Slashdot Mirror

← Back to Stories (view on slashdot.org)

How the Secret Service Busted ShadowCrew

Posted by CmdrTaco on from the breakin-the-law-breakin-the-law dept.

plover writes "In the story Hacker Hunters, BusinessWeek Online documents how the Secret Service turned a member of the ShadowCrew and was able to arrest dozens of the members of the phishing ring. From the article: 'Law enforcement officials are often loath to reveal details of their operations, but the Secret Service and Justice Dept. wanted to publicize a still-rare victory. So they agreed to reveal the inner dynamics of their cat-and-mouse chase to BusinessWeek. The case provides a window into the arcane culture of cybercriminals and the methods of their pursuers. ' "

14 of 262 comments (clear)

  1. Re:Wasn't that here before? by DustyShadow · · Score: 4, Informative

    yes it was: http://it.slashdot.org/article.pl?sid=05/05/22/172 2243&from=rss

  2. At what cost? by xorowo · · Score: 4, Interesting

    I'm all for catching these guys, but I wonder about publicizing the details at this time. Is this supposed to make us feel better about the Patriot Act -- "look here! See how we can bust the bad guys with the 'right' tools!" -- or are we just supposed to be happy that something was done about this gang of thieves? I don't expect everything to be about freedom and democracy, but it is too easy anymore to question why authorities give us this information, rather than look at the information for information sake...if that makes any sense.

    1. Re:At what cost? by ScentCone · · Score: 4, Insightful

      but it is too easy anymore to question why authorities give us this information

      Actually, if you've ever met anyone in counter intelligence, or their bretheren in law enforcement that deal with these somewhat less tangible threats, being able to crow about a successful bust is a rare thing. Most of the time these guys have to go home every day without even being able to talk about what they do all day, even when they've really mopped up after a particularly unpleasant character or group. They can talk to each other, but they really feel (correctly, I think) that without coverage of some of their more high profile victories, that people will either not get what they do, or (worse) dream up versions of what they do, mostly based on X-Files re-runs.

      Certainly there are always going to be political components to public releases of this sort of thing. But by that I mean "political" in the sense of "making sure that people appreciate you." Not partisan politics, per se, just run of the mill See, I'm Valuable spin. No different than what happens in every office/school/church/family every day. The real accomplishments of a lot of the stealthier intel and defense people are simply never going to make the news, and it's a great frustration to the people that work in those fields. A lot of them quit and go back to the private sector just so they feel they can breathe a little. Of course, anyone in the R&D lab of a private company is going to feel the same way about drug research or battery engineering.

      --
      Don't disappoint your bird dog. Go to the range.
    2. Re:At what cost? by RodgerDodger · · Score: 4, Interesting

      These things need to be published for their deterrent value. One big problem with cybercrime is that the criminals feel that they'll never be caught, and if they ever are, then the punishment will be a slap on the wrist.

      As long as this perception (which is very valid!) exists, the risk-reward ratio makes cybercrime attractive. Busting the crooks isn't enough to change the perception - you need to let the other crooks know that they could be busted next.

      Organised crime, in particular, is a business. If they start to feel that their criminal ventures are too risky, they'll go elsewhere (quite possibly into legit business, where their complete lack of ethics will help them fit in with the rest of the corporate sharks)

      --
      "Software is too expensive to build cheaply"
  3. Re:Why doesn't this make sense? by rikkards · · Score: 3, Insightful

    Easy. There is no honor among theives.

    I read the dead tree version on Tuesday and was not that impressed. There was no technical merit in how they caught them (except for the tap) basically they got an informer on the inside and got a tap on their website.

  4. Shadowcrew Forum by Andorion · · Score: 3, Interesting
    For a short time after Shadowcrew was busted, their private forums were accessible to the public. I archived about 12 threads, one of which was a 10 page long "shadowcrew being investigated" thread.

    Here are some excerpts:

    10 full info cc's for sale

    Hello

    info details:
    NAME ON CARD: CARD NUMBER: DATE: CVV: PIN: ROUTING: CHECKING: ADRESS: CITY: STATE: ZIP: COUNTRY: PHONE: SSN: MMN: DOB:
    price is 100$ for 10 infos
    I accept e-gold
    icq xxxxxxxx

    for buyers: we can use escrow if you like

    CALIFORNIA Lic
    if you are willing to sale a real cali lic. with a clean record. iam looking for one, with these details.
    hispanic or indian, male, 5'9 to 5'11, brown eyes, black or brown hair. 160lbs to 180lbs, DOB: 1964 TO 1974..
    drop me a PM with the info & price.
    thanks for your time & be safe.

    Offering DDOS Service
    Hi,

    Firstly I can understand if the owners, and
    moderators of SC do not want this kind of service offered here, and I'll apologize in advance. However I couldn't find anything against it, other than SC being the victim of such attack.
    I'd like to be reviewed for this service, if
    possible. Thanks.
    PayPal accounts - many
    All kinds of PP ACCZ...

    Verified/No Verified, Active/No Active, Mail
    access/without, Any balance/0, USA, UK, Europe...

    icq: xxxxxxxxx

    2Admins: i can give you some for review -
    knock, knock

    people for instore... will provide dumps and matching plastic

    I am looking for people out there who would be willing to do instore for me if I provide dumps (high quality) and matching plastic. Please PM me for more info. I dont want to discuss too much here in the open.



    Scary stuff. Please use fewer junk characters. Please use fewer junk characters. Please use fewer junk characters. Please use fewer junk characters. Please use fewer junk characters. Please use fewer junk characters. Please use fewer junk characters. Please use fewer junk characters.
    1. Re:Shadowcrew Forum by PseudoThink · · Score: 3, Interesting
      Interesting...but what I'd REALLY love to see is the chat-log of the group meeting mentioned in the article. I'm guessing that around 9pm, it starts getting rather entertaining.

      From the article:

      To ensure the suspects were at home, a gang member-turned-informant had pressed his pals to go online for a group meeting.

      At 9 p.m., Nagel, the Secret Service's assistant director for investigations, issued the "go" order. Agents armed with Sig-Sauer 229 pistols and MP5 semi-automatic machine guns swooped in, aided by local cops and international police. The adrenaline was pumping, in part, because several ShadowCrew members were known to own weapons. Twenty-eight members were arrested, most still at their computers. The alleged ringleaders went quietly, but one suspect jumped out a second-story window. Agents nabbed him on the ground. Later, they found a loaded assault rifle in his apartment. The operation was swift and bloodless.
  5. Re:Why doesn't this make sense? by Cruciform · · Score: 3, Informative

    If you're a tough guy, silence is street cred.

    If you're a computer criminal, silence is 2 extra years in the slammer with your new boyfriend if you're convicted.

    No wonder they spill the beans.

  6. Re:Why doesn't this make sense? by KiloByte · · Score: 4, Interesting

    "Hacker culture" or "bottom-sucking cracker thieves culture"?

    We have enough media confusing "hacker" and "cracker" already.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  7. Nice to see actual criminals for a change.... by Vellmont · · Score: 4, Interesting

    It used to be the Secret Service wasted their time going after people publishing electronic magazines like Craig Neidorf (Phrack), people making a board game with "Hacker" as the name like Steve Jackson Games, or people looking to just break into computers for fun and understanding.

    Now they're going after actual criminals that the above people warned us about. I've got to say that's a real improvement. Of course it took actual electronic criminals to make them realize who the real enemy is.

    --
    AccountKiller
  8. Check if you're on the list. by DrEldarion · · Score: 3, Funny

    I have the huge list of e-mail addresses that were compromised. If you want to know if you're on it, please reply with your e-mail address and password and I'll get back to you if you're on the list!

  9. shadowcrew.com by Anonymous Coward · · Score: 4, Interesting

    I received an unusual spam message advertising warez, cardz, etc. and took the time to trace the message back to the shadowcrew website. The forums on this site were amazing. Basically it was a hub for people to advertise very highly illegal services, or sell lists of credit cards, passwords, etc... a hub for Identitity theives, and fraudsters.

    I reported this site to the FBI, and received the following response from them (back in October of last year).

    "Thank you for your submission to the FBI Internet
    Tip Line. Inasmuch as the FBI has recently
    received numerous reports concerning the
    "www.shadowcrew.com" Web site, there is no need to
    forward any such additional emails to us. Our
    Cyber Division is aware of this Web site, and is
    addressing the matter."

    It was only a matter of time until these idiots were caught. You can't be this open about such illegal activity and not expect a response from the feds.

  10. Re:Sloppy editing regarding firearms by sootman · · Score: 3, Interesting

    Last time I looked at a catalog (a while ago) you could mix-n-match the modes of operation, as evidenced by the selector: safe (one white bullet), semi (one red bullet), two-round burst (two red bullets), three-round burst (three red bullets), and full-auto (seven red bullets). You could order one with any trigger group you want--like safe, semi, two-round, and full; or safe, semi, and three-round burst only. (But if you call up and ask for 'full auto only and no safe, please' they'd probably hang up on you. :-) )

    --
    Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  11. This isn't a very good version of the story by illumin8 · · Score: 4, Informative

    From TFA: For months, agents had been watching their every move through a clandestine gateway into their Web site, shadowcrew.com.

    I read a much more interesting version of this story somewhere else. I can't find the link right now, but it explained more fully how they really caught them. This sentence above just glosses over it.

    Apparently, they did this:

    They got to one of the members of shadowcrew and convinced them to work with them. This guy then proceeded to go onto the shadowcrew IRC channel and told everyone that he had setup a new encrypted gateway VPN type channel that would allow them to connect to the shadowcrew servers in a "more secure" fashion. He convinced everyone to go through this proxy. Little did they know, the proxy was actually an FBI server that was monitoring and recording all traffic that passed through it.

    This just goes to show, no matter how smart you are, the best hacks are social engineering hacks, not technical.

    They should have been smart and used Tor instead, then they probably wouldn't have been caught.

    I'm glad they got caught though. These guys were losers of the worst kind.

    --
    "When the president does it, that means it's not illegal." - Richard M. Nixon