Computer Crime Research Center


Computer crime: the most significant case

Date: July 29, 2005
Source: Computer Crime Research Center
By: CCRC staff

In October 2004 law enforcement held the most significant operation. They tracked down and nabbed The ShadowСrew group. The group reportedly blossomed out like the eBay auction in their efficiency of criminal activity.

A huge map of the U.S., spread across 12 digital screens, gave them a view of their prey, from Arizona to New Jersey. It was Tuesday, Oct. 26, 2004, and Operation Firewall was about to be unleashed. The target: the ShadowCrew, a gang whose members were schooled in identity theft, bank account pillage, and the fencing of ill-gotten wares on the Web, police say. For months, agents had been watching their every move through a clandestine gateway into their Web site, To ensure the suspects were at home, a gang member-turned-informant had pressed his pals to go online for a group meeting.

At 9 p.m., Nagel, the Secret Service's assistant director for investigations, issued the "go" order. Agents armed with Sig-Sauer 229 pistols and MP5 semi-automatic machine guns swooped in, aided by local cops and international police. The adrenaline was pumping, in part, because several Shadow- Crew members were known to own weapons. Twenty-eight members were arrested, most still at their computers. The alleged ringleaders went quietly, but one suspect jumped out a second-story window. Agents nabbed him on the ground. Later, they found a loaded assault rifle in his apartment. The operation was swift and bloodless. "(Cybergangs) always thought they operated with anonymity," says Nagel, a tall, chiseled G-man. "We rattled them."

There's a new breed of crime-fighter prowling cyberspace: the hacker hunters. Spurred by big profits, professional cyber-criminals have replaced amateur thrill-seeking hackers as the biggest threat on the Web. Software defenses are improving rapidly, but law enforcement and security companies understand they can no longer rely on technology alone to deal with the plague of virus attacks, computer break-ins, and online scams. Instead, they're marshaling their forces and using gumshoe tactics to fight back -- infiltrating hacker groups, monitoring their chatter on underground networks, and when they can, busting the baddies before they do any more damage. "The wave of the future is getting inside these groups, developing intelligence, and taking them down," says Christopher M.E. Painter, deputy chief of the Computer Crime section of the Justice Dept., who will help prosecute ShadowCrew members at a trial scheduled for October.

Step by step, the cops are figuring out how to play the cybercrime game. They're employing some of the same tactics used to crush organized crime in the 1980s -- informants and the cyberworld equivalent of wiretaps. They're also busy coming up with brand new moves. FBI agent Daniel J. Larkin, a 20-year vet who heads up the bureau's Internet Crime Complaint Center, taps online service providers to help pierce the Web's veil of anonymity and track down criminal hackers. In late April, leads supplied by the FBI and eBay Inc. (NasdaqNM:EBAY - News) helped Romanian police round up 11 members of a gang that set up fake eBay accounts and auctioned off cell phones, laptops, and cameras they never intended to deliver. "We're getting smarter every day," says Larkin.

Smarter and more collaborative. While the FBI and other investigators have been criticized for fighting each other almost as fiercely as the criminals on traditional cases, they cooperate more than ever when it comes to cybercrime. Local, state, and federal agencies regularly share tips and team up for busts. The FBI and Secret Service, which received jurisdiction over financial crimes when it was part of the Treasury Dept., have even formed a joint cybercrime task force in Los Angeles. Public agencies also are linking with tech companies and private security experts who often are the first to discover crimes and clues.

This makes the hacker hunters an eclectic bunch. Larkin ends up working in tandem with people like Mikko H. Hypponen, director of antivirus research at Finnish security outfit F-Secure Corp. Larkin is a straitlaced, 45- year-old native of Indiana, Pa., who honed his skills during Operation Illwind, the 1980s investigation into kickbacks paid to Pentagon officials by defense contractors. Hypponen is a 35-year-old computer whiz who lives on an island southwest of Helsinki populated by fewer than 100 people and a herd of moose.

On a Rampage

There's a clear reason for this newfound collaboration: The bad guys are winning. They're stealing more money, swiping more identities, wrecking more corporate computers, and breaking into more secure networks than ever before. Total damage last year was at least $17.5 billion, a record -- and 30% higher than 2003, according to research firm Computer Economics Inc. Among the computers compromised were those at NASA, a break-in in which one of the prime suspects is a 16-year-old from the Swedish university town of Uppsala. Part of the problem is that cops don't have all the weapons they need to fight back. They clearly lack the financial resources to match their adversaries' technical skills and global reach. The FBI will spend just $150 million of a $5 billion fiscal 2005 budget on cybercrime -- not including personnel -- in spite of its being given the third-highest priority.
Terrorism and counterintelligence come first.)

The Secret Service won't discuss the funding breakdown for cybercrime. Both agencies are aggressively lobbying Congress for more money. Cybercrime laws haven't been much of a help. Hacking into computer networks was long seen as little more than a prank, and punishment was typically a slap on the wrist. That's beginning to change, however. Prosecutors are starting to make aggressive use of the Computer Fraud &Abuse Act, which carries penalties of up to 20 years in prison. The lengthiest sentence so far has been nine years, issued last December. Now prosecutors plan to send a message with the ShadowCrew case. Several members face prison sentences of 5 to 10 years if convicted. "There have to be consequences," says Painter. The wiliest of the hackers still run rings around the cops. A Russian gang called the HangUp Team has been pummeling e-commerce Web sites and taunting its pursuers for two years, police say. The gang plants software bugs in computers that allow it to steal passwords, and it rents out huge networks of computers to others for sending out viruses and spam. HangUp Team hides in plain sight. Its Web site -- -- is decorated with a red-and-black swastika firing off lightning bolts. Its blog discusses hacker tactics and rails against Americans. Its motto: In Fraud We Trust. "We think we know what they've done, where they are, and who they are," says Nagel. But authorities haven't been able to nab them so far. The Secret Service won't say why.

Trojan Horse

Devilish trickery keeps the criminals one step ahead. In January, 2004, a new virus called MyDoom attacked the Web site of the SCO Group Inc.(NasdaqSC:SCOX - News), a software company that claimed the opensource Linux program violated its copyrights. Most security experts suspected the virus writer was a Linux fan seeking revenge. They were wrong. While the SCO angle created confusion, MyDoom acted like a Trojan horse, infecting millions of computers and then opening a secret backdoor for its author. Eight days after the outbreak, the author used that backdoor to download personal data from computer owners. F-Secure's Hypponen figured this out in time to warn his clients. It was too late, however, for many others. MyDoom caused $4.8 billion in damage, the second-mostexpensive software attack ever. "The enemy we have been fighting is changing," says Hypponen.

Indeed, today's cybercrooks are becoming ever more tightly organized. Like the Mafia, hacker groups have virtual godfathers to map strategy, capos to issue orders, and soldiers to do the dirty work. Their omerta, or vow of silence, is made easier by the anonymity of the Web. And like legit businesses, they're going global. The ShadowCrew allegedly had 4,000 members operating worldwide -- including Americans, Brazilians, Britons, Russians, and Spaniards. "Organized crime has realized what it can do on the street, it can do in cyberspace," says Peter G. Allor, a former Green Beret who heads the intelligence team at Internet Security Systems Inc. (NasdaqNM:ISSX - News) in Atlanta.

Yet there may be hope for a shift in the fortunes of battle. Among cybercops, the ShadowCrew case is seen as a model for taking the battle to the Black Hats. Law enforcement officials are often loath to reveal details of their operations, but the Secret Service and Justice Dept. wanted to publicize a still-rare victory. So they agreed to reveal the inner dynamics of their cat-and-mouse chase to BusinessWeek. The case provides a window into the arcane culture of cybercriminals and the methods of their pursuers.

The story starts with an unlikely partnership. Andrew Mantovani was a part-time student at Scottsdale Community College in Arizona. David Appleyard was a onetime mortgage broker who lived in Linwood, N.J., just outside of Atlantic City. This is the duo who led the ShadowCrew from 2002 until they were arrested last fall, according to an indictment filed in U.S. District Court in New Jersey -- the state in which their servers were located. The two are believed to have met online, although the details of their first encounters are unknown. From their home computers, Mantovani, now 23, and Appleyard, 45, allegedly ran as an international clearinghouse for stolen credit cards and identity documents. "It was a criminal bazaar," says Nagel, a 22-year veteran who served on the protection...

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-08-01 23:42:33 - Very strange that the first part of this... Larry
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo