Corporate investigator Brandon Gregg
looks at how bitcoins and Tor make anonymous black markets tick
The internet is no stranger to
crime. From counterfeit and stolen products, to illegal drugs, stolen
identities and weapons, nearly anything can be purchased online with a few
clicks of the mouse. The online black market not only can be accessed by anyone
with an Internet connection, but the whole process of ordering illicit goods
and services is alarmingly easy and anonymous, with multiple marketplaces to
buy or sell anything you want.
Understanding how the market
thrives—unregulated and untraceable—can give you a better sense of the
In our scenario we are going to
legally transfer $1,000 USD out of a regular bank account and into a
mathematical system of binary codes, and then enter a neighborhood of the
Internet largely used by criminals. This hidden world anyone lets purchase bulk
downloads of stolen credit cards, as well as
a credit card writer, blank cards, some "on stage" fake
identities—and maybe even a grenade launcher they've had their eyes on.
A journey into the darker side of
the Internet starts with two open-source programs: Bitcoin and the Tor Bundle.
Moving Money
Bitcoin (www.bitcoin.org) is system tool that will act as a
personal bank for storing and investing digital currency on your computer. Once
it's installed on your system, it sits empty like a piggy bank, waiting to be
filled with untraceable digital cash.
Getting it filled is the tricky
part.
The digital monetary system online
is predominately operated by the likes of Paypal, Western Union, and banking
companies that try to follow government regulations to prevent fraud and money laundering.
There are two steps to legally take money and have it converted at the current
Bitcoin rate into BTCs in our digital and anonymous bank.
Start by opening a Dwolla
(www.dwolla.com) banking account with no fees. You can use your real
information—you aren't doing anything illegal. In about three days you will be
given a fraud test and have to identify small transfers in your Dwolla and
personal bank account. Once your account is confirmed, wire any amount from
your personal bank to Dwolla from a lump sum or the estimated price of your
purchase you have in mind. After you confirm the transfers, your legit money
will now be stored in a new global bank with less restriction than US banks.
Next you need to set up an account
with the largest bitcoin exchanger, MtGox. Due to fraud concerns, MtGox will
only allow transfers from banks like Dwolla.
After your Dwolla transfer moves to
MtGox, you can use the money to purchase Bitcoins on the open market for a
small percentage-based fee. Once this sale is complete, your bitcoins are best
stored in your own bank account that is residing digitally on your computer.
The whole process can be completed
in less than a week, and the $1,000 USD is now exchanged to $191 BTC. Now you
are ready to go shopping on the black market.
Finding Markets
The conversion of dollars to Bitcoins was legal and
relatively safe. Actually engaging in black market shopping, though, connects
you to various kinds of illegal activities. We'll continue our walkthrough
but we are NOT endorsing these activities. This information can help
security professionals understand how stolen identities and credit cards are
used, how products are fenced or distributed illegally, and more.
Clearly anyone engaging in black
market activity wants to remain anonymous. So the next step in black market
shopping is to download and open the Tor Bundle Pack
(https://www.torproject.org/).
We have touched on Tor two or three
times to protect your
identity while online, but Tor includes
other functions. Developed by the US Navy for secret communications and now
used to circumvent blocked websites at offices across the country and to
inspire Arab Springs, TOR has a darker cousin: Hidden Tor Servers.
The same random spider-web routing
of Internet traffic that hides an end use's IP and location from any prying
eyes can hide server locations too.
Hidden Tor Servers are now the norm
for storing, accessing and hiding illicit activity such as child pornography.
The level of protection provided by Tor makes law enforcement's job tracking
such activities next to impossible. (Interestingly, the hacktivist group
Anonymous has recently brought attention to
such evil servers by controlling them as DDOS servers against some of their
targets, including law enforcement and government groups. If the CIA is struck
with a DDOS attack,
the agency suffers but also, in investigating the source of the attack, discovers
the child pornography and hopefully cracks the pornography ring.) Hidden Tor
Servers are likewise home to much black market activity.
Where does one find "the black
market"? What does it look like? Of course, Google search answers these
questions easily. Using your Tor browser (which, yes, is much slower than a
standard browser) search for "Tor Directories". These websites offer
a collection of Tor's hidden web pages for all kinds of storefronts. Here you
will find websites similar to the Yahoo's early days, categorizing storefronts
including Drugs, Weapons and other illegal goods and activities. If the
directory (or store) is listed with a standard .com or .org domain, it will
open in your standard browser; if it ends in .onion then it means it's a hidden
server only viewable on the Tor browser. One example is the Nobody@Zerodays website (nobody.zerodays.org/hidden-directory/), which offers reviews and direct links to current Hidden Tor sites. In our scenario we are going to check out the Black Market Reloaded and look for the current price of some credit cards and tools.
Using Tor you can quickly jump to the Black Market Reloaded website, register (no real information needed), and start shopping. As on Amazon, sellers show off their products with details, pictures and pricing, including feedback collected from past buyers. On a given day in April, current pricing for bulk credit cards is running at $6.5 BTC with great seller feedback. One seller advertises:
"All of our Products are coming with full given Information. That means: All needed information like cardnumber, security code, expiration date, name, address, city, state, zipcode, country, phone, SSN, DOB, security question etc. is given. Also Track 1+2 data and PIN. All CCs are checked and have a minimum Balance of 1000¬/$, and most of them are from an EU-Country. We also have US-Cards, but it's easier to cashout the money at ATMs (/buy virtual money online/link the CC to PayPal) with european ones."
A "Credit card reader/writer, HiCo/LoCo, all ISO complete" is going for 76.60350 BTC (or $366.63 USD at the time of our exchange) and there are also a handful of unregistered handguns, including a brand new M9 Tactical handgun with an illegal silencer, unregistered of course, for 225.00000 BTC or $1,076.87 USD.
Anyone who executes these purchases
via anonymous bitcoins will leave no trace of the transaction. All users can
send data via Hidden Tor email servers, or ship physical items like drugs and
weapons with the US Postal Service to prevent any searches without a warrant.
When shipments come from within the US, the illegal goods are likely to arrive
at the right mailbox without incident. For those who want an added layer of
protection—say in the event that good are being shipped from outside the
US—many people in the "Services" section of this site will buy and/or
receive items on your behalf using their own bitcoins and addresses, and then
remail the goods to you, for a small fee.
(Also, some users of these sites
will offer to sell you bitcoins via Paypal so you can skip the two banking
steps above and jump right into buying your goods; there is of course no
guarantee that you will receive
Tor's Hidden Servers provide a real
insight to an underground world that once was limited to dark alleys, shady
places, and dangerous criminals. Much like the Internet has expanded our
e-commerce into a borderless global market, bitcoins and Tor have made shopping
for illicit goods and services almost as easy as ordering an iTunes song on
your computer.
As a reminder, most of the purchases
described here are illegal and/or dangerous. While
it's extremely difficult to identify the individuals involved without
additional intel, law enforcement personnel and corporate investigators can use
these processes to keep tabs on the flow of stolen, counterfeit, or diverted goods.
If these transactions are being
executed on your corporate network, that activity can expose your organization
to legal and other risks. While network logs will not show the Tor websites,
software audits for programs like TOR, network sniffing of actual traffic,
computer monitoring and computer forensics can show employers who is using TOR
sites and what they are doing.
No comments:
Post a Comment