left right politics showbiz tech invest good life gossip fun hot
Mother Jones Hot Air Huffpo Variety Engadget Seeking Alpha Lifehacker TheSuperficial Daily Beast reddit
Daily Kos Michelle Malkin Politico Billboard Boing Boing TheBigPicture Luxuo TMZ.com Fark BuzzFeed
ThinkProgress Breitbart First Read CNN Showbiz Gizmodo FT Alphaville Joystiq Perez Hilton 4chan memorandum
Crooks+Liars Power Line CNN ticker E! Online Techcrunch Josh Brown Kotaku gamer Bastardly Post Secret Techmeme
TalkngPtsMemo Ameri..Thinker Swampland TV Guide Ars Technica 24/7 Wall St. TreeHugger Egotastic hascheezburgr Drudge
The Raw Story NewsBusters NYT-politics Ent. News Mashable yahoo-fin Consumerist PinkIsTheNew dooce digg
Wonkette Wizbang 538 popsugar Google blog DealBook lifehack.org CelebrityBaby Someth'nAwful trends
Atrios Taki Magazine WashWhisprs DeadlnHllywd Read/Write Jeff Matthews 43folders GoFugYourself Neatorama PSFK
Firedoglake Epoch Times The Fix MSN Ent. OReilly Radar PhilsStockWorld Autoblog Page Six Cool Hunter BBC
Young Turks IMAO Capital Gains Rot'nTomatoes GigaOM Daily Rec'ng Deadspin BestWeekEver stereogum NYT-trending
Americablog AceOfSpades Open Secrets Ringer-movies ProBlogger Zero Hedge DownloadSqd Dlisted CuteOverload media eye
Politicususa Redstate WikiLeaks law Cool Tools Bespoke MediaZone PopSugar Dilbert blog TVNewser
CounterPunch RightWingNews econ law.alltop M. Brownlee BtwTheHedges Deviant ArtHollyw'dTuna gapingvoid BuzzMachine
TalkLeft Patterico EconLog Volokh Consp. Apple Blog Minyanville Gothamist x17online DailyGrail MediaGazer
Feministing Townhall.com Freakonomics Legal Insurrec.. Valleywag Fast Money Curbed DailyBlabber Prof. Hex Steve Rubel
PolitAnimal OutsideBeltwy CrookedTimbr Conglomerate mozillaZine RealClearMkts FabSugar Gawker OvrheardinNY MediaBlgNRO
Truthdig Moonbattery MarginalRevo SportsLawBlog Smashing W$J Mktbeat Gridskipper Radar Last.fm Threat Level
Alternet RealClearPoli crime W$J Law BlogTechdirt AbnormalRtrns Material Defamer kottke.org Seth's blog
Media Matters Instapundit CrimeblogsBalkinizationMAKE RandomRoger Sartorialist Jossip PumpkinChuck mediamatters
The Nation Hugh Hewitt All Crime Credit Slips SrchEngLand Stock Advisors DrinknMadeEz Just Jared Maps Mania Newshounds
Maddow Blog PJ Media Smoking Gun FindLaw VentureBeat Slope of Hope Mark Cuban Celebitchy CollegeHumor FAIR

Thursday, April 7, 2005

Shadow Crew: International Identity Theft Organization

Large groups of international criminal hackers have joined together to steal financial data, steal identities, and then trade or sell that data on underground Internet sites. Baseline magazine reported:

They operate under names such as carderplanet, stealthdivision, darkprofits and the shadowcrew. They buy and sell millions of credit card numbers, social security numbers and identification documents, typically for less than 10 bucks apiece. And they create sites and services to breed more skilled, like-minded organizations.

Andrew Mantovani, David Appleyard, Brandon Monchamp and more than a dozen other members of the Shadowcrew were at work on their computers. Sure, it was 9 p.m. But their business—which, authorities say, was auctioning off stolen and counterfeit credit and identification cards—was booming.

In the past two years, the Shadowcrew's 4,000 members, according to the U.S. Secret Service, ran a worldwide marketplace in which 1.5 million credit card numbers, 18 million e-mail accounts, and scores of identification documents—everything from passports to driver's licenses to student IDs—were offered to the highest bidder.

Many of the credit card numbers sold on the site were subsequently used by Shadowcrew's customers, who had no intent of paying for what they bought. The result? More than $4 million in losses suffered by card issuers and banks, says the Secret Service, which is charged by the U.S. government to investigate counterfeiting, credit card fraud and computer crimes. If the Shadowcrew had gone unchecked, the losses would have totaled hundreds of millions of dollars...
According a Wall Street Journal article, by Cassell Bryan-Low, this is how the Shadow crew secret web site traded credit and debit card information:
  1. Shadowcrew members stole banking and other personal information by sending fake e-mails (phishing) and other hacker methods.

  2. Members then logged on to the organization's web site and posted the stolen card numbers, plus counterfeit driver's licenses, passports and Social Security cards.

  3. Members could then buy and sell the information on the site.
Features of Shadowcrew web site (like any online shopping site):
  • Registration: Members logged into the private site with a user name and password.

  • Checkout: Members purchased stolen info using Western Union or online payment services such as E-Gold and Web Money.

  • Management: Shadowcrew Web site administrators punished members who didn't pay on time.

  • Quality Control: Shadowcrew reviewers tested stolen data before selling it on the site.
"They are run like businesses," says Larry Johnson, special agent in charge of the Secret Service's criminal investigative division.
But at 9 p.m. on Oct. 26, 2004, the Shadowcrew was in for a surprise...on that Tuesday evening in October, a Secret Service insider informant engaged 30 Shadowcrew members in simultaneous online chats. With the Shadowcrew thus occupied on their screens, agents of the Secret Service, FBI and local police—some armed and wearing bulletproof vests—showed up at suspects' homes and made arrests. Most suspects came quietly. However, one, Monchamp, leaped out a second-floor window when the Secret Service knocked. He was apprehended after a short chase on foot. Back in the room he exited, agents found two loaded guns—one an assault rifle.

Not the normal tools of a hobbyist hacker.

And that's not, according to the government, what the Shadowcrew members were. Mantovani, Appleyard and Monchamp were part of an "international criminal organization" in which associates advertised and sold identity cards and traded advice on how to sell forged identity documents, according to the criminal complaint.
Illegal websites [links to copies of web sites stored at internet archive -web.archive.org]:
Note the number of online users reported on the shadowcrew.com site on Feb. 17, 2003 and the listed number of registered members of darkprofits and stealthdivision.

Among those indicted were:
  • Andrew Mantovani, Scottsdale, Arizona
  • David Appleyard, Linwood, New Jersey
  • Anatoly Tyukanov, Moscow, Russia
  • Jeremy Stephens, Charlotte, North Carolina
  • Brandon L. Monchamp, Scottsdale, Arizona
  • Omar Dhanani, Fountain Valley, California
  • Marcelo Del Mazo, Buenos Aires, Argentina
The indictment contains only charges. A defendant is presumed innocent of the charges, and it will be the government’s burden to prove a defendant’s guilt beyond a reasonable doubt at trial.

Shadowcrew: Web Mobs [BaselineMag.com, Mar. 7, 2005]
Identiy Thieves Organize (subscription required) [WSJ.com, Apr. 7, 2005]
E.V. men accused in computer hacking ring [seclists.org, from eastvalleytribune.com, Nov. 4, 2004]

update Dec. 7, 2005 - consumeraffairs.com reported:
Six men who ran one of the largest online centers for trafficking in stolen credit and bank card numbers and identity information have pleaded guilty in federal court. The U.S. Attorney for New Jersey says the plea is the last step in pulling the plug on the notorious "Shadowcrew.com" website.

Andrew Mantovani, 23, of Scottsdale, Ariz.; Kim Taylor, 47, of Arcadia, Calif.; Jeremy Stephens, 31, of Charlotte, N.C.; Brandon Monchamp, 22, of Scottsdale, Ariz.; Omar Dhanani, 22, of Fountain Valley, Calif.; and Jeremy Zielinski, 22, of Longwood, Fla., entered guilty pleas to the lead count of conspiracy before U.S. District Judge William J. Martini. Judge Martini scheduled sentencing for late February and early March.
Six "Shadow Crew" Members Plead Guilty [consumeraffairs.com, Nov. 21, 2005]