Slashdot Mirror

← Back to Stories (view on slashdot.org)

How the Secret Service Busted ShadowCrew

Posted by CmdrTaco on from the breakin-the-law-breakin-the-law dept.

plover writes "In the story Hacker Hunters, BusinessWeek Online documents how the Secret Service turned a member of the ShadowCrew and was able to arrest dozens of the members of the phishing ring. From the article: 'Law enforcement officials are often loath to reveal details of their operations, but the Secret Service and Justice Dept. wanted to publicize a still-rare victory. So they agreed to reveal the inner dynamics of their cat-and-mouse chase to BusinessWeek. The case provides a window into the arcane culture of cybercriminals and the methods of their pursuers. ' "

8 of 262 comments (clear)

  1. Re:Wasn't that here before? by DustyShadow · · Score: 4, Informative

    yes it was: http://it.slashdot.org/article.pl?sid=05/05/22/172 2243&from=rss

  2. At what cost? by xorowo · · Score: 4, Interesting

    I'm all for catching these guys, but I wonder about publicizing the details at this time. Is this supposed to make us feel better about the Patriot Act -- "look here! See how we can bust the bad guys with the 'right' tools!" -- or are we just supposed to be happy that something was done about this gang of thieves? I don't expect everything to be about freedom and democracy, but it is too easy anymore to question why authorities give us this information, rather than look at the information for information sake...if that makes any sense.

    1. Re:At what cost? by ScentCone · · Score: 4, Insightful

      but it is too easy anymore to question why authorities give us this information

      Actually, if you've ever met anyone in counter intelligence, or their bretheren in law enforcement that deal with these somewhat less tangible threats, being able to crow about a successful bust is a rare thing. Most of the time these guys have to go home every day without even being able to talk about what they do all day, even when they've really mopped up after a particularly unpleasant character or group. They can talk to each other, but they really feel (correctly, I think) that without coverage of some of their more high profile victories, that people will either not get what they do, or (worse) dream up versions of what they do, mostly based on X-Files re-runs.

      Certainly there are always going to be political components to public releases of this sort of thing. But by that I mean "political" in the sense of "making sure that people appreciate you." Not partisan politics, per se, just run of the mill See, I'm Valuable spin. No different than what happens in every office/school/church/family every day. The real accomplishments of a lot of the stealthier intel and defense people are simply never going to make the news, and it's a great frustration to the people that work in those fields. A lot of them quit and go back to the private sector just so they feel they can breathe a little. Of course, anyone in the R&D lab of a private company is going to feel the same way about drug research or battery engineering.

      --
      Don't disappoint your bird dog. Go to the range.
    2. Re:At what cost? by RodgerDodger · · Score: 4, Interesting

      These things need to be published for their deterrent value. One big problem with cybercrime is that the criminals feel that they'll never be caught, and if they ever are, then the punishment will be a slap on the wrist.

      As long as this perception (which is very valid!) exists, the risk-reward ratio makes cybercrime attractive. Busting the crooks isn't enough to change the perception - you need to let the other crooks know that they could be busted next.

      Organised crime, in particular, is a business. If they start to feel that their criminal ventures are too risky, they'll go elsewhere (quite possibly into legit business, where their complete lack of ethics will help them fit in with the rest of the corporate sharks)

      --
      "Software is too expensive to build cheaply"
  3. Re:Why doesn't this make sense? by KiloByte · · Score: 4, Interesting

    "Hacker culture" or "bottom-sucking cracker thieves culture"?

    We have enough media confusing "hacker" and "cracker" already.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  4. Nice to see actual criminals for a change.... by Vellmont · · Score: 4, Interesting

    It used to be the Secret Service wasted their time going after people publishing electronic magazines like Craig Neidorf (Phrack), people making a board game with "Hacker" as the name like Steve Jackson Games, or people looking to just break into computers for fun and understanding.

    Now they're going after actual criminals that the above people warned us about. I've got to say that's a real improvement. Of course it took actual electronic criminals to make them realize who the real enemy is.

    --
    AccountKiller
  5. shadowcrew.com by Anonymous Coward · · Score: 4, Interesting

    I received an unusual spam message advertising warez, cardz, etc. and took the time to trace the message back to the shadowcrew website. The forums on this site were amazing. Basically it was a hub for people to advertise very highly illegal services, or sell lists of credit cards, passwords, etc... a hub for Identitity theives, and fraudsters.

    I reported this site to the FBI, and received the following response from them (back in October of last year).

    "Thank you for your submission to the FBI Internet
    Tip Line. Inasmuch as the FBI has recently
    received numerous reports concerning the
    "www.shadowcrew.com" Web site, there is no need to
    forward any such additional emails to us. Our
    Cyber Division is aware of this Web site, and is
    addressing the matter."

    It was only a matter of time until these idiots were caught. You can't be this open about such illegal activity and not expect a response from the feds.

  6. This isn't a very good version of the story by illumin8 · · Score: 4, Informative

    From TFA: For months, agents had been watching their every move through a clandestine gateway into their Web site, shadowcrew.com.

    I read a much more interesting version of this story somewhere else. I can't find the link right now, but it explained more fully how they really caught them. This sentence above just glosses over it.

    Apparently, they did this:

    They got to one of the members of shadowcrew and convinced them to work with them. This guy then proceeded to go onto the shadowcrew IRC channel and told everyone that he had setup a new encrypted gateway VPN type channel that would allow them to connect to the shadowcrew servers in a "more secure" fashion. He convinced everyone to go through this proxy. Little did they know, the proxy was actually an FBI server that was monitoring and recording all traffic that passed through it.

    This just goes to show, no matter how smart you are, the best hacks are social engineering hacks, not technical.

    They should have been smart and used Tor instead, then they probably wouldn't have been caught.

    I'm glad they got caught though. These guys were losers of the worst kind.

    --
    "When the president does it, that means it's not illegal." - Richard M. Nixon