Friday, January 15, 2010

One-stop shop for cybercrime

Welcome to DarkMarket – global one-stop shop for cybercrime and banking fraud

• Personal data and tutorials in hacking offered online
• Founder of site traced to London internet cafe

Renukanth Subramaniam, 33, is accused of being a key figure in running DarkMarket, a website where criminals exchanged information on stolen credit cards and other data. Photograph: Serious Organised Crime Agency/AP

To the casual observer, there was little to distinguish the Java Bean internet cafe in Wembley from the hundreds of others dotted around the capital. But to surveillance officers staking it out month after month, this unremarkable venue was the key to busting a remarkable and sophisticated network of cyber criminals.

From the bank of computers inside, a former pizza bar worker ran an international cyber "supermarket" selling stolen credit card and account details costing the banking industry tens of millions.

Renukanth Subramaniam, 33, was revealed today as the founder and a major "orchestrator" of the secret ­DarkMarket website, where elite fraudsters bought and sold personal data, after it was infiltrated by the FBI and the US Secret Service.

Membership was strictly by invitation. But once vetted, its 2,000 vendors and buyers traded everything from card details, obtained through hacking, phishing and ATM skimming devices, to viruses with which buyers could extort money by threatening company websites.

The top English language cybercrime site in the world, it offered online tutorials in account takeovers, credit card deception and money laundering. Equipment – including false ATM and pin machines and everything needed to set up a credit card factory – was available.

It even featured breaking-news-style updates on the latest compromised material available, while criminals could buy banner adverts to promote their wares.

So vast was its reach, with members in the UK, Canada, US, Russia, Turkey, Germany and France, the UK's Serious Organised Crime Agency (Soca), which helped bust it, said it was "impossible" to put a figure on how much it cost banks worldwide.

Subramaniam, who used the online soubriquet JiLsi, was remanded in custody at his own request at Blackfriars crown court today after pleading guilty to conspiracy to defraud and five counts of furnishing false information. Judge John Hillen warned it was "inevitable" he faced a "substantial custodial sentence".

A Sri Lankan-born British citizen, Subramaniam was a former member of ShadowCrew, DarkMarket's forerunner, which was uncovered by the US Secret Service in 2004. "JiLsi was one of the highest in cybercrime in this country with what he managed to achieve setting up a forum globally. No JiLsi, no DarkMarket," said one Soca investigator.

Its 2,000 members never met in real life. Quality, not quantity, was the key. DarkMarket was fastidious in banning "rippers" who would cheat other criminals. Honour among thieves was paramount.

It operated an "escrow" service, with payments and goods exchanged through a third party – "like a PayPal for criminals", the judge observed, and an arbitration service resolved disputes. To keep off the radar, the rules were strict: no firearms, drugs or counterfeit currency.

Built on a pyramid structure, administrators decided who joined, moderators ran specific site sections, and reviewers vetted wannabes – each demanding 5% or £250 per transaction as a fixer's fee.

To get on, criminals had to present details of 100 compromised cards free of charge - 50 to one reviewer, 50 to another. Reviewers would test the cards and write an online review of customer satisfaction – just like eBay customers. "If the cards did what they were supposed to … they would be recommended. If not they weren't allowed in," said the investigator.

Payment was via accounts on WebMoney, or E-Gold. "It was the QuickTime method of sending money anywhere."

Subramaniam was one of the top administrators. He kept his operating system on memory sticks. But when one was stolen, costing him £100,000 in losses and compromising the site's security, he was downgraded to reviewer. Surveillance officers caught him logging on to the website as JiLsi unaware the fellow criminal MasterSplyntr he was talking to was, in fact, an FBI agent called Keith Mularski.

Considerable money was exchanged, though actual transactions took place away from the site for security reasons. One buyer spent £250,000 on stolen personal information in just six weeks.

Described as "a very quiet man", Subramaniam worked at Pizza Hut and as a dispatch courier. "He owned three houses but was largely itinerant," said Sharon Lemon, Soca deputy director. "The key to investigations of this sort is finding the evidence to connect the online persona with a living, breathing person."

Harendra de Silva QC, defending Subramaniam, said the "evidence was unchallenged" but said the "question of interpretation does arise in certain areas" and there would be submissions on "nuance" of the fraud in so far as it applied to his client. He is charged alongside John McHugh, 66, known as Devilman, also a site reviewer who has pleaded guilty to conspiracy to defraud and at whose Doncaster home officers found a credit card-making factory. The two will be sentenced later.

But the battle against cybercrime continues. "This was one of the top 10 sites in the world, but there are more than 100 we know of globally, and another 100 we don't yet know of," said the investigators.
In the DarkMarket

DarkMarket price list

Trusted vendors on DarkMarket offered a smorgasbord of personal data, viruses, and card-cloning kits at knockdown prices. Going rates were:

Dumps Data from magnetic stripes on batches of 10 cards. Standard cards: $50. Gold/platinum: $80. Corporate: $180.

Card verification values Information needed for online transactions. $3-$10 depending on quality.

Full information/change of billing Information needed for opening or taking over account details. $150 for account with $10,000 balance. $300 for one with $20,000 balance.

Skimmer Device to read card data. Up to $7,000.

Bank logins 2% of available balance.

Hire of botnet Software robots used in spam attacks. $50 a day.

Credit card images Both sides of card. $30 each.

Embossed card blanks $50 each.

Holograms $5 per 100.

Thursday, January 7, 2010

The 'Israelification' of airports: High security, little bother

December 30, 2009

Cathal Kelly

While North America's airports groan under the weight of another sea-change in security protocols, one word keeps popping out of the mouths of experts: Israelification.

That is, how can we make our airports more like Israel's, which deal with far greater terror threat with far less inconvenience.

"It is mindboggling for us Israelis to look at what happens in North America, because we went through this 50 years ago," said Rafi Sela, the president of AR Challenges, a global transportation security consultancy. He's worked with the RCMP, the U.S. Navy Seals and airports around the world.

"Israelis, unlike Canadians and Americans, don't take s--- from anybody. When the security agency in Israel (the ISA) started to tighten security and we had to wait in line for — not for hours — but 30 or 40 minutes, all hell broke loose here. We said, 'We're not going to do this. You're going to find a way that will take care of security without touching the efficiency of the airport."

That, in a nutshell is "Israelification" - a system that protects life and limb without annoying you to death.

Despite facing dozens of potential threats each day, the security set-up at Israel's largest hub, Tel Aviv's Ben Gurion Airport, has not been breached since 2002, when a passenger mistakenly carried a handgun onto a flight. How do they manage that?

"The first thing you do is to look at who is coming into your airport," said Sela.

The first layer of actual security that greets travellers at Tel Aviv's Ben Gurion International Airport is a roadside check. All drivers are stopped and asked two questions: How are you? Where are you coming from?

"Two benign questions. The questions aren't important. The way people act when they answer them is," Sela said.

Officers are looking for nervousness or other signs of "distress" — behavioural profiling. Sela rejects the argument that profiling is discriminatory.

"The word 'profiling' is a political invention by people who don't want to do security," he said. "To us, it doesn't matter if he's black, white, young or old. It's just his behaviour. So what kind of privacy am I really stepping on when I'm doing this?"

Once you've parked your car or gotten off your bus, you pass through the second and third security perimeters.

Armed guards outside the terminal are trained to observe passengers as they move toward the doors, again looking for odd behaviour. At Ben Gurion's half-dozen entrances, another layer of security are watching. At this point, some travellers will be randomly taken aside, and their person and their luggage run through a magnometer.

"This is to see that you don't have heavy metals on you or something that looks suspicious," said Sela.

You are now in the terminal. As you approach your airline check-in desk, a trained interviewer takes your passport and ticket. They ask a series of questions: Who packed your luggage? Has it left your side?

"The whole time, they are looking into your eyes — which is very embarrassing. But this is one of the ways they figure out if you are suspicious or not. It takes 20, 25 seconds," said Sela.

Lines are staggered. People are not allowed to bunch up into inviting targets for a bomber who has gotten this far.

At the check-in desk, your luggage is scanned immediately in a purpose-built area. Sela plays devil's advocate — what if you have escaped the attention of the first four layers of security, and now try to pass a bag with a bomb in it?

"I once put this question to Jacques Duchesneau (the former head of the Canadian Air Transport Security Authority): say there is a bag with play-doh in it and two pens stuck in the play-doh. That is 'Bombs 101' to a screener. I asked Ducheneau, 'What would you do?' And he said, 'Evacuate the terminal.' And I said, 'Oh. My. God.'

"Take Pearson. Do you know how many people are in the terminal at all times? Many thousands. Let's say I'm (doing an evacuation) without panic — which will never happen. But let's say this is the case. How long will it take? Nobody thought about it. I said, 'Two days.'"

A screener at Ben-Gurion has a pair of better options.

First, the screening area is surrounded by contoured, blast-proof glass that can contain the detonation of up to 100 kilos of plastic explosive. Only the few dozen people within the screening area need be removed, and only to a point a few metres away.

Second, all the screening areas contain 'bomb boxes'. If a screener spots a suspect bag, he/she is trained to pick it up and place it in the box, which is blast proof. A bomb squad arrives shortly and wheels the box away for further investigation.

"This is a very small simple example of how we can simply stop a problem that would cripple one of your airports," Sela said.

Five security layers down: you now finally arrive at the only one which Ben-Gurion Airport shares with Pearson — the body and hand-luggage check.

"But here it is done completely, absolutely 180 degrees differently than it is done in North America," Sela said.

"First, it's fast — there's almost no line. That's because they're not looking for liquids, they're not looking at your shoes. They're not looking for everything they look for in North America. They just look at you," said Sela. "Even today with the heightened security in North America, they will check your items to death. But they will never look at you, at how you behave. They will never look into your eyes ... and that's how you figure out the bad guys from the good guys."

That's the process — six layers, four hard, two soft. The goal at Ben-Gurion is to move fliers from the parking lot to the airport lounge in a maximum of 25 minutes.

This doesn't begin to cover the off-site security net that failed so spectacularly in targeting would-be Flight 253 bomber Umar Farouk Abdulmutallab — intelligence. In Israel, Sela said, a coordinated intelligence gathering operation produces a constantly evolving series of threat analyses and vulnerability studies.

"There is absolutely no intelligence and threat analysis done in Canada or the United States," Sela said. "Absolutely none."

But even without the intelligence, Sela maintains, Abdulmutallab would not have gotten past Ben Gurion Airport's behavioural profilers.

So. Eight years after 9/11, why are we still so reactive, so un-Israelified?

Working hard to dampen his outrage, Sela first blames our leaders, and then ourselves.

"We have a saying in Hebrew that it's much easier to look for a lost key under the light, than to look for the key where you actually lost it, because it's dark over there. That's exactly how (North American airport security officials) act," Sela said. "You can easily do what we do. You don't have to replace anything. You have to add just a little bit — technology, training. But you have to completely change the way you go about doing airport security. And that is something that the bureaucrats have a problem with. They are very well enclosed in their own concept."

And rather than fear, he suggests that outrage would be a far more powerful spur to provoking that change.

"Do you know why Israelis are so calm? We have brutal terror attacks on our civilians and still, life in Israel is pretty good. The reason is that people trust their defence forces, their police, their response teams and the security agencies. They know they're doing a good job. You can't say the same thing about Americans and Canadians. They don't trust anybody," Sela said. "But they say, 'So far, so good'. Then if something happens, all hell breaks loose and you've spent eight hours in an airport. Which is ridiculous. Not justifiable

"But, what can you do? Americans and Canadians are nice people and they will do anything because they were told to do so and because they don't know any different."