When Chao was arrested in September, something in the veil of anonymity surrounding cyber crime was lifted. In this special report, the Joy of Fraud Fighting reveals previously undisclosed information regarding this case.
Chao was the brain behind Crime Enforcers, a busy assembly line of ATM and Point of Sale card skimmers. For eight years he ascended the criminal underground ladder, until he became a name every cyber criminal recognized.
When it comes to online fraudsters, he always stood out as exceptional. His instructional videos, explaining how to install the ATM skimming devices he manufactured and sold in the cyber crime underground, were hilarious. Check
this one for example.
His funny banner ads promoting his wares were always crowd pleasing, rebellious and highly imaginative. I would have published some samples here, but Chao did use some cheap pornography in his banners, making them unsuitable for a respected audience such
as this site's readership. In other words, Legal won't let me post anything ;)
So when Chao got arrested, online fraudsters got scared for the first time in many years.
I already talked about one aspect of Chao's arrest: the famed DarkMarket operation. I'll just briefly mention that DarkMarket had several moderators: one of them was Chao himself, and the other
was none other than FBI agent
Keith Mularski, known in the fraud underground as Master Splynter. It was a brilliant undercover sting operation in which dozens of careless, overly confident cyber criminals such as Chao himself got arrested.
Monitoring DarkMarket helped law enforcement know where to look: Istanbul, Turkey. The next step was locating Chao and building a strong case against him and his crew. This part took clever police work, and last month I met the officer who put Chao behind
bars. Let me tell you: there are some good people working in law enforcement.
The team who arrested Chao consists of some brilliant detectives in the Turkish National Police. Sources in the TNP talking under condition of anonymity confirmed for The Joy of Fraud Fighting the details below:
Chao was arrested in September. Despite his Italian accent and look in his educational videos, Chao is a Turkish citizen whose real name is Cagatay Evyapan. This wasn't his first arrest: he was arrested before in the Turkish town of Izmir, and never returned
from jail holiday. The police considered him a fugitive, but for a long while his whereabouts were unknown.
The Turkish National Police cooperated with several law enforcements, including the FBI. After learning about Chao's activities in the cyber crime world, the TNP analyzed his operation and found a weak link in his supply chain: his ATM skimmers had to be
shipped out of Istanbul to multiple destinations around the world. We're talking about a massive amount of shipping: thousands of skimming devices were sent out of Turkey to multiple destinations across the globe.
TNP detectives went to talk to several international shipping companies. They explained about Chao's operation and contents of his deliveries. This paid off in spades: at some point the TNP was informed by one of the shipping companies that one of Chao's
partners tried to send skimming devices to a certain European country.
This eventually led to pinpointing Chao himself.
Chao didn't go down silently. In August 2008 the Turkish media reported that he
kidnapped a hacker known as Kier whom he suspected as a police informant. Several weeks later he felt the noose tightening, and made arrangements to leave Turkey.
By this time TNP knew exactly where Chao operates. They located him in the outskirt of Istanbul, the Turkish metropolis linking Europe to Asia. They put him under surveillance and discovered that his apartment was used as a huge assembly line for card skimming
devices.
When it was clear Chao might leave town, TNP moved in to arrest him. Later on it became apparent his mind was not completely set to leave Turkey: he thought he could fool the cops for a little longer.
TNP arrested several of Chao's associates: some of the criminals who helped him with the skimming device manufacturing; his cashier; and other members of his group – altogether 7 "Crime Enforcers" gangsters were arrested in September and October last year.
The raid on Chao's apartment provided evidence to the mass scale of his production line. At the time of his arrest, TNP apprehended over 1,000 ATM skimming devices, 2,000 fake PIN pads, and a large amount of fake Point of Sale devices such as the ones you
can find in restaurants and gas stations, as seen in the picture below from the Turkish website Haber. You can also see Chao's himself, led by Turkish policemen.
To conclude this report, lets do some quick math. A single ATM skimmer can easily record one hundred withdrawals per day. One thousand ATM skimming devices can capture 100,000 cards per day. Using a very conservative estimate of $1,000 per compromised card,
we're talking about a potential damage of $100,000,000 per day. The device will be discovered sooner or later – lets assume an average of 10 days before it's been discovered – and we'll reach the staggering figure of 1 billion dollars of potential fraud that
the ATM skimming devices captured in Chao's lab could have inflicted on our ailing industry.
Chao was eventually caught, but others already take his place. The war on crime continues.