the shadowcrew — organized, yes, but ‘organized crime’?
TRANSCRIPT
ne
ws
a
na
ly
si
s10
Info
security To
day
January/February 2006
The Shadowcrew — organized, yes, but‘Organized Crime’?Sarah Hilley
The mainstream and IT trade press is replete with references to 'organized crime' getting into cybercrime,ousting or using the pallid young hackers of yesteryear. Isthis correct? And how significant are police successes here?
US prosecutors yanked a
major ring of online ID
thieves, the Shadowcrew, from
the shadiness of the web into
an American court spotlight,
achieving guilty pleas in
November 2005. It was a major
milestone in the efforts of US,
and allied, law enforcement to
combat organized cybercrime.
The round up of the leaders
of the Shadowcrew, which traf-
ficked more than 1.7 million
credit cards online, is a sign that
authorities are cracking
Internet fraud. But experts be-
lieve that the police are mostly
missing the culprits.
It could be because there is
no clear stereotype of who
tends to trade in stolen cards on-
line. Geoff Fellows, head of The
LG Training Partnership says:
“The type of people behind this
sort of crime is a mixture.”
Graeme Burnett, a security ar-
chitecture engineer at Enhyper
says that the perpetrators are
not who you would expect.The
description would be “14-30,
middle class, good education,
predominately white,” he said.
Not conventional mafiosiThe Shadowcrew were in-
deed a mixed bunch of people
and would not represent or-
ganized crime in the conven-
tional sense. Most of the mem-
bers had day jobs. Neither of
the founders — Andrew
Mantovani and David
Appleyard — would immedi-
ately appear to have the cre-
dentials to create such a mon-
ster. Mantovani nicknamed
"ThnkYouPleaseDie," was a
business student while
Appleyard, known as "Black Ops"
was once a mortgage broker.
Nevertheless, they brought
4000 Shadowcrew members all
together under one web site —
www.shadowcrew.com — to
deal in credit card wares giving
police a focal point for tracing
them.
The web site enabled the po-
lice to trace their activities.
Fellows says:“The web is in
someone's jurisdiction — an IP
address comes with a server,
which is a major drawback for
these kinds of criminals.”
US Secret ServiceA member of the gang co-op-
erated with law enforcement,
providing the necessary evi-
dence to force Shadowcrew in-
to a corner.The 'turncoat'
opened up a door in the web
site for the US Secret Service to
spy through.
The Secret Service waited
and watched the web site as
members of the gang came and
sold credit card numbers, pass-
ports, bank account numbers,
and social security cards.
As a result of the evidence,
six men, including the co
founder Andrew Montavani,
who ran Shadowcrew.com
pleaded guilty in November.
The year-long investigation
by the Secret Service also led to
the arrests of 21 individuals in
the US. So far, the investigation
has resulted in 12 guilty pleas
and several arrests outside the
US.
Dario Forte, a computer
forensic practitioner at DFLabs
comments that “[i]t was a com-
plex case because of the large
amount of stolen data, and bank
cards involved. I work in similar
cases and only a skilled and in-
ternational investigative team
can react in the proper fashion.
“Investigations of this type
usually involve disk analysis on
attacked end users when avail-
able, log correlation and, finally,
complete forensic analysis on
the criminal's workstations if
possible.”
But Fellows believes that
there is a serious lack of investi-
gations embarked on in the first
place.“There is a necessity for
proactive investigation - of
which there is very little going
on. It is almost impossible for
law enforcement to find time to
go out and look for criminality.”
He warned that stolen credit
cards are up for sale through
more anonymous avenues than
web sites like Shadowcrew.com.
“A lot of stolen credit cards are
available for sale on newsgroups
and peer-2-peer networks.”
Andrew MontavaniShadowcrew's centralized
marketplace for carding activi-
ties was the brainchild of
Andrew Montavani (23).
The gang had a strict chain of
command led by Montavani
who comes from Arizona. He,
plus David Appleyard of New
Jersey and Anatoly Tyukanov of
Moscow, acted as administrators
who were in charge of the
group.They handled the techni-
cal running and security of
Shadowcrew.com.They also dic-
tated who could become a
member and set the strategy.
The hierarchy also consisted
of moderators and vendors.
Moderators hosted forums to
share hacking tips online and
vendors sold stolen data to other
members. Everyone communi-
cated using nicknames to ensure
the protection of all identities.
Montavani had five different
handles.The safeguarding of real
names was of paramount impor-
tance to the group's effective
running. Appleyard, as an admin-
istrator, once punished a mem-
ber, known as CCSupplier, by
posting his real name, address
and phone number. CCSupplier
had failed to refund money
owed to other gang members.
More than $4mThe gang's activities lasted
from August 2002 - October
2004.Their crimes are estimat-
ed to have cost more than $4
million.
They stole money using
spamming and phishing to cap-
ture credit card numbers that
were used to purchase wares.
The merchandise was then sent
to an address specifically
arranged to receive the goods.
The gang sent and received
payments for goods using
Western Union money transfers
and digital money including E-
Gold and Web Money.
Montavani's dream that per-
suaded 4,000 individuals
around the world to spend oth-
er people's plastic has evaporat-
ed. But potential criminals will
keep on dreaming, says Fellows.
“It is up to the fraudster to
dream up what to do next.” Law
enforcement doesn't have time
to think of what swindlers will
do next, so they are always on
the back foot, he says.