Carderprofit.cc Was FBI Carding Sting, Nets 26 Arrests 181
tsu doh nimh writes in with news of a major sting operation against carders. From the article: "The U.S. Justice Department today unveiled the results of a two-year international cybercrime sting that culminated in the arrest of 26 people accused of trafficking in hundreds of thousands of stolen credit and debit card accounts. Among those arrested was an alleged core member of 'UGNazi,' a malicious hacking group that has claimed responsibility for a flood of recent attacks on Internet businesses."
The trick: the FBI ran a carding forum as a honeypot.
The trick? (Score:2, Insightful)
Re: (Score:3)
Re:The trick? (Score:4, Insightful)
If you're talking about Silk Road then I'm sure the authorities are pretty annoyed by it since at least here in Sweden they can't really do much if they somehow intercept a package containing drugs, weapons or some other contraband at the border and they can't follow the money or otherwise tie it to you (and it being addressed to you doesn't count since if it did you could just mail a few illegal items to anyone you wanted and tell the cops those people were expecting packages containing said illegal items).
Re:The trick? (Score:5, Insightful)
$5 says Tor, or at least Silk Road is compromised, or maybe even a honeypot itself. If you were into the kind of thing they're in to, and a little short on the brain cell front, wouldn't you flock to the "Guaranteed safe by the FBI!" places?
Re: (Score:2)
I'd be suspicious as well except that a conspiracy theory like this would require a few unlikely things.
First of all, even if Silk Road itself was trying to gather user info all they could really catch would be usernames, passwords, delivery addresses and BC addresses that they received BC from, none of which are very useful in a trial if the user has taken the basic recommended security precautions. It's not like they're asking for a whole bunch of private personal info, they want their users to supply the
Re: (Score:2)
It wouldn't surprise me to discover that Tor had been broken by the NSA, but they're not going to reveal that they've managed to do that just to convict a few people of possession/supply of controlled substances.
Re: (Score:3)
Same here in the U.S. Imagine how many politicians would be receiving pure smack?
Imagine how many of them would use it.
Imagine us not noticing any difference.
Re:The trick? (Score:5, Insightful)
FBI created some criminals.
Sure they did. Those poor innocents, tricked into doing something they weren't already doing.
Re: (Score:3, Informative)
PROTIP: In Germany, that behavior is illegal for a reason.
The very same reason, the content Mafia can’t set up file sharing servers and downloads, and then sue people for downloading that.
It means you are part of the crime. (But hey, the FBI is used to that like no other...)
And that means you can't sue, without incriminating yourself too.
Yes, this not also counts for the police, but counts ESPECIALLY for the police, which is held to a higher standard.
Re:The trick? (Score:5, Informative)
PROTIP: In Germany, that behavior is illegal for a reason.
The very same reason, the content Mafia canâ(TM)t set up file sharing servers and downloads, and then sue people for downloading that.
It means you are part of the crime. (But hey, the FBI is used to that like no other...)
And that means you can't sue, without incriminating yourself too.
No, while both are illegal, it's for different reasons. One is called "unclean hands", and the other is called "entrapment".
If VISA had set up a site and participated in hacking VISA cards, they would have unclean hands. It would change their status.
If a three letter agency does the same, and it causes people who otherwise would not have done that particular crime to do it, it's called entrapment. It would change the suspect's status.
Re:The trick? (Score:5, Informative)
If a three letter agency does the same, and it causes people who otherwise would not have done that particular crime to do it, it's called entrapment. It would change the suspect's status.
This is a common and incorrect understanding of entrapment. It's entrapment if the FBI tells you to steal credit cards, and then arrests you for it. It is not entrapment if the FBI makes credit cards available to be stolen, and then arrests you for it stealing them, The former is an example of the FBI pressuring you to do something you wouldn't have done. The latter is an example of the FBI facilitating you to do something you would have done, given an opportunity.
Entrapment: You should hire that hitman to kill your wife.
Not entrapment: I'm a hitman. Do you want to kill your wife?
Re:The trick? (Score:5, Informative)
This is a common and incorrect understanding of entrapment.
One shared by the Supreme Court Of The United States.
They incorrectly claim that the prosecution must overcome a "subjective test" by showing the defendant had a predisposition to commit the crime in any event, even if the law enforcement operatives had not been present.
https://supreme.justia.com/cases/federal/us/287/435/case.html [justia.com]
https://supreme.justia.com/cases/federal/us/503/540/case.html [justia.com]
I think you need to go teach these justices the errors of their ways.
Re: (Score:2)
Re: (Score:3)
They're not telling anyone in particular to steal the bait car. They're just parking it in a crime-ridden neighborhood with the doors unlocked with the key in the ignition. It still has to be stolen by somebody.
In the same way, the FBI can make it as easy as possible to steal credit cards. You still have to steal them.
Neither one can counsel any particular individual into doing it.
Re: (Score:3)
You didn't bother to read either of the articles you linked to, did you?
In both cases, it was established that government agents pressured the defendents to commit the crime they are being prosocuted for.
Here's the most relevent quotes from the articles you linked:
Jacobson v. United States
Re: (Score:2)
If I set up a sting website offering cheap hitmen, any moron who signed up to use it should be treated as being part of a conspiracy to murder, and given life in prison.
Why do so many people here have sympathy for criminal fuckwits just because they carry out their crimes on the internet, instead of bashing little old ladies on the head in their homes?
Re: (Score:2)
Sure they did. Those poor innocents, tricked into doing something they weren't already doing.
If they had evidence that they were already doing something illegal, they should have arrested them on that evidence.
Entrapment is mostly illegal, and can only be used when it can be shown that the crime would occur by the same defendant whether or not the police was involved.
If any of the 26 might not have committed the crime if it wasn't for the FBI's web site, the case should fall.
Also see http://en.wikipedia.org/wiki/Jacobson_v._United_States [wikipedia.org]
Re:The trick? (Score:5, Informative)
This is not automatically entrapment. The sting is just like a drugs for sale or prostitution on a street corner. Undercover cop wearing a wire and being videotaped by concealed police sits on stragetic street corner known to be hot with drugs or prostitution. The undercover cop is dressed to bait the individual seeking the drugs/services they believe the undercover is there to provide. When the individual atempts to solicit for purchase the drugs/services they are arrested for that crime.
It is only entrapment if the person is induced to commit a crime "he or she is not previously disposed to commit".
http://legal-dictionary.thefreedictionary.com/entrapment [thefreedictionary.com]
An important and often argued point.
Re: (Score:2)
This case feels more like they didn't just leave a car to be stolen, but went around offering everyone a ton of money to steal it for them. (In the first case they would have likely stolen a car either way, in the second case they probably wouldn't have)
As I always say, if you're going to do a car analogy on slashdot, it is simple good taste to make it as fucking ludicrously inapposite as possible.
Re: (Score:2)
Re: (Score:3)
They spent 2 years trying to bait 26 idiots, instead of chasing real criminals.
Hey, but at least they got UGNazi.
Real criminals? (Score:5, Insightful)
Real criminals? If they were actually using credit card information to make illegal purchases, they ARE real criminals! Just because you don't have to mug someone to get his wallet doesn't matter. At least when you are mugged (assuming you don't have to go to the hospital) you know your personal information has been stolen. When your personal information is stolen via the computer, you often don't learn about it until the big bills start to pile up. Also, a mugger usually steals only hundreds (maybe thousands) a credit card thief usually starts at that point and goes up from there. In terms of money lost, we went the FBI to go after them and the thieves running the big banks and Wall Street. Let the local police deal with the muggers.
Re: (Score:2)
Real criminals? If they were actually using credit card information to make illegal purchases, they ARE real criminals!
But credit card information just wants to be free!
Soz.
Re:The trick? (Score:5, Insightful)
This is much more of a real crime than "piracy." Good on them for getting some people actually causing harm.
Re:The trick? (Score:5, Insightful)
They illustrated that crimes can be solved by normal police work without spying on hundreds of millions of innocent people.
Re: (Score:2)
26 idiots who could cost the economy how much in damage?
Re:The trick? (Score:4, Insightful)
this is how law enforcement works, you take down one criminal conspiracy at a time.
Re: (Score:2)
Re:The trick? (Score:4, Interesting)
Re: (Score:2)
So why were people dealing in large volumes of stolen credit cards not "real criminals" then?
Because, according to slashdot's libertarian standards, merely copying the data is not a crime, only the actual fraudulent use of it is. Therefore, if I have a million illegally obtained credit card details on my computer, it doesn't mean I have done anything wrong
It's analogous to the terrorist group who accumulate explosives, prepare detailed plans of their attack, and are caught by the police just before they actually kill any one. A lot of people here would (logically) have to say they have done no
Re: (Score:3)
so... (Score:3)
who qualifies as a criminal, exactly, by your interesting standards
Re: (Score:3)
You don't understand the type. There is a group of people who see "Cops Bust ______ " and automatically think "Cops are Criminals", giving the entire benefit of the doubt to the people busted. It was entrapment, they got innocent people or some other excuse is "more likely" than cops actually doing something good.
These people have a natural distaste for law enforcement.
Re: (Score:2)
You don't seem to understand the difference.
Any lack of understanding in the above thread, is all yours.
Re: (Score:2)
Sure they did. Those poor innocents, tricked into doing something they weren't already doing.
They spent 2 years trying to bait 26 idiots, instead of chasing real criminals.
You don't seem to understand the difference.
Credit card fraud is as real a crime as any other white collar offence. Just because it doesn't affect you as an individual (since you are unlikely to end up out of pocket) doesn't make it an acceptable way of behaving.
I always find it amusing on slashdot that everyone would happily hang, draw and quarter spammers, because they slow down our lovely computers and networks, but don't seem to care about actual theft of money from banks, for which we all end up paying one way or another.
Re: (Score:2)
Also, you're missing a space after that comma in your signature (and a period at the end).
Jesus Christ, call the Grammar Gestapo and have them torture the fucker to death. The evil bastard doesn't deserve to live.
Re: (Score:3)
FBI created some criminals.
Yeah, my heart bleeds for these poor victims of Evil Government Oppression.
the fact that this worked is (Score:2, Interesting)
Re: (Score:2)
most criminals are dumb. its just that unless its a violent crime most times the cops ignore you if you're a loner. once you set up an organization that starts costing businesses a lot of money you get noticed.
the people involved are dumb
EVERYTHING is tracked
if you're a checkout drone everything is tracked. everyone knows which purchases you ring up. if there is a rash of CC fraud the first thing people will do is look in the computer for similarities and guess what, they will find that by some strange coin
Re: (Score:2)
most criminals are dumb.
Then why are 90% of crimes unsolved? No, most criminals who get caught are dumb. Look how long Madoff got away with his multibillion dollar Ponzi scheme.
They're not dumb, they just have no morals.
Re: (Score:2)
Re: (Score:2)
He was clearly smarter then his investors.
I downloaded a list of his suckers. They should be ready to harvest again in about 10 years.
Re: (Score:2)
how dumb are the criminals that fall for this?
If they were smart, they wouldn't become criminals. Most criminals are somewhat less than bright.
Re: (Score:2)
If they were smart, they wouldn't become criminals.
Non sequitur.
If they were smart criminals, they wouldn't get caught.
Re: (Score:2)
Re: (Score:2)
Some people get a criminal conviction early in their lives which basically destroys their future earnings potential, regardless of whatever skills and education they might achieve.
Given the choice of serving burgers and fries for the rest of their lives or using their talents to earn a comfortable living (albeit with major risk) they choose the latter.
Re: (Score:2)
There are some very bright criminals out there. You usually don't hear about them because they are generally bright enough to stay far enough away from the front lines.
Re: (Score:2)
There are some very bright criminals out there.
Yeah, they're usually CEOs.
Re: (Score:3)
I recalled watching some program where robber handed out a "hand me all your money" note on the back of his medical prescription.
Over time I realized that majority of these petty thief are doing what they are doing because they are too dumb or lazy to do anything else.
I mean it takes certain kind of an idiot to do stupid crime, the smart ones become bankers.
Re: (Score:2)
how dumb are the criminals that fall for this?
Want the truth? Most of them, that's how you catch the majority of them, and I'm not talking about closure rates. I'm talking about the plain old dumb criminals that simply hand you everything they know right off the bat. Most criminals are dumb, it doesn't take much in the way of brains to be one. It's being crafty and sly that makes a good criminal.
Re: (Score:2)
Hmm (Score:2, Funny)
Why does Avast WebRep have 3 red bars for justice.gov?
Comment removed (Score:5, Insightful)
It's self-promotion .... (Score:4, Insightful)
Of course the parent poster is right... I'd imagine any serious credit card thief would be operating through Tor, doing anonymous payment with something like Bitcoin, and not even fooling around with signing up on new sites of unknown/unverified origins.
But this is pretty typical for the FBI. They're as interested in the P.R. as anything else. They need to show they're making arrests and giving the news media something positive to print. It helps ensure their continued funding for the division handling these high-tech crimes and they probably also figure it's a deterrent to beginners, who could become tomorrow's elite card thieves otherwise.
Re: (Score:2)
Re:It's self-promotion .... (Score:4, Interesting)
It's a matter of their priorities. They waste 2 years and countless amounts of time and resources to bust a mere 26 carders?
Meanwhile, well documented white collar crimes committed by the banking cartel are largely ignored. The FBI reported back in 2003 that there was an "Epidemic of Fraud" in the mortgage market but we didn't see an epidemic of investigations and prosecutions.
I guess the carders need to hire some lobbyists so that they too can buy a federally issued license to steal.
Re: (Score:2)
It's a matter of their priorities. They waste 2 years and countless amounts of time and resources to bust a mere 26 carders?
Why does the number of people busted matter to you?
Isn't the amount of compromised numbers a far more relevant figure?
One person selling 400,000 stolen cards vs 100 people selling those same 400,000 cards will hypothetically result in the same amount of theft
Re: (Score:2)
You assume that because they *only* arrested 26 people that somehow this investigation wasn't worth it. Except of course these were criminals responsible for trading 400,000 stolen cards and engaged in other related criminal activity. How much effort would be required to arrest 26 people on theft and fraud charges if they were unrelated investigations? At least this way they get to pool their investigation and a lot of the work was
Re: (Score:3)
Come and wake me up when they bag some REAL criminals, like the big Russian gangsters robbing SMEs out of hundreds of millions per annum.
Or Lloyd Blankfein or John Corzine.
Re: (Score:2)
Why limit ourselves to property crime? I'd really want them more focused on some really dangerous people like:
* Dick Cheney (crime against humanity - ordering waterboarding)
* Barack Obama (murder in the first degree of Anwar Al-Awlaki)
* Rudolph Giuliani and Howard Dean (material support for a designated terrorist organization, the Iranian MEK)
Re: (Score:2)
Because destroying the livelihood of thousands or millions can be expected to destroy the lives of tens or thousands. Crimes on this scale are a bit more than just "property crime".
Re:Waste of time (Score:5, Insightful)
Re: (Score:3)
I live in Mexico (born in the Netherlands). While there was a shoot out in a neighbourhood very close to ours about a year and a half ago, I suffer right now much more from actual criminals as in Banamex, the so called National Bank of Mexico.
Back in November my bank card got stolen, a card with a nice but meaningless MasterCard [1] logo. It got cloned before the theft was even discovered (piss poor security on those cards) and used to shop in 2 different locations, in total around 2000 USD of goods, includ
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
Crime is crime. Since there's more than enough crime to go around for the resources available to fight it, that means the fighting has to be prioritized. But it doesn't mean all low level crimes are completely ignored while the biggest crimes get 100% of the resources.
The fight against carders is statistical. While it's more of a "nuisance" crime to the hundreds of thousands of people who have to disrupt their lives cleaning up their credit messes, the total loss from those hundreds of thousands of indiv
Re: (Score:2)
Come and wake me up when they bag some REAL criminals...
And risk getting their funding cut?
Re: (Score:2)
I would hate to go fishing with you, if we didn't catch the absolute biggest fish in the lake you would apparently call it a failure.
Police like fisherman pull in those who take the bait.
Re: (Score:2)
Does that seem circular to you? It does to me, because the reasoning seems to go like this:
If a criminal can be busted by cops, then that criminal is a low-life amateur, not a serious criminal. Therefore, whenever cops land a bust, they will always catch low-life amateurs, never serious criminals.
Logically this means the very act of being caught transforms any criminal into a low-life amateur, which means that cops can never catch serious criminals by the standard of this reasoning. Yet, this same reasoning
honeypot detect? (Score:3)
Re:honeypot detect? (Score:4, Funny)
How would you actually detect that a website like this is a honeypot?
The 6:00 AM knock on your door.
Re: (Score:3)
I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.
Re: (Score:2)
Yeah, I figured it would be obvious to this crowd. But it's a bit of hyperbole on reflection. I think I can rightly apprehend the confusion of ideas. GP post wants a technical means to determine the intent of a social system.
Re: (Score:2)
Re: (Score:2)
Ok, this is a purely curiosity-based question, and I know there's lot of web security people roaming around here. How would you actually detect that a website like this is a honeypot?
If all of the email addresses in the DNS entry go to fbi.gov, it might be a honeypot.
If the server ip addresses are in the fbi.gov ip block, it might be a honeypot.
Feel free to add others!
Re:honeypot detect? (Score:5, Funny)
That is a very good question. Here are some tips..
If the tcp packets coming back to you are mysteriously lacking in honey ... it might be a honey pot. .... it might be a honey pot.
If their is a slight buzzing comming from your network connection... it might be a honey pot.
If swarms of bees, bears, or badgers appear around your computer
Or you might be playing The Secret World (Score:2)
Join the bee people!
Re: (Score:3)
If you have a sudden urge to go visit Piglet ... it might be a hunny pot.
Re:honeypot detect? (Score:5, Funny)
;; QUESTION SECTION:
;carderprofit.cc. IN A
;; ANSWER SECTION:
carderprofit.cc 78003 IN CNAME fbi.gov.
fbi.gov 78003 IN A 72.21.81.85
Re: (Score:3)
This is close, if dig returns a result at all be wary. You can never be sure but do you really want to be discussing illegal activities at a site hosted on Amazon Web Services (dig actually returns awsdns though that's probably synonymous with fbi.gov in this case) vs some dark net address.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I have seen some tech shows lately. Those tech guy/gals mutter a few strings of long tech sounding words and type a bit on a keyboard. If that ritual is done at the right time (about 10minutes left in the show assuming not a cliff-hanger episode) then pictures flash by on the screen and they magically get the location of the bad guys. If you're a black hat on those shows, then to get away you have to either be on the lookout for someone "silently pinging your network facing encrypted cloud based interface o
Re: (Score:2)
You wouldn't.
This is very close to the right answer.
The honeypot itself is bait. And just like fishing in a lake, there's no particular reason that your bait must be an artificial lure - you often get better results using live bait.
Now, if you were privately investigating card fraud, perhaps on behalf of a victim, you might have come across the honeypot site and wanted to investigate it further to figure out who the bad guys are so you could report them. You'd probably do the same steps any investigator would to deter
low hanging fruit (Score:2)
I'm gonna go out on a limb (sorry about the pun) and say that all they got were low hanging fruit.
I mean the criminal would have to be pretty dumb to actual use said service.
This is making criminals, if such a service wasn't available, likely these dullards wouldn't have a way to break the law (at least in this context).
Anyway I doubt this has improved the world in any appreciable way.
Re: (Score:2)
Re: (Score:2)
Good for them (Score:3)
I for one am happy that law enforcement is finally figuring out how to apply traditional police work to the internet successfully. It's the good old-fashioned sting made digital.
Meanwhile fraud-ring-in-hacking-attack-on-60-banks (Score:2, Interesting)
http://news.sky.com/story/952931/fraud-ring-in-hacking-attack-on-60-banks
I wonder (Score:3)
I wonder if their bail bondsmen took Visa or MasterCard?
Re:No this isnt entrapment (Score:5, Informative)
A quick primer on entrapment:
If you are trolling Drug Dealer Drive for drugs and you happen to ask a undercover agent for drugs, you are guilty.
If a undercover agent posing as a drug dealer comes to you out of the blue and says that you need to buy his drugs so that he can help his sweet grandmother beat cancer, that's entrapment.
The difference is that in the first example, you were already out with the intention of doing something illegal. The second example you were approached by LEO and convinced to do something you normally wouldn't do.
IANAL and I'm sure each jurisdiction has it's own definition of entrapment but this is the jist.
Re: (Score:2)
Yeah, that's how the courts used to decide this, but not anymore. [nytimes.com]
Re:No this isnt entrapment (Score:4, Informative)
First, you messed up your link. Corrected [nytimes.com].
Second, from the start of the article:
"When an Oregon college student, Mohamed Osman Mohamud, thought of using a car bomb to attack a festive Christmas-tree lighting ceremony in Portland, the F.B.I. provided a van loaded with six 55-gallon drums of "inert material," harmless blasting caps, a detonator cord and a gallon of diesel fuel to make the van smell flammable. An undercover F.B.I. agent even did the driving, with Mr. Mohamud in the passenger seat. To trigger the bomb the student punched a number into a cellphone and got no boom, only a bust."
Emphasis mine. This is not entrapment at all. The attack was his idea. The feds just helped him along to show he was willing to go through with it. It's no different than if somebody asked a bartender about a hitman to kill their spouse, and then the feds supplied them with one.
The Cromitie case is much more dubious, and if it's true he wasn't actively seeking to become a jihadist, I feel it is entrapment. But I also feel that way about cops dropping bills on the subway and arresting people who pick them up and keep them, or cops who leave unlocked vehicles with keys in the ignition in bad neighborhoods.
Re: (Score:2)
If you think it is, you are an idiot that has no clue what the term entrapment means.
How the heck do you get a +3 insightful without bothering to explain why or even a cut and paste of the def?
I am not a lawyer blah blah. Some /.ers are, and will probably make fun of my definition, or even call me an idiot. Thats OK, that stuff makes me laugh. But the one line summary is: entrapment requires persuasive leadership by .gov not merely an announcement that ".gov is open for business!". The standard /. car analogy is walking onto the lot of your own free will with your own idea of buying a c
Re: (Score:2)
But the one line summary is: entrapment requires persuasive leadership by .gov not merely an announcement that ".gov is open for business!".
No, it doesn't have to be persuasive, it's enough that's inciting. If there is no evidence that the person would not have committed a crime of the same nature without the presence or actions of the , it's entrapment.
See http://en.wikipedia.org/wiki/Jacobson_v._United_States [wikipedia.org]
Re:No this isnt entrapment (Score:5, Informative)
Here's what entrapment is [tumblr.com], as explained by a lawyer, in an appropriately visual format to appease the attention span of most Slashdotters.
Re: (Score:2)
Re: (Score:2)
Re:So, I guess, if FBI does it, (Score:5, Informative)
Then it is not illegal.
It's called undercover police work, and undercover police work is perfectly legal, including the commission of various non-violent crimes required to maintain their cover.
The cops weren't out there having TVs shipped to their houses and not documenting them so the victims wouldn't be reimbursed. They were hosting a forum, and made it look like other similar on-line criminal hangouts. When real criminals arrived, they maintained the forum long enough to accumulate enough evidence (IDs of suspects, records of criminal activity), then rolled them up.
They did their jobs, successfully.
Re: (Score:3)
It's been long known that the best way to catch a criminal is to pretend to be one. (Some might argue that the government is already doing a damned good job of that.) Getting them to show their hand (having a cop as a witness to the crime) and/or confess their misdeeds voluntarily is pretty much the best way to get a conviction.
This is why you get undercover cops buying drugs, joining gangs, etc. Stings are perfectly legal, and, if they follow the rules as laid out by the courts, seem pretty reasonable.