How one cybercriminal stole $86 million

[ShyWriter]

How one cybercriminal stole $86 million

Jim Giles | 12:33 9 March 2011

(Image: Altrendo Images/Getty)

Kevin Poulsen's Kingpin: How one hacker took over the billion-dollar cybercrime underground is a gripping tale that goes beyond the hacker stereotype

On 16 August 2006, an email landed in the inboxes of thousands of criminals around the world containing news of a hostile takeover. Many of the recipients specialised in credit card fraud, a business they conducted through a series of underground websites. Those sites had been annexed, the email announced. There was now only one place to trade stolen credit card data and fake identities. It was called Carders Market and it was run by the email's author, who went by the name Iceman.

It was an extraordinary coup, as was the path that led to Iceman's dominance of the cybercrime underground. Iceman, also known as Max Butler, received his first visit from the US secret service while he was still in high school. He had been trying to manipulate the systems that control phone networks, and the agent warned Butler that his nascent hacking would land him in trouble.

The warning didn't stick. Butler went on to distribute pirated software, earning him the attention of the FBI, which in turn recruited him. Yet while working as an informant, he continued hacking, which earned him something else: an 18-month prison sentence.

After he was released, Butler discovered the carding scene- a loose collection of online criminals who specialise in stealing and trading credit card data. He started out as just another carder, hacking into a poorly secured computer in a pizza restaurant and stealing reams of credit card numbers. Then he hacked the computers of fellow carders and stole their data. He infiltrated banking websites. He set up Carders Market, his own trading forum.

Eventually, driven by greed and a desire to bring order to the chaotic carding scene, he hacked into rival forums and merged them with his own. Butler- or Iceman, as he was now known- was king of the underground.

The tale has something of the crime thriller about it, which is exactly how Kevin Poulsen, an editor at Wired.com, plays it. Poulsen's reporting is first class: the book contains fascinating details of the FBI's investigative techniques and the scams that Butler and other hackers ran. Poulsen is also a former hacker, a background that shows in his sure-handed and engrossing descriptions of Butler's attacks. It's not easy to write a gripping passage about a database query language, but Poulsen pulls it off.

The flip side of this is that the account feels clinical at times. Poulsen interviewed Butler, but the book is light both on quotes from its main subject and insights into his thinking. Butler seems to be a fascinating character- a devotee of meditation who saw himself as running victimless crimes, even as he raked in hundreds of thousands of dollars from credit card theft. But Poulsen, to my disappointment, did not delve into Butler's psychology.

That's a minor quibble, however, compared with the contribution that Poulsen's book makes to our understanding of computer crime. The popular perception of the criminal hacker is often hopelessly outdated. Think hacker, and too many people conjure up the image of the 1983 film WarGames and its protagonist, David Lightman, a high-school kid who almost started a nuclear war. It's people like Butler we should be imagining: organised, skilled, hard-working criminals who are getting rich by stealing credit card data and, more recently, online banking passwords. That ought to persuade a few people to update their security software.

And Butler's fate? Well, the secret service agent was right. Butler's technical skills were superb, but his ambition, together with defections from inside his crime ring, helped lead law enforcement to his door in 2007. His thefts, estimated to have cost financial institutions $86 million, this time got him a 13-year prison sentence.

Jim Giles is a New Scientist correspondent based in San Francisco

--End

Shy

[DarkSnakeKobra]

Interesting read shy.

[ShyWriter]

Interesting read shy.

Thanks.. I've got the one copy our library bought on hold so I can read it when it becomes available.. I don't know how far down I am on the list.

[DarkSnakeKobra]

You're welcome. Didn't realize this was a book.

[ThexDarksider]

Sounds a lot better than the medieval crap we have to read for school... If we had something like this, school could actually be fun.