Slashdot Mirror

← Back to Stories (view on slashdot.org)

An FBI Agent's 3 Years Undercover With Identity Thieves

Posted by timothy on from the doing-my-best-nelson-laugh dept.

snydeq writes "InfoWorld offers the inside story of how FBI Supervisory Special Agent J. Keith Mularski, aka Master Splynter, penetrated and took over DarkMarket.ws, the infamous underground carding board hacked by Max Butler and later transformed by Mularski into an FBI sting operation. The three-year tour sent Mularski deeper into the world of online computer fraud than any FBI agent before, resulting in 59 arrests and preventing an estimated $70 million in bank fraud before the FBI pulled the plug on the operation in October."

12 of 196 comments (clear)

  1. Re:oh lord by betterunixthanunix · · Score: 3, Interesting

    As far as I know, the general idea was that the transactions would happen so quickly that even if someone was watching, the money would be long gone before anyone could track it. Keep in mind that these stories are published long after the arrest occurs, so by the time you learn about what happened, the criminals have moved deeper underground.

    --
    Palm trees and 8
  2. Re:Fencing by AKAImBatman · · Score: 4, Interesting

    Also from the article I read that corrupt retailers and waiters use portable card readers to steal all mag data on the card. How would you protect yourself against that kind of attack?

    As long as we use credit cards, you and I can't protect ourselves. However, the credit card companies could. Using public key authentication via smartcard technology would make it easy to verify physical access to a credit card. Yet the only instance I can think of, of anyone trying to roll this out is American Express's Blue card. Even that was mostly ineffective as the smart card circuitry appears to go mostly unused.

    --
    Javascript + Nintendo DSi = DSiCade
  3. Re:How much more... by Anonymous Coward · · Score: 2, Interesting

    Stopping 70million in bank fraud is useless? Allow me to ask... what then does it take to be usefull?

  4. Re:Fencing by ericlondaits · · Score: 2, Interesting

    There's a very cool british TV program called "The Real Hustle" in which they perform popular cons with a hidden camera and then explain them.

    In one episode they show how a waiter can hide a card reader stuck to the side of their leg or under an apron and swipe it after purposely dropping it to the floor and then either picking it up or cleaning it. In this cases the waiters were using the portable reader that goes to your table, and they still were able to steal data.

    --
    As a Slashdot discussion grows longer, the probability of an analogy involving cars approaches one.
  5. Re:Fencing by Applekid · · Score: 2, Interesting

    I have eaten at places that get mobile credit card readers and swipe it at your table. This way, the card never leaves your sight.

    Sure... they'll just swipe over at the server those mobile readers upload to instead. :)

    I've wondered if people with photographic memories get involved with crimes like these since all they'd have to do is glance at a card in passing and they'll catch it.

    --
    More Twoson than Cupertino
  6. Patience by copponex · · Score: 3, Interesting

    Buy things at small retailers unlikely to have complicated security policies or good video surveillance. Use local criminals to do the deal for you, promising a cut if they are successful getting the item out of the store. Keep the purchases under $2,000.00

    Sell those things for cash on the street. Don't sell in the same area that you bought the items. Stick to big cities, as the police have way more to deal with than small-time theft. Once you get a big enough stash, use it to start a cash friendly business or find a way to get it to a trusted party in the third world and do the same thing.

    The object is to not piss one person off to the point where they dedicate themselves to finding you. As long as the victim has the credit card company to turn to for a refund, and the police don't think the fraud is connected, no one will even bother opening up a case number.

  7. Reloadable cards. by khasim · · Score: 5, Interesting

    I'm still wondering why the various banks don't offer reloadable cards for their customers. Why wander around with your ENTIRE credit limit in your wallet?

    And for debit cards, your ENTIRE checking account balance.

    Instead, allow the user to transfer the amount that he thinks he will need to a secondary card. That way, if anything compromises that card, the MOST they can get is whatever he put on that card.

    As for online purchases, how about one-use card numbers? Just go to the bank site, put in how much you want to pay and the bank will give you a one use number for that amount. Then the maximum you lose if the online site is fake is that specific amount. They never get the real numbers to your real accounts.

  8. Re:Fencing by Creepy+Crawler · · Score: 4, Interesting

    Or if you hand your CC to a drive-thru to pay for food/drink.. Our receipt paper is thin enough to easily take an imprint of a CC. All you'd need to do is remember 3-4 numbers, the CVV2.

    I found out this accidently, while holding a customer CC while rubbing it: it indented the CC, expr, and name perfectly.

    Good thing im honest in dealings... They wouldnt catch me if I wasnt. I know decent stat to calculate my danger, and how to mitigate any possible repercussions.

    --
  9. Re:Fencing by atamido · · Score: 4, Interesting

    I had an experience nearly identical to this in London when a shop clerk asking if we had a card with a chip in it to use. The friend I was with didn't even know what he was talking about. I explained things to her, and then told the clerk we didn't, but could wander off and find an ATM to use instead. He dug around some and found a card reader, but it was obvious he hadn't used it in a while.

  10. Re:I like the way the government thinks by genner · · Score: 3, Interesting

    George Washington Bridge? What's so cool about that.

    It's an awesome bridge.
    Don't mock it.

  11. Re:Fencing by halcyon1234 · · Score: 3, Interesting

    It's coming to North America, but slowly. Mainly because it will be expensive, and only serves to protect the consumer.

    Contrast that with the UK banks that have implemented the "chip and pin", where the courts ruled that due to the PIN, they aren't responsible for theft. The banks practically orgasamed all over themselves to get it going.

    It still doesn't offer complete protection. You can take the UK card to Germany, where merchants have not implemented the PIN. Or you can still shop inside the UK; just damage the chip. The card will fallback into "swipe and sign" mode that is used for cards without a PIN (such as those visiting from America).

    Or, even with the chip and pin, all one needs to do is some shoulder surfing. Everyone covers their PIN at an ATM. In other situations, people aren't used to doing that (restaurant, etc). Once you've identified a PIN, pick the person's pocket.

    Or buy things online.

    Or steal a lot of cards, and attempt to brute-force the PIN.

    Or there's an interesting relay attack:

    Consider the following scenario: You go for lunch in a small restaurant in London, and pay using your chipcard at the end of the meal. What you don't know is that the waiter at the restaurant is corrupt. You ask for the bill, and the waiter goes off to fetch a handheld Chip and PIN machine that he brings over to you. Meanwhile, on the other side of town, his accomplice is loitering in a jeweller's store. The waiter sends an SMS message to his accomplice, who goes up to make a purchase. Just as you insert your card into the waiter's terminal, the accomplice puts a fake card into the jeweller's terminal. The waiter's sabotaged reader simply forwards all the traffic from your card wirelessly to the card in the reader at the jewellers, and pretends to ask you to pay for lunch. You enter the PIN, thinking you're paying for lunch, but in fact you're buying the crooks a diamond!

    - "Chip and Spin", http://www.chipandspin.co.uk/

    --
    UTF-8: There and Back Again
  12. Re:Fencing by garett_spencley · · Score: 3, Interesting

    I have a serious solution to that problem: learn how to cook. As in, learn how to cook SERIOUSLY GOOD food.

    I can spend more on raw ingredients for a single meal than it would cost to take my wife out to a fancy restaurant (not that I do often, just saying that I can), or I can make something amazing for cheaper. And girls dig guys who can cook! Most geeks should like cooking too because there's tons of science involved and most of us like to tinker and make things. Plus when you're done you've got the most amazing meal that, unless you live in New York or LA, can afford to eat at a fine dining restaurant and are lucky enough to get a reservation, you're not going to get eating out.

    My wife and I never eat out any more. We're in a mid-sized town and every time we eat out it's always disappointing. Over priced and something I could make way better at home.

    I recommend "Zingerman's Guide to Good Eating" as a starting point for anyone looking to get into cooking. It explains how to choose the best ingredients, gives you the history of food's as well, and has some simple recipes too.