If you have the right kind of knowledge, enough free time, and a penchant for misanthropy, the internet can provide the means to make someone's life really fucking miserable. A perfect example is last week's case of internet security journalist Brian...
The heroin delivered to Brian Krebs' home by Russian carders.
If you have the right kind of knowledge, enough free time, and a penchant for misanthropy, the internet can provide the means to make someone's life really fucking miserable. A perfect example is last week's case of internet security journalist Brian Krebs being sent a package of heroin in an attempt to frame him for a drugs charge.
Krebs has become perhaps one of the most reviled enemies of the cyber-underworld, but I suppose that was always bound to happen after he made it his life's work to expose the web's elusive cyber criminals and credit card fraudsters. Unfortunately for our digital Dick Tracy, the community he targets have a wealth of resources that they can use to mess with him in response—stuff that far surpasses posting passive-aggressive tweets or signing him up to tedious fashion PR email blasts.
Alleged Russian credit card fraudster—or "carder," as they're known to people who know about them—MUCACC1 (a.k.a. "Fly"), ordered a gram of heroin to be sent to Krebs' home and faked a phone call from one of his neighbors to tip off the police. But, like something out of a 2.0 Douglas Adams novel, Krebs had already infiltrated Fly's private carding community forum and found the post detailing his plan. It turned out that Fly had managed to raise $200-worth of Bitcoins from other like-minded Brian-haters to purchase the drugs from the deep-web black market Silk Road.
And, as you might have guessed from the financial support he received, that wasn't the first run-in Brian Krebs has had with the nefarious inhabitants of the underweb. Throughout his ten years of writing about internet security and fraud, he's been the target of constant harassment from various shady online communities.
His website is frequently the target of attacks that disrupt his business as an independent journalist, $20,000 of credit was fraudulently taken out in his name to shake him up financially, and he was once a victim of SWATing, where a phoney distress call is made from your address so that a SWAT team tears up to your house and waves their guns in your face—a gradually escalating pattern of harassment all inflicted on Krebs because of his chosen line of work.
I spoke to Fly, the heroin sting ringleader, in an obscure instant messaging chat room about planting drugs, ordering assassinations from the net, and why he hates Brian Krebs so much.
Brian Krebs. (Photo via)
VICE: Hi, Fly. Why did you attempt to frame Brian Krebs with a package of heroin?
Fly: You could say it was just for lulz. Besides, he pays for his lunch with the money that we [carders] are losing, using criminal techniques. If you want to write about crime, be honest. If you’re not honest, you will have to pay. We didn’t invite him to our forum. He became a celebrity by putting the spotlight on Russian carding. All serious carders are against the popularization of carding. The less people, the better—we don’t want to create new criminals. And he’s popularizing it.
I see. So do you think he’s threatening your line of work?
No—the opposite. He’s attracting new people to carding, which we are against. If you look at the stats, after his post about [the] drugs [delivery] the number of people who want to register on the forum grew several orders of magnitude.
Can you talk about the philosophy of carding?
There’s no philosophy. People have the [technical] knowledge, but there’s no demand for it. And they are forced to use this knowledge to feed their families [by commiting credit card fraud]. In Russia, the cyber security niche is taken over by corrupt “paper” security experts who can’t do a thing, and the real specialists are staying underground and making money through criminal activity. The problem is that Brian and his friends believe that carders are earning millions. When you see a story about carders stealing a million, you have to realize that the person who actually did it got $100,000, tops. It might seem like a lot, but in reality very few [of those kind of] operations are taking place—maybe once every six months, or even less. The rest of the money is lost in the supply chain on the people who provide the "drops" and the rest of it. Krebs earns more through his blog than an average carder without having any knowledge in the security department himself.
So were you trying to get Krebs put into prison?
It was just a joke. But the jokes will continue until he stops dealing with the Russian boys. Let him deal with his own. There are plenty of criminals in the US, so why is he sticking his nose in here? Maybe the US is paying him for doing PR for Russian cybercrime?
Russian computer expert Eugene Kaspersky and Brian Krebs. (Photo via)
How far would you go to stop Krebs’ reporting on Russian carding?
Me, personally—I will stop at simple jokes. But in our field there are people he wronged quite a bit, and after this episode they could, for example, get enough money together for an assassination. It’s not too hard. In the i2p network [anonymous communication network], there are people who are doing this sort of dirty work. For $10,000 to $12,000, someone could drive over him with a pickup truck while he's walking around the city. He’s lucky Fly isn't a murderer.
And this is real? Are there any examples?
Absolutely. You can check it yourself—just browse some Tor or i2e forums. Naturally the people who ordered it won’t go into too many details.
OK. Are you confident your actions haven't exposed your identity?
I have thought about personal safety, but it’s not impossible to find me. At least, I’m confident there’s not a single picture of me online—not even a hint of my address. I want you to tell your readers that carding is dangerous and criminal work, that you could be given a prison term. If possible, it should be avoided. I don’t want to popularize it like Krebs.
Do you have a message for Brian Krebs?
Give up. We know you’re an FSB [Federal Security Service, which replaced the KGB as the principal security agency in Russia] agent. It’s not baseless; we have proof. In the picture I just sent you [the above photo of Krebs with Eugene Kaspersky], he is standing with a person you probably know. If you read up on Eugene Kaspersky, you will know he was enrolled in a KGB school. Later, he worked for the KGB. Everyone knows that there’s no such thing as ex-KGB. So what was Krebs doing with an FSB agent? Probably arranging a PR campaign for Russian cybercrime.
All right. Is the cybergeddon coming?
Cyberwars and cybergeddon are just fairy tales that people earn money out of. And politicians use them to boost their ratings. In reality, everyone can be caught and given a slap. If you don’t believe me, ask Ilya Sachkov [founder of Group-IB, a global cyber security company]. In a recent interview, he said they can catch anyone. But there's not enough money or specialists—I don't think anybody is going to be catching anyone. I hope less people will go into carding. They should do something they feel a calling for. Being a criminal is not romantic.
More dangerous stuff people have achieved through hacking: