FBI agent reveals details of cybercrime sting

In September 2008, police in the US began arresting alleged members of DarkMarket, an underground internet forum for buying and selling credit-card data used for identity fraud. The sting would not have been possible without the work of FBI agent J Keith Mularski, who spent two years infiltrating the group.

Mularski became hacker 'Master Splynter', a play on the name of the Teenage Mutant Ninja Turtles character called 'Master Splinter', a rat who lives in New York City's sewers. He was so successful in his online disguise that he ended up running the server that hosted the DarkMarket forum from his offices at the National Cyber-Forensics & Training Alliance in Pittsburgh, Pennsylvania.

Mularski, a supervisory special agent with the FBI's Cyber Initiative and Resource Fusion Unit, spoke about the DarkMarket sting during a session at the RSA security conference in April. ZDNet UK's sister site CNET News caught up with him this week on the telephone to find out what it was like hanging out with cybercriminals.

Q: You were central to the DarkMarket sting. What happened and what role did you played?
We kicked off an undercover operation to try to penetrate these underground crime groups that are running these forums on the internet. We developed the persona of a spammer/hacker and I assumed that role. Our intention was to try to penetrate the groups and dismantle them like we would with organised crime.

In this case, we were very successful in getting to the upper echelons of the DarkMarket group, and we were actually able to run the server and host all the communications that were going on there to make our cases against the criminals. Worldwide, we had 60 arrests. It was a two-year operation and we had arrests in the UK, Germany, Turkey and the US.

What measures did you take to try to prove you were legitimate?
I acquired the reputation as one of the world's top five spammers. The Spamhaus Project, which tracks spammers, made a listing for me as being a top spammer and that gave me credibility so that I didn't necessarily have to do any criminal activity. I could talk the talk.

If someone wanted me to mail (send spam) for them I would (get out of it by giving them the excuse) that they were too small of a fish. If they were a big fish, I'd just say I didn't have any openings or time to work with them.

What sorts of crimes were they doing on DarkMarket?
They were doing all sorts of identity theft. They were hacking into companies and stealing credit card numbers and selling them. They were selling counterfeit drivers' licences and other photo documentation as well as manufacturing fake credit cards. They were selling harvested bank accounts and brokerage accounts and selling different types of malware or spyware programs or Trojan horses that you could infect peoples' computers with.

The whole gamut of the cyber underground was available there. If you needed it, you could get it there on the site.

How did being undercover interfere with your life? What extremes did you reach to keep up the facade?
I would have to be online all the time, basically, in case someone needed to get ahold of me. If I was at home, I would always have a computer on, even while watching TV. If I went on holiday, I took the computer with me to make sure I was able to log in.

I would tell the (DarkMarket) guys I was travelling to go surfing or something like that and I would tell them I'll be online at these times if they needed to get me.

I had a mobile phone connected to a Gmail account and I would tell them if they had to get ahold of me to send an email and it would ping me.

It was like that for two solid years almost every day. My wife wasn't too happy about it.

Was there ever a moment when you thought the jig was up and that they were on to you?
There were a couple of those. We had a problem with our backstopping right at the beginning of the operation when I took over the server. One of our rivals had hacked into the DarkMarket server and was looking at who was logging in. He traced the IP address doing a 'whois' (lookup) and the phone number connected to our covert IP address, which was supposed to be unlisted — instead it showed the address here at the National Cyber Forensics Training Alliance.

By doing some research, they determined that the IP address came from this building and they thought it came from me. I had to go on the offensive and say that it wasn't me and that it was already in the server. Eventually, they believed me.

There were a lot of wars between rival groups at the time. A lot of people were accusing each other of being 'feds' and 'cops', and I was able to use that to my advantage to create a smoke screen and create doubt.

How were you able to become administrator of the DarkMarket server?
I had good relations with the administrator whose alias was 'Jilsi'. He wasn't a very technical guy and was having problems running the site because it was getting attacked by a rival group. So I told him about my background as a spammer and told him how good I was at setting up sites. I did some demonstrations and set up some test sites to show him I had the skills. Then there was just a lot of talk and rapport building.

One night when DarkMarket was getting attacked by a rival group, I said I was ready and that I could secure the server for him and he said, "let's move". That gave me full access to everyone using it and what they were doing.

Any anecdotes to tell about your dealings with these people?
It was like a soap opera. There was constant drama going on. A lot of people were accusing one another of being cops.

It was funny being part of the discussion as people were talking about whether so and so was a cop or a fed, and I was sitting there knowing full well that the person wasn't. There were a lot of egos and a lot of funny stories where guys would brag about their close brushes with the law and how close they got to being arrested.

You get 20-year-old guys, 30-year-old guys who are single and making a lot of money, so you hear a lot of stories of partying and things like that.

Did you get a sense of what these carders are like as people, what their characters are like?
There are a lot of guys who I think their curiosity just got the best of them and it led them...