FROM LATE 2007 until March 2011, if you were an identity thief or credit card fraud artist in need of a fake ID, your best bet was “Celtic’s Novelty I.D. Service.” From its base in Las Vegas, the online storefront manufactured driver’s licenses for 13 states and shipped them to buyers around the world. No questions asked.
With a reputation for quality and the fastest turnaround in the industry, Celtic was a no-nonsense player in a global underworld benighted by drama and infighting. On the Russian-led criminal forum Carder.su, his primary home, he accumulated scores of glowing reviews from satisfied customers. “You can trust him,” wrote Oink Oink. “This guy doesn’t fuck around. Great shit, great communication and bends over backwards to help you out.”
“I agree Celtic is great,” wrote XXXSimone. “I placed an order, instantly he sent the order out did not bullshit around.”
A customer named Temp agreed. “Strongly recommended! Fast shipment, and very good discounts!”
Today Billy “Oink-Oink” Steffey, Maceo “XXXSimone” Boozer III, and Alexander “Temp” Kostyukov might not be so generous with their praise, as they await a November trial in the largest identity theft prosecution in U.S. history. Their mistake? In addition to being a talented ID forger, Celtic was a Secret Service agent.
The government calls it “Operation Open Market,” a four-year investigation resulting, so far, in four federal grand jury indictments against 55 defendants in 10 countries, facing a cumulative millennium of prison time. What many of those alleged scammers, carders, thieves, and racketeers have in common is one simple mistake: They bought their high-quality fake IDs from a sophisticated driver’s license counterfeiting factory secretly established, owned, and operated by the United States Secret Service.
The Secret Service announced Operation Open Market in a press release in March of last year when the first set of indictments dropped. But the agency hasn’t publicly disclosed how it made the busts. That story is told in internal agency documents seen by WIRED, correlated with archival posts from Carder.su and court records. It’s the story of how the Secret Service, in an operation as ironic as it was bold, stole the identity of a low-ranking member of the underground in May 2007, and, with top-level Justice Department approval, used it for years afterward to produce and sell some of the best fake IDs available anywhere.
In the process, the agency built dossiers on identity thieves around the world and discovered the underground’s extensive use of the online payment service Liberty Reserve, which spawned a parallel Secret Service and Treasury Department investigation with its own round of arrests in May.
“By selling the counterfeit identifications, it allowed the UCA [undercover agent] potential to identify individuals operating on the carding portals and develop an understanding of the internal workings of the organization,” reads an August 2011 memorandum produced by Immigrations and Customs Enforcement, which supported the Secret Service in the operation.
“The prosecutorial strategy centers on disrupting and dismantling the Carder.su organization while at the same time acting as a deterrent to similar organizations that may be operating under the belief that because they are outside U.S. territory they are safe from U.S. law enforcement,” the report continues, adding that U.S. Attorney General Eric Holder was personally briefed on the operation.
The Secret Service, DHS, and the U.S. Attorney’s Office for the District of Nevada declined to discuss the investigation.
Open Market isn’t an unsullied win for the agency. Most of the operation’s biggest targets are still at large – many out of reach in Eastern European countries where U.S. extradition is tricky. The bulk of those who have been rounded up are rank-and-file fraudsters, some of whom face outsized penalties under the mob-busting RICO act. Meanwhile scores of fake ID cards made and sold by the government are still floating around.
Open Market began with the arrest of the original Celtic on the outskirts of Las Vegas more than six years ago.
On March 29, 2007, a Whole Foods manager in Henderson, about 12 miles outside Vegas, recognized a shopper who’d used a fake driver’s license and counterfeit credit card to buy groceries a few weeks earlier. The manager called the police, who confronted then-34-year-old Justin Todd Moss – an unemployed man with IDs and credit cards in his wallet bearing three different names.
Henderson police detectives served search warrants at a U-Haul storage facility rented by Moss, and at the room Moss booked by the week at a nearby Extended Stay America. Among other things, they turned up 150 credit card blanks, holograms, a Matica Model T1 embosser, a Fargo DTC 515 card printer, a magstripe skimmer, fake credit cards, more counterfeit IDs, and three handguns. A blue bank bag in his hotel room held $40,000 in hundred-dollar bills.
Secret Service agent Mike Adams interviewed Moss in jail a week later. The grifter admitted he had for years been making a living purchasing stolen credit card magstripe data from the internet, programming it onto fake cards, and using them to buy retail gift cards that he’d sell on eBay.
Moss was just one of thousands of fraudsters inhabiting the so-called “carder forums.” An Eastern European innovation, the forums work like a criminal eBay. Carefully screened “vendors” sell a wealth of products ranging from counterfeiting gear, stolen identify information, skimmed or stolen magstripe data, hacker tools, botnets for rent, and online banking credentials. Forum administrations and moderators keep the system purring, and ordinary members can post reviews of the products they’ve bought. Everyone exchanges tips and tricks for conducting scams.
When the first carder forums, Carder Planet and Shadowcrew, launched more than a decade ago, they were revolutionary, turning computer crime into a globalized, professional industry almost overnight. By the time Moss was busted in 2007, law enforcement had notched up some successes against the carders; Moss had survived the Secret Service’s famous crackdown on Shadowcrew and migrated to second-generation forums Mazafaka and CardersMarket.
Special Agent Adams had been waiting for someone like him for a long time.
Adams had first proposed operating an undercover criminal storefront in 2004, calling it “Operation Crossfire,” according to an internal agency document seen by WIRED. As conceived, the Crossfire storefront would have manufactured fake credit cards as well as IDs. The plan was approved by the Nevada U.S. Attorney’s Office in December 2004, and prosecutor Kimberly Frayn from the Organized Crime Strike Force was assigned to handle any resulting cases.
The plan apparently stalled until Moss’ ill-fated Whole Foods run presented the agent with the cover he needed. Frayn commandeered Moss’ case from Henderson County, and charged Moss with possession of credit card counterfeiting gear. Then Adams began making himself at home in Moss’ virtual skin. He started on CardersMarket, using Celtic’s name to make purchases of stolen identity information – maintaining Celtic’s reputation as a reliable buyer of other people’s illicit products, and gathering evidence against sellers like “CC-TRADER,” who sold the agent 64,000 phished PayPal accounts for $5,000.
In September 2007, CardersMarket went down with the unmasking and arrest of its leader, San Francisco superhacker Max Vision. Adams resettled the next month at the Russian site Carder.su. It was there he began transforming Celtic from a mere consumer of criminal goods into a top provider.
The agent started small. For a full year, he sold driver’s licenses for just three states. But to get an official stamp of approval from Carder.su, he was forced to expand his catalog, adding new states in clumps. “I am not rolling them out one at a time,” he wrote as Celtic in a Carder.su post in June 2009. “My reason is I want to be good at all of them.” (All quotes from “Celtic” and other carders in this story have been edited for spelling and punctuation).
Eventually he boasted 13 states in all: New York, Nevada, Illinois, Virginia, Tennessee, Georgia, Maine, South Dakota, Arizona, Texas, Washington, Indiana, and California.
Nevada was his best, California his weakest. But overall the cards neatly duplicated the authentication features used by each state, like multispectral holograms, UV printing, and scannable barcodes. The Nevada licenses were even encased in what the agent claimed was authentic government laminate bearing the state seal. “This ID is absolutely flawless, awesome, highest quality, guaranteed to work ANYWHERE,” gushed one satisfied customer of the Nevada license. Another crowed that he’d successfully passed the ID at the Social Security Administration.
Kevin Malone, a spokesman for the Nevada DMV, says he doesn’t know how the feds could have obtained genuine state laminates. “We did not give any to the Secret Service,” he says.
Buying the cards from “Celtic” was simple. You’d give him the name you want on the card, the state, date of birth, height, and weight, and a headshot. Celtic would then whip up a digital proof of what the card would look like – sometimes watermarked with a big CELTIC across the front, more often not. If you were satisfied with the proof, then, and only then, would you send your payment by Western Union. Then Celtic would manufacture the physical card in his plant (whether it was at the Secret Service field office, or at an undercover offsite is unclear), pop it in the mail, and send you the tracking number. For U.S. customers, it was three days from order to delivery.
Pricing was $300 for a single card, with bulk discounts available for those occasions when you need a bunch of cards in different names, or you’re outfitting an entire crew of credit card mules for a day of shopping.
Celtic also offered two backup forms of ID for $25 each, or free to first-time driver’s license buyers. One was a fake AT&T employee ID card, the other a Carson City, Nevada “Voter Identification Card” bearing the name and seal of city recorder Alan Glover. The design is fake and the card itself completely notional, Glover told WIRED. “Nevada doesn’t even have a voter ID card of any kind,” he says.
From the Secret Service’s standpoint, selling fake IDs – “novelties,” in the parlance of the underground – would have held a number of advantages. Unlike intangible commodities like credit card numbers or passwords, fake IDs must be shipped physically, which gives the agency an address to check out for every customer. And, being photo IDs, the customer had to provide their photos. It’s a rare law enforcement operation that lets the cops collect mug shots before they’ve made a single arrest.
“It’s a great idea,” says E. J. Hilbert, a former FBI cybercrime agent who worked undercover in the Carder Planet days. Feds routinely get close to carders by selling “stolen” credit card numbers that are actually provided by card issuers, then tracked. Shipping counterfeit driver’s licenses, he says, has the same advantages.
“In fact, it’s even better,” says Hilbert, now a managing director at Kroll Cyber. “You have one name and one ID that you can put in the system and flag. … I tried to get approval for this myself, and they wouldn’t do it.”
Becoming a respected vendor also served more strategic goals, gaining the Secret Service admittance to the closed sections of Carder.su, and giving Adams credibility with other vendors, forum administrators, and moderators.
“After becoming a member of the Carder.su organization, your affiant was able to move up through the ranks from being a general member to eventually becoming a reviewed vendor offering counterfeit identifications for sale,” Adams wrote in a court affidavit, “as well as being a VIP member of the organization.”
That status helped the Secret Service survive a user purge at Carder.su in late 2009, when the Russian operator of the site, known only as “Admin,” removed thousands of accounts and tightened security. Instead of being kicked to the curb with the rabble, Adams became an approved vendor. “Celtic has been verified,” wrote a moderator in December 2009. “All products offered were in perfect condition. Original laminate with holo and UV is confirmed too.”
The Secret Service tried to regulate its output by having “Celtic” take frequent, announced vacations, for days or weeks at a time. But to maintain his cover, Adams always had to return to work.
An official count isn’t available, but WIRED has tallied that the agent sold to at least 110 different customers, shipping at least 125 fake driver’s licenses, dozens of AT&T employee ID cards, and a handful of Carson City “voter identification” cards. In 2009, police departments began encountering Celtic IDs in the wild, not suspecting they were government-made.
Even as he peddled his wares, Adams continued making undercover buys of credit cards and stolen identity information. But he had to be more creative to go after competing novelty vendors – there was no legitimate reason for Celtic to purchase a driver’s license from someone else.
In April 2011, the agent used an outsourcing ploy to target a fake ID seller called “Hans Gruber” (presumably named for the villain in Die Hard). The agent emailed Gruber and asked him to handle two Florida driver’s licenses as a subcontractor. “I can’t make them ‘cause I don’t have the multispec holo for them,” he wrote. “I figured I could buy from you then sell them to the guy that wants to buy them from me.”
Gruber agreed, then vanished after the agent sent him the $400 payment in advance. Today he’s charged with an “attempt” to manufacture two fake Florida driver’s licenses.
Adams’ wheeling and dealing was the working end of Operation Open Market, but much more activity took place behind the scenes. From the start of the operation the Secret Service used Celtic’s growing contact list as grist for hundreds of search warrants, grand jury subpoenas and 2703(d) orders targeting webmail and chat accounts at Hotmail, Live.com, Gmail, Yahoo, and AOL’s ICQ service, as well as ISPs and hosting companies.
More than 230 such orders were issued before the first indictments dropped; one alone, served on Microsoft, gave the Secret Service the contents of 15 Hotmail and Live.com mailboxes.
The Secret Service even obtained an image of Carder.su’s hard drive from the U.S.-based hosting company SoftLayer, where the forum administrator unwisely placed the site for a time in 2009. And through the Justice Department, the agency sent eight Mutual Legal Assistance Treaty requests overseas to get images of servers hosting illicit content or running criminal storefronts outside the U.S.
It was the longest of long cons. The agency allowed its targets to stay free and uncharged for years, until it was ready to drop the hammer, keeping the undercover shop a closely guarded secret the whole time.
In March 2012, the government finally moved, unsealing the first batch of three indictments in a Las Vegas courthouse, and raiding and arresting 19 U.S. defendants in Nevada, California, New York, New Jersey, Michigan, Florida, Georgia, Ohio, and West Virginia. A press release announced the sweep. “The indictments and arrests in this case are yet another example of how the Secret Service continues to promote the Department of Homeland Security’s mission of providing a safe, secure and resilient cyber environment,” wrote A.T. Smith, the Secret Service’s assistant director for investigation.
The press release doesn’t mention the Secret Service’s underground storefront. Neither do the three indictments, or a fourth handed down against an additional five defendants in April.
The main indictment is noteworthy because, in addition to the usual mix of credit card fraud and false identification charges, the 39 defendants have been charged under the mob-busting RICO act – a first for a cybercrime prosecution.
Enacted in 1970 to help the FBI crack down on the mafia, the Racketeer Influenced and Corrupt Organizations Act lets the feds hold every member of a criminal organization individually responsible for the actions of the group as a whole. The losses collectively inflicted by the Carder.su members are easily enough to give every RICO defendant 20 years in prison.
“Each defendant was so minimally involved with such a small portion of stuff, and they put them all together in this huge case and made it a nightmare for everyone,” says Chris Rasmussen, defense attorney for 21-year-old David “Doctor Sex” Camez.
Rasmussen argues the government is overreaching by treating membership in a criminal forum as equal to membership in a criminal gang. “It’s like if a bunch of people are on Facebook. They aren’t really working together.”
The three additional indictments against 16 other defendants charge conspiracy, trafficking in counterfeit IDs, and credit card fraud, but don’t include RICO.
Throughout the indictments, the Secret Service lurks as a silent, unnamed co-conspirator. One of the “overt acts” supporting a conspiracy charge against 48-year-old Thomas Lamb, for example, is that he “did knowingly and without lawful authority … cause others to traffic in and produce false identification documents, which were transported in the mail.” Those documents were one of Celtic’s counterfeit New York driver’s licenses, and one of his $25 AT&T employee identification cards. It was Special Agent Adams who put them in the mail.
Ditto for Lamb’s associate, Roger Grodskey, who’s charged with trafficking in a Nevada license and another AT&T card, both of them manufactured by the Secret Service agent.
IN 2009, POLICE DEPARTMENTS BEGAN ENCOUNTERING THE CELTIC IDS IN THE WILD, NOT SUSPECTING THAT THEY WERE GOVERNMENT-MADE.
Alleged rank-and-file fraudsters like Lamb and Grodskey are facing the brunt of the prosecution – they account for about half the defendants charged in Open Market, but comprise 22 of the 28 who’ve been identified and arrested.
The more valuable targets are the 27 Carder.su vendors charged with selling criminal goods and services alongside Celtic. But of these, eight are known only by their online nicknames, and thirteen others have been identified, but live in foreign jurisdictions like Ukraine, Morocco and Nigeria. Only the six unlucky enough to be based in the United States have been arrested.
At the very top level, the three defendants charged as Carder.su ringleaders are all in Russia, which doesn’t extradite to the U.S., including the site administrator, who is now believed to be running the Carder.su successor forum Carder.pro.
Even with half the defendants unaccounted for, the Open Market prosecution is straining the Nevada federal criminal justice system. The 28 defense lawyers, all from different law firms, meet periodically in the large conference room at the Federal Public Defender’s office – none of their individual conference rooms are large enough to fit them all. An outside firm was brought in just to manage the 10 terabytes of evidence in the case – emails, forum posts, computer files, and Secret Service reports. “It’s just a huge amount of discovery,” says John Momot, Jr., lawyer for Duvaughn “Mackmann” Butler. “A large amount of work.”
An early issue in the case explored how to give access to that so-called “discovery” material to the defendants in custody at the privately run Southern Nevada Detention Center in Pahrump. Earlier this year a judge ruled that they can view the evidence on an air-gapped jail computer set up for that purpose, but they aren’t allowed to print or take notes.
Some of the lawyers even feel sorry for prosecutor Kimberly Frayn. “She’s a really nice person and a good lawyer,” says Rasmussen. “If we all filed one motion her entire week would be filled up in front of a computer.”
As his time as Celtic wound down, Adams transferred from the Secret Service to DHS’ Homeland Security Investigations, a division of ICE, where he’s remained assigned to the case. He shows up at every hearing, defense lawyers say.
So far, Adams’ role as a respected seller of fake IDs hasn’t figured in the pretrial motions, but at least one defense lawyer hints it might in the future. “The issue of course is … whether or not there are issues of outrageous government conduct or issues of entrapment,” says Grodskey’s lawyer, Terrence Jackson. “This is a case that’s probably going to be in litigation for years. All I can tell you is there are issues that are going to come up in pretrial and at trial that involve that.”
Spared from all this is the original Celtic, Justin Todd Moss, who was bouncing in and out of jails and halfway houses while his Secret Service doppelgänger built a fake ID empire in his name.
In 2008, Moss was sentenced to five years probation and ordered to pay $1,422.84 in restitution. In late 2011, he was arrested in Indiana on a violation, then released in March 2012 to a halfway house. He remained there for at least a year, through April 2013, while he struggled to find employment.
Among Moss’ challenges, his probation officer noted in a report to the court, were “difficulties obtaining his identification.”