An FBI Agent's 3 Years Undercover With Identity Thieves

snydeq writes "InfoWorld offers the inside story of how FBI Supervisory Special Agent J. Keith Mularski, aka Master Splynter, penetrated and took over DarkMarket.ws, the infamous underground carding board hacked by Max Butler and later transformed by Mularski into an FBI sting operation. The three-year tour sent Mularski deeper into the world of online computer fraud than any FBI agent before, resulting in 59 arrests and preventing an estimated $70 million in bank fraud before the FBI pulled the plug on the operation in October."

Actually

[DoofusOfDeath]

InfoWorld offers the inside story of how FBI Supervisory Special Agent J. Keith Mularski, aka Master Splynter, penetrated and took over DarkMarket.ws,

How on earth are we supposed to believe it's the real Agent Mularski now?

I like the way the government thinks

[jollyreaper]

Cool hacker name = geek culture reference + creative misspellings/capitalizations

Sample names:
Dark JedEYE
FeloniouS MonK
POPP3R SMRF
TERRORByTE
G\/\/B

I predict you will hear of these handles in future busts.

Re:I like the way the government thinks

[Compuser]

George Washington Bridge? What's so cool about that.

Re:I like the way the government thinks

[Abreu]

Those are also the initials for George W. Bush, a former president of the USA.

Since we all are already trying very hard to forget him, I guess you get a pass

Re:I like the way the government thinks

[dubbreak]

Former president of the University of South Australia? I question how many people know that the current one is Professor Peter HÃj let alone the previous president.

I assume the USA must be the Australian equivalent to MIT.

Re:

[dubbreak]

Huh. I was shooting for funny, but I'll take what I can get mod-wise. +4 interesting is good enough for the girls I go with.

Re:

[hoggoth]

> You have your messiah in the White House now.

You're damn right we do!
http://www.boingboing.net/images/x09/DSC_4696.jpg [boingboing.net]

Re:I like the way the government thinks

[genner]

George Washington Bridge? What's so cool about that.

It's an awesome bridge.
Don't mock it.

Re:

[jollyreaper]

That was two V's.

No, they were back and forward slashes, alternating. That's the beauty of the G\/\/B handle, you can try googling it but you'll never get it right! And I thought the "non-space non-printing character" hidden directory name in DOS was awesome.

Re:

[betterunixthanunix]

Aw "terabyte" was my original handle...and I thought it was clever because it sounded like "terror."

Re:

[gEvil (beta)]

Aw "terabyte" was my original handle...and I thought it was clever because it sounded like "terror."

Well, if you wanna go for that retro feel you can always use killabyte.

Re:

[betterunixthanunix]

My reasoning was more of the 12 year old variety: Wow, the bad guys on Reboot are Megabyte and Gigabyte! And I want to be even cooler, so I'll be Terabyte!!!

Re:

[Daravon]

Don't be silly. We all know the real supervillian is P3dobyte.

Re:

[ciderVisor]

+5 P3dobyte Seal Of Approval.

Moooooarrrrrr !

Re:

[jollyreaper]

Aw "terabyte" was my original handle...and I thought it was clever because it sounded like "terror."

My original handle was going to be my name replaced by asterisks **** ****. It took me ages to figure out why I kept crashing the boards I was tying to join. :(

Re:

[techno-vampire]

I predict you will hear of these handles in future busts.

I find that highly unlikely. After all, these are computer geeks; they've probably never gotten near enough to any woman except their mother to...

Oh...

Never mind!

Re:

[genner]

I predict you will hear of these handles in future busts.

I find that highly unlikely. After all, these are computer geeks; they've probably never gotten near enough to any woman except their mother to...

Oh...

Never mind!

They hand access to free credit cards. Some how I think women could stand to be around them.

Re:I like the way the government thinks

[Dark JedEYE]

Oh fuck.

Re:

[syousef]

Try these handles: NevaLa1d ForTYrV1rg1n M0thasBas3ment Leg3nInPwnM1nd Asp3rGas B3at3nUpNrd WannaBWayneKerr

Fencing

[planckscale]

From an article I read on Wired what seemed to have brought the downfall upon Butler was some of his associates got nabbed for trying to use stolen cards to buy expensive retail items and then fence them on Ebay for cash. Seems to me that old fashioned F**k-ups are the way these guys usually get taken down. Also from the article I read that corrupt retailers and waiters use portable card readers to steal all mag data on the card. How would you protect yourself against that kind of attack?

Re:Fencing

[CannonballHead]

Don't ever buy anything, and never eat out?

Patience

[copponex]

Buy things at small retailers unlikely to have complicated security policies or good video surveillance. Use local criminals to do the deal for you, promising a cut if they are successful getting the item out of the store. Keep the purchases under $2,000.00

Sell those things for cash on the street. Don't sell in the same area that you bought the items. Stick to big cities, as the police have way more to deal with than small-time theft. Once you get a big enough stash, use it to start a cash friendly business or find a way to get it to a trusted party in the third world and do the same thing.

The object is to not piss one person off to the point where they dedicate themselves to finding you. As long as the victim has the credit card company to turn to for a refund, and the police don't think the fraud is connected, no one will even bother opening up a case number.

Re:Patience

[Otter]

Sell those things for cash on the street. Don't sell in the same area that you bought the items. Stick to big cities, as the police have way more to deal with than small-time theft. Once you get a big enough stash, use it to start a cash friendly business or find a way to get it to a trusted party in the third world and do the same thing.

In other words, crime is more work with less reward than just keeping your day job writing Java middleware.

Sure

[copponex]

If you can make 1,000 a day, tax free, working thirty hours a week. And if they throw you in prison, you can take some classes and write J# middleware when you get out.

The downside is the anal raping. For most people, I mean.

Re:Fencing

[Grimbleton]

My girlfriend would NOT approve if I stopped eating out.

Re:Fencing

[Bemopolis]

Does it really take that many calories to reinflate her?

Re:

[pbhj]

I see what you did there ... ... better get some curtains.

Re:

[bkr1_2k]

No carpet though. That just gets in the way.

Re:Fencing

[garett_spencley]

I have a serious solution to that problem: learn how to cook. As in, learn how to cook SERIOUSLY GOOD food.

I can spend more on raw ingredients for a single meal than it would cost to take my wife out to a fancy restaurant (not that I do often, just saying that I can), or I can make something amazing for cheaper. And girls dig guys who can cook! Most geeks should like cooking too because there's tons of science involved and most of us like to tinker and make things. Plus when you're done you've got the most amazing meal that, unless you live in New York or LA, can afford to eat at a fine dining restaurant and are lucky enough to get a reservation, you're not going to get eating out.

My wife and I never eat out any more. We're in a mid-sized town and every time we eat out it's always disappointing. Over priced and something I could make way better at home.

I recommend "Zingerman's Guide to Good Eating" as a starting point for anyone looking to get into cooking. It explains how to choose the best ingredients, gives you the history of food's as well, and has some simple recipes too.

Re:

[iknowcss]

WOOOOSSHHHHH [wikipedia.org]

Re:

[Grimbleton]

Yeah, I forgot this was /. for a second there.

Re:

[Quiet_Desperation]

So buy her something nice. Oh, wait...

Re:

[Anonymous Coward]

Cash

Re:Fencing

[vux984]

Mod parent +5 insightful. Cash is accepted everywhere and stolen cash can't be used for identity theft.

1) Tons of places won't accept 50's or 100's anymore. And carrying enough cash to live in 20's gets bulky.

2) Carrying lots of cash (see above) gets noticed (see below).

3) If you get robbed of cash its gone. No, phoning your bank to let them know your card was stolen. No contesting the purchases made with your stolen cash. Your insurance company won't even replace stolen cash. Its just gone.

While having my card lifted is a hassle, it won't actually likely cost me anything, even if my identity is stolen it will most likely be a hassle more than anything else. Getting robbed however is much more permanent.

Re:

[Mysticalfruit]

I have two checking accounts, what I call "primary and scratch".
Primary is where my paycheck goes into and bills come out of.
Scratch is the account that my ATM card in my wallet is connected to. This account has at maximum 250 bucks in it. If it has more, generally it's because I'm on some special mission to buy something (like a Wii)

So, even if some nitwit were to either rob me or my card were to be swiped surreptitiously they're not going to get far.

Re:

[vux984]

So, even if some nitwit were to either rob me or my card were to be swiped surreptitiously they're not going to get far.

So why not carry a credit card with a $500 limit? How is what you do really any different / better ?

Re:

[Anonymous Coward]

) Tons of places won't accept 50's or 100's anymore.

If someone refuses to accept cash in order to settle a debt, then they release you from that debt obligation. (provided you are paying in full)

Read your money, it's on there in plain English.

This doesn't usually work at retail stores, since they can just refuse to conduct business with you at all, but can be good for some fun at the gas station if they don't make you pre-pay.

Just remember, it's only required when settling a DEBT.

As for safety, I keep several bank accounts. One is used just for online purcha

Re:

[RJFerret]

Actually 50's and 100's are accepted more now than ever since for a while it took a 50 or 100 to fill up the gas tank in the car.

Back in the 80's I used to check beforehand, but now? Nobody blinks twice anymore and self checkouts swallow those and 100's fine.

The new bills help too (just hold up to the light), as well as the pens.

I'd MUCH rather lose the cash in my pocket than cards. What's the big deal to lose some cash that is a half hour of my work time versus cards, which have higher loss limits than t

Re:Fencing

[AKAImBatman]

Also from the article I read that corrupt retailers and waiters use portable card readers to steal all mag data on the card. How would you protect yourself against that kind of attack?

As long as we use credit cards, you and I can't protect ourselves. However, the credit card companies could. Using public key authentication via smartcard technology would make it easy to verify physical access to a credit card. Yet the only instance I can think of, of anyone trying to roll this out is American Express's Blue card. Even that was mostly ineffective as the smart card circuitry appears to go mostly unused.

Reloadable cards.

[khasim]

I'm still wondering why the various banks don't offer reloadable cards for their customers. Why wander around with your ENTIRE credit limit in your wallet?

And for debit cards, your ENTIRE checking account balance.

Instead, allow the user to transfer the amount that he thinks he will need to a secondary card. That way, if anything compromises that card, the MOST they can get is whatever he put on that card.

As for online purchases, how about one-use card numbers? Just go to the bank site, put in how much you want to pay and the bank will give you a one use number for that amount. Then the maximum you lose if the online site is fake is that specific amount. They never get the real numbers to your real accounts.

Re:

[Anonymous Coward]

Looks like you invented the e-wallet. Don't know about the 'states, but it exists in France (called Moneo) and Belgium (called Proton). It's money stored on your bank card, that you can reload at any terminal using your PIN. Purchases made using this system are quick, as they don't require you to enter the PIN nor sign the recipt upon payment.

So it's pretty much like cash in that it's for small amounts (up to 125 Euros IIRC), there's no authentication, and if your card is stolen whatever e-money you had loa

Re:

[wiz_80]

In Italy you can get reloadable Visa Electron cards from the post office. Lots of people use these exclusively for online purchases, since even if the card info gets stolen there isn't much that can be done with it.

Since they can't make money by delivering mail any more, the post office has branched out into banking and mobile telephony, and operates an airline as well.

Re:

[Zironic]

It's relatively trivial and not very expensive to just set up a second account with a second debit card with alot less money on it.

Re:Reloadable cards.

[tubapro12]

This makes sense to me and I believe there are some services attempt to do stuff like this.

OTOG (Off the Top of Google):

• Citi Card Virtual Account Numbers [citicards.com]
• AmEx disposable credit cards [cnet.com]
• PayPal Virtual Credit Card Payment [techcrunch.com]

Re:

[DamonHD]

Umm, a company I co-founded (entropay.com) does this, and is not alone.

Rgds

Damon

Re:

[Urza9814]

That's essentially what I do already. Why do you need thousands of dollars in your checking account to begin with? Why not just transfer over only what you need? I mean, I can understand doing that a couple years ago, but my bank doesn't even really have physical banks anymore. If you walk into the building they have a few computers open to their website, an ATM, and one teller off to the side to help with things like opening new accounts. That's it. Everything is done online. And they reimburse you for ATM

Re:Reloadable cards.

[kb9vcr]

For online purchases one-use card numbers already are available.

Bank of America has them, it's called 'Shopsafe' and it's a free feature if you have a card with them. I've used it for every web purchase now for years and it works great. You set your limit & expiration date, generate a number and your set. Easy and it limits your exposure.

(MBNA developed shopsafe and then Bank of America got it when they bought them out. Probably other companies have something similar)

Re:

[Raenex]

Bank of America has them, it's called 'Shopsafe' and it's a free feature if you have a card with them.

By the way, it only works on their credit cards, so if you just have a debit card you're out of luck.

Re:

[SBrach]

From an ATM. You can buy a Ferrari in your debit card assuming you have enough in your account.

Re:Fencing

[samkass]

I think you're right here in the US. When I visited London last year, though, it seemed like every single person had chips in their cards. I felt like a Luddite asking the guy to actually swipe the magnetic strip on a card (and him having to try a couple times before it took), then go find a pen, sign it, then find a place to put the paper signature. Us old-fashioned Americans.

Re:Fencing

[atamido]

I had an experience nearly identical to this in London when a shop clerk asking if we had a card with a chip in it to use. The friend I was with didn't even know what he was talking about. I explained things to her, and then told the clerk we didn't, but could wander off and find an ATM to use instead. He dug around some and found a card reader, but it was obvious he hadn't used it in a while.

Re:Fencing

[pjt33]

The problem with that system is that it protects the banks and not the customers. Before you could contest the signature: now all they have is a PIN, and there's no way of proving who typed it in. It would be better to use chip, PIN and signature, but people will usually choose convenience over security.

Re:Fencing

[dotancohen]

The problem with that system is that it protects the banks and not the customers. Before you could contest the signature: now all they have is a PIN, and there's no way of proving who typed it in. It would be better to use chip, PIN and signature, but people will usually choose convenience over security.

I had to contest a cash withdrawl recently, and because the PIN was entered correctly the bank concluded that it was an authorized purchase and would not be covered. They treat the 4-digit PIN just as they treat a signature.

Re:

[complete loony]

Australia is migrating to swipe and pin for credit cards right now. But then our merchant payment systems have allowed swipe and pin for paying with a savings account for a long time, so I don't think the limitations were for technical reasons.

Re:

[SuperG]

Actually, Visa USA was big into trying to roll out smart cards as well. I used to work for a start-up company that had a loyalty application to be used on the smart card, though we never got out of the pilot phase (for Target most notably). Visa USA's big push was because of the increased security, and hoped that loyalty would be the killer app to get it out in the marketplace.

Re:Fencing

[halcyon1234]

It's coming to North America, but slowly. Mainly because it will be expensive, and only serves to protect the consumer.

Contrast that with the UK banks that have implemented the "chip and pin", where the courts ruled that due to the PIN, they aren't responsible for theft. The banks practically orgasamed all over themselves to get it going.

It still doesn't offer complete protection. You can take the UK card to Germany, where merchants have not implemented the PIN. Or you can still shop inside the UK; just damage the chip. The card will fallback into "swipe and sign" mode that is used for cards without a PIN (such as those visiting from America).

Or, even with the chip and pin, all one needs to do is some shoulder surfing. Everyone covers their PIN at an ATM. In other situations, people aren't used to doing that (restaurant, etc). Once you've identified a PIN, pick the person's pocket.

Or buy things online.

Or steal a lot of cards, and attempt to brute-force the PIN.

Or there's an interesting relay attack:

Consider the following scenario: You go for lunch in a small restaurant in London, and pay using your chipcard at the end of the meal. What you don't know is that the waiter at the restaurant is corrupt. You ask for the bill, and the waiter goes off to fetch a handheld Chip and PIN machine that he brings over to you. Meanwhile, on the other side of town, his accomplice is loitering in a jeweller's store. The waiter sends an SMS message to his accomplice, who goes up to make a purchase. Just as you insert your card into the waiter's terminal, the accomplice puts a fake card into the jeweller's terminal. The waiter's sabotaged reader simply forwards all the traffic from your card wirelessly to the card in the reader at the jewellers, and pretends to ask you to pay for lunch. You enter the PIN, thinking you're paying for lunch, but in fact you're buying the crooks a diamond!

- "Chip and Spin", http://www.chipandspin.co.uk/ [chipandspin.co.uk]

Re:

[davolfman]

The real flaw with chip and pin is that we've known it was possible to extract keys from these things with targeted damage for about the last 15 years to my memory. I remember hearing about cracking "smartcards" in Science News sometime in middle school.

Re:

[thewils]

I read that corrupt retailers and waiters use portable card readers to steal all mag data on the card. How would you protect yourself against that kind of attack?

Er, pay with cash?

Re:

[Ihmhi]

Pay cash?

Either that, or carry around a pocket EMP and set it off every time the waitress comes by.

Re:

[RMH101]

You know, you could just ask her out, instead. It'd be less messy.

Re:

[BountyX]

Load up a prepaid visa gift card with cash. Refill when done. Chepaer than using credit card too.

Re:

[ericlondaits]

There's a very cool british TV program called "The Real Hustle" in which they perform popular cons with a hidden camera and then explain them.

In one episode they show how a waiter can hide a card reader stuck to the side of their leg or under an apron and swipe it after purposely dropping it to the floor and then either picking it up or cleaning it. In this cases the waiters were using the portable reader that goes to your table, and they still were able to steal data.

Re:Fencing

[Creepy Crawler]

Or if you hand your CC to a drive-thru to pay for food/drink.. Our receipt paper is thin enough to easily take an imprint of a CC. All you'd need to do is remember 3-4 numbers, the CVV2.

I found out this accidently, while holding a customer CC while rubbing it: it indented the CC, expr, and name perfectly.

Good thing im honest in dealings... They wouldnt catch me if I wasnt. I know decent stat to calculate my danger, and how to mitigate any possible repercussions.

Re:

[Zironic]

Actually most people that copy CC's tend to get caught since it only takes 2 cards to be able to notice that both bought things from the same place and then the employer can check who's was on shift.

Re:

[djdavetrouble]

Except these thieves are after dumps of the mag stripe, not just the
imprints of numbers and names. Once you have that, you can make fake cards
with real data, then its swipey swipey time.

there are lots of sites that sell white card blanks and the kit to
put data on them.

Cheers

Re:

[LackThereof]

When I was delivering pizza, we used to do this for credit card orders. We (the delivery drivers, at the door) would take a rubbing of the customers credit card on the receipt paper. It works perfectly on that slippery thermal paper that cheap receipt printers and CC machines use.

We started doing it to protect ourselves against chargebacks. A handful of customers had taken to challenging charges on a regular basis. With our CSR's taking credit card numbers over the phone, including billing zip and CVV2

Re:

[Zwicky]

There's a very cool british TV program called "The Real Hustle" in which they perform popular cons with a hidden camera and then explain them.

In one episode they show how a waiter can hide a card reader stuck to the side of their leg or under an apron and swipe it after purposely dropping it to the floor and then either picking it up or cleaning it. In this cases the waiters were using the portable reader that goes to your table, and they still were able to steal data.

For those interested in seeing this, here you go [youtube.com].

I'm the paranoid sort with this sort of thing, I have to say. I usually only use my credit card for select purchases and often in stores I trust (as far as you can). I never use debit or credit cards for groceries and trivial things like that.

As always though, there are new attack vectors coming into play all the time and you only need to be caught out once. It's entirely possible that I might be caught out one day by some new method I'm unaware of. For now I

Re:

[Applekid]

I have eaten at places that get mobile credit card readers and swipe it at your table. This way, the card never leaves your sight.

Sure... they'll just swipe over at the server those mobile readers upload to instead. :)

I've wondered if people with photographic memories get involved with crimes like these since all they'd have to do is glance at a card in passing and they'll catch it.

Re:

[Cramer]

According to Visa and Mastercard policies, it is illegal for the terminal to record the number -- either in print or memory. If you see anyone still printing the card number on your receipt, report them immediately. Once the transaction is processed, they have a transaction ID and authorization code and no longer need the card number.

I'd recommend writing the verification number down somewhere else and removing it from the card.

Re:

[RMH101]

{points up]
This is correct. If you have a system that records the full card number on the receipt then you are not compliant with EMV (Europay-MasterCard-Visa) rules for accreditation and if they catch you, they'll pull your merchant account - leaving you unable to accept credit or debit cards issued by either member. Which is a pretty good stick to hit the retailers with.

It used to be common for fraudsters to dumpster-dive the bins at petrol stations and similar to pickup discarded receipts prior to th

This is SOOO cool.

[Forge]

It's like being an undercover mob boss. Except you don't get to: Bang models on their way to the street, Drown rats or wear a cool ring.

Here is my question: Now that Darkmarket is all busted and closed, will this cop just enjoy a 2nd honeymoon before starting again with a new alias and hitting on a different set of crooks.

Hell, if he plays his cards right he could enter the private sector and make millions off the MPAA and RIAA.

Re:This is SOOO cool.

[betterunixthanunix]

He probably wants a new assignment that involves less time at a computer. Did you RTFA? He was spending 18 hours a day on his computer, and was online every day of the week. His relationship with his wife was strained because he had to be available on his computer as often as possible to avoid suspicion and to keep his credibility up. He had to report his vacations to the people he was trying to bust weeks ahead of time, to keep up that reputation. To me, that sounds like the sort of assignment that you only participate in once, if only to keep your heart healthy.

Re:

[MRe_nl]

But first, a shave and a shower...
http://i41.photobucket.com/albums/e297/morbid_muffin_man/Master_Splinter_Sm1.jpg [photobucket.com]

Sounds like many jobs I've had...

[Klootzak]

So Agent Mularski got a taste of what it's like to be a SysAdmin? I think it's a good thing, now he would understand what it's like to work in IT, he'll (hopefully) be more sympathetic to IT staff that he works with... We should get more Law-Enforcement officers into undercover IT "busts"!!!

Now, if he had a pager that would buzz him in the 6 hours he got "off" from the computer, that would be JUST like being a SysAdmin ;)

Re:

[betterunixthanunix]

Average married slashdotter sounds like a very small sample set...

Re:

[Nethead]

I would think that a married slashdotter would be above-average.

Internet Rule #1

[arthurpaliden]

Just goes to show you cannot trust anyone you meet online. They may not be who they claim to be.

Re:

[mi]

How much more such operations could they conduct if they weren't so clueless by having agents investigate peaceful protesters and non-criminal **HACKERS**

All crimes or suspected crimes deserve thorough investigation. Ruling certain kinds of crimes out-of-reach of the FBI simply due to resource-constraints is equivalent to encouraging the said crimes.

Re:

[pete-classic]

Sure. But, given finite resources, should there not be some rational priorities set?

-Peter

Re:

[Anonymous Coward]

Ruling certain kinds of crimes out-of-reach of the FBI simply due to resource-constraints is equivalent to encouraging the said crimes.

Crimes like peaceful protesting, you mean?

Re:How much more...

[morgan_greywolf]

All crimes or suspected crimes deserve thorough investigation. Ruling certain kinds of crimes out-of-reach of the FBI simply due to resource-constraints is equivalent to encouraging the said crimes.

Right. Because the FBI is out investigating every single federal crime within their jurisdiction, right?

No. Because the FBI does have limited resources, cases not specifically brought to their attention by promising, credible leads -- or at least serious media attention -- don't get investigated. Those with credible leads that may not look so promising might sit on the backburner -- often for months or years.

While the FBI does investigate people who turn out to not have been criminals, that's more the exception than the rule.

Re:

[Maestro485]

While the FBI does investigate people who turn out to not have been criminals, that's more the exception than the rule.

They leave that to the Department of Homeland Security ;-)

Re:

[MadMidnightBomber]

Well, anything worth more than $500K, or anything that affects senators.

Oops, did I say that out loud?

Re:

[Xest]

But if said crimes are actually harmless like those the parent cited then what's the problem with them being more commonplace exactly when more harmful crimes are being dealt with instead?

The parents point isn't that people should be able to break the law and get away with it, it's that police time is wasted with laws that are ultimately pointless for the aim of furthering political agendas and such.

You're effectively saying we should ignore say, a few rape cases, because little Billy being allowed to get a

Re:

[Cowmonaut]

DEA does drug crimes. FBI does investigate sex crimes. FBI does do some drug crimes I guess, but usually by accident. They're more into the "cool" crimes like Murder, Sex, and Cyber.

Re:How much more...

[beav007]

FBI does do some drug crimes I guess, but usually by accident. They're more into the "cool" crimes like Murder, Sex, and Cyber.

This post is so much entertaining (and possibly accurate) when read without context...

Re:How much more...

[TheRealMindChild]

FYI man, alright. You could sit at home, and do like absolutely nothing, and your name goes through like 17 computers a day. 1984? Yeah right, man. That's a typo. Orwell is here now. He's livin' large. We have no names, man. No names. We are nameless!

HACK THE PLANET!

Re:

[SomeJoel]

How much more such operations could they conduct if they weren't so clueless by having agents investigate peaceful protesters and non-criminal **HACKERS** (in the original sense, that is, not meaning "cracker")????

Sixteen

Re:Yeah, well...

[Volante3192]

You mean like at http://www.fbi.gov/quickfacts.htm [fbi.gov] ?

The FBI's jurisdiction is essentially being the nation's police force as opposed to your local city force. You can't say "ignore these sections of the state, county or city code" to a local police force just like you can't tell the FBI to ignore the U.S. Code.

Re:

[morgan_greywolf]

The FBI does have certain, specific areas of jurisdiction. Ever read the FBI website? They say with specificity [fbi.gov] what their areas of jurisdiction and current criminal priorities are.

Re:

[dintech]

Nice list but they seem to be missing alien abductions and unexplained phenomena.

Re:

[Anonymous Coward]

Stopping 70million in bank fraud is useless? Allow me to ask... what then does it take to be usefull?

Re:

[Grimbleton]

I don't think that's the group he meant.

Re:oh lord

[oodaloop]

I had heard about this at a law enforcement/fraud analysis/intelligence analysis conference a while back. Basically, ALL the major sites were running in the open. Before all the crackdowns, I guess they thought the anonymity of the web meant they were untouchable. After the FBI cracked down on a bunch, they got wise and went underground.

Re:

[Anonymous Coward]

Don't you mean all the KNOWN sites were running in the open?

Re:oh lord

[betterunixthanunix]

As far as I know, the general idea was that the transactions would happen so quickly that even if someone was watching, the money would be long gone before anyone could track it. Keep in mind that these stories are published long after the arrest occurs, so by the time you learn about what happened, the criminals have moved deeper underground.

Re:

[Zwicky]

I usually give credit where credit is due

Ace! I'll take 10,000 blank American Express. Meet me by the disused warehouse down by the docks in three hours.

Re:rarely asked for my ID

[Achromatic1978]

Because the merchant agreement specifically states that they are not to use the "Ask For ID" thing as a credit card processing mechanism. In fact they can have their merchant account revoked if sufficient complaints are received about requesting ID for CC transactions and not others (though I know in your case you're asking for it).

TECHNICALLY, under YOUR agreement with Mastercard, Visa, or Amex, NOT signing your card with your signature is a breach of your cardholder agreement. In fact (though granted, in practice rarely), Visa requires merchants who come across an unsigned / ASK FOR ID card are supposed to not finish the transaction until the card is signed. If you refuse to sign, at least up until recently, the last time I looked at a merchant contract, they're meant to retain your card (uh oh, you do remember the clause in your cardholder agreement that states that the card remains the property of the issuer, not you, right?).

Not good advice.

Re:

[corsec67]

even though I have written on the back of the credit card in the signature space, 'Ask for ID'.

No.
Visa and MasterCard specifically do not allow seeing an ID to be required for completing a transaction. The merchant can ask, but they can't require the ID.

If your card isn't signed, then it isn't a valid credit card, and the merchant shouldn't honor it.

Re:

[corsec67]

When I had a credit card stolen, it was signed. Someone of a different race used the card, which would have been quite obvious if ID were required. It took several hours of my time to clear up the matter and it was very inconvenient.

Having your identity stolen because the clerk got your credit card # in addition to everything on your ID would be more convenient?