IAmA former credit card fraudster, identity thief, hacker and document forger. AMA

So what are you doing now?

I've been doing freelance web development for a few years. Right now I specialize in custom JavaScript and web performance optimization. In the next few months I'll be moving away from freelance and work on growing my business.

I stay up on the latest security issues although I don't do much of it myself professionally, other than making sure the apps I work on are secure.

You were buying items online. Where did you have them sent? How were they not able to trace where the goods were going? That's what I've always wondered. Even if you're just having them sent to a PO Box or something, were you using fake ID's and documentation to set up mailing addresses and things like that?

You pretty much nailed it. I opened boxes at UPS Stores using fake IDs. If I needed another name on the box I'd just print out what looked like a copy of an ID (really a printout of a fake ID).

Using mail boxes could be risky since they have a copy of the fake ID on file and you have to interact with people to pick up packages. A vacant house is safer but less reliable.

If you hadn't got caught at Best Buy, do you think you would still be in the business?

Tough to tell. I was actually in the process of getting out when that happened. I had sold some of my equipment off. My goal was to save up $50-100,000 and then get into real estate. It was easy to get financed then and the rental market where I lived was great.

That said, once you get easy money it's hard to give it up. I may have turned back to it if I didn't make it in real estate or if I hit tough times.

I used to work as a Fraud Prevention Specialist at a bank where my duties included answering phones and going over fraudulent charges with the people who called. They would always ask me how this happened and its interesting to finally know how it's done.

So are you basically saying that my job was useless and was unable to catch anyone like yourself?

Quite often yes. When the total fraud is under a certain amount the banks don't bother investigating. No investigation means the person is unlikely to be caught.

I had a fraudulent charge for $60 in a state I have never been. Is this why they only took out such a small amount of money?

It could have been a test purchase. I would often buy groceries first to see if the card was working.

Another method that was used at that time and still used to this day is a donation to a random charity that accepts online donations. Basically the premise of this method was that a person might think that they intentionally donated to a charity on their own and forgot about it.

DO NOT DO THIS! It's a stupid way of testing cards. Online fraud costs the retailer money since it's card not present. Donating to a charity with a stolen card will cost the charity money in chargeback fees.

And that would be morally wrong?

Touché.

I'd call it more morally wrong than using them elsewhere.

If you were designing an ATM from scratch, how would you make the ATM more resistant to skimming?

Change the orientation of the magnetic stripe reader. If you insert your card the wide way instead of the narrow way it's impossible for a skimmer to read the magnetic stripe.

The main problem with something like this is that everyone is conditioned to insert their card like they currently do. Getting people to change this behavior may not be possible.

The best way is to get rid of magnetic stripes all together and change to chip and PIN.

Just how well do identity theft protection services do their jobs?

They don't. The best they can do is notify you when something happens. If you are paranoid freeze your credit and unfreeze only when you need a new account.

Hello, thank you for doing this AMA. I don't know if this has been answered already, but why did you start in 2001? As in, why did you start selling fake ID's?

I went to college in 2000. My freshman year I had a part time job in retail making just above minimum wage. When I returned in 2001 I had no money and no job. My college (RIT) was large with ample demand for fake IDs.

I was into hacking before that but just for the fun of it, never to cause harm.

What was your major at RIT?

Computer Engineering

I have no idea how credit cards are processed so excuse me if I sound oblivious. When you made fake credit cards, how would a retail store accept it? Wouldn't their computer realize its not a legitimate account and decline it? At some point they had to realize they were fake, didn't they? Since you had your merchandise and they were left with fake info, that is what makes it theft, right?

It was real info on a fake card. I bought magnetic stripe data from real accounts and encoded / embossed it on my fake cards.

Do you feel guilty at all? I mean some of what you did could consisted a "victimless" crime in that the only thing that got hurt was a profit line. But for the identify theft, did that ever bother you?

Yes, it bothered me after. When you're doing something like that you excuse it away, calling it "victimless" as you said or whatever else to make yourself feel better. There is no such thing as a victimless theft.

I didn't do a whole lot of ID theft as most people think of it. I often used the info I got to take over an existing credit card. I'd get online access, change the address, and request a new card with PIN.

I had one stolen identity that I used to run my business. I opened bank, Paypal, and ebay accounts along with renting an office. I don't think I harmed his credit. If anything it improved. (I'm not excusing what I did, just explaining it)

What is the easiest way to protect something like an SSN or a Credit card from a hacker.

Also did you feel any regret in the effect you had on some people's lives or did you not try to think about it?

What is the easiest way to protect something like an SSN or a Credit card from a hacker.

• Avoid giving your SSN out as much as possible. Make sure you know who you're giving it to and what they're going to do with it.
• Don't ever send your SSN, credit card, or other personal info through email, as an email attachment (such as a tax form), or through other insecure means.
• Never enter personal info on a site you opened from a link you got through email, social media, or some other potentially untrusted source. Make sure the site is the one you think it is.
• Never give your personal info to someone who called you, no matter what they claim. One common scam is someone calling you to say you have fraudulent charges on your card and then they ask you to verify your social security number. Refuse and call back using the phone number on the back of your card, not one they've given you.
• Don't care your social security card in your wallet. It's at much higher risk than electronic storage. Many identity thefts result from physical theft.
• Watch your statements and monitor your credit. Check your credit cards at least twice a month and your credit at least once or twice a year. If you're at high risk (such as high income or public figure) get a monitoring service that lets you check as often as you'd like for a flat rate. They won't prevent identity theft but can alert you too it quickly.

Also did you feel any regret in the effect you had on some people's lives or did you not try to think about it?

Yes and no. Regret to me implies dwelling on the past. I don't do that. You can't change the past. You can only learn from it and change the future. I wish I hadn't done what I did but I don't think about it much anymore. I just don't do it and I do things like this AMA to help others.

Walk us through your MOST elaborate and detailed operation you've done.

ALSO

...are you made at your friend for turning you in?

Walk us through your MOST elaborate and detailed operation you've done.

Hmm, that's a tough one. Using a stolen identity to open accounts and run my business would be the longest and most complex but it's a boring story. I took someone's identity and acted as if it was mine. Instead I'll tell a more interesting story about one of my early phishing sites.

In the early 2000's phishing was just getting popular. Most people didn't know about it yet so it was easy to get people to fall for it. I partnered with someone to setup a phishing site.

I spent a week building a complex, realistic Paypal clone. On Friday I got the site online and ready to go. When someone entered their info it would send it to a free email account. I didn't want to store the data on the web host because the site could get shut down at any time.

It was late evening by the time it was ready, maybe 8 or 9. I decided to send it anyway. If it got shut down I could always switch hosts. I got the spamming script running and started watching the email account.

In about a minute I had my first victim. Then another. And another. Within 15 minutes my inbox was a few pages long. Turns out I had a lot of people on the west coast in the email list and they were, apparently, checking their email at dinner time. I started copying the emails out and deleting them. In an hour the account had used half its quota. In two hours the account was over quota with email still pouring in. I couldn't keep up.

Rather than risking everything in the email account I ended up shutting the site down. I stayed up to 4 or 5 copying everything out of the account. There were hundreds of responses. Credit card, SSN, DOB, license #, Paypal login info.

...are you made at your friend for turning you in?

Obviously I was very mad. Before he was caught I told him I'd cover everything if they picked him up. He was at risk because he left his fake ID behind with his photo. He would have gotten a slap on the wrist. We left the store with nothing so there were no losses.

I don't think about it much now. I have no interest in talking with him ever again but I'm not really mad anymore.

Neal Caffrey??

Kidding aside, this is very interesting. Thanks for the AMA. Protecting yourself from phishing and social engineering is simpler than expected since it's often just a matter of awareness and common sense (and in my case, checking in credit card accounts every day), but how do you think people can protect themselves from things like skimming, etc?

Actually the same thing, awareness.

Search for images of skimmers so you know what to look for. If something doesn't look right then use a different ATM. Learn about social engineering. It's a useful skill and being aware of it can make you less vulnerable.

Thanks for the reply!

What I learned is that a lot of these things are really just down to being careful about where you go online and irl, and where you put your important bits. This, I think I have covered -- I don't even use ATMs that are not in a bank's branch. Security failures of trusted websites/machines/companies is a bigger fear for me (for example, a credit card company got their database hacked recently) since it seems that it's almost entirely out of my hands, and it's not very practical to just ditch these services entirely just because of that fear or small possibility. There's reasonable trust and a reasonable amount of carefulness/preparedness for mitigation involved. Related to this, what do you think of the security of credit card companies and services like Paypal/Google Wallet? Are they as safe as they tout to be or should people be more or less wary than they usually are?

I hate Paypal. I think they're a terrible business who puts their own self interests ahead of their users. They'll lock your account on a whim and hold your money for 180 days.

That said, as far as security goes I think Paypal and Wallet are more secure than giving your card to a random ecommerce site run by someone who knows nothing about security.

Are the businesses that are listed on the silkroad offering fakes profitable?

Had you been around for the rise of silkroad, how much more success do you think you would have encountered?

Thanks for the AMA man!

Are the businesses that are listed on the silkroad offering fakes profitable?

Maybe, it depends on the prices. Once you get a process down it's not that time consuming, depending on the state you're making. The most time consuming part for me was editing the photos. If the photo didn't require editing I could get an ID done in 15-20 minutes, maybe less when doing large batches.

Had you been around for the rise of silkroad, how much more success do you think you would have encountered?

I've watched it. Credit card fraud is far more profitable then selling IDs so I don't think I would have bothered with it.

As someone who works in a Financial Crimes department for a very large bank, allow me to thank you for proving over and over again that our customers are generally idiots.

Can you tell me more about the skimming that you were working towards? Any information about how you obtained devices, how you implemented them etc ? Always been intrigued by the electronics themselves moreso than the fools using them!

Thanks for your AMA!

At the time there was a skimmer vendor on the forums I frequented. I bought one from him. Beyond that I wanted to buy an ATM and modify it to capture the data. Many run Windows so you can guess how easy it is to do that. Worst case you connect to the reader and PIN pad and read the data directly.

The electronics are much smaller, cheaper, and easier now than. You can build a wireless skimmer now for under $100. Arduino and similar microcontrollers are so cheap and accessible.

Is your name Frank Abagnale?

More serious: is it common for people in your line of crime to turn and work with the government to shorten/ameliorate sentence? Are you/do people often keep working with enforcement after they finish their commitment?

Is your name Frank Abagnale?

I wish. He made far more money and lived a much more interesting life than me.

is it common for people in your line of crime to turn and work with the government to shorten/ameliorate sentence?

If possible, yes. Not all law enforcement is interested in doing so. I was facing 8.5 years in prison. I think most people would do what I did when facing that.

Are you/do people often keep working with enforcement after they finish their commitment?

I do not. Some people may in a consulting role. It's less common since after sentencing the obligation goes away.

thank you for the iama...

• will the people you stole from be reimbursed?
• do they know it's you?
• are they reimbursed right away or over time?
• what happens to the items you sold?
• are those buyers notified?
• what happens to the items you still had?

will the people you stole from be reimbursed?

As far as I know none of the victims were liable for the charges. I have restitution for Discover.

do they know it's you?

Probably not. I don't think they care who it was, just that it happened.

are they reimbursed right away or over time?

Credit card companies generally refund fraud quickly.

what happens to the items you sold?

People bought them.

are those buyers notified?

I don't think so.

what happens to the items you still had?

When I was arrested I had a cabinet full of laptops. The stores were tracked down and they were returned.

What was the failure rate for your IDs?

I remember totse/bombshock days, and once SWIM figured out how to make holograms they never ever got turned down at clubs/stores.

Very low failure rate. It was rare to hear about them being turned down. I never had someone reject mine and neither did my friends.

I primarily made the old plastic MA. The real ones had a real hologram. I came up with a way to fake the holo that looked close to the real thing.

Using an Alps printer with the clear ribbon and PearlEx I'd print the holos on a lamination pouch. I'd then paint the cards with a thin layer of spray paint and let them dry. Once ready I'd run the cards through a laminator with the pouch on the front. After it came out I'd peal the pouch off the card. This would transfer the holo from the pouch to the spray paint.

[deleted]

It depends on what you want to do. At a high level hacking is a mindset. It's trying to figure out how things work, making things work, and making things break. It doesn't mean you're doing anything illegal or unethical, that's what cracking / blackhat is.

It used to be an underground skill. You'd hang out on IRC (chat) and maybe someone would help you figure something out. It became mainstream when companies realized security matters and that hackers are an asset. Now there are stacks of books, courses, and even degrees.

IMO the best way to get started is to work in the other direction. Learn how to write code and build secure applications. If you understand how things are built you'll be able to understand how they break and how to break them. Anyone can be a script kiddy and run tools like Metasploit without knowing how they work. Start with the fundamentals and work from there.

If you're interested in web apps (my primary focus) check out OWASP.

At what prices would you sell the ID's? It sounds like you would sell to pretty much everyone at the college, weren't you afraid to get caught?

IIRC they were $65 which was probably lower than they should have been.

I wasn't worried about being caught for the fake IDs. I sold a lot but when there are thousands of students it was still only a fraction of the population. Plus they were really good and it was rare for someone to get caught.

Did you use any VPN's or whatever to hide your IP-adress?

I mostly used open proxies. I had cable internet at my office setup under a stolen ID that I often used without proxies. Probably stupid since I still could have gotten caught.

Were they the old style of laminated cards, or the nicer type with holographic seals, etc.?

I primarily made Massachusetts. PVC cards with holo on the front.

Explain how I should protect myself from the NSA.

Other than never using electronic communications again I don't know if you can. Everything is being monitored. High grade encryption may protect you for now but the NSA has basically unlimited funds to throw at the "problem."

The only thing that has a chance is becoming politically active. If you get the big brother people out of office and vote in people who actually care about our rights the problem may change.

TOR?

Tor is one tool that may help but isn't a solution. It's slow and can, theoretically, be compromised.

The only real solution is to stop the illegal monitoring.

Theoretically speaking, wouldn't technically any encryption that is written can be broken? So we all are open game and some of just got a little more armor on? Not mocking in anyway, just thinking along the same lines.

Yes but some high level encryption is considered so complex that there aren't enough computing resources to break it. If everything was encrypted that way it wouldn't be feasible for the NSA to read everything. The downside is that it can be computationally demanding to just encrypt and decrypt it. Smartphones, for example, can take a while to process high levels of encryption.

Would you mind naming a encryption you feel is that high level to use realistically in a normal setting, such as for your average home use ?

It depends on what you're encrypting and the type of encryption. PGP/GPG with a 2048 bit key should be secure.

I have a question for you. When I was 13 my identity was stolen. I guess they used my SSN for employment. How could they have gotten this info?

There are lots of ways. Government employee sold it, they intercepted your mail, a database was hacked, the government listed it somewhere publicly, your parents gave it to someone they shouldn't have accidentally.

Do you think this will affect me later on down the road? I'm nearly 19 now

It depends who stole it, how, and what they did with it. It's possible to get a new SSN if you're a victim of identity theft. If you don't do that just check it a few times a year or put a freeze on it.

I know someone who would buy a $10 gift card and re-program it for a higher amount. Did you ever do this?

Not possible, at least not with any gift card program I've ever seen. Gift cards work the same way as credit cards. They give you an account number and the balance is stored in a database somewhere. You can't modify the card to give you more money.

What was your peak income from this "victimless" crime?

I never kept track of my income. Money wasn't that important to me since I could get almost anything I wanted for free using stolen cards. If I wanted something I'd card it if possible. I only paid cash for rent, cards, and other things that could be traced to me.

I think the best day I had I made something like $5000 cash. I picked up a Western Union transfer for someone and that was my split. There were days I purchased 5-10 laptops but I don't consider that as good since it had a lot more overhead.

When you retrieved the credit card databases was all the information in that same table? I would assume that they used MD5 and not plain numerical/text so decryption would have had to happen. Was that the case? If so how did you achieve that?

The stuff I hacked was plain text. That's much less common now.

What was your experience like working for the USSS? Feel free to be detailed! Did you have to sign a non-disclosure agreement or anything?

Thanks!

I don't remember signing anything. They always treated me well. We had mutual respect. Towards the end they even paid me a little to help since I was in school and didn't have a job.

The agents were all very smart. It's clear the USSS does a good job screening people and, for the most part, accepting the best. Some picked this stuff up quickly, others less quickly.

There was one bad incident. There was another operation running in SC with a CI who went by the handle gollumfun. Gollum was well known on the forums. There were a few people who claimed he was a CI so not everyone trusted him. At one point he called out the main handle I was using as LE and named me personally as the person behind it along with some of my backstory.

He shouldn't have known who I was and he should have never been allowed to call me out like that. Later it turned out that he was doing some tax fraud on the side while working for LE and got arrested. I hope (but doubt) someone got fired over those incidents.

Luckily for me carders aren't violent. Trying to find someone working for LE isn't going to make them any money or help them in any way.

You sound like a real life Neal Caffrey.

I love financial crime shows, movies, and books. I don't like White Collar. Overall both the writing and acting aren't very good, mostly the writing. I watched some of the first season and gave up.

If you want to see a good con show watch Hustle. Great acting and writing. Most of the scenarios are reasonably plausible.

Catch Me If You Can is, of course, great but the book is even better than the movie. The movie was very true to the book but they couldn't fit most of the content into it.

+1 for Hustle. I love the elaborate cons, with the voice-overs that explain the tactics and psychology. And you can't go wrong with British accents.

I actually like White Collar, but I can see why some don't. The humor is often more goofy than witty.

There's a show called Leverage. It's about a team of ex-criminals who steal and scam bad guys. I found the cons too over-the-top to be believable and the acting is really bad. Some of the earlier episodes were okay, almost an American version of Hustle. But things veered off quickly.

Not really a con artist show, but I like Burn Notice because the main character Michael Westen often uses deception and manipulation to take down crime rings rather than outright kill. When he does use guns and explosives, it's more for intimidation and effect. This is despite being a highly skilled covert operative who could just as easily kill. This almost becomes a cliche, where many episodes recycle the plot of Yojimbo: the hero gets the bad guys to kill each other.

I agree with Leverage. It was like an overacted, predictable, unrealistic version of Hustle. I could only take one episode.

(How) Did you rationalize it at the time. Great AMA by the way.

Everyone committing crimes rationalizes it. It's how our brains deal with the cognitive dissonance. For me it was thinking how the businesses just accept it as an expense. The reality is that consumers may need to waste a lot of time fixing things and can end up getting stuck with costs.

How can the websites that sell credit card numbers operate so openly?

They host the servers in countries that don't care and do it anonymously. If the site goes down they just reopen it. Web hosting is a commodity service. If the site goes down you can get a new host and have it back up in under an hour.

That's assuming the sites are what they seem to be. Some of them are scams and some are run by law enforcement.

How difficult is it to forge a Passport or create one? Have you ever been involved in something like that?

It depends. If you plan on using it to cross a border impossible, at least US passports. They all have RFID now that gets verified. If you're just using it as identification it's probably doable but extremely hard. They're very secure.

You'd be better off getting a real one in someone else's name.

I had my card number stolen a few years ago and whoever took it bought a bunch of gift cards. I don't have a question, just wanted to say fuck you.

http://i.imgur.com/ARimQ.gif

Any crime that you'd wish you had dipped into?

I wish I hadn't committed any crimes.

As a thought experiment let's say I could have committed other crimes that wouldn't have had any further ramifications on the outcome of being caught. If so I'd say skimming. It's what I was working on when I was caught. ATM skimming can make you $50-100,000+ in a weekend. It would have been nice to have that kind of money.

When you go somewhere and use someone else's credit card aren't you on the stores security camera and easily caught?

Yes, you're probably on camera but you assume too much. With card present transactions the store doesn't lose the money. If the bank never does an investigation, which is likely for under $1000, the store may never even know.

Do you think it will ever be possible to pay back the $210K?

Hopefully, I'm trying.

how long do you think it will take to pay it in full?

Depends on how successful I am. I'd love to have it paid off in 10 years or less.

I believe that amount is too high. I realize you made mistakes, but how are you supposed to afford to live. You can't even declare bankruptcy to get out of that. $50,000 is more reasonable. I hate the justice system.

Because that's the actual loss to Discover. I primary made Discover cards and it was easy for them to make a list of those cards based on the ribbon in my tipping machine (the one that adds the reflectivity to the raised numbers). In reality the losses were much higher because that didn't include Visa or MC which I used for many other purposes.

Do you think being a credit card fraudster would be as easy today as it was during your time? Are recent security innovations hindering a lot of fraud?

Less easy but still easy. Fraud detection software has gotten much, much better. Often cards will be frozen after a single transaction. It just means a bit more work on the carder's end.

Phishing has gotten much, much harder since almost everyone knows about it now. That said, it's just a numbers game. If you spam a million people you only need a small percentage to fall for it.

I find gathering information such as credit cards, SINS, and DoB are easier than what they were 10 years ago with public wifi/arp spoofing and RFID technology incorporated into credit cards, the problem I find though is what do you do with all that information? If your doing what you did back in 2000-2004, do you think it would be easier now?

Also hello NSA, I come in peace.

It wasn't long after I started with carding that I bought them instead of hacking them myself. They're so cheap that it wasn't worth my time to hack them. The same goes for today. Cards are still cheap enough that I'd just buy them.

Unless you're skimming decent volume, gathering them in person / on site is too risky IMO.

1) Did you live a pretty extravagant lifestyle?
2) Did any of your family or friends knew how you were making money? If not, what did you tell them?

1) Did you live a pretty extravagant lifestyle?

I'd say upper middle class. I tried to stay low key to avoid being caught. My largest purchases were cars and car parts. I bought a brand new Ford Focus SVT in 2002. After that I had an 1989 Mustang and a 2000 Audi S4.

Since I could get almost anything for free I had a lot of stuff. Computers, game systems, furniture, etc. I had something like 500 DVDs.

2) Did any of your family or friends knew how you were making money? If not, what did you tell them?

No. My parents thought I had a crappy retail job. I wouldn't tell my friends what I did. If they asked I'd just say something like "stuff." I kept it a mystery. They never pushed it.

If your family and friends never knew what was there reaction when they did find out?

My parents were obviously upset and disappointed. They were still there for me the whole time. I owe my freedom to them.

My friends were surprised. None of them stopped being friends outright but some grew distant over time. Anyone who has met me personally can attest that I'm, for the most part, a likable person (at least I think I am). I think that's why no one disowned me.

I owe my freedom to them.

Please elaborate?

They helped me financially and emotionally.

What do I look for to identify a tampered ATM?

Look at the card slot. Check to see if it looks like anything is attached that shouldn't be there. Try moving it a little, it should never be loose. Search google for ATM skimmer and see what skimmers look like.

To avoid ATMs that have been internally compromised I generally go to ones inside banks in well lit areas.

How did you negotiate with the FBI? What was it like and how did they treat you/caveats to your greatly reduced sentence aside from the bail and restitution?

I worked for the Secret Service. Overall they treated me very well. There was always mutual respect. The agent in charge wrote a letter to the judge as part of my sentencing saying how he thought I should receive probation due to my contributions.

Working for them helped me avoid going back to crime. I still had a taste of my previous life by hanging out on the forums. I'm grateful for the opportunity.

After you were caught (or during your criminally active days), did you ever meet someone face-to-face who you had stolen information from? If so, was it awkward or embarassing, or did it make you feel guilty?

The sentencing report had statements from some of my victims. That's the closest I've gotten to meeting them.

GREAT AMA! I'm just curious about your process of forging the Fake IDs. Is it something you could do at home (living with law abiding parents) with limited resources? Or did your method involve specialised materials? (magnetic strips, synthetic paper, etc.) Basically, a run down on how you make a quality ID back in the day, and perhaps how you would do it today. This information isn't for me to try and forge one, more so just to feed the curiosity. As I am turning 18 in 6 months (legal drinking age here in Australia) and can just scab drinks off mates until then :p

Here are some fairly detailed instructions on how the internet says i should do it. What do you think of it? http://www.wikihow.com/Make-a-Fake-ID

tl;dr How did you make the IDs yo?

SORRY FOR ALL THE QUESTIONS!!

It depends on the ID. PVC IDs require a PVC printer which costs $1000+. Other IDs can be done with teslin and an inkjet plus something to make the fake holo / security seals.

Im Pretty late to the party, but would you consider doing some sort of "ID theft awareness" Thing with Clark Howard? Either on Radio or on his TV show (If it still runs, I don't watch much TV anymore what with netflix and all that.)

Sure!

Did you ever have any relationships while you were involved in crime? If so, what did they think you did?

Nothing noteworthy.

This is really cool. This is perhaps why I even browse reddit. It's like the movie catch me if can.

Csb.
PS. What's irc

http://en.wikipedia.org/wiki/Internet_Relay_Chat

My biggest question: I did a similiar story, and also was caught. Which me being caught I did not work with the police. I am NOT knocking you for your decisions, far as turning on your old lifestyle, but am more curious as to why you felt you could do the crime, but could not, for a lack of a better term, do the time ? My case was in 2007-2008 for right at 240,000$.

I would have done the time if I had to. I always knew it was a possibility.

I know it's semantics but I didn't have to rat anyone out. I started working from scratch with the Secret Service. I intentionally kept my distance from other people I knew online to make sure they couldn't turn on me and vice versa.

What card writer/encoder were you using? An MSR-206?

Yes.

What do you think the penalties would have been for you if you were non-white (specifically African-American or Hispanic) and had no college education? (I am assuming you went to college, but still interesting if you didn't, as I suppose that would be one less confounder to consider.)

I'm not looking to put you in an awkward spot, or try to make out you should be doing time and "it's not fair you're free" kind of thing. Quite the opposite – the way the authorities have handled the situation by recruiting you to help, possibly spurred on by your own conscience as well, has created a better outcome than throwing you in jail immediately. Do you think you would have been given that same option, though, if you were from another socioeconomic demographic?

I'm interested in your opinion given you came face-to-face with the law from the wrong side (arrested, interrogated, etc.) and so you have inside knowledge of the process. You may, of course, have no opinion on it at all. That's fine, there's a lot of "what ifs" inherent in my question.

Edit: I see from an earlier comment you did go to college.

What do you think the penalties would have been for you if you were non-white (specifically African-American or Hispanic) and had no college education?

Interesting question I'm not really qualified to answer but I'll do it anyway. Minorities certainly face discrimination in the legal system. I think it would depend a lot on your attitude, accent, and actions. If you seem like a stereotypical minority criminal you're probably screwed. If you're articulate and a talker / good social engineer I think you could end up the same as I did. I'm no expert on minority issues though.

[deleted]

Yes. The paper could be analyzed. It depends on how much they care.