Read Kingpin: How One Hacker Took Over the Billion Dollar Cyber Crime Underground Online
Authors: Kevin Poulsen
Tags: #Technology & Engineering, #Computer hackers, #Commercial criminals - United States, #Commercial criminals, #Social Science, #True Crime, #Computers, #General, #United States, #Criminals & Outlaws, #Computer crimes, #Butler; Max, #Case studies, #Computer crimes - United States, #Biography & Autobiography, #Computer hackers - United States, #Security, #Engineering (General), #Criminology
Copyright © 2011 by Kevin Poulsen
All rights reserved.
Published in the United States by Crown Publishers,
an imprint of the Crown Publishing Group,
a division of Random House, Inc., New York.
www.crownpublishing.com
CROWN and the Crown colophon are registered trademarks of Random House, Inc.
Library of Congress Cataloging-in-Publication Data
Poulsen, Kevin, 1965–
Kingpin / Kevin Poulsen.—1st ed.
p. cm.
1. Butler, Max. 2. Computer crimes—United States—Case studies.
3. Computer hackers—United States—Case studies. 4. Commercial criminals—
United States—Case studies. I. Title.
HV6773.2.P68 2010
364.16′8092—dc22 2010027952
eISBN: 978-0-307-58870-8
Jacket design by Chris Sergio
Jacket photographs © Jonathan Kitchen/Photographer’s Choice
v3.1
For Lauren,
my unindicted coconspirator in life
Max Vision
, born Max Butler. Ran Carders Market under the handle Iceman. Also known as Ghost23, Generous, Digits, Aphex, and the Whiz.
Christopher Aragon
, aka Easylivin’, Karma, and the Dude. Max’s partner on Carders Market, who ran a lucrative credit card counterfeiting ring fueled by Max’s stolen data.
Script
. A Ukrainian seller of stolen credit card data and founder of CarderPlanet, the first carder forum.
King Arthur
. The Eastern European phisher and ATM cashout king who took over CarderPlanet from Script.
Maksik
. The Ukrainian carder Maksym Yastremski, who replaced Script as the underground’s top vendor of stolen credit card data.
Albert Gonzalez
, aka Cumbajohnny and SoupNazi. An administrator on Shadowcrew, the largest crime site on the Web until the Secret Service took it down.
David Thomas
, aka El Mariachi. A veteran scammer who ran a carding forum called the Grifters as an intelligence-gathering operation for the FBI.
John Giannone
, aka Zebra, Enhance, MarkRich, and the Kid. A young carder from Long Island who worked with Max online and with Chris Aragon in real life.
J. Keith Mularski
, aka Master Splyntr, Pavel Kaminski. The Pittsburgh-based FBI agent who took over DarkMarket in a high-stakes undercover operation.
Greg Crabb
. A U.S. postal inspector, and Keith Mularski’s mentor, who spent years tracking the underground’s elusive international leaders.
Brett Johnson
, aka Gollumfun. A Shadowcrew founder who went on to serve as an administrator on Carders Market.
Tea
, aka Alenka. Tsengeltsetseg Tsetsendelger, a Mongolian immigrant who helped run Carders Market from a safe house in Orange County.
JiLsi
. Renukanth Subramaniam, the Sri Lankan–born British citizen who founded DarkMarket.
Matrix001
. Markus Kellerer, a German DarkMarket administrator.
Silo
. Lloyd Liske, a Canadian hacker who became an informant for the Vancouver police.
Th3C0rrupted0ne
. A former drug dealer and recreational hacker who served as an administrator on Carders Market.
he taxi idled in front of a convenience store in downtown San Francisco while Max Vision paid the driver and unfolded his six-foot-five frame from the back of the car, his thick brown hair pulled into a sleek ponytail. He stepped into the store and waited for the cab to disappear down the street before emerging for the two-block walk to his safe house.
Around him, tiny shops and newsstands awakened under the overcast sky, and suited workers filed into the office towers looming above. Max was going to work too, but his job wouldn’t have him home after nine hours for a good night’s sleep. He’d be cloistered for days this time. Once he put his plan into motion, there’d be no going home. No slipping out for a bite of dinner. No date night at the multiplex. Nothing until he was done.
This was the day he was declaring war.
His long gait took him to the Post Street Towers, from the street a five-by-fourteen grid of identical bay windows, trim painted the color of the Golden Gate Bridge. He’d been coming to this apartment complex for months, doing his best to blend in with the exchange students drawn by short leases and reasonable rents. Nobody knew his name—not his real one anyway. And nobody knew his past.
Here, he wasn’t Max Butler, the small-town troublemaker driven by obsession to a moment of life-changing violence, and he wasn’t Max Vision, the self-named computer security expert paid one hundred dollars an hour to harden the networks of Silicon Valley companies. As he rode up the apartment building elevator, Max became someone else: “Iceman”—a rising leader in a criminal economy responsible for billions of dollars in thefts from American companies and consumers.
And Iceman was fed up.
For months, he’d been popping merchants around the country, prying out piles of credit card numbers that should have been worth hundreds of thousands on the black market. But the market was broken. Two years earlier Secret Service agents had driven a virtual bulldozer through the computer underworld’s largest gathering spot, arresting the ringleaders at gunpoint and sending the rest scurrying into chat rooms and small-time Web forums—all riddled with security holes and crawling with feds and snitches. It was a mess.
Whether they knew it or not, the underworld needed a strong leader to unify them. To bring order.
Off the elevator, Max idled in the hallway to check for a tail, then walked to his apartment door and entered the oppressive warmth of the rented studio. Heat was the biggest problem with the safe house. The servers and laptops crammed into the space produced a swelter that pulsed through the room. He’d brought in fans over the summer, but they provided scant relief and lofted the electric bill so high that the apartment manager suspected him of running a hydroponic dope farm. But it was just the machines, entwined in a web of cables, the most important snaking to a giant parabolic antenna aimed out the window like a sniper rifle.
Shrugging off his discomfort, Max sat at his keyboard and trained a bead on the Web forums where computer criminals gathered—virtual cantinas with names like DarkMarket and TalkCash. For two days, he hacked, his fingers flying at preternatural speed as he breached the sites’ defenses, stealing their content, log-ins, passwords, and e-mail addresses. When he tired, he crashed out on the apartment’s foldaway bed for an hour or two, then returned bleary-eyed to his work.
He finished with a few keystrokes that wiped out the sites’ databases with the ease of an arsonist flicking a match. On August 16, 2006, he dispatched an unapologetic mass e-mail to the denizens of the sites he’d destroyed: They were all now members of Iceman’s own Cardersmarket.com,
suddenly the largest criminal marketplace in the world, six thousand users strong and the only game in town.
With one stroke, Max had undermined years of careful law enforcement work and revitalized a billion-dollar criminal underworld.
In Russia and Ukraine, Turkey and Great Britain, and in apartments, offices, and houses across America, criminals would awaken to the announcement of the underground’s first hostile takeover. Some of them kept guns in their nightstands to protect their millions in stolen loot, but they couldn’t protect themselves from this. FBI and Secret Service agents who’d spent months or years infiltrating the now-destroyed underground forums would read the message with equal dismay, and for a moment, all of them—hacking masterminds, thuggish Russian mobsters, masters of fake identities, and the cops sworn to catch them—would be unified by a single thought.
Who is Iceman?
s soon as the pickup truck rolled up to the curb, the teenage computer geeks squatting on the sidewalk knew there’d be trouble. “Fucking wavers!” one of the cowboys called out the window. A beer bottle flew from the truck and crashed on the pavement. The geeks, who’d left the club to talk away from the din of music, had seen it all before. In Boise in 1988, being caught in public without a wide belt buckle and a cowboy hat was a bottlin’ offense.