Before DarkNetMarkets Were Mainstream

Posted by: Allen Hoffmann, JD

January 5, 2015

10 years ago, before there was TOR, before using PGP was something we all thought of as a baseline minimum, before buying stolen credit cards could involve a formal escrow and feedback system, there was a message board called ‘ShadowCrew’, a clearnet message board and marketplace which grew out of another board called Counterfeit Library, and which later saw a major migration to the rival CarderPlanet and similar offshoot sites. Whilst Counterfeit Library was a place primarily for information exchange on questionable topics (not dissimilar to the recently deceased “Bad Ideas” board on the Zoklet website), vending was tolerated, rather than encouraged. ShadowCrew maintained forums for information exchange on questionable topics (the site is still partially accessible via the ‘WayBack Machine’), but primarily, it was geared towards trade. The tagline on the front page was “For those who like to play in the shadows”. It caught the attention of various agencies as they arrested bumbling members of the board up to all sorts of nefarious activities across the US, and was targeted using an informant in the management team, bringing about “Operation Firewall”; ShadowCrew was referred to as a ‘web mob’ in the scholarly material at the time. This was the first time that the US Secret Service and other agencies really took the whole ‘dark market’ thing seriously and coordinated a multinational operation to tear the site apart. In the dying weeks and days of the board, some members spoke of unusual activity around them – one member even unwittingly described observing the “change of shift” of surveillance officers parked off his apartment.

Let’s look at the realities of those dark ages – A decentralized payment system such as BTC was not something anyone had envisioned happening in 2004; the demand for it just wasn’t there, and nor was the mainstream support. Fake IDs and Western Union, or e-gold (later seized for money laundering), a centralized, gold backed digital currency, were your payment options; then, as now, WU gives LE a good chance of identifying you. E-gold accounts could be frozen by the provider at will. Deals were done via PM, and if you knew a thing or two about PGP, you may’ve found the right add-on for MSN Messenger which kept your traffic in the air encrypted, but this was far from the norm; the idea of mass surveillance just wasn’t something traders or buyers stayed up at night stressed about. TOR was a long way away, and the site was maintained on the clearnet, at a fairly standard URL which didn’t end in .onion or contain a mind boggling array of random letters. The user friendly sales and escrow system which many take for granted now did not exist; senior members of the forum communities would review the goods of potential vendors, and rippers were banned ruthlessly. The forum itself did not take a cut for facilitating transactions; as later learned in indictment after indictment, they were doing huge business in credit card fraud with major Russian hackers, and doing monumental merchant side credit card information hacks themselves. Order was maintained by force of personality of moderators, and the communities were far less transient. One did not simply sign up for an account and start buying, there was a period during which a new user, a prospective buyer, would be regarded with suspicion until ‘proven’ legit.

The creature which was the internet dark market was very different at that time. Only in the very late days of the community did drug trafficking really go mainstream at SC, and it was wholesale only; one vendor was offering large quantities of primarily pharmaceutical drugs, and even then, shipping was US domestic only. The main business of the forum was card fraud and other fraud facilitation, fake ID documents. Hacking was also on offer in what was becoming, at the time of the board’s demise, a growth market.

Some of those connected with the dark markets of the early 2000s caught some very major news coverage; there was Douglas Havard (aka Fargo), a rich kid with an IQ of 148 who fled the US while waiting on drug trafficking and armed robbery charges while still a university student in Texas (he made the news for that first), and got hooked up with Lee Elwood (aka RaptorSC), a one time cage fighter from Glasgow who had previously been making a killing shipping very high quality fake IDs from the UK to US buyers. The two went on to get big media coverage when they partnered with the Russian mafia in major phishing schemes and did jail time in the UK. As far as what they did as a team, and what the Crown proved against them in court, it was only a scratch on the surface of what they actually got up to… but as we all will know; its not what you know, its what you can prove.

Aleksi Kolarov (aka APK – creative username huh?) from Sofia, Bulgaria was offering high quality 200 Euro notes at the ripe old age of 22. The equipment seized was not indicative of a small time, inkjet operation; think professional quality offset printing presses. He went on the run after the initial investigation, and went on to become known as ‘King of the Hackers’, for supposedly hacking some of Bill Gates’ personal accounts.

Brett Shannon Johnson (aka Gollumfun) was an admin and respected, long time member of the ShadowCrew community and its predecessor, the Counterfeit Library. He turned informant for the Secret Service, helping them identify multiple members of ShadowCrew and other communities, but got busted doing tax return rips after hours.

Albert Gonzalez (aka cumbajohnny) was an admin and ultimately, one of a handful of others who turned federal evidence to help destroy ShadowCrew. A proficient hacker, he later went on to steal somewhere in the order of 170,000,000 sets of credit card details. He provided users with access to a VPN being monitored by the USSS, as well access to a supposedly hacked/carded phone service which members were encouraged to use.

Where are they now? Then, as now, ‘playing in the shadows’ at the wholesale level is generally looked down upon by judges. Doug Havard did federal time in the US, having been extradited after he finished his time in the UK. Lee Elwood quietly disappeared into Continental Europe after being released from prison and keeps a low profile. Brett Johnson will finish his US Federal prison sentence in February next year, and given he’s not eligible for witness protection, there are probably a few people looking forward to his release date. Aleksi Kolarov was arrested in Paraguay in 2011 in the midst of running a card skimming operation after 7 years on the run, and was sentenced to 2 and a half years in US Federal prison last month. Gonzalez won’t be breathing free air until 2025.

The reality of doing business at that time was that government agencies didn’t have the time or interest for a concerted, multi agency effort, for the simple fact that the nature of doing business on the site was not mainstream, and accordingly, was not directly made anyone’s investigative problem; had there existed an interest in destroying SC early, it wouldn’t have been a challenge. Congress wasn’t making noise about it, and there was no sustained media hype to be heard, though in one instance, a US vendor named ‘spideychris’ unwittingly sold a fake ID to a buyer who had supplied a picture of a middle eastern male. Not long after, it made national news for a short period, as the buyer was the reporter, and the guy whose picture was supplied was a wanted terrorist. Beyond that, a handful of media outlets, back when print media was still the king, ran the occasional story about the place, bringing with it a wave of (typically teenage) newbies interested in trying their luck at maybe carding a PS2. It just didn’t have the appeal to mainstream delinquents that the markets of today do. The market was narrow back in the day; not everyone needed a fake ID from California, completed with stenciled holograms made with stamp glitter, unless they were engaged in some kind of fraud, or were a kid who somehow found the site, and could afford to pay the going rate of $150. The first Silk Road brought buying illicit commodities which anyone and everyone wanted, namely illicit drugs of all kinds, in user, reseller or (in some cases) wholesale quantities, via a (semi) user friendly interface, out of the shadows, and into the spotlight.

The key distinction between the management staff of dark markets of a decade ago, which were far smaller and relied on long term membership, and those of today, which are geared towards volume of business, and are possessed of hardcore libertarians, addicts looking to avoid street buys, new tech dilettantes and everything else in between, is a surprisingly simple one; ShadowCrew’s membership, and to an extent, management, was made up of semi to highly sophisticated criminals first and foremost, who embraced the technology with which to do business and communicate second. These days, it’s the tech savvy, seemingly clean cut guys and girls, who want to take a walk on the wild side, or who are taking a stance and engaging in a form of digital rebellion, sitting at the top of the dark markets; the handful of professional criminal operators who are jumping on board prefer to remain anonymous vendors, whilst dealing primarily drugs to a mainstream, tech savvy clientele. Whilst hardly empirical, what we’ve seen so far in the indictments and media coverage doesn’t suggest convicted felons are the driving forces behind the current dark market culture.

The days of the technically proficient, sophisticated, professional criminal, equally aware of money laundering techniques, use of encryption protocols, BTC (or similar cryptocurrency) anonymity and mindful of their PR and customer service issues, with access to wholesale illicit commodities, are on the horizon – in the probably not too distant future – and the prospect most likely sends a shiver up the collective spines of LE worldwide. Crime is highly adaptive, and with every new indictment and criminal complaint which is unsealed and picked up online, LE loses the upper hand as it is forced to progressively show its methodologies and approaches in terms of investigative tactics; one of the greatest disadvantages which LE faces is that it has to play by the rules. To think that there are people out there who aren’t treating the Ulbricht indictments and the recent Benthall criminal complaint as lessons in what not to do in staying out of prison, if not completely off LE’s radar, fails to give credence to the professionalism of which some people on this side of the proverbial fence are possessed.

Times change, and we’re all more aware of technology than we perhaps once were. When ShadowCrew was seized, their new front page took the opportunity then, as seizing agencies do now, to post a snide comment aimed at the community’s members and let them all know the site was finished. It was far from today’s graphics with multiple agency logos, back in ‘04 it was a stock image with a con’s arms through some prison bars and a lame statement about the site being seized; it seems that a few minutes on PhotoShop to announce your seizure with a little panache is now part of the PR campaign when it comes to seizing dark market assets.

Finally, there is a persistent rumor about Operation Firewall ended which has never been officially confirmed nor denied; supposedly, the coordinated ‘swoop’ had to be done faster than planned. Why? Legend has it that one of the hackers on the board, in a fit of counterintelligence initiative more inline with a Government agent, profiled and targeted USSS cybercrime investigators who were suspected to be candidates for heading any potential ShadowCrew related investigation, then went about successfully compromising one of his devices, and got advance warning of the existence of Operation Firewall, and who it was targeting. No complaints have ever been unsealed corroborating the suggestion that this occurred, though once again, the persistent rumor maintains that the (quite senior) Secret Service agent whose device was accessed very quietly retired in the wake of the incident. These days, its unlikely that a ‘garden variety’ hacker would find himself able to access USSS assets. It seems those playing on both sides of the shadows have progressed technologically in 10 years.

Updated: 2015-01-05