Misha Glenny, DarkMarket: Cyberthieves, Cybercops and You
New York: Alfred A. Knopf, 2011;
Joseph Menn, Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet
New York: PublicAffairs, 2010;
Kevin Poulsen, Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
New York: Crown Publishers, 2011;
In 1886, two notorious New York shysters Howe and Hummel published a curious tome entitled Danger!,1 bearing the salacious subtitle A True History of a Great City’s Wiles and Temptations. The Veil Lifted, and Light Thrown on Crime and its Causes and Criminals and Their Haunts. Facts and Disclosures.2 The text starts off with a grand, impeccant air, expressing outcry at the courting of each latest scientific development by the ever-savvy scofflaw, as refracted through contemporary news accounts.3 Joseph Menn’s Fatal System Error, starts out in a virtually identical fashion,4 with its vilification of the “new thuggery”5 of Internet-borne criminality spurred forth by advanced technological development, the full machinations of which, as Misha Glenny points out in DarkMarket, are understood only by a technorati minority,6 superhacker-mavens akin to, say, Iceman, the subject of Kevin Poulsen’s Kingpin.
But to return momentarily to Danger, Howe and Hummel go on to explicate that their stated purpose7 for drafting the text in question is to merely dissect and expose the most prevalent crimes of the times so as to better warn of the exceedingly ominous snares which lie before them in the great city, signing off the book as being naught but “the public’s most obedient servants”.8 And yet, buried betwixt the evocative, lurid prose discussing all manner of ribald deviancy from thieving waitress girls to abortionists practicing the sordid art of “child-murder”,9 one also finds lucid instructions for the concoction of various shoplifting apparatuses—such as an intricate wire-framed muff into which “anything small and valuable”10 may conveniently be placed—as well as listing the locations of various houses of ill-repute.11 The candid nature of the text, perhaps, is what has led some reviewers to describe Danger! as being nothing less than a veritable “how-to manual for would-be criminals”.12 Given the inextricable similarity between this tome of yore and the three contemporary review texts, one would thus do well to keep in mind the portent potentiality of performing a similar steganographic reading of the three texts under review.
Ostensibly exposés of the cybercrime underground, the texts of Menn, Glenny, and Poulsen understandably provide overlapping, albeit certainly not entirely interchangeable, overviews of the dark side of the web; with the tonal ‘dark’ here meaning ‘more or less unsanctioned by legal codes’; with legality being further understood by the authors to refer to largely Western—specifically American and British—legality, and by extension any foreign legality in accord with these regimes. From this one can thus further extrapolate that the dark side of the web, most explicitly for Menn and Glenny—and to an admittedly much lesser, albeit still existent, extent for Poulsen—constitutes ‘that which is illegal in the Western WorldTM, and by extension should tacitly likewise be outlawed in those terrains in which it is not’. Thus one finds highly situated, or perhaps more fittingly ‘slanted’ lest situatedness fails to relay the here quite explicit authorial predilection for ostensibly modern Western virtues, reproaches of various foreign legal practices. For instance, Glenny’s decrying of the difficulty one would encounter in trying to entrap pedophiles in Germany due to a national law which requires German officers to identify themselves—a difficulty which, Glenny is quick to point out, British and American officers are not encumbered by,13 or Menn’s mentioning of the fact that “by a dint of a local law that is unique to Russia”14 possession of child pornography is not illegal in and of itself in St. Petersburg, and so, naturally (as indeed the resultant conclusion is natural/ized for/by Glenn)—in its tolerance of what is illegal somewhere else—Russia is then immediately described as being corrupt and one of its denizens is previously described as being suspected of “child porn and other illegal activities”,15 despite it being stated almost immediately afterwards that the activity in question may not be illegal within the territory within which it occurs.
To compound matters, there is no critical interrogation of what, precisely, here constitutes ‘child pornography’ (under any regional legal coda, let alone for every potentially distinct legal coda of every territory discussed in the text), nor are there any calls for its shift into (Western) legality. Rejoinders that ‘these are not those sorts of books’, being perhaps ‘merely’ descriptive and not explicitly prescriptive, may indeed be valid for Glenny’s tome, which holds exceedingly little jingoist bite when compared to that of Menn, but they certainly don’t apply to the latter which not only provides a bevy of “vital steps”16 to curb cybercrime, complete with reproaches along the typical lines of “the West has done very little to press Russia for action on cybercrime. As a result, the government faces few consequences for its sordid alliances”,17 but bizarrely also plucks a peculiar cherry out of the cybercrime milieu as his privileged cause célèbre—online gambling (illegal in the USA)—and calls for its legalization: “There is no point in wasting resources fighting things that the Internet has changed forever. That includes poker. People have shown that they will continue to gamble on the Internet, even if they must entrust their money to obvious crooks operating in shady jurisdictions”.18 Considering that the very addendum of the qualifier cyber similarly implies that the Internet has changed crime, it is odd to not see Menn come to the identically obvious nullification of efforts to combat cybercrime as a whole, concluding of course that there is thus no point in wasting resources fighting it as the Internet has changed it forever. Instead, Menn merely intones that “at a time when industry after industry is coming to Washington seeking bailout money, the gambling industry could offer billions of dollars in new tax revenue”.19 If such is the over-riding rationale, so perhaps could child pornography.
The various sketches in these books of the conglomeration of individual purveyors of varied underground specialties into a formidable cybercrime community, as for instance seen in Glenny’s description of a particular web forum—“ CarderPlanet gave them a structure, hitherto elusive, enabling those lone wolves to form opportunistic packs in order to commit crime (or mere mischief) before evaporating back into a desolate cyber wilderness”20—evoke Stirner’s much earlier musings as to the potential formation of a union of egoists, “There are some things that belong only to a few, and to which we others will from now on lay claim or – siege. Let us take them, because one comes to property by taking, and the property of which for the present we are still deprived came to the proprietors likewise only by taking. It can be utilized better if it is in the hands of us all than if the few control it. Let us therefore associate ourselves for the purpose of this robbery”.21 Having declared the State the sworn enemy of the egoist, the resultant union, say the openly-titled International Association for the Advancement of Criminal Activity—one of several discussed in the literature—thus proceeds to engage in a wholesale reallocation of surplus, unbounded by the stifling restraints of legality.
Inexplicably however, all three authors firmly ‘take sides’ as it were, coming down stringently against such endeavors, all whilst of course—keeping the aforementioned potential steganographic reading in mind—backhandedly providing a guide of sorts to the underworld. A duplicity of meaning within the texts thus manifests itself—not at all unlike the various fluid identities encountered in the discussed cybercrime domains themselves, with illicit carders turning into federal informants turning back into carders, white hat hackers donning black and grey hats and switching their headgear back and forth at whim—all whilst presumably reputable anti-spam organizations like Spamhaus are themselves revealed to concoct entirely fictitious entries about nonexistent spammers at the behest of the FBI.22 The end-result is thus an utter and absolute uncertainty as to the true extent of the alleged prevalence of cybercrime, considering that any potential report may be tainted, if not entirely forged outright, to favor government and/or corporate interests; a point that all three authors, all too conveniently, overlook. That is to say, if Spamhaus has been shown to explicitly concoct entries out of the proverbial thin air at the behest of federal agents, then any other entry in its database is likewise suspect.23
With regard to the specificity of their servings of particular slices of cybercrime pie, Menn’s Fatal System Error focuses on Distributed Denial of Service (DDoS) extortion attacks against websites, in which the site operator receives an e-mail asking for a payment of several thousand dollars in exchange for not taking the site offline. Initially, the subject matter is explicated through a case study of the combating of such attacks against off-shore (that is to say, off North American shores) gambling websites, before shifting focus to a British agent’s pursuit of a particular gang of cyber-extortionists in, predominantly, Russia.
Glenny’s DarkMarket focuses on the eponymous ‘carding’ website which offered a web forum for vending credit card data as well as related illicit goods akin including identification documents such as drivers’ licenses and other services like the renting of so-called botnets—access to distributed, and presumably compromised, computer systems—which could be used to conduct the aforementioned DDoS attacks or send spam e-mails; e-mails which are ultimately not at all unlike the various miracle cure adverts exhibited in Danger!.24 Glenny focuses on the various administrators of the site in question, as well as providing fleeting profiles of some of its more successful members—successful in the sense of garnering, at least for a time, substantial fiduciary proceeds.
Finally, Poulsen’s Kingpin centers around the individual Iceman (this being the most notorious of his dozen or so noms de guerre) and his various hacking ventures; with an eventual focus on his forays into restaurant point of sale systems to harvest credit card data and bank databases to collect account information, as well as on his erection of Carders Market, a rival carding forum to Dark Market.
The three books also discuss the stories of various government and independent agents working to thwart the criminal goings-on of these forums and their user-bases. All three likewise at times stray from their focal points in an attempt to provide a more comprehensive portrayal of the cybercrime underworld at large, and thus for instance Iceman is mentioned at length in DarkMarket as well as making a cameo appearance in Fatal System Error; with all three texts likewise mentioning other key players such as the Ukranian carder Script, who founded his own shady dealings forum called Carderplanet. The resultant redundancy across the three texts is in fact at times quite literal—as for instance in striving to tap into the imagination of the populace by way of cinematic injection, Poulsen and Menn both end up attempting to illustrate the voluminous nature of government databases by an appeal to the ‘warehouse scene’ in Raiders of the Lost Ark.25 Much like Danger! contains distinct chapters on varying modes of criminality, or perhaps much like Iceman sought to consolidate the various online carding communities by forcibly importing hacked databases of the other sites into his own, one is thus left wondering if the aforementioned redundancy could have best been dealt with by means of the production of a single cybercrime reader with contributory pieces by the authors.
Glenny takes the reader on rapid fire excursions to England, the Ukraine, the USA, France, Estonia, Turkey, Germany, Canada, and so on back and forth, at times introducing characters and furnishing them with elaborate back stories, as for instance in an apparent attempt to humanize those whose identities have been compromised Glenny provides a four page background on Reverend Andrew Arun John, only to have the character evaporate from the rest of the book. Ultimately upon completing DarkMarket one thus feels like having just finished reading through 20-odd separate webpage tabs and can finally shutdown the browser session.
Poulsen, while similarly juggling more than a dozen characters, nonetheless manages to formulate a focused account of a particular snippet of the carder underworld as filtered through the figure of Iceman. And finally, Menn doesn’t appear to be as much concerned with relaying the actual intricacies of the dark side of the digital economy as he is in bemoaning and decrying the fact that the laws of the USA and Britain do not apply unequivocally to the rest of the world. Thus the reader is treated, ad nauseum, to passages along the lines of “every time he pressed for action, the Russians asked him to fill out another form. He completed so many he lost count. None of them made sense to him. (…) In the afternoons, he walked the streets to Red Square and back, stewing in his own juices and wondering how anyone could live in such a country”,26 which describes a British agent’s frustration at not getting his way; an outrageous affront to Britain’s National Hi-Tech Crime Unit to be sure, who were apparently used to merely having to bribe foreign officials to gain their acquiescence,27 a practice which is of course belittled by Menn when it is merely alleged to be practiced by Russian carders like King Arthur.28
Ultimately, in reading the various descriptions of the hackers submerging into their native environs, e.g. “it was a clean and functional McApartment, bare of all distractions and able to provide the necessities for Max’s all-night hacking sprees. The high turnover in the building made him anonymous. Once his computers were plugged in and his antenna was latched on to some patsy’s network, Max wasted little time in getting back on the job”,29 one cannot help but be reminded of Baudrillard’s Telecomputer Man: “Thanks to his computer or word processor, Telecomputer Man offers himself the spectacle of his own brain, his own intelligence at work. Similarly, through his chat line or his Minitel, he can offer himself the spectacle of his own phantasies, of a strictly virtual pleasure”.30 Though, considering that a significant number of apprehensions of the various participants in the varying cybercrime rings described in the three texts resulted in government authorities either waiting until a target traveled to an extradition-friendly locale or outright lying to get the targets to come to them, for instance the FBI posed as a potential employer and flew two Russian hackers over to the US, only to promptly arrest them,31 one is thus left with the unshakable feeling that the embryonic bubble of hyper-communication and fluid identity sharing32 is nonetheless preferable to the inside of an old-school prison cell.
In other words, so long as government agents continue to menacingly prowl the streets, seeking to ensure that the hackers’ habitation of meatspace remains unsafe, disappearance into the ephemera of the screen indeed seems like a rational recourse, deploying the time-tested guerrilla strategy of nomadic transience. Which of course brings us to an unsaid dictum which nonetheless underlies the three texts discussed herein: the prevalence of so-called ‘carding’, of a, to some, apparently undesirable underground cyber economy, is predicated upon the existence of commerce proper. For surely, the most effective method of eradicating the possibility of bank accounts being pilfered is the wholesale eradication of a market economy; without credit cards there becomes nothing to ‘card’. None of the three discussed authors propose such a plan of course, clipping their wings in a reformism that manifests itself in technological tinkering—the call for chip-and-pin cards to replace magstripe credit cards—and calls for global, or at least certainly Russian, acquiescence to Western legal predilections.
And this is of course all to say nothing of the fact that the recent increased proliferation of anonymized darknets like Tor and the Bitcoin crypto-currency have already rendered some of the methods of law enforcement to track those partaking in the dark arts—via traceable money transfers and IP addresses—quaintly ineffective. Though curious newbies and seasoned practitioners alike can nonetheless still take recourse in combing the texts for lessons on how to avoid apprehension by law enforcement (as when said agencies deploy equally insidious means of entrapment and fraud) which may well be—with a wink and a nudge à la Howe and Hummel’s ‘between the lines’ steganographic presentation—the authors’ underlying motive for writing the texts all along.
This text is explicitly anticopyright. Disseminate and dissipate at whim, irrespective of injunctions to do so.
Baudrillard, Jean. “Xerox and Infinity”, in The Transparency of Evil: Essays on Extreme Phenomena. Translated by James Benedict. London/New York: Verso, 1993.
Glenny, Misha. DarkMarket: Cyberthieves, Cybercops and You. New York: Alfred A. Knopf, 2011. Digital Edition.
Howe & Hummel, Danger! A True History of a Great City’s Wiles and Temptations. The Veil Lifted, and Light Thrown on Crime and its Causes and Criminals and Their Haunts. Facts and Disclosures. Buffalo: The Courier Company, 1886. http://www.gutenberg.org/ebooks/24717.
Menn, Joseph. Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet. New York: PublicAffairs, 2010. Digital Edition.
Poulsen, Kevin. Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground. New York: Crown Publishers, 2011. Digital Edition.
Richardson, Heather Cox. West from Appomattox: The Reconstruction of America after the Civil War. New Haven: Yale University Press, 2008.
Sifakis, Carl. Frauds, Deceptions and Swindles. New York: Checkmark Books, 2001.
Stirner, Max. The Ego and His Own. Translated by Steven T. Byington. New York: Benj. R. Tucker, 1907. http://www.df.lth.se/~triad/stirner/theego/theego.pdf.
- Howe & Hummel, Danger! A True History of a Great City’s Wiles and Temptations. The Veil Lifted, and Light Thrown on Crime and its Causes and Criminals and Their Haunts. Facts and Disclosures (Buffalo: The Courier Company, 1886), http://www.gutenberg.org/ebooks/24717. ↩
- Cf. the not dissimilarly sensationalist subtitles of the three operative texts subject to review herein: DarkMarket: Cyberthieves, Cybercops, and You; Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet; Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground. It should further be noted that whereas Howe and Hummel however subsequently proceed to provide the reader the courtesy of offering a justification for their choice of evocative title (ibid., Preface), the other authors do not. ↩
- “The latest developments of science and skill are being successfully pressed into the service of the modern criminal. Increase of education and scientific skill not only confers superior facilities for the successful perpetration of crime, but also for its concealment. The revelations of the newspapers, from week to week, but too plainly indicate an undercurrent of vice and iniquity, whose depth and foulness defy all computation” (ibid.). ↩
- “A bigger and rapidly metastasizing problem—technology advances that were helping criminals even more than they were helping consumers. Online scams and identity theft soared, and an entire underground industry grew. Enormous data heists from such places as the information broker ChoicePoint and retailer T.J. Maxx generated plenty of headlines” (ibid., xii). ↩
- Ibid. ↩
- “We now find ourselves in a situation where this minuscule elite (call them geeks, technos, hackers, coders, securocrats, or what you will) has a profound understanding of a technology that every day directs our lives more intensively and extensively, while most of the rest of us understand absolutely zip about it” (ibid., 6). ↩
- “The subject matter of the following pages, in which the crimes of a great city are dissected and exposed … By hoisting the Danger signal at the mast-head, as it were, we have attempted to warn young men and young women—the future fathers and mothers of America—against the snares and pitfalls of the crime and the vice that await the unwary in New York” (Howe & Hummel, op. cit., Preface). ↩
- Cf. e.g. “I am greatly encouraged that my home country is belatedly moving to confront one of the most important issues of our time, and I’m proud that this book played some role” (Menn, op. cit., xiv). ↩
- Howe & Hummel, op. cit., chap. XVI. ↩
- Ibid., chap. VI. ↩
- E.g. “the French Madame’s on Thirty-first street” (ibid., chap. V); cf. the three review texts mentioning the names and at times website addresses of various online cybercrime communities, e.g. “Cardingworld.cc and Mazafaka.cc” (Poulsen, op. cit., 235). ↩
- Heather Cox Richardson, West from Appomattox: The Reconstruction of America after the Civil War (New Haven: Yale University Press, 2008), 240; see also Carl Sifakis, Frauds, Deceptions and Swindles (New York: Checkmark Books, 2001), 89. ↩
- Glenny, op. cit., 22. ↩
- Menn, op. cit., 155. ↩
- Ibid. ↩
- Ibid., xiv. ↩
- Ibid., 210. ↩
- Ibid., 240-241. ↩
- Ibid., 241. ↩
- Glenny, op. cit., 39. ↩
- Max Stirner, The Ego and His Own, trans. Steven T. Byington (New York: Benj. R. Tucker, 1907), http://www.df.lth.se/~triad/stirner/theego/theego.pdf. ↩
- “An undercover agent, Keith Mularski, invented an Eastern European spammer named Pavel Kaminski, alias Master Splynter, with the assistance of Spamhaus, the private research group. Spamhaus announced that Splyntr was linked to phishing scams, botnets, and carder forums. With that reputation, Mularski infiltrated the leadership of one of CarderPlanet’s many children, a site called DarkMarket.” (Menn, op. cit., 175-6). See also Poulsen, op. cit., 200-201; Glenny, op. cit., 82. ↩
- Despite earlier relating the story of the Spamhaus forgery, Glenny amazingly goes on to later recite Spamhaus figures about another alleged cybercrime organization, the Russian Business Network, without any hint of the possibility that the figures could be either entirely or partially fictitious (Glenny, op. cit., 126). ↩
- E.g. “MEN ONLY. A quick, Permanent Cure for Lost Manhood, Disability, Nervousness and Weakness. No Quackery” (Howe & Hummel, op. cit., chap. XV). ↩
- “Andy felt like he was living the ending of Raiders of the Lost Ark: he brought home one of the wonders of the criminal justice world, and they stuck it in a numbered crate in some anonymous government warehouse” (Menn, op. cit., 193); cf. “Max Vision had dodged a bullet. Janer’s statements sank into a giant government computer—they might as well have been stashed in the cavernous warehouse in the final scene of Raiders of the Lost Ark. As long as nobody had occasion to dig them up, Max was safe” (Poulsen, op. cit., 186). ↩
- Menn, op. cit., 132. ↩
- “The agents took the heads of the national computer crime units out to dinner, learned about their problems, and found out what they needed. Often the NHTCU sent them decent computers to replace their outdated models. And the British agents went home with everyone’s phone number and an understanding: When a big case was breaking, the hated letters of request would still be sent. But the right people would be getting a phone call, telling them where the letter was in the process, what was in it, and why it mattered” (ibid., 124). ↩
- “Knowing how things worked in Russia, it was possible that King Arthur was just bribing his way to continued freedom” (ibid., 197). ↩
- Poulsen, op. cit., 170. ↩
- Jean Baudrillard, “Xerox and Infinity”, in The Transparency of Evil: Essays on Extreme Phenomena, trans. James Benedict (London/New York: Verso, 1993), 53-54. ↩
- Poulsen, op. cit., 82-86. ↩
- The erroneous, albeit more widely used term currently in vogue is of course ‘identity theft’, though since theft entails the transference of A from B to C with the resultant case being that said A is now under exclusive possession of C and utterly lacking from B, and as assuming the identity of another does not deprive said other of the identity, merely marking the cloning of A so that both B and C now possess A, ‘theft’ is thus not an all a befitting descriptor of the activity at hand, merely being a rhetorical enunciation employed by agenda-laden alarmists. ↩