Three years undercover with the identity thieves
Salesmen and parents know the technique well. It's called the takeaway, and as far as Keith Mularski is concerned, it's the reason he kept his job as administrator of online fraud site DarkMarket.
DarkMarket was what's known as a "carder" site. Like an eBay for criminals, it was where identity thieves could buy and sell stolen credit card numbers, online identities and the tools to make fake credit cards. In late 2006, Mularski, who had risen through the ranks using the name Master Splynter, had just been made administrator of the site. Mularski not only had control over the technical data available there, but he had the power to make or break up-and-coming identity thieves by granting them access to the site. And not everybody was happy with the arrangement.
A hacker named Iceman -- authorities say he was actually San Francisco resident Max Butler -- who ran a competing Web site, was saying that Mularski wasn't the Polish spammer he claimed to be. According to Iceman, Master Splynter was really an agent for the U.S. Federal Bureau of Investigation.
Iceman had some evidence to back up his claim but couldn't prove anything conclusively. At the time, every other administrator on the site was being accused of being a federal agent, and Iceman had credibility problems of his own. He had just hacked DarkMarket and three other carder forums in an aggressive play at seizing control of the entire black market for stolen credit card information.
That's when Mularski went for the takeaway. Salesmen have long used this tactic to seal difficult deals: You simply take the deal off the table in the hope it will spur the customer to come to you. Badgered by questions about his credibility, he threatened to quit altogether. "I decided to risk it all and just said, 'Hey, if you think you can do a better job running the site and if you think I'm a fed, then by all means take the stuff. I don't want anything to do with it," he recalled recently in an interview. "What law enforcement agency would, after they were monitoring the site, want to give it back to the bad guys?"
Mularski's gambit paid off, and the other DarkMarket administrators let him stay on for another two years.
In the end they would regret that decision. Iceman was right: Supervisory Special Agent J. Keith Mularski had gone deeper into the world of online computer fraud than any FBI agent before. Working with police agencies in Germany, the U.K., Turkey and other countries, he spearheaded a remarkable investigation that netted 59 arrests and prevented an estimated US$70 million in bank fraud before the FBI pulled the plug on Operation DarkMarket on Oct. 4, 2008.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
identity theft
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
