Shadowcrew: Web Mobs

By Deborah Gage  |  Posted 2005-03-07

They operate under names such as carderplanet, stealthdivision, darkprofits and the shadowcrew. They buy and sell millions of credit card numbers, social security numbers and identification documents, typically for less than 10 bucks apiece. And they create sites and services to breed more skilled, like-minded organizations. Here's how the growth of electronic commerce is threatened by the operations of these Web Mobs.

Andrew Mantovani, David Appleyard, Brandon Monchamp and more than a dozen other members of the Shadowcrew were at work on their computers. Sure, it was 9 p.m. But their business—which, authorities say, was auctioning off stolen and counterfeit credit and identification cards—was booming.

In the past two years, the Shadowcrew's 4,000 members, according to the U.S. Secret Service, ran a worldwide marketplace in which 1.5 million credit card numbers, 18 million e-mail accounts, and scores of identification documents—everything from passports to driver's licenses to student IDs—were offered to the highest bidder.

Many of the credit card numbers sold on the site were subsequently used by Shadowcrew's customers, who had no intent of paying for what they bought. The result? More than $4 million in losses suffered by card issuers and banks, says the Secret Service, which is charged by the U.S. government to investigate counterfeiting, credit card fraud and computer crimes. If the Shadowcrew had gone unchecked, the losses would have totaled hundreds of millions of dollars, the agency says.

Shadowcrew is a Web mob, say law-enforcement officials: a highly organized group of criminals. Unlike the American Mafia or the Russian syndicates, however, these Web mobs work solely in the online world.

Members know each other by computer alias, interact with each other through the Internet, and commit their crimes in the darkness of cyberspace. The electronic marketplaces they establish to trade their illicit wares can be set up, and disbanded, with little more than keystrokes.

"They basically can pop up anytime and anywhere," says Secret Service Special Agent Larry Johnson.

In the last year, U.S. law-enforcement officials have publicly identified a half-dozen of these seemingly loose collections of thieves that have grown into multinational enterprises. The Secret Service says they operate under names such as Carderplanet, Stealthdivision and Darkprofits. Scott Christie, a former U.S. Attorney who initially prosecuted the Shadowcrew case, says he expects the number to grow.

In fact, these mobs are designed to foster more crime and criminals on the Web.

Much like La Cosa Nostra, members of Web mobs don't have to break into a bank to rob it. Instead, they provide a framework and services for criminals to trade in their chosen stock—stolen credit cards and identity documents. And their efforts, including the "commerce" sites where they trade in stolen "merchandise," will only accelerate what is already a thriving trade in numbers that are regarded on the Web as currency.

The amount of goods and services purchased with fraudulently obtained personal identification exceeded $52 billion in 2004, according to a release put out last month by the Federal Trade Commission. Businesses, from banks to online merchants—maybe even your company—bear much of the cost. But the initial, direct loss isn't the greatest threat posed by groups such as the Shadowcrew.

By promoting and facilitating credit card fraud and identity theft, these groups can shatter the online trust companies have established with their customers, says Howard Schmidt, the chief security strategist for eBay and a former cybersecurity adviser to the White House. That's because they destroy confidence in the Internet. "If McDonald's has well-lit restaurants and the best food and the best prices, but people get mugged in the parking lot, they won't go there," he says.


Shadowcrew, contd.

One of the most popular ways to steal credit card numbers and personal information is through "phishing" for it, using scam e-mails that draw unsuspecting recipients to Web sites where they're enticed to divulge personal financial data.

Consumers are becoming reluctant to enter their credit card numbers at retail sites, according to John Pescatore, a vice president at research firm Gartner, and are becoming extremely wary of responding to e-mails. They're resisting not just the requests from music or publishing companies pitching discounts, or travel companies pushing hotel or airline seat promotions, or utilities trying to establish online billing accounts. Pescatore also sees a lack of confidence in talking online with health-care providers and signing up for processes like electronic voting.

"People are beginning to mistrust Internet e-mail" altogether, says Pescatore, who's also a former Secret Service agent.

The Anti-Phishing Working Group, a nonprofit organization of corporations and government agencies trying to find ways to eliminate phishing, estimates some 75 million to 150 million scam-related e-mails are sent every day. Most originate from organized groups of cybercriminals, according to the group's chairman, David Jevans.

And that could decelerate the growth of electronic commerce.

In the past five years, Web commerce has grown 30%, according to International Data Corp., with consumers around the world spending more than $300 billion online last year.

But unless consumers' concerns about the safety of using their credit card numbers and other identification online is addressed, the rate of growth in the online economy could drop into single digits by 2007, Gartner figures.

The concerns are not misplaced. In just one incident last fall, data collector ChoicePoint says organized criminals accessed 144,778 consumer records, including credit reports and Social Security numbers. ChoicePoint says it has notified more than 700 people that identity information was compromised.

The growing threat of credit card and identity theft, says Edward M. Stroz, president of computer security firm Stroz Friedberg and a former agent with the Federal Bureau of Investigation, "is probably the single biggest risk to causing e-commerce to begin to dry up."

-Forensics: Following the Trail">

Cyber-Forensics: Following the Trail

The twentysomethings who make up the bulk of these groups are smart, technically savvy—and careful.

The Shadowcrew is said to have successfully evaded the law by hiding behind computer nicknames, or nics, such as BlackOps and Kingpin. They made sure to bounce their messages through more than one Web server. That made their communications harder to trace. As an added precaution, members also encrypted their electronic messages, scrambling the text so it couldn't be read by spies, i.e., the Secret Service or other law-enforcement agencies.

"They had this comfort level," says Johnson about the Shadowcrew, "thinking 'nobody would catch us.'"

But at 9 p.m. on Oct. 26, 2004, the Shadowcrew was in for a surprise.

The Secret Service had been tracking the Shadowcrew for a year, with the help of an informant who was highly placed in the organization and ran one of the group's servers. The insider also helped the agency set up and run the undercover operation.

As part of its investigation, the Secret Service set up a secure private network, according to a criminal complaint against members of the Shadowcrew on file with the U.S. District Attorney in Newark, N.J., that members of the group used for their electronic communications and Web activity.

As messages passed through that network, the Secret Service captured the unique computer address assigned to the senders' computers by their Internet service providers, which, of course, maintain billing addresses along with Internet addresses. This helped lead them to Mantovani and Appleyard.

Then, on that Tuesday evening in October, the Secret Service's insider engaged 30 members in simultaneous online chats. With the Shadowcrew thus occupied on their screens, agents of the Secret Service, FBI and local police—some armed and wearing bulletproof vests—showed up at suspects' homes and made arrests. Most suspects came quietly. However, one, Monchamp, leaped out a second-floor window when the Secret Service knocked. He was apprehended after a short chase on foot. Back in the room he exited, agents found two loaded guns—one an assault rifle.

Not the normal tools of a hobbyist hacker.

And that's not, according to the government, what the Shadowcrew members were. Mantovani, Appleyard and Monchamp were part of an "international criminal organization" in which associates advertised and sold identity cards and traded advice on how to sell forged identity documents, according to the criminal complaint.

The Shadowcrew would not talk about its activities to Baseline. But Mantovani and Monchamp, and most of the other crew members who have been arrested, have pleaded not guilty to the charges against them at their arraignments. Appleyard and a few others are awaiting arraignment.

Appleyard's attorney, William Hughes of Cooper Levenson, says he and his client object to allegations that Appleyard committed or profited from credit-card fraud. "We continue to ... maintain innocence," Hughes points out.

Baseline contacted Monchamp's lawyer, Elizabeth Smith of Mendham, N.J., but she declined to comment.

Mantovani's court-appointed attorney, Pasquale Giannetta, says his client is innocent of the charges—one count of conspiracy and three counts of fraud—and doesn't know how he was caught up in the manhunt.

There is no information, Giannetta says, "that indicates that [Mantovani] participated in any type of organized entity, where he was leader, or worked his way up."

?"> Geekfather, or College Student?

Mantovani's arraignment was held in U.S. District Court in Newark on Feb. 14. A rainy Valentine's Day. A day Americans associated with romance—and an infamous mob hit in Chicago.

Raindrops still on his gray suit, Mantovani entered courtroom 4B. The 22-year-old with short, slightly ruffled hair and a baby face stood as the judge asked him to enter a plea. His lawyer, Giannetta, firmly responded, "Not guilty."

At the time of his arrest, Mantovani was attending Scottsdale Community College in Arizona. While out on bail, he is living with his mother in New York. He hopes to get a job in construction.

"He's very nice," Giannetta says of Mantovani, "a kid from a middle-class environment, never involved with crime, and now he's facing a federal indictment. It's traumatic for the family, and for him."

While Giannetta refers to Mantovani by his first name and says he knows of no conspiracy to trade in credit card information, the Secret Service refers to him by computer nicknames they say he used, including Deck, DeckerdIsMissin and ThnkYouPleaseDie.

To the Secret Service, this college kid in a crisply pressed suit was a leader of one of the largest and best-organized gangs trafficking in stolen credit and debit card numbers and counterfeit identity documents.

Working from court documents that include the criminal complaint and an indictment against 19 Shadowcrew members on file in U.S. District Court in Newark, interviews with government investigators and prosecutors, and assistance from computer security experts such as Pescatore and another former Secret Service agent, John Frazzini, who now runs his own corporate security company, Baseline pieced together a picture of how the Shadowcrew organized itself, how it got rolling and how law enforcers and security experts hope to stop Web mobs like it.

According to the complaint, a handful of members, including Mantovani and Appleyard, were at the top of the organization. Appleyard liked to go by the military-sounding moniker Black Ops. Functionally, they were known as administrators.

? contd">

Geekfather, or College Student? contd

During the government's year-long investigation, there were as few as two and as many as six members in Shadowcrew's management team. Collectively, they controlled the direction of the organization, according to former U.S. Attorney Christie, who's now a partner with the law firm of McCarter & English in Newark. The administrators decided what businesses to engage in, how to handle the "merchandise"—the stolen identifications—who should be allowed to join, and what level of access they should be granted to the Web site and its forums, the Secret Service says.

While administrators led the business, other members were engaged in the day-to-day operations. According to the indictment, they included:

Moderators. A dozen crew members ran information and discussion forums. These included Monchamp, a.k.a. the Kingpin, and another defendant, Matthew Johnson, a.k.a. Carsen, the Secret Service says. There were a half-dozen or more forums on the Shadowcrew's Web site, A forum might discuss how to steal and forge bank cards, or how to create identification papers, such as driver's licenses, diplomas or training certificates, that would be accepted as authentic. Members who had proven skill at creating fake IDs were allowed to moderate questions from members. Johnson has pleaded not guilty.

Reviewers. These members judged the quality of illicit merchandise, such as stolen credit card numbers, debit card numbers or passports. A reviewer such as Monchamp or Alexander Palacio, a.k.a. Scrilla, would run tests to see if credit card numbers were cancelled or still valid, according to the indictment. Palacio's lawyer, Dean Steward, would not comment on the case.

Vendors. These members sold products, including Visa card numbers and health insurance identification cards, and services, such as money laundering and access to retailers' credit card validation systems, to other Shadowcrew members. Rogerio Rodrigues, a.k.a. Kerberos, and Omar Dhanani, a.k.a. Voleur, are alleged to have been vendors. Rodrigues has pleaded not guilty. Dhanani's attorney, Howard Price, says his client has not entered a plea and that he and his client are talking to the U.S. Attorney about a settlement.

General Members. The bottom of the organization. The thousands of members who typically used the Shadowcrew Web site to gather and share instructions on committing credit card fraud, creating false identification documents and selling credit card and identification numbers. Registration was open to all comers. But more sensitive discussion areas were password-protected, and members needed another member of the group whom the leaders trusted to vouch for them before they were allowed to pitch sales to the group.

Members could be "promoted" up the ranks of the organization by either providing quality merchandise, such as valid credit card numbers or passable IDs, or sharing with the group new or unique tips and techniques for committing fraud.

Any of the administrators could mete out punishment "to members disloyal to the organization'' as well, according to the criminal complaint.

Christie says Appleyard "was pretty much the primary enforcer." He might "out" an untrustworthy member, and even threaten that wayward individual with physical harm.

Such was the case in February 2003, according to the complaint, at least. One Shadowcrew member, who's identified in court documents only by his nic, CCSupplier, failed to refund money to Shadowcrew members from "business transactions" that were not spelled out in the indictment. The Secret Service says the incident had something to do with counterfeit card-making equipment, but would provide no other details. Christie says CCSupplier may have pushed shoddy gear on the group.

Whatever the transgression, Appleyard punished CCSupplier by posting the person's real name, address and phone number on the Shadowcrew Web site. And Appleyard may have threatened the member in December 2003. "The threat was such that it invoked concern that Black Ops might physically harm this other individual," according to the complaint.

Christie adds that the way in which the crew conducted its business shows it was "highly structured and very well organized."

And very efficient.

Baseline stitched together this depiction of how the organization appears to have conducted its business, using the criminal complaint; the indictment against Mantovani, Appleyard and others; and an affidavit filed by Secret Service Special Agent Matthew Ferrante against alleged Shadowcrew vendor Nicolas Jacobsen, who in February pleaded guilty to hacking into T-Mobile's computer systems. T-Mobile says 400 accounts were accessed, one of which, according to the New York Post, may have belonged to social heiress Paris Hilton. T-Mobile says it's investigating the incident.

? contd.">

Geekfather, or College Student? contd

Once a vendor came into possession of stolen goods such as credit card numbers or identity papers, the merchandise had to be vetted by a reviewer.

If the goods were in electronic formats, the vendor could just send the product in a file to an inspector such as Monchamp or Palacio. If the goods were actual plastic cards or paper documents, they had to be moved along through drop boxes at retail outlets such as a UPS or Kinko's store.

Naturally, mailboxes were rented out to individuals using false names, according to the complaint. Crew members also changed the location of drop boxes regularly to avoid detection.

Once in a reviewer's hands, the goods were scrutinized thoroughly. One procedure was the "dump check," in which reviewers would hack into a retailer's cash register system. Frazzini, the former Secret Service agent, says hackers can enter through back doors used by technical support personnel to maintain or repair the system remotely.

Once in, the reviewer could test a group of cards by entering nominal amounts, a dollar or two, against a few of the accounts to see if the charges were approved or declined. If the charges were accepted, says Christie, the reviewer would know that the "dump" of numbers was good.

The reviewer would then write up and post detailed descriptions of the merchandise. For a driver's license or bank card, the quality of the photos, the hologram, the printing of names and numbers, the color scheme and the card thickness would be described, almost like a used book on Amazon might be described by its seller.

The comments might be: "'This is the best I've ever seen' or 'This is a really good driver's license for people who are not looking too closely,'" Christie says. "That level of detail."

Once certified by a reviewer, goods would be put up for sale. Transactions usually involved just a handful of numbers at a time. But, on occasion, illicit goods got shipped in bulk.

In May 2004, one Shadowcrew member moved 110,000 stolen credit card numbers, according to the indictment. And the value of each bank customer's credit card number? Not much. Special Agent Johnson says credit cards with $10,000 limits could sell for anywhere from $1 to $10 or more.

Personal information is just as easily and cheaply trafficked. On Sept. 27, 2004, Mantovani allegedly "transferred" approximately 18 million e-mail addresses along with associated user names, passwords, dates of birth and other personal information.

The selling price of each e-mail address and related information might be a few cents each, according to Mark Rasch, a senior vice president of security consultancy Solutionary and a former attorney in the Department of Justice's Export/Espionage and Fraud sectors.

Credit cards, e-mails and other items were posted with prices on the Shadowcrew Web site. But vendors also had the option to sell their wares through an auction forum that worked "much like eBay," according to Christie.

Listings, such as "three counterfeit Arizona driver's licenses" or "1,000 stolen Visa credit card numbers," were posted to the forum, he says. The auction would open and a time would be given for when the last bid would be taken. Potential buyers came to the auction forum and progressively bid until that auction closed, with the item going to the highest bidder.

Once a "buy" went down, according to court documents, a member would send payment using Western Union money transfers or electronic currency, such as e-Gold, to the seller. And, of course, the member might as well use a stolen card number to pay for the transfer, Christie points out. At e-Gold, they could even purchase gold bullion and transfer the bullion to other e-Gold account holders.

The goal was to avoid holding on to cash. "You don't want to keep a lot of it around," Frazzini says, because U.S. banks keep detailed records.

Covering Their Tracks

While the actions of some Shadowcrew operators were witnessed and others were recorded by wiretap devices the Secret Service used to monitor the group's data traffic, the Shadowcrew tried to hide what it was doing.

For instance, Shadowcrew members used a free software program called Trillian to encrypt the instant messages they sent over the normally wide open Internet Relay Chat service or America Online's ICQ.

The group also used "proxy" servers to make their online activities hard to trace. A proxy sits between a sending and a receiving server. When someone accesses a Web site through a proxy server, the site records the Internet Protocol (IP) address of the proxy, not the IP address of the computer that initiated the original Web request.

That has the effect of hiding the IP address of a computer making a Web page request. Hackers tend to break into computers where there's a constant turnover of new users—think hotels or universities—and send their Web page requests through those machines.

The use of proxies was often augmented by "anonymizers," according to court documents. One type: a virtual private network that lets many computers connect to it at the same time. They all share one IP address, and if a person tries to trace a page request, he finds the IP address of the VPN, not the computer that initiated the session.

The combination of instant messaging, proxy servers and anonymizers, says Steve Orrin, vice president of technology at security software supplier Watchfire, "is definitely the measure that you would take if you wanted to hide your activities."

The combination also made the Shadowcrew confident, maybe overconfident, about its ability to escape detection.

But the Secret Service had a couple of aces in the hole as it began to dig in 2003. One was its ability to override the VPN defense.

On the Secret Service-operated VPN that many of the Shadowcrew defendants used, the agency filtered traffic through software that could "trap and trace" its contents—basically capturing a message and stripping out and recording the sender's IP address.

Then, using the publicly available Whois database, they could map those IP addresses back to the Internet service provider that owned and assigned the numbers. The provider would then be served with a subpoena that required it to disclose customer records and billing addresses.

A second ace was a court-approved wiretap. Law-enforcement officials and Appleyard's lawyer both confirm that the Secret Service won a court order to use a wiretap to pick and record electronic messages between Shadowcrew members. Frazzini says most electronic wiretaps are software monitors placed on the servers of an Internet service.

But the biggest break was securing the confidential informant, whom the Secret Service refuses to identify. "They can get to you fairly easily," says Johnson of Web mobs once they, like the Mafia, spot a rat.

The Secret Service, however, had strokes of bad luck as well. In fact, the investigation was nearly compromised three months before the agency moved to shut down the Shadowcrew.

Nicolas Jacobsen, a vendor also known as Ethics, hacked into a database belonging to T-Mobile to grab information on T-Mobile's customers, and offer it for sale on a bulletin board called, according to an affidavit filed by the Secret Service in U.S. District Court in Los Angeles.

Along the way, he stumbled onto an e-mail account belonging to Peter Cavicchia, one of the Secret Service's top cybersecurity agents.


Covering Their Tracks, contd.

Cavicchia had been using the account to communicate with online criminals. "You have to be crafty to deal with informants," Frazzini says. "They can't very well communicate with you on your Secret Service e-mail account." But, he says, Cavicchia also was receiving documents mailed by the Secret Service.

Ethics began monitoring Cavicchia, collecting Secret Service documents and recording Cavicchia's T-Mobile chat sessions. There he learned that at least one Shadowcrew member's ICQ number was under surveillance.

Frazzini says it's an indication of "the cat-and-mouse game" that is part of the underworld of cyberspace. "It's like rats running around out there," he says. "And they got him."

T-Mobile spokesman Peter Dobrow says the company had been working with the Secret Service since October 2003 to identify the hacker.

Jacobsen pleaded guilty in February to one count of unauthorized access to a protected computer and recklessly causing damage. His sentencing is scheduled for May 16. His plea agreement has been sealed by the government, and his attorney, Greg Wesley of the Federal Public Defender's office in Los Angeles, will not discuss his case.

But the Secret Service had made its way up the Shadowcrew organization chart—with its informant placed high in the hierarchy. That helped trap Ethics, according to the affidavit against Jacobsen.

Tipped to the existence of the Secret Service documents by a Shadowcrew member, the informant got Ethics to confirm that he was the individual who had found the documents in Cavicchia's T-Mobile account. And the rats ran around again.

A few days later, Ethics asked the informant for a proxy server so he could "browse and log in to a site with the credentials of a USSS Agent." The informant provided a server controlled by the Service's Newark field office. So, the Secret Service was able to track Ethics tracking Cavicchia.

The Law Closes In

With the help of the informant, the tracked IP addresses, the wiretap and other documents secured during the investigation, the Secret Service finally knew the Shadowcrew.

And decided it was time to take it down.

The conversations on that October evening probably revolved around a head fake. Former U.S. Attorney Christie says it takes an urgent matter to get members of a group like this all online at the same time—an interesting topic such as a new method of gaining unauthorized access to bank account information, or another scam to rip people off.

"What you try to do is make it so interesting and so compelling that everyone who is requested to be online at the date and time is online," Christie explains.

Whatever they were talking about, the suspects stayed at their keyboards until law-enforcement officials showed up on their doorsteps. Given the nature of a Web mob, all the knocks had to come at the same time.

"It's very easy for a bad guy on an Internet case to be able to contact other bad guys on a moment's notice," says Special Agent Johnson. "He can be thousands of miles away—in a different time zone—but if [a criminal gets] an instant message saying 'clean out your hard drive, stow the cash,' then the element of surprise is not on your side."

But even with crew members under arrest, the Secret Service didn't immediately pull down the group's Web site.

Timeline: Cybercrime

Some of the Most Infamous Computer Crimes Have Happened in the Past Five Years.

A look back at significant attacks launched from the U.S. and overseas, and the steps—and stings—the Federal Bureau of Investigation and the U.S. Secret Service have taken to catch online fraudsters.

Investigators replaced it for a few days with a warning: "Activities by Shadowcrew members are being investigated by the United States Secret Service." Under a photograph of hands clutching the bars of a jail cell, the Secret Service listed the charges Shadowcrew members face, and called on visitors to turn themselves in: "Contact your local United States Secret Service field office before we contact you!!!"

Prevention and Defense

Shadowcrew may have been well organized, but it was neither the most skilled nor the most dangerous of the Web mobs.

John Pironti, a security analyst with Unisys, the $5.8 billion computer and services provider, calls the Shadowcrew "a mid-tier player ... whose bark is worse than its bite." Russian criminals, by comparison, managed to roam around for up to five years inside the computer systems of Citibank during the 1990s, Pironti says.

But the ease with which groups like Shadowcrew and Stealthdivision appear and disappear threatens businesses already scrambling to secure their networks from spyware and phishing attacks.

Countries in Eastern Europe, for example, offer an endless supply of technically skilled people who are unemployed and need money, which creates a big challenge for the Secret Service. Such countries may have underdeveloped legal structures or lack treaties with the U.S.

And, notes Jody Westby of PricewaterhouseCoopers, they have little interest in helping a country as rich as the U.S. stop cybercrime if their own people are underfed or underemployed.

The markets for the type of information collected by Shadowcrew have grown more sophisticated just in the last six months, notes John Watters, CEO of the security consultant iDefense. Prices are now differentiated based on the security of the country where the credit card was stolen, the issuer of the credit card and the owner of the bank account in question.

"They'll pay more for a product where they think they can get a higher margin," he says.

Meanwhile, the electronic infrastructure that could help catch Web mobsters does not yet exist. Technology experts such as Jevans of the Anti-Phishing Working Group call for better filtering and authentication schemes to identify the true senders of e-mails. They want a standardized way of reporting attacks to both companies and law enforcement. They want businesses to police their own domain names (or outsource the job), which would stop crooks from creating variants of those names to use as fake Web addresses to lure people into giving away their identities.

Jevans believes technology vendors are not providing the tools companies need to fight cybercrime. He notes there are 40 security toolbars for blocking pop-up ads and other problems with browsers. Yet there is no comprehensive model for understanding how security threats evolve, either technically or across geographies.

The lack of any sort of a technological silver bullet means companies are uncertain of where to spend money to protect themselves, according to Jon Oltsik, a senior analyst with the Enterprise Strategy Group, a technology market research firm. In January, Oltsik's firm published a survey of 251 information-technology professionals working in over 18 industries. Only 64% claimed their companies had invested highly in securing the perimeters of their networks, and 39% in internal network security. Yet, two-thirds were attacked by an automated worm at least once in the last year.

Sometimes, says Gartner's Pescatore, it's easier just to pay the cost of fraud. One of his clients, whom he describes as "a major bank," is reimbursing customers for thefts caused by phishing attacks at the rate of $1 million per month.

Security experts agree that groups like Shadowcrew will continue to spring up because there's money to be made and these groups make it so easy for people to profit.

"They don't have to be a specialist in all the different areas of fraud and other criminal conduct—hacking, what have you—in order to be successful," Christie says. "I'm a specialist at hacking. You're a specialist in fake ID. This other guy's a specialist in Internet fraud. Well, you know, we can get together and we can help each other in the areas where we don't have a particular specialty, so that all of us can commit all different types of criminal conduct. And we can learn from each other."

But so far, from what the Secret Service has discovered, no former members of the Shadowcrew have joined a new Web mob.