, SecurityFocus 2004-11-05
Until Wednesday one of the best public sources of information on how to use a stolen credit card number, forge a drivers license, defeat a burglar alarm or silence a firearm was a website under the control of the U.S. Secret Service.As a jaunty flourish in its high-profile
The new page struck the Shadowcrew tag line, "For Those Who Like to Play in the Shadows," and posted a new motto: "You Are No Longer Anonymous!!"
But even as media attention surrounding the busts drove a new and wider audience to Shadowcrew.com, the accumulated knowledge of Shadowcrew's denizens remained on public display on the site's message board, which was linked prominently from the substituted home page.
Among the content that was available on the now-government operated site: a tutorial on credit card fraud; a wiki that tracks which state I.D. cards are forgeable; a how-to on defeating passive infrared alarm sensors; and exchanges on such disparate matters as handgun silencers and polyester laminating films.
The U.S. government's unlikely embrace of the Information Wants to Be Free meme wasn't lost on Shadowcrew's former user base, busily regrouping on another underground site called Stealth Division. "Someone backup the sc database," one member urged. "There is a wealth of information there."
The message board remained accessible until Wednesday, when officials finally shut it down without comment. An archive of older material was still accessable Friday.
Secret Service deputy assistant director Bruce Townsend said Thursday he couldn't discuss the government's stewardship of Shadowcrew.com because it could expose investigative sources and methods.
Hardware, Drugs and Microsoft Certs
Gartner analyst John Pescatore, a former Secret Service agent, says the agency may have made the message board public to make a point.
"My informed speculation would be that they let this stay up, because in general, law enforcement doesn't think that this problem is being taken seriously enough," says Pescatore. "From their point of view it would be good to get the word out: look at this, this is really nasty stuff, and we better increase our enforcement budget to do something about it."
The exposed message board revealed
The 4,000 Shadowcrew members were participants in an underground economy capable of providing a dizzying array of illicit products and services. The most active commodities were "dumps" of credit card account data, fake physical cards to go with the dumps ($50 blank, $70 embossed, in bulk), and expertly forged identification to help pass the plastic at the local consumer electronics store. Credit reports, hacked online bank accounts, and names, birthdates and social security numbers of potential identity theft targets were also for sale in bulk.
Each product had its own specialists, and every vendor had to be reviewed by a trusted site member before they were allowed to sell. Disputes were handled judiciously, "rippers" selling bunk products quickly exposed and banned from the site. In one case a vendor who owed another member money was allowed to continue selling only on the condition that his future illicit earnings would be garnished until his debt was repaid..
Members of the community even traded in tangible items like ATM skimmers, prescription drugs, and cocaine, and services like DDoS for hire and malware customization. One well-reviewed vendor offered a test-taking service that promised to get customers technical certifications within days. He was permitted to vend after earning the reviewer a Microsoft MCP certification under an alias.
All that commerce came to an end last Thursday, when the Secret Service and the Justice Department announced 28 arrests around the world, and the indictment of nineteen Shadowcrew founders, moderators and members for trafficking in stolen identity information and documents, and stolen credit and debit card numbers. Shadowcrew allegedly moved at least 1.7 million stolen credit card numbers and caused total losses in excess of four million dollars.