To the casual observer, there was little to distinguish the Java Bean Internet cafe in Wembley, north London, from the hundreds of others dotted around the British capital. But to surveillance officers staking it out month after month, this unremarkable venue was the key to busting a remarkable and sophisticated network of cyber criminals.
From the bank of computers inside, a former pizza bar worker ran an international cyber “supermarket” selling stolen credit card and account details costing the banking industry tens of millions of pounds.
Renukanth Subramaniam, 33, was revealed on Jan. 14 as the founder and a major “orchestrator” of the secret DarkMarket Web site, where elite fraudsters bought and sold personal data, after it was infiltrated by the FBI and the US Secret Service.
Membership was strictly by invitation. But once vetted, its 2,000 vendors and buyers traded everything from card details, obtained through hacking, phishing and ATM skimming devices, to viruses with which buyers could extort money by threatening company Web sites.
The top English language cybercrime site in the world, it offered online tutorials in account takeovers, credit card deception and money laundering. Equipment — including false ATM and pin machines and everything needed to set up a credit card factory — was available.
It even featured breaking-news-style updates on the latest compromised material available, while criminals could buy banner adverts to promote their wares.
So vast was its reach, with members in the UK, Canada, US, Russia, Turkey, Germany and France, the UK’s Serious Organised Crime Agency (SOCA), which helped bust it, said it was “impossible” to put a figure on how much it cost banks worldwide.
Subramaniam, who used the online nickname JiLsi, was remanded in custody at his own request at Blackfriars crown court in London yesterday after pleading guilty to conspiracy to defraud and five counts of furnishing false information. Judge John Hillen said it was “inevitable” he faced a “substantial custodial sentence.”
A British citizen, Subramaniam was a former member of ShadowCrew, DarkMarket’s forerunner, which was uncovered by the US Secret Service in 2004.
“JiLsi was one of the highest in cybercrime in this country with what he managed to achieve setting up a forum globally. No JiLsi, no DarkMarket,” one Soca investigator said.
Its 2,000 members never met in real life. Quality, not quantity, was the key. DarkMarket was fastidious in banning “rippers” who would cheat other criminals. Honor among thieves was paramount.
It operated an “escrow” service, with payments and goods exchanged through a third party — “like a PayPal for criminals,” the judge said, and an arbitration service resolved disputes. To keep off the radar, the rules were strict: no firearms, drugs or counterfeit currency.
Built on a pyramid structure, administrators decided who joined, moderators ran specific site sections and reviewers vetted wannabes — each demanding 5 percent, or £250 (US$405) per transaction, as a fixer’s fee.
To get on, criminals had to present details of 100 compromised cards free of charge — 50 to one reviewer, 50 to another. Reviewers would test the cards and write an online review of customer satisfaction — just like eBay customers.
“If the cards did what they were supposed to, and if they got the money, they would be recommended. If not they weren’t allowed in,” the investigator said.
Payment was via accounts on WebMoney, or E-Gold.
“It was the QuickTime method of paying, sending money anywhere in the world,” the investigator said.
Subramaniam was one of the top administrators. He kept his operating system on memory sticks. But when one was stolen, costing him £100,000 in losses and compromising the site’s security, he was downgraded to reviewer. Surveillance officers caught him logging on to the Web site as JiLsi unaware the fellow criminal MasterSplyntr he was talking to was, in fact, an FBI agent called Keith Mularski.
Considerable money was exchanged, though transactions took place away from the site for security reasons. One buyer spent £250,000 on stolen personal information in just six weeks.
Described as “a very quiet man,” Subramaniam worked in low profile jobs at Pizza Hut and as a dispatch courier.
“He owned three houses but was largely itinerant ... never staying in one place for long,” said Sharon Lemon, Soca deputy director.
He is charged alongside John McHugh, 66, or “Devilman,” also a reviewer who has pleaded guilty to conspiracy to defraud and at whose Doncaster home a credit card-making factory was found. The two will be sentenced later. But for investigators, the battle against cyber fraud continues.
“This was one of the top 10 sites in the world, but there are more than 100 we know of globally, and another 100 we don’t yet know of,” the investigator said.
A cyber crime price list
Trusted vendors on DarkMarket offered a smorgasbord of personal data, viruses and card-cloning kits at knockdown prices. Going rates were:
— Dumps Data from magnetic stripes on batches of 10 cards. Standard cards: US$50; Gold/platinum: US$80; Corporate: US$180.
— Card verification values. Information needed for online transactions. US$3 to US$10 depending on quality.
— Full information/change of billing Information needed for opening or taking over account details. US$150 for account with US$10,000 balance. US$300 for one with US$20,000 balance.
— Skimmer Device to read card data. Up to US$7,000.
— Bank logins. Two percent of available balance.
— Hire of botnet Software robots used in spam attacks. US$50 a day.
— Credit card images. Both sides of card. US$30 each.
— Embossed card blanks US$50 each.
As strategic tensions escalate across the vast Indo-Pacific region, Taiwan has emerged as more than a potential flashpoint. It is the fulcrum upon which the credibility of the evolving American-led strategy of integrated deterrence now rests. How the US and regional powers like Japan respond to Taiwan’s defense, and how credible the deterrent against Chinese aggression proves to be, will profoundly shape the Indo-Pacific security architecture for years to come. A successful defense of Taiwan through strengthened deterrence in the Indo-Pacific would enhance the credibility of the US-led alliance system and underpin America’s global preeminence, while a failure of integrated deterrence would
It is being said every second day: The ongoing recall campaign in Taiwan — where citizens are trying to collect enough signatures to trigger re-elections for a number of Chinese Nationalist Party (KMT) legislators — is orchestrated by the Democratic Progressive Party (DPP), or even President William Lai (賴清德) himself. The KMT makes the claim, and foreign media and analysts repeat it. However, they never show any proof — because there is not any. It is alarming how easily academics, journalists and experts toss around claims that amount to accusing a democratic government of conspiracy — without a shred of evidence. These
The Executive Yuan recently revised a page of its Web site on ethnic groups in Taiwan, replacing the term “Han” (漢族) with “the rest of the population.” The page, which was updated on March 24, describes the composition of Taiwan’s registered households as indigenous (2.5 percent), foreign origin (1.2 percent) and the rest of the population (96.2 percent). The change was picked up by a social media user and amplified by local media, sparking heated discussion over the weekend. The pan-blue and pro-China camp called it a politically motivated desinicization attempt to obscure the Han Chinese ethnicity of most Taiwanese.
On Wednesday last week, the Rossiyskaya Gazeta published an article by Chinese President Xi Jinping (習近平) asserting the People’s Republic of China’s (PRC) territorial claim over Taiwan effective 1945, predicated upon instruments such as the 1943 Cairo Declaration and the 1945 Potsdam Proclamation. The article further contended that this de jure and de facto status was subsequently reaffirmed by UN General Assembly Resolution 2758 of 1971. The Ministry of Foreign Affairs promptly issued a statement categorically repudiating these assertions. In addition to the reasons put forward by the ministry, I believe that China’s assertions are open to questions in international
RSS