The humble local internet cafe; it’s often a quiet spot for students, travellers and people who simply enjoy a fresh cup of coffee when going about their .com business.
Never would you associate an oft tight-margined business with the top cybercrime criminal network in the English speaking world.
But the Java Bean internet cafe in Wembley stood out from its thousands of competitors dotted around London town; at least it did for the surveillance officers involved in an arduous stakeout operation to prove this unremarkable venue was the epicenter of a remarkable and sophisticated network of cyber criminals.
From the small cluster of computers within the cafe, a former pizza bar worker had forged a lucrative career by running what has been termed a cyber crime “supermarket”.
Services were available across the globe and cost the international banking centre tens of millions of pounds.
Membership of the criminal network was by approved invitation, a strict vetting process to let other would-be cyber thieves into their realm. But once initiated, 2000 vendors bought, traded and stockpiled masses of personal and commercial data.
Renukanth Subramaniam, 33, was revealed as a founder and major orchestrator of the secret DarkMarket website.
Yesterday, he pleaded guilty to conspiracy to defraud and five counts of furnishing false information at Blackfriars Crown Court and asked to be remanded in custody.
His website ran unhinged for years and was but brought down after months of painstaking attempts at infiltration by the FBI and the US Secret Service.
Everything from card details, obtained through hacking, phishing and ATM skimming devices, to viruses were traded. Acquiring a particularly threatening virus offered criminals the leverage they needed to threaten and extort money from websites and e-companies.
Once in the cloaked ranks of the 2000 master fraudsters, the site offered online tutorials in account takeovers, credit card deception and money laundering. Even instructions on how to set up a credit card factory – including false ATM and pin machines – were available on DarkMarket.
The website even featured breaking-news-style RSS updates pinpointing the latest compromised financial or banking services and banner ad space was for sale to other criminals.
The ‘service’ had members in the UK, Canada, US, Russia, Turkey, Germany and France, on its eventual downfall, the UK’s Serious Organised Crime Agency (Soca) which helped bust it, said it was “impossible” to put a figure on how much it had cost banks worldwide.
According to Alexa, the site was particularly popular in Spain, the UK, Lithuania and Turkey and spiked in September of 2008, probably due to the credit crunch.
Subramaniam, who used the soubriquet JiLsi, was remanded in custody at his own request at Blackfriars crown court yesterday after pleading guilty to conspiracy to defraud and five counts of furnishing false information. He was warned by Judge John Hillen of an “inevitable” and “substantial custodial sentence”.
The ethics for a site with such nefarious goals are surprising, “no honour amongst theives” did not apple here and the quality of members was paramount, not quantity with “rippers” who screwed other criminals banned from the network. Rules were strict: no firearms, drugs or counterfeit currency.
Sri Lankan-born Subramaniam had been a member of DarkMarket forerunner ShadowCrew which was uncovered by the US authorities in 2004. JiLsi had been instrumental in cementing DarkMarket with one Soca investigator remarking “No JiLso no DarkMarket”.
Payments and goods were exchanged through a third party almost like a PayPal whilst an arbitration service resolved disputes. Payment was made using WebMoney or E-Gold, described as “the QuickTime method of sending money anywhere”.
Administrators and moderators worked to ensure the market’s pyramid structure maintained a hierarchy: those who vetted potential members demanded commission and fixer’s fees of as much as £250 per transaction.
Reviewers would test compromised cards and write an online review of customer satisfaction – just like eBay customers.
Subramaniam had been a top administrator. Using mobile data storage units to avoid detection worked to keep him at the top of the tree until one memory stick was stolen, costing him £100,000 in losses and losing his prestigious place in the pyramid, downgrading him to reviewer status only.
Surveillance officers tracked his movements on website as JiLsi started communicating with fellow criminal MasterSplyntr; this profile in fact belonged to FBI agent Keith Mularski.
The money exchanged was considerable, but it took place away from the site to ensure security. One buyer spent £250,000 on stolen personal information in just six weeks.
Subramaniam himself kept a quiet existence, he worked at Pizza Hut and as a dispatch courier. He owned three houses but with such an innocuous existence outside DarkMarket he had to be snared online first and tied to a real person later.
He is charged alongside Devilman aka John McHugh, 66, a site reviewer who pleaded guilty to conspiracy to defraud. At his Doncaster home, officers uncovered a credit card-making factory.
The two will be sentenced later.
In the DarkMarket
DarkMarket price list
Trusted vendors on DarkMarket offered a smorgasbord of personal data, viruses, and card-cloning kits at knockdown prices. Going rates were:
Dumps Data from magnetic stripes on batches of 10 cards. Standard cards: $50. Gold/platinum: $80. Corporate: $180.
Card verification values Information needed for online transactions. $3-$10 depending on quality.
Full information/change of billing Information needed for opening or taking over account details. $150 for account with $10,000 balance. $300 for one with $20,000 balance.
Skimmer Device to read card data. Up to $7,000.
Bank logins 2% of available balance.
Hire of botnet Software robots used in spam attacks. $50 a day.
Credit card images Both sides of card. $30 each.
Embossed card blanks $50 each.
Holograms $5 per 100.
By Ally Millar