The FBI Agent Who Became A Black-Market Mogul

Originally published on June 17, 2011 5:58 pm

Keith Mularski doesn't look like someone with a lot of secrets. He has this aw-shucks demeanor, like an overgrown kid in a business suit.

But back in 2005, his first assignment with the cybercrime division at the FBI was to hang out on the underground sites where stolen credit cards are bought and sold. By 2006, he would be running one of the biggest underground sites on the Internet.

The first thing Mularski had to do was come up with his hacker handle. He chose Master Splyntr, after the name of an underground rat in the Teenage Mutant Ninja Turtles.

Mularkski had to create an entire backstory for Master Splyntr to get the criminals on the sites to trust him. So he contacted an anti-spam organization and got it to list his name as a Polish spam king. If you Googled his nickname, he would come up as a notorious spammer, known for buying stolen credit card information.

Master Splyntr was wheeling and dealing on the underground at a moment of particular upheaval in the credit card black market.

There were about four or five major sites where criminals bought and sold stolen credit cards, according to Kevin Poulsen, the author of Kingpin, a new book on cybercrime. Each site had about 1,500 users.

The websites battled for control of the market, much like everyday firms do in the corporate world. Some of the sites suffered hostile takeovers. Finally, two sites emerged as the dominant players: Carders Market and Dark Market.

Mularski was working undercover as an ordinary user on Dark Market when the hostile takeovers happened. At this point, he had already developed a friendship with the head of the site, a British hacker called Jlsi. One night, when Dark Market was under spam bombardment by Carder's Market, Mularski made his move:

I said: "You know my reputation as a spammer. I'm very good at setting up websites. I can hide them from law enforcement. I have my site ready. I have my servers ready." And he said: "Let's move it, bro."

And so one October night in 2006, as we were watching Saturday Night Live, Mularski moved Dark Market to his servers and the FBI took control of one of the biggest criminal sites for stolen credit card information on the Web.

But it didn't take the site down immediately. Instead, it turned Dark Market into a sting operation that resulted in multiple arrests.

Because of Master Splyntr's work, the credit card selling underground is fractured again. But that doesn't mean there are no more sites selling stolen credit card information. As long as card numbers are easy to get, thieves will find a way to trade them online. Which might be why Keith Mularski wouldn't tell me if he was still working undercover.

For more:

Our story "How To Buy A Stolen Credit Card" explains how the credit card black market works. Poulsen's book Kingpin has more on the story of Mularski and Dark Market.

Copyright 2018 NPR. To see more, visit http://www.npr.org/.

ROBERT SIEGEL, host:

From NPR News, this is ALL THINGS CONSIDERED. I'm Robert Siegel.

Many of us have gotten the letter in the mail that's usually from a bank or a trusted business that says: Your credit card information has been compromised. In other words, stolen. I say many of us because credit card numbers aren't generally stolen one-by-one, but in batches; hundreds of thousands of accounts hacked at once. Those numbers are then sold in an online black market auction where only criminals are allowed.

NPR's Zoe Chace brings the story of an FBI agent who ran one of those sites in order to build a case.

ZOE CHACE: Keith Mularski doesn't look like someone with a lot of secrets. He has this aw-shucks demeanor - an overgrown kid in a business suit. Back in 2005, his first assignment with the Cybercrime Division at the FBI was to hang out on the underground sites where credit cards are bought and sold. The first thing he did was come up with his hacker handle that he would use to do deals with criminals.

Mr. KEITH MULARSKI (FBI Agent, Cyber Crime Division): I was watching the "Teenage Mutant Ninja Turtles," and there's a guy there called Master Splyntyr who's an underground rat.

CHACE: Mularski created this whole back-story for Master Splyntyr, in order to get the criminals on these sites to trust him. He contacted an anti-spam organization and got them to list Master Splyntyr as a Polish spam king.

Mr. MULARSKI: If somebody would Google my nickname, it would come up that I was a notorious spammer, I purchased credit cards and things like that.

CHACE: Master Splyntyr was wheeling and dealing on the underground at a moment of particular upheaval in the credit card black market. Kevin Poulsen is an author of a new book on cybercrime, "Kingpin," he picks up the story from here.

Mr. KEVIN POULSEN (Author, "Kingpin"): There were four or five sites at this time, each of which had about 1,500 users on them.

CHACE: What followed were battles like you'd have in the corporate world, including a hostile takeover of some of the sites. Two emerged as the dominant players: CardersMarket and DarkMarket.

Mr. POULSEN: Keith Mularski, the FBI agent, was undercover on DarkMarket when the hostile takeover occurred.

CHACE: By this point, Master Splyntyr had developed a friendship with the head of DarkMarket - a British criminal hacker called Jlsi. And he sympathized with Jlsi when DarkMarket was under bombardment by spam from CardersMarket. One Saturday night, Master Splyntyr and Jlsi were up late instant messaging each other.

Mr. MULARSKI: So I was telling Jlsi, I said, well, you know my reputation as a spammer, I'm very good at setting up websites. I can hide them from law enforcement, obviously, because they haven't caught me. I have my site ready, I have my servers ready. And he said, let's move it, bro. And I said, all right, let's do it. So, and then we took it over.

CHACE: Were you just sitting at home on your couch?

Mr. MULARSKI: Just sitting at home on my couch.

CHACE: And so, one October night in 2006, during "Saturday Night Live," the FBI took control one of the biggest criminal sites for stolen credit card information on the Web.

Mr. MULARSKI: The information was going to be stolen and used anyway, right? If DarkMarket wasn't out there, they would have just been doing it on Max's site, CardersMarket.

CHACE: The two sites battled each other for a full year for primacy on the black market - one as an FBI sting, the other as a criminal online mall for credit card numbers. It's no surprise that the criminal enterprise fell first.

Mr. POULSEN: So CardersMarket went down and then DarkMarket stayed up for another year afterwards, before Mularski voluntarily pulled the plug on it.

CHACE: That was 2008. Kevin Poulsen was pretty obsessed with the feud between to the two major underground forums and covered it for Wired magazine. When the one of the hackers caught in Keith Mularski's dragnet was convicted that year, Mularski's alias came up in some court papers. Poulsen freaked out. Only weeks earlier, he'd been visiting the FBI as part of his research on the kingpin of credit card thievery, Master Splyntyr.

Mr. POULSEN: I got on the phone and when he answered, I just kind of blurted out, holy (CENSORED), Keith, you're Master Splyntyr.

(Soundbite of laughter)

Mr. POULSEN: And he laughed and said he couldn't talk to me and he sent me to the press office.

Mr. MULARSKI: You know our main goal was never to let anybody know that DarkMarket was a sting site. You know, and it was for me to fade and shut the site down and fade off into the sunset and for nobody to know about it.

CHACE: As a result of the work of Keith Mularski, aka Master Splyntyr, the credit card selling underground is fractured again. But that doesn't mean sites don't still exist for stolen credit card information. As long as card numbers are easy to get, credit card thieves will find a way to buy and sell them online. Keith Mularski wouldn't tell me if he's still undercover or not.

Zoe Chace, NPR News. Transcript provided by NPR, Copyright NPR.