Hot outlet for Belgrade youth: Internet crime

Sandra's bookshelf is filled with expensive art books and her CD holder overflows with the latest Western hits. A digital camera rests atop her dresser. The top drawer is filled with lingerie from Victoria's Secret.

Like most young Serbs, Sandra, who, did not want her real name used for this report, has virtually no income. But she can enjoy these small luxuries thanks to the Internet. You may even unknowingly have bought her a gift.

All of the goods in her apartment, except the computer, were ordered from US Internet sites, using stolen credit-card numbers. And although Yugoslavia is under an international embargo, the goods were delivered to Sandra's neighborhood post office. "Everyone at the post office knows how I got this stuff. It's no secret," she says.

After Sandra pays the customs tax - money she gets by selling some previously arrived goods or, she says, by bribing customs officials with part of the take - she goes home with little fear of being caught. The goods either get here or they don't.

Belgrade's educated urban youth say they are awash in goods stolen over the Internet; mostly books and CDs, but also computer programs, clothing, fine stationery, and less often, scanners, hard discs, CD "burners," or recording devices, and other computer accessories.

Internet thievery is a common problem in all developed countries, but in Serbia local authorities have little incentive to take notice. Yugoslavia has no official relationship with Interpol, the international police agency in charge of credit-card fraud. That has allowed Belgrade's youth to steal with impunity. It's one of the advantages of living in a pariah state.

And in a country where the average salary is less than $50 a month, the temptation is great.

While an accurate measure is hard to come by, Belgrade youths boast that tens of thousands of households contain goods purloined over the Internet. At Zsu Zsu cafe in downtown Belgrade, a group of young Belgraders recently spoke openly about their illicit activities. All are students, and spoke matter-of-factly on the condition that their real names not be used.

Seventeen-year-old high-school student Aleksa laughs when asked how many of his classmates have received goods from the Internet. "That's the wrong question," he says. "You should ask how many of my classmates have not stolen goods from the Internet.

The trend began two years ago, but picked up momentum after last year's NATO bombing campaign over Kosovo, which left Yugoslavia further isolated both politically and economically.

"The only negative consequence I've ever heard about is one local Belgrade DJ, who ordered all of his music and equipment over the Internet. He got a warning letter from the FBI," says Zarko, an engineering student.

Thieves can even write their own address when ordering goods with little fear local police will arrest them, they say. Still, "most of us actually write down the names of our aging grandmothers when ordering stuff, or a dead neighbor, just to be on the safe side," says Dejan, a law student. "You never know what will happen after the government here changes. I don't want to wind up on some list, then get arrested when I leave the country."

Not everything ordered comes through, but plenty does. "My good friend just received an A4 Compaq scanner," says Aleksa. "Suddenly my little collection of CDs seemed kind of stupid. Now I'm going after the bigger stuff as well."

Obtaining credit-card numbers can be done in a number of ways. The easiest is to find one posted at any number of hacker Web sites. The most popular method in Belgrade has been to use programs, available on underground search engines, that generate likely credit-card numbers based on a mathematical formula. From there, the would-be thief usually enters a pornography site, where the numbers are tested for validity.

"Penthouse I found to be the fastest site. Out of 100 numbers, I had a success rate of about 15 percent, and each number took a minute or less to run," says Dejan.

The merchant-verification system also has a huge loophole: The credit-card number and expiration date are all that matter. Any name can be punched in. Although more thorough verification is available, it costs more and most companies don't bother for minor purchases.

Once a thief has a few valid numbers, he or she can open an e-mail account under a pseudonym and go shopping.

The last and most important sleight of hand involves not writing "Yugoslavia" in the country field, but some adjacent state. Companies won't deliver to Yugoslavia as it is under international sanctions. Instead, would-be thieves write in Slovenia, Croatia, Hungary, or Macedonia. "Some post office worker in Slovenia then gets annoyed and says to himself, 'Those Americans don't even know where Belgrade is,' then forwards the package," explains Zarko.

"Our biggest success has been Amazon.com," he boasts, to general agreement. "Things just keep on coming, like it's an endless birthday."

"It's much wiser to go easy on the purchases with any single number.... They track buying patterns on Amazon, and when someone looks like they're on a spree, the card is flagged," adds Aleksa.

While some of the youths expressed moral reservations about their exploits, others feel justified. "I think it's a way to get back at America for bombing us last year. Why should I feel guilty? VISA takes the hit, not the cardholder," says Zarko.

Sandra has an original way of dealing with the moral issue. "I buy some things for myself, then contribute to a charity. I recently gave $150 dollars to an environmental organization at the Eddie Bauer Web site."

(c) Copyright 2000. The Christian Science Publishing Society