King of Cards

The king of cards. That's me. Not playing cards. I'm not a high-rolling gambler. No, the cards I'm talking about are credit cards. Or at least the numbers on them. When you buy something with your credit card, the number, plus some other details, goes flying over a network to your card company, so that they can approve the transaction. After all, it's their money you're spending. But once the transaction is complete, the merchant, the shop or website, is supposed to delete your credit card data. They don't need it any more. They're not entitled to charge your card again without your agreement. 

But some merchants do keep the data. Maybe they keep it in a temporary file, which is supposed to be deleted at the end of the day, but somehow that doesn't happen. Or they're a website, so they keep your details so you don't have to type them in again the next time you buy something. There are, of course, supposed to be strict controls around how this data is stored. Private networks, encryption, controlled logins. But no system is perfect. Mistakes happen. Some of the smaller merchants are pretty clueless about this kind of stuff. Plenty of scope for an enterprising young man to take advantage. 

Credit card data is a very valuable commodity in the criminal underworld. If you have the right connections you can make a fortune. At the ripe old age of twenty-one I was already a millionaire. It was all too easy, being the king of cards. 

But the problem with doing something illegal is that when things go wrong, you're on your own. You can't call the cops. You need to solve the problem yourself. And about seven months ago, things did go wrong. Very wrong. 

I can clearly remember the day everything changed. Of course at the time I has no idea of what was about to happen. When I woke up at about ten and turned on the coffee machine, it was just a normal day. I lit a cigarette and shuffled over to my rig, still wearing my t-shirt and sleep shorts. 

I had built the system myself, choosing the parts with care and putting it all together to suit my needs. The main PC was housed in a matt black aluminium case, with cool blue lights illuminating all those expensive parts on show behind the clear window in the side. I had invested in a silent power supply and cooling fans-- nothing worse than a loud computer. It was hooked up to two 30-inch Apple displays that took pride of place on my desk. A wireless keyboard and mouse rounded out the system. 

But if you were a policeman with a search warrant, looking through this system, you wouldn't have found anything incriminating. I only used that system for playing games, watching movies, and chatting on Twitter and Facebook. All of my illegal activities were done through remote servers, which were located in no-questions-asked data centres in Russia and eastern Europe. And I accessed them through a MacBook Pro laptop. I connected to it from my PC system using Remote Desktop, which let me use the big screens. But none of the MacBook’s data ever ended up on the PC. 

I moved the mouse to clear the screensaver, and reviewed the data that had been collected overnight. My apartment was a penthouse in the middle of the West End— a deliberate choice— and my wifi connection could see hundreds of wireless networks, many of them belonging to the shops and small businesses that surrounded me. 

A Python script that I had written scanned through these networks, looking for insecurities, and then forwarded the identities to a second application which broke the WEP encryption on those networks that used it. Although WPA networks were becoming more common, and were a lot more difficult to crack, there were still plenty of WEP networks around. My software could break into them in minutes. 

I scrolled down last night's haul, clicking on entries at random. A few were obviously home users, others looked more promising. But one caught my eye. The SSID said CHECKPIZZA. Looked like a branch of Checkers Pizza.