DarkMarket: Cyberthieves, Cybercops and You
There is a war going on that few people know about but everyone is paying for.
It’s the war against cyber crime. In Dark Market, Cyberthieves, Cybercops and You, journalist Misha Glenny describes the battle in chilling detail.
On one side is a vast, cloaked and shifting cabal of hackers—including some of the most brilliant computing minds in the world – raking in millions of dollars using stolen bank and credit card numbers.
On the other side are police forces struggling to co-ordinate efforts between countries with different laws, languages and levels of interest in fighting crimes so complex most people can’t grasp the details.
“This is like a game of seven-dimensional chess in which you are never certain of who your opponent is at any one time,” says futurologist Bruno Guissani, whom Glenny cites in the book.
Glenny’s book, based on interviews with a dozen hackers and evidence presented at criminal trials, traces the roots of organized cyber crime back to the collapse of communism in the 1990s and the subsequent rise in criminality in Eastern Europe.
By 2002, cybercriminals had become brazen enough to hold an international conference in Odessa, Ukraine. They issued a press release. One of the organizers gave an interview to Xakep.ru (Hacker magazine).
The hackers, overwhelmingly male and young are fueled by youthful, boisterous enthusiasm and feel invulnerable to law enforcement, says Glenny.
“There’s something slightly school boyish about it, infused also with a sort of half-baked anarchist philosophy.”
At the same time, credit card use began skyrocketing. Between 1997 and 2007, the number of cards in circulation worldwide rose from just under 1.5 billion to three billion, writes Glenny.
Cybercriminals set up their own websites, clearinghouses where they could buy, sell and trade information and goods.
One of the sites provided an escrow service that protected criminals from ripping each other off by ensuring money was received and goods were as promised before transactions were authorized.
“Money was stolen by a Russian in Ukraine from an American company and paid out in Dubai – and the whole transaction need last no longer than ten minutes,” writes Glenny.
You could make yourself stinking rich without even getting up from your computer, one hacker told Glenny.
Before long, DarkMarket, the biggest criminal website ever run, was building business under the direction of a hodge podge of brilliant and bizarre personalities.
They included a crack-addicted Sri Lankan working out of Internet cafés in London, a Nigerian chemical engineer working for a respected firm in a small British town, and a Calgarian who plied his trade using Internet cafés along the city’s light rail line.
One of the canniest figures in the shadowy world of cyber crime is one who goes by the name of Lord Cyric and who is believed to operate out of Montreal or Toronto, says Glenny. No one knows for sure.
It was dead easy in the beginning. Companies that should have known better left their computers wide open to hackers.
One hacker told Glenny that leaving a computer unprotected is like leaving your wallet wide open and stuffed with money in the middle of a mall. Someone is bound to steal the contents, eventually.
A preferred method of theft involves sucking out small amounts of money over a long period of time, according to Glenny. How many people check their bank and credit card statements closely every month? How many call the bank or credit card company to question a $15 withdrawal labeled insurance?
The cost of cyber crime fraud worldwide is measured in the billions of dollars. Cyber criminals have stolen intellectual property from businesses worldwide worth up to USD 1 trillion, according to Interpol.
It’s also a matter of international security. The world’s most sophisticated virus to date was planted in Iran’s nuclear facilities by somebody using a memory stick or CD, according to Glenny. Even the Pentagon’s security has been breached.
The FBI’s Keith J. Mularksi infiltrated DarkMarket and helped bring it down in 2008.
“Were we successful in destroying that model? Yes. Have the criminals adapted to that? Yes,” says Mularksi.
These days, there are even more targets for criminals, he adds. The number of devices accessing the web has exploded.
“The world is evolving. As a result, criminals are moving that way too.”
The new chip-and-pin credit cards being issued contain encrypted and shifting data and have significantly reduced fraud says Michael D’Sa, Head of Visa’s Payment System Security.
“They have good expertise,” D’sa says of cybercriminals, “but we’ve developed a lot of intelligence from attacks and we share that with our merchants.”
Paul Gerics, vice-president, information security and chief information security officer at RBC, says banks have been dealing with electronic fraud since before the Internet entered every home. Over the years, RBC has enhanced data security with multi-layer computer defence systems.
A survey last year by the Canadian Banker’s Association found 63 per cent of people use online banking. It is the fastest-growing method of conducting banking in Canada making it more important than ever to secure data.
Glenny scoffs at the idea that businesses are winning the war.
Only a miniscule elite understands and can manipulate the intricately networked systems we have come to depend on, says Glenny.
Most of us don’t have a clue, blithely opening up attachments and crippling our own computers at the behest of a stranger on the phone claiming to be from Microsoft.
But Glenny and financial institutions agree on one thing: Consumers aren’t doing enough to protect their smart devices from being hacked.
They need to install firewalls and antivirus software on web devices, which, if you’re a typical consumer, seems technical and a lot of work.
The simplest solution, says RBC’s Gerics, is to discuss it with the experts who sell you your computer.
Glenny concludes his book by asking whether jailing hackers is a wise use of resources, when their considerable talents could be put to use fighting hackers still on the loose.
But another source close to the DarkMarket investigation says he’s seen too many attempts at rehabilitation fail.
“The thing is that a lot of these criminals, they get into it based on their curiosity. They blur the lines and before they know it they are on the dark side.”