This book is an interesting and disturbing glimpse into the world of cyber-crime, particularly online credit card fraud (‘carding’). It also touches on related areas, such as cyber-warfare. It is written by a journalist, so don’t expect much in the way of technical details. But, if you can get past the tacky cover artwork and dubious sub-title (‘how hackers became the new Mafia’), it is a fascinating read.
The story mainly centres around the eponymous ‘DarkMarket’, a forum in which cyber-criminals conducted their murky business. For example buying and selling stolen credit card numbers. The story of DarkMarket is known in some detail, as it was infiltrated by various government agencies and some of its key players brought to trial.
There are lots of different characters mentioned in the book, many of whom have non-English names and online aliases. This makes the story quite hard to follow. Perhaps that is inevitable given that it is a story about deception and duplicity involving many people. Nevertheless, it still provides lots of interesting insights into this dark underbelly of the Net.
Online fraud is a cooperative effort. For example, some people specialize in stealing credit card numbers, others in selling credit card skimming devices and still others in employing armies of ‘mules’ to make withdrawals from ATMs (the riskiest part of the operation). But criminals are hardly likely to trust other criminals they have never met. Especially given that some criminals (‘rippers’) specialize in ripping-off other criminals. This is where forums such as DarkMarket come in. They act as a trusted third party, providing escrow and other services to cyber-criminals. The backgrounds and motivations of the cyber-criminals seems to vary considerably. Some start off as curious hackers withot any criminal intent, but turn to the ‘dark side’, often in small increments. Often such people seem to be motivated by status and reputation more than money. Others are simply in it for the easy money.
There are many ways in which your credit card details can be stolen. For example, you hand your card to a petrol station employee. The employee quickly swipes your card through a hidden credit card skimmer before swiping it through the legitimate device (they might pretend they have dropped something behind the counter to disguise this). A small camera hidden in the ceiling records you typing your pin. The criminal has a copy of your credit card and your pin number. These can now be sold on, perhaps through a forum such as DarkMarket, to other criminals who specialize in extracting the money. They will then clone your card and instruct their ‘mules’ to extract the money from an ATM and pay it into another account, keeping a percentage for their trouble. Some of the ‘work from home’ and ‘I made £2000 in a week’ ads you see in spam emails and attached to lampposts may be from cyber-criminals trying to recruit ‘mules’ for this purpose. Sometimes the criminals will withdraw small amounts over a long period as this is less likely to be noticed than one big withdrawal.
Cyber-crime is difficult to prosecute. It is hard to establish the real identity of the criminals and the they are often based in a different legal jurisdiction to the victim. The security services have infiltrated many cyber-criminal forums. The DarkMarket server was eventually being run by an under-cover FBI agent. However even security services from the same country (e.g. the FBI and Secret Service in the US) don’t seem to be able to play nicely together and end up investigating each others agents and informants and generally tripping over each other. The author believes that the Russian security services has infiltrated many of the Russian-speaking cyber-crime forums, but have no interest in shutting them down as long as they are careful never to steal from other Russians. The banks also aren’t keen to cooperate in investigations. You and I are ultimately paying for the fraud through our credit card fees. As long as the banks are making lots of money they don’t want to upset the apple cart by revealing the scale of the fraud. It might affect their bonuses.
So don’t expect cyber-crime to go away any time soon. But do stay away from dodgy websites, keep your credit card in sight at all times, cover the keypad with one hand while you type in your PIN with the other and check your statements!