DarkMarket_ Cyberthieves, Cybercops and You - Misha Glenny [14]
3
MR HYDE OF LAGOS
2003 was the year that Adewale Taiwo received his BSc in chemical engineering from the University of Lagos. The son of a university lecturer and a civil servant, Adewale, who was tall and striking, had grown into an articulate and measured young man with a promising future in industry or academia. By Nigerian standards, the family was comfortably off and they had relatives in London able to assist Adewale when he explored the possibility of continuing his education in the United Kingdom.
This was also the year that he created his alter ego, Fred Brown of Oldham in Lancashire. Although Adewale had never yet been to England, he decided in advance to create this veritable Mr Hyde of the cyber world. It was Fred Brown who established the yahoo newsgroup on bank fraud.
Before long Fred Brown was also posting adverts on the Internet, using such sites as the Hacker Magazine, Alt 2600 or UK Finance:
OPPORTUNITY: A business opportunity has arisen for people employed in High Street banks or people who have family or friends working for banks to go into partnership. Banks include HSBC, Royal Bank of Scotland but others will be considered. Please reply to Fred B Brown on yahoo, icq or Safemail.
The messaging programs icq (derived from I Seek You) and the older IRC (Internet Relay Chat) are tools beloved of hackers and crackers, as criminal hackers are sometimes known. They are instant messaging services on which you can chat to one or more people. Importantly for hackers, they are ‘dynamic’, which means that they do not leave a trace of the conversations conducted on them unless somebody consciously saves their exchanges. ‘Safemail’ is an encrypted email system that cannot be cracked. Unless, that is, you can persuade an Israeli court to subpoena the information you are looking for, as a company in Tel Aviv owns and runs it.
Respondents to Fred Brown’s adverts were then invited to join bankfraud@yahoogroups.com, whose aims and ethos were explicit: ‘This group is for people who don’t want to work legit but for cash and are willing to bend the rules. This group will teach you how to defraud banks and identity theft.’ It is a measure of the pervasiveness of fraudulent activity on the Web that Fred felt able to promote his business so openly. It would be several years before law enforcement noticed him, and that was only because he eventually made an uncharacteristically crass error.
Fred’s adverts were designed to skin a cat in that most traditional fashion – the inside job. If you can persuade a bank employee to filch and then hand over customer details, you save yourself the sweat of having to crack the accounts or credit cards. Perpetrators of fraud on the Internet invest considerable effort in trying to find disgruntled or distressed bank employees, because having a reliable insider working with you can increase your earnings dramatically. Armed with the account details, the criminal is free to enter the account over the Internet as he would his own, before transferring cash into a designated account of his choosing. Unless the infiltrator needs a significant sum in a hurry, the preferred method of theft involves sucking out small amounts over a long period, so that neither bank nor customer notices.
But Fred Brown was also developing some more advanced methods of fraud. He was able to enter deeper into a bank’s system, where he could engage in such practices as increasing an account’s overdraft facility. He seemingly had the know-how to change names and addresses and, of course, fish out passwords.
By laying the foundations of his trade long before he came to the United Kingdom, Fred demonstrated his systematic approach