Chapter 11. Script's Twenty-Dollar Dumps
In the spring of 2001, about one hundred and fifty Russian-speaking computer criminals gathered in a restaurant in the port city of Odessa to discuss the launch of a revolutionary website. Among those present were Roman Vega, a 37-year — old man who sold fake credit cards through his online store BoA Factori (BOA-Bank Of America), a hacker (cybercrook) known as King Arthur, and a man who could become their leader, a Ukrainian credit card vendor known as Script.
The meeting was triggered by the success of the British Fake Library website, launched in 2000. This site solved one of the main problems of communication in the criminal business through IRC chat rooms, where freedom and many years of experience in crime burst like a bubble as soon as the chat disappeared. Founded by a handful of Western hackers (cybercrook), the Fake Library collected illegal textbooks, as well as a forum where thieves engaged in fraud with documents could exchange tips, hints, buy and sell " new " identification cards (analogs of documents (passport, license, etc.)) — a euphemism sustained in the same spirit as and" events "at prostitutes' houses.
The fake library had much more in common with BBS in the run-up to the Internet than with IRC. Users could post messages directly in the forum branches, have a rating and nicknames. As soon as criminals from all over the world discovered this island in a muddy, fictional sea of underground trade, the site attracted hundreds, and then thousands of users from all over Europe and North America. Among them were people who committed passport fraud, hackers, phishers, spammers, counterfeiters, people, carders, everyone who hid in their apartments and underground, blind until now, when they discovered the vastness of this secret society.
Western European carders watched the Library of Fakes with envy. They wanted to pull this trick in their underground as well. The result of the June meeting in Odessa was the appearance of the International Union of Carders, abbreviated as the International Union of Carders. Cardplanet.com. A well-organized, reimagined Library of forgeries that has become a pasture for the underground of the former conscience of the empire. While the Fake Library was a lighthearted forum and BoA Factori was a simple, uncomplicated store, Carderplanet was a disciplined online marketplace modeled after a trading exchange.
Not shy about its intentions, the site adopted the example of the Italian Mafia to maintain a strict hierarchy. The registered user was called " sgarrista — - a soldier with no special privileges. A little higher up was "giovane d'honore", the person who helped regulate disputes under the supervision of the"capo". At the top of the food chain was Don CardPlanet, a Script.
Russian-speaking merchants flocked to the new site to offer a different range of products and services. Credit card numbers were the main product, but only at first. Some of the "full info" vendors were able to get a credit card number, owner's name, address, insurance number, and mother's maiden name for as little as $ 30. The hacked eBay accounts only cost $ 20. Some ambitious buyers might spend $ 100 to "change the bill" of a stolen card-a procedure where the owner's billing address could be changed to the buyer's mailing address. Other merchants sold fake checks, money orders, or addresses of rented apartments in the United States, where the purchased goods could be resold to a fraudster without fear of being caught. There were also blank credit cards with a magnetic stripe, "new" documents with holograms, which, depending on the quality, sold from $ 75 to $ 150. You could buy a set of ten documents with the same photo, but with different names for $ 500.
Registration on CardPlanet was open to everyone, but in order to sell, merchants had to submit their products or services for review by a reviewer. New merchants sometimes required permission from the Script or a deposit to the emergency fund, which was used to pay customers if the seller failed to meet its obligations after payment. Sellers were required to keep up to date with their vacation plans, keep information about customers safe, and respond promptly to customer complaints. Rippers, sellers who could not sell their goods, were banned, as was the case with any seller who had 5 complaints from customers.
Soon, a second website aimed at English-speaking countries, Shadowcrew, was created to emulate CardPlanet. In September 2002, after the overwhelming success of the strictly organized CardPlanet, a carder under the nickname Kidd threw all the forces of the Fake Library to launch a business in Russia. News of the site spread to IRC chatrooms like prison yards, and by April 2003, Shadowcrew had thousands of registered users.
With the motto "For those who like to stay in the shadows", Shadowcrew was both a home-based college and an online supermarket for everything illegal.
Their textbooks contained information on how to use stolen credit card numbers, forge a driver's license, hack an alarm, or make a silencer for a gun. The site boasted a wiki where you could track the process of making a driver's license. Approved merchants from all over the world provided a staggering array of illegal goods and services: credit statements, hacked bank accounts, names, dates of birth, and insurance numbers of potential fraud victims. Just like on CardPlanet, each product had its own specialist, so each seller had to be verified by a trusted user of the site in order for them to sell anything. Disputes were handled carefully and judiciously, with administrators and moderators working overtime to expose and ban rippers who were selling pacifiers.
Trade embraced not only information products. Things like ATM skimmers, prescription drugs, cocaine, and DDOS attack services were also in demand: it was possible to" drop " the site and protect the attack from detection by antivirus software for $ 200. One of the verified sellers offered a service for obtaining technical certificates within a couple of days. The seller, called UBuyWeRush, took a shot at filling the underground with credit card stripe programmers, as well as watermarked paper and magnetic ink cartridges for forging checks.
Child porn was banned, and one of the sellers who asked to be allowed to sell exotic animals was ridiculed by the entire forum. But everything else was resolved on Shadowcrew. Meanwhile, CardPlanet launched a forum thread for criminals from Asia, Europe, and the United States, but it was ShadowCrew that established a true international marketplace: a mix of the Chicago Mercantile Exchange and the Mos Eisley bar in Star Wars, where criminals of various specializations could meet and discuss their plans. A fraudster forging documents could buy credit card numbers in Denver from a hacker from Moscow, then send them to Shanghai, where they will make fake credit cards, and then pick up a fake driver's license from a fraudster from Ukraine before going to the store.
Max shared his discovery with Chris, who was fascinated by new things. Chris registered on the forums, began to study their contents like a textbook. Not much has changed since Chris was involved in credit card fraud in the eighties. However, some things have changed.
There was a time when crooks could get credit card numbers literally from the trash, after digging through trash cans, or from the tracks on the reels of typewriters. Now mechanical printing is practically not used, Visa and MasterCard insist that checks for transactions do not contain the full card account numbers. Even if you manage to get the full number, it's not enough to make a fake credit card. Credit card manufacturers add a special unique code to each magnetic stripe, like a PIN code, unknown even to the cardholder. This code is called the Card Authentication Code (CVV). It is generated from other data on the magnetic stripe-the account number and expiration date of the card-and then encrypted with a secret key that is known only to the issuing bank (issuing the cards). When using the card in the terminal, the CVV code is sent along with the card data for verification by the bank. If the data does not match, the transaction is rejected.
After Visa introduced the CVV code in 1992, the income of fraudsters began to fall sharply-from 0.18% per year from all Visa operations, to 0.15% a year later. In the 2000s, innovations proved that they can withstand phishing attacks, in which spammers send thousands of fake emails in order to get users ' credit card details. Without a CVV code on the magnetic stripe, which customers don't know, and therefore can't leave anywhere, stolen credit card numbers become useless for transactions. No one can go to a Vegas casino and buy black chips with a card they received in a phishing attack. MasterCard followed Visa's lead and issued its own Secret Card Code (CSC). Then, in 1998, Visa introduced the CVV2 code — a secret code that is printed on the back of the card for the customer, exclusively for purchases over the phone or the Internet. In the future, this reduced the losses of criminals and erected a Chinese wall between fraud on the Internet and in real life. Data stolen from site databases or through a phishing attack could only be used for online transactions, while magnetic stripe data can be used everywhere except for online transactions, because it does not contain CVV2 code.
By 2002, security measures had turned magnetic stripe data into one of the underground's most valuable commodities, putting customers at risk. Hackers began to disrupt the card centers ' data processing systems, but the most common method of obtaining these cards was to employ an employee in a fast food restaurant with a pocket skimmer that contained a magnetic stripe reader and built-in memory. Smaller than a lighter, the skimmer easily fit into the pocket of an employee's apron or a metrodotel's suit, and it could store data from hundreds of customer cards that could later be downloaded to a computer. A fraudster only needs a second to read data from the card using a skimmer.
In the late 90s, scammers began rolling in large cities in the United States, looking for waitresses, waiters and other service personnel interested in additional income, about $ 10 for one run of the card. Although it was risky, some gas station managers and workers could use the example of installing tiny boards on the coin receivers of pumps and terminals in retail stores. Some of the data could have been used locally, but most of it" floated " to Eastern Europe, where data was sold in tens, hundreds, or even thousands at a time. Carders called these data dumps, each containing only two lines of text, each on its own track, 3 inches of magnetic tape.
Track 1: B4267841463924615^SMITH/
JEFFREY^04101012735200521000000
Track 2: 4267841463924615=041010127352521
A dump of a regular credit card cost about $ 20, $ 50 for a gold card, and $ 80 to $ 100 for a limited corporate card.
Chris decided to try his hand at carding. He learned that the Script, the godfather of CarderPlanet, was the most reliable source of dumps in the world.
He paid the Ukrainian $ 800 for a set of 20 Visa Classic cards and about $ 500 more for MSR206, his favorite card reader with magnetic stripes. After connecting the reader to the computer and installing the necessary software, he could take any Visa gift card or one of his own and decrypt it in two quick runs, with one of the Script dumps. With the reprogrammed maps burning a hole in his pocket, Chris browsed through his personal directory and some retail stores, figuring out the possibilities. Simple card fraud is simple and cheap, but it had some limitations. As Chris watched, he quickly realized that buying electronics and expensive clothing wasn't easy. There are some precautions: expensive stores require customer verification — they must enter the last four digits of the card, some POS terminals refuse the operation, but the worst thing is when the numbers do not match the magnetic stripe code. The reprogrammed cards were only useful where you managed your own card - at gas stations or pharmacies.
Chris tried his hand at the local supermarket. He indiscriminately filled out his shopping cart and paid for the goods by swiping the card through the POS terminal. A second later, the word "Paid" flashed on the display and somewhere in America, a random person received a bill for 400 dollars for buying groceries. Chris took his ill-gotten groceries to a couple in Orange County who were in a worse financial situation than Chris — the husband had his work tools stolen, so Chris took him to the store to buy new ones. Rumors began to circulate that Chris had credit cards, which he began to distribute to some friends. They were always smart enough to make small purchases to Chris as a thank you. Chris was beginning to see the outlines of his business plan in his plastic operations. "Drop everything else, Max," Chris would say. Real money in dumps".
Chapter 12. " Free Amex!"
Over dinner, Max touched lightly on his plan with Charity. "What would you say are the institutions that most deserve to be punished?" he asked.
He already had the answer: leveraged companies. Greedy banks and credit card companies that have swindled customers into $ 400 billion in annual debt, fueling credit interest and putting kids on plastic before they graduate from college. The fact is that consumers are never liable for fraudulent fees – they can be billed for the first $ 50 by law, but most banks have waived even that — credit card fraud has become a victimless crime, paid for with these institutions ' soulless money.
Credit wasn't real, Max thought of it as an abstract concept: he would steal numbers from the system, not dollars from anyone's pocket. Financial institutions would stop holding the consumer basket, because they deserve it.
Charity had learned to accept Max's bitterness after his return from prison. Living with him meant never watching crime movies on TV, because any portrayal of the police as the good guys pulverized Max. She wasn't entirely sure what Max meant right now, and she didn't want to know. But one thing was clear. Max decided that he would be Robin Hood.
Max knew exactly where to get the credit card details Chris wanted. There were thousands of potential sources that were in plain sight like CarderPlanet and Shadowcrew. The carders themselves were his prey. Most of them weren't hackers, they were just scammers who knew little about fraud and nothing about computer security. It certainly couldn't have been more difficult than hacking the Pentagon. It was also a morally acceptable suggestion: he would steal credit card numbers that had already been stolen. The criminal was going to use them, so he can pass for the crook Chris Aragon.
He started picking out weapons, picking up a Trojan that was already circulating online and configuring it so that the antivirus wouldn't detect it. To test the results, he used a VMware computer software simulator, running dozens of different Windows virtual systems on his computer at once, each boot with a different set of security programs.
When the malware went unnoticed by others, he took the next step: he collected a list of card numbers and email addresses from public forums, adding thousands of them to the database. Then, introducing himself as a well-known Hummer911 dump seller, he sent a message to the entire list. The report said that Hummer911 acquired more of the American Express dump database than it could use or sell, so it is willing to give up some of it. "Click here," Max wrote — " and get a free Amex!" When the cardholder clicked on the link, they found themselves looking at fake Amex dumps. At this time, Max generates invisible code on the web page, using a new vulnerability in Internet Explorer.
The exploit took advantage of the fact that Internet Explorer can do more than just process a web page. In 1999, Microsoft added support for a new file type called the HTML Protocol. A file written in the same markup and coding language that is used on websites, but it allows you to do things on the user's computer that the website cannot do. For example, creating and deleting files on request or executing custom programs. The idea was for developers to get used to programming for the web, using the same skills as when developing a fully functional desktop application.
Internet Explorer recognizes the HTML protocol, which can be deadly, and does not download them from the web, but only from the user's hard drive. In theory. In practice, Microsoft has left a loophole in the way the browser scans the content of web pages. Many web pages contain object tags — simple instructions that tell the browser to pick up something from a single web address (usually a movie or music file) and include it in part of the page. But it turned out that you can also download the HTML protocol via object tags and get the right to download it. You only need to disguise it a little.
While Max's victims were enjoying fake American Express dumps, an invisible object tag controlled their browser and uploaded a malicious HTML protocol, which Max encoded just in case.
It is important that Max gave the file the name". txt " - a superficial indicator that it is a plain text file. Internet Explorer recognized the file name and decided that downloading it would be safe. As soon as the browser started downloading the file, the Max server turned its content into "application/hta" type content, which is identified as an HTML protocol. In fact, Max's server changed the download history, offering a harmless document for checking by the browser, which was defined as an HTML protocol, at the moment when the browser detected the file.
Because of the name, the file was saved as safe, and Internet Explorer didn't double-check the data once it was verified.
This is how Max ran the HTML protocol instead of the web page. Max's HTML protocol was written in a short Visual Basic script that was run by a small trap program on the user's computer. Max called the trap "hope.exe". Hope is Charity's middle name. The trap, in turn, downloaded and installed the Trojan horse. So Max had everything under control.
Carders like hungry piranhas gathered on the infected page. Hundreds of machines reported to Max that they were ready to work for him.
Flustered, he began to sort out criminal hard drives in a chaotic manner. He was surprised at how little time it took. Most of his victims bought small dump databases, ten or twenty at a time (even less). There were a lot of carders there, and nothing kept him from going back to their cars again and again. As a result, the attack on free Amex brought him about ten thousand dumps. He siphoned the dumps to Chris as soon as he found them, and looked at other useful data from his victims: details about scams, stolen personal information, passwords, email newsletters that use phishing, some real names, photos, mail and ICQ numbers of their friends-useful people for the next attacks. With one well-built trap, he became an invisible person embedded in the carder system. It was the beginning of something big. It was as if he was the head of the carders, living off the fact that he could swim in their illegal economy. His victims couldn't call the cops, and with his anonymous Internet connection and a number of other precautions, he's safe from threats. It wasn't long before Max discovered that not all carders were who they claimed to be. The victim was in Santa Anna. When Max started browsing the computer through his "login", he immediately realized that something was wrong here.
The computer was running a program called Camtasia, which recorded all the movements on the screen – this is usually not the information that the criminal wants to hide. Max checked the hard drive, and his suspicions were confirmed. The disk is packed with reports from the FBI. Chris was shocked by the FBI agent's discoveries in the field of combating cybercrime – the agent's hard drive provided potentially useful insights into the FBI's methods. They talked about what to do next.
In some files, it was stated that the agent has an informant who provides it with information about the Script. It was the carder leader who sold Chris his first dumps. Should they be worried that a snitch has appeared in the Script circle? They decided to do nothing. If they went broke, Max thought he'd play that trump card. If it turns out that he accidentally hacked an FBI agent, then it may embarrass the FBI, perhaps even cost several sentences.
He went back to his work on hacking carders. He now knew that he wasn't the only outsider in the world of crime.
Chapter 13. "Villa Siena"
Palm trees lined the gates of Villa Siena, a sprawling apartment complex in Irvine half a mile from John Wayne Airport. Outside the main entrance, European-style fountains splashed in manicured courtyards, and four pools shimmered blue under the sunny Southern California sky. Residents enjoyed the clubhouse, relaxed in the spas, worked out in one of the three gyms, or perhaps chatted with the concierge manager while making plans for the evening.
In one of the spacious apartments, Chris Aragon went about his business. Curtains were drawn to hide the abundance of appliances that filled Ikea tables and granite countertops. He turned on his map printer, and it awoke with a whining hum, the wheels turning, the motors pulling belts as tight as hospital sheets.
Max now pulled out dumps regularly, and when he got a new trophy, there was no time to waste — the data was stolen twice, and Chris had to deal with them before the scammers who bought or stole the numbers used them first or made mistakes and forced the companies to mark these cards. Chris had to collect his last savings to invest about $ 15,000 in credit card printing equipment and an apartment for him.
Now the investment began to justify itself.
He loaded the empty PVC cards into the tray of a bulky oblong machine, a $ 5,000 Fargo HDP600 card printer that was used to print corporate IDs. With a click of the mouse on the laptop, the machine pulled the map into its mouth and growled something once, twice, three times, finally a fourth. Each sound marked a new color, while the pigment was transferred to a clean printing tape and quickly evaporated by the heating element, melting into the surface of the map. The latest clang from Fargo reported that clear laminating film had taken its place on plastic.
Forty-four seconds from start to finish, and the machine spat out a map, shiny, bright, a real work of art. It could be a bald eagle staring thoughtfully at the Capitol One logo, or a stern American Express centurion, or a simple patch of sky blue on a white background for a Sony MasterCard card. For elite cards, the process was the same, except that sometimes Chris started with gold or platinum-colored basics, which, like white, were ordered by the hundreds.
With a deck of freshly printed plastic cards, he moved on to the second point of his conveyor belt: a black-and-white printer for thin printing on the back of the card. If a hologram was needed, Chris would remove a sheet of Chinese forgeries from the stack, carefully place it under the press, and lower the lever to cut out an oval or rounded rectangle the size of a stamp. A $ 2,000 Kwikprint Model 55 thermal stamper, resembling a mixture of a drill press and a medieval torture instrument, fused the foil into the surface of the plastic.
The embossing machine performed the next stage: a huge mechanized wheel with letters and numbers on it, which made a noise like IBM Selectric when it pressed out a name, invoice number, and expiration date on the plastic, filling them with silver or gold foil. From a Chinese vendor, Chris learned special security keys for Visa's winged V and MasterCard's combined MC — two distinctive bulging signs that can only be found on credit cards, real and fake.
Verification systems do not check the owner's name, which gave Chris the ability to choose any name to print on the card; for those that he used himself, he preferred "Chris Anderson". On his laptop, Chris edited the dumps he'd received from Max so that the name in the magnetic stripe matched the one outside. The name was not used to calculate CVV, unlike the rest of the data on the band, so it could be changed as you like.
Finally, after running the card twice through the correct MSR206 to program the dump, Chris received a fake credit card, almost no different from those that lay in the pockets and purses of American citizens.
But that wasn't the end of it.
A driver's license was necessary for orders with a high credit limit, and here again Chris's "assembly line" and Shadowcrew lessons were doing their job. For the driver's license, he switched from PVC to Teslin, a thinner and more flexible plastic sold in 8x11-inch sheets. One sheet on the face, the second on the inside, and ten certificates per sheet.
The California version of the license had two security elements that required additional tricks. The first was a semi-transparent image of the California State Seal, repeated on the front side in laminate. Chris used Pearl Ex, a fine, multicolored powder that sold in art stores for less than three dollars a pot, to fake it. The trick was to sprinkle a sheet of laminate with a mixture of gold and silver powder, feed it to a printer with a clear ink cartridge, and print a mirror image of the pattern with that ink. The fact that the print was invisible did not matter, it was the heat of the print head that was needed. The leaf came out with a pattern fused into the surface, and the excess powder was easily washed off in cold water.
UV printing on the front side wasn't any more difficult. An ordinary inkjet printer could easily do the job if you emptied the cartridges and filled them with colorful UV ink purchased in tubes.
After all these procedures, Chris had four sheets of material in his hands. Then he would fold two sheets of Teslin between pieces of laminate and pass the sandwich through the laminator. Once the map was cut out, you could admire the impressive result: run your fingers over the ID card and feel the smooth, silky surface, turn it over in your hands and see the ghostly seals of the state, place it under an ultraviolet lamp and see the flag glowing ominously: the red words "California Republic" and above them-a brown bear on a yellow hilltop.
When the cards and IDs were ready, Chris picked up the phone and called his girls. He found that attractive girls the age of college students were best suited to cash out. There was Nancy, a Latin girl with a love tattoo on her wrist, Lindsay, a pale brunette with brown eyes, Adrianna, a young Italian woman, and Jamie, who worked as a waitress at Hooters in Newport Beach.
Chris also met two dark-haired twins, Liz and Michelle Esquer, at the Villa Siena where they lived.
Michelle simply hung around the group, but Liz was invaluable: she worked in the mortgage industry, had a sharp mind, a good education, and was responsible enough to assign her some administrative tasks, such as maintaining a pay table, in addition to the usual purchases in stores.
Chris had a talent for picking people up. He could meet a new candidate at a restaurant and invite her to a party with his friends. Then she joined them at clubs, at expensive dinners, and in expensive rented limousines when one of them celebrated a birthday. She saw money everywhere. When the time came, maybe when a few months passed, maybe when the girl admitted that she had unpaid bills or rent, Chris casually mentioned that he knew a way to earn money easily and quickly. He explained how it works, explained that this crime has no victim. Otherwise, the girls would tie this case to the person. None of them knew where Chris was getting his credit card details from. When Chris talked about Max, he called him "Whoosh," and it was a mysterious superhacker that they would never see again.
Chris's code name was " Bro." Now that the operation was in full swing, Bro was paying Swist roughly $ 10,000 a month for dumps, transferring money via a prepaid Green Dot debit card.
Green Dot from Visa or MasterCard was designed specifically for students and consumers with poor welfare, it was a credit card without a loan. The person paid for the card in advance, by bank transfer, salary, or cash. The latter made it an ideal way to transfer money from Chris in Orange to Max in San Francisco. Chris would stop by a nearby 7-Eleven or Walgreens and order a Green Dot payment number, called MoneyPack, for anything up to $ 500. He sent Max the number via IM or email, and Max used it for one of the cards on the company's website. Max could even use the card for daily purchases or withdraw money from ATMs in San Francisco.
As soon as his team was assembled and ready to go, Chris gave them their cards, divided into classic cards with a low credit limit, and gold or platinum cards with a high one. He reminded that with the classic ones, you should stick to small purchases, about $ 500. Those who got the gold coins had to make larger purchases, from $ 1,000 to $ 10,000. The girls were young, but under the influence of the stylish youth of Orange, they could hold themselves together in such a way that they could easily walk into Nordstorm's and grab a pair of Coach bags without moving an eyebrow, then cross the store and repeat the same thing at Bloomingdale's.
Beginners were nervous at first, but after the first fake card was triggered at the checkout, they were hooked. Soon the girls were sending Chris enthusiastic messages from their shopping trips: "Can I use Amex at the new Bloomingdale's?", or "I made 7000 on a mastercard! Hooray!"
At the end of the day, they would meet in the parking lot and transfer their purchases from trunk to trunk.
He paid them on the spot, 30 percent of the retail price, and carefully recorded each payment, like a real businessman. The "elegant fabric and sparkling buckles" of the bags ended up in boxes until Chris ' wife, Clara, sold them on eBay.
Night fell on the Villa Siena, lanterns were switched on over the tennis courts, and outdoor fires were lit. Miles away, the crew celebrated with a nice dinner and a bottle of wine. As always, Chris paid.
To be continued
