The Fed and the Hacker – Life Undercover with ID Thieves
Master Splynter
Supervisory Special Agent J. Keith Mularski was a spammer – or at least, that’s what his online pals thought. Under the name of Master Splynter, he didn’t run in the best of company – his associates had handles like Theunknown, Matrix 001, and the Iceman, and hung out at a place called DarkMarket.
DarkMarket was what’s known as a “carder” site. Identity thieves could buy and sell stolen credit card numbers, online identities and the tools to make fake credit cards. By late 2006, Mularski had just been made administrator of the site and not only had control over the technical data available there the power to make or break up-and-coming identity thieves by granting them access to the site.
The Iceman
The hacker named Iceman (actually San Francisco resident Max Butler) was running a rival carder suite, and accused Mularski of being exactly what he was – an undercover FBI agent. Mularski played it cool. “Hey, if you think you can do a better job running the site and if you think I’m a fed, then by all means take the stuff. I don’t want anything to do with it,” he told the hacker, and fears were allayed.
To bad for hacker utopia – Iceman was right. Mularski worked for a little-known FBI division called the Cyber Initiative and Resource Fusion Unit, run out of the National Cyber-Forensics & Training Alliance in Pittsburgh.
“The thing is with these guys, you can’t necessarily target them and just approach them out of the blue,” Mularski said years later. “So by being out there and not really caring about things — I played a lot of things off nonchalant — I was able to gain their trust. “Sometimes I spent as much as 18 hours in a day online,” he recalled. “I was online every day from August 2006 until the operation came down. Every night, I’d be watching TV with my wife next to me, and I’d have the computer on, just in case somebody needed to get a hold of me.”
In September 2006, Mularski got his chance. As administrator to the site he could track logins and read everything the cyberthieves were saying to each other. Working with his international law enforcement contacts, Mularski compiled evidence and was able with his team to track down each of the crooks who ran DarkMarket.
The tail end of the sting
Mularski always knew that there was a chance that his name would be made public. Sure enough, the German reporter Kai Laufen discovered Mularski’s name in court documents while working on a story about cybercrime, On Oct. 13, Wired reported the story and Mularski’s cover was blown to most, although some of his carder ‘buddies’refused to believe the reports.
“These guys trusted me so much that even after the Wired article came out exposing me, for two days afterwards, people were reaching out to me on ICQ thinking that it was a hoax and making sure I was alright,” he said.
Mularski wrote them back saying that he was indeed an FBI agent, and urged them to turn themselves in. Several followed his advice, and Mularski’s successful stint as an undercover agent in the cyber world was over.
Don’t make hackers’ jobs easy!
One thing that amazed Mularski was the ease with which the hackers were able to access people’s personal and identifying information, often through the individual’s personal carelessness. A simple credit monitoring system can prevent many breaches, and like an ADT sign in your front yard, will deter many hackers from even attempting a theft.
