ShadowCrew

From Wikipedia, the free encyclopedia
Jump to: navigation, search

ShadowCrew was a cybercrime message board (forum) that operated under the domain name ShadowCrew.com between August 2002 – October 2004.[1]

Origins[edit]

The concept of the ShadowCrew was developed in early 2002 during a series of chat sessions between Brett Johnson (Gollumfun), Seth Sanders (Kidd), and Kim Marvin Taylor (MacGyver). It was GOllumfun, who came up with the idea of an eBay style business model for ShadowCrew and the subsequent vendor review system that introduced people in need of stolen data or counterfeit identification to verified sellers of such products.[2]

The ShadowCrew website also contained a number of sub-forums where the latest information about hacking tricks, social engineering, credit card fraud, virus development, scams, and phishing.

Organizational structure[edit]

ShadowCrew offered a haven for "carders" and hackers to trade, buy, and sell anything from stolen personal information, to hacked credit card numbers and false identification. Shadowcrew emerged from another underground site, counterfeitlibrary.com which was ran by Brett Johnson (GOllumfun), in early 2002. and would be followed up by carderplanet.com owned by Dmitry Gubolov a.k.a. Script, a website primarily in the Russian language. The site also facilitated selling drugs wholesale.[3]

The key players were Brett Johnson (GOllumfun) as head of the group, Kim Taylor (MacGyver) as second in charge, Albert Gonzalez (CUmbaJohnny, Scarface, et al.) as forum techie. After Johnson, Sanders, Taylor left Shadowcrew or became otherwise indisposed other would become Administrators and Moderators—Deck (Andrew Mantovani), BlackOps (David Appleyard) and a handful of others. Shadowcrew grew to over "4,000 members" [4] During its early years, the site was hosted overseas, in Hong Kong, but shortly before CumbaJohnny (Albert Gonzalez)'s arrest, the server was in his possession, somewhere in New Jersey. (From Gollum—unsure about that. More likely that after the Gonzalez arrest that the server was moved to New Jersey per the USSS—Gollum)

Aftermath and legacy[edit]

Important to note that Shadowcrew was the forerunner of today's cybercrime forums and marketplaces. The structure, marketplace, review system, and other innovations began with Shadowcrew laid the basis of today's underground forums and marketplaces. Likewise, many of today's current scams and computer crimes began with Counterfeitlibrary and Shadowcrew. One cannot underestimate the influence Shadowcrew had on cybercrime and Identity Theft.[5]

The site flourished from the time it opened in 2002 until its demise in late October 2004. Even though the site was booming with criminal activity and all seemed well, the members did not know what was going on behind the scenes. Federal agents received their "big break" when they found CumbaJohnny.[6] Upon Cumba's arrest, he immediately turned and started working with federal agents.[7] From April 2003 to October 2004, Cumba assisted in gathering information and monitoring the site and those who utilized it.[7] He started by taking out many of the Russians who were hacking databases and selling counterfeit credit cards.[7] It was later confirmed that a high-ranking member of the inner-circle of the ShadowCrew, CumbaJohnny (Albert Gonzalez) was a long term police informant who was responsible for teaching the USSS how to monitor, trap and arrest the ShadowCrew.[8] NOTE: Shadowcrew Higher Ups DID know they were being investigated. One of the Shadowcrew members had hacked the USSS and certain members had text messages detailing the USSS investigation of Shadowcrew.[9]

Many sites appeared after Shadowcrew's demise, one of which was specifically focused on unraveling the mysteries of what actually happened. This site, thegrifters.net, was run by a formally indicted member, David Thomas (a.k.a., El Mariachi) in which he converted his old fraud site to an investigative site.[10] Members of this group uncovered and compiled many pieces of information on the indicted members of Shadowcrew until thegrifters.net was taken down in early 2006.[10] NOTE: Incorrect. Grifters was set up AFTER David Thomas began work for the FBI.[5]

4,000 members: The Federal indictment says, "Shadowcrew was an international organization of approximately 4,000 members…" The last available page before October 27, 2004 on archive.org[11] shows 2,709 registered members. To people familiar with the ShadowCrew forum, it is well known that many members had multiple user names. Members who were banned from the forum would frequently register with another user name as well. Lastly, the forum was around for over 2 years so there were likely many inactive accounts.[12] NOTE: Clarification: There were member who had multiple IDs. And certainly member who were kicked would often re-register under another name. BUT, there was also a need by members to develop a name that could be trusted. SO the idea that most the registered user were duplicates isn't accurate. Out of 4,000, I would guess that maybe 1000 were duplicates. Maybe a few more.[5]

$4 million in losses: this figure was arrived at by multiplying the number of credit cards transferred by $500 each (as per federal law when no monetary figure in a fraud case can be determined). This figure assumes that every single card was valid and had been used.[13] NOTE: The dollar figure quoted ONLY pertains to the evidence gathered by the VPN employed and the members indicted by that evidence. Actual dollar figure is MUCH MUCH higher. Also, the $500 per card federal law wasn't in existence until the feds busted Shadowcrew.[5]

ShadowCrew admin Brett Shannon Johnson managed to avoid being arrested following the 2004 raids, but was picked up in 2005 on separate charges then turned informant. Continuing to commit tax fraud as an informant, 'Operation Anglerphish' embedded him, then dubbed by Secret Service agents as "The Original Internet Godfather", as admins on both ScandinavianCarding and CardersMarket. When his continued carding activities were exposed as a part of a separate investigation in 2006, he briefly went on the run and made the USA Most Wanted List before being caught for good in August of that year.[14]

In 2011, former Bulgarian ShadowCrew member Aleksi Kolarov a.k.a. APK was finally arrested and held in Paraguay before being extradited to the United States in 2013 to face charges.[15]

See also[edit]

References[edit]

  1. ^ Brian Grow, with Jason Bush (May 30, 2005). "Hacker Hunters: An elite force takes on the dark side of computing". BusinessWeek. Retrieved 2012-01-30. 
  2. ^ From Brett Johnson, a.k.a. GOllumfun you can find me on Linkedin
  3. ^ From Brett Johnson, Aka GOllumfun.
  4. ^ From Brett Johnson, a.k.a. Gollumfun.
  5. ^ a b c d From Brett Johnson, a.k.a. GOllum
  6. ^ Poulsen, Kevin (2008-12-22). "One Hacker's Audacious Plan to Rule the Black Market in Stolen Credit Cards". Wired.com. p. 4. Retrieved 2009-01-05. 
  7. ^ a b c Poulsen, Kevin (2008-08-05). "Feds Charge 11 in Breaches at TJ Maxx, OfficeMax, DSW, Others". Threat Level. Wired.com. Retrieved 2009-01-05. 
  8. ^ Brad Stone (August 11, 2008). "Global Trail of an Online Crime Ring". New York Times. Retrieved January 30, 2012. 
  9. ^ For Brett Johnson, a.k.a. GOllum
  10. ^ a b Zetter, Kim (2007-01-30). "I Was a Cybercrook for the FBI". Wired.com. Retrieved 2009-01-05. 
  11. ^ "Shadowcrew board". Shadowcrew. Archived from the original on 2004-07-01. Retrieved 2009-01-05. 
  12. ^ Albert Breton (2009). Multijuralism: manifestations, causes, and consequences. Ashgate Publishing. Retrieved 2012-01-30. 
  13. ^ 2004 Federal Sentencing Guidelines Manual - Chapter 2
  14. ^ Zetter, Kim (6 June 2007). "Secret Service Operative Moonlights as Identity Thief". Retrieved 16 August 2015. 
  15. ^ Zetter, Kim (1 July 2013). "9 Years After Shadowcrew, Feds Get Their Hands on Fugitive Cybercrook". Retrieved 16 August 2015. 

External links[edit]