Computer Crime Research Center


Computer crime: the most significant case

Date: July 29, 2005
Source: Computer Crime Research Center
By: CCRC staff

... Nagel, a 22-year veteran who served on the protection teams for Presidents George H.W. Bush and Bill Clinton.

ShadowCrew, it appears, was largely Mantovani's creation. A business student at Scottsdale, he became a true entrepreneur in front of his computer screen. He was previously a member of a different cybergang that mainly stored stolen data, Justice Dept. officials say. He then allegedly came up with the idea of bringing together buyers and sellers in an online community so they could auction off stolen goods and share hacking tricks. Once the ShadowCrew site was established, he often reminded members in online chats that he could help them rise or fall in the gang depending on their loyalty to him, says Scott S. Christie, a former assistant U.S. attorney who helped build the legal case. "It was important (to Mantovani) to be recognized as the spiritual leader of ShadowCrew," says Christie.

If Mantovani was the brains, Appleyard was the brawn, according to the indictment. The older man adopted the online persona of a former soldier. He went by the nickname "BlackOps" and stood ready to mete out punishment to anyone who stepped out of line. One time, a gang member known as "ccsupplier" failed to deliver merchandise he had sold -- and then failed to refund the money that had been paid. Appleyard allegedly posted the guy's real name, address, and phone numbers on the ShadowCrew Web site, immediately putting him out of business. On another occasion, police say he threatened somebody with physical harm, in an online message. All the while, the former mortgage broker was living with his wife, two kids, and mother, who suffers from Alzheimer's. The ShadowCrew gang got hold of credit-card numbers and other valuable information through all sorts of clever tricks. One of the favorites was sending millions of phishing e-mails -- messages that appeared to be from legit companies such as Yahoo! Inc (Nasdaq:YHOO - news). (NasdaqNM:YHOO - News) and Juno Online Services Inc. but in fact were fakes designed to steal passwords and credit-card numbers. The gang also excelled at hacking into databases to steal account data. According to sources familiar with the investigation, the ShadowCrew cracked the networks of 12 unnamed companies that weren't even aware their systems had been breached.

Because most of the gang members held day jobs, the crew came alive on Sunday nights. From 10 p.m. to 2 a.m. hundreds would meet online, trading credit-card information, passports, and even equipment to make fake identity documents. Platinum credit cards cost more than gold ones. Discounts were offered for package deals. How big was the business? One day in May, 2004, a crew member known as "Scarface" sold 115,695 stolen credit-card numbers in one trade. Overall, the gang made more than $4.3 million in credit-card purchases during its two-year run. The actual tally could be more than twice as large, the feds say. It was like an eBay for the underworld.

Too Big to Hide

The operation was quite sophisticated. Mantovani, who used the handle "ThnkYouPleaseDie," and Appleyard, who went by "BlackBagTricks" as well as "Black Ops," were the "administrators," according to the government's indictment. They were in charge of strategic planning, determined which ShadowCrew aspirants got access to the Web site, and collected payments from participants to keep it running. "Moderators" hosted online forums where gang members could share tips for making fake IDs or ask questions about creating credible phishing e-mail. Below them were "reviewers," who vetted stolen information such as credit-card numbers for quality and value. The largest group, the "vendors," sold the goods to other gang members, often in online auctions. Speed was essential, since creditcard numbers had to be used quickly before they were canceled. But their operation was too big to escape notice by the cops. In mid-2003, the Secret Service launched Operation Firewall to nab purveyors of fake credit and debit cards. They quickly focused on ShadowCrew, says Nagel, because it was among the largest gangs operating openly on the Web. Within months, agents turned one of ShadowCrew's members into a snitch. While they decline to name the person or detail how he was flipped, an affidavit says he was a high-ranking member of the gang, and one of its moderators. Last August the man helped the Secret Service set up a new electronic doorway for ShadowCrew members to enter their Web site and then spread the word that the new gateway was a more secure way in. It was the first-ever tap of a private computer network under a 1968 crime act that set legal guidelines for wiretaps. "We became," says Nagel.

This was a big break, since the cops could use the doorway to monitor all the members' communications. Among the communiques: Omar Dhanani, aka Voleur (French for "thief"), bragged he could set up a special payment system for cybercrime transactions, police say. For a 10% commission, he would exchange cash for "eGold," an electronic currency backed by gold bullion. The Secret Service watched as he laundered money from at least a dozen deals for ShadowCrew members. The online taps helped the cops set up real-world stakeouts, too. They started by subpoenaing records from Internet service providers such as Time Warner Inc.'s (NYSE:TWX - News) Road Runner. They then traced the computing addresses to actual houses and apartments so they could observe their prey in person. One target: Rogerio Rodrigues. Investigators say they saw him load a bulging bank-deposit bag into his Ford Explorer and drop it off at a Citibank (NYSE:C - News) branch. Later, he stopped into a Kinko's (NYSE:FDX - News), where agents believe he picked up counterfeit merchandise.

Cutting-edge digital monitoring combined with old-fashioned shoe leather resulted in reams of incriminating evidence. At the peak of the investigation, a dozen Secret Service agents worked 18-hour days to sift through the gang's communiques. E-mail, instant messages, and computer addresses led them to the suspected ringleaders. Mantovani, it turned out, lived with another alleged ShadowCrew member, Brandon Monchamp. Dhanani operated from a quaint stucco house in Fountain Valley, Calif. Addresses in hand, the Secret Service was ready to conduct last fall's bust. The Shadow- Crew case is far from over, though. Charged with credit-card fraud and identity theft, most of the suspects arrested that day have been released on bail pending trial. Mantovani returned home to live with his parents on Long Island and works as a construction laborer. His lawyer, Pasquale F. Giannetta, insists Mantovani is no criminal. "He is like a normal 23-year-old boy," Giannetta says. Appleyard has not issued a plea in the case, pending additional evidence from the government. His lawyer, William J. Hughes Jr., says Appleyard was just a techie running the ShadowCrew Web site, not a criminal profiting from it. Brandon Monchamp's lawyer, Elizabeth S. Smith, declined to comment. Dhanani's and Rodrigues' attorneys did not return calls seeking comment.

Global Reach

The bust yielded a treasure trove of evidence. So far the Secret Service has uncovered 1.7 million credit-card numbers, access data to more than 18 million e-mail accounts, and identity data for thousands of people including counterfeit British passports and Michigan driver's licenses. They say the ShadowCrew pillaged more than a dozen companies, from MasterCard Inc. to Bank of America Corp. (NYSE:BAC - News) The bust has yielded evidence against more than 4,000 suspects and links to people in Bulgaria, Canada, Poland, and Sweden. "We will be arresting people for months and months and months," says Nagel.

Now, with the ShadowCrew bust as their inspiration, cops and security experts are becoming more aggressive. They're tapping shady Web sites and chat rooms, stepping up cooperation with investigators in other countries, and flipping informants to build cases. In the past six months, the FBI persuaded members of several spam and phishing rings to rat on their accomplices. Larkin says some of these cases will become public in the coming months. Despite these successes, cops face major hurdles as they try to get cybercrime under control. The biggest? Their global scope. Gang members hide out in countries with weak hacking laws and lax enforcement. They can even shelter servers in a separate country, snarling the trail for investigators. Their favorite hideouts: Russia, Eastern Europe, and China.

And little wonder. In Russia, the authorities can appear at times to be more interested in protecting cybercrooks than in prosecuting them. In 2000, the FBI lured two Russian hackers to Seattle with job offers, then arrested them. Agents involved in the case later downloaded data from the duo's computers, located in Chelyabinsk, Russia, over the Web. Two years after that, Russia filed charges against the FBI sleuths for hacking -- alleging the downloads were illegal. "When you have a case that involves servers in Russia, you can almost hear the law-enforcement officials sigh," says Hypponen. The HangUp Team has been operating in Russia with impunity for years. Some members are allegedly based in Archangelsk, an Arctic Circle city of rusting Soviet nuclear submarines and nearly perpetual winter. In 2000 the alleged original members of the team, Alexei Galaiko, Ivan Petrichenko, and Sergei Popov, were arrested for infecting two local computer networks with malicious code. But Russian authorities let them off with suspended sentences.

Little was heard from the HangUp Team for the next two years. But in 2003 the gang released the viruses Berbew and Webber. Then last year the group infected online stores with a fiendish piece of software called the Scob worm. Scob waited for Web surfers to connect, then planted...

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-08-01 23:42:33 - Very strange that the first part of this... Larry
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo