ZIFFPAGE TITLEGeekfather, or College StudentBy Deborah Gage | Posted 2005-03-07 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Crime is now organized on the Internet. Operating in the anonymity of cyberspace, the Shadowcrew and Web mobs like it threaten the trust companies have spent years trying to build with customers, online.
Geekfather, or College Student? contd
During the government's year-long investigation, there were as few as two and as many as six members in Shadowcrew's management team. Collectively, they controlled the direction of the organization, according to former U.S. Attorney Christie, who's now a partner with the law firm of McCarter & English in Newark. The administrators decided what businesses to engage in, how to handle the "merchandise"—the stolen identifications—who should be allowed to join, and what level of access they should be granted to the Web site and its forums, the Secret Service says.
While administrators led the business, other members were engaged in the day-to-day operations. According to the indictment, they included:
Moderators. A dozen crew members ran information and discussion forums. These included Monchamp, a.k.a. the Kingpin, and another defendant, Matthew Johnson, a.k.a. Carsen, the Secret Service says. There were a half-dozen or more forums on the Shadowcrew's Web site, Shadowcrew.com. A forum might discuss how to steal and forge bank cards, or how to create identification papers, such as driver's licenses, diplomas or training certificates, that would be accepted as authentic. Members who had proven skill at creating fake IDs were allowed to moderate questions from members. Johnson has pleaded not guilty.
Reviewers. These members judged the quality of illicit merchandise, such as stolen credit card numbers, debit card numbers or passports. A reviewer such as Monchamp or Alexander Palacio, a.k.a. Scrilla, would run tests to see if credit card numbers were cancelled or still valid, according to the indictment. Palacio's lawyer, Dean Steward, would not comment on the case.
Vendors. These members sold products, including Visa card numbers and health insurance identification cards, and services, such as money laundering and access to retailers' credit card validation systems, to other Shadowcrew members. Rogerio Rodrigues, a.k.a. Kerberos, and Omar Dhanani, a.k.a. Voleur, are alleged to have been vendors. Rodrigues has pleaded not guilty. Dhanani's attorney, Howard Price, says his client has not entered a plea and that he and his client are talking to the U.S. Attorney about a settlement.
General Members. The bottom of the organization. The thousands of members who typically used the Shadowcrew Web site to gather and share instructions on committing credit card fraud, creating false identification documents and selling credit card and identification numbers. Registration was open to all comers. But more sensitive discussion areas were password-protected, and members needed another member of the group whom the leaders trusted to vouch for them before they were allowed to pitch sales to the group.
Members could be "promoted" up the ranks of the organization by either providing quality merchandise, such as valid credit card numbers or passable IDs, or sharing with the group new or unique tips and techniques for committing fraud.
Any of the administrators could mete out punishment "to members disloyal to the organization'' as well, according to the criminal complaint.
Christie says Appleyard "was pretty much the primary enforcer." He might "out" an untrustworthy member, and even threaten that wayward individual with physical harm.
Such was the case in February 2003, according to the complaint, at least. One Shadowcrew member, who's identified in court documents only by his nic, CCSupplier, failed to refund money to Shadowcrew members from "business transactions" that were not spelled out in the indictment. The Secret Service says the incident had something to do with counterfeit card-making equipment, but would provide no other details. Christie says CCSupplier may have pushed shoddy gear on the group.
Whatever the transgression, Appleyard punished CCSupplier by posting the person's real name, address and phone number on the Shadowcrew Web site. And Appleyard may have threatened the member in December 2003. "The threat was such that it invoked concern that Black Ops might physically harm this other individual," according to the complaint.
Christie adds that the way in which the crew conducted its business shows it was "highly structured and very well organized."
And very efficient.
Baseline stitched together this depiction of how the organization appears to have conducted its business, using the criminal complaint; the indictment against Mantovani, Appleyard and others; and an affidavit filed by Secret Service Special Agent Matthew Ferrante against alleged Shadowcrew vendor Nicolas Jacobsen, who in February pleaded guilty to hacking into T-Mobile's computer systems. T-Mobile says 400 accounts were accessed, one of which, according to the New York Post, may have belonged to social heiress Paris Hilton. T-Mobile says it's investigating the incident.