j. keith mularski
Post on 14-Feb-2017
221 Views
Preview:
TRANSCRIPT
1
Oral History Interview
J. Keith Mularski
April 8, 2014
Brien R. Williams
Interviewer
This interview was produced in conjunction with the Museum’s Witness to History program and
generously funded by Target Corporation.
©National Law Enforcement Museum
Brien Williams: This is an oral history interview for the National Law Enforcement Museum
with Supervisory Special Agent J. Keith Mularski, assigned to the Pittsburgh Division of the
Federal Bureau of Investigation. We are in the law offices of Hogan Lovells, in Washington,
DC. Today is Tuesday, April 8, 2014, and I’m Brien Williams. Keith, thank you very much for
doing this with us today.
Keith Mularski: It’s a pleasure to be here.
Williams: Good. Let’s start with your family background a little bit. Go back as far as you
want.
Mularski: If you really want to go back far, my great grandparents immigrated from Poland at
around the turn of the century and worked in the steel mills. Pittsburgh is a very blue-collar city.
My father was a steelworker as well. Growing up in Pittsburgh you had that blue collar-type
ethic. We are very proud of our Polish ancestry. I grew up in a little place outside Pittsburgh
called McKeesport, and I went to McKeesport High School, to Duquesne University there in
Pittsburgh as well, and graduated in 1992. I have a couple brothers and a sister as well.
2
Williams: Did any of them go into law enforcement?
Mularski: No, I’m the only one. Funny story on that. My cousin has a video from when I was
16. He would always take a video at Christmas, and there’s a video and he said, “Well, what do
you want do?” I said, “I want to be an FBI agent.” He played that for me after I was in the
Bureau 10 years, so that was kind of funny.
Williams: What prompted that remark? Was there any particular reason?
Mularski: It was just something I was always interested in. I wanted to do something that I
thought I can make a difference, and I just thought it was an exciting thing. You see things on
TV and you get attracted to those things, so I can absolutely say that I was attracted to the FBI
for sure.
Williams: Was your mother a homemaker?
Mularski: No, at first she was, but she started work after my brothers were born, and she worked
for a number of different companies.
Williams: And did other siblings go to college?
Mularski: Yes, my two brothers did. One of them designs buildings, and the other one is an
environmental scientist.
Williams: And why Duquesne?
Mularski: My freshman year I went to another college called Westminster College, which was a
little bit north of Pittsburgh, and I was a swimmer, so I swam up there, and it was kind of
expensive, not that Duquesne was inexpensive, but they gave me money to swim, so I got a
partial scholarship to swim and transferred down and went to Duquesne.
3
Williams: And you majored in—
Mularski: I majored in history. I was attracted to history, and from an FBI standpoint, most FBI
agents, you’ll hear them, they were CPAs or lawyers, things like that, but history was always
something that attracted me, and I still enjoy it today.
Williams: Doesn’t seem like that. It’s a good fit. Any strong memories, anecdotes about
growing up in Polish Pittsburgh?
Mularski: I love the food. That’s one of the biggest things. The unique thing about Pittsburgh,
it’s immigrant city, so there are all these different little pockets. You have a Polish section, a
Hungarian section, and the unique thing is, especially in the summertime, they all have their own
church and their own bar, and in the summertime they always have their own festivals. So you
always get people from—they remember the customs from the old world—and they make the
food, and it’s just great in the summertime to go to the Ukrainian festival, the Greek festival, a
number of others, and the food is excellent. That’s one of the things that always called me back
to Pittsburgh. When I moved away in 1993, I couldn’t wait to get back. The food is excellent.
If you haven’t been there, I recommend it. [laughs]
Williams: Where did the Pirates and the Steelers fit into your world view?
Mularski: I’m an extremely large Steeler fan. I have season tickets. They’ve been in my family
since the 1960s. My dad and his brothers had them and eventually they got passed down, and
my cousin had them, and when I moved back to Pittsburgh in 2005, he called me up and said,
“Well, one of these tickets is rightfully yours.” So I have season tickets to this day. I’m a huge
hockey fan as well. The Pirates haven’t been good for 20 years, so it was hard to be a Pirates
fan, although last year I was on the bandwagon for sure.
Williams: You graduate from Duquesne and then the furniture business beckons.
4
Mularski: I graduated in 1992 and we were kind of in, if you remember, a recession. It was hard
to find jobs for somebody with a history major, and I was engaged to be married and needed to
make money. My dad had worked for the furniture company and said, “Hey, they’re opening a
new store north of Pittsburgh. You could go be a salesman. You could make decent money and
then go wherever you want to go from there.” So I applied and was a salesman for about seven
or eight months, no, maybe it was a little over a year, and then I transferred to a new store that
they were opening up in Maryland, and was there for a little over a year. Before then I went out
to St. Louis as an operations manager and worked at two different stores out there, and then
joined the Bureau, the FBI from there. But the funny thing is when you talk about, it sounds
very unique from an FBI agent’s standpoint being in furniture sales and things like that, but I
think it was one of the best ways that I could have gone, because the interesting thing is in
furniture or in sales, you want to get people to give you money that they don’t want to give you,
and in my business we get people to give us information that they don’t want to give you. So I
think that from a standpoint of training, it was a great base for being able to go out and talk to
people and make people feel at ease and things like that.
Williams: You developed those skills in the furniture business, sort of knowingly, or you just
sort of—
Mularski: No, I think it was sort of if you don’t sell you don’t eat, so you learn them pretty
quick on the job, and I think I’m kind of a happy-go-lucky guy. But it was good to interact with
people all the time and I think it prepared me for sure.
Williams: So you might have had a bright future in the furniture business.
Mularski: Maybe. It wasn’t my calling though. Federal law enforcement was definitely my
calling.
Williams: Tell us about your steps into the FBI.
5
Mularski: My freshman year of college we had a recruiter come out and he talked about the FBI,
talked about the qualifications that you needed to become and agent, and I remember he gave a
little sheet and it had these disciplines: law, or accounting, foreign language, and then there was
the diversified section and it, in order to be competitive, it said that you should have at least five
years of professional experience in managing people. To this day I still have that sheet, from
1988, and I kept that in a box. When I was in the furniture business for five years and I felt that I
had managerial experience in things that I could write to knowledge and skills, I said to my wife,
“I want to apply to the FBI. I don’t want to be, when I’m 80 years old I don’t want to look back
and say I would have, could have, should have. So I’m just going to do it and we’ll see what
happens.” The process was long then, it still is long today, so you just send an application in,
just like a one-sheeter, and they call you for what they call Phase One testing. I went and took
that test. It’s kind of like a personality profile. I passed that, then I got called in for what they
call the formal application process, and it’s you write down everything that you’ve ever done in
life. They want to know where you worked, whether you worked at McDonald’s for three
months in one summer, and you write all that down and all your references and background.
They really want to know everything about you. I put that in, and then the recruiter said, “It’s
very competitive. This process now could take up to a year. You may or may not be picked to
go to Phase Two testing. I had submitted that part of the application process some time in the
summer and I remember it was in December of ’97 I got a call while I was at work. The
recruiter said, “We had a cancellation for a Phase Two testing in Kansas City,” this was like on a
Monday and they said, “Testing is Wednesday. Can you get on a plane tomorrow and fly to
Kansas City? This may be your only chance, because there’s a spot that you could fill and if you
don’t take it somebody else may be more qualified next time.” And I said, “You don’t need to
tell me twice.” So I flew out there and did the formal interview process where you sit in front of
a panel and they ask you all kinds of questions, and you have to answer them I guess right, and
then you—there’s some kind of an essay at the time. So then you wonder whether you pass, so
for the next seven days, 10 days, you’re on pins and needles because if you don’t pass that,
you’re pretty much done. But then I got the call that said I passed that. Then you go to the next
phase, which is the polygraph, which I could honestly say polygraphs are absolutely horrible. So
you go in there, and me being Catholic, I have a guilty conscience too, and so you just go out and
say, “Hey, this is everything I’ve ever done in my life.” So I passed the polygraph, and then you
6
go through more background, and then in May of 1998, I got the letter saying you got accepted
to go to a class at Quantico [Virginia], and July 19, 1998, I reported to my Quantico class.
Williams: Summarize the training process.
Mularski: The training is fantastic. That’s the one thing about the FBI that I just think is
absolutely wonderful is they teach you to be whatever they need you to be. You have people
from all skill levels. The very first day you go to the Academy you go around and everybody
stands up and says what they did. And I could tell you it was very intimidating, and especially in
my class, we’re going through, and on my row, the guy on the one end, he gets up, “I was
assistant district attorney in Dallas.” The next guy was a Marine helicopter pilot, the next guy
was a Navy Seal. I stand up, “I’m in sales.” So the next guy next to me had a PhD in
aeronautical engineering and worked for Boeing, so he was a rocket scientist. It was very
intimidating because you have the best of the best. Initially I was a little taken aback, and I
remember calling my dad that night and saying, “Hey, look at all these people that are here. I
don’t know.” And he said, “Look, everybody’s on ground floor here. They’re going to teach
you everything and they hired you for a reason. Just go out and be the best you can.” That was
the best advice that I think I ever got from my dad, just to go out and do it. And sure enough, the
Bureau, they train you. Firearms, I’d never, although I’d gone hunting when I was a kid, but
that’s with the long rifle. I’d never shot a handgun, and that first day on the range you’re out
there and your hands are shaking. I had never shot a handgun, but the training is wonderful, and
to this day I’m an expert shot. I shoot in the high hundreds, or the high nineties on all my
qualifications, and that was all from their training. They teach you how to interview people,
defensive tactics, physical training. The classes are really fascinating too because they put it in
real world experiences, so when you’re taking a law class they talk a lot about the cases that
you’ll experience in the field. To this day something will come across my desk and I’ll say,
“This case is related to this, and we can’t do that.” So the training is just wonderful. You’re
down in a closed academy, and it’s been a long time since you had been in school, and you just
make some of the best friends as you’re all going through that. The training was absolutely
fantastic.
7
Williams: How long is that process?
Mularski: At the time that I went through, it was 16 weeks, but I believe now it’s 21 weeks.
Williams: At the end of those weeks where did you go?
Mularski: When you’re there about six weeks in, well, actually the very first day that you’re
there, you write down your wish list of where you want to be stationed. They said, “Look,
you’re never going to go back to where you processed from.” I was fine with that because I
processed from St. Louis. I had Pittsburgh number one, and all the other ones down there, and I
had New York and Honolulu number 55 and 56, and I had Washington field thirty-second on my
list. So after you’re in a few weeks, you get your orders, and it’s a real neat thing because they
have a big map up, and people go up, and you state your name, and you open up the envelope
and say “I’m going to such and such,” and then you put the pin on the map. So I got up there
and I opened it up, and I’m going to Washington field office, my thirty-second choice. But it
turned out to be great. I got selected to Washington field to go work national security matters up
there. Washington, it’s a big city, and it’s hard on a new agent coming in to find affordable
housing, so we lived way down south in Stafford and in Fredericksburg [Virginia] and would
commute 52 miles each way. We had a real big dog at the time, an English Mastiff that weighed
250 pounds, so we couldn’t get an apartment up here, so we had to rent a house, so the only
place we could live was down south. But the work was fantastic. The first few months that I
was there, the first year, I worked the case where the Russians had placed a listening device in
the Department of State. Soon after that I worked the Robert Hanssen espionage case as well.
Then a few months after that 9-11 happened and I was down at the Pentagon, at the evidence
warehouse there, processing that. At that time you could do so many days at the Pentagon, and
then you did so many days running down leads. They didn’t want you to get burnt out at the
Pentagon. As luck would have it, one of my days that I was running down leads, one of the leads
was to go to the Brentwood Post Office [Washington, DC]. There was some kind of crazy
complaint. So a colleague of mine and I were back in the Brentwood Post Office digging
through the mail, and a couple of days later, that’s when we learned about the anthrax being
there, so we get a call saying that anybody who’s been at the Brentwood, you’ve been exposed to
8
anthrax, so you need to go down to the hospital. Then I got swabbed and went on Cipro
[Ciprofloxacin]. It was a crazy time. I had great experiences. I feel like I was like Forrest
Gump, just being in the right place at the right time.
Williams: What was your role in the Hanssen case?
Mularski: I don’t know how much I can disclose, but I know that I worked very diligently with
Mike Rochford’s squad, who led that investigation. I know all the pictures that were taken of the
drop sites, I took all those. I remember teasing people because one of my pictures was on the
front page of the New York Times. My picture was in a shadow, and I’m like, “See, I’m in the
front page,” but I was in the shadows. I worked a lot with the surveillance teams that were out
there following him around. I was the team leader for the Arrest Team Number Two on that day,
the day of the arrest.
Williams: What does that mean?
Mularski: When Robert Hanssen was going to do the dead drop, we had wanted to get him in the
act. It’s been documented before. We had searched his PalmPilot and we’d seen that he was
supposed to go to “Ellis” on this day, which was the code name for the one drop. We were in
surveillance, and I remember he pulled into I think Pike Seven Plaza on Leesburg Pike, if I
remember correctly, and we didn’t expect him to go to the drop site until later on that night, at
seven o’clock, but we had just got on station around three, and he dropped a friend off at the
airport and he pulls in there and he pops open his trunk, and we could hear the surveillance team
calling out, “He’s wrapping it up in plastic.” And we’re like, “Oh, this is going to go down
now!” and your heart starts beating. The way that was to the drop site, you kind of had to cut off
the angles, because he could go out of it right or he could go out of it left, or actually he can go
straight, so there was a SWAT team and another team. My team was if we would go out this
way, we were there. He went out the other way, the SWAT team got him, then my team secured
the area while they put him in cuffs and searched him and things like that. It was very exciting.
Williams: Big moment, wasn’t it?
9
Mularski: Absolutely.
Williams: You were how many years in Washington?
Mularski: I was there from 1998 to 2005, so about seven years.
Williams: Other highlights that you want to remember?
Mularski: Just the friendships, I guess. Until this day the guys on that squad, I was on CI-5 was
the name of the squad at the time. We called ourselves the Wrecking Crew, and everybody had
nicknames and everybody had a story behind their nicknames, which was very fun. To this day
they’re still my best friends, even though I don’t talk to them all the time. When we meet up,
one of them got married last year and we were all back, and it was just picking up like we’d just
left each other yesterday. I guess it’s like sometimes in the Army they say your Army buddies
are some of your closest friends, because you go through things nobody else experienced. And
that was the same thing with my first squad there, for sure.
Williams: Right. Any particular mentors you had as you were getting your sea legs in the FBI?
Mularski: I don’t think any particular mentors, but my supervisor at the time, Mike Anderson,
he has worked the [Aldrich] Ames case, the [Earl Edwin] Pitts case, the [Harold J.] Nicholson
case. He had just done so much, and he was an absolute fantastic supervisor, who really not
micromanaged you, let you find your own voice so to speak. Just turned you loose and let you
go. He was just wonderful. And I’ve been very fortunate in my whole Bureau career, now 16
years, to have my immediate supervisors. Every single one of them has just been outstanding, so
I think that that’s contributed so much to the experiences and successes that I’ve been able to
have, based off of those guys, for sure.
Williams: Tell me about the transfer to Pittsburgh.
10
Mularski: Coming from Pittsburgh, when I graduated college I couldn’t wait to leave Pittsburgh.
You leave Pittsburgh, and then you realize, “It’s a pretty good place.” So I spent the next then
12 years trying to get back to Pittsburgh. At the time when we moved down to Washington with
the FBI we were living in Fredericksburg. It was very rural, and if you remember at that time
there was the big housing bubble and it just exploded down there and the traffic was insane. And
my wife was working in Alexandria as well, and we had a son, and after the 9-11 experience
where she was worried that she wasn’t going to be able to get back to daycare, she said jokingly,
“Look, I’m giving you five years for us to get out of here or we’re getting divorced.” Jokingly,
of course. But point taken, so I started looking for opportunities to transfer, and a position came
open to transfer up to this new cyber unit that they were starting up there in Pittsburgh, and it
was a transfer as a cyber specialist, and I said, “Wow, cyber’s kind of like the wave of the
future.” And I did fun work in the counterintelligence and national security stuff, but I thought
that the computers was where things were going, so I really wanted to take that job. I put in for
it, and luckily for me I got accepted. I was assigned to a small unit in Pittsburgh. It was just me
and another agent, [Thomas X.] Tom Grasso, and we were assigned at a non-profit called the
National Cyber Forensics and Training Alliance, or NCFTA for short. It was a really unique
setting because it was designed to bring law enforcement, academia, and industry under the same
roof to work the cyber crime angle. So we weren’t working in FBI space. It was neutral space
and it was just the two of us. At the time the NCFTA was really, really small and there were
only about five or six employees. And then Dan Larkin was my immediate supervisor, but he
was stationed down in West Virginia at the Internet Crime Complaint Center. Dan had started
the NCFTA when he was a supervisor in Pittsburgh, and then he transferred to the IC-3 and then
tried to make the NCFTA a headquarters body, a headquarters position. That’s kind of what
spurred the canvas to have somebody go there. Tom and I started working spam cases and things
like that, working with industry, what the cyber threats were out there.
Williams: When were you first introduced to the whole notion of cyber?
Mularski: I’d always been very interested in computers and would always play around with
different things, and I remember actually when I worked at the furniture company a friend of
mine, she was very technical, and we would play around on the computer and she would show
11
me things. When I was working with the FBI I learned some different computer things, so I was
able to write to the skill sets based on the on-the-job training that I had. It was always very
interesting. I’m kind of a technophobe, a gear head that’s always interested in the latest thing.
Williams: Had you done any infiltration just playing around in these earlier days?
Mularski: No, no not at all.
Williams: Your hands were clean.
Mularski: Yes, my hands were clean for sure at that time.
Williams: What about Tom Grasso? Was he a little bit ahead of you?
Mularski: I can honestly say that Tom was one of the best and still is one of my best friends.
One of the absolute best guy I could have been working with, because Tom is the typical gear
head and he’s like a brother to me, and he had so much patience explaining everything, how the
cyber cases worked. He had worked in Chicago, cyber matters, and I learned everything
technically from him. He would take the time out to show me what I didn’t know, and I was
kind of a sponge to him. He’s awesome.
Williams: Were you just sort of surfing?
Mularski: How I got introduced into the cyber underground was we got a call from the United
States Postal Inspection Service. They said, “Hey, we’ve been working this case. We’d like you
to come down. We’d like to show you what we’re working on on this case.” So my boss Dan
Larkin said, “Hey, why don’t you fly down?” They wanted to meet in our off site in Calverton
[Maryland], one of our facilities there. I flew down and I met [Gregory] Greg Crabb, who was a
postal inspector at the time. And Greg started telling me about this site called CarderPlanet, how
this was a criminal organization. And he started telling me about all the investigations he was
doing, and it was just fascinating. That this was cyber crime in the 21st century. I had a
12
background in Russian studies and I had some Russian language training, and obviously with my
previous work and my Slavic heritage as well it was very fascinating to me, so I just absorbed
everything that Greg was telling me. He shared a lot of data and we started sitting down and
working on it together.
Williams: So you went back to Pittsburgh and he came and visited you from time to time?
Mularski: Yes, he came and visited frequently, and then I would come to Washington and meet
with him, and I met with his analysts as well. We started triaging the data. I was taking their
data, seeing how we could help other FBI cases and start making that cross-referencing, to tie
things together.
Williams: Just to backtrack, where did you get the Russian history and Russian language?
Mularski: I studied Russian in college. I took a few years of Russian language. And then in the
Bureau I did some of the tapes and things like that. I’m not proficient at all but I’m very
interested in it and I know enough to get me in trouble. [laughs]
Williams: The Carder site, that was originating in Russia, is that right?
Mularski: CarderPlanet was kind of the very first of these sites. It spun off of another site called
Counterfeit Library. And it was started mostly by a bunch of Ukrainians led by a guy named
King Arthur and another guy that used the name Script. The neat thing about these sites is
everybody knows each other as a nickname. Everybody has a handle online. So they viewed
themselves kind of like the Italian mafia. They had terms of hierarchy, so Script was the
godfather, and then below that you had Capos, and Capo dei Capis, and they would kick money
up to the family members and all of that. They really viewed themselves as [unclear] in Odessa.
There was a big Carder’s conference, and at that time anything you wanted on there in the cyber
underground you can get on one of these sites, so if you wanted compromised cards, if you
wanted counterfeit plastics, if you wanted malware and exploits, it’s all there and people
advertise. They view themselves as businessmen, they pay for advertising. Because if you have
13
10 people selling the same type of product, why do you go to one over another? Well,
advertising. So they have banner ads. If you to visit CNN and you see a banner ad for these type
of jeans or this soft drink, it’s kind of the same thing on these sites. A banner ad for credit cards
and things like that.
Williams: How did you gain access to this?
Mularski: By the time that I got in, CarderPlanet had just been shut down, and its kind of sister
site was called ShadowCrew. So Secret Service ran an operation against ShadowCrew. We did
things with CarderPlanet as well. So those both went down, and then a number of other sites
started up after that, like Theft Services, which was also known as IAACA, which stood for the
International Association for the Advancement of Criminal Activity. And other ones like
Carder’s Army, CarderPortal, so there was a number of different ones, whereas at the beginning,
the first four years there were like two main ones, and then they kind of spun up these other ones
after that. Some of them, you just needed to know you could register and you could go on and
see. Other ones like Theft Services and IAACA, you needed a vouch to get on. So what I did
was I wanted to just go on there and see who was advertising things. If we would have some
kind of a criminal case, I started seeing from what Greg had giving me a lot of connections back,
so I was like, “Why should we wait until we get a complaint from a victim to try to find out who
did it when these guys are kind of telling you what they’re doing? Why shouldn’t we be working
an intel[ligence] case and find out who is this guy, because he’ll lead you to the crime.” I just
wanted to get on and start observing. Working with industry, I needed to have a legend, a
backstop at that time so that they didn’t just boot you out, because if you weren’t active or
talking they could kick you off. We reached out to partners of ours called Spamhaus, because
we were working a lot of spamming cases, and I thought having a legend as a spammer would be
really good because spam is the backbone of a lot of the criminal activity on the Internet, because
you have the malicious emails, you have links that will spread malware, the spam goes out. By
being a spammer I could get in all aspects of exploits, credit cards, malware and things like that.
Spamhaus has a list which they call the ROKSO list, which stands for the Register of Known
Spamming Organizations. They kept track of the world’s top 100 spammers and they would
have profiles from their investigations. They would say this person spams, and this is who he is
14
and all that. So we said, “Hey, let’s make a listing for me. Let’s come up with a profile that I
could have out there so that if somebody would Google my nickname it would say that I am a
criminal and they wouldn’t boot me off.” So that’s what we started working on, bringing that
together.
Williams: Spamhaus was, would you call it “white hat?”
Mularski: Yes, absolutely white hats.
Williams: Your nickname then.
Mularski: Like I said, everybody in the underground needs a handle, so I was a big Teenage
Mutant Ninja fan. I just remember one Saturday morning watching cartoons with my son, and
Master Splinter is up there, and I’m like, “This is kind of cool, because I can put elite Hacker-
speak in Splinter and spell Splinter without any vowels and just with y’s. Splinter is kind of a
neat character because he’s like a sensei, but he’s in the underground, but he’s a rat. I liked the
irony of it all. I said, “I’m going to just go with Master Splyntr as my nickname.” So I talked
with Spamhaus and that’s what we made the profile, with Master Splyntr, and we made me as a
Polish spammer, because I wanted to capitalize on as much of my ancestry and my heritage and
what I knew and things like that as I could. By saying I was of Polish descent I came up with a
legend that actually was a friend of mine, it’s actually her real story, so my legend was that I
grew up in Poland, my father was a member of Solidarity, and in the eighties Solidarity came
and gave my father 24 hours to get out of the country, so then we emigrated to the States. So
that was my background story, but it was really a friend of mine, that’s her real life story. Since
I knew that like the back of my hand, they always say the best lies are rooted in truth because
you know it. So I tried to make my legend as close to something that no matter what I got asked,
I would always know the answer and I couldn’t get tripped up.
Williams: Where did Master Splyntr go?
15
Mularski: I joined a couple of the forums that were out there, and then we had another source
that cooperated with us back then. I wanted to get into one of the private forums. I made a
posting saying would somebody vouch for me? And this person vouched for me and then other
people vouched for me too, because they had seen my Spamhaus listing, which was great,
because it gave me credibility that I was kind of a criminal and I was well-known. People would
come up to me and go, “Hey, do you know Spamhaus has this listing?” And I’d be like, “They
got it all wrong.” I would curse Spamhaus and all that, and play up to it. And then I tried to
have my legend too, where I would always show my IP address coming from near Poland so that
people would think that hey, I slipped up, or if they would track my IP [Internet Protocol]
address that would go to solidify what my legend was. They would think “Hey, he messed up.
But this is probably his true IP. It says he’s from Poland, near the Czech Republic. That would
actually help my legend.
Williams: I don’t quite follow that.
Mularski: When you go on line, you have an IP address assigned to your computer, and that can
be tracked. So if I visit one of these carding forums, if one of the administrators wanted to see
my IP address where I logged in, they would see Master Splyntr and they would see an IP
address, and they could do a look-up on that IP address and you could geo-locate where it comes
from. So whether it comes from the United States or parts of the EU I would always make sure
that my IP address, I would do an anonymizing technique known as proxying, so I would set up
what they call a virtual private network or a virtual private server. I would connect from my
computer in Pittsburgh to this server, and then that server would connect to any of the bad places
I needed to go. The footprint I would be leaving would be from that server, so they would think
that that’s where I was located.
Williams: But you indicated that there was an advantage for not being in Poland.
Mularski: I would say that I was back and forth between Poland and the United States, so my
family was still in the States, my immediate family, but I had lots of extended family, so I was
always going back and forth, into the EU and all that.
16
Williams: If they traced your IP it would go to where?
Mularski: It would go back to Poland or the Czech Republic, was generally where I sent most of
my traffic, although there was one time where there were some backstopping mistakes where I
almost got compromised. As we go further I’m sure I’ll tell you that story.
Williams: So where do we go next?
Mularski: In the operation, I never really intended it to be an undercover operation. My whole
goal in this was to just be passive, be a fly on the wall, collect intelligence and send that out to
the field offices and all of that. The way our guidelines are written in the FBI, what you can do
without having an undercover operation and what you can do with an undercover operation. You
could have an operation, but they dictate whether something is an undercover operation or just an
investigative operation. So you can investigate by doing things, but you’re not allowed to have
more than three to five contacts with a target before you need to have an undercover approval. I
would never have that many contacts with a person. It would only be one or two, and I’d refer
him to a known undercover as well. But in the summer of 2006 some things had happened. I
had just been passively collecting for maybe nine months.
[stop for battery change]
Williams: So you were going to pick it up with the summer of ’06.
Mularski: Okay, the summer of ’06, the carting forums got turned on its side. There was a split
a little bit before that between the Russian-speaking forums and the English-speaking forums.
After a series of law enforcement actions the Russian-speaking forum said, “We don’t trust the
English-speakers. They’re all feds and cops.” And they set up their own forums. One of the
forums was called mazafaka, another was called CartingWorld, and those were the two biggest
ones. They started their own. Then two English-speaking forums started, and one was
DarkMarket and one was CardersMarket. Those were the two biggest English-speaking ones at
17
the time. So in the summer of 2006, there were some wars that were going on between
CardersMarket and DarkMarket. What had happened was Max Butler, or Iceman, who ran
CardersMarket and then a guy[s] name JiLsi and Matrix ran DarkMarket. In the summer of
2006, Iceman decided that he was the elite hacker and everybody else didn’t practice good
security. So what he did was he hacked all the other carding forums and combined them into one
in the CardersMarket, and said that this is the one place because I have the best security. Well,
that really ticked off all the other administrators that ran these other sites. So there were board
wars going back and forth. People didn’t know whose side people were taking. Around that
time, the beginning of August of 2006, my name had been out there for a long time. I’d kept the
same nickname. The great thing was that because I was just doing passive collection, I never
asked anybody for anything, I never probed them to ask where they live like typical law
enforcement would do. I was very standoffish because I couldn’t have that many conversations
with people. People started coming to me because my name had been out there and Spamhaus
had backstopped me and had continued to fill up my dossier, saying I was doing activity. So
they started coming to me, “Hey, whose side are you on? Are you on DarkMarket’s side or
CardersMarket’s side?” I knew there was an opportunity that we could exploit for the better of
the FBI, so I went to Headquarters and said, “Here’s the situation. Let’s get undercover
authority now. Let’s make this what they call a Group Two undercover operation so that I could
start talking with these guys and doing buys and seeing what we could do to really infiltrate this
group because they seemed to be coming to me for advice. So we got it approved and I was able
to start talking with the guys, so I started talking with Iceman, talking with JiLsi, and there were
these tacks back and forth in all of that. It seemed that I was going to have more of a chance
with JiLsi because JiLsi wasn’t very technical and Iceman was very technical. DarkMarket kept
getting attacked by Iceman, so I said to JiLsi, “Hey, bud, you know my background. I’m a
spammer. I hide servers, I secure servers. I’ll host the site for you. I could protect it against
these different attacks.” It was like a courting process over the next couple months, and I could
see that I was making some headway for them. Knowing that if we were going to host the site I
needed to get that next level of approval, our Group One, which is our most sensitive undercover
operation. I started working with our lawyers to make sure that everything, all the T’s were
crossed and the I’s dotted, and everything that we could do legally for this. We got approval
with the hope that eventually maybe we could take over the site. Lucky for me, just a couple of
18
days after we got our approval I’m watching Saturday Night Live and I’m chatting on line, and
DarkMarket is getting attacked. So I reach out to JiLsi, and I’m like, “Hey, dude, this site’s
getting attacked. You’ve seen I have these servers ready. We can move the servers.” And he
says, “Okay, let’s do it.” So I reach out to Tom Grasso, this is 12 o’clock, I don’t remember the
exact time but it was real late, around midnight, and I’m like, “Dude, we’re taking it over right
now. Let’s get the site up.” So Tom had the servers configured, we moved the files over and at
that point the FBI ran DarkMarket. We needed to do a couple of things legally at the time to
make sure that we could collect all the things. It was really unique, and Kevin Poulsen wrote
about this in his book [Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime
Underground] that there was a banner on the opening site, so that when you would go into the
site the bad guys had written this big manifest, basically saying that the site wasn’t bad. “This
site is not used for criminal activity. It’s for security researchers” and all that, and you have to
click “accept” before you go in. Now owning it, we went in and we changed a line of that to say
hey, by you using this site you agree to let any administrator monitor any communication on this
site. So now there was consent. People would click on it and consent was there that we could
now capture all the communications that were on this site. So we started doing backups of the
forum and being able to then prepare intelligence packages and get that out to different law
enforcement agencies.
Williams: How did you inoculate yourself from further Iceman intrusions?
Mularski: We had a couple incidents. The first incident was probably about 30 days after we
took over the site, and it almost blew us right out. At the time I was using another proxy that
was coming out of Virginia, a company called Kire.net. We had that, that was our first-end
proxy, and then we had some other ones, and then we also had a covert backstop Internet account
coming out of the NCFTA there, a backstop to a company. What would happen sometimes is
our anonymization shelves would go down and we would have to do something on the site
because we were getting attacked. So we would just use our covert Internet to log in, because it
wouldn’t come back to the FBI or anything like that. Iceman had attacked it a few times and he
had compromised JiLsi’s account, and JiLsi used a really stupid password, it was like MSR206,
and MSR206 is a magnetic strip writer, and that was his password. Iceman had access, and I
19
think he did some other things. So he had gotten into our back-end server and he did what they
call a last 50, so they would see the last 50 people that logged in. So he started looking at all the
IP’s that were there. So one of the IP’s that we had to do was our covert line that was there. He
had seen the IP that went back to this backstop company. Now at the same time he was attacking
other things, so we had another mistake that had happened, so basically anything that could go
wrong would go wrong. One of the things when I became an administrator and took over the
site, one of the things that you could do is review products, so if you would come on the
DarkMarket, you couldn’t just sell a product. You had to be reviewed by trusted reviewers, and
they would test the product and write a review and say, “Hey, Master Splyntr’s product is really
good, so now he could sell his product. I would always like to review malware and look at
different credit cards. This one guy had said, “Review my new malware package.” Well, he also
had it backdoored, so I gave it to an analyst to review it, and this person had set up, he had it on
his flash drive, and he was a new analyst, and it had some templates from the NCFTA on it. So
when he went to test this, and it was on the same covert line that we used reluctantly, when he
tested it, it went back to the bad guy, who was working with Iceman. He only gave this product
to four people, with Master Splyntr being on of them, so he knew one of four people now as
somehow associated with the NCFTA. When Iceman then was looking at who was logging in to
the backend server, he saw these other ones and he also saw that, the same IP that had this
NCFTA template. He did what they call a “who is” lookup, and he saw this is backstop to this
company and this was this phone number. That phone number was supposed to be unlisted, but
the backstopping failed, so when he looked up what they call AnyWho, just on the Internet, that
phone number then came back to an address which wasn’t supposed to come back to an address
at all, but it came back to an address at the NCFTA. So now Iceman knew, and highly suspected
the Master Splyntr worked for the NCFTA. And then he started publicizing all this stuff. But
luckily for me, I so convinced JiLsi and Matrix that I wasn’t FBI or NCFTA, because Iceman
was attacking everybody and there was a lot of false information he was putting out too, so
nobody knew what to believe or what not to believe. When they then gave some of the evidence
to the other DarkMarket administrators, they also tried to Trojan them, and they detected it, so
they didn’t believe some of the evidence. We scrubbed all of our data so that by the time they
went to look what Iceman was saying, it didn’t exist anymore. I got passed that and got lucky.
That was my first brush with getting compromised at that time. I talked to Iceman. He never
20
really believed me. I said, “Look, these other logins were somebody else. Then we moved the
server to Ukraine and then down to Brazil. We worked with the Ukrainians and Brazilian law
enforcement to allow us to host it there. And I said, “See, if I was the U.S. law enforcement I
would have left it in the United States.” We moved it away right away.
Williams: You did have conversations with Iceman over the time.
Mularski: Yes, but then he hated me. [laughs] And I didn’t like him too much either. [laughs]
Williams: So, bring the story to its conclusion.
Mularski: We started working with the law enforcement. Our goal was to slowly pick people
off as they would go. We were working with the U.K. authorities to get JiLsi arrested, and then
we were working with the German authorities to try to get Matrix, and the Turkish authorities
with Cha0, who was one of the other administrators. We were really focusing on the
administrators and then anybody else collaterally that we could get.
Williams: The administrators were part of your team, weren’t they? They were the top dogs on
DarkMarket.
Mularski: Yes, they were the top criminals. So I convinced them fully that I was a legitimate
bad guy, which leads me to almost my ultimate compromise too. My actual ultimate
compromise. In May 2007 we were getting ready to arrest Matrix and a couple other guys in
Germany at the time. So I’m chatting with Matrix, and he said to me, “I got the weirdest email
today.” I was like, “What?” So he shows me this email and it says “Master Splyntr is FBI,
DarkMarket is an FBI sting, warn JiLsi, the E.U. and all these others that we had scheduled for
arrest. Wipe your hard drive,” and all of that. So Matrix shows that to me. I’m like, “Who’s
that? It’s probably Iceman stirring up stuff again.” We get that and we start tracing. I’m like
there’s a compromise here somewhere. Matrix tells me this like on a Tuesday. I reach out to the
Brits, the Germans, the Secret Service, the French, saying, “Hey, we’ve got a mole here
somewhere.” Because Master Splyntr had always said he’s NCFTA, now this is saying he’s FBI.
21
This is more serious. They knew all the people that we had scheduled in this first takedown here.
So I tell them on Wednesday, and then Thursday Matrix gets another email saying something
like, “You dumb ass; I warned you. You didn’t listen to me. You’ll pay the price.” And Matrix
shares that with me again, which was great. So we started an investigation looking at the
Hushmail account. We sent an MLATs [Mutual Legal Assistance Treaty], got stuff, and
eventually traced it back to a German police officer who I guess was having some problems with
his boss, who was running those investigations, and he decided to warn Matrix about that. When
this German police officer went to court he also put my name in the public record, that Keith
Mularski was Master Splyntr, because I had had conversations with obviously the German police
knew that I was Master Splyntr and that Keith Mularski was him. Then this went in the German
court documents, but luckily for me they were never really exposed to the public at that time. So
I sidestepped that brush at that time, and Matrix got arrested and JiLsi got arrested, and the
others went down as planned. Over the next course of the year, others were taken down and we
started planning to bring the whole thing down, because now there was only a couple of other
administrators left and it was decided the FBI can’t be the kingpin of this carding site, so we
need to somehow wrap this up. We had a meeting in the spring of 2008. We brought in all our
foreign law enforcement guys and said, “Okay, we have our authority. We’ll go through the
beginning of October.” We had to renew our authority every six months. We would go to the
Board of the FBI and DOJ [U.S. Department of Justice] and say, “This is what we’ve
accomplished, this is why we think we should continue, and this is where we’re going. We’re
going to try to wrap it up in October.” We planned for everything and we had arrests scheduled
to bring down Cha0, who was our Turkish guy, in August, the beginning part of September. And
that went down. We had a few more final ones in the UK, so I made a going-away post. Being
the history major and fascinated with history I looked back on the history of the carding forums
and I really liked how CarderPlanet went down, where King Arthur wrote this flowery going
away, basically saying “The time has come to change. There’s lots of police and feds out there.
It’s time to fade away.” I borrowed off of that and said, “It’s time to go away. I’m not going to
suffer the same fate as Iceman and all the other guys. It’s time to just fade away, and
DarkMarket is going to close October 5,” or I can’t remember the exact date but that first
weekend. So we had that scheduled and we were riding these last couple weeks to collect the
final evidence to get prepared for the UK arrest. Then I got a phone call from a German NPR
22
[National Public Radio] reporter, Kai [Laufen], I think his name, I can’t remember his last name,
and he said “Hey, Keith, I’d like to do an interview with you because I know you’re Master
Splyntr.” And I’m like, “I don’t know what you’re talking about.” He says, “I know you’re
going to deny it, but I’ve seen the court documents. There was the policeman that went to trial
and I’ve talked with Markus Kellerer, who’s Matrix.” Because Matrix knew about it, I think,
from the German case on the police officer so he knew about it as well, so he had told, I believe,
Kai to look in these court documents, and in the court documents it said I was Master Splyntr.
So Kai’s like “Look, this is a great scoop for me. I don’t want to cause you or your family any
harm or anything like that, but at the same time you understand, I have something unique.” I
told our Headquarters, and at the time they decided no way under any circumstances are you
going to do an interview right now with this reporter. So I told Kai I can’t discuss anything. So
Kai runs with the story on NPR, German NPR, and it says one of the main administrators of
DarkMarket is an FBI agent. He didn’t name me by name at that time. So Kevin Poulsen finds
out about it, and Kevin reaches out to Kai, and Kai shows him the documents, and ironically I
had just met Kevin just a couple days before. He had visited the NCFTA to do a thing on cyber
crime, and he had been following the Iceman saga, with Iceman talking about the NCFTA
running DarkMarket and things like that. So Kevin was really interested, and he knew there was
some kind of smoke there as well. Kevin calls me on a Monday, and we were scheduled for the
first of our takedowns, for the wrap up, so DarkMarket goes down on Saturday, Kevin calls me
on Monday, we had our arrests scheduled for Wednesday of that week. He calls me out of the
blue, and I think his exact words were, “Holy shit, Keith, you’re Master Splyntr.” At that point I
laughed, because the site was down, and I’m like, “I can’t talk about it.” I knew he was fishing
around, because he had drilled me the week before and I didn’t say anything. So I can’t talk
about it. So Kevin runs a story I think it was on Tuesday, his expose, “Keith Mularski is Master
Splyntr,” and I was really worried that this was going to affect these final arrests that we had on
Wednesday, but luckily for us it didn’t. I got exposed publicly, the arrests went down, and even
with the exposure, some of the guys that I talked to still didn’t believe it, so they were reaching
out to me saying, “Did you see what Kevin had written?” And at that point I was overt, because
I didn’t have any undercover authority anymore. I’m like, “I am who I am. You should turn
yourself in.” And it was funny because one of the guys, the guy who used the nickname The
Unknown, that was arrested in the UK, he had fled and he wasn’t home at the time, and he sends
23
me a message basically saying, “Hey,” and he called me a bunch of names, and he said “You’ll
never catch me.” I replied back to him saying “You should turn yourself in. It will be living
your life on the run. You’ll always be looking over your shoulder whether I’m there or not.”
Sure enough, within a few days he did turn himself in. Then we went public with the press
release, and it was a major success internationally, being able to work with all the law
enforcement officers. I think that at the time we had 60 arrests total, and that went up another
dozen or so over the course of the next few months as we picked up some people here and there.
Williams: Let’s follow this to its conclusion, which I think is really arresting Iceman. Talk
about his identification, and you were actually there when he was arrested.
Mularski: I was. So, we worked with Secret Service really closely on that. Contrary to what
Misha Glenny said in his book [DarkMarket: How Hackers Became the New Mafia] about the
friction between us, the FBI and the Secret Service, at that time working with the Pittsburgh field
office of the Secret Service and us there, they were great. The two Secret Service agents were
fantastic. They had a case where they had a source which was targeting Iceman, and they had
done purchases from him, and we ended up opening up a case as well. It was fascinating. There
was an attack in Richmond, a spear phish against Capital One, and the agent down there Mike
Schuler, who is a good friend of mine, he had that case. He had reached out to me for some help
on tying this to anything. So we made connections to an email address that registered the
domain for the spear phish back to a known Iceman facility, and I’m like, “Dude, you got the
best case in the Bureau. Your case is against Iceman and this is a malware attack, and we can
prove this.” So we were working very closely together with the Secret Service to try to gather
information. They had some sources that gave us some leads, so one of the leads was that
Iceman was raided by the FBI for Half-Life, I think it was a game, for stolen source code. We
looked up and Max Butler was one of the people that we raided. We only raided a couple
people. And then we got some more information about another guy that worked with Iceman, so
he ended up getting arrested out in California. And then the Secret Service went out and
debriefed them and got some more information on some of his cohorts, and we bounced that off
a database at the FBI. And sure enough there were talks where this guy, his last name was
[Christopher] Aragon, was Iceman’s partner, and there were stories about Aragon’s hacker was
24
named Max. So it was all kind of adding up and then it all kind of came together. I remember it
was Labor Day Weekend when we were ready and then we were going to go out and raid the
following week. We had decided that the FBI would get a complaint and the Secret Service was
going to either have their complaint or indictment as well, and we would go out there and do this
arrest together. I remember Mike Schuler and I sitting down at FBI Headquarters and drafting
the complaint up. It was real exciting. I went out to San Francisco when we knocked on the
door and caught him totally off-guard. We had some forensic experts from CERT [Computer
Emergency Response Team] CC [Coordination Center] in Pittsburgh at Carnegie Mellon, who
were just some of the best encryption experts, and they got there and made sure that the
computers stayed on. We were able to recover the memory and break out his password, and Max
was still defiant. “Hey, you didn’t have anything against me,” because he thought his computers
were bricks. And then the one day they just slid his password over to him and at that point he
was deflated because he knew we had everything. He kept everything he ever did was there. We
had our case against him and the Secret Service had theirs, and between the two we brought them
all together, and then he pled. I think he got 12 years or 13 years, and at the time was the biggest
sentence ever for a U.S. hacker. It was a very proud moment to work on that case.
Williams: You actually brought him out of jail to attend a meeting in Pittsburgh, right? Talk
about that.
Mularski: Yes, we brought him out just to pick his brain, to have him talk with other companies
and things like that. “What goes though your mind?” Max was a very interesting guy too. He’s
probably one of the most interesting that I’ve come across. I don’t think Max ever set out to say,
“I’m going to be this elite hacker.” It’s just Max had a, he was very confident in his skills and he
had an ego. And you slowly kind of blur the line. I think you see that in a lot of cyber criminals
too. They may start out saying, “Okay, here’s a password. Let me see if it actually works.”
They log in and then nothing happens, and then they try something different, and it just slowly
blurs over time, where you really don’t realize that you’re committing a crime, that you’re
illegally accessing this account, nothing happens to them, because they’ve done it dozens of
times with no fallback, and then before you know it, then they start looking at, “Well, I’m not
really committing a crime against you. This is against the bank. This is against the corporate.
25
Because you as a consumer aren’t going to be responsible for these transactions. The bank or the
merchant’s going to. And you know, they’re rich corporations and they’re already sticking it to
the little people anyway.” So that’s kind of how they start thinking and then they blur the line,
and before you know it they become responsible for millions and millions of dollars in damage.
Williams: So he’s languishing in jail in Lompoc, California, I think it is. Have you had other
contacts with him or not?
Mularski: No, not since he’s moved out there. I’ve wondered what he’s been up to, and I can
honestly say I’ve been meaning to drop him a letter, just for the same reasons that sometimes I
don’t talk to my best friends anymore, because you’re so busy now that—
Williams: What would you say in that letter?
Mularski: I guess I would just say to him, “Hopefully, when you get out, you’re a very smart
person, that you could make a lot of money doing things for the right. There are many different
famous hackers that put their uses to good things. Kevin Poulsen being one of them. Kevin
Mitnik with his security companies and all that. Put it in the right way and do it for the better
good of the Internets and to make money legitimately instead of that way.”
Williams: Right. One thing that strikes me as you tell this tale is that it appears that you were
sort of working on your own.
Mularski: Oh, absolutely not. The Bureau was just great at having the resources. I was the
mouth of the operation, talking with the bad guys. There was always so much going on. They
always had all these demands. There would have never been any kind of a way for me to talk
with them and do all of the things technically that they wanted, and that’s where Tom Grasso
was really Master Splyntr No. 2. He set up all the servers, he did all that stuff from a technical
aspect. And working with all of our international partners, the other FBI agents that had the
cases out in the field, my friends up in New York and in Richmond and Atlanta that were
actually working the packages that we would refer out. I ended up being the face of this because
26
I got compromised, but that was never my intention. I would have been happy to be, like I said,
in the shadows of that page. That would have been totally fine with me. There were a lot of
people that were involved that deserve a lot of credit too.
Williams: Who’s the name that you would associate with really directing the operation?
Mularski: Again, I was responsible for the strategy. We didn’t have a lot of resources to throw
at it. It was kind of me and working with my international buddies to get the right strategy, and
then Dan Larkin, my boss. He was just wonderful. He gave me that blank canvas to go and do
that. Another agent, Eric Strom, was responsible for all the admin because you can imagine
there was so much administrative burden on this and he made sure I stayed out of trouble, made
sure all my t’s and i’s were crossed and all that and all the finances were in place. So between
me, Tom and Eric, that was pretty much the crux of everything, and then Dan just really being
our cheerleader and supporter from an executive level.
Williams: When you came back here to get clearance on these Group One, Group Two sort of
things, what kind of a reception did you get from the higher-ups at the FBI?
Mularski: Very good, especially when we would go before the review board. They were very
supportive of the operation. One of the CUORC [Criminal Undercover Operations Review
Committee]—the board is called a CUORC—said, “This is righteous,” we should be out there.
The one thing we didn’t talk about is all the preventive loss we did. Because we were collecting
the data, we were capturing compromised credentials that we would get out to the financial
institutions and get malware signatures out to the anti-virus companies to prevent stuff was
happening. The great thing was that even though people would give me accounts for me to
check and I would go and give them to the financial institution and say close these down, prevent
them so that there’s no fraud on them. That actually helped my credibility because if the bad
guys who gave it to me would actually check on them and see that they were closed, it would
actually help my legend because I would say “Yes, I popped it for this amount of money, or I
had to do this.” So naturally then the account would get closed for fraud, and that actually gave
me credibility because if they would double-check me and see if it was closed, it would help me
27
out. I think that, aside from the arrests, was one of, what we call PELP, Potential Economic Loss
Prevented, was one of the biggest success stories. We had a lot of support at the Department of
Justice and the FBI.
[pause]
Williams: So tell me about the media reaction when the story broke.
Mularski: Naturally, as you can imagine, wired ran with it and it got a lot of media attention.
Normally FBI undercover agents aren’t in the press. Obviously everybody knows Joe Pistone,
and all of that, and because now they could tie a name, Keith Mularski, to this operation, there
were a lot of calls and a lot of requests for media and things like that. It was kind of crazy. Even
to this day I still get a lot of calls about things. If something happens in cyber I think some
media will just Google cyber agent and FBI and my name comes up and they call me. It’s either
a blessing or a curse. It’s a curse in the fact that your name is exposed out there, but at the same
time you try to use it to really send the message on what we’re trying to do, because I think it’s
really important to work as a coalition and to get the message about cyber crime out there. I try
to use that to promote what the FBI’s doing, what our partners are doing, to get people to hear
maybe what they wouldn’t have heard. So it’s a blessing and a curse, and I try to make it as
positive as I can.
Williams: Any particular media moments that really stand out in your memory, or not?
Mularski: Obviously, getting two books written about your, and I think I’ve been mentioned in a
couple of other ones. Kevin Poulsen’s book, Kingpin. Misha Glenny’s book, DarkMarket.
[Joseph] Joe Menn wrote a book called Fatal System Error, where he mentioned me as well.
I’ve been in a couple of textbooks as well, and I get ribbed about it a lot. Rightfully so. I had a
buddy last week who was in a class and there was an article about it, and he sends me a picture
of the textbook and teases me.
Williams: No 60 Minutes?
28
Mularski: No 60 Minutes. German media did a big thing as well on it. RSA [Rivest-Shamir-
Adleman cryptosystem] gave me an award, the Excellence in Public Policy, for my work on that.
For a portion of the case, my work helping a New York case, was awarded the [FBI] Director’s
Award for [Excellence in] Cyber Investigation along with other New York agents in 2010. So I
got some kudos for the work.
Williams: Talk about your career since then.
Mularski: Since then I finished the operation in 2008 and then I continued to work at the
NCFTA, really working with international law enforcement, to try to capitalize on the success
that we had working together. One of the things that I’m really proud of there is right before I
left the NCFTA—our FBI unit up there is called the Cyber Initiative and Resource Fusion Unit,
or we call it CIRFU. Before I left CIRFU, I put together with the agents up there the first ever
what we call International Task Force. We invited law enforcement from all around the world—
from the Ukraine, the Netherlands, Germany, Australia, Latvia, Turkey—where they actually
came in and embedded with us for three months. The neat thing about the NCFTA is that it’s
neutral space, it’s not FBI space, it’s not corporate space, so you can bring everybody in. To be
able to work elbow-to-elbow, so to speak, with these police in all these different countries and
bring together projects to say, “Hey, look, this is the project the FBI is working on.” And they
come and they say, “This is the project the UK is working on,” and the Netherlands and so on,
where we could all leverage each other’s resources is fascinating, because you get information
and you say I have information going back to Germany, and you say to your partner over at the
BKA [German Bundeskriminalamt or German Federal Police], “Can you look at this?” And
they answer right away. It just really kick-started a number of cases, and now it’s in its third
year. I’m very proud of that accomplishment during that time. And then the position opened up
at the Pittsburgh field office, and I felt that after about seven years at CIRFU and NCFTA, I was
ready to go back out to the field and take the knowledge and experience and kind of hey, I had
my day in the sun. It’s time to get the other people and share that knowledge and get other
people up to speed in work cases. So the position opened up as the cyber supervisor at the
Pittsburgh field office for the Cyber Intrusion Squad, and I put in for it and got it. For the last
29
couple years I’ve been working with the team over there, working intrusion matters affecting
western Pennsylvania and West Virginia. Probably one of the biggest things that we worked on,
from a media perspective, was the Pitt bomb case. There was a number of bombing threats that
happened two years ago that were bomb hoaxes that were coming in to the University of
Pittsburgh that kind of paralyzed the whole university. They were using Mail Anonymizers—
mail remailers and anonymization services. We were able to track it back and find it was a guy
in Ireland named Adam Busby that was actually sending the mail threats. He was a Scottish
separatist, he has M.S. and he’s sitting in a wheelchair, and all day he would mail the bomb
threats from a phone that didn’t even have a full-size keyboard. It was a very complicated case
and the agents did a lot of great work, so I’m proud of that one. Hopefully there will be many
more in the future.
Williams: Why did he settle on—
Mularski: He had just done bomb threats and he had been in and out of jail, and why he picked
the University of Pittsburgh I don’t know.
Williams: Amazing. What’s the state of the field today? How would you characterize our cyber
forces?
Mularski: The threat out there migrates very quick. The thing about cyber crime that’s different
than traditional crime is that it’s all done virtually and it’s all done instantly. If you just look at
how the Internet’s changed in the last 15 years, it’s remarkable. If you think back 15 years ago, I
remember I had a Dial up connection at home with an old Gateway computer that had a four
gigabyte hard drive and 28-bit modem, and now you look 15 years here in the future and we’re
doing of our shopping on line, we’re doing our banking on line, everybody has mobile devices
and we are a wired society that wants everything instantly. As a result the criminals are like that
too. The crimes are so sophisticated now with using such sophisticated malware, you wonder
where the venue is. You have people in Eastern Europe talking to people in the United States,
talking to people in Asia, and you have infrastructure all around the world, and the
communication is instant. So it’s very difficult, and the bad guys are evolving, and it’s from a
30
cyber crime perspective it is organized crime, it is organized crime in the 21st century. When we
think about organized crime we think of The Sopranos and The Godfather, and we think about
these guys sitting in a back room planning their next heist, and violence and things like that. But
it’s not that, but it’s the same. The money is incredible that’s out there. One of the schemes,
Zeus, that you read about so much has been prevalent. Over a hundred million dollars in
confirmed losses, and that’s just one scheme. There are many of them out there. You hear about
the big data breaches that are all constantly in the news and it’s big money. It’s not this little
pimple-head kid in the room. When I came to cyber in 2005, my view of cyber crime was war
games and Matthew Broderick sitting in the basement trying to hack into the Pentagon, and it
couldn’t be further from the truth. People think all cyber criminals are nerds, and they think of it
like the big bang theory, and that’s what they expect, but if you see guys like Max Butler and
Albert Gonzalez that the Secret Service arrests, these guys are living on the edge, and big money.
The other criminals too, they are very structured and they leverage one another for their services.
It’s become specialized, where this person does this thing, this person does cash-outs, this person
does that and they all leverage, so the days of one hacker doing everything, those are long gone.
As for our response to it, we have some great people that know what they’re doing, and I think
that we’re making strides, but we’re not all playing on an even playing field. The laws in
different countries are different. The cyber expertise just in the United States, in the different
districts across the United States are varying. It’s one thing to have the subject matter expertise
from the agent standpoint, but when these cases are so sophisticated you have to have that
knowledge and understanding going from the agent to the prosecutor to the judges to the jury.
And sometimes when people start talking cyber crime their eyes gloss over. If I talk with my
wife about some of the things, she goes, “All I heard was blah, blah, blah, blah, blah.” And
that’s what people hear. So the education, and I think that’s just going to be in time. When you
look at the younger generation now, they’ve grown up all on social media, they’ve grown up
with cell phones and on computers, and they understand that. The older generation that don’t
understand the things will be replaced by that. I think we’ll be making more strides that way,
because they just understand that, and the technical skill will be there right off the bat. My son
and my nieces and nephews, they can do anything on a computer. They’ve just grown up that
way. It’s a matter of getting the laws in line. Some of our laws are outdated as well. But I think
31
from an expertise standpoint, I think we have the expertise. It’s a matter of getting everything
caught up to that. Long answer to a short question. [laughs]
Williams: One thing that intrigued me in doing the research for the interview was the difference
between mag strips and EMV [Europay-MasterCard-Visa integrated circuit cards], which is a
chip and pin that the Europeans are using that is much safer.
Mularski: It is safer. In those cases when you put your card in you have to put your pin number
in to use, and it reads off the chip there. The thing about chip and pin is that you need to make
sure that it’s rolled out uniformly everywhere, because if you go to put a cell or a pause terminal
that’s not configured for chip and pin, it defaults back to the mag strip. It all comes down to
convenience and expense. It’s a great expense to roll this out, and do the customers want it? So
it comes down to do the corporations that want to spend the money to issue it, do they think it’s
worth that, and for their customers to adopt it? Or if they roll it out and it’s cumbersome, will
their customers then go to somebody that’s not doing it, just for convenience? But it is
absolutely more secure.
Williams: Any thoughts about the leadership of the FBI the time you’ve been there? Louis
Freeh, Robert Mueller?
Mularski: Obviously I don’t have a personal relationship with any of them. I know that Mr.
Freeh was there for my first couple years, and he was an agents’ director. He would come out
and run with us, and obviously Director Mueller really transformed the FBI where we needed to
go, especially in wake of 9-11 and you think of how much the FBI’s changed since then. We’ve
totally changed the organization, and that was much needed especially in the wake of 9-11, and
Director [James B.] Comey, I don’t know much, but everything I’ve been seeing so far, I like
him. He brings a new era to the FBI.
Williams: In what way?
32
Mularski: It’s just different. Sometimes somebody has a different perspective and it’s different
and just seems refreshing. There’s a lot of support with cyber. Naturally that’s key to my heart,
so cyber’s getting a lot of attention and activity.
Williams: Am I right, your wife is also an FBI agent?
Mularski: No, she’s not.
Williams: Where did I pick that up, I wonder?
Mularski: I don’t know. She’s absolutely not an FBI agent. She’s a writer.
Williams: Okay. You were going to talk a little bit about the discrepancies in the record in the
two books that you mentioned.
Mularski: I thought Kevin Poulsen’s book was a very good book. Although I didn’t agree with
every point that Kevin made in the book, I thought it was very fair. From that standpoint, I’m
fine with that. I thought the DarkMarket book written by Misha Glenny, although it provided
some very good insights to certain things that I didn’t know, like these interviews with some of
the targets, I thought it was sensationalized a lot more. I thought it tried to really play the
world’s coming apart, this cyber crime is going to destroy the world, and that there’s so much
tension between the agencies and all that. Naturally we have tension when you’re in the middle
of a case and all that, but at the end of the day, there was no animosity like was written in that
book. I got along really great with the Secret Service guys, and in that book it made it appear
that there was so much tension and that we hated each other, but that wasn’t the case at all, and
that’s something I’d like to set the record straight on.
Williams: Are the lines of demarcation between FBI and Security and DOD [U.S. Department
of Defense] clear, or are you always overlapping?
33
Mularski: I can only give you a field agent’s perspective. The decisions on that are way above
my pay grade. We all have different missions to do things. Some compliment one another, some
confuse one another. That’s really all I can go into that. One organization cannot do it all, that’s
absolutely true. The FBI’s not the solution to all cyber crime, the other agencies aren’t the all-
solution. It takes a collaborative whole-of-government approach, and I know that there’s lots of
talk, and the executive’s way above my pay grade to work that out.
Williams: Where does Secret Service take on a case or the FBI take on a case?
Mularski: In cyber crime we kind of do have a dual mission. Their responsibility is for
protection of the banks and the banking system. Naturally with cyber crime attacking the banks,
they have jurisdiction there, and we do as well, so there is that cross-jurisdiction, just like we
have with other agencies too. Like with ATF [Bureau of Alcohol, Tobacco, Firearms and
Explosives] and DEA [Drug Enforcement Administration] and all of that. There are different
violations that we all have different overlaps, and it’s dependent upon us to make sure that we
work it out together.
Williams: And you’re all under Homeland Security now, right?
Mularski: No. Secret Service is under DHS but we are under the Department of Justice.
Williams: Would you recommend a life in law enforcement as a career for young people?
Mularski: I can tell you absolutely. As I mentioned earlier, being an FBI agent has been my
dream. You get to experience a lot of things. I have the coolest job in the world, hands down.
Some people may say being an athlete or whatever, but I get to travel the world, I get to meet
great people, I get to make a difference. It’s great when you can meet people and they thank you
and say that because of what you did, you helped me with this. It’s a wonderful job, and every
day is new and exciting. One day I may be talking with a high-level executive in the
government; the next day I could be talking with a street informant; the next day I could be
34
talking to a CEO. One day I’m going through log files; the next day I’m shooting guns. Every
day is a new adventure and I absolutely love my job. It’s the best thing in the world.
Williams: Having been sort of on the world stage, you don’t find yourself at all confined by
western Pennsylvania and West Virginia?
Mularski: The thing is cyber crime, there are no borders, so everything that’s touched in the
world is touching western Pennsylvania too, so it’s not like I could only investigate bank
robberies or kidnappings in western P-A or Pittsburgh. Cyber crime is global, and by having a
great U.S. attorney’s office there that supports taking the case wherever it takes you, you’re not
limited in any way at all.
Williams: Have you set other goals for yourself at this point in your career, or not?
Mularski: I’m where I want to be. I love Pittsburgh, it’s my heart. Took a long time to get back
there. I hope I never ever leave. And I really just enjoy working with my team, getting to see
where they take cases and have their successes. It’s their time now. I just want to be the sensei,
I guess, to go back to the Master Splyntr, to get them to take it to the next level. Where could
you capitalize on what we’ve done and go forward, and I’ll be happy with that.
Williams: What’s your thought on the establishment of the law enforcement museum, the
National Law Enforcement Museum?
Mularski: I think it’s a wonderful idea. There’s a lot of other museums here. Law enforcement
touches everybody’s lives. Federal law enforcement, state and local, there are so many heroes
out there and so many great stories that are out there. To be able to have a place where people
can come and learn about a great story that happened in Kansas with a police officer out there
that did something, to a big-time case. I just think it’s a wonderful idea and a long time coming,
in my opinion.
Williams: Are we leaving anything left unsaid here at this point, do you think?
35
Mularski: We talked a lot about a lot of things. I can’t think of anything off the top of my head.
Williams: Okay.
Mularski: It’s been fun, for sure. Thanks a lot.
Williams: Thank you.
top related