Fatal System Error (18 page)

Read Fatal System Error Online

Authors: Joseph Menn

Tags: #Business & Economics, #General, #Computers, #Security, #Viruses & Malware, #Online Safety & Privacy, #Law, #Computer & Internet, #Social Science, #Criminology

BOOK: Fatal System Error
2.42Mb size Format: txt, pdf, ePub
PART TWO
7
WHATEVER IT TAKES
WHEN BARRETT LYON handed off what he knew about the BetCRIS attackers to agents from the United Kingdom’s National Hi-Tech Crime Unit in 2004, he didn’t expect much more satisfaction than he had gotten from the FBI. He was impressed that they had flown to California on the case and that they saw their mission as a broad one: to protect electronic commerce however they could, be it by arrests or education. But prosecutions even in Western countries were extremely rare, and Barrett had personally traced Ivan Maksakov, the hacker known as eXe, to Russia. He had no reason to think Britain could do any more there than the U.S. could.
Gradually, though, Barrett came to realize that the case went to just the right country at just the right time. Prime Minister Tony Blair’s government, determined to get Internet security right, had built up a crack national police team with first-rate agents and independently minded managers. One of the three dozen on the elite squad was Andy Crocker, a Welshman who had spent fifteen years in the armed forces, mostly as an instructor of everything from shooting to kayaking. After the army he joined the police department in Surrey, outside London. Starting as a patrol officer, he rose to detective, handling robberies and violent crime. Most of that was easy. Computer crime, when it came along, was more interesting: it was too new for an instruction manual. Andy launched Surrey’s tech crime division and devised a still-secret technique for tracking visitors to websites that were likely to interest crime suspects. When Andy took a training course for NHTCU officers, they saw he knew more than they did and pushed to bring him aboard.
Like Barrett, Andy had turned to computers as an alternative to his frustrations at school. For Barrett, it had been the intellectual challenge of understanding the logic of the systems first, followed later by the thrill of competition with enemy hackers. With Andy, it was the other way around. The son of a heating engineer and a housewife in the South Wales seaport city of Swansea, Andy often skipped classes to carouse and fight with his friends. As they drifted into drugs and stole cars, Andy tried to channel his aggression, boxing competitively and joining the army at sixteen. As a balding but athletic suburban police detective two decades later at the turn of the millennium, Andy set up the computer crime department because the quarry were more challenging than the typical violent louts of the sort he had grown up with.
Andy had added enough polish over the years to speak easily with celebrity burglary victims and diplomats, yet he stayed close enough to his roots to pound vodka shots with cops overseas who earned half the salary of a London janitor. Though Andy participated in the elite sport of dressage, running horses through jumps and other obstacles, he was coming from a different place than his rivals. Once the forty-four-year-old Andy was thrown to the ground and dislocated his hip. He refused to see a doctor and competed the next day. He realized he had a serious problem only when he thought he was squeezing both knees into the horse’s flanks, urging him forward. The horse felt pressure on just one side and turned instead.
Andy had probed exactly one denial-of-service case when the first gambling company complained to the NHTCU in October 2003. That had been years before at the Surrey police department, when a man hijacked a university’s computers for an attack on an Internet Relay Chat channel. Andy worked with cybercrime specialist Steve Santorelli at the London Metropolitan Police, commonly known as Scotland Yard, who made the arrest. (Santorelli later joined Team Cymru, the nonprofit network security group that tracked arch cybercriminals.) That single case was enough to make Andy the NHTCU’s DDoS expert by default when the agency fielded a call from Canbet Ltd., an Australian betting company with a major office in Portsmouth, England.
Andy had not yet heard of Barrett when Canbet reported that it had been shut down by a DDoS and was losing $100,000 a day. Andy and another officer, Trevor Dickey, went on a Monday to the Canbet office, where the company’s U.K. boss told them the website had been hammered over the weekend. An email demanded $40,000 to stop the attack, with the sum to be broken into four payments and sent via Western Union to accomplices in Latvia. The company had already decided to pay. Andy told them the easiest way for him to figure out who was behind the attack was to follow the money.
Andy liked the intrigue of the case immediately. It was something truly novel, and the chance to travel someplace new carried the prospect of adventure and good stories for his mates. Andy couldn’t get to Latvia by the next day, when the extortionist wanted his money delivered. But some forethought by the NHTCU kept hope alive. Len Hynds, the head of the unit, had realized early on that most serious technology crimes crossed national boundaries. And the official means for getting cooperation from authorities in other countries was a nightmare. A British agent would have to draft a formal “letter of request” spelling out exactly what was wanted. Then the letter would go to one of the top officials in the unit, and then to the crown prosecutor, the equivalent of the U.S. attorney general. From there it went to the top prosecutor in the other country, who would eventually pass it along to the head of the relevant police force, who would hopefully put it in front of a detective, who probably had cases of his or her own that were a lot more pressing. Even with an ally as close and as well funded as the United States, the process usually took months. In a place like Latvia, there traditionally had been no point in trying.
Hynds set out to change the system. He divided up the world and sent his agents out to every country that might be important in a future investigation. The agents took the heads of the national computer crime units out to dinner, learned about their problems, and found out what they needed. Often the NHTCU sent them decent computers to replace their outdated models. And the British agents went home with everyone’s phone number and an understanding: When a big case was breaking, the hated letters of request would still be sent. But the right people would be getting a phone call, telling them where the letter was in the process, what was in it, and why it mattered.
After the Canbet meeting, Andy wrote the formal letter, while the colleague who had done the wining and dining in Latvia, Mike Ford, made the phone calls. On Wednesday, Andy and Trevor Dickey flew in and joined a Latvian officer from Interpol, the international police association. They drove through the capital of Riga to the national computer crime division’s offices. The headquarters were in a decrepit building that had housed spies from the KGB during the Soviet empire. A plaque on the outside commemorated the Latvians who had been tortured there. Inside, the holes in the floor were so big that a man could fall through them.
Andy had stalled by getting Canbet to negotiate with the extortionist. At his direction, Canbet said that the requested $10,000 payments would attract too much attention: instead, the company asked for ten names to whom it could send $2,000 apiece in a first series of transfers. Andy had guessed that it would take awhile for the extortionist to set up additional mules to pick up the money, and he was right. Then the company said it could only send $6,000 each day.
Andy and the Latvian police arranged with Western Union to flag the transactions and call the computer crime division’s offices when anyone came to collect. In the meantime, the locals identified the most likely Western Union outlets for a questionable pickup, and the team put each of them under surveillance. Andy soon started getting the calls. He relayed the physical descriptions of the mules to the teams waiting outside, which followed the men to their apartments and kept on their trail for days to see where they would go with the money. But before they could identify the next handoff, the mules went back to Western Union and picked up more cash. Andy called Western Union and demanded to know why he hadn’t been tipped off again. “It’s not your money,” the manager explained. It wasn’t just Canbet that was sending funds to the Latvians—it was dozens of companies from the U.K., Costa Rica, and around the world, most of whom had obviously never gone to their governments for help. “Oh my God,” Andy muttered. “Just how big is this?”
After making repeated collections, the Latvians headed for a big office building that housed a local franchise of Webmoney, a service like PayPal or e-Gold that simplified financial transactions but also appeared to be tailor-made for hiding fraud. In November, after Dickey had returned to England for training, the Latvian police swooped in and made ten arrests, bringing the crew in for hours of individual interrogations on metal chairs in the cramped, dingy former KGB redoubt. Andy and his allies couldn’t get everything they wanted, because the mules didn’t know enough. The Webmoney franchise owner said everything had been arranged over ICQ instant-message sessions with someone inside Russia he knew as Stran, who wanted everything sent to a bank account in the Russian city of Pyatigorsk. Andy assumed that Stran was still another mule. Nonetheless, he started banging out a letter of request to Russian officials. There wasn’t much more he could do from Latvia; it wasn’t even clear that the mules had broken any local laws.
ANDY RETURNED TO LONDON only to discover that the Russians had hit a slew of other major U.K. betting companies, including Blue Square, Ladbrokes, and William Hill. Some had paid up, and several had gone to the NHTCU. Executives from many of the companies also began getting together weekly to compare notes and hear from NHTCU investigators and technologists. Word spread quickly about how Barrett’s company had saved some firms in Costa Rica. When that news got back to Andy, he had a colleague send the email that led to the meeting in Los Angeles where Barrett passed on the transcripts of his first chats with the assailants. Barrett told the men that he thought the same ring was behind a wide range of attacks, and they said that if that were the case, they were either extraordinarily efficient or extremely busy.
SportingIndex was typical of the early victims, though it was such an oddity in the gambling world that it was regulated by the U.K. futures exchange, like a broker of commodities. Instead of letting customers bet on which team would win a game, the twelve-year-old London firm predicted the point totals in rugby, soccer, and other matches and then took wagers on whether the real scores would be higher or lower. Bettors could also wander into more remote territory, such as how many times in a televised match featuring soccer star David Beckham the camera would pan to show his wife, former “Posh Spice” Victoria Beckham. At SportingIndex, dozens of employees known as traders—mostly young men in jeans and casual shirts—sat on one of the company’s three floors in a brick building in a residential district, each monitoring at least two personal computers and watching four television sets. More than half of the bets came in over the Internet—when everything was working.
One Sunday in January 2004, SportingIndex got an email from [email protected], who asked for $10,000, then attacked the site for four hours. “This money is a small help for our team. We think that it’s not large money for you,” the American patriot wrote. The next Friday another attack came, at a low level at first. The next day it got worse, so the company began to switch the numeric addresses that were home to its flagship website. The attacker kept following through each of the moves. With major soccer events coming the following week, SportingIndex information technology director Hugo Smith talked with peers at other targets that had paid $200,000 or more to install traffic filters. Then Smith’s supervisor, Andrew Ross, talked to agent Bob Lewis, who worked with Andy at the NHTCU.
“We’ll investigate,” Lewis told him. “But you shouldn’t count on it working. In the meantime, off the record, you should talk to this young chap named Barrett.” Ross had his doubts, especially since Prolexic was officially based in “dodgy” Costa Rica. It even crossed his mind that Barrett might be behind the attacks, drumming up business the old-school way. He called anyway. Barrett didn’t want to talk about how much he would charge. “First let me take a look at your site and see if I can help you,” he said.
Barrett accepted the job that Monday. By Wednesday, the site was still down, the phones were ringing off the hook, and Ross’s boss was breathing fire, since a championship soccer match was scheduled to start at 7:30 P.M. At 6:50 P.M., Barrett got the site up again. Ross screamed his thanks over the phone. Barrett seemed as placid as could be. “No problem,” he said. “We’ll keep an eye on it.”
As Barrett worked on defense, Andy Crocker had been continuing to press ahead on offense. He knew there had been little help from Russia in past international crimes, with a few exceptions in drug smuggling and tax cases. To make those cases, he gathered, British agents had to have been persistent, talented, and lucky, finding just the right vein to work in the mammoth Russian bureaucracy.

Other books

The Clone's Mother by Cheri Gillard
McKenzie by Zeller, Penny
Fire Kissed by Erin Kellison
We Were Kings by Thomas O'Malley
Bread Machine by Hensperger, Beth
The Vishakanya's Choice by Roshani Chokshi
Blackout by Gianluca Morozzi