To the casual observer, there was little to distinguish the Java Bean Internet cafe in Wembley, north London, from the hundreds of others dotted around the British capital. But to surveillance officers staking it out month after month, this unremarkable venue was the key to busting a remarkable and sophisticated network of cyber criminals.
From the bank of computers inside, a former pizza bar worker ran an international cyber “supermarket” selling stolen credit card and account details costing the banking industry tens of millions of pounds.
Renukanth Subramaniam, 33, was revealed on Jan. 14 as the founder and a major “orchestrator” of the secret DarkMarket Web site, where elite fraudsters bought and sold personal data, after it was infiltrated by the FBI and the US Secret Service.
Membership was strictly by invitation. But once vetted, its 2,000 vendors and buyers traded everything from card details, obtained through hacking, phishing and ATM skimming devices, to viruses with which buyers could extort money by threatening company Web sites.
The top English language cybercrime site in the world, it offered online tutorials in account takeovers, credit card deception and money laundering. Equipment — including false ATM and pin machines and everything needed to set up a credit card factory — was available.
It even featured breaking-news-style updates on the latest compromised material available, while criminals could buy banner adverts to promote their wares.
So vast was its reach, with members in the UK, Canada, US, Russia, Turkey, Germany and France, the UK’s Serious Organised Crime Agency (SOCA), which helped bust it, said it was “impossible” to put a figure on how much it cost banks worldwide.
Subramaniam, who used the online nickname JiLsi, was remanded in custody at his own request at Blackfriars crown court in London yesterday after pleading guilty to conspiracy to defraud and five counts of furnishing false information. Judge John Hillen said it was “inevitable” he faced a “substantial custodial sentence.”
A British citizen, Subramaniam was a former member of ShadowCrew, DarkMarket’s forerunner, which was uncovered by the US Secret Service in 2004.
“JiLsi was one of the highest in cybercrime in this country with what he managed to achieve setting up a forum globally. No JiLsi, no DarkMarket,” one Soca investigator said.
Its 2,000 members never met in real life. Quality, not quantity, was the key. DarkMarket was fastidious in banning “rippers” who would cheat other criminals. Honor among thieves was paramount.
It operated an “escrow” service, with payments and goods exchanged through a third party — “like a PayPal for criminals,” the judge said, and an arbitration service resolved disputes. To keep off the radar, the rules were strict: no firearms, drugs or counterfeit currency.
Built on a pyramid structure, administrators decided who joined, moderators ran specific site sections and reviewers vetted wannabes — each demanding 5 percent, or £250 (US$405) per transaction, as a fixer’s fee.
To get on, criminals had to present details of 100 compromised cards free of charge — 50 to one reviewer, 50 to another. Reviewers would test the cards and write an online review of customer satisfaction — just like eBay customers.
“If the cards did what they were supposed to, and if they got the money, they would be recommended. If not they weren’t allowed in,” the investigator said.
Payment was via accounts on WebMoney, or E-Gold.
“It was the QuickTime method of paying, sending money anywhere in the world,” the investigator said.
Subramaniam was one of the top administrators. He kept his operating system on memory sticks. But when one was stolen, costing him £100,000 in losses and compromising the site’s security, he was downgraded to reviewer. Surveillance officers caught him logging on to the Web site as JiLsi unaware the fellow criminal MasterSplyntr he was talking to was, in fact, an FBI agent called Keith Mularski.
Considerable money was exchanged, though transactions took place away from the site for security reasons. One buyer spent £250,000 on stolen personal information in just six weeks.
Described as “a very quiet man,” Subramaniam worked in low profile jobs at Pizza Hut and as a dispatch courier.
“He owned three houses but was largely itinerant ... never staying in one place for long,” said Sharon Lemon, Soca deputy director.
He is charged alongside John McHugh, 66, or “Devilman,” also a reviewer who has pleaded guilty to conspiracy to defraud and at whose Doncaster home a credit card-making factory was found. The two will be sentenced later. But for investigators, the battle against cyber fraud continues.
“This was one of the top 10 sites in the world, but there are more than 100 we know of globally, and another 100 we don’t yet know of,” the investigator said.
A cyber crime price list
Trusted vendors on DarkMarket offered a smorgasbord of personal data, viruses and card-cloning kits at knockdown prices. Going rates were:
— Dumps Data from magnetic stripes on batches of 10 cards. Standard cards: US$50; Gold/platinum: US$80; Corporate: US$180.
— Card verification values. Information needed for online transactions. US$3 to US$10 depending on quality.
— Full information/change of billing Information needed for opening or taking over account details. US$150 for account with US$10,000 balance. US$300 for one with US$20,000 balance.
— Skimmer Device to read card data. Up to US$7,000.
— Bank logins. Two percent of available balance.
— Hire of botnet Software robots used in spam attacks. US$50 a day.
— Credit card images. Both sides of card. US$30 each.
— Embossed card blanks US$50 each.
The gutting of Voice of America (VOA) and Radio Free Asia (RFA) by US President Donald Trump’s administration poses a serious threat to the global voice of freedom, particularly for those living under authoritarian regimes such as China. The US — hailed as the model of liberal democracy — has the moral responsibility to uphold the values it champions. In undermining these institutions, the US risks diminishing its “soft power,” a pivotal pillar of its global influence. VOA Tibetan and RFA Tibetan played an enormous role in promoting the strong image of the US in and outside Tibet. On VOA Tibetan,
Former minister of culture Lung Ying-tai (龍應台) has long wielded influence through the power of words. Her articles once served as a moral compass for a society in transition. However, as her April 1 guest article in the New York Times, “The Clock Is Ticking for Taiwan,” makes all too clear, even celebrated prose can mislead when romanticism clouds political judgement. Lung crafts a narrative that is less an analysis of Taiwan’s geopolitical reality than an exercise in wistful nostalgia. As political scientists and international relations academics, we believe it is crucial to correct the misconceptions embedded in her article,
Sung Chien-liang (宋建樑), the leader of the Chinese Nationalist Party’s (KMT) efforts to recall Democratic Progressive Party (DPP) Legislator Lee Kun-cheng (李坤城), caused a national outrage and drew diplomatic condemnation on Tuesday after he arrived at the New Taipei City District Prosecutors’ Office dressed in a Nazi uniform. Sung performed a Nazi salute and carried a copy of Adolf Hitler’s Mein Kampf as he arrived to be questioned over allegations of signature forgery in the recall petition. The KMT’s response to the incident has shown a striking lack of contrition and decency. Rather than apologizing and distancing itself from Sung’s actions,
US President Trump weighed into the state of America’s semiconductor manufacturing when he declared, “They [Taiwan] stole it from us. They took it from us, and I don’t blame them. I give them credit.” At a prior White House event President Trump hosted TSMC chairman C.C. Wei (魏哲家), head of the world’s largest and most advanced chip manufacturer, to announce a commitment to invest US$100 billion in America. The president then shifted his previously critical rhetoric on Taiwan and put off tariffs on its chips. Now we learn that the Trump Administration is conducting a “trade investigation” on semiconductors which
RSS