Skimmed cards and stolen IDs: crime in the digital cloud

 

TECHNOLOGY: DarkMarket: Cyberthieves, Cybercops and YouBy Misha Glenny The Bodley Head, 296pp. £13.99

EVERY SO OFTEN we hear about a spate of card-skimming attacks, with devices recording our Pins and other details from ATMs, or we read another story about the rise of identity theft, our names, birth dates and addresses hijacked online. These tales usually make us feel insecure about how our lives are increasingly networked and how our savings are vulnerable to modern-day bank robbers operating in the digital cloud.

These crimes might be petty, and ultimately victims get reimbursed by banks and credit-card companies for this sort of fraud, but it can feel more invasive and threatening because of its inscrutability. Where exactly do our credit-card details end up? Who makes the counterfeit credit cards, and where do they use them? From what ATM in what country does the money come out of our accounts? Into what bank does that money get lodged? Above all, how can police possibly capture these faceless criminals?

In DarkMarket,Misha Glenny does a superlative job of putting faces to the criminals and cops behind those questions, as well as tracing the Byzantine network that carders, phishers and hackers use to organise their 21st-century looting.

The phrase organised crime usually connotes the Sicilian Mafia and its international progeny, or perhaps ruthless inner-city drug gangs, but it’s disconcerting to realise they’re being superseded by an entirely new form of organised criminality. Glenny analysed the traditional crime families in his acclaimed McMafia,and this is in many ways a futuristic sequel to that book: instead of tales of violence and intimidation, we get tales of hacking and denial-of-service attacks.

Any attempt to relate the stories of global cyberfraudsters is at risk of what might be termed the glowing screen of narrative paralysis: think of any film that involves characters spending large chunks of the story tapping away at keyboards in front of computer monitors, then recall how dull that film was, and you’ll have an idea of how difficult it can be to animate a story that involves huge amounts of computer activity.

Glenny, a former central Europe correspondent for the Guardianand the BBC, overcomes that problem through the urgency of his writing and the intricacy of his narrative structure: this reads less like investigative reporting and more like investigative thriller writing, a nonfiction page-turner filled with suspense and intrigue. His research is assiduous and detailed, but it always works in support of the larger plot rather than overwhelming it.

And what a story it is.

It begins, incongruously enough, with a Yorkshire vicar and a Scunthorpe chemical-engineering firm. The vicar, we learn, has been the victim of electronic bank fraud; the information-technology director of the chemical-engineering firm has just discovered that one of its chemists has been hoarding huge amounts of credit-card numbers and other electronic bank details. The locale might be mundane, but that reinforces one crucial characteristic of 21st-century cybercrime: it is truly global.

The chemist was a member of DarkMarket, at one time the world’s largest online forum and swap shop for cyberthieves, having overtaken sites such as CarderPlanet, Shadowcrew and CardersMarket. In relating the history of these sites and profiling the extraordinary characters who ran them, Glenny skips across the planet, from Sri Lanka to Odessa, from San Francisco to Istanbul, from Pittsburgh to Monaco, like in a fevered Bond plot but with all-night coding sessions substituted for one-night stands.

The hackers and carders are a fascinating bunch: Script, the Ukrainian teenager who brazenly held a cybercrime conference in Odessa in 2002; Cha0, the Turkish administrator of DarkMarket who operated a vast operation of skimming machines; Max Vision, a former security consultant for the FBI who went rogue and founded CardersMarket; RedBrigade, who made $300,000 in one fortnight-long spree of New York ATMs; Master Splyntr, a Polish spammer who became a secretive DarkMarket player; and many more.

They make an absorbing cast, but this is a game of cat and mouse, subterfuge and sting, a protracted battle between cyberthieves and cybercops, and Glenny masterfully weaves the tale together. He grounds the story with the diligent efforts of the law-enforcement officers tasked with responding to cybercrime, in particular Bilal Sen of the Turkish police force and Keith Mularski of the FBI’s cyber division. Mularski, it turns out, was operating as an online Donnie Brasco, effectively running DarkMarket while he accumulated evidence against its ringleaders and prominent members.

The efforts of Sen and Mularski were successful, to a point: DarkMarket was shut down in 2008. But the challenges are clear. Cybercrime is a global phenomenon – a card could be skimmed in Lille and duplicated in Kiev, then used to withdraw money in Latvia – but law enforcement is largely local, so police forces lack both the means and the incentive to track down culprits in a different jurisdiction. And banks, supposedly the ultimate victims, tend to resist co-operation with law-enforcement agencies so as not to damage their reputations or betray technological weaknesses. The result is that the cost of such widespread fraud is borne by all bank customers.

Cybercrime can seem like a chimera, the scale of the threat unknowable because of the invisibility of its perpetrators. But with DarkMarketGlenny has made the chimera feel a lot more real, and a lot more daunting.


Davin O’Dwyer is an freelance journalist