The Deep Web, shrouded in layers of encryption and anonymity, is intentionally hard for law enforcement to penetrate. But the same features that make it a safe space for criminals can make it a safe space for crime. That's what happened when a hacker named Boneless pulled off a "blockbuster heist" of HackBB, forum dedicated to "buying stolen credit cards, skimming ATMs," and other assorted malwebolence.
This March, the Daily Dot reports, Boneless destroyed HackBB's databases and absconded with "a serious chunk of the market’s sizable hoards of money." But not before educating his fellow ne'er-do-wells in the dark arts!
Thanks to what seemed a tireless desire to better his criminal peers, Boneless had always stood out in the HackBB community. He wrote guides on everything from how to convert stolen credit cards to cash to the best ways to defraud online bookies. These were easy to read and informal, written with the tone of a young talent eager to help out his students and prove his own superiority. At the end of one, about turning stolen credit cards into cash, he told his readers: “Go shopping. See the girl with the big titties? Buy her a drink. You win.”
In other words, your standard aspiring pick-up-artist with a wider criminal skill set.
The most infamous domain in the vast recesses of the Deep Web is Silk Road, the underground marketplace for illicit goods. Users access the forum, which has taken some heat from the Drug Enforcement Agency recently, by using Tor, a free routing software that lets you communicate anonymously online. Members of HackBB also access the domain through Tor.
In fact, last year the "grey hat" site Null Byte named HackBB one of the "top ten" destinations in its travel guide of the Tor network, noting: "The key thing to take away is that you can discuss subjects you otherwise might not be able to." Wink-wink.
While Tor's encryption kept law enforcement away, it still left HackBB vulnerable to one of its own members. After two years of contributions that read like "a textbook on how to become a better online criminal," HackBB's founder, OptimusCrime, decided to give Boneless more power, letting him take over the forum's escrow service around June 2012:
An escrow service allows two anonymous parties to exchange money by using a trusted independent third party (HackBB in this case) to hold onto cash until the deal is done. It’s a useful tool for anyone looking to make a deal with someone who can’t easily be trusted.
Apparently there's no honor among cyber-thieves; in March of this year, a large hunk of the money in escrow disappeared—along with Boneless.
Then, on March 22, 2013, the Boneless account accessed and partially destroyed HackBB’s database. There was no warning—no hint of motivation. He snooped on private messages and attempted to blackmail numerous members with the information he dug up.
It didn't stop with blackmail. On May 15, as OptimusCrime struggled to make his "den of thieves" feel safe again, HackBB faced a second attack:
The attacker was thorough and deceptive in ways even these experienced hackers and criminals hadn’t expected. During the first attack, Boneless had used his admin powers to create other, hidden accounts under his control, then granted them administrator status. It was as if, before leaving, he had dropped a half-dozen secret keys around the property.
But all's well that ends well for the fraud forum, reports the Daily Dot:
Today, over 15,000 member accounts power a reinvigorated marketplace selling credit cards, bank accounts, forgeries and entire identities to willing buyers. Wanted ads for ATM thieves and vicious bounties are posted like they’re personal ads on Craigslist. The wiki library has been replenished to include guides to subjects such as phishing, hacking, carding, malware for phones, and how to deal with curious cops.
The strangest twist seems to be the staying power of Boneless' reputation as a stand-up guy—to a point. Even OptimusCrime still believes Boneless didn't orchestrate the heist as much as "sold his powerful administrator account to the highest bidder."
They say the greatest trick a hacker ever pulled was convincing his peers he'd sell them out rather than hack 'em himself.
To contact the author of this post, please email firstname.lastname@example.org.
[Image by Jim Cooke]