DarkMarket was an English-speaking internet cybercrime forum created by Renukanth Subramaniam in London that was shut down in 2008 after FBI agent J. Keith Mularski infiltrated it using the alias Master Splyntr, leading to more than 60 arrests worldwide. Subramaniam, who used the alias JiLsi, admitted conspiracy to defraud and was sentenced to nearly five years in prison in February 2010.
The website allowed buyers and sellers of stolen identities and credit card data to meet and conduct criminal enterprise in an entrepreneurial, peer-reviewed environment. It had 2,500 users at its peak.
According to supervisory special agent Mularski of the FBI's Cyber Initiative & Resource Fusion Unit, their undercover operation was "very successful in getting to the upper echelons of the Dark Market group and we were actually able to run the server and host all the communications that were going on there to make our cases." He obtained full access to everyone using the site and what they were doing by securing the server after gaining Subramaniam's confidence.
In Congressional testimony on November 17, 2009, FBI Deputy Assistant Director, Cyber Division Steven R. Chabinsky described the FBI operation:
The FBI's infiltration and dismantlement of Darkmarket, an online virtual transnational criminal organization. Working with our international partners in the United Kingdom, Germany, and Turkey, the FBI conducted a two-year undercover operation to penetrate the organization and bring it to its knees. At its peak, the Darkmarket forum had over 2,500 membersâ"spanning countries throughout the worldâ"who were involved in buying and selling stolen financial information, including credit card data, login credentials (user names, passwords), and equipment used to carry out certain financial crimes. Using undercover techniques, the FBI penetrated the highest levels of this group and identified and located its leading members. Multi-agency and multi-national coordination with our law enforcement partners led to over 60 arrests worldwide, as well as the prevention of $70 million in economic loss that otherwise would have occurred from compromised victim accounts.
In a speech to the GovSec/FOSE Conference on March 23, 2010, Chabinsky related explained
Not long ago, there was an online carding forum named Darkmarket. It had members worldwide who were involved in buying and selling stolen financial information, such as credit card data, login credentials, and equipment to carry out financial crimes. Darkmarket doesn't exist anymore. Why? Because the FBI infiltrated it and brought it down. Through a two-year undercover operation led by an individual known to most users only as "Master Splyntr," we penetrated the highest levels of this group and identified and located its leading members, which led to over 60 arrests worldwide and the prevention of tens if not hundreds of millions of dollars in economic loss. To the shock of criminals worldwide, Master Splyntrâ"who was on the site nearly everyday, participating anywhere from one hour to 15 hours a dayâ"was a very dedicated and talented FBI special agent, of which we are proud and fortunate to have many. Still, it's a lot of work to take down a single forum, but it shows we can succeed if we have the right people in place and the resources to apply.
In other words, having hired and trained special agents who can talk the talk, and given the resources to spend enough hours online for an extended period of time, we have found that almost any cyber criminal enterprise will begin to trust us, despite having never met us face-to-face. We also learned that the communication methods used by these criminals are, to them, a social outlet as well. Just as often as they are speaking about malware, crimes, and goods for sale, they are talking about their families, their girlfriends, their vacations, and their cars. After a time, members of these forums become friends. That is where the intrinsic trust stems from. When somebody first enters as a new member, theyâre considered a potential cop; a month later, theyâre less of a cop; six months later, theyâre a friend; a year later, they are trusted implicitlyâ"to the extent that when an outsider anonymously told a Darkmarket participant that Master Splyntr was actually the FBI (which, as you now know, was true) all Master Splyntr had to do was deny the accusation and he was believed because he was an insider, whereas the informer was an outsider.
The Darkmarket case also provides us with insight into cyber crime tradecraft. Cyber criminals deploy countermeasures that can cost them a lot of time and effort, in hopes of evading our lawful investigative techniques. Consider the fact that cyber criminals routinely change their nicknames, e-mails, digital currency accounts, and the ICQ numbers they use in forums. Not only do they change these accounts and identifying numbers, but they also use different combinations of the information in each forum they participate in.
Another DarkMarket member, Thomas James Frederick Smith, pleaded guilty on June 10, 2010 to conspiracy to intentionally cause damage to a protected computer and to commit computer fraud.
References
Further reading
- Glenny, Misha, DarkMarket : cyberthieves, cybercops, and you, New York, NY : Alfred A. Knopf, 2011. ISBN 978-0-307-59293-4