Sarah Staples
CanWest News Service

Thursday, October 13, 2005

The ping pong of private messages on the afternoon of March 23, 2004,
between David Thomas, a.k.a. "ElMariachi," and a hacker he knew as
"Ethics" had until that moment been fairly routine - just the polite
banter that is the usual prelude to hatching criminal business online.

Routine, that is, until Ethics let loose this juicy tidbit:

"btw (by the way), you know anyone who would pay to get celebs private
cell phone numbers? or any other number's from t-mobile's database?
Sort of my major resource right now ..."

This drew the virtually instant reply from ElMariachi:

"hehehehehe oh man that would be so [f--ing] cool"

Thomas, 47, was the founder of Shadowcrew's nemesis, TheGrifters.net.
He had started the board in January 2004, after falling out of favour
with Shadowcrew administrators, especially Black Ops, the chief
enforcer, who suspected him of co-operating with law enforcement.

Ethics, the Secret Service would later determine, was a vendor on
Shadowcrew.com. He was a mid-level hacker and identity thief trying to
work his way up on what were then the online underworld's most
popular crime boards.

He had hacked the main computer server of Bellevue, Wash.-based
wireless carrier T-Mobile USA, he boasted, and could offer ElMariachi
access to personal and billing information for more than 19.2 million
U.S. subscribers to T-Mobile cellphones and Sidekick personal digital
assistants.

The hacker offered ElMariachi a sample. It was the address, date of
birth, social security number, secret question and answer, account
password, web username and password, and the e-mail address of one
Paris W. Hilton of Beverly Hills.

Ethics could even pick out phone numbers of the victim's friends and
family, and peer into personal collections of telephone numbers and
photos stored on the wireless devices, he boasted.

"It was intel that could make somebody money. You could fish that
around to the National Enquirer or someone and they'd buy it in a
heartbeat," says Thomas.

There was more. Ethics had called the Secret Service 217;s east coast
field office to find out who was running cybercrime investigations,
learned it was Peter Cavicchia, a T-Mobile e-mail subscriber, and
tapped into his account, too.

In special agent Cavicchia's e-mail, Ethics uncovered internal Secret
Service documents, portions of a Mutual Legal Assistance Treaty with
Russia, and e-mails about cybercrime investigations, including the
Shadowcrew investigation known as Operation Firewall. And he learned
that the ICQ numbers he and certain other Shadowcrew members were using
to chat anonymously were under investigation.

Fortunately for investigators, Ethics didn't stop at Thomas. He
approached a Shadowcrew admin with the identical sales pitch, unaware
that the admin was a Secret Service informant.

Alerted to the security breach, agents arranged through the snitch to
give Ethics a "secure" proxy connection to Shadowcrew.com - one they
controlled.

For the next few months, Ethics and his computer were put under
surveillance. He was soon identified as 21-year-old Nicolas Jacobsen, a
stocky, middle-class man from Oregon, who had failed in launching his
own computer consulting business, moved to California, and was working
for a shipping software firm in Santa Ana.

Investigators watched as Jacobsen, on various occasions, looked up as
many as 400 names from the T-Mobile database.

On Oct. 19, 2004 - one week before Shadowcrew's alleged kingpins were
due to fall in Operation Firewall - investigators swooped into
Jacobsen's apartment complex to make the just-in-time arrest.

In the months that followed, Peter Cavicchia, the special agent whose
e-mail was compromised, left his job.

Jacobsen pleaded guilty to a single count of computer hacking, a
federal offence carrying a maximum penalty of five years imprisonment
and a $250,000 fine. He was sentenced in May before a Los Angeles
district court judge, who immediately ordered the proceedings sealed.

Securityfocus.com, an online source of information and news about
security issues, reported he was offered employment in Washington,
D.C., working for his former enemy, the Secret Service.

On Oct. 18, the first 19 of 28 arrested in the U.S. portion of the
international sting are expected to go on trial in New Jersey. Among
them will be Andrew Mantovani, alleged founding admin, who is accused
of electronically transferring batches of stolen credit card numbers to
Shadowcrew members, and of selling 18 million e-mail accounts, complete
with names and addresses, dates of birth, user names and passwords -
the basics, in other words, to begin falsely assuming a victim's
identity.

The rest of the U.S. accused face individual court dates later this
year.

A spokesman for the Secret Service refused to comment on the fate of
David Thomas, who was not one of the 28 who were taken down as part of
Operation Firewall. Eric P. Zahren, assistant special agent in charge
of government and public affairs, said the Secret Service would not
comment on individuals who have not been arrested and charged as part
of the investigation.

Successful trials of the alleged leadership of Shadowcrew, according to
Kevin O'Dowd, the current prosecutor assigned to the case, would be
the final phase of Operation Firewall, which he calls "a monumental
case from the perspective of law enforcement, the first of its kind."

But any celebration may be short-lived.

Within days of the takedown, members of Shadowcrew had its successor up
and running: a website called Offshorecrew.biz, featuring the tag line
"It's a new day." The site was traced to a computer server in Panama
under a falsely registered business address.

Law enforcement officials in the U.S. and in Canada admit the
investigation into Shadowcrew is widening, not shrinking. Cybermobsters
who escaped prosecution are believed to be operating in all major
Canadian cities. The number of online crime boards is growing.

And the pursuit of cybercriminals is hampered by a lack of resources
for undercover work, and by the failure of courts in many instances to
comprehend, let alone harshly penalize, computer-related crimes of
identity.

In the U.S., the Federal Bureau of Investigation considers
cybercrime-fighting its third-highest priority after terrorism and
counterintelligence, yet has allotted just $150 million US out of its
2005 budget of $5 billion to the fight.

The Secret Service, which doesn't publicly release its budget, pays
for cybercrime investigation out of the agency's base funding,
Johnson says - meaning there is no supplemental funding available
despite the evident strain in personnel and resources that busts like
Firewall incur.

Canada fares even worse than the U.S. in terms of investigative
resources and the infrastructure needed to smooth coordination between
police jurisdictions.

With no federal office for cybercrime comparable to the FBI or Secret
Service, and no laws specifically dealing with identity theft or sales
of fake ID, local Canadian police detachments shoulder the burden of
investigating credit card fraud and identity theft. The result is
inconsistency in the training of officers and the capacity of
crime-fighting efforts across the country.

"You get a guy who each week ... takes on a different persona, and
let's say he gets 50 victims each week, at an average of $500 per
person, times the number of weeks he's able to get away with it, and
you're looking at some pretty serious coin," says the Vancouver
Police Department's Detective Const. Mark Fenton.

"A lot of departments, even if they take an Internet investigation
complaint, they don't realize that what (looks like) a $500 fraud,
could actually be a $5,000-$10,000 dollar fraud."

At the very least, Fenton would like to see possession or sales of
false and stolen ID cards be redefined as criminal offences.

In the wake of every highly publicized takedown, police acknowledge,
the Internet's new mafias are learning to avoid getting caught the
next time.

"When you go after one arm and cut that off, the other arms panic,
everyone lays low for a bit and they slowly start coming back," says
Fenton. And then they're back doing their thing with a vengeance."