Three years undercover with the identity thieves

Keith Mularski talks about his role as administrator of online fraud site DarkMarket.

Mularski's life as an undercover spammer began around July of 2005, when he created his handle Master Splynter in a tribute to the cartoon rat who plays sensei to the Teenage Mutant Ninja Turtles. His unit ran a project called Slam-Spam, and Mularski, a self-confessed computer nerd, said he had picked up a lot of spamming tricks before he started the operation. "I could talk shop," he said.

He didn't send out spam himself, but he knew what questions to ask and -- more importantly -- what not to ask. He kept to his character as a spammer. If someone approached him with a new "zero day" attack, he wouldn't ask for details. And he avoided going after personal information, not asking forum members obvious cop-giveaways such as where did they live. "The thing is with these guys, you can't necessarily target them and just approach them out of the blue," he said. "So by being out there and not really caring about things -- I played a lot of things off nonchalant -- I was able to gain their trust."

The hours were long; scammers don't work 9 to 5. "Sometimes I spent as much as 18 hours in a day online," Mularski said. "I was online every day from August 2006 until the operation came down."

His most active discussion time was between 10 o'clock at night and one or two in the morning. "Every night I'd be watching TV with my wife next to me and I'd have the computer on, just in case somebody needed to get a hold of me," he recalled.

After 10 years of marriage to an FBI agent, Mularski's wife knew that operations could cut into personal time. It couldn't have been easy, though. "She was the real saint in this whole thing," he said.

Master Splynter didn't take vacations either, even if Mularski did. "Usually, if you're not going to be online, you've got to give notice because they wonder what you're doing, whether you got busted or not. So if I was travelling somewhere and I couldn't be online, I'd always give these guys advance notice."

By September 2006, Mularski had become a moderator on DarkMarket. Not as powerful as an administrator, he was still a trusted manager, one step above the reviewers who assessed the quality of products being sold on the site.

That's when he got his big break. And it came from an unlikely source: Iceman himself. According to authorities, Iceman was making a play to control the market for fake credit cards by hacking into four carder sites, including DarkMarket, knocking them offline and moving their membership to his own site, CardersMarket.

Even when the site was back up and running, Iceman continued to hit DarkMarket with distributed denial of service (DDoS) attacks, which would overwhelm it with wave after wave of useless Internet traffic.

Mularski wasn't sure how things would play out, but in September 2006 he saw his chance. He started talking with Iceman about joining CardersMarket as a moderator, but soon realized that he the had a better shot with another administrator at DarkMarket, Renu Subramaniam, aka JiLsi. "I basically told him, 'Hey, I can secure your servers for you,'" Mularski said. JiLsi made him a moderator, but held off granting him administrative access.

Then one Saturday night a month later, DarkMarket started getting hammered with another DDoS attack. "I was talking with JiLsi and I said, 'Hey I can secure the site? The servers are all set.'"

JiLsi's reply: "Let's move it."

Mularski was now a made man. As administrator to the site he could track people who logged in and, most importantly, read everything the cyberthieves were saying to each other. Working with his international law enforcement contacts, Mularski compiled evidence and, one by one, his team tracked down the crooks who ran DarkMarket.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cybercrimeidentity theft

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Father’s Day Gift Guide

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?