[ISN] Tracking the Russian Scammers

From: InfoSec News (alerts@private)
Date: Thu Feb 01 2007 - 03:37:01 PST


By Kim Zetter
Jan, 31, 2007

Dmitry Ivanovich Golubov, a 22-year-old Ukrainian who went by the 
nickname "Script," was considered one of the godfathers of Eastern 
European carding rings. As one of the leaders of CarderPlanet, 
authorities say Golubov facilitated the theft and international trading 
of millions of credit and debit card numbers that resulted in 
multimillion-dollar losses to banks and merchants over several years.

So when Ukrainian police finally nabbed Golubov [1] in the summer of 
2005 it was a coup, representing the culmination of dogged investigative 
work by U.S. Postal Inspector Greg Crabb and other law enforcement 
officials in the United States.

"Golubov was such a high-profile target," Crabb told Wired News. "The 
Secret Service, FBI and myself were working Golubov in different 
districts over the United States trying to get some inroads into where 
he was coming from."

But achieving the arrest wasn't easy. While U.S. authorities collared 
numerous small-time crooks in the United States who used the stolen card 
numbers that Golubov's ring distributed, efforts to nab Golubov himself 
proved futile for three years, due to indifference from Ukrainian 

Crabb says he made three trips to Ukraine to plead his case, but got 
little response. Then the Orange Revolution swept the country in late 
2004 and suddenly "the Ministry of Interior was willing to listen to our 
concerns about Golubov," Crabb says.

In mid-July 2005, Crabb flew to meet with ministry officials, "and two 
weeks later (we) went out and popped (Golubov)."

But Golubov didn't remain in jail for long. About six months after his 
arrest, two Ukrainian politicians convinced a judge to release him on 
bond. Prosecutors are still moving forward with the case, but Crabb 
suspects Golubov could flee before trial.

"When you can call in some favors and get some politician in the Ukraine 
(to) vouch for your upstandedness, there's not much the U.S. can do 
after that," Crabb says. "We're just (hoping) that the legal system in 
the Ukraine delivers what we hope."

It's one of the enduring frustrations of chasing carders overseas: In 
addition to the difficulties inherent in trying to ferret out the real 
person behind an online criminal's nickname, countries where cybercrime 
thrives, such as in Eastern Europe and Asia, often lack sufficient laws, 
budgets, skills and even the will to pursue such criminals.

The FBI has established liaison agents in dozens of U.S. embassies 
around the world to help facilitate cooperation with foreign 
crime-fighting agencies. But sometimes the obstacle is foreign 
law-enforcement agents themselves. Crabb says the criminal cohorts of 
one top carder he tracked turned out to be Ukrainian law-enforcement 
agents, among them a former captain of the Ukrainian state service in 

"It's a different world in the Ukraine," Crabb says. "Corruption is a 

At times, it's easier to avoid local obstacles altogether, such as with 
the arrest of a 28-year-old Ukrainian who was nabbed in a Bangkok ice 
cream parlor in 2003 while on vacation with his wife. Crabb spent a year 
intercepting more than 20,000 e-mail messages the suspect exchanged with 
cohorts and waited for the suspect to leave his native soil.

Arresting a suspect is only half the battle, however. Then come 
extradition proceedings and cyberforensic trails. "The volume of 
(forensic) evidence that exists in these cases is obscene," Crabb says. 
"They take forever to introduce all this evidence in court."

In the cat-and-mouse game of tracking carders, the U.S. Postal 
Inspection Service might seem like an odd player, since financial crimes 
generally fall within the purview of the Secret Service and FBI. But the 
USPIS often becomes involved if the crime includes mail fraud -- such as 
shipping stolen goods or credit cards through the mail or FedEx or 
changing the billing address of a victim's financial account.

Crabb focuses on tracking and arresting Eastern Europeans because 
they're "much more organized and malicious" than U.S. carders who, more 
often than not, simply work as cashers for the Russians.

"You can take (the cashers) out any day of the week," Crabb says, "but 
you're not going to stop the problem if you don't take out the 
operations where the card data is getting compromised, and that's 
primarily out of Eastern Europe."

The highest-profile carder he tracked, however, was an American named 
Douglas Havard, who went by the nick "Fargo" and who fled drug-selling 
charges in Texas before settling in the United Kingdom. There he ran a 
lucrative cashing operation for a legendary Russian carder called "King 
Arthur" with a Scottish accomplice. Crabb became involved in the case 
after a casher for Havard was arrested in Texas while trying to board a 
plane carrying thousands of dollars in $20 bills.

"I called Department of Justice because I knew Secret Service and FBI 
had investigations into King Arthur," Crabb says. "We worked (the Texas 
suspect) to get back to Fargo, and we worked with the National Hi-Tech 
Crime Unit in the U.K. to take out Fargo."

King Arthur, however, eluded them.

Crabb says that after several years chasing these crimes, authorities 
are much more attuned to what the criminals are doing today and have 
been greatly aided by increasing cooperation among businesses and law 
enforcement agencies. But that isn't always enough. Sometimes, he says, 
the criminals "are just smarter than us."

[1] http://mosnews.com/news/2005/07/21/ukronlinefraud.shtml

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Thu Feb 01 2007 - 03:57:59 PST