Infoworld has posted a fascinating account of FBI Agent Keith Mularski's successful infiltration of the professional identity theft and fraud scene. Over the three-plus years he spent posing as a scammer on the international fraud website DarkMarket, Mularski slowly built trust with other members and rose through the ranks of the criminals running the site. He steadily gained access to more information about the site's users and was eventually made an administrator of the site itself. Even after rumors began to spread that Mularski was actually a law enforcement agent, many of the cybercriminals still trusted him because of their long history dealing with him. After all, every other site administrator had previously been accused of being a law enforcement agent as well.
Though Mularski never sent spam or committed any acts of fraud while maintaining his dual identity, he was familiar with many of the techniques used by cybercriminals from his work on an antispam operation. He also spent long hours day and night maintaining the site and chatting with other members. It took a toll on his personal life, but gave him credibility he needed to gain the trust of other DarkMarket members.
Once he was given administrative rights on DarkMarket, Mularski could track scammers accessing the site and even read what they were saying to each other. Due to information provided by Mularski, the other administrators of DarkMarket were arrested in their home countries until he was the sole remaining administrator of the site. Then, working with other law enforcement agencies in Europe, he led an investigation that netted 59 arrests and prevented $70 million in bank fraud.
While this story highlights the great work of Agent Mularski and the Cyber Initiative and Resource Fusion Unit, run out of the National Cyber-Forensics & Training Alliance it also reveals the sophistication of many online scammers, and the wealth of resources available to them online. Law enforcement would be wise to follow this example in rooting out forums where potential criminals learn how to break the law and cooperate with each other. Doing so will prevent many people from ever starting down the path of crime. NCPC provides information that helps protect people from becoming victims of fraud and identity theft. What else can law enforcement agencies and crime prevention organizations do to prevent people from becoming victims of cybercriminals?