FBI agent reveals details of cybercrime sting

...down a dark path. One of the guys, Max Butler, who ran our rival site called CardersMarket and used the hacker name 'Ice Man', was arrested in San Francisco. He was very intelligent. He could have been an excellent security expert. He could have given talks at RSA about vulnerabilities.

A lot of these guys are just misguided. They get into a hotel and see that they have credit cards and one thing leads to another. I think that's how it all starts off and then they find they can make a lot of money and it becomes a business, a job. If you met them in person, they were actually nice guys. I enjoyed a lot of my chat sessions when we were talking about other things, like travelling the world and things like that.

How old are they?
The average guy is in his mid-20s or so. We've seen guys in their 40s. Ages range from 17 to 40-something, typically. A lot of the guys who we arrested were in their mid-30s.

How tied to organised crime are they?
One of the guys, 'ChaO', kidnapped someone. He viewed himself as a traditional organised crime member. He was connected with organised crime groups in Turkey and they resorted to violence when they kidnapped someone who was talking too much about the operations. We're seeing more of that, especially in Romania, also in Russia.

Did you hear from any of your former carder cohorts after the arrests?
I heard from sources that they couldn't believe I was an FBI agent. One of the guys whose house we raided wasn't at home and he sent me an expletive-filled message saying, "you're never going to catch me". I told him he should give himself up rather than spend his life on the run and a week later he turned himself in.

This work sounds dangerous. Did you ever feel you were in danger or are you worried now?
When you are an FBI agent, there's always that threat of danger working crimes undercover. We never intended for my name to come out in this operation, but FBI agents' names are in affidavits. There was always that risk that my name could be exposed. It's always in the back of your mind, but you try not to think about it.

What impact did the sting have?
It showed that we can get you no matter where you live. We were able to make internal relationships and work cases jointly with law enforcement in other countries.

In the future, there will be other joint cases in Europe and around the world. You don't necessarily have to be in the US for us to bring you to justice. That is one of the most significant impacts it had.

Another one is that it showed these guys that, yes, we do have a presence out there (on the internet) and the US is serious about targeting cybercrime. We are going to throw our resources at this problem.

How have things changed since you started the DarkMarket operation in 2006?
With every operation, the bad guys learn more of the undercover techniques that law enforcement is using.

Everything that was successful for us in this operation would have to be tweaked because of that. The level of sophistication is so much higher. The days of a cyber investigation where you just track an IP address and that leads you to a hacker's house are long gone. There are many different anonymisation services the bad guys are using.

Read this

Security lessons not learned will haunt us in 2009

Read more

The exploits and botnets they are using are so much more sophisticated than they were a couple of years ago. Just two years ago, the majority of the botnets were IRC botnets, which are fairly simple. Now we're seeing botnets like the Storm worm that are very sophisticated and running peer-to-peer networks, and that makes it harder for us to track down the command and control servers.

Have you been involved in any of the efforts to track down the people behind the Conficker worm?
I can't comment on that.

Anything else to add?
The message I'm trying to preach is that we have international cooperation and that other countries are starting to recognise this problem. Also, the attackers have changed with the emergence of organised crime into these cybercrimes. It's not just an 18-year-old, pimply-faced kid in his room committing these crimes. These are organised crime groups doing it. It's all about the money now and not just about how elite my hacking skills are to get into this web site. Profit is driving these groups.

The stakes are higher now for everyone?
Definitely.