Read Fatal System Error Online

Authors: Joseph Menn

Tags: #Business & Economics, #General, #Computers, #Security, #Viruses & Malware, #Online Safety & Privacy, #Law, #Computer & Internet, #Social Science, #Criminology

Fatal System Error (10 page)

BOOK: Fatal System Error
12.98Mb size Format: txt, pdf, ePub
ads
The press and endorsements made it easier for Prolexic to garner non-gambling clients, especially such electronic payment processors as StormPay and e-Gold. The cyber gangsters DDoSed those firms with a vengeance, even though they liked to be paid through such services. They could always find another route for their cash, like the emerging favorite Webmoney, which was based in Russia.
E-Gold was one of Prolexic’s oddest clients. Officially based in the West Indies, the company declared itself exempt from the exhaustive regulations governing U.S. financial institutions. E-Gold’s gimmick was that each account was backed by actual gold, though it was extraordinarily difficult to collect it. Otherwise, it functioned as other Internet currencies did, relying on a network of outside merchants or individuals who traded traditional currency for e-Gold funds, taking a cut in the process.
Customers needed just a functional email account and a name of their choosing to open an e-Gold account. Even the name could be transparently bogus, unless cruel parents really named their children Mickey Mouse, Donald Duck, and Bud Weiser. For that reason, thieves flocked to the service, along with hackers and child-porn purveyors, many of whom would accept nothing else. E-Gold founder Douglas Jackson arrogantly put his real offices in Melbourne, Florida. But his customers had so much faith in their perpetual anonymity that they voluntarily listed as the “purpose” for transactions such things as “dumps,” which was shorthand for mass credit card information. E-Gold’s own employees, meanwhile, allowed transactions to continue in accounts that they had labeled “child porn,” “scammer,” and “CC fraud.”
Prolexic defended e-Gold against massive DDoS attacks beginning in the fall of 2005. When e-Gold went offline a couple months later, some customers contacted Prolexic to find out was happening, and Prolexic in turn called e-Gold. The executives there explained that they were too busy to talk; their offices were being raided. The U.S. eventually indicted the company and its founders, winning guilty pleas in 2008. E-Gold’s records contained some valuable email and IP addresses, which helped in a number of hacking prosecutions. Many of the criminals also used their familiar handles on e-Gold. “Segvec,” for example, was thought by federal agents to be a Ukranian carder, someone who stole credit card information or turned that data into cash or goods. He turned out to be Albert Gonzalez, a key Secret Service informant later accused of stealing data on tens of millions of credit and debit cards from T.J. Maxx and other national retailers. Prolexic also protected a few porn and counterfeit pharmacy sites. Darren wanted the company to sign up “high-yield investment programs,” known as HYIPs, which were large pyramid schemes, but Barrett wouldn’t do it.
Barrett and his crew brought customers into their own infrastructure while they filtered out the bogus traffic of one type and another. They would often try to find out the Internet location of the servers directing the attack, then call the authorities or the service provider and ask them to disconnect the offending computer. As their reputation grew, more big companies started helping as soon as Prolexic called.
Because Prolexic’s defenses almost always worked, there wasn’t much need for the full-fledged infiltration that marked the BetCRIS case. An exception came after an assault on a Canadian company called Proliflik, which sold out-of-copyright DVDs over the Internet. Proliflik bid and won the right to advertise next to Google searches on the phrase “vintage movies.” Then a competitor from Japan warned Proliflik to stop its ads, or else. When Proloflik ignored the threat, someone launched one of the most obliterating DDoS attacks Prolexic ever faced, just before Christmas 2005.
Barrett was on Christmas vacation with his family at Lake Tahoe when the attack occurred. Without an Internet connection of his own, he trudged to a Starbucks to use its wireless hookup. Barrett set to work and traced the attacking machines to Japan. They appeared to be coming from servers running the operating system Linux that had been compromised through a flaw in the Web programming language PHP. The attack was strong enough that it began to crush other Prolexic customers sharing the same equipment, and Barrett had to take Proliflik offline, all while sitting on the damp coffee shop floor when no tables were free. Two days later, Terry Rodery found the Internet Relay Chat channel directing the attack. Just as Barrett and Dayton Turner had done with the BetCRIS bot attack, Terry joined the channel himself. He lurked there until another human being logged on and began issuing commands to the more than 70,000 bots in the channel.
Posing as a teen hacker, Terry accused the man of taking over bots that he had woven together earlier. “Why are you stealing my boxes?” he demanded, using slang for the captured computers. “They are not mine, not yours,” the man responded, soon adding, “Sorry, but I have to DDos.” He went on to say that he was punishing a shop for selling pirated material. “I do this for money,” he wrote. Terry said he wanted to get into DDoS for money as well, and said he could get together a few hundred bots. “I’ll ask my employer,” the other man wrote. “He tell then what to do and pay for you.”
Barrett wrote a report on his and Terry’s work to inform other network administrators and posted it to a major email list for those in such positions. A Secret Service agent in Los Angeles responded and said he would ask his counterparts in Japan to get the plug pulled on the server, and the attackers’ machine vanished from the Internet. It was one of many times that the agency went outside official lines to cut off the zombie networks known as botnets, earning it a better reputation in the business world than its larger rival, the FBI.
The two agencies had overlapping turf in cybercrime, leading to bureaucratic battles that further handicapped the federal government’s weak response to the crisis. Both had some successes worth crowing about, and both had some embarrassing failures. The FBI had more people, while the Secret Service had better expertise. Perhaps because that agency was smaller, it was more nimble and less hidebound, in the same way that Apple often develops niftier software than the far larger Microsoft. In terms of style, the Secret Service was more likely to share information and work harder at cooperating with other officials and private companies. The FBI took in reams of information and let little back out. That’s why the U.K. National Hi-Tech Crime Unit stopped inviting the FBI to its conferences and asked the Secret Service to come instead.
The Secret Service’s unofficial help with Proliflik was part of a broader trend that emerged in response to widespread frustration at the inadequacy of official channels. When the authorities were helpful, it was often on the sly. And a number of private groups and individuals were coming to the fore. Some compiled public blacklists of attackers’ addresses that could be blocked from accessing websites. Others tried to trace the patterns, linking certain botnets to preferred methods of attack and favorite hosting providers. Big security firms like Trend Micro and Symantec gradually got better at sharing information with their peers as well.
When Barrett emailed around about the Proliflik case, he heard back from someone new: Rob Thomas, of a secretive nonprofit security company called Team Cymru. Cymru (a Welsh word pronounced as if the vowels were backward, Cumree) had former military operatives, police veterans, and private security experts on board. It too had a mailing list, but someone could get on it only if several people had long-standing relationships with the candidate.
Team Cymru kept the lowest possible profile, which was why it had so many sources of information deep within companies most affected by the botnet phenomenon. Under wiretapping laws, telecommunication companies could share information with Cymru about their customers that they couldn’t share with law enforcement. Once it got that data, though, Cymru could advise others. Invaluable raw transcripts of IRC chats went to law enforcement, lists of possibly compromised account numbers went to banks, and databases connecting blocks of suspect IP addresses with their service providers were made available to those who needed access.
Thomas told Barrett the group was tracking some nine hundred separate botnets, watching not just which viruses were responsible for assembling them but also which individuals. As the authorities continued to stumble, Team Cymru and its allies would grow in importance, eventually providing one of few obstacles in the major criminals’ path to power.
During a lull in the Proliflik battle, Barrett resumed his vacation by taking Rachelle for a wander around the curio shops in the Tahoe town of Truckee, California. The couple had grown closer as Barrett fought with the Russians and worried about his own patrons, and they had talked about marriage. In a jewelry shop, Rachelle admired a vintage ring: Barrett bought it and proposed. Rachelle hadn’t lost her faith in Barrett’s ability to navigate the treacherous waters of his business life. But she wanted him to sort it out, definitively and soon. The same was true of his marriage proposal; on the right track, but half-assed in execution. She hesitated, then said yes.
BARRETT TOOK EVERY OPPORTUNITY to make Prolexic bigger and more legitimate. If he succeeded, perhaps he could sell it to a straight-arrow security company, and none of the shady beginnings would matter. Just four of the twenty-nine customers brought on in the year beginning November 2005 were gambling companies. Other clients included the U.K. Royal Mail, State Farm Insurance, top domain name registrar GoDaddy, and the Royal Bank of Scotland.
Barrett urged his fellow executives to drop all of the gambling clients. The closest he came to succeeding was when Mickey suggested they delete from the company’s website references to protecting gambling sites from getting obliterated near the Super Bowl. Writing to Barrett, Darren, and Brian, Mickey said, “I don’t think it is a good idea to have people think the company is gaming related.”
Though the Maksakov stories in the press helped broaden the customer base, Darren hated them, telling Barrett that it made some clients uncomfortable to hear that he had gone to the FBI. “It definitely hurts business when we put those guys away,” Darren told him. Barrett just shook his head.
Revenue climbed to $3.4 million in 2005, and the company turned its first profit. But the spending was excessive—it cost $1 million for the move from Costa Rica—and there often didn’t seem to be enough money. Barrett could never get a look at the company’s books, even as a partial owner, and he didn’t like the way Darren ran the place. Often away at his other enterprises, Darren promoted or transferred several Prolexic employees away from their capabilities. He kept members of the team divided against each other, telling all that he was their biggest supporter. Barrett came to believe he wanted them beholden to him and unlikely to compare notes.
Personal loyalty was a major concern for Darren. For the company’s chief financial officer, he picked an old friend, Keith Laslop, whose brother had been Darren’s roommate at a Canadian college. In addition, Laslop’s father had worked at Darren’s old companies, including BetonSports. Laslop came off as a likeable guy, despite the British accent he kept after spending six years in London. But Barrett couldn’t figure out why he was getting far more than double Barrett’s compensation.
Meanwhile, Barrett was learning more than he wanted to about his investors. In February 2006, Mickey and Ron Sacco flew into Miami on a private plane. The plane, Barrett gathered, made it easy to move cash back into the country. Mickey was on his way to help his bookie father, who had been arrested again in Pennsylvania. Complaining that Dad was getting sloppy as he aged, Mickey griped metaphorically, “I should have taken away his keys.”
Indeed, Mickey Flynn Jr. had been given multiple chances. He’d been arrested in August 2003 on charges of bookmaking and participating in a “corrupt organization” with multiple bookies. Though he could have faced twenty years, Flynn pleaded guilty to bookmaking and conspiracy and got off with probation. This time police had caught him in a probe of a mob associate named John Conley. The gambling baron did business with Pittsburgh’s Genovese mafia branch, according to state officials. When Conley got out of prison in 2005, he started passing Flynn more than $1 million in bets monthly. A large part of that went to BetCRIS, according to a federal prosecutor. After the arrests, police found guns including an AK-47 assault rifle in Flynn’s house, along with more than $500,000 in cash. Flynn pleaded guilty to conspiracy and running a gambling business in the fall of 2006 and this time got two and a half years in jail.
While they were in Miami, Sacco and Mickey commandeered the Prolexic conference room for a meeting with a bunch of tough guys smoking cigars. The meeting, Barrett learned, concerned Florida’s plan to legalize slot machines in more places, which the group feared would cut into their illegal betting business.
BOOK: Fatal System Error
12.98Mb size Format: txt, pdf, ePub
ads

Other books

The Codex by Douglas Preston