The Cybersecurity Canon: DarkMarket: How Hackers Became the New Mafia

Oct 10, 2017
7 minutes


We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite. 

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!

Executive Summary

DarkMarket: How Hackers Became the New Mafia, through interviewing both criminals and law enforcement, paints the human stories behind the early years of cybercrime. It focuses around online card fraud, notably on carders’ market; and, when taken down, the replacement carders’ market and dark market. The book covers the journey that leads to, as the author describes, “the geeks” becoming key players in carding sites – some making their fortunes – and the battles between these sites for supremacy, measured by both market share/revenue and, more often, status.

From the criminal perspective, the book recounts their often-accidental journey into crime. It looks at the challenges they faced, such as building trust between criminals, who could not turn to violence in the digital world, as they would in the physical, when things didn’t go as anticipated. It also explores the battles between carding groups/individuals and, of course, how they tried to evade capture.

From the law enforcement perspective, the skills and techniques required to identify who and where the criminals were often required cooperating across agencies that had previously been unaccustomed to working together. This cooperation was essential in gathering legal evidence, sting operations, takedowns, and for the eventual legal cases that brought with them their own hurdles.

Whilst at times the author may seem a little cynical, he comprehensively got under the hood of cybercrime and did a worthy job of simplifying complex technical descriptions into layman’s terms.  It’s worth noting that the book was published in 2012, so much has changed in both the cybercrime and law enforcement worlds since. However, this is a very good read for those interested in the human aspect of cybercrime, when we all too often we get lost in the technological details.


There are so many books you could read on how a network functions, or what it takes to code exploits and attacks; yet until artificial intelligence (AI) truly becomes cognitive, we should recognise that cyberattacks are techniques and tools implemented by people. DarkMarket: How Hackers Became the New Mafia is one of the few books I have read that looks at the human aspect from both perspectives: the adversary and the law enforcement agencies. What’s amazing to see is that, on both sides, there is progress down career paths not previously planned.  As humans, we all make mistakes as we develop in our careers; and, for many involved, the primary motive isn’t financial greed.

As you read DarkMarket, I would encourage you to consider your current knowledge level.  If you work in cybersecurity, then the introduction, prologue and interlude can be skipped, as they are effectively a historical view of the challenges of the cyber world at the time of writing, opinions on some of the core discussion points – such as security versus privacy – and criminal capability versus law enforcement capacity.

If you are less well-versed in cybersecurity, then reading these will help give you an introduction to basic terms and challenges, but do consider that these were based around how the cybersecurity space was circa 2010.  Much has changed since: cyber insurance is now available and reporting of cyber breaches is increasingly required in many countries.

Carding sites were effectively social networking sites reserved for connecting different cybercriminal skills pools together to enable the end-to-end theft of money.

This obviously included gaining users’ banking details, whether from a physical card skimming device on an ATM or EPOS system, or using malware to steal the information online.  However, this is only one part of the process required to monetise the theft.

Cybercriminals may require further personal information on their victims to spoof their identity. They also need the ability to create cloned cards, and have the required money mules to brazenly walk into banks and stores to physically access or spend on the stolen accounts. These goods are then being resold to convert them into cash. Every part of this complex chain requires knowledge, skills and expertise, and carding sites were effectively the connection point to meet people with each of these essential skills and tools. Carding sites aimed to cover it all.

What’s interesting is that DarkMarket focuses in on three main carding groups. CarderPlanet, which is the first focus of the book, builds out its core members, including Script and Boa as well as other characters such as Fred Brown, who is a pivotal link into unearthing the administrators behind the group. Particularly interesting are the stories behind the site membership, such as how many were more focused on their social status on the site. For some of the core actors, the online community clearly filled a social gap they struggled to find in their physical lives. Also of interest are the challenges these actors faced in building a trust system behind what was inherently the untrustworthy criminal – referred to as “the escrow system”.  And of course, most seriously was how they looked to ensure they didn’t upset the wrong people, which would have the most serious repercussions. This they did in a number of ways, including ensuring they only targeted victims in countries where law enforcement, and more nefarious criminal and political groups, can be avoided.

From the author’s perspective, it seems there was a degree of confidence in not being caught, which I’m sure was partly due to the many elements they put in place to protect themselves. The book tackles this aspect, interestingly from both sides, exploring law enforcement’s challenges in gaining access to the closed circles of carding sites, and the debates around what techniques are acceptable in gathering the right evidence to lead to capture and prosecution.  At the time of writing, cyber law enforcement was largely a new challenge, with unique issues including inter-agency and international cooperation.

Following the demise of CarderPlanet, the second half of the book opens with how new sites came in to fill the void as lead sites, with new characters Jilsi and Matrix developing the book’s namesake “DarkMarket” site, with the goal of becoming the leading site. However, Iceman had other ideas, and sought to eliminate all the competition to allow Carders Market to rule, using DDoS attacks and subterfuge to discredit his competition. At every turn, whilst confident to the degree of being complacent, these latter groups, following the takedown of CarderPlanet, were still nervous of informants and undercover law enforcement agents lurking in their memberships.

As the end of the book approaches, you may, like me, start to become a little befuddled as to just who really is which alias; but the book closes with a nice epilogue of the arrests and sentencing, which highlights just how tough it can be to determine the scope of cybercrime and its impact. Having worked with law enforcement agencies over the course of my career, this is where public support is so important. It will also clarify some aspects of those portrayed in the book and highlight how some others aspects were simply never resolved.

DarkMarket: How Hackers Became the New Mafia is an interesting glimpse into real human lives, and the challenges they face as both cybercriminals and law enforcement agents. It certainly doesn’t portray the TV CSI image for the latter; instead, the many hours of hard graft, development of new skills and relationships, and the ongoing battle to understand an extremely dynamic space that is driven by, what were at the time, some very intelligent adversaries who were pulled into cybercrime by differing motives. After two decades of engaging with law enforcement, this book left me wanting to double my efforts to help assist them where I can, but likewise made me wonder how many cybercriminals don’t see the impact and implications of what they do until they are in way too deep.


Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.