Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Three years undercover with the identity thieves

Keith Mularski talks about his role as administrator of online fraud site DarkMarket.
Page:

Salesmen and parents know the technique well. It's called the takeaway, and as far as Keith Mularski is concerned, it's the reason he kept his job as administrator of online fraud site DarkMarket.

DarkMarket was what's known as a "carder" site. Like an eBay for criminals, it was where identity thieves could buy and sell stolen credit card numbers, online identities and the tools to make fake credit cards. In late 2006, Mularski, who had risen through the ranks using the name Master Splynter, had just been made administrator of the site. Mularski not only had control over the technical data available there, but he had the power to make or break up-and-coming identity thieves by granting them access to the site. And not everybody was happy with the arrangement.

A hacker named Iceman -- authorities say he was actually San Francisco resident Max Butler -- who ran a competing Web site, was saying that Mularski wasn't the Polish spammer he claimed to be. According to Iceman, Master Splynter was really an agent for the U.S. Federal Bureau of Investigation.

Iceman had some evidence to back up his claim but couldn't prove anything conclusively. At the time, every other administrator on the site was being accused of being a federal agent, and Iceman had credibility problems of his own. He had just hacked DarkMarket and three other carder forums in an aggressive play at seizing control of the entire black market for stolen credit card information.

That's when Mularski went for the takeaway. Salesmen have long used this tactic to seal difficult deals: You simply take the deal off the table in the hope it will spur the customer to come to you. Badgered by questions about his credibility, he threatened to quit altogether. "I decided to risk it all and just said, 'Hey, if you think you can do a better job running the site and if you think I'm a fed, then by all means take the stuff. I don't want anything to do with it," he recalled recently in an interview. "What law enforcement agency would, after they were monitoring the site, want to give it back to the bad guys?"

Mularski's gambit paid off, and the other DarkMarket administrators let him stay on for another two years.

In the end they would regret that decision. Iceman was right: Supervisory Special Agent J. Keith Mularski had gone deeper into the world of online computer fraud than any FBI agent before. Working with police agencies in Germany, the U.K., Turkey and other countries, he spearheaded a remarkable investigation that netted 59 arrests and prevented an estimated US$70 million in bank fraud before the FBI pulled the plug on Operation DarkMarket on Oct. 4, 2008.

Mularski works for a little-known FBI division called the Cyber Initiative and Resource Fusion Unit, run out of the National Cyber-Forensics & Training Alliance in Pittsburgh, Pennsylvania. The unit is different from a typical FBI field office. It works hand in hand with industry and takes the time to do the deep research required to penetrate the world of online criminals.

"They have a direct personal relationship with industry people in all areas, but specifically a great relationship with the financial institutions," said Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham. The group also works closely with international law enforcement, laying the groundwork to prosecute Internet criminals who launch attacks across national borders. "Those relationships allow them to take on cases that nobody else would take on," Warner said.

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: AMP, eBay, FBI, Federal Bureau of Investigation, Financial Institutions, ICQ
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cybercrime, identity theft
Latest Blog Posts
Whitepapers
  • 10 Mobile Security Requirements for the Bring Your Own Device (BYOD) Enterprise
    An enterprise mobility strategy needs to include more than the provisioning and security services available through mobile application and MDM solutions. To meet the mobility and security requirements of mobile users, enterprises need to look at deploying a solution for mobile content management (MCM) that supports BYOD policies. Read this whitepaper to learn: Why provisioning for mobile users has become more complex; Ten requirements to consider when selecting a mobile content security solution.
    Learn more »
  • Configuration, Not Coding
    For years, many support teams have been hamstrung by their traditional service desk platforms, which require complex, time-consuming coding for virtually every aspect of customisation. This paper can show how organisations can complete their initial deployments quickly, easily and adapt efficiently to the evolving needs of the business with Nimsoft Service Desk.
    Learn more »
  • Seven SOA Practices to Unlock Business Value
    The fact is that companies are increasingly using SOA to gain competitive business advantage. Distilled down to seven essential SOA practices, the following list enables IT professionals to tightly align SOA investments with their organization’s business priorities. Using these practices can help with driving competitive advantage and adding measurable business value...and that’s a sure way for IT pros to win recognition and ongoing support within their companies.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments