Computer Crime Research Center

etc/pirate_b.jpg

Ukrainian hacker

Date: May 19, 2006
Source: businessweek.com


Dimitry Ivanovich Golubov doesn't look like an arch criminal. A baby-faced 22-year-old Ukrainian, he is described by his lawyer as an unassuming part-time student at Mechnikov University in Odessa.

But when the Ukrainian police arrested him last July for his involvement in credit-card fraud, U.S. law enforcement officials hailed it as a big break in their fight against cybercrime. Subsequently, in January, 2006, the U.S. Attorney's office for the Central District of California charged Golubov with a number of cybercrimes, including credit-card fraud. An affidavit by a special agent with the Federal Bureau of Investigation states that Golubov held the title of "Godfather" for "an international ring of computer hackers and Internet fraudsters that has...trafficked in millions of stolen credit card numbers and financial information." U.S. Postal Inspection Service senior investigator Gregory S. Crabb, who worked with Ukrainian authorities on their case, says Golubov and others controlled the numbers, names, and security codes attached to credit cards. Low-level criminals would use that to load up fake cards and withdraw cash from automated teller machines or buy merchandise. "Golubov was known as the go-to guy," says Crabb.

But last December, Golubov's story took a bizarre twist. Two Ukrainian politicians, including Vladimir Demekhin, deputy chairman of the Energy Committee of the Ukrainian Parliament, vouched for Golubov's character in court. The judge hearing the case released Golubov on a personal recognizance bond from the two officials. (Demekhin did not respond to e-mails and phone calls.) U.S. officials say they are worried that Golubov may leave the country, and a date for his trial hasn't been set. "Chat from the carding community" indicates Golubov may be back in business, says Crabb. Golubov's lawyer, Petro Boiko, claims he isn't hiding and the charges are groundless: "There has been a legend made of Golubov, of a big hacker. There is no evidence linking him to this case. He knows how to use a computer, but he is not a hacker by any means."

At least authorities had their hands on Golubov, however briefly. Usually, the people they suspect of conducting computer crime leave behind only traces of their existence: a quirky online nickname, a few postings on illicit Web sites, and a trail of financial mayhem. But BusinessWeek, working with information and photos supplied by officials at the U.S. Postal Inspection Service, as well as state law enforcement agencies and private Internet security experts, compiled descriptions of some of the most sought-after targets in cybercrime investigations. Shown the list, the United States Secret Service said it is investigating some of those on it as well, but declined to comment further. The FBI also declined to comment.

The picture that emerges is of organized gangs of young, mostly Eastern European hackers who are growing ever more brazen about doing business on the Web. They meet in underground forums with names like DarkMarket.org and theftservices.com to trade tips and data and coordinate scams that span the globe. (Those and other Web sites and organizations named by investigators did not respond to e-mails, instant messages, or phone calls seeking comment.) "Financial payment fraud has evolved tremendously," says John Corbelletta, a former police officer who is director of fraud control for Visa U.S.A. Inc. "Most of the cases I investigated when I was a cop involved people who had their cards stolen out of their purse. We didn't even think of counterfeiting cards."

Today, cyberscams are the fastest-growing criminal niche. Scores of banks and e-commerce giants, from JPMorgan Chase &Co. (JPM ) to walmart.com (WMT ), have been hit, sometimes repeatedly, by hackers and online fraud schemes. The 2005 FBI Computer Crime Survey estimated annual losses to all types of computer crime -- including attacks of viruses and other "malware," financial fraud, and network intrusions -- at $67 billion a year. Of the 2,066 companies responding to the survey, 87% reported a security incident. The U.S. Federal Trade Commission, which says identity theft is its top complaint, on May 10 created an Identity Theft Task Force following an executive order signed by President George W. Bush.

To track cybercrime, law enforcement officers work with companies such as eBay Inc. (EBAY ) or Microsoft Corp. (MSFT ) as well as with authorities around the globe. EBay has 60 people combating fraud, while Microsoft's Internet Safety Enforcement team has 65 operatives, including former law enforcement agents and federal prosecutors. To document the extent of the activity, BusinessWeek reporters also scoured underground Web sites where stolen data is swapped like so many baseball cards on eBay. Consider this e-mail promoting the launch of an online trading bazaar, vendorsname.ws, last year:

"During the battle with US Secret Service, we !@#&! all those [law enforcement] bastards and now are running a brand new, improved and the biggest carder' forum you ever seen." The message brags about its array of stolen goods: U.S. and European credit-card data, "active and wealthy" PayPal (EBAY ) accounts, and Social Security numbers. Those who "register today" get a "bonus" choice of "one Citybank account with online access with 3K on board" or "25 credit cards with PINs for online carding."

What follows is a look at four individuals, besides Golubov, who are identified by multiple law enforcement authorities as high-priority targets in their investigations. It's no coincidence that all are Russian. Strong technical universities, comparatively low incomes, and an unstable legal system make the former Soviet Union an ideal breeding ground for cyberscams. Also, tense political relations sometimes complicate efforts to obtain cooperation with local law enforcement. "The low standard of living and high savviness is a bad combination," says Robert C. Chesnut, a former U.S. federal prosecutor who is a senior vice-president directing antifraud efforts at eBay.

SHIPPING AND RECEIVING
Among the most pernicious scams to emerge over the past few years are so-called re-shipping rings. And U.S. officials believe the king of these is a Russian-born hacker who goes by the name Shtirlitz -- a sly reference to a fictional Soviet secret agent who spied on the Nazis. In real life, Shtirlitz is being investigated by the U.S. Postal Inspection Service in connection with tens of millions of dollars worth of fraud in which Americans are signed up to serve as unwitting collaborators in converting stolen credit-card data into tangible goods that can be sold for cash. "We think he is involved in the recruitment of hundreds of people," says William A. Schambura, an analyst with the U.S. Postal Inspection Service. Shtirlitz did not respond to e-mail requests for comment.

Investigators believe that people like Shtirlitz use stolen credit cards to purchase goods they send to Americans whose homes serve as dropoff points. The Americans send the goods overseas, before either the credit card owner or the online merchant catches on. Then the goods are fenced on the black market. BusinessWeek found that re-shipping groups take out advertisements in newspapers and spoof ads from online job sites. "We have a promotional job offer for you!!" beckons one e-mail for a "shipping-receiving position" from UHM Cargo that appeared to come from Monster.com (MNST ). It states that "starting salary is $70-$80 per processed shipment. Health and Life benefits after 90 days."

In truth, these scams come and go so fast that the "shippers-receivers" don't know what hit them. One retired business executive from Florida was furious after learning that he had become entangled in a company that U.S. officials believe was run by Shtirlitz. The man sent about 40 packages, mostly computers and expensive cameras, to Finland before a department store notified him of the scheme. "At that point I wanted to do everything I could to destroy them," says the former exec, who is helping with the Postal Inspection Service investigations.

Officials do not know Shtirlitz' real name but believe he is 25 to 27 years old and lived in the San Francisco area at one time after his parents emigrated. They do not know where he is now but believe he is active. In one forum of CardingWorld.cc, a person with the alias iNFERNis posted this request on Dec. 23, 2005:

"Hi, I need eBay logins with mail access, please icq 271-365-234."

A few hours later, Shtirlitz replied:
"I know good vendor. ICQ me: 80-911."
Once equipped, someone could log into those eBay accounts and use them to buy goods with the owner's money, while emptying the money out of their PayPal account. "The Web sites are more like a dating service," says Yohai Einav, an analyst at RSA Security Inc. (RSAS ). "Then you can conduct transactions in private chat rooms. I can click on someone's name and start doing business with them."

FALLEN ANGEL
The technical tools to steal credit-card numbers and online bank account log-in data are often just as valuable as the stolen goods themselves. Smash is being investigated by the Postal Inspection Service on suspicion that he helps hackers hack. The picture, or avatar, that accompanies Smash's posts in online chat rooms shows a fallen angel. From 25 to 30 years old and based in Moscow, he is believed to be an expert in building spyware programs, malicious code which can track Web surfers' keystrokes and are often hidden in corrupted Web sites and spam e-mail. U.S. enforcement officials say Smash's Russia-based company, RAT Systems, openly hawks spyware on the Web at www.ratsystems.org. E-mails requesting comment were not returned.
...
Original article



Add comment  Email to a Friend

Discussion is closed - view comments archieve
2011-01-27 22:24:31 - thanks a lot scruby112
2011-01-19 23:13:29 - i need a real vender ryaan karlov
2010-12-17 03:19:49 - hello how are you doing today boss am a... loo.thang
2010-07-26 13:02:47 - Special Service For Carding From Big... Tzu
2010-05-07 04:47:23 - I am looking for a good hacker who has... John
2009-12-12 07:13:27 - i need hacker that have the (mtcn)info... jones
2008-06-30 13:37:07 - i want ccv2 valid or forum diesel
2008-02-11 08:05:44 - i kak vsegda vo vsem vinovatu mu. Sam s... Mayhem
2007-02-26 01:44:02 - Dein Aufstellungsort verdient nur gute... totti
2007-02-22 08:53:54 - Nice site you have!... dizionario
Total 11 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo