His penance was five years of cooperation with the FBI, who, in examining his PC after the 2010 raid, found evidence of a kid dabbling in everything from “botnets” and spamming software to “false phishing” sites and “root access” penetrations, like a self-directed survey course in nefarious computing.
Placek’s specialty was coded-to-order “credential-sniffing” programs capable of plucking credit card information from otherwise secure streams of Internet traffic. Snug in his parents’ North Shore ranch home, he’d been making deals with cybercriminals from all over the world, first passing their money through an “ePassporte” account in the Caribbean before sliding it into a local bank account, both of which were registered to his real name and address.
No points for guessing this is how the FBI caught him.
He met the undercover agent who identified these accounts through darkode.com, the underground hacking forum he’d helped to found in 2008 at the age of 19. According to web-hosting records, Darkode was registered in March of that year under the auspices of EstDomains, a now-defunct Eastern European Web company known for hosting shadowy websites. Placek’s alleged partner in launching the forum was a Slovenian college student and hacker, Matjaz Skorjanc, who went on to become the site’s first serious administrator.
Darkode evolved over the years but operated from the beginning as a place for talented black-hat coders to sell their labors to assorted identity thieves and scammers at prices ranging from $50 a program to $500. Botnets were the central concern. Members traded control of them and the software needed to infect new bot-networks of computers – everyday PCs quietly taking orders, unbeknownst to their owners, from a hacker’s central command server. Botnets can be used to fake Internet traffic for pay, covertly record keystrokes, or launch crippling attacks on servers (and then ransom the owners of said servers for money).
According to court records, Skorjanc was behind the modified “butterfly bot” software used to build the notorious “Mariposa” botnet, one of the largest ever devised. Placek, meanwhile, seems to have drifted away from the forum not long after helping to found it, judging by the fruits of a “white-hat” hack by a security researcher known as Xylitol, a software cracker living in France. Xylitol infiltrated Darkode in 2013 and leaked many of its contents, including several messages by “Dethan78,” the account used by an undercover FBI agent to track down Placek. Registered in late 2009 and consigned to the lowest classification level of “Fresh Fish,” Dethan78 would post periodic comments to the site, sometimes in jest (“your cracking me!”). Included in the leaks is a thread from the forum’s “Hall of Shame” section accusing “Nocen,” one of Placek’s usernames, of reneging on a $3,000 “project.” By this time – a few months before the FBI visited Bayside – Nocen was no longer an admin, and his account had been deleted.
After the arrests, Sp3cial1st posted to a short-lived site, darkode.cc, that the forum would reconstitute itself as a site on the Tor network, a daisy chain of computers designed to make Internet traffic impossible to track. Xylitol says he’s not sure if Darkode has re-emerged yet, and suspicions were heavy this fall on other hacker forums that the FBI remained in control of Darkode and wanted to reopen it as a “honeypot” to ensnare more bad guys.
Some even suspected that Sp3cial1st himself was an FBI agent, as the agency had infiltrated the top leadership of a similar forum called Dark Market in the mid-2000s. In fact, as conspiracy theorists noted, the same Pittsburgh-based agent who lorded over Dark Market as “Master Splyntr” for about two years, J. Keith Mularski, was the same supervisory agent who headed up the Darkode investigation.
George Ledin, a computer science professor at Sonoma State University in California, and a noted tracker of malware, says most cybercrime forums aim to “serve their purpose without being overtly accessible or visible to too many. Darkode exceeded that sweet spot.”
Paying his small part of the price, Placek pleaded guilty in August to a misdemeanor hacking charge in federal court and is scheduled to be sentenced in November. This fall, he was living in a Glendale apartment and working for Swick Technologies, an IT provider in New Berlin, as a network engineer.
Ledin says it’s not unusual for former black hats to find legitimate employment, and there’s even a usefulness to understanding the dark side of software. “It’s a bizarre feeling,” he says, “when commercially available operating systems and applications are programmed less well than the malware deployed against them.”
Tune in to WUWM’s “Lake Effect” Oct. 26 at 10 a.m. to hear more about the story.