ZIFFPAGE TITLECyberBy Deborah Gage | Posted 2005-03-07 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Crime is now organized on the Internet. Operating in the anonymity of cyberspace, the Shadowcrew and Web mobs like it threaten the trust companies have spent years trying to build with customers, online.
-Forensics: Following the Trail">
Cyber-Forensics: Following the Trail
The twentysomethings who make up the bulk of these groups are smart, technically savvy—and careful.
The Shadowcrew is said to have successfully evaded the law by hiding behind computer nicknames, or nics, such as BlackOps and Kingpin. They made sure to bounce their messages through more than one Web server. That made their communications harder to trace. As an added precaution, members also encrypted their electronic messages, scrambling the text so it couldn't be read by spies, i.e., the Secret Service or other law-enforcement agencies.
"They had this comfort level," says Johnson about the Shadowcrew, "thinking 'nobody would catch us.'"
But at 9 p.m. on Oct. 26, 2004, the Shadowcrew was in for a surprise.
The Secret Service had been tracking the Shadowcrew for a year, with the help of an informant who was highly placed in the organization and ran one of the group's servers. The insider also helped the agency set up and run the undercover operation.
As part of its investigation, the Secret Service set up a secure private network, according to a criminal complaint against members of the Shadowcrew on file with the U.S. District Attorney in Newark, N.J., that members of the group used for their electronic communications and Web activity.
As messages passed through that network, the Secret Service captured the unique computer address assigned to the senders' computers by their Internet service providers, which, of course, maintain billing addresses along with Internet addresses. This helped lead them to Mantovani and Appleyard.
Then, on that Tuesday evening in October, the Secret Service's insider engaged 30 members in simultaneous online chats. With the Shadowcrew thus occupied on their screens, agents of the Secret Service, FBI and local police—some armed and wearing bulletproof vests—showed up at suspects' homes and made arrests. Most suspects came quietly. However, one, Monchamp, leaped out a second-floor window when the Secret Service knocked. He was apprehended after a short chase on foot. Back in the room he exited, agents found two loaded guns—one an assault rifle.
Not the normal tools of a hobbyist hacker.
And that's not, according to the government, what the Shadowcrew members were. Mantovani, Appleyard and Monchamp were part of an "international criminal organization" in which associates advertised and sold identity cards and traded advice on how to sell forged identity documents, according to the criminal complaint.
The Shadowcrew would not talk about its activities to Baseline. But Mantovani and Monchamp, and most of the other crew members who have been arrested, have pleaded not guilty to the charges against them at their arraignments. Appleyard and a few others are awaiting arraignment.
Appleyard's attorney, William Hughes of Cooper Levenson, says he and his client object to allegations that Appleyard committed or profited from credit-card fraud. "We continue to ... maintain innocence," Hughes points out.
Baseline contacted Monchamp's lawyer, Elizabeth Smith of Mendham, N.J., but she declined to comment.
Mantovani's court-appointed attorney, Pasquale Giannetta, says his client is innocent of the charges—one count of conspiracy and three counts of fraud—and doesn't know how he was caught up in the manhunt.
There is no information, Giannetta says, "that indicates that [Mantovani] participated in any type of organized entity, where he was leader, or worked his way up."