March 27, 2007 at 9:27 PM ET
When you think of the Internet underground, you probably don't think about Burbank or Ventura, Calif.. But if you want to see what's going on in the Web's darkest corners, the Ventura Freeway is where you need to go.
About half-way between Burbank and Ventura, get off Highway 101 at Calabasas and look for a low-rise office complex. Inside is perhaps the best portal to into the world of identity thieves and credit card criminals you'll ever find: CardCops.com.
Hidden behind office cubicles and small piles of computer servers sits Dan Clements, 51, who manages a small army of researchers who spend their days masquerading as Web criminals, gathering intelligence from online chats where fraud is the only topic of conversation. Clements and his team of 10 pretend hackers (called "Netseals") scour the Internet for stolen identity information, like credit cards, Social Security numbers and other personal information.
Thieves openly trade stolen data in secret chat rooms, where the numbers and names fly by as fast as an old-fashioned stock ticker. The NetSeals slurp the information up using automated programs and enter it into a database, which now contains millions of entries.
CardCops also has deputized thousands of hackers, who anonymously send in databases of compromised information. Clements calls it the CardCops "amnesty program," but all it means is that he promises not to snitch on the informants. The data they provide is shared with all major credit card companies and federal authorities. CardCops also sells the data to banks and identity theft prevention firms like TrustedID.
CardCops has been at it for seven years, and Clements is often the first to know when identity thieves take a new tack in their craft. That's why he's been a key source for my identity theft stories since we met in 2001.
The ideal person for an on-camera sting
When "Dateline NBC" approached me last year looking for help with its planned piece titled "To Catch an ID Thief," I knew exactly where to send them. Clements has been running the kinds of sting they were envisioning – using something known as a "honeypot" -- for years. He knows just how to draw in swarms of credit card criminals, as you'll see in the Dateline piece. Here's a hint: All it takes is money.
CardCops has an interesting philosophy, born out of necessity when the firm began as online advertising sales business name AdCops.
"Our job is not putting handcuffs on script kiddies (young hackers), but rather to learn from them," Clements said. "So we engage them."
In 1999, Clements was selling online ads and suffering from affiliate and click-through fraud, where hackers set up computers to automatically generate fake clicks and collect bogus commissions. He threatened a gang of hackers one weekend. When he arrived at work the next morning, the hackers had "wiped clean" the company's servers.
"We thought, 'Wow, it isn't too smart to threaten them. So let's treat them with respect and see how far we get,'" Clements said. "That's when we really turned it around."
Another event in 1999 persuaded Clements to focus his company on fraud detection. At the time, Clements said, his firm was directing traffic to America Online for commissions. A number of affiliates helped his company, then known as AdCops, attract traffic, but AOL suspected they also were engaged in click fraud. So the Internet giant sent subpoenas to Clements and instructed him to serve all his affiliates. One day, after he dutifully sent them out, a tech expert with a habit of lurking in Internet Relay Chat rooms devoted to advertising fraud, urgently called Clements over to his computer.
"One kid was saying to another, 'Hey, I just got a subpoena today.' The other one answered, 'Me too. My mom's going to kill me,'" Clements recalled.
The young hackers were AdCops affiliates.
Invitation to brag bears fruit
Instead of running to authorities with the chat room log, Clements had another idea. He asked the hackers how they had done it. One of the hackers took him up on the offer and the idea of the amnesty program was born.
"We wanted them to tell us how they do things," he said. He offered only bragging rights, playing on hackers' vanity, but that was often enough. Soon, CardCops was getting all kinds of tips along with invitations into the most secretive credit card fraud chat rooms.
There were fits and starts while Clements created a new kind of business. His first idea was to create a "fraud museum" of scams and tactics. The museum could be viewed by Internet merchants so they could learn about their enemy.
"Everyone talks about Net fraud, but do you actually know how online thieves work?" Clements wrote in an announcement of the fraud museum sent to MSNBC in March 2001. "Are you curious about the tools they use? Or how they think? Now you can actually see it with your own eyes. Inside you will see zipped programs that steal, crack, encrypt and generate credit card data. You will also see actual e-mails from thieves. … The fraud museum gives you a chance to see fraud from the thief's perspective."
The fraud museum backfired, however, as some merchants maintained that criminals were using it to research fraud methods. So Clements quickly removed the site and began devoting his time to gathering "human intelligence."
For a while, Clements automatically forwarded the compromised data to credit card firms. But increasingly, he had the sense that the card companies weren't acting quickly on the information. So he set up a direct-to-consumer offering called IDProtect, which allows consumers to see if their information has been shared in a chat room observed by CardCops employees. The data also is resold through a number of partner firms.
Critics point out that CardCops data contains only a tiny fraction of data stolen by hackers, and contend that a clean-bill-of-health from CardCops' service doesn't mean much.
Still, the knowledge CardCops has about the nature of the credit card criminals and identity thieves is invaluable. We're lucky CardCops agreed to take Chris Hanson, Dateline camera crews and the public on a journey through the Internet underground Tuesday night.
LEARN MORE ABOUT THIS STORY