Home » Identity & Access » Identity Theft

News

Three Years Undercover With ID Thieves

Salesmen and parents know the technique well. It's called the takeaway, and as far as Keith Mularski is concerned, it's the reason he kept his job as administrator of online fraud site DarkMarket

By Robert McMillan, IDG News Service (San Francisco Bureau)

January 21, 2009 — IDG News Service —

Salesmen and parents know the technique well. It's called the takeaway, and as far as Keith Mularski is concerned, it's the reason he kept his job as administrator of online fraud site DarkMarket.

DarkMarket was what's known as a "carder" site. Like an eBay for criminals, it was where identity thieves could buy and sell stolen credit card numbers, online identities and the tools to make fake credit cards. In late 2006, Mularski, who had risen through the ranks using the name Master Splynter, had just been made administrator of the site. Mularski not only had control over the technical data available there, but he had the power to make or break up-and-coming identity thieves by granting them access to the site. And not everybody was happy with the arrangement.

A hacker named Iceman -- authorities say he was actually San Francisco resident Max Butler -- who ran a competing Web site, was saying that Mularski wasn't the Polish spammer he claimed to be. According to Iceman, Master Splynter was really an agent for the U.S. Federal Bureau of Investigation.

Iceman had some evidence to back up his claim but couldn't prove anything conclusively. At the time, every other administrator on the site was being accused of being a federal agent, and Iceman had credibility problems of his own. He had just hacked DarkMarket and three other carder forums in an aggressive play at seizing control of the entire black market for stolen credit card information.

That's when Mularski went for the takeaway. Salesmen have long used this tactic to seal difficult deals: You simply take the deal off the table in the hope it will spur the customer to come to you. Badgered by questions about his credibility, he threatened to quit altogether. "I decided to risk it all and just said, 'Hey, if you think you can do a better job running the site and if you think I'm a fed, then by all means take the stuff. I don't want anything to do with it," he recalled recently in an interview. "What law enforcement agency would, after they were monitoring the site, want to give it back to the bad guys?"

Mularski's gambit paid off, and the other DarkMarket administrators let him stay on for another two years.

In the end they would regret that decision. Iceman was right: Supervisory Special Agent J. Keith Mularski had gone deeper into the world of online computer fraud than any FBI agent before. Working with police agencies in Germany, the U.K., Turkey and other countries, he spearheaded a remarkable investigation that netted 59 arrests and prevented an estimated US$70 million in bank fraud before the FBI pulled the plug on Operation DarkMarket on Oct. 4, 2008.