Home Other The Underground Carder Market. Translation of the book “KingPIN”. Chapter 30. “Maxik.”

The Underground Carder Market. Translation of the book “KingPIN”. Chapter 30. “Maxik.”

by admin

Hello, Habra-readers!
Thank you for your patience (while wading through the sloppy translation, inconsistent chapters and inconsistency of proper names), likes and hints. (And mega-kudos to the translators, but that will be a separate post). I have good news – there is a spark of hope that the book will be published in paper (“IMF”) and with professional translation. I need your feedback (need/don’t need/give two/buy the whole print run/book should be burned). At the end of the chapter, take a poll or write to me in person.


The Underground Carder Market. Translation of the book "KingPIN". Chapter 30. "Maxik."
Kevin Poulsen, editor of WIRED magazine, and as a child blackhat hacker Dark Dante, wrote a book about ” one of my friends ».
The book shows the way from a geek teenager (but a jock at that), to a savvy cyberpahan, as well as some of the special services’ methods of catching hackers and carders.
The book translation quest began over the summer at an IT camp for high school students – ” Shkvoren : High school students translate book about hackers “, then the Habrausers and even a little bit of the editorial staff got involved in the translation.

Chapter 30. “Maxim”

(thanks to Ignat Ershov for the translation)
Max could see what was going on. With an FBI agent at the helm, DarkMarket was on its way to putting many carders behind bars. But like Cassandra of Greek mythology, he was cursed to know the future, and to have no one believe him.
Between the USA Today article and his failed attempt to expose Master Splyntr, Max could feel the heat coming on him. In November, he announced Iceman’s resignation and made a show of putting the site under Th3C0rrupted0ne’s control.
Isolated himself from the community until things calmed down and three weeks later he took the message board back under a different pseudonym. Iceman is dead; long live “Aphex.”
Max was tired of the cramped housing at the Post Street Towers, so Chris dragged Nancy, one of his nudges, to San Francisco to rent Max a studio in Archstone’s towering Fox Plaza corporate apartment complex in the business district. She was put in as a sales rep at Capital Solutions, the corporation across the street from Aragon used to launder some of his profits. T, returning from a trip to Mongolia, was assigned to be at the apartment and take delivery of a bed paid for with her legal American Express card. Chris later settled up with her.
By January 2007, Max was back to business in his new hideaway with a bunch of WiFi deployed around him. Fox Plaza was a giant step toward luxury compared to Post Street Towers, but Max could afford it – he could pay a month’s rent after just a couple of successful days trading dumps. Like Digits, Max was now recognized by some carders as the second most successful magnetic strip dealer in the world.
First place on the list was firmly taken by a Ukrainian known as Maksik. Maksik worked outside the carder forums, launching his own webstore of stolen cards at Maksik.cc. Buyers would first send Maksik a prepayment via egold, WebMoney, postal order, or Western Union. This way they would buy access to his website, where they could already choose the dumps they wanted by BIN and card type and location. For his part, Maksik would click a button to confirm the transaction, and the buyer would receive an email with the dumps he ordered, straight from Maksik’s huge database of stolen cards.
Maksik’s products were phenomenal, with a high success rate at the checkout and a huge sample of BINs. Like Max’s, Maksik’s cards were obtained by conducting them in point-of-sale POS terminals. But instead of scoring at small stores and restaurants, Maksik got his cards from a much smaller number of giant targets: Polo Ralph Lauren in 2004; Office Max in 2005. Within three months, Discount Shoe Warehouse lost 1.4 million cards received from 108 stores in 25 states that went straight into Maksik’s database. In July 2005, a record 45.6 million dumps were stolen from TJX-owned retailer T. J. Maxx, Marshalls, and HomeGoods.
This was a time when such leaks could remain a secret between hackers, companies, and federal law enforcement, and affected customers were kept in the dark. To encourage companies to report leaks, some FBI agents followed the unspoken principle of removing company names from indictments and press releases, protecting corporations from bad publicity due to their negligible security. In the 1997 case of Carlos Salgado Jr. — the first large-scale online credit card theft — authorities convinced the sentencing judge to permanently seal the court record for fear that the affected company would “lose business due to the perception that computer systems might be vulnerable.” Consequently, eighty thousand victims were never notified that their names, addresses and credit card numbers were exposed on IRC.
In 2003, the state of California effectively ended such cover-ups when the legislature passed SB1386, the nation’s first mandatory leak disclosure law. The law required hacked organizations that did business in the Golden State to promptly alert potential victims of identity theft of a discovered leak. In subsequent years, forty-five other states passed similar laws. Now no significant customer data breach has remained a secret for long, since it was discovered by the company and the banks.
The headlines surrounding the breaches in the giant stores only added to Maksik’s shine – he wasn’t trying to hide the fact that he was trading dumps from the retail chains. When the attack on TJX was in the news in January 2007, the details that were made public also confirmed what many carders had already suspected: the Ukrainian had a hacker in the US supplying him with dumps. Maksik was an intermediary for the mysterious hacker from the states.
In mid-2006, the hacker was apparently in Miami, where he parked himself outside two Marshalls stores owned by TJX and hacked their WiFi. From there, he jumped onto the local network and made his way to corporate headquarters, where he ran a packet sniffer to catch live credit card transactions from Marshalls, T. J. Maxx, and HomeGoods stores across the country. The sniffer, as the investigation would later reveal, operated undetected for seven months.
Max had a rival in America, and a damn good one.
Thanks in large part to hacker Maksik and Max Vision, the popular belief among consumers that Web transactions were more secure than real-life purchases has now become completely mistaken. In 2007, most of the compromised cards were stolen from retail stores and restaurants. Penetrations in huge stores led to the compromise of millions of cards at a time, but holes in smaller outlets were more common — a Visa analysis found that 83 percent of credit card leaks were from stores processing a million or fewer Visa transactions a year, with most thefts occurring in restaurants.
Max tried to keep the sources of his dumps secret, falsely claiming in forum posts that the data came from credit card processing centers to throw investigators off track. But Visa knew that the POS terminals at the restaurants were under attack. In November 2006, the company issued a brochure to the food service industry warning of hacking attacks occurring through VNC and other remote access programs. Max, despite this, continued to find a steady stream of vulnerable diners.
But that wasn’t enough for Max. He didn’t go into the data theft business to be second best. Maksik was costing him money. Even Chris was now buying from two people: Max and Maksik, depending on which vendor offered him a better deal with the best dumps.
At Maksik’s behest, T. befriended a Ukrainian for several months and persuaded him to start trading at Carders Market. Maksik politely declined and offered to visit him sometime in Ukraine. After receiving a refusal, Max threw down the gloves and gave T a Trojan program to send to Maksik, hoping to gain control of the Ukrainian’s database of dumps. Maksik mocked the hacking attempt.
Perhaps Max would be more comfortable if he knew that he wasn’t the only one who was disappointed by Maksik’s serious security.
Federal law enforcement had been tracking Maksik since he became the most powerful criminal as a result of Operation Firewall. A Secret Service agent, working undercover, had been buying dumps from him. Postal Inspector Greg Crabb had worked with law enforcement agencies in Europe to catch the carders who did business with Maksik, and now he provided the information he received to the Ukrainian National Police. In early 2006, the Ukrainians finally determined that Maksik was one Maxim Yastremsky from Kharkov. But they did not have enough evidence to arrest him.
The United States has refocused on figuring out the source of the Maksik hacks. Egold once again provided a starting point. The Secret Service analyzed Maksik’s accounts in the egold database and discovered that between February and May 2006, Maksik transferred $410, 750 from his account to the account of “Segvec, ” a Mazafaka dump vendor allegedly based in Eastern Europe. The outgoing transfer implied that Segvec was not one of Maksik’s customers, but a vendor receiving his share.
The feds had a chance for more accurate information in June 2006, when Maksik was vacationing in Dubai. Secret Service agents from San Diego worked with local police to carry out a sneak-and-seek operation in his room, where they secretly copied his hard drive for analysis. But it was a dead end. The important stuff on his drive was encrypted with a program called Pretty Good Privacy. It was enough to stop the Secret Service in its tracks.
Carders like Maksik and Max were at the forefront of mastering the unexpected gift of the computer revolution : cryptographic programs so strong that, in theory, not even the NSA could crack them.
In the 1990s, the Justice Department and Louis Freeh’s FBI tried very hard to make such encryption illegal in the United States, fearing that it would be mastered by organized crime, pedophiles, terrorists, and hackers. These efforts were doomed. U.S. mathematicians spent decades before developing and publishing highly secure encryption algorithms that rivaled the government’s own certified systems; the genie was out of the bottle. In 1991, a US programmer and activist named Phil Zimmerman released a free program called Pretty Good Privacy, which was available over the internet.
But that didn’t stop law enforcement and intelligence efforts. In 1993, the Clinton administration began production of the so-called Clipper Chip, an NSA-developed encryption chip designed for use in computers and phones, designed with a “key recovery” feature that would allow the authorities to legally crack the cipher if necessary. The chip had a complete market failure and by 1996 the project was dead.
Lawmakers then slowly began to act in the opposite direction, talking about revising Cold War-era export restrictions that classified strong encryption as a “weapon, ” largely banned for export. The restrictions forced technology companies to remove strong ciphers from key Internet software, weakening online security; at the same time, foreign companies were not bound by the laws and were in a good position to get ahead of America in the encryption market.
The feds responded with a stern counter-proposal that would have made it a five-year felony to sell any encryption software in America without a built-in “backdoor” for law enforcement and covert agents of the authorities. In a 1997 House subcommittee ruling, a Justice Department lawyer warned that hackers would be major consumers of legal encryption, and used the arrest of Carlos Salgado to back up his position. Salgado had encrypted a CDROM containing eighty thousand stolen credit card numbers. The FBI was only able to access them because the hacker gave the key to a fake buyer.
“We were lucky this time because Salgado’s buyer worked for the FBI, ” the official statement said. “But had we investigated this case differently, law enforcement would not have been able to penetrate the information on Salgado’s CDROM. Crimes like this have serious implications for law enforcement’s ability to protect commercial data along with privacy.”
But the feds lost the encryption wars, and by 2005, unbreakable encryption was readily available to anyone who wanted it. Predictions of doom largely failed; most criminals were not technically savvy enough to use encryption.
Max, however, was. If his entire trade failed and the feds got through the door of his hideout, theywould find that everything he collected in the crimes, from credit card numbers to hacking code, was encrypted with an Israeli-made encryption program called DriveCrypt, a 1, 344-bit military-grade cipher that he purchased for about $60.
He expected that the authorities would have arrested him anyway and demanded the key phrase from him. He would claim that he had forgotten it. A federal judge of some place would order him to reveal the secret key, and he would refuse. He would be under suspicion, maybe a year, and then released. Without his files, authorities would have no evidence of any real crimes committed by him. No chance left – Max was certain. He was unreachable.
To be continued
Published translations and publication plan (status as of February 25) PROLOGUE (Camp GoTo students)
1. The Key (Grisha, Sasha, Katya, Alyona, Sonya)
2. Deadly Weapons (FSB Young Programmers, Aug. 23)
3. The Hungry Programmers (Young Programmers of the Russian Federal Security Service)
4. The White Hat (Sasha K, ShiawasenaHoshi )
5. Cyberwar! ( ShiawasenaHoshi )
6. I Miss Crime (Valentine)
7. Max Vision (Valentine, Aug 14)
8. Welcome to America (Alexander Ivanov, Aug 16)
9. Opportunities (jellyprol)
10. Chris Aragon (Timur Usmanov)
11. Script’s Twenty-Dollar Dumps (Georges)
12. Free Amex! ( Social Technology Greenhouse )
13. Villa Siena (Lorian_Grace)
14. The Raid (Georges)
15. UBuyWeRush (Ungswar)
16. Operation Firewall (Georges)
17. Pizza and Plastic (ready)
18. The Briefing (Georges)
19. Carders Market (Ungswar)
20. The Starlight Room (Artem TranslationDesigner Nedrya)
21. Master Splyntr (Ungswar)
22. Enemies (Alexander Ivanov)
23. Anglerphish (Georges)
24. Exposure (+)
25. Hostile Takeover (fantom)
26. What’s in Your Wallet? (done)
27. Web War One (Lorian_Grace ?)
28. Carder Court (drak0sha)
29. One Plat and Six Classics (+)
30. Maksik (Ignat Ershov)
31. The Trial (+)
32. The Mall (Shuflin+)
33. Exit Strateg y (done)
34. DarkMarket (Valera aka Dima)
35. Sentencing (comodohacker+)
36. Aftermath (ex-er-sis ?)
EPILOGUE

You may also like