Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

ASSESSMENT: The Lampeduza Republic Organizational Structure

with 9 comments

Screenshot from 2014-01-24 13:17:11

The Lampeduza Republic:

The Lampeduza Republic is a collective of carders which has it’s base of founders primarily in the Baltic states. You may be familiar with this name and the group through Brian Krebs work on the Target breach of 2013. The Lampeduza came into existence circa 2011 (Creation Date: 2011-06-01T16:54:41Z) as a follow up to other sites that had shut down but with the creation of this one the creators also covered all the bases with mirrors on other servers and domain names. What makes this site different from the rest of the carder arcology is that this group is exceedingly hierarchical and structured themselves after the constructs of Roman rule. As the main player who seems to be involved per Brian has a penchant for games as well as hacking and carding, Rescator (aka Hellkern) it seems only fitting that he has a STEAM account and a love for ROME II (All Out War) It is my contention that he and others within his clan perhaps began this whole escapade after playing ROME II together and grew to love the idea of being powerful “Senatus” or dare I say even Caesars?

Screenshot from 2014-01-24 15:33:06

Organizational Structure:

The Lampeduza Republic (Lampeduza rei publicae) took it’s structure from the old Roman rule as I said above and within this classicist format they have the following categories of “citizens”

  • Сaesar — monarch of the Lampeduza Republic.
  • Consul — highest public official, the head of executive & administrative authority, the head of the Senate.
  • Senator — highest governmental authority of Lampeduza Republic Senate.
  • Praetores — highest public official, Republic arbitrator.
  • Legatus — messenger of the Republic Senate, legion leader. Senate assigns the title to the most devoted Republic warriors, shown himself to good advantage.
  • Quaestores — assistant of the Republic Senate. Treasurer, assessor, the one responsible for payments to contractors. Posts all the decisions, resolutions & laws of the Senate and Caesar ordinances.
  • Primus Pilus — ranked highest in Centurio legion. Shown himself to good advantage for a long period of time. Literally the first rank. Having the right to assign himself two assistants (Centurios).
  • Centurio — warrior, recommended himself to good advantage and decent reputation amongst collegues. Having the right to assign himself two assistants (Optios).
  • Optio — assistant of the Centurio. Chosen by Centurio among his warriors. The title can be assigned by Republic Senate, without Centurio’s petition to anyone standing out sharply against background. Having the right to assign himself one assistant (Tesserarius).
  • Tesserarius — assistant of the Optio. Obligated to organize security & password transitions. Republic of Lampeduza army career is starting with Tesserarius title.
  • Censor — title assigned by default to forum moderator, invited by Senate for observing compliance with Republic constitution. Moderator having title of the Lampeduza Republic allowed to indicate It in his status.
  • Legionarius — citizen of the Lampeduza Republic, lucky passport owner.

Whether or not the actual group functions in a strict regimental way remains to be proven but the general idea is followed through on from what I can see. In looking at it from caches of pages it seems like the inner group of progenitors consists of Consul Octavian (Caesar) , Senator Severa, Senator Tiberiy,  and Senator Flavius. The Caesar is named as “Octavian” which as it happens there is a site Octavian.su which is now a defunct site. This may account as to who was the progenitorus primus in the Lampeduza universe and to date no one has really looked at this Octavian as much as Rescator has. My question becomes who is Octavian? Is Octavian just another user ID for Rescator? Or is this someone else altogether? Additionally, you can see how Rescator has moved up the ranks in the site as time has moved on from Legatus to Praetor all from meeting notes as it were on the site itself. Additionally, the role of Tiberius Caesar seems to have it’s laurel wreath squarely upon Tiberiy, a name that to date really hasn’t been mentioned in the stories around the Target heist.

The Senate of Lampeduza:

Senate of the Lampeduza Republic: Consul Octavian, Senator Severa, Senator Tiberiy, Senator Flavius, considering petition of the Сenturio Pompei, Primus Pilus DJ CRACK, Quaestores Trayan have decided:

I. Magistrate the following:

Octavian – Ceasor pro tempore, the Consul & the head of the Republic Senate
Rescator – Praetores of the Lampeduza Republic, assign the Legatus title
Trayan – Guarantor of the Lampeduza Republic, assign the Quaestores title

II. Assign the Primus Pilus title of the Lampeduza Republic

    DJ CRACK – Primus Pilus of the Republic, province Censor
    Blaster – Primus Pilus of the Republic, province Censor

III. Assign the Сenturio title of the Lampeduza Republic

    Pompei – Сenturio of the Republic
    rfcid – Сenturio of the Republic
    goldminer – Сenturio of the Republic
    -=SGA=– – Сenturio of the Republic, province Censor
    St.Patrick – Сenturio of the Republic
    Mesr – Сenturio of the Republic
    greystone – Сenturio of the Republic
    powerseller – Сenturio of the Republic
    Search – Сenturio of the Republic
    Шаман – Сenturio of the Republic
    j.p.morgan – Сenturio of the Republic
    True Partners – Сenturio of the Republic
    alphadog – Сenturio of the Republic
    risk25 – Сenturio of the Republic

IV. Assign the Optio title of the Lampeduza Republic

    TaoBao – Optio of the Republic
    jimy – Optio of the Republic
    fff3fff – Optio of the Republic
    himik – Optio of the Republic
    PapaRed – Optio of the Republic
    Septimiy – Optio of the Republic
    Avidiy – Optio of the Republic

V. Assign the Tesserarius title of the Lampeduza Republic

    bissone – Tesserarius of the Republic
    liberral – Tesserarius of the Republic

SENATE DATA:

So the main players here are the following;

Screenshot from 2014-01-24 16:04:13Caesar Tempore Octavian

Screenshot from 2014-01-24 16:11:00Senatus Severa

Screenshot from 2014-01-24 16:15:59Senatus now Tiberius Caesar Tiberiy

Screenshot from 2014-01-24 16:31:41Senatus Flavius

Screenshot from 2014-01-24 16:34:38Praetor Rescator Legatus of the Lampeduza

ANALYSIS:

While Brian has actual screen shots of Rescator (a lover of old French films it seems about pirates) talking about the BlackPOS and the shuttling of card data there is certainly more than one player here in the Lampeduza universe. Given the love of the Roman structure of governance it actually played out a most interesting game of looking at who was in fact in charge and the overall makeup of the organization. I have not really taken any kind of real look at the other players on an OSINT level but I am sure that once that is done it will be a bit more enlightening as to who these guys are. It is my theory that they all are gamers and all played quite a bit of ROME II (Total War) and aspire to be the new Romanus Civilis of the digital age. It kind of also fits with the Russian/Ukrainian tastes as well on a societal level. The other part of the puzzle is whether or not these guys were just the procurement specialists and others actually carried out the hack or was it all of them, in their structured and regimented organization that carried off not only the hack but also the brokering of the card data, reaping all the financial rewards as a new Rome should?

Meanwhile Rescator (ala Hellkern) surely had the technical chops to code some of the software as well. In his online profile as Hellkern dates much further back with hacks and code that seems to include a worm that made the rounds circa 2009. He’s been around but so too has Ree4 who it seems for all intents and purposes was the one who modified the memory scraper tech and made it what it is today at least in a proto form. Did Rescator go the next steps and get it to be the application that bypassed AV today and was what was used on Target and the others? Ostensibly the FBI has shown as well as Brian that the software was up for sale for six thousand dollars and obviously that price was paid.  Just who made the changes? We still aren’t sure as solid evidence goes but it seems from what Brian has found concerning OPSEC failures on the part of Rescator/Hellkern he surely had something to do with it. The collective though for me is the thing..

Who else is there and who are they in real life?

K.

mlal qh xzvp ttdqdm xof fgrowuqd

Written by Krypt3ia

2014/01/24 at 21:53

9 Responses

Subscribe to comments with RSS.

  1. […] who wants to understand the hierarchical pecking order of Rescator’s crew should check out this analysis by security researcher Krypt3ia, which examines the Lampeduza cybercrime forum of which Rescator is […]

  2. […] that is motivated and able to handle the work. I would say that the Lampeduza shows this kind of regimental behaviour as well as a motivator in the dumps of cards and easy money from their sale. The point being is the […]

  3. […] is motivated and able to handle the work. I would say that the Lampeduza shows this kind of regimented behaviour as well as a motivator in the dumps of cards and easy money from their sale. The point being […]

  4. […] is motivated and able to handle the work. I would say that the Lampeduza shows this kind of regimented behaviour as well as a motivator in the dumps of cards and easy money from their sale. The point being […]

  5. […] in the first place? After looking at data that Brian had shown me and doing my own research on Rescator and the Lampeduza he and I came to some conclusions on how they most likely got into their systems. […]

  6. […] qui existe dans l’équipe de Rescator devrait lire cette analyse du chercheur en sécurité Krypt3ia qui examine le forum cybercriminel de Lampeduza dont Rescator est l’un des membres.Quiconque […]

  7. I have been in this business for about 18 years i was owneer and founder of vendor.pro vendor.su vendor.ru I wanna help u, and keep u safe to stop getting ripped but seems like u dont like it that way I have been this business since dumps was 1-3$ I know how every shit works U played me before how do i trust u and work with u now I have the best of stuff’s now. I know bins that gonna hit on apple product and bins that can hit in gas station, Am not here for hundreds am here for millions, i was old vendor of maza.la and carder.su in 2003 i was arrested in 2006 i came back in January . 2013 I lost all my property. So i Ain’t here to joke. Am here for a long term business not to rip petty money.contact me on my icq…696121703

    sunny

    2014/07/06 at 11:07

  8. […] programmer in Odessa, Ukraine. In his many personas, Rescator identified himself as a member of the Lampeduza cybercrime forum, and indeed this site is where he alerts customers about new batches of stolen […]

  9. […] programmer in Odessa, Ukraine. In his many personas, Rescator identified himself as a member of the Lampeduza cybercrime forum, and indeed this site is where he alerts customers about new batches of stolen […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: