In 2007, Max Ray Vision was arrested by the FBI for credit card theft, having jacked over two million credit card numbers from various businesses, everyday people, and competing cyber-criminals. Vision received a 13-year prison sentence, a sentence that was commensurate with his tremendous abilities as both a criminal and a coder.
Under the pseudonym “Iceman,” the security-expert-turned-hacker forged a place for himself at the very top of the cybercriminal underworld before most people were aware such an underworld existed.
People like Vision garner so much attention precisely because of how rare it is for one person to master both crime and coding, which require entirely different skill sets. However today, most cybercrime doesn’t require Vision’s uncommon talent: everything an enterprising criminal needs to commit fraud, theft, and intrusion is available for sale or rent, provided they know where to look.
The Evolution of Black Markets
It’s probably not a surprise to learn that most cybercrime is organized on the dark web, where various criminal specialists can solicit one another to form diversified organizations that resemble legitimate corporations and allow them commit crimes more efficiently. No longer does one nefarious actor have to create the entire operation.
What you may not have known is that it’s only very recently that this kind of criminal association could happen in the open, even on covert forums like those on the dark web. Black markets have existed for thousands of years, but they’ve always been limited by a simple problem: nobody trusts criminals, not even other criminals! Without trust, it is hard for criminals to team up and commit crimes efficiently or at scale.
Organized crime solved this problem by bringing order to the underworld. Crime networks exist to ensure that members aren’t ripped off: play by the rules, and you’re entitled to bigger profits and the protection of the family. A mob boss’s job is to keep order among criminals, punishing members of the crime family who betray “the code,” or the trust of the criminal marketplace.
But organized crime had its flaws as well. The problem with mobbing is that if you get too good at it, you tend to attract attention from authority figures (just ask John Gotti).
So how does this new, brazen form of organized crime happen in full view of any FBI agent with enough technical know-how to use Tor? It’s all thanks to a relatively recent invention of online marketplaces called pseudonymous reputation.
From Crypto, to eCommerce, to the Dark Web
Pseudonymity in reputation systems is a common feature of online forums, but I think the best illustration of the concept is the Amazon marketplaces that first started becoming popular in the mid-90s. When you’re shopping on Amazon, you have no idea what the real identity of “Booklvr64” is, but you know they’re given an average 4.4-star rating on the site. That’s good enough for most, which proves that in online marketplaces, you can establish trust and a reputation without revealing much or any information about your real-life identity.
It’s easy to see how that translates to the dark web. All of a sudden, you didn’t need to be both a programmer and a criminal mastermind to make a lot of money through cybercrime. Criminals could create a reputation for themselves using their pseudonym, building trust and relationships with other criminals without having to fear a knock on their door from the police.
Part of what made Max Vision’s cybercrime spree so groundbreaking was his drive for personal esteem and recognition — even though he could never reveal his own identity. As “Iceman,” Vision worked to undercut rivals not just to steal their business, but to establish himself as a “Kingpin” of online crime.
While that notoriety eventually brought Iceman down, it also brought him plenty of business on the black market. This demonstrated to other criminals that having a reputation for being talented at cybercrime could be an asset to your career, rather than a liability.
Since then, cybercrime has only become more common, but hackers of Vision’s multiple talents have only become more rare. The dark web, cryptocurrency, and pseudonymous reputation have evolved to create a bustling underground marketplace where any talent you might need for a scam is easy to find.
A malware developer doesn’t have to be an expert money launderer anymore to make a profit committing online fraud. Instead of needing a multitalented Max Vision to hold everything together, all these schemes need is pseudonymous trust between the person creating the root kit and the person laundering the money.
When Vision is released from prison in December of this year, he’ll be entering a world that, thanks largely to his own work, no longer considers his unique talents necessary. Perhaps his greatest feat, however unwittingly he achieved it, was to make himself obsolete.
Note: This article first appeared in InfoSecurity Magazine.