How hacker wannabes become profit-driven cyberthieves

April 8th, 2008

Book Excerpt
Chapter 4
Pages 46- 49
Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity

ISBN- 13: 978-1-4027-5695-5

Self-anointed Avenger
Exploiters
Fall 2003, Edmonton

Socrates at the Beverly Motel, Edmonton

Socrates at the Beverly Motel, Edmonton

The oldest of three children in a stable, churchgoing family, Socrates recalls getting hooked on computers as a young kid. Introverted, soft-spoken, and respectful of his parents, Socrates taught himself about all things digital. He became savvy enough around computers to land a job as a technical engineering draftsman not long after graduating from high school. He earned enough to get himself an apartment and buy a state-of-the-art desktop PC. By all outward appearances, by age twenty, he seemed well positioned to make his way in the world.

In his leisure time, Socrates spent endless hours at his keyboard smoking a little pot and playing Counter-Strike, a popular online video game in which participants role-play either as a terrorist out to plant bombs, take hostages, and assassinate enemies, or as a counterterrorist determined to neutralize the terrorists. Comrades communicate by text messaging one another, using Internet slang, on an IRC (Internet relay chat) channel. Chat channels are virtual meeting rooms where people from all over the world convene to exchange text messages in real time about topics of common interests. As with most online, multiplayer video games, cheating on Counter-Strike is not uncommon. For instance, some players will use “wallhacks”-cheat code that renders solid objects semitransparent. This allows the cheater to spot and take aim at rivals hiding behind solid objects.

When he wasn’t playing Counter-Strike, Socrates would navigate to mIRC.com, a popular public Web site that serves as a gateway to thousands of chat channels. He gravitated to certain chat rooms where cinema buffs bragged about being the first to post digital copies of the latest Hollywood blockbusters on the Internet for free downloading. He became an avid collector of pirated first-run Hollywood blockbusters. Increasingly, Socrates lost track of time. His punctuality-and ultimately attendance-at work suffered. He was fired in the summer of 2003.

“I was always at home, stuck on my computer,” he says. “I was too obsessed with doing what I was doing online, rather than going to work. I lost my apartment. Lost everything I owned. Then I started using heavier drugs. I started smoking meth.”

In the fall of 2003, Marilyn was trying to work out a new fraud scheme and had heard about a kid named Socrates who knew his way around computers and chat rooms. She had actually been acquainted briefly with Socrates years before. “I ran into him through a mutual friend when he lost his job,” she says. “I was, like, ‘Hey maybe you can help me out with something?’”

Marilyn introduced Socrates to Biggie and Frankie. By then Frankie was trying to lay low. Several weeks after almost getting shot by Detective Gauthier, he had been arrested a second time and was out on bail, awaiting disposition of a slew of criminal charges. A third bust would guarantee serious jail time.

Frankie, too, had been haunting IRC chat channels. He had found his way to chat rooms where participants from such countries as Romania, Austria, and Egypt expressed keen interest in the data Frankie was collecting from bank records in Dumpsters and mailboxes. The cash-extraction capabilities Frankie boasted about also caught their attention. But Frankie never pursued the chat channel connections very far. He got his charge out of conning customer reps into doing his bidding. And he loved graphic design, using Adobe Photoshop to produce counterfeit checks, Canadian currency, and drivers’ licenses.

Socrates, who felt most comfortable immersed in the virtual world, stepped in and picked up where Frankie left off. He handled the techie end of a scheme to exploit security holes in an online banking service unique to Canadian banks, called e-mail transfers. Canadian banks allowed their online banking customers to transfer up to $1,000 via e-mail to anyone with a valid e-mail address. In a few clicks, the recipient of an e-mail transfer could download the funds into his or her online account and have instant access to the cash at an ATM machine.

Marilyn and Frankie would get on the phone to cajole bank reps into changing the passwords and PIN numbers on accounts for which they had basic information, culled from records plucked from the trash or stolen from mailboxes. Biggie opened bank “drop” accounts all around town, using his true identity, into which he could download e-mail transfers, then withdraw the cash from an ATM machine shortly thereafter. He took charge of the recruitment and handling of runners who likewise opened drop accounts for the cell’s use.

The cell discovered that the banks generally would take no action to sanction drop-account holders for making withdrawals soon after large deposits were made into their accounts. After all, there was nothing illegal in withdrawing cash that was sitting in your own account. Once the bank suspected illicit funds had been transferred into an account, the most it would do was close the drop account and decline to open another one for the runner. The cell also learned that bank branches don’t necessarily communicate with one another. A runner whose account got shut down at one branch could scoot across town and open a drop account in a different branch of the same bank.

With Marilyn and Frankie assembling the pieces of data needed to breach accounts, and Biggie controlling the flow of extracted cash, Socrates’s job fell right in his comfort zone. Using a laptop computer, Socrates took command of the virtual components; he went online to access the breached accounts and trigger e-mail transfers into the drop accounts controlled by the cell.

The cell also had hundreds of stolen credit card numbers to work with. Marilyn, always good at math, mastered the art of “tumbling.” She could take a pair of sixteen-digit credit card numbers and decode the algorithm that would produce other working numbers in the same range. Socrates and Frankie went online and, using stolen credit card numbers, ordered the tools of their trade: computers, graphics software to manufacture fake IDs, and online services, such as Vonage Internet phone accounts.

The Vonage phone numbers came in handy if the cell needed to transfer cash from a breached bank account located in a different Canadian city. One way to defeat the bank’s security measures involved making a cash transfer to a $500 money order made out to Biggie and designated for pickup at an Edmonton Western Union office. If the bank’s fraud-detection system flagged the transfer as suspicious, triggering a phone call to verify the account holder, the bank employee would call the phone number listed with the account. Of course, Marilyn, beforehand, would change the number to a Vonage phone account, picking a number using the area code from the city where the account originated. There was no way for the bank rep to detect that it was a Vonage number, one of many issued to a meth addict in Edmonton. Upon answering, Marilyn, in a sweet voice, would confirm the authenticity of the money order.