
The Mob's IT Department - tpatke
http://www.bloomberg.com/graphics/2015-mob-technology-consultants-help-drug-traffickers/
======
jacquesm
My family had a black sheep, now conveniently dead. One day he showed up at my
door with a Mercedes E-class about a year old (an expensive car in nl with all
the taxes we have here on vehicles). Why don't I spin back the odometer for
him, for a couple of thousand guilders. The car was an ex taxi, they drive a
lot of miles in a short time and they look really good so this was their idea
of making money the easy way.

I refused the job in the politest way possible and got on with my life and I
cut that whole branch of the family tree out of my life.

When I was a kid he'd always show off how much money he had, in the end it
cost him the life of his son (killed by another mobster) and his family. I
hope the money was worth it to him but I doubt it.

edit: so, I just received a message via email about my 'callousness' with this
comment, let me clarify: if you push your wife, son, daughter into crime, get
your son killed and attempt to recruit other family members into your crime
empire then the world is (much) better off without you.

~~~
bane
When he was younger, and long before I was born, my father used to hang out at
a bar in Chicago after work. There was another regular there and eventually,
after a few weeks, the two of them started up into friendly conversation and
became good acquaintances. My father was running a small business at the time
and easily joked about the agony of running a business, the other guy never
really talked much about what he did.

One day my father came home, and his wife at the time mentioned that a
delivery many had just come by and dropped off an age-appropriate gift for
their son (my oldest brother) the day before his birthday.

My father had never mentioned where he lived, that he had a family or a son,
his son's age, or birthday.

He never went back to that bar again.

~~~
jacquesm
Wow, that's a long play recruitment. Scary as hell.

------
karmicthreat
I was in a situation kind of like this. I was brought on to a Canadian company
to make and end to end software system for gambling kiosks. They kept on
making odd requests of me like being able to reseed random numbers on units
until they found a set they liked (our games were deterministic). IE ones that
payed out how they want. Also wanted me to not use encryption for various
portions of the system that handled money.

Eventually I got a picture of the business where they were defrauding their
investors by winning their own games or through exploiting purposeful holes in
the system. Eventually I just delivered them a functioning and secure system.
Refused to go down to the Dominican to install it (Since they had considerable
pull down there) and walked away. It was really the first large project I had
done and walking away hurt me considerably. But it was the right thing to do.

Those guys are in jail now and the investors pulled the plug. So at least I
have some vague sense of Schadenfreude over the whole thing.

Unfortunately ethical software developer isn't exactly a winning eye popping
line item on the resume.

------
kyllo
I used to work at a steamship line, a competitor to MSC, at a US port office.
The port terminals take security very seriously, but some of the steamship
lines' offices are a bit lax. It doesn't surprise me at all that they were
able to sneak in and install this equipment and malware, although I think
social engineering (calling import customer service pretending to be the
consignee and scamming them into giving you the pickup numbers) would be more
effective.

Fascinating article though, and the story would make a good movie.

------
probablyfiction
> They decided the prudent course was to let the whole bizarre incident go and
> hope Maertens never heard from them again.

I've noticed that a lot of IT workers tend to be non-confrontational and
unwilling to stand up for themselves even if the situation calls for it. I
find it interesting that Van De Moere and Maertens show the same tendency
here. A reasonable person would go to the police to report an assault. These
two men were likely selected because Adibelli sensed that they could be
manipulated.

~~~
Untit1ed
The article makes it sound a lot like they were innocent up until that point,
but I'd put good money on them already having some skin in the game.

You can put it down to being non-confrontational but what kind of non-
confrontational nerd happily goes straight back into a room where they were
previously assaulted?

EDIT: Also it's worth keeping in mind that this is just their version of the
story, it might be 100% lies.

~~~
lectrick
> but I'd put good money on them already having some skin in the game

The article says that they cannot find a money trail to these guys.

~~~
jacquesm
They may have simply been too cheap...

------
wahsd
"The sole decoration was a poster of a dozen varieties of mangoes"

That's so cliche. Ha. I can imagine that conversation "Our front is a fruit
import/export legitimate business. We should hang up some posters of fruit.
That will make it totally legit looking."

~~~
LordKano
When I was a teenager, several of my friends and I went to several businesses
in our neighborhood to inquire about jobs. One place was "Folino Bros. Fruits
& Vegetables", as I remember, it was a wholesale market. But, on the inside,
we didn't see many fruits or vegetables. It was arid, dark and dusty with very
little inventory. When we asked about jobs, we were led to a back room where
this burly man wearing a three piece suit and a fedora was smoking a cigar, he
explained to us that they weren't currently hiring then gave each of us an
apple and thanked us for the interest.

When we walked away, we waited until long after we were out of earshot and we
all stopped and looked at each other and confirmed that we were all wondering
the same thing. "Is that a mafia front?"

~~~
cdubzzz
Well, the guy had apples. Must have been legit!

------
daveloyall
There are distracting writing failures--technical stuff.

The phrase "[he] connected the battery to an antenna" breaks the flow of the
story because it leads the reader to the wrong idea, then the reader has to
backtrack...

An IRC channel with 100k users in 1996? Look, freenode has 85k users today,
spread across 40k channels... Even worse, _the Wikipedia page_ for _securax_
indicates that it was an online community that had newsletter with 90k
subscribers.

~~~
roel_v
I was a regular at that IRC channel back then (for a long time - when it was
run from a member's home pc, on EFNet, and the new channel names later on),
and was at several of the meets that came from it. The channel had 10-20
regular at most, few enough that I knew all of them by handle and their real
names (but I haven't seen any of them for almost 15 years). The whole
'security' angle was a joke, yes it was fun to root some boxes when a sploit
hit bugtraq or attrition, but I don't remember anyone got much further than
some DoS 'advisories' (at that time). Already then there was more money in
scaremongering than there was in actual work...

------
wahsd
Don't ever get involved with organized crime. It will never ... ever ... end
up well for you.

~~~
lectrick
Does the law create the criminal by perverting incentives, driving up price
due to risk in a market that refuses to go away even when made illegal (see
Prohibition)... or are sociopaths simply drawn to any high-risk/high-
reward/non-society-cooperative work, becoming criminals?

Or is it a bit of both?

~~~
jacquesm
It's people who are either too stupid to know better or people that
consistently feel they are smarter than everybody else, in either case they'll
have a sense of entitlement.

~~~
HeyLaughingBoy
Sounds like all the criminals I've known.

------
ChrisArchitect
sidenote: what kind of organization does bloomberg.com have going on? this is
under '/graphics/'?

~~~
nmrm2
It looks like "graphics" is their term/brand for articles that make essential
use of "rich"/interactive content.

If I had to take a wild guess, the author/editor of the article might've
wanted some fancy stuff (like the header videos and scroll behavior, for
instance) and it was easiest to do that on this platform.

~~~
1wheel
> If I had to take a wild guess, the author/editor of the article might've
> wanted some fancy stuff (like the header videos and scroll behavior, for
> instance) and it was easiest to do that on this platform.

Yup. We set up a system for publishing git repos with static html/css/js to
/graphics for our interactive charts.

When the features desk for the new site started up a few months ago it was
much easier for them to piggyback on our stack.

------
kirk21
This must be the craziest startup story I have ever read... You complain about
VC's but these guys.

------
timboslice
> How two technology consultants helped drug traffickers hack the Port of
> Antwerp

A fascinating read, thanks for sharing.

~~~
rambambam
As being Dutch I've seen (parts of) this story before. It reminds me a bit of
the Silk Road story, as in: who is who, are they indeed victims as they say,
or not...

I recently read the "Mocro Mafia"; a Dutch non-fiction book about the 'war'
that's still going on in Amsterdam (and Antwerpen too) between two groups of
criminals dealing with drugs-import. It's all based on facts (and of course a
lot of hearsay) and police-reports, but it reads like a script for a
Hollywood-movie. I don't know about an English version, but don't be surprised
if it turns up next to the "Heineken Kidnapping"-book.

~~~
pyre
> It reminds me a bit of the Silk Road story, as in: who is who, are they
> indeed victims as they say, or not

I dunno. This sounds more plausible than the Silk Road conspiracy theories.

------
contingencies
TLDR; physical security at second and third-tier European ports is bad.

------
MichaelCrawford
Bing Image Search.

The ITU's Child Online Protection initiative notifies Google of child
pornography links. Google prmptly removes them from its index.

I expect Microsoft is so notified as well but Satya Nadella doesnt remove the
links nor cached images, despite the original servers having been dead for
years.

I am convinced that kim dotcom's bust gad nothing to do with copyright but
that much of the, uh, "digital media" was distributed from his servers;
however most is encrypted, but typically with very obvious or easily brute
forced passwords.

More or less you start with bing then pay for a premier account with a
filesharing service.

There is also "link protection" mostly our of India, which hides the referring
page. One can earn decent coin by promoting a popular ptotected link.

Most of those links are found on what should be dead forums but whose servers
are still operating.

An easy way to rain on the mob's parade would be to scout around for threads
that go on for hundreds of pages.

[http://www.warplife.com/jonathan-swift/books/software-
proble...](http://www.warplife.com/jonathan-swift/books/software-
problem/deadly-sins/greed/pornography/child/internet/)

------
tedks
I wonder if they (or other drug smugglers) used exploits that the NSA was
aware of but chose to leave open?

~~~
venomsnake
Probably not. Few places have strong IT security as a core value of their
business.

~~~
tedks
Yes, this is true, but I imagine the NSA to have more interest in this sort of
target than in the general case (owning logistics networks seems very useful).

~~~
pyre
They were using metasploit according to the article, so I doubt that they were
sniffing out 0days, meaning that "everyone" knew of the exploits, not just the
NSA.

Secondly, if you're trying to state that the NSA specifically knew that these
specific companies were open to these specific exploits, but chose not to do
anything, then that's a stretch. Were the NSA doing it's job of helping to
secure networks, it would only be attempting to secure domestic networks. I
doubt very much they would drop an email to a foreign company stating that
they found their network security to be lacking.

~~~
tedks
Well, I imagine there's a lot of commonality between the Dutch and American
logistics software stack. I would hope that securing America's ports falls
within the NSA's purview.

I could of course be wrong, but hey. Obviously you're right that the technical
level of expertise is a little below this level in this case anyway, but I
just wanted to emphasize that this is the sort of societal impact of having a
policy of subverting network security.

~~~
pyre
> Well, I imagine there's a lot of commonality between the Dutch and American
> logistics software stack. I would hope that securing America's ports falls
> within the NSA's purview.

If the Dutch logistics companies were running unpatched versions of Windows
(for example) that seems more like an operations failure than anything else.
Not necessarily something that is a broken part of the "stack."

