DarkMarket
Encyclopedia
DarkMarket was an English-speaking internet cybercrime
forum created by Renukanth Subramaniam in London that was shut down in 2008 after FBI
agent J. Keith Mularski infiltrated it using the alias Master Splyntr, leading to more than 60 arrests worldwide. Subramaniam, who used the alias JiLsi, admitted conspiracy to defraud and was sentenced to nearly five years in prison in February 2010.
The website allowed buyers and sellers of stolen identities
and credit card data to meet and conduct criminal enterprise in an entrepreneurial, peer-reviewed
environment. It had 2,500 users at its peak.
According to supervisory special agent Mularski of the FBI's Cyber Initiative & Resource Fusion Unit, their undercover operation was "very successful in getting to the upper echelons of the Dark Market group and we were actually able to run the server and host all the communications that were going on there to make our cases." He obtained full access to everyone using the site and what they were doing by securing the server after gaining Subramaniam's confidence.
In Congressional testimony on November 17, 2009, FBI Deputy Assistant Director, Cyber Division Steven R. Chabinsky described "the FBI's infiltration and dismantlement of Darkmarket, an online virtual transnational criminal organization. Working with our international partners in the United Kingdom, Germany, and Turkey, the FBI conducted a two-year undercover
operation to penetrate the organization and bring it to its knees. At its peak, the Darkmarket forum had over 2,500 members—spanning countries throughout the world—who were involved in buying and selling stolen financial information, including credit card data, login credentials (user names, passwords), and equipment used to carry out certain financial crimes. Using undercover techniques, the FBI penetrated the highest levels of this group and identified and located its leading members. Multi-agency and multi-national coordination with our law enforcement partners led to over 60 arrests worldwide, as well as the prevention of $70 million in economic loss that otherwise would have occurred from compromised victim accounts.
In a speech to the GovSec/FOSE Conference on March 23, 2010, Chabinsky related that "Not long ago, there was an online carding forum named Darkmarket. It had members worldwide who were involved in buying and selling stolen financial information, such as credit card data, login credentials, and equipment to carry out financial crimes. Darkmarket doesn't exist anymore. Why? Because the FBI infiltrated it and brought it down. Through a two-year undercover operation led by an individual known to most users only as “Master Splyntr,” we penetrated the highest levels of this group and identified and located its leading members, which led to over 60 arrests worldwide and the prevention of tens if not hundreds of millions of dollars in economic loss. To the shock of criminals worldwide, Master Splyntr—who was on the site nearly everyday, participating anywhere from one hour to 15 hours a day—was a very dedicated and talented FBI special agent, of which we are proud and fortunate to have many. Still, it's a lot of work to take down a single forum, but it shows we can succeed if we have the right people in place and the resources to apply.
In other words, having hired and trained special agents who can talk the talk, and given the resources to spend enough hours online for an extended period of time, we have found that almost any cyber criminal enterprise will begin to trust us, despite having never met us face-to-face. We also learned that the communication methods used by these criminals are, to them, a social outlet as well. Just as often as they are speaking about malware
, crimes, and goods for sale, they are talking about their families, their girlfriends, their vacations, and their cars. After a time, members of these forums become friends. That is where the intrinsic trust stems from. When somebody first enters as a new member, they’re considered a potential cop; a month later, they’re less of a cop; six months later, they’re a friend; a year later, they are trusted implicitly—to the extent that when an outsider anonymously told a Darkmarket participant that Master Splyntr was actually the FBI (which, as you now know, was true) all Master Splyntr had to do was deny the accusation and he was believed because he was an insider, whereas the informer was an outsider.
The Darkmarket case also provides us with insight into cyber crime tradecraft. Cyber criminals deploy countermeasures
that can cost them a lot of time and effort, in hopes of evading our lawful investigative techniques. Consider the fact that cyber criminals routinely change their nicknames, e-mails, digital currency
accounts, and the ICQ
numbers they use in forums. Not only do they change these accounts and identifying numbers, but they also use different combinations of the information in each forum they participate in."
Another DarkMarket member, Thomas James Frederick Smith, pleaded guilty on June 10, 2010 to conspiracy to intentionally cause damage to a protected computer and to commit computer fraud.
Computer crime
Computer crime, or cybercrime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers to criminal exploitation of the Internet. Such crimes may threaten a nation’s security and financial health...
forum created by Renukanth Subramaniam in London that was shut down in 2008 after FBI
Federal Bureau of Investigation
The Federal Bureau of Investigation is an agency of the United States Department of Justice that serves as both a federal criminal investigative body and an internal intelligence agency . The FBI has investigative jurisdiction over violations of more than 200 categories of federal crime...
agent J. Keith Mularski infiltrated it using the alias Master Splyntr, leading to more than 60 arrests worldwide. Subramaniam, who used the alias JiLsi, admitted conspiracy to defraud and was sentenced to nearly five years in prison in February 2010.
The website allowed buyers and sellers of stolen identities
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
and credit card data to meet and conduct criminal enterprise in an entrepreneurial, peer-reviewed
Peer review
Peer review is a process of self-regulation by a profession or a process of evaluation involving qualified individuals within the relevant field. Peer review methods are employed to maintain standards, improve performance and provide credibility...
environment. It had 2,500 users at its peak.
According to supervisory special agent Mularski of the FBI's Cyber Initiative & Resource Fusion Unit, their undercover operation was "very successful in getting to the upper echelons of the Dark Market group and we were actually able to run the server and host all the communications that were going on there to make our cases." He obtained full access to everyone using the site and what they were doing by securing the server after gaining Subramaniam's confidence.
In Congressional testimony on November 17, 2009, FBI Deputy Assistant Director, Cyber Division Steven R. Chabinsky described "the FBI's infiltration and dismantlement of Darkmarket, an online virtual transnational criminal organization. Working with our international partners in the United Kingdom, Germany, and Turkey, the FBI conducted a two-year undercover
Undercover
Being undercover is disguising one's own identity or using an assumed identity for the purposes of gaining the trust of an individual or organization to learn secret information or to gain the trust of targeted individuals in order to gain information or evidence...
operation to penetrate the organization and bring it to its knees. At its peak, the Darkmarket forum had over 2,500 members—spanning countries throughout the world—who were involved in buying and selling stolen financial information, including credit card data, login credentials (user names, passwords), and equipment used to carry out certain financial crimes. Using undercover techniques, the FBI penetrated the highest levels of this group and identified and located its leading members. Multi-agency and multi-national coordination with our law enforcement partners led to over 60 arrests worldwide, as well as the prevention of $70 million in economic loss that otherwise would have occurred from compromised victim accounts.
In a speech to the GovSec/FOSE Conference on March 23, 2010, Chabinsky related that "Not long ago, there was an online carding forum named Darkmarket. It had members worldwide who were involved in buying and selling stolen financial information, such as credit card data, login credentials, and equipment to carry out financial crimes. Darkmarket doesn't exist anymore. Why? Because the FBI infiltrated it and brought it down. Through a two-year undercover operation led by an individual known to most users only as “Master Splyntr,” we penetrated the highest levels of this group and identified and located its leading members, which led to over 60 arrests worldwide and the prevention of tens if not hundreds of millions of dollars in economic loss. To the shock of criminals worldwide, Master Splyntr—who was on the site nearly everyday, participating anywhere from one hour to 15 hours a day—was a very dedicated and talented FBI special agent, of which we are proud and fortunate to have many. Still, it's a lot of work to take down a single forum, but it shows we can succeed if we have the right people in place and the resources to apply.
In other words, having hired and trained special agents who can talk the talk, and given the resources to spend enough hours online for an extended period of time, we have found that almost any cyber criminal enterprise will begin to trust us, despite having never met us face-to-face. We also learned that the communication methods used by these criminals are, to them, a social outlet as well. Just as often as they are speaking about malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
, crimes, and goods for sale, they are talking about their families, their girlfriends, their vacations, and their cars. After a time, members of these forums become friends. That is where the intrinsic trust stems from. When somebody first enters as a new member, they’re considered a potential cop; a month later, they’re less of a cop; six months later, they’re a friend; a year later, they are trusted implicitly—to the extent that when an outsider anonymously told a Darkmarket participant that Master Splyntr was actually the FBI (which, as you now know, was true) all Master Splyntr had to do was deny the accusation and he was believed because he was an insider, whereas the informer was an outsider.
The Darkmarket case also provides us with insight into cyber crime tradecraft. Cyber criminals deploy countermeasures
Countermeasure (computer)
In Computer Security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.The definition is...
that can cost them a lot of time and effort, in hopes of evading our lawful investigative techniques. Consider the fact that cyber criminals routinely change their nicknames, e-mails, digital currency
Electronic money
Electronic money is money or scrip that is only exchanged electronically. Typically, this involves the use of computer networks, the internet and digital stored value systems...
accounts, and the ICQ
ICQ
ICQ is an instant messaging computer program, which was first developed and popularized by the Israeli company Mirabilis, then bought by America Online, and since April 2010 owned by Mail.ru Group. The name ICQ is a homophone for the phrase "I seek you"...
numbers they use in forums. Not only do they change these accounts and identifying numbers, but they also use different combinations of the information in each forum they participate in."
Another DarkMarket member, Thomas James Frederick Smith, pleaded guilty on June 10, 2010 to conspiracy to intentionally cause damage to a protected computer and to commit computer fraud.
Further reading
- Glenny, MishaMisha GlennyMisha Glenny is a British journalist who specializes in southeastern Europe and global organized crime.-Biography:Glenny is the son of the late Russian studies academic Michael Glenny...
, DarkMarket : cyberthieves, cybercops, and you, New York, NY : Alfred A. Knopf, 2011. ISBN 9780307592934