Posted by: Allen Hoffmann, JD
February 23, 2015
The second part in a 3 parts series – the other parts are available here: #VeteranDarkMarketDweller (after publishing)
Doing business with the mob and managing your operation.
AH: Now, when you say ‘Russian sellers’, do you mean the ‘Russian mob’ that gets mentioned in pretty much every article you read about SC?
DT: Well, kinda, I guess. Yeah, I didn’t think of it like that, and I still don’t see it like that.
AH: Just to be clear- you were doing business with the Russian Mob while you were in college and you don’t see that as a big deal?
DT: A lot gets made in the media about the ‘Russian Mob’ side of those days. We aren’t talking, like, Russian mob rolling around in limousines and shit because we were doing business online… we’re talking Russia based guys who hacked card merchants and credit card DBs, and who may’ve been on the periphery of bigger things, but they were engaged in organized criminal activity and were Russian dudes, so if you wanna call em Russian mobsters, I guess you could. One Russian guy, I can’t remember his handle, but I was a client of his, granted an interview to some fringe internet media outlet after ripping five grand off an Australian e-gold exchanger. He was bragging in the interview about how he used the e-gold after he cashed it out to buy a new suit, and I remember reading it a long time after SC went down and thinking ‘this guy doesn’t sound like a mobster to me’.
AH: So the claims you were all involved in some massive conspiracy with the Russian mob are bullshit?
DT: Look, I can’t speak for all of the vendors, and I don’t know anything beyond the internet profiles I knew and saw, but how many guys who live that life are using the internet to sell? As one example, a guy called “APK” was making damn good counterfeit 200 Euro bills when things went bad, and before that, he’d been making traveler’s checks when he showed up around the back end of ’03. He was a good dude to talk, English wasn’t the best, but he shipped fed-ex and once again, importing shit seemed dicey to me. I didn’t find this out til I was doing business with other guys on other things much later, but where he was from in Sofia, over in Bulgaria, was known in the ‘real world’ crime circles outside the internet, at least as far as some guys I came to do business with later were concerned, back in the early 1990s, that place was known as being somewhere that had produced some pretty professional forgers and computer work types, so who knows, maybe he was the real deal. I hear he only recently got caught after things went to shit in ’04, so you can take from that what you will.
AH: You’ve explained how the set up went, what about how you ran your day to day operation?
DT: We had a solid system. I was the supply line to the Russian vendors, but all the tasks were compartmentalized, so if someone went down, they could be replaced. Also, it meant that you couldn’t go out and steal our business methods out from under us. I would confirm the order, give cash and instructions to another member of the team, who would go and make a Western Union payment. Then, when the dumps were delivered to an email address controlled by someone else on the team, the plastic cards would be encoded. The cards would then be distributed to the ‘runners’ who, depending on where they would be sent, may have had a fake ID in the name of the card, and were given specific stores and shopping lists to hit. The reason for specifying the stores was two fold; one, we either had friendly cashiers working part time at those stores who would not compare the digits on the card to the digits on the receipt and who could comply with their work place’s instructions by checking ID (and our runner showing the cashier a library card) for some specified goods which we could card anyway, or two, we had noone at that store but we knew their policy did not require them checking the last four digits of the card itself with the receipt, in addition to the ID. It was a pretty damn good job for a college student, considering the flexibility of the hours for all involved.
AH: Could you elaborate on the ‘last four digits’ you’re talking about, and maybe the whole ‘re-encoding’ thing, a little further?
DT: Back in the day before this kind of carding was really mainstream, before people knew what “skimming” was thanks to the media, it wasn’t something people thought of from a technical perspective, and so unless the place had been hit before or you had a tech guy behind the counter, it wasn’t in their minds. The front of your card is your card number and name, on the mag stripe on the back is two tracks of encoded data, including that number and some ‘discretionary data’ – stuff which means you can’t just make up the mag stripe’s data knowing what’s on the front of the card. When you swipe that, it gets kicked around the card merchant’s computer infrastructure and says ‘yeah, approved’ or ‘no, not approved’ or maybe even ‘not approved and grab that fucking card’. When you bought a ‘dump’, being the two lines of information off someone else’s card and re-encoded that onto the stripe of the stolen card, and put those numbers on the back of the card, you were using the card as a carrier for another card’s set of info, so obviously, unless you were REALLY lucky, the numbers weren’t going to match. Some stores which had been fucked hard already, like more than their merchant would let slide, would check those numbers so as not to get fucked again, but every store would check ID on a card purchase, and of course, had to check for an alcohol purchase, so a ready supply of fake IDs was always needed.
AH: Were you finding it challenging to live two lives?
DT: I wasn’t really living two lives, most people knew what was up, but it was eating my fucking time, that’s for damn sure. Try keeping a long term girl living like this…
Knowing your market, and knowing your (card) limits
AH: Alright, so you had your methodology down, what did you sell?
DT: In the beginning, booze and smokes, all day, every day. We didn’t have to take a price hit on the alcohol, whatever you bought for, you could resell for to anyone underage. It was shooting fish in a barrel, and we’d rotate the runners around through multiple stores and shopping lists per day. Blonde cutie, big tits, flirt with the male cashiers, skinny white guys everyone will forget for the female cashiers – disguises like a can of spray hair color, clothes the runners would ditch once a week seeing as we’d just card them more. Keep in mind we were trying to track the shift changes and staff in our operations spreadsheet, in case we had to hit one location twice in a day. Staff got nicks like ‘Scarface dude’ or ‘shit in her face’. Cartons of cigarettes would hold their value reasonably well and were always the item in second highest demand, we started selling those to independent convenience stores where the dude behind the counter was the owner. We’d also do other concentrated value goods which wouldn’t take up space which were still in high demand, like cologne or perfume for example. We could do your high end grocery shopping for you, too, if you were going to be an established customer – caviar, lobster, fillet mignon, foie gras, I think we ended up providing a huge quantity of supplied to a couple of small time catering outfits. We made money because their purchases cost us a $20 dump, they undercut their competition on raw supplies, everybody was making money. Basically, you came to our ‘sales rep’ with your shopping list and money in hand, then you’d get a price, and you would have your stuff in two to three days tops, no need for us to sit on the goods waiting to sell them. The idea of reselling online was not one we needed to consider, we had more than enough clients, and receiving payment anonymously on a large scale, from multiple clients, was not feasible for Western Union.
AH: You said “in the beginning” – what did you expand to?
DT: After that, we did some bespoke orders but found that some things, like shopping for expensive shoes or dresses for sorority girls at specific stores whose policies we’d have to learn either through hiring on a cashier or surveillance, just weren’t worth it. Games consoles on an individual basis became something we tried out but the size of the purchase and the unit itself was prohibitive initially, it was a special order type thing. Then through one of our regular booze buying clients, we met a local guy who put “mod chips” in consoles. We had to take a hit on the margin, but the dude bought as many consoles as we could get which were a certain model variant, and he could then afford to sell a console with chip installed at the same price as retail without the chip installed, so his volume was huge. Ultimately, in terms of booze, we curtailed all sales of beer and low end shit and stuck exclusively to higher end spirits, purely for volume. We ended up getting connected with a couple of dive bars, and we went from taking orders for a range of different types of alcohol from 40 to 50 clients a week to taking bulk orders, which would need to be distributed over multiple runners and stores, from 2 to 5 clients a week, and taking a hit on the margin. However, the volume made up for it. It went on like this until we graduated, even when SC got taken down.
AH: Were there limits to what happened with the dumps? A few hundred at a time you said?
TD: We tried to keep each individual purchase to under a few hundred dollars per transaction because pushing it further than that could call the dreaded ‘call for authorization’ or could trip a store’s in house ‘floor limit’ for getting issuer authorisation for a card, and if the card died, they’d drive back to wherever the briefcase was that day, and whoever was running the computer would switch out the dump. That’s a dump burned and time wasted, and remember, people were fitting this ‘work’ around classes. The card might die on the first transaction and we’d get nothing, or it could keep on going and going. It was always a gamble. The Russian cats would sell you different tiers of card product, classic Visa, Platinum Mastercard, you name it. We learned two things fast – one, don’t fuck with AMEX, they don’t write shit off ever, they investigate shit til the end of time, two, don’t waste your cash on a Platinum card which could have all kinds of whacked out card protection shit and could die on the first transaction, just like a classic. We were volume, not high end buying. At least, not often.
AH: At the other end of the spectrum in terms of failure, did you have any dumps which paid out hard?
TD: We had one card which lives on in infamy to this day which kept going, being used VERY hard in terms of both volume of transactions and value of transactions, for over a week, and seemed to have no limit. Usually, cards were run until they were dead, two to three days tops. One of the other guys kept metrics on another spreadsheet about which BINs in terms of card issuers lasted longer and paid out more, averaging out what we should expect from a particular BIN and looking for unusual spikes in early decline rates or potential changes to the issuer’s fraud detection software. I don’t want to give details, but we got this particular card in a random batch, it was from a Government employees’ credit union. It actually became a challenge on the team to be the one who would burn out that particular dump, and many extravagant purchases were made which were kept by those involved, I may even have encoded that one and taken it for a run myself – whole outfits of designer clothes, Cognac, a number of bottles of ‘96 Dom, which is still my favorite, you name it. After a week long circle jerk by each shift of runners, we all agreed that it would be best to overwrite that one rather than push it any further after a couple of high end watches were bought. We found out later from contacts at stores where we had people embedded that that card had caused an absolute shit storm. I’d still love to know whose card that was.
Human capital and growing your operations.
AH: It seems your operation was getting sophisticated and growing.
DT: That’d be an understatement. I personally was doing about 10k in cash a week to stay behind the scenes. Runners caught a good percentage of purchases completed in cash for the risks they took, they weren’t allowed to sell under any circumstances. Some were doing as well as me. Volume of work was just straight up insane.
AH: How many staff did you have on the team?
DT: We blew up, big time. Permanent staff at the back end, there were 3 to 4 of us who were hands off as it grew, a floating team of up to 7 or 8 runners working concurrently, and we’d double that during the holidays. Some people were local, some went home to their families. People graduated, some people dropped out. I handled the ultimate decisions on HR, but one of the other guys on the team did the actual day to day recruiting, and that was a constant drain. I couldn’t even begin to try and track how many cashiers and staff were on the payroll feeding us information and getting transactions through for us now. At the time, we had a spreadsheet, which tracked who was buying which list from where, and we tried to keep runners rotated between stores, trying to keep names on cards from getting over used in one chain of stores for example. May’ve been overkill, but we were trying to be as professional as possible.
AH: But you basically had to maintain your own rosters for both friendly cashiers and your own crew?
DT: Correct. If you were in a store, and you got given shifts, you had to call us so we could update the sheet and plan when which runner was visiting, and we tracked people coming, going, getting canned. If you were calling off sick, you had to get at us too. Same deal for runners. You’re sick, you got a midterm, we need to know, because the product you’re meant to be getting on the next run, that shit’s already sold.
AH: That’s a whole lot of people to keep track of… did things ever go wrong?
DT: You bet. Aside from the standard ‘you are an idiot and fuck up’ type problems you get in any business, we were up against the cops, the stores, and just shitty luck. If we didn’t have someone in the store and policy change meant numbers on cards were getting checked against numbers on receipts and we didn’t know about it, our people would have to bail in a hurry. Couple of our people ended up in police bulletins so they had to be retired with a nice severance package. We never had any direct heat, thank god. Couple of times, runners walked into a store, select their shit, get to the cashier and spot someone they know working behind the counter, who is gonna probably start talking to them in their real name. They had to then immediately dip out, and half the time, we’d start trying to get them on board our friendly cashier team.
AH: Does that mean every time you sent someone into a store without a friendly cashier, you had to have a new fake ID?
DT: Uh huh. And we had to keep track of which runners we had could pass for over 21 and which ones couldn’t, so they needed “under 21” IDs, which our Cali hookup could do.
AH: So did you keep using your Cali guy or did you have to widen your supply?
DT: In the beginning, yeah, we did, but we mixed it up a little as our operation got wider. You can never, ever use a fake ID instate. I don’t care how good your shit is, unless it came from the DMV, don’t use it in the same state which its supposed to have been issued by, ever. Considering the size of California, I’m not giving away my or my staff’s identity by saying that yes, we were active there. There was a vendor on SC called “Kevlar”, real name Kevin, who was an absolute artist in every sense of the word. Back in the day, Michigan came out with this supposedly absolutely fucking bulletproof drivers license. It wasn’t much to look at, honestly, but people who checked ID for a living at bars, when they saw an MI ID and it had the features the barbook said it did, they didn’t get into ‘taking it to the guy in back who knows more about this stuff than I do’, they accepted it. Same deal for the dude behind the counter at your liquor store. Both the Cali and MI IDs would also ‘scan right’ too, same deal as the credit card tracks. Some machines they’d do the scan and it’d be a ‘yes, over 21 and ID seems valid’, I think once or twice the machine would spit back the full data off the card, and we were never disappointed. Kevlar got plenty of business from me. When Kevin couldn’t keep up with the orders, we would see who had good reviews at the time and pick up whatever we thought was a good deal – there was a guy who made passable Canadian IDs with a health insurance card pretty cheap whose name escapes me, and another who did Illinois IDs with Purdue university cards, and they both caught business from me.
AH: Fair to say business was good, then?
DT: Fair to say business was fucking good, dude. And it was my baby.
Remembering the good times, adapting to change, and what happened to the money?
AH: Was that it for your team, or are you still doing business together?
DT: Everyone remembers the good old days. The inner circle is still connected, and some of the runners remain part of our wider network. We’re on other projects now, we may not all work together all the time like we used to, but we all maintain a project style approach to things – we collaborate in our own little network. I don’t know if the teams of today will be able to say the same thing in seven or eight years time. And seeing as we’ve all known each other since college and in some cases, since grade school, we’re all pretty confident nobody has gone off to the police academy at any time in the years we’ve known each other. I’ve got a family now, so I’m more risk averse than I once was.
AH: Any stupid stories or amusing anecdotes you’d care to share?
DT: Yeah, for sure. As mentioned, we had dumbshit temporary runners get chased out of stores where they checked the numbers, so there’s that, but I don’t feel like going into detail on any of those incidents, seeing as there’re probably still a few open files on us, and anybody could be reading this. Thankfully, nobody ever actually got caught up out of any of that.
AH: How about on the online side of things?
DT: I remember one funny ass incident on Shadow Crew in particular… one guy whose username was “Light Cat” or “Lightning Cat” or “Ghetto Cat” some other name or derivative which ended in “Cat” or something, I don’t know who it was now, showed the board his latest effort at a particular state’s ID one time, covered his face but not the fake name. A vendor on SC board whose username was “TripleSin”, he sold birth certificates, had a job somewhere I won’t mention which involved checking IDs. Long story short, one night ‘Cat’ got carded, and of all the people in the world to get carded by, it was “TripleSin”. He addressed the guy by his username, told him it was good work, and to enjoy his night.
AH: No way…
DT: Yes fucking way dude. Of all the fucking people in the world, he showed it to a dude who had seen it on an obscure internet forum, who remembered the damn name on it. What are the odds… There’re a bunch of other stories which come to mind, but this particular story stands out in particular… Instead of writing a book like that El Mariachi fucktard who was working for the feds, there was another guy who came up with a really solid way of making legal money off of this completely illegal industry. He spun off selling ID making supplies to forum members to buying wholesale and selling retail to the public all the legit consumables one would need to run an ID card making operation for, say, employee ID cards. I just checked and his legit, clearnet website’s still running to this day, still selling ID supplies, generic holograms and all. Completely legit, but he must have a pretty solid ongoing client base for such a narrow industry to have been selling for over ten years now.
AH: Are you sure all that last guy was doing was selling the supplies? And are you going to name the website?
DT: I’m not going to elaborate further on that first question, because I just don’t remember, and even if I did, I don’t think he’d be too pleased with me saying so publicly. And you’d need a pretty lucky brainstorm session to work out the name of the website.
AH: Does your family know about your past?
DT: Is that a joke? Absolutely fucking not, dude. My wife thinks I worked at [large electronics chain store] through college.
AH: And the money? Did you blow it all?
DT: Can’t speak for anyone else, but I don’t owe anything on my student loans, and I was able to get a couple of business ventures up and running. Maybe somewhere to live, something to drive. I did fine.
AH: If you were to look at your CV on paper, it would probably be a little hard to interpret, but I assume that’s the idea. So, where do you say your money came from?
DT: “Playing the markets”, dude. I had a real good time playing the markets in grad school, so far as anyone knows. Anyone who presses on that point, I can reel off performance on the stocks I made my money on in that time period and explain exactly what I did and why to the extent that most people get bored. If they press, I can always just tell them to mind their fucking business. Its not like anyone is gonna ask to see the archives of my E*TRADE account.
AH: What do you tell the IRS? You can’t pay for a condo with rolls of 20s and 50s last time I checked.
DT: We’re getting beyond the scope of the interview here, but let me answer that like this – I have people for that, the money has been in bank accounts in a number of places for a long time. I am a legitimate businessman. And also, fuck the IRS. Be sure you quote me on that word for word. “FUCK – THE – I-R-S”
The second part in a 3 parts series – the other parts are available here: #VeteranDarkMarketDweller (after publishing)