Review: Crime: Dark Market: Cyberthieves, Cybercops and You by Misha Glenny
Random House, £20
From the outside, Mick O'Neill's in the Ukrainian city of Odessa looks like any Oirish pub the world over and hardly the crucible of a billion-dollar industry.
But, in 2002, it held the distinction of unwittingly hosting the world's first credit-card hackers' convention.
This wasn't the sort of shindig just anyone could attend -- but it spoke volumes about the thriving underground trade in stolen credit-card numbers that hackers had begun to organise themselves along the lines of a legitimate business.
Dozens of hand-picked delegates travelled from around the world to share information, learn new techniques and drink strong Ukrainian beer. Hell, the organisers even subsequently issued a press release toasting their success.
The year before, in 2001, a group of motivated hackers -- or carders as they called themselves -- had set up members-only website CarderPlanet.
Described by former Guardian journalist Misha Glenny as a "bazaar for stolen data", CarderPlanet formed the template for dozens of successors and kicked off the era of widespread cyber-fraud as electronic banking became popular.
As one FBI investigator described CarderPlanet: "It is no exaggeration to say it spread the practice of criminal hacking to all four corners of the globe."
Glenny's book follows the criminals' trail from CarderPlanet through to the big daddy of them all, DarkMarket, criss-crossing the world from Turkey to Russia to the US and even deepest Yorkshire with exhaustive research.
He shines a light into a shady underworld that stretches from scamming punters at cash machines (so-called skimming) to the more highly profitable trade at the top of the end of the pyramid in which the stolen numbers are retailed in bulk.
By some estimates, the cost of such cyber-fraud runs into the billions, most of which is ultimately borne by the consumer.
But Glenny also casts a compassionate eye on the hackers themselves, the vast majority of whom are young, male, incredibly smart and socially inept.
"Your average cyber criminal has the manners of a chimpanzee and the tongue of a Sicilian fishwife," according to the author.
The main players revelled in exotic handles such as Iceman, JiLsi, Cha0 and Lord Cyric, their anonymity protected by labyrinthine security measures and the facelessness of the net.
But for many the risks were worth it, with the New York-based hacker known as RedBrigade proudly boasting of pulling in $300,000 in one fortnight in 2003 via phishing scams.
His outgoings of $70,000 a week on partying, cars and property barely made a dent in the piles of cash cluttering his plush apartment on the Upper East Side.
The hackers played an elaborate cat-and-mouse-game with the law, their paranoia driving them to inordinate lengths in case they were dealing with an undercover cop.
Indeed, the book is almost as much the story of a handful of untrained police scattered around the world who had to quickly learn the intricacies of hacking to pursue their quarries.
Comically, many didn't know of their colleagues' existence and wasted time pretending to one another to be bad guys. Even when they knew of each other, they often wouldn't cooperate.
Several investigators from US, UK and French secret agencies began to focus their energies on DarkMarket, which had risen quickly in 2005 to become the premier destination for carders seeking the latest information and skimming equipment.
DarkMarket members were vetted to keep out wasters, rozzers and rip-off merchants, promoting honour among thieves. Its 2,000 customers were warned not to sell drugs, weapons or child porn on the site, lest they attract too much heat from the authorities.
So long as it was only the "immoral" banks losing millions, the hackers reasoned, few would be bothered.
But they were wrong. DarkMarket's security was jealously guarded by a handful of administrators respected in the hacking community for their skills.
Unfortunately, one of the admins was also an FBI agent who masqueraded as a crook named Master Splynter. He followed the astonishing comings and goings at DarkMarket from the inside, hampered only by the near-impossibility of prosecuting the hackers.
Chapter by chapter, Glenny relates in workmanlike prose how the police tracked the hackers to their lairs one by one. One worked out of an internet cafe in the shadow of Wembley. One ran his vast empire from a luxury villa in Turkey. Another, who dubbed himself Devilman, turned out to be a pensioner with a hip replacement living in a two-up, two-down semi-D in Doncaster.
DarkMarket was shut down in 2008 but don't think the problem has gone away.
Skimmers and phishers still perpetrate massive frauds every day, they've just got smarter, manipulated by the criminal syndicates who've moved into the lucrative trade.
Think about that the next time you go to the hole in the wall for cash or before you click on a dodgy-looking email from your bank.