Cyber Black Market- Underground Economy

gAtO rEaD -the FBI leaked an unclassified report 24 April 2012 Intelligence Assessment “BitCoin Virtual Currency: Unique Features Present Distinct Challenges for Deterring Illicit Activity” : –  – At that time BitCoins (BTC) were going about $4.25 USD per coin

as of Sun: Jun17 2012 it trading at $6:26714 a high of $6.52999 and low of $6.22130 check out –  — and going up to $30 USD by Christmas

All that glitters is gold and he’s buying a stairway to heaven – with BitCoins mAyBe -sI -nO – more info in our new upcoming book about “The Deep-Dark Web” – 

What are BitCoins –

Bitcoin is a new digital currency. By using proven strong cryptography, a new currency has been created for the internet. One of the key features of Bitcoin is that it is an open system with no person or authority that governs the system. This means that you can treat it like cash: nobody can freeze your account, no chargeback’s, complete transparency and more.

This new currency opens massive opportunities for the internet.

Perfect Money – Liberty Reserves -Wire Tranfer -Pecunix -HD-Money -C-Gold -VouchX -Cosmic Pay -MtGox Coupons -Boleto -Banco Rendimento -CyberPlat -Qiwi -Money Gram -CVS ?7-11 -Wallmart -BitStamps -Dwolla -BTC-E Coupons

GaTo use to support wall street back in the day from 1 New York Plaza. overlooking the Battery Park. Those were the day out of the windows we could see traders coming into the park at lunch time and score there powdered lunch from the locals but that’s another story… these traders will take a look at BTC and once they get a whiff of the virtual money they will strike and it looks like the commercial criminals are already doing it.


 – As you can see from the chart above While currencies from all over the world are going down because of the current financial world problems BitCoins are going UP-

Hal-Cash – from Russia with Love—Video – Market to Latin America

Here is an add for selling 100% anon visa cards with loaded BitCoins or whatever currency you want on them – by the way there are opportunities for -Now Hiring – money Mules and Drop Shipments scams for any sucker that want this kind of job- your a fool to buy this in my opinion they can sell you loaded Visa Card on one hand and Selling 100% Valid CVV and dumps of these card I assume but I’m a paranoid gAtO – I may be wrong – don’t try this at home kiddies—//


BitCoins are coming up and they are replacing the new fiat currencies especially in EU why because of the current problems in Greece and Spain – Below I added a list of –[1]Ways to get bitcoins…    – As you can see if you go to these they are scams for Gamblin and all kinds of underworld stuff- BUT how many people play -Online Poker and other gambling games. Oh and these are all in the ClearWeb – Yes the evil Internet not the ToR-.onion network ..


Now the -gAtO fUnnY- part is you can go to 7-11, Wallmart and just about anyplace and buy into this new currency so it’s not illegal to use these currencies but maybe it’s me gAtO is to dumb to use these but many, many merchants are now accepting all these new online currencies – so maybe it’s not so

stupid If someone wants to buy my- 1972 Action GI Joe Doll why shouldn’t I let them pay in BitCoins or any other currency –

Now in the Black Market of the ToR-.onion network it’s alive and well – http://clsvtzwzdgzkjda7.onion/viewtopic.php?f=50&t=1803&sid=4e3a4c75f43e3e82fe011d6c1e6601df&start=10  –

Now as you can see this is a boom to criminals to laundry their cash – but they been using FarmVille and other games to laundry money why not use this new untraceable money. I will leave the crime stuff for anther posting but I just wanted to give you all a taste of what is going on and what can happened with your money – gAtO oUt

Reference: Lab Notes —

From Russia with Love now in the USA -Hal-Cash and of course in Latin America

How Does Bitcoin Work?

To use Bitcoin, an individual first downloads and installs the free Bitcoin software (client).

The application uses Public Key Cryptography (PKI) to automatically generate a Bitcoin address

where the user can receive payments. The address is a unique 36 character-long string of

numbers and letters and is stored in a user’s virtual “wallet” on his or her local file system. Users

can create as many Bitcoin addresses as they like to receive payments and can use a new address

for every transaction they receive.


To send bitcoins, users input the address they would like to send their bitcoins to and the

amount of bitcoins they would like to transfer. The user’s computer then digitally signs the

transaction and sends the information to the distributed, P2P Bitcoin network. The P2P network

verifies that the person sending the bitcoins is the current owner of the bitcoins they are sending,

prohibiting a malicious user from spending the same bitcoins twice. Once the transaction has

been validated by the Bitcoin network, receivers can spend the bitcoins they have received. This

process usually takes a few minutes and is not reversible.


(U) The Bitcoin software program controls the rate of bitcoin creation, but it does not control the

market value of a bitcoin; the market value is determined by the supply of bitcoins in circulation

and people’s desire to hold or trade bitcoins.52, 53 Unlike most fiat currencies, in which central

banks can arbitrarily increase the supply of currency, Bitcoin is designed to eventually contain

21 million bitcoins; no additional coins will be created after that point, preventing inflation.


Bitcoin was created in such a way that the clients “mine” bitcoins at a predetermined rate.

This chart illustrates the growth rate from 2009 to 2033, the year the last new bitcoin will be



[1]Ways to get bitcoins… ClearWeb Sites not ToR-.onion network stuff (exchange) (exchange)  Australian -Last Price : 6.49999 Buy :6.56200 Sell : 6.56115 Volume : 351.61962 (exchange)    53,267 users / 15,320,752,995 L$ exchanged Physical Gold   BTC Spot: $6.41 Australia (mining pool)  -BTC Mining Pool (mining pool) (java cpw web pool)  BTC Minig Scam (free btc) (free) (rebates for online purchaces) (classified/fiverr like)  Work or sell for BTC money (survey) (survey) (url shorten) (url shorten) (ads) (ads, and free btc) (ads, and free btc) (ads free btc) (gamble) BitCoin LoTTo (gamble) (gamble) (gamble) Chess

BitCoin Ptramid Features (ads and pyramid scheme) (pyramid) (pyramid) (ponzi) (txt) (calipers) (forum)

Use BitCoins to buy domain and hosting services (web host) (web host) (web hosting) (web host) (paid 2 surf)

Underground Economy – basics

Reloadable Debit Cards


Greendot and other Reloadable debit cards can be used in an attempt to allow for anonymous financial transfer between customers and vendors. Vendors need to cash money out. They can accomplish this by setting up Greendot cards with stolen identities and getting them shipped to mail boxes set up with fake identification cards. Customers need to load money in. They can do this by going to any store that sells Greendot reload paks. Customers merely hand the clerk some cash and in return get a cardboard card with a load number on it. The customer can transfer this load number to the vendor via an encrypted and anonymous channel. The vendor then applies the loaded funds to the card via the internet. The loaded funds can then be cashed out at an ATM.


These cards should be viewed as financial networks. The financial information consists of the traffic and the cards are the nodes. Reloadable debit card networks have a high degree of cross network contamination. One additional network involved is the mail system, the vendor is required to have the card shipped to a physical mail box. This may not be particularly risky due to the fact that it is unlikely the card is being watched at this point as no customers are aware of it yet. However it is important for vendors to remember that the reloadable debit card company will keep their box information on record. Another network the vendor needs to utilize is the telecommunications network. Vendors are required to talk over a telephone to activate the card. The risk inherent in this can be minimized if the vendor uses a burner phone. Vendors are also required to make an initial visit to a store in order to obtain their temporary card prior to being mailed one. They will likely be recorded by CCTV cameras. Customers also have to worry about CCTV cameras as they must hand money to a clerk in a store. Customers can not take adequate measures to disguise their identity during this process as there is direct human interaction.

Reloadable debit cards have a distinct disadvantage of being highly centralized. Vendors tend to have many customers send funding to a single centralized card. This means that a single compromised customer can compromise the Greendot card of the vendor. The only way to prevent this is for the seller to use multiple Greendot cards, one for each customer to be perfect. This is not very feasible.

If a malicious customer identifies the card of a vendor it is possible for network analysis to map out the financial network involved with this buyer. Records are kept of funds being transferred from a reload pack into a cash out card. The time and location of reload pack sales that are used to fund cash out cards can be determined. A single compromised customer can use this information to gather video surveillance of every single person who has loaded funding to the card of the seller. This may not hold up as evidence by itself but it is strong intelligence indicating that a person who has sent funds to a vendor is in fact a drug customer.


Greendot and other Reloadable debit cards are not a safe means of conducting anonymous financial transfer. The financial networks created by these cards are very prone to network analysis. There is an unacceptable amount of cross network contamination for vendors. The load points for introducing finances into the network are also under too much surveillance.


Customers can out source the purchase of reload moneypaks. Good solutions may include utilizing bums and transients.

Vendors should avoid Greendot type reloadable debit cards. If they are used they should be highly compartmentalized (different cards for different groups of people). Compartmentalization is not possible in all cases though. Remember, if a single customer is malicious they can compromise the entire compartment. This puts customers at risk as well!

Greendot cards are prone to being frozen. Triggers include typical patterns associated with narcotics trafficking; cashing out very soon after cashing in, getting payments from diverse geographic areas (geographic based compartmentalization of customers is suggested), particularly large amounts of money going through a card in a short period of time etc.



Western Union and Moneygram money wires involve a customer sending funds to a vendor over the WU or MG financial network. Customers must go to a location that offers one of these services and hand money to a clerk. Depending on the country of the customer they may be required to show identification for any amount of money. In all locations identification must be shown for amounts of money over a certain limit, usually $500 or $1000. Customers fill out forms that are specially designed for gathering fingerprints and are usually under video surveillance.


Despite their many short comings WU and MG both offer substantial benefits over reloadable debit cards. It is easier to use multiple pseudonyms for pick up from these services, the number of pseudonyms you have is limited only by the number of fake ID cards you can get. Unlike with Reloadable debit cards vendors are not required to use stolen identities. They are also not required to set up mail boxes or make telephone calls (WU). The ability to easily use multiple pseudonyms makes it easier to decentralize and compartmentalize the financial networks. If a different fake ID is used for each customer, a single malicious customer will not be able to map out the entire network based on transaction records.

It is possible that a single malicious customer could use video surveillance and facial recognition to tie a multiple fake ID pseudonyms to a single person. After identifying the vendor in a single transaction facial recognition could identify them every time they send funding, even if they use a different fake identification document. This attack is possible but it is not likely to be used against drug traffickers at the current time.

One of the primary disadvantages of WU and MG is the fact that there are a limited number of locations a vendor can cash out from. Customers know the rough geographic area a vendor will pick up the wire from because when sending a WU or MG the city of the vendor must be listed on the form. This allows for surveillance teams to stake out a number of possible locations the pick up may be made at. These surveillance teams can be alerted when the target attempts pick up and then move in on the target. This risk is much smaller with Greendot cards because Greendot funding can be taken out from a large number of ATM’s distributed through out a wide geographic area.


WU and MG have a substantial benefit over Greendot in that they can be used for funding E-currency. E-currency can dramatically increase the security of a financial transfer.

Customers and vendors can and should use fake identification to counter the record keeping of transactions. Even if a vendor is legitimate customers may be flagged if they send large sums of money with their real identification.

In some cases question and answer can be used to remove the need for identification. If this is allowed or not is highly dependent on the particular area of the customer/vendor

Wearing gloves or avoiding finger contact with the forms can countermeasure leaving fingerprints. Using stencils to fill out the forms at a private location can counter hand writing analysis. However, video surveillance is something that can not be countered.

Note: Forms are designed to pick up fingerprints



Traditional E-currency systems (LR, PX) are relatively complex systems of financial transfer involving many companies. Usually an E-currency system is structured as follows; a main digital gold company stores gold bars in a vault and creates audited cryptographically secure digital currency units. The main E-currency company runs a website that allows owners of the currency to manage their accounts as well as send and accept funding. Usually the main E-currency company is not interested in selling small amounts of currency. The main E-currency company will usually only sell large amounts of digital currency to exchanger companies. Average users of E-currency systems only deal with exchangers and use the main digital currency company only to manage their accounts.

E-currency exchangers are located around the world and they accept payment in various ways according to their own policy. Usually E-currency exchangers have no affiliation with the main E-currency company. Some exchangers are even scammers so be careful who you work with!

To load E-currency first you need to set up an account with the parent company. It is free to do this and usually requires no identification at best or at worst easy to forge identification. You should make sure to protect your anonymity when you set up E-currency accounts, at the very least you should use Tor or similar technology to protect from network forensics. Make sure the E-mail data you register with is no tied to you in anyway and was also obtained anonymously. After you have your account set up you will be given a number which can be used to transfer currency to your account. Now you need to set up an order with an exchanger, it is suggested that you use offshore exchange services. How the exchanger accepts funding is totally up to their policy, many accept western union and some accept cash in the mail. After the exchanger gets the funding you send them they will transfer E-currency to your account minus a transaction fee. From here you can either send the E-currency to a vendors account or you can cash it out and have it sent to a vendor via another method through another exchanger. Exchangers cash in and out meaning you can not only buy E-currency from an exchanger for cash but you can also sell E-currency to an exchanger for cash.


E-currency can be seen as similar to a financial multi-hop proxy, the first hop being the exchanger and the second hop being the E-currency company. This can add jurisdictional complication to financial network analysis attacks. You must make sure to follow normal operational security procedures when using E-currency, for example make sure to use anonymizers when interacting with the digital website and use fake identification for loading currency if possible. E-currency can also be used to create highly decentralized overlay networks, further adding to security of both customers and vendors.


If a vendor accepts WU but not E-currency customers can use E-currency to send WU. After loading E-currency merely cash it out via another exchanger to the WU details of the vendor.

Vendors can decentralize their financial networks by creating new E-currency accounts for each customer. Although this is time intensive the benefits are very extreme and it is highly suggested. If every customer is presented with a different E-currency account it will make it impossible for financial intelligence to map out customer networks. A malicious customer only knows the E-currency account they sent payment to, since no other customers sent payment to the same account the malicious customer gains no useful intelligence.

Vendors can appear to accept any payment method an exchanger offers while actually layering the funding through E-currency accounts. When a customer places an order merely set up a request for funding with an E-currency exchanger and then present the customer with the funding information of the exchanger. The exchanger gets the funding from the customer and then puts it into the vendors E-currency account. This allows vendors to accept payment to any location they can find an exchanger in.

E-currency can be layered through multiple accounts prior to cashing out. It may be difficult for a legal team to prove an account that cashed out marked E-currency belongs to the same person who was sent the E-currency in the first place.

Online E-currency casinos can be used to cheaply add more jurisdictions to a trace and potentially mix the finances of the vendor with many others. If a vendor loads E-currency to buy digital casino chips and then cashes the casino chips out for E-currency to a new account it will probably make it harder for financial intelligence agents to follow the trail and can unlink accounts from each other.

Trust Networks


Open trust networks are potentially a great way to cash out/in E-currency. Assume that Alice has obtained $10,000 worth of E-currency from her customers. Assume Alice and Bob are in a trusted relationship with each other. Perhaps Bob wants to purchase several thousand dollars worth of E-currency. Rather than go through an independent exchanger Bob may choose to send Alice his cash in return for E-currency. This allows Bob to obtain E-currency with high anonymity and also allows Alice to cash out via a trusted node. This can present a virtual dead end to financial intelligence teams. If the E-currency was watched they see it go to Bobs account but they do not know who Bob is or how he obtained the E-currency. Even if Bob paid for the E-currency via WU and was on CCTV, the agents will not know where the funding was sent from. Cashing out of this system is eventually required unless the system continues to grow (Open versus Closed). Cashing out of a closed trust network can be done by Bob ordering product from another vendor and then selling it locally.

Borrowed Bank Accounts / Underground ATM cards

Borrowed bank accounts and underground ATM cards are useful for cashing out E-currency anonymously. They are also useful for taking bank wires as a method of payment. You need to be able to get the details of a bank account as well as a skim of the magnetic stripe of the ATM card tied to the account. If you can do this, you can cash the E-currency out through an exchanger via bank wire to the account you have a card for. You can now cash the money out at any ATM the card is accepted at. If you can get the skim of the ATM card, you can simply encode it to blank card stock for cashing out with.

I suggest not to take money out of the persons bank account unless you put it in. This will reduce the chances that they quickly notice you borrowed their bank account. You could leave extra money in the account as well, the person it belongs to may be less likely to report suspicious transactions if they are afraid they will lose whatever you left behind.

There are various organizations willing to offer ATM cards capable of being funded with E-currency and cashed out with at an ATM. Some of these services are scams and others are legit. Some require identification but these can be countered with fake documents.

Mule Networks

Mule networks can be used to help cash out funding. Obtaining a mule network is a difficult and time consuming task. The most common technique is to offer ‘work at home’ job offers. People accept the job offer and are led to think that they are working for an official company when in reality they are merely picking up money and sending it on. It is expensive to fund these networks and only very realistic for large vendors. It is possible that feds will accept such offers in an attempt to perform human sybil attacks on the networks formed.


Bitcoin is a newer type of decentralized digital currency. The underlying system of Bitcoin is quite complex and difficult to summarize. It is suggested that you go to the bitcoin[1] website and learn about the system. There are various ways to anonymize Bitcoin transactions. As of 2011 June 14, bitcoins trade for approximately 20 US dollars per coin. A combination of Bitcoin and blind signature digital currency systems is likely the ideal way to cash in and out, however such systems are still largely experimental and developing. Additional laundry systems were available as a hidden services, however they have gone AWOL.[2]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: