Fatal System Error (28 page)

Read Fatal System Error Online

Authors: Joseph Menn

Tags: #Business & Economics, #General, #Computers, #Security, #Viruses & Malware, #Online Safety & Privacy, #Law, #Computer & Internet, #Social Science, #Criminology

BOOK: Fatal System Error
5.28Mb size Format: txt, pdf, ePub
“I find it important for everyone in this company to understand why you do what you do: It’s not about money, when I started Prolexic, I never thought I would get rich from it. I thought I could make a nice living, but a greed machine was never something I envisioned. What I envisioned was a company that saved companies. A company that would stand up and do scary and difficult work when everyone said it was impossible.... So when you come to work and you wonder why you may be there, try to think about what the company should represent. The more positive work the company does the higher chances it has to become what I wish it would be. It’s in your hands. Barrett.”
ANDY ASSUMED THE BRITISH GOVERNMENT would crow about the victory. That had been the plan all along, to get convictions in the most unlikely of places, then trumpet the story to make sure every underground hacker got the message to stay away from the U.K. But in the middle of Maksakov’s trial, five years after the NHTCU’s creation, it was dissolved and replaced by the new Serious Organised Crime Agency, which took up so many other responsibilities that its first website didn’t even mention the NHTCU. SOCA’s mission was to go after all manner of mob crime, and its leaders felt there was nothing special about computer-assisted thuggery. Drugs were the top target, consuming 40 percent of the 4,000-person agency’s resources. The idea was to use intelligence-agency and anti-terrorism techniques to go after the most successful criminals in the country. But the management ranks were thick, the experience of the street-level operatives was modest, and the arrests were few. From the first, several members of Parliament and tech security experts warned that cybercrime would get far less attention than it deserved. Their pleas brought no changes.
The head of SOCA was a British intelligence veteran who believed in keeping things quiet. SOCA was exempted from freedom-of-information laws on disclosure. And it issued no press releases on the Russian case. In fact, it didn’t issue a press release about anything until January 2008, when complaints about its poor performance left it fighting to prove its usefulness. A year after that, conservatives began calling for its abolition.
Andy felt like he was living the ending of
Raiders of the Lost Ark:
he brought home one of the wonders of the criminal justice world, and they stuck it in a numbered crate in some anonymous government warehouse.
11
BEYOND CRIME
BARRETT LYON AND ANDY CROCKER had done what no one thought possible, catching and jailing Russian hackers who were attacking Western targets for financial gain. Now Andy wanted to see how much further they could go. He didn’t see any way to cut off the cybercrime forums. But he had worked with good men at all levels of the MVD, and he had been impressed with the prosecutor and judge. Together, could they go after the kingpins? The only way to find out was to try. There were plenty of targets, including Stran, King Arthur, Brain, Milsan, and the leaders of the Russian Business Network. But Andy’s new bosses at the Serious Organised Crime Agency didn’t want an employee essentially stationed full time in Russia. SOCA recalled Andy to the U.K., and it sent no one to take his place.
Local corruption rendered Stran a lost cause, frustrating England and the MVD. Police in Pyatigorsk said they found nothing to charge the Arutchevs with, and one even wrote to the MVD in Moscow, asking for the return of Zarubina’s travelers checks. Steaming, Igor Yakovlev released them. Before he left the country, Andy thought he would aim as high as possible, at King Arthur.
Through dogged but until now secret work on the CarderPlanet case, the U.S. Postal Service’s Greg Crabb had succeeded in identifying King Arthur as Artur Galegov, a man in his early twenties living in the Russian republic of Dagestan. Galegov was taking in millions of dollars from Citibank phishing and other scams with the aid of numerous U.S. accomplices, according to Postal Service documents.
In a meeting with two MVD men to discuss other business, Andy pressed his luck. “This case is going well. Let’s keep it going, follow this thing upstream,” he told the others. “Let’s go after King Arthur. He’s as bad as they get, and he’s gotten millions of dollars. If we get him, that will show everyone how serious the Russian government is. It could change everything.” There was an awkward pause. “He’s in Dagestan,” one of the MVD men said. The tone reminded Andy of the famous line from Roman Polanski’s great corruption movie: “Forget about it, Jake, it’s Chinatown.”
“So, he’s in Dagestan, great, you know where he is!” Andy persisted, feigning ignorance. “It’s different there, very rough,” the other man put in, as if talking to a child. “That’s not a problem,” Andy said. “I’m not afraid; I can go anywhere.”The MVD men exchanged looks. The first cleared his throat. “The FSB is dealing with him. They know who he is,” he said, trying to sound reassuring. “Well, then, the FSB can go to Dagestan,” Andy said. But he sensed this wasn’t going to work out. “They aren’t interested in him right now,” the MVD agent shrugged, signaling an end to the subject.
What they didn’t tell Andy was that Dept. K operatives had already tried to get King Arthur. They had prepared a report and sent it to the MVD Investigative Committee, asking the elite squad to conduct interviews and make an arrest. The committee never pursued the case. Andy also brought up the issue with Igor. “Why won’t anyone arrest King Arthur?” he asked. The politically savvy Igor shrugged, said he didn’t know, and gave the all-purpose explanation Andy had heard most of the days he had been in the country. “Eta Rossiya.” It is Russia.
It made an unfortunate amount of sense to Andy.
They’ve got him with the threat of ten years in prison, he thought. They said, “Either come work for us, or go to prison. ” Why would he not, especially if they let him continue making money?
Knowing how things worked in Russia, it was possible that King Arthur was just bribing his way to continued freedom. But that was unlikely. In the ordinary course of events, a suspect would be arrested first, giving officials the most leverage to negotiate payment. Not only had King Arthur been arrested, but no one had come close to arresting him. Besides, too many countries had been demanding King Arthur’s head for too long for a simple bribe to work. “It would be too sensitive to just take money to not arrest him,” Andy told a friend. “So the only reason it goes nowhere is, he’s protected by someone”.
Andy’s colleague Trevor Dickey, who investigated King Arthur as part of the Doug Havard case, said that when he first pressed for action on King Arthur, Russian detectives had passed back the word through Andy that the mastermind “was a nobody, living in a rundown part of Dagestan and clearing perhaps $200 a month.” That answer was so ridiculous that Dickey also decided the Russian government was either using King Arthur extensively or protecting him for another reason. “My educated guess is, he has some connection to something like the Russian Business Network,” Dickey said.
Andy told colleagues he believed King Arthur was specializing in electronic warfare, including DDoS attacks. But he would also be invaluable to any organization seeking the power to disrupt Western economy or to monitor, and perhaps divert, bank transfers. “I think it’s a combination,” Dickey said. “With his expertise, he’s probably an asset the FSB could put to good use.” In 2009, King Arthur was still dispensing advice on carder forums, serving as a mentor to the next generation.
THE MOST LOGICAL REMAINING TARGET was Brain, who had been identified as Alexander Olegovich Grasman. Andy, Barrett, and the MVD had compiled a mountain of evidence against him. Andy flew to San Francisco in January 2007 to take a formal statement from Barrett for the Brain investigation. Barrett organized a barbecue in honor of Andy, other British agents who made the trip, and British-born Secret Service agent Trevor Fenwick, who had helped in the U.S. botnet takedowns. Fenwick would officiate at the handoff of evidence from a U.S. citizen to a British officer, just as the FBI had more than three years before.
It was the first time Barrett and Andy had met in person. As far as Barrett was concerned, it was as if James Bond had just stopped by. Andy regaled Barrett and the others with tales of bravery, corruption, and drunken foolishness. Barrett grew so engrossed in the conversation that the hamburgers he was in charge of grilling shriveled to the size of dollar coins. Barrett was forced to call for a pizza delivery, much to Andy’s amusement.
Barrett took the crew sightseeing that week, and they spent a few hours each day in the BitGravity offices, going over Barrett’s logs and talking about the case against Brain. As they spoke, it struck Barrett that Bra1n’s bots might still exist, faithfully checking in on the Internet Relay Chat channel for instructions from the gang whose members had been jailed or moved on. With Andy watching over his shoulder, Barrett got back into the channel. Sure enough, the bots were still there. “Could we hijack them?” Andy asked. Barrett said he thought they probably could. They began to sketch out a plan to submit to SOCA that would call for seizing control of Bra1n’s botnet and others, then directing the computers to warn their true owners about what had been happening. The plan was never adopted.
Andy also asked the Kazakhstan government for help, to little avail. Britain passed along a formal letter of request asking for a joint operation, but because SOCA didn’t want to invest in another long-term deployment, it didn’t insist on having an investigator along when the Kazakhstan authorities interviewed Brain.
Andy eventually got a report from the police in Kazakhstan. According to the document, detectives had gone to Bra1n’s house. They had started with the relatives, then interviewed the suspect himself. Apparently they had left plenty of time for Brain to square his story with those of his far less technology-savvy parents and sister. All of them said they didn’t use the Internet from the home. All of them said there was a switch at the end of the road where someone else might have tapped into the line and masqueraded as one of them.
Unfathomably, the police let Brain keep his computer after he promised not to delete any files. They didn’t even make a digital copy of the hard drive. Andy showed the report to Igor, who read it and burst out laughing. Both complained to MVD General Boris Miroshnikov that the Kazakhs were hopelessly corrupt. “You can’t interview four people and have all four say the same thing,” said prosecutor Anton Pohamov. “If it had been me and Andy and an investigator from Moscow, it would have been totally different.”
At an electronic-crimes conference held later in Moscow, Andy saw a chance to revive the effort. The prosecutor general for Kazakhstan was there, and so was Miroshnikov. Andy and Miroshnikov orchestrated a cigarette break where they had the prosecutor general outnumbered, Andy later told Pohamov. When both men complained about the shoddy investigation of Brain, the Kazakhstan prosecutor asked them to give his country another chance.
Back in England, Andy spent months compiling the evidence against Brain. He thought he had enough for a denial-of service prosecution, even with everything in Bra1n’s home computer long gone. Andy took another three months preparing the paperwork in the Russian style, which would also work in Kazakhstan. He had to drill four holes on the left margin by hand. String had to be woven through the holes in just the right way, with the ends on the last page held in place with sticky paper. Every one of the hundreds of pages had to be numbered by hand. In November 2008, the volume was delivered to Kazakhstan, along with boxes of exhibits from the U.K., Russia, and America.
In addition to digesting Andy’s work, Kazakhstan promised to infiltrate Bra1n’s new forum of choice for carding activities, Vendorsname. That forum required two references and a native’s use of Russian to join. The FBI was on Vendorsname as well, and it was chasing others left over from Andy’s case, including Milsan. Months passed with no arrest, but Andy didn’t give up hope.

Other books

Updrift by Errin Stevens
Satan's Pony by Robin Hathaway
The High Missouri by Win Blevins
Mission: Cook! by Robert Irvine