nearly broke him.

Now Thomas is telling the story of his work during this period. It's a tale that provides a rare glimpse of the thriving international computer underground of high and low-tech thieves and swindlers whose crimes cost millions each year. It also illuminates the rarely seen world of federal law enforcement's war against these organized criminals, and the moral and ethical tradeoffs sworn agents make in pursuing their mission -- providing crooks with an electronic marketplace where they can congregate and conduct their ignominious business anonymously. Even allowing some crimes to go unpunished.

The full scope of the problem is hard to judge, but nonetheless staggering. U.S. banks lost $546 million to debit card fraud in 2004, according to banking research firm Dove Consulting, and credit card fraud losses were estimated to be about $3.8 billion globally in 2003 according to The Nilson Report. The Federal Trade Commission estimates that 10 million Americans are victims of identity theft each year. The financial impact of identity theft remains untold.

Thomas says he is telling his story now because he's tired of the life he's lived on the boards over the last five years and resentful of the control the FBI maintained over him for so long. He also wants to warn the public about the risks they face from the carding community and deter kids from being seduced into a life of crime.

The FBI's Seattle office wouldn't discuss Thomas, and neither confirmed nor denied that he worked for them. But over the last year Wired News verified other key aspects of Thomas' account in dozens of interviews with members of the underground, victims of online crimes he observed, as well as attorneys and other people connected with Thomas -- his former apartment manager, for example, confirmed that the FBI paid Thomas' rent.

Additionally, Thomas provided hundreds of chat logs and forum posts from his former website, The Grifters 1 -- a criminal marketplace that played a key role in a parade of diverse frauds, ranging from bank theft to telephone records hacking, all unfolding in a sprawling international tableau spanning from the former Soviet empire to the tropics of Colombia.

It was July 2004 and Brian Campbell had been on Isla Mujeres off the coast of Cancun for three days for a relative's wedding when he discovered he'd been scammed.

An American MBA student studying in Australia at the time, Campbell (not his real name2) was accustomed to checking his investment portfolio daily over the internet. But the wedding distracted him a couple of days, and when he finally got online, he found he was locked out of his Schwab trading account.

He called Schwab and discovered that his user name and password had been changed. What's more, $106,000 had recently been wired from his account to a Fortis bank account in Belgium. Campbell hadn't requested the transfer.

Unknown to Campbell, a cyber thief who went by the nick "desertmack" had gained access to his e-mail account and had been watching him for weeks. The Mexico wedding was the break desertmack needed. He'd been hoping a little tequila and sunshine would distract Campbell from obsessively checking his brokerage account long enough to steal the money and send it to Brussels, where an accomplice would withdraw it.


For full story:
http://www.wired.com/news/technology/0,72515-0.html

Don
CISSP, MCSE, CSTA, Security+ SME
<<

LSOChris

Post Sat Feb 03, 2007 11:21 am

Re: I Was a Cybercrook for the FBI

good article into carding and cracking.

really hard to believe that people can steal like that and live with themselves but i guess because its a faceless crime its easier...
<<

slaughterhed

Newbie
Newbie

Posts: 5

Joined: Mon Sep 03, 2007 5:34 am

Post Tue Sep 04, 2007 6:33 pm

Re: I Was a Cybercrook for the FBI

Good,enlightening,story.

Return to /root

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software