Image: Flickr/Lindsey Turner
Stylish design matters: both for legitimate websites, and the shady scammer sites that only need to look legitimate in order to convince someone to hand over their credit card information. Online criminals need competent web designers, and cash-strapped programmers sometimes need the business—if they're willing to put aside their scruples in exchange for a bunch of Bitcoin.I came across an old post on the r/darknet subreddit by a web designer soliciting scammers to enlist their services to build phishing sites—fake websites that look just like real ones (say, Gmail) but really only exist to siphon personal and financial information from unsuspecting victims. "Looking for a real web designer who'll turn your questionable project into something professional looking, no questions asked and 100% anonymously?" the poster, who went by the username WolphReph42, wrote. "You've just found your guy."
I was interested, but not in their services. I wanted to know what it was like being a web designer on the darknet. So, I emailed him using PGP encryption, crossed my fingers that he hadn't ditched his disposable Safe Mail account yet, and asked."I’m no criminal myself," wrote WolphReph42. "I don'’t find ways to scam people, I’'m no hacker, I’'m not a drug lord that spends his time in a ill-lit room behind a Chinese restaurant smoking a cigar and counting wads of cash: I'm just like any other person, with a good job and enough pay to support a comfortable but not too lavish lifestyle."How exactly did a self-proclaimed normal person—unassuming, and apparently well-paying day job and all—end up in such nefarious circumstances? "I was broke and needed money quite desperately, so I put my morals aside and just went for it," WolphReph42 wrote. "That was my first real “sketchy” job: a market place that I don’'t know if it launched or not (if it did, never made it big). From there on, I mostly hunted potential clients on forums and every now and then rely on old word-of-mouth (that is, until I change ID)."
Advertisement
Even so, the anonymous web designer told me that he regularly flirts with illegality. Beyond his phishing site services, he's built several darknet marketplaces that sell drugs of all kinds—from prescription opiates to pot. His most recent build, he told me, is a Finnish clone of Silk Road, the darknet market that Ross Ulbricht was convicted of running.Most scammers just want Gmail or Paypal clones, WophReph42 said, making them easy to churn out and flip for Bitcoin relatively quickly. A decent clone can net anywhere between $1,000 and $5,000, Wolphreph42 told me, but projects that require a little more technical skill and finesse can garner more—much more. A convincing banking site can be worth $15,000.According to a 2014 report by the Anti-Phishing Working Group, an anti-phishing organization that advises governments, the second quarter of 2014 saw 128,378 phishing sites proliferate across the web. Wolphreph42 told me he's built more than 100 over the last three years. Of the roughly 5 percent response rate that "successful" phishing sites receive, according to Symantec, 1 to 10 percent of those people are tricked into forking over valuable information."I was broke and needed money quite desperately"
Advertisement
WolphReph42 insists that he's not a criminal, although he told me that he suspects he may be charged under intellectual property copyright laws due to his website spoofing. Still, he doesn't believe he can be charged for the damage eventually inflicted on the site's victims.I spoke with David Fraser, a lawyer specializing in internet technologies at Canadian law firm McInnis Cooper, to get a legal perspective on WolphReph42's activities. Unfortunately for him, he may be in more danger than he imagines."Copyright infringement would be small potatoes compared to the larger crime," Fraser said. "Culpability is going to depend on what they know or what they ought to have known about their role in the overall crime—fraud, for example. In the totality of the circumstance, in terms of what they know, I think the prosecution would look to how they're advertising their services."As for what the penalty might be for a mercenary web designer doing under the table work for scammers, Fraser said courts may sentence them to prison if the site's fraud is found to be over $5,000. WolphReph42 told me that he protects his identity using standard PGP encryption, Tor, proxy servers that mask his true location, and a new laptop every few weeks.But will that be enough?"Nobody wants to be a potential accessory to a crime," said WolphReph42. "As for me, I just like money.""Copyright infringement would be small potatoes compared to the larger crime"