OPSEC: A Primer.
I'm not giving direct methods or resources, I'm telling you how to both break systems and how to make money on Darknet.
I will be going over various ways to make money, both for the technically minded and the non-technically minded.
Each trade comes with its ups and downs and each require specializations, so study on which method calls out the most to you and pick your craft.
This first part is about OPSEC specifics in regards to the Darknet and how to not fuck it up.
Part two will be on surviving in the community.
And part three to seven will be detailing how to actually make money.
Now you might be thinking to yourself "Oh aediot I've already been lectured on how to maintain good OPSEC blah blah blah this class is redundant I'll just wait until you actually teach how to make the money"
Well feel free to risk spending the next 20+ years in jail since you clearly know everything.
This class is to ensure that you don't rush into this nonsense and fuck yourself over with a big stick, I don't want to see anyone here locked up.
If you do plan on sticking around then I'd like to give you a few pieces of friendly advice.
First being, you should always maintain a healthy dose of fear.
Not only will it save you from jail but it'll also make the game more enjoyable.
If you ever face a situation and you have the choice between paranoia and arrogance.
Secondly, it's a common misconception that you need to be a tech genius to navigate or make money on the Darknet.
This is untrue.
As far as the users go, these are just roundups from my own personal experience.
Id say about 5/10 Darknet users run on Windows, rely on the Tor browser and don't have full disk encryption set up.
Aka "low hanging fruit", These are the ones that get arrested fairly quickly because they lack a healthy dose of fear and don't take
the time required to set up properly.
About 3/10 people are a mix between skill levels.
They have good tips and tricks/know how to avoid law enforcement, But they may still be running Windows even though they're likely using something like Whonix or Tails in a VirtualMachine paired with partial disk encryption.
2/10 people who I'm going to refer to as "elites" are the ones who know what will and wont get them caught.
Using fully encrypted drives, pure Linux setups, IMEI changing burners.
The whole 9 yards.
Does this mean all elites are tech smart though?
They just take the necessary precautions to take to avoid jail time.
Just like modern day journalists are now by extension, tech journalists.
As they need to know proper security and OPSEC in order to not get screwed by Government.
A good number of the elites (especially the older ones) were criminals even before the Darknet and simply immigrated to the internet to adapt to the times.
These are people like Bankers in the business of money laundering, Kingpins [ looking to sell their product en mass, and likewise.
There are those who develop Malware and Exploits as well as provide other services and those are the tech smart ones, But they aren't everywhere so don't expect them to be.
So, that said.
What does this mean for you?
Well if you take your time and prepare yourself out with the knowledge taught here as well as with your own research, you'll find your business opportunities and your own worth in the community skyrocket if you become an elite who knows tech.
Many people will want you to be their contacts solely for the fact that you're among the few that know tech to the extent many do not.
And therefore can pull of better heists, better setups, and provide services that others cannot.
Though I'll touch more on that in later classes.
For example, a potential admin might ask you to develop a store and in exchange give you a cut of profits made.
You might be asked for help with encryption or server setup/security setup.
Aka good opportunities for you, the user.
The only bonds that tie in the Darknet are fear and profit, if you can convince people that you can provide either they'll flock to you like moth to a flame.
It'll do you good in the long run to remember that.
Third, when you get to the point of eventually hanging around the Darknet community after these classes.
Keep in mind this isn't a community that just "doxes for fun" or "to make a point".
You're dealing with Kingpins, CEOs, Bankers, and Blackhats who only care for their personal flow of coin and the flow of commerce.
As well as keeping out of the public spotlight of course.
We are not in this for fame.
We are not in this for fun.
The game is a tad bit different because you're dealing with greed.
Like true greed.
Hundreds of thousands.
Billions in some cases.
If they find you a threat they'll try to come after your contacts and credibility.
Whether it means sabotaging your business in some way, or ruining your name with something embarrassing in an attempt to have you lose
They'll try whatever they can to threaten your flow of coin, or your life if you don't keep your OPSEC up to point with the game you're playing.
But really at that point Law Enforcement is more likely to nab you than a fellow Darknetter.
Granted you won't encounter the more powerful people just starting out when you sift through the public markets and forums first building a reputation.
-For the most part-
This really only applies to you if you find yourself deeply involved.
However it's better to get into respectful habits early so that you don't screw yourself over when you do get deep into it.
Your first mission is to figure out what information your persona shares.
It's not easy, but just like anything that's worth your time it requires patience, planning, wit.
As far as compartmentalizing what information you can and can't share, you'll find it's a much easier task to declare what information you can share with each persona.
As opposed to detailing what you can't.
"My name is Evil0n3, I am a frauder in the Darknet. As far as anyone is concerned I am based in the USA and my backstory is that I'm a
banker in real life but do not know which bank. Everyone in the Darknet knows I am in various carding communities and I can openly admit that I have done illegal things because I've done my tradecraft and know I'm protected."
Maybe not the best of examples but you get the idea.
Sharing no other information about yourself aside from those things listed is the trick to handling your day-to-day OPSEC.
Identifying what you can share just makes things a whole lot simpler.
Your second mission is to run your Tradecraft analysis to identify tasks, vulns, and countermeasures.
Here's the rundown.
You need to identify firstly, what it is exactly that you have to protect.
We're going to be using Todd as an example.
Todd is a Kingpin who's been put in charge of three warehouses full of drugs, 10 corner dealers to sell to normal users and addicts who want a fix, and he gets his source from some grows in another city who ship it to a specific drop every 3 weeks.
So we've identified what it is that Todd has to protect.
So now we identify the potential vulnerabilities for each.
With the three warehouses you need to cover you obviously have quite a few risks.
The purpose of the warehouses is so you have a place to stash the drugs that you give to your corner dealers.
In terms of securing it, think about a few different ways you could go about this.
You could have it set up so that you're the only person who knows about the warehouses location, meaning your contacts and dealers don't know its whereabouts.
Problem is that comes with its own subset of vulns as well seeing as the implementations you have to put in place to maintain relative anonymity.
Which we are going to go over now.
I'm going to be listing the subsets of the setup with numbers like 1/2/3 etc, and below the subsets I'll be listing out vulns for each subset via letters like A/B/C and for each vuln below I'll list a possible countermeasure via  brackets.
Now keep in mind this is just for the one possible way you could go about things, sky's the limit when you're working with imagination and wit.
1. You'd need to hide the contents of the boxes or packages you're putting the drugs in and either haul them in yourself (probably not the best idea) or for example hire some random heavyman company to place/move the boxes for you without knowing the packages contents or they'll snitch you out.
A) The company you randomly hired could drop the box or something could leak out and they would see that you're handling drugs which would lead to jail
Countermeasure [ Seal the drugs ahead of time in vacuum tight non see-through packages ]
B) If something ever happened to you your entire gang/crew would be shit out of luck unless you told them the locations before you died, not likely to happen seeing as it'll likely be a gunshot wound.
Countermeasure [ Leave a note that has the locations of the warehouses in a box. Then give the box to the next succesor in your crew via your will ]
C) You would need to handle the drugs yourself or make trips to the warehouse to unload the drugs for passing out to the corner dealers. Your inner circle might know you're gone and if you have a snitch amongst you then he might try to tail you to the warehouse.
Countermeasure [ Actually couldn't think of one for this because its too complex and there are too many things you'd have to cover ]
For the sake of completing this class within the next century I'm not going to go over every possible method, but I think you get my point on what needs to be done.
And also for the sake of time I'm not going to go over the most lengthy yet vital step which is identifying possible fuckups/things that could go wrong and finding countermeasures for those as well.
An example being "if someone follows me to the warehouse, this is my countermeasure".
This needs to be applied to everything you do.
OPSEC is a 24/7 job and does not end when you shut off your computer and go to sleep for the night.
Nym creation, Heists, Encryption, Anonymity.
Everything needs to be put through the fire and figured out to its fullest extent before you tackle really important shit.
And do you see the time it takes to do this properly?
Identifying the entirety for just ONE possibility of a way you could secure the warehouses and listing out the vulns/countermeasures
Imagine how long it would take to list out the top four or five possible ways to secure the warehouses.
And then you'd have to deal with the other two things you need to protect.
Aka the corner dealers and your drop source.
This is the level of time and patience that it takes to nail down your OPSEC and get it right.
If you rush into this without figuring countermeasures for everything you would be as bad as Todd and his crew by putting themselves at risk for a mass amount of jail time.
So to recap, the steps are as follows:
1. Identify what you're protecting.
2. Identify your end goal.
3. Identify the top best possible setups to protect your assets while weighing the pros and cons to each.
4. Identify the weaknesses in each setup.
5. Identify countermeasures for each and every possible weakness.
Nobody is perfect.
We aren't machines.
You're going to make fuckups, which is what step 5 is for.
But if you did your Tradecraft right you'll be able to know how you can recover from that and will have figured countermeasures for fuckups as well.
If your sin is extremely deadly you may even want to consider going dark (shutting down all your accounts/jacking it to another country or state) completely.
And as a demonstration of what not to do, I'm bringing up a prime example.
Recently a user by the name of DiscordianAnon was doxed here by a few other members of this IRC.
His OPSEC was terrible and he was some anon who claimed to fight governments and do all this activism nonsense.
Problem is "Discordian Anon" is a nym that was linked to his OLD nym which had been doxed by a group known as "HTP" about three years back at the current time of writing.
Do NOT do what DiscordianAnon did when he was doxed the first time and just change your @ on twitter while using the same account so that you can keep your follower/e-fame reputation.
That's obviously not a good countermeasure.
If he really is involved with all these journalists and whatnot like he brags that he is then his OPSEC is complete and utter shit and you should let that teach you as an example of what NOT to do.
By not going Dark he didnt recover from his sin, which means that he didn't do Tradecraft analysis before becoming an Anon.
Aka he has no idea what it is that he's doing and is/was just winging it for the sake of fame and fortune.
This is how you land jail in Darknet.
He was not fit to tackle any government or corporation with a setup like that.
Nobody would be.
Pull this level of shit OPSEC on Darknet and I guarantee you you're fucked and landing 20+ years and not just an asswhooping on IRC/Twitter like he got.
I'm going to say this, and I'm going to say it once.
Low hanging fruit should not be respected, looked up to, counted among your contacts, or anything else that even remotely
ties yourself to them.
Because low hanging fruit are the first to squeel when the pigs threaten them with jail.
So if they considered you among their friends or contacts.
You've just painted a big red target sign on your back for Fed proding and investigation.
Were moving on to the final part now which are really just a few things to get your brain jogging.
The minor (yet important) details are what keep you from arrest in most cases.
One important thing you need to drill into your head is that you are not here for fun or friends.
You play the Darknet to amass your own empire and protect any commerce and resources you've acquired.
You don't have friends.
You don't have allies.
You have contacts.
Nothing more nothing less.
Trust everyone equally, aka not at all.
And for anyone unfamiliar.
A contact is someone who helps your coin flow better, whether it's a source of high quality cards or someone who you know is a good Blackhat and can hook you up with some custom malware for a discounted price or give you some advice on where to score a resource you need.
Another small thing you might want to consider when doing your compartmentalization analysis is if you're foreign to the extent of it showing in your typing.
You'll notice that anybody on public and private Darknet forums use proper grammar.
Aka Capital at the beginning of the sentence and a period at the end of it.
Like I'm doing now.
There are reasons for this.
Same reasons you don't throw addons on the Tor Browser.
One being reputation is all you have in the Darknet.
And you want people to not view you as some crazed methhead who just discovered Tor.
And the other reason is because it disguises you.
If everyone types and talks the same, there's nothing to profile.
If you're foreign and can't type in well formed sentences it might do you better in the long run to publicly identify as someone from whatever country you're from.
That way people won't think you're an english speaking retard who can't type correctly and will have a bit more patience for your bad english.
Though obviously the downside to this is that the Fed and other users might be able to profile you a bit if you don't keep up your
OPSEC as strongly as you should.
Of course I'll leave that decision to you so you can decide what you can/cannot handle.
Also if you type in a certain way that isn't the way I'm typing right now and you're not bad at english, you should consider changing that before you get involved with the Darknet to avoid profiling.
Like .. if you have a speech pattern like this!
Every other.. sentence
Or something equally as stupid.
Last point I'm going to touch on is really just to reiterate that you need to maintain a healthy dose of fear.
I really can't stress how important that is.
Fear will keep you from doing really stupid shit like antagonizing higher ups who know more than you.
Or can do more than you.
Fear will stop you from carding without the proper protections thinking "eh, the feds won't care about lil ol me!"
Fear protects you from making really stupid fucking decisions that may lead to entrapment.
So all in all fear is what assures that you'll maintain a long and happy Darknet career.
It's the little things like this that really strengthen your mindset considering OPSEC is a 24/7 job.
Take the time to follow all this correctly, and keep the little things in mind while you do.
If you can successfully pull this off then you'll eventually come to learn that really the Feds aren't the one you need to fear.
When in reality it's other users.
That's it for part one, if you have questions you can reach me over Email / PGP with my key here: https://keybase.io/delevrything and my email being email@example.com
What you need to understand is that at the current time of writing there are only three real main groups of which you can do business as in the Darknet community.
Identity thieves, Blackhats, and Kingpins.
You need to specialize in one field or another and dedicate your time and resources to it.
And while there are cross-breeds they are few and far apart.
In this talk I'll be covering how to become a Blackhat in the Darknet and what exactly that entails.
Now as far as what you can and cannot do in the circle of the Blackhat there's really no limit.
Though as idealistic as that sounds it's not quite how reality works, you're still at the whims of the free market after all.
Which I'm going to be covering, as well as some thoughts on furthering your trade.
The first thing you want to keep in mind is that when it comes to your customers, you're selling off to three main groups. Spies, other Blackhats or Identity theives.
You'll occasionally get a random intruder or a security researcher if you're dealing with the public markets however, which is the main reason most Blackhats tend to stick to their inner circles of invite only forums.
Essentially if Brian Krebs is your biggest threat you're not in a real Blackhat community.
Sticking to invite only forums helps cut down a lot on what's discovered or bragged about, you'll find that even the Russians don't want to deal with the public markets mostly for this reason.
As among the only circle of the three I mentioned at the beginning of the talk you're responsible for providing technical products and providing yourself as a contact who can do technical things.
So keep this in mind when starting out as to what you should be aiming for.
You're essentially the source of what keeps the Darknet intact and running on its toes.
The role of the Blackhat is one that makes the Darknet as powerful as it is.
One option available to you is being a complete techhead and solely focusing on technical services.
Though another viable and popular option is to focus solely on Identity Theft while using your technical skills to enhance your trade which will make you extremely good at fraud.
The point is, take what's given to you in this class.
Your niche, find it.
Once you figure out what you enjoy doing the most, stick with it and master it until your eyes go numb and you find yourself sleeping on top of piles of coin.
Now as far as what you can go about selling to the Identity thieves, there are a good number of things you can do.
Database selling is among the finest and easiest ways to earn a nice inflow of constant coin.
Finding and targeting sites that have potentially rich customers and then selling the database to an autoshop may be more your level if you just need a few hundred + monthly or weekly (depending on how many you hack and to whom you sell to).
For anyone unfamiliar, an autoshop is an automatic shop where you can go load your coin into and just select what product you want (Typically stolen cards or proxies) and it's instantly given to you.
Think of it like a vending machine, doesn't require a person to operate.
This is to avoid the need for the shop owner or a middleman to manually release the data to you himself and so they can just let it run for days and have the coin collect through a mixer on some wallet.
For anyone interested in selling off a database, go around the public forums and ask if anyone is willing to buy.
Chances are you'll get some queries and prices + jabber contacts to communicate with the staff.
Most times out of none it'll end with you giving the entire database to the autoshop owners and then they give you the coin as your cards are sold off.
Every shop will give you a different cut of the take so shop around and get queries to find the best bang for your buck.
However also keep in mind that just because a shop gives you the biggest cut doesnt mean they are the best option as another thing you want to take into mind is the popularity of the shop.
For example, a shop gives you 70% of whatever cards get sold off.
However the downside of the shop offering is that they have a bad reputation and very few people actually do business there.
So now your cards are sold off to a shop that is getting very little traffic and generating you very little income.
Weigh the pros and cons for each offer you receive and ask around to ask whats the most popular or if the owner is a scam artist etc.
Or better yet, ask your contacts.
Trusted nyms only.
It's not extreme money but It's good as its a constant inflow of cash that you don't really have to manage and only need to put in a few days work for.
Of course for this to work, you not only have to steal databases and the like. But you have to do it undetected.
Nobody is going to pay top dollar for a database that Whitehats are screaming is hacked.
Mostly because people cancel cards and change passwords.
However it also has to do with public attention not being preferable to a Darknetter.
Another topic I'd like to discuss is weaponized Exploits, which is an entirely different market for the most part than malware but I'll get to that in a bit.
The weaponized Exploit market is very exclusive, it's not something that most vendors openly sell to the public for various well thought out reasons.
The first being that reputation is all you have on the Darknet, and most times out of none when you sell advanced kits or products to normal people who are like "oo yea ill just infect my ex girlfriend!" you get bad reviews, bad publicity, and bad headaches because said buyer doesn't know how to handle your product.
Another reason most don't sell to the public for the advanced techniques is to keep it out of the hands of Whitehat scum and researchers who would love nothing more than to buy it and publish it in order to get some pocket change and e-fame for the discovery.
By ensuring that only trusted and skilled nyms are allowed for these markets, the techniques and exploits being sold off wont have their lid blown off by some scrub before the client is able to execute the 0day.
The fact that the forums and circles for weaponized Exploits are highly invite only means that if you're not proven legit and contributing or you don't have an in-guy you're not buying.
People this high up in the circles just want to deal with strict business and typically don't have time for asinine bullshit, so why not choose an inner circle with nothing but the best and most reputable?
As far as malware selling goes, these circles range from medium-level invite only forums to public markets.
Most stick to public markets if they have a whole support team at-the-ready to help you get started with you freshly bought kit if you have no idea what the fuck you're doing.
Which is typically the case when the vendors Malware is trying to be sold on a mass level.
However as for the higher-skilled requirement Malware you'll mostly see those being sold off on the forums and will likely not touch the public markets for the most part.
Now as far as actual malware kits go, I've seen some really crazy shit.
Like really specific purpose malware that goes far beyond just ransomware and RATs.
The reason you don't hear them being reported by the Whitehats though is because the really custom level advanced shit is because:
A) Not generic enough to be detected by Antivirus.
B) It's not super widespread, so even if the researchers did want to see what was infected or how many they would have a really tough time as they'd have to dig through a lot of shit.
Of course once you have the Malware created, the benefit to that over 0days is that 0days lose their polish/shine after the first buy (even though it's typically sold for an ungodly sum of money) whereas Malware can be sold over and over again and can only get more popular.
So go over the pros and cons and decide what it is you want to do if you're aiming for the malicious programming fields.
And if you plan on mastering one craft or are good at one thing and love it, stick to it and don't let it go until you perfect it before you even consider moving on to something else.
Another possible to-do if you're into server side defense and want in on the game is admining and lording over both public markets and things like autoshops.
Even markets need admins.
On top of which you'll get an extremely nice cut as autoshops and markets mostly make millions yearly and they're sure to take care of their admins.
You won't have any set hours (obviously) though you're going to want to be online as much as possible to ensure your clients happiness and business, because their happiness and business is your profit.
You could even manage/admin multiple sites and just take away a near cool 200k+ yearly if you're super lazy and don't want to go hunting for work all too much.
Though again the choice is yours.
Lastly if you're super lazy just list yourself off as an odd-job guy, you'll definitely be able to put food on the table as Identity thieves and Kingpins are almost always needing a Techie for something.
And obviously the better reputation you have the higher the price/more clients you can nab so it's definitely something to consider.
You may not make AS MUCH but you'll definitely not go hungry if you've built up your reputation correctly.
When all is said and done though, these obviously aren't the only things you can do when involved with the community.
There are some contacts who just go out and Dox/Hack/SE information off of really rich people and then sell it off at a nice price.
There are some contacts who focus on nothing but rooting .gov's and .edu's to harvest it for parts by selling off things like emails or shells for whatever reason.
All of this works.
You can obviously do whatever you think of so long as it's profitable and people need the product/service, though if you're going to go your own way like this keeping a few principles in mind may help you out a lot.
First being that historically, the underworld solely exists to provide what the governments have banned or disallowed, otherwise they'd be legal businessmen/woman.
Second being, decide who you want to deal with the most in terms of public level people or the skilled (Other Blackhats/Kingpins/Identity Thieves) as it'll greatly help you decide how you should shape out your product and promotion/advertising.
And on a closing note, if you are going to go the Blackhat route when involving yourself in the community I wanna make two points.
First being if you're going to have the fucking gall to claim to be a Blackhat, you better know what the fuck you're on about or you will get pummeled by those who do.
And secondly, the wisest thing to do in this field is to specialize in an area/trade but keep your paws in all the other trades too.
As a Blackhat on the Darknet you're expected to be a one man army and a swiss pocket knife with your contacts filling in the blank for anything you don't know.
So keep that in mind when you find yourself balls deep in a game you'll not want to likely pull out of.
If you have questions you can reach me over Email / PGP with my key here: https://keybase.io/delevrything and my email being firstname.lastname@example.org
This class will be about not just the circle of Kingpins but also about how to handle yourself when real life crosses over with Darknet, which is essentially the bread and butter of a Kingpin.
The Kingpin circle require the most advanced OPSEC setups of any of the three circles because their trade requires them to do things in the real world.
As a contact of the Kingpin circle very little is required of you as a contact aside from real life dealings.
You may be expected to help set up drops, have your real life contacts perform vandlisim or acts on other people depending on the circumstances.
You will not be expected to handle anything tech or fraud related unless you pawn yourself off that way, you are the fear of the Darknet poured into the real world.
You are our wrath and real world reach incarnate, that is the reputation and job that is required of you.
As far as your business goes, you will likely find yourself in a few invite only forums however your main presence and goal will be that of the public markets as drugs are products for the average user.
The only way you'll get into invite only forums as a Kingpin is to prove yourself as a valuable contact who's reach is far.
In addition, as opposed to the FBI and SecretService who deal with the Identity theives and Blackhats your opponents will be the DEA and the local police.
It goes without saying however there are a lot of low level Kingpins in the Darknet who are very tech illiterate.
You do not want to fall into this category.
Fortunately for you the most knowledge you'll need in regards to technology is to know how to protect yourself using tools and infastructure other people have built for you.
An example about low level Kingpins though is a long while back Alphabay (a public market at the current time of writing) didn't remove metadata from pictures put up to their market.
And for anyone unaware, metadata is essentially information inside the photo that tells you things such as the location, device and other information about the device that the photo was taken on.
It was found that a good number of Kingpins had uploaded pictures of things like where they make their product with their smartphones which had GPS turned on.
You can imagine how well that went down.
You need to be aware of things like this to operate safely on the Darknet, even as a Kingpin you're going to want a Linux setup with full disk encryption and countermeasures depending on the tradecraft that you should firstly perform after identifying infastructure.
So my point is that first and foremost you need to avoid being low hanging fruit.
Now one thing you'll find is that a lot of people talk out their ass and say things like "oh lol u cant b secure as a kingpun tis impossible".
I'm here to tell you to avoid these people as they're trying to bullshit you as they likely have no real experience on the matter if they're talking that way.
It is very possible to be secured as a Kingpin provided you do it right and you do it slow.
I'm not going to be able to go over all the countermeasures for every possible infastructure out there because I don't know your resources/who knows you/if you trust anyone.
Goes without saying that you should not trust anybody however I cannot speak on if you've done so already, but keep in mind that it's never too late to start your OPSEC and provide yourself with defenses and countermeasures.
As a Kingpin you should make it your nature and your business to anonymously aquire as many contacts in the real world as humanely possible.
You want to consider things like its ok if someone sees your face once in a place that has no cameras so long as you give them an anonymized email or social media account that they can reach you afterwards is important to how you handle business and you didnt pre-arrange the meeting with them.
Moving onto actual tactics for marketing and selling in this flooded industry.
Firstly you'll need to identify what exactly it is that you plan to sell off and who your competition is + who the top players of the market are.
This is where you'll want to keep very updated and sophisticated tabs on who is who, because other vendors are unpredictable.
While it's true that sabotoging other vendors products on the public markets is often frowned upon by the community, this has little to no consequence to a vendor who primarily only sells to average everyday users.
Make sure you know who the top dogs are so that you're not like "um who r u" if they come to you with an offer or a warning via jabber or icq.
After you've scoped out and noted your competition you'll need to find how much they're selling, and for what quality they're selling for.
If you think you can just bust into the game with your shite ass quality drugs cause you sold it to randoms on the street who had no other source but to buy it then you're in for a wild fucking shake.
Due to the nature of unregulated commerce, only the best and freshest products survive and are sold.
Nobody's going to buy your toxic product that could nearly get them killed for 400$ a pop, they'll go to another vendor who has godly reviews saying that the quality makes them feel like cloud 9 is their bitch and is being sold off for 200$ a pop.
See what I'm saying?
So you'll need to determine the quality of your own product and keep that in mind when you're selling it off on the Darknet.
Now you might be starting to think, "but aediot, from what you're saying it sounds like I'll make a lot less money if I sell it off Darknet as opposed to the streets!!!".
I'm happy to tell you how wrong you are.
Because while your prices will need to come down, the number of clientele you're going to be selling to is worldwide.
On top of which what you get is longevity, easier protection from the cops via not having to go to "meetups" for random people to buy from you just to get your asshole thrown into jail and made a presence in by bubba.
You also get a godly safe way to refer people looking for drugs to YOUR store.
Instead of telling them to meet you behind the local 7/11 you can give them a direct link to your shop and tell them to shop around.
Do they have trouble buying Bitcoin? Just provide that as a service too! charge a small rate of 5% tacked onto whatever the current market price is and you can offer to give them Bitcoin for cash so that they can buy your product.
As far as pricing goes, you're going to want to sell / advertise both locally and from afar.
Meaning even if you plan on just hosting your sales on the Darknet Markets you should still try to get a high reputation in the Darknet community and appeal as much as possible to normies visiting the Market for the first time as you'll find the boost in business a nice piece of side-coin.
If you have high quality product and know you can pawn it for a bit of coin on the net, one of the best ways to go about this would be to give out very cheap (or better yet free) limited amounts of samples at a time.
So lets say you baked up the best meth on the entire fucking block and you're damn proud of being a young walter white.
You could advertise very small amounts of it as free or cheap samples so people unsure of your quality could buy your product after they've given it a test run.
If your product isn't the best quality though and you have no way of improving it then you're better off just selling it cheaper than your competition for those on the market seeking a quick and stable fix which is also a viable option of business.
The key thing to take away from this is finding how your quality compares to your competitors and making business decisions with that in mind.
And now we move onto dealing with drops, which will move into contacting gangs and my own personal method for becoming a kingpin as a nerd.
A "drop" for anyone unfamiliar is terminology in the Darknet for a location that you send illegal goods through the postal service that isn't tied to your name.
Like if you wanted to order weed or have a Social Engineered credit card sent to you so you can withdraw from an ATM using someone elses account.
There are a few ways to go about this, the most well known and overused method is using an abandoned house (for sale or otherwise) and removing the "for sale" or "foreclosed" sign in front as the address.
Few problems with this, for example if your post man is super srs and gives a shit he may refuse to deliever to the house thinking nobody lives there.
Another is that you have to actually pick up the package with the potential of someone seeing you, you could of course lie and say something like "oh this was my old house and ive been waiting months for this package" etc and be creative though there are a few other methods in mind that are MUCH better which I will show you now.
The first requires for the following three conditions to be true.
1. You have a nice ma and pa restaurant / store that has NO cameras
2. You have about 40$
3. You're a charasmatic motherfucker
How it works is that you essentially speak to the owner of the small store/restaurant and say that you were kicked out of your girlfriends/boyfriends house and that you need a package delivered but don't have an address.
Or some other similar story.
Tell them that you'll pay them a fee if you'll let them use their place as a location to send the package.
9/10 times this works, I've never once encountered an issue aside from "no i cant do that" which has happened like twice to me of the 30+ times I mustve done this.
This other method requires these three conditions to be true:
1. You know how / can research how to pick a lock
2. You find an apartment complex with an empty room and a pickable lock (you can ask the ladies at the front desk which apartment #'s are availble"
3. You're able to be there about an hour before the actual package typically arrives for your location (find this out by staking out the entrance of the apartment complex one day and seeing what time the postal man comes)
The idea behind this is that you use this empty room as the drop address, pick the lock and wait inside for the postal man to come through and then just act like you're the owner.
You wanna do this like an hour before he actually comes just to be safe (bring a phone game or something to keep yourself occupied) that way when he knocks you come out, sign the package, go back inside. Wait about 5 minutes then head the fuck out.
Also it goes without saying but for both of these methods you obviously want to wear gloves.
Fingerprints are a bitch.
There are obviously many more methods on how you can go about attaining a drop but these are among the best I know of from personal experience.
Do your tradecraft and decide which one is best for you.
As far as actually going about gaining real life contacts, you'll find that homeless people, addicts, and local gangs are going to be real fast friends.
Keep in mind that you don't actually need all of them on your payroll 24/7, you just need the homeless and druggies as contacts that you can hit up with "hey do this for me and I'll hook you up with such and such via a drop"
As far as the local gangs, you'll find they're easier to do long term business with.
Getting in contact with them are easy, all it takes is some word of mouth to know who's who in your local city/town and then identify their social media profiles (which a surprising amount of them have by the way)
One thing to identify when dealing with gangs is that by nature, they're low hanging fruit. Don't try to change that.
You'll have a bad time.
Trust me on that.
But once you hit them up on social media, you should make a small introduction and let them know what you can do for them.
A few services you can offer include but are not limited to:
Getting them any drug they want (Order from your local Darknet market, and slap on a 20% rate when you resell it to the gangs.)
Doxing / getting socials (They love this, it blows their mind most times out of none that you can find/stalk anyone just using the internet.)
Boosting their sales via abroad selling (Set up a Darknet market account for them, list the products/stuff they sell and whenever an order is placed tell them to ship to said address. Collect the coin and pay them what they're due.)
"Hacking facebook and other social media" (Phising isn't hard, we both know this. but to low hanging real life fruit they'll pay you a good chunk of money for you to do this so it's up to you.)
Sabotaging another rival gang through online pursuits (This one is more of a general thing, but the best way I like to do it is to list out a report of activities and treat it like a profession where you just list out what each thing you do is cost and then hand them a bill for it. It works.)
Lastly I want to touch on how to deliver packages to your newfound contacts without actually getting caught.
Goes one of two ways, if they're in another city / place you're going to want to use one of those drop off boxes and leave a return address that's not your actual house but in another city.
If they're locally in your city or close to it then the idea is to take the package (fingerprint free) to a remote location with no cameras / little people around and then just alert them of the location alongside a picture of what it looks like (that you delete off your device after you send to them) for them to pick it up.
You can do this with anything really, cash, drugs, gifts, etc.
As for when they send to you, only accept Bitcoin or any form of delivery that doesn't tie to you directly.
And for the love of god avoid the whole human proxy nonsense, it's a huge hassle and on top of which you're relying on trust on top of trust on top of trust on top of trust.
Which as I've said before, a trust model in the community is the last thing you wanna do.
And to be honest that's really the basics of it all, there are a lot more intricicies to the job obviously but you have to learn that as you go. My job is just to lay it out to give you an idea and have you see if it's something you're interested in taking up or not.
The life of a Kingpin in the modern day can be interesting, but above all else before you do your tradecraft before you delve head first into it.
Because when dealing with DEA and local police as enemies you're not looking at long investigations you're looking at a month or two before they come and bust you over the head with 20+.
Tradecraft Tradecraft Tradecraft.
If you have questions you can reach me over Email / PGP with my key here: https://keybase.io/delevrything and my email being email@example.com
Fraud: Low investment.
We finally talk about the last and main final circle of the Darknet, Identity thieves.
As an Identity Thief you're expected to understand the core fundamentals of systems and how they work.
You're also expected to know how to break just about every system that involves money that's currently in existence.
Obviously certain people specialize in things like Paypal or Banks however you should still know how to break everything else even if you have a preference on how to earn your coin.
I also need to make a few things clear before I start, I will not be divulging direct methods such as specific ways to make money.
What I will be telling you is how to break systems, from there you develop your own plans.
In this low-investment fraud talk I'm going to be talking more specifically about local carding (how to do it), and website fraud systems that places like Amazon put into play.
To begin off though, I will be using abbreviated terms for the sake of length so I will divulge them now as to the meaning of each.
If you don't feel like reading through the entire terminology, you can go about the talk and when you see a term that confuses you just come back up to this section and look at its definition. Or google it further if you feel you're still confused. (Use The Tor Browser if your setup is not built to avoid network monitoring).
Track1 + Track2 = The lines on the magnetic strip of your card that allow you to swipe at machines for payment: I will explain more about how these are used for our purposes later in the talk.
AVS = Address Verification Service: creditcards that have Address verification built in, meaning that if your shipping address isn't the same as your billing address it wont go through.
Non-AVS = It doesn't have the thing above.
VBV = Verified By Visa: Essentially a password that's optional to setup on your creditcard.
NFC = Near Field Communication: Nearly every smartphone in the world has this now, the idea is that somewhere on your phone is a tag that lets it communicate with other tags once they get in about skins touching length within each other. This can be used for payments, exchanging data, as well as hundreds of other things. I will also touch on how we go about manipulating this in the talk.
SSN = Social Security Number: Often used in countries like the United States as a way to verify yourself and receive care from government.
RDP = Remote Desktop Protocol: Mostly on windows machines, an RDP connection that was hacked / created can be bought on Darknet which allows you to avoid the hassle of setting up your own machine and browser with the required connections to look like you're from the targets location.
Vendor = A seller on the Darknet: Anyone who sells a product or a service is known as a Vendor.
Carding = The act of purchasing something with someone elses creditcard: This is one form of fraud, but is not the only kind out there.
DOB = Date of birth.
Drop = A place to receive mail that does not tie to your name, I covered this in the part "I, Kingpin" If you want more information.
MAC = Media Access Control: A number assigned specifically to your Wifi Chipset or any other network enabled device such as 01:23:45:73:29:AE that identifies you to a router. When paired with government surveillance you can identify which MAC addresses travel to which networks and essentially you can track users based on the MAC.
CVV = Card Verification Value = The 3-4 digit number on the back of a creditcard.
VirtualMachine = Essentially it's an emulated computer that runs inside your computer. Google for more information.
Fullz = A persons entire data cluster: Name, Address, SSN, DOB, Phone, Email, Etc...
Fullz + CVV = A persons entire data cluster + Their credit card data.
BIN = Bank Identification Number: The first 6 numbers of your Credit Card that Identify the bank that issues your card. These become highly useful to use and know / memorize / lookup if you ever deal with local carding as you need to know what card BINs work in your area.
Socks5 = A type of proxy.
Proxy = Another computer that you funnel your connection through to make it seem as if you were there.
Now that we have terminology out of the way, I'm going to be starting off with discussing local carding.
This is a subject that always makes me laugh because people take to say "oh we have chip cards now, so everything is fine and dandy and the big bad scary identity thieves can't touch us."
For anyone who's unaware, what was happening is that identity thieves would purchase Track1 and Track2 from vendors or hack them from websites and then just simply write the data to their own blank magnetic strip cards.
So the Whitehats and bank corporations of the world in their infinite knowledge and wisdom decided that this was the only possible way that people could card locally since it was the most popular.
So they placed chips inside payment processors now (which you may or may not have seen yet) that require you to insert the card and let it read the chip for payment.
"Pretty neat right, no way a criminal will find out a way around this"
And then for some fucking reason (!?!?!?!) they implement NFC payments into all these new payment processors.
So yes, congratulations Whitehats and idiots of the security world. You've stopped Track1 + Track2 writing selling/vending......................And given us an even better method for some reason.
So now instead of having to buy a magnetic reader/writer, buy blank cards, send them to a drop while hiding the reader/writer and cards in a safe spot so we don't get caught if raided.
We just need to buy a new Android, Wipe it, Install an app (which as we speak versions of said app are being distributed on the Public Darknet Markets) insert the Track1 + Track2 data, and swipe our new phone at a register to go shopping with someone elses money, and destroy said phone once done.
The only real hard work about doing this type of fraud is two main things.
The first being plotting out your route and wearing disposable clothes.
Find the shop you want to card from and do a walk to / from said location to peer around, find where the cameras are and aren't and where you're going to throw away the clothes / burn them.
The second hardest thing is finding what BINs do / don't work for your local area.
I am going to throw in a few tips here, but that's because they're not burnable so use them to your hearts desire.
One of the best ways to check if a BIN works in your area is to get a crap ton of Track1 + Track2 data for different BINs and find a vending machine that accepts NFC payments with no cameras in sight. Then just crack at it until one works and write down the first 6 numbers so you know what to shop for on your next visit to the Darknet market / Vendor you purchased from.
Another tip is for during the heist, if for whatever reason the cashier asks for either identification tell them you left it in the car and ask them to "hold your stuff for you"
Walk the fuck out of the store and never come back.
And if they ask you to wait there while they go in the back to check something.
Walk the fuck out of the store and never come back.
Obviously local carding isn't the safest, but this is an introduction to low-investment fraud as this falls into the category of low-investment but high risk considering you can get Track data for cheap (5-10$ each) nowadays and an Android with NFC for a little more than that off of Amazon (Be sure the model has NFC not all phones do) and cashout with hundreds possibly thousands worth of items that you can resell.
I also highly advise taking a metro or taxi to other parts of the city / state to perform your heists so it's not tracked to your area.
Moving on now to Online Shopping fraud which is where it gets a little more complex.
The main point of any fraud is to convince the system you're breaking that you are who you're saying you are on that creditcard.
Which means making your digital location the same as the cardholders among other things, but I'll touch on this first.
For the point of this talk were going to be covering two sub-categories, carding stuff to a drop nearby (physical goods) and carding digital goods and reselling / converting them in some way to Bitcoin or some other form of cashing out.
Now if you're going the digital goods route, you can take the same method as above though you may be put in a situation where no hacked cards are in your area, for which case you'll need to proxy through things like Tor / VPS / VPN / Socks5 to obfuscate yourself.
However one thing you need to understand is that as online security increases you will want a residential IP address.
Which essentially means that either you or one of your contacts need to hack the network of an average user and use their network to commit the deed.
This is becoming a quickly available service on the Darknet where a Blackhat will mass take over connections and set up something such as an RDP on the host computer for you to connect to.
Another thing to take into consideration that fraud prevention software tracks for online purchases is the email used for the account / purchase.
As it currently stands in terms of domains / TLD's, I'm going to give you a list of the lowest score (good) to highest score (bad).
God-Tier: .edu, .gov, or .org domains. Don't have one? Get root on a server. Or purchase from someone who does.
Any custom domain that you've bought / setup email for that's fresh and new, Any Paid-for Email service.
Eh-Tier: Gmail, Hotmail, etc
Why-Would-You-Ever!?!?-Tier: Anything else.
If you can get root on any .edu / .gov / .org domain then you're essentially set for life, you could fuck up all the other processes but if you get one of these emails the score gets so heavily reduced that it's fucking unreal.
A few more aspects include both some technical topics, but these are only present in the higher class websites (amazon, etc)
HTML5 Canvasing: The idea is that when you visit their site they draw a unique shape / design on your browsers HTML5 canvas (normies see here: http://www.w3schools.com/HTML/html5_canvas.asp) to see if you've changed browsers or not while using the same IP or some similar nonsense like that.
Which if detected that you're fucking about will HIGHLY increase the score.
User Agent Detection / Browser Fingerprint: The idea is that you want to make your browser look as normal as possible so that it blends in with 70% of the other citizens not commiting fraud.
Currently the most popular browser is Chrome, so when you commit your fraud either use that or Firefox.
It may also help to download one or two of the most popular plugin / extension for said browser for better blending.
Anything else and you're asking to be denied at checkout.
This also resonates with the OS you're using, Windows 7 is also currently the most used platform of this year which is why everyone sells Windows 7 RDP's on the market.
As a hot tip from your friend aediot, if you're able to nab a Moto E Gen 1 or any android smartphone for like or less from online or local you should know that e-shop fraud from a phone does fucking fire in reducing your risk score.
If the website has an app as well (Amazon, Ebay, Paypal, Etc...) they tend to bend over for you and let you get away with a lot more than you normally would because you're coming from a mobile device.
So keep this in mind.
Aside from this, proxy detection is really only one of your few remaining enemies.
When setting up your Socks5 or checking to see your RDP's connection, use sites like https://ipleak.net/ to see if they can determine if you're using a proxy or not.
And here we come to another cross branch, if you're wanting to purchase a phsyical product and using a creditcard with AVS it's best to ALWAYS attempt to get the social sec + dox the target some if the package is over 400$ in worth so that you can call their bank and change the billing address tied to the card to your drop.
This requires you to spoof the number to what the targets is for maximum fuckboutery.
They may also ask you for the security question if one is set up, though in most cases they'll ask you for the social and some personal information.
I'm not giving any direct resources here for the sake of them being burned, use your own contacts and ties with the community to do your shopping however you can easily get someones SSN these days that it's trivial.
As far as doxing goes, check their facebook, twitter, youtube, instagram, askme.fm, etc.
If impossible to find their phone #, Social Engineer the target into giving it up.
DM on facebook "OMG OMG SOMETHING HAPPENED TO (name of someone on their close friends list here) GIVE ME YOUR NUMBER I NEED TO CALL YOU ASAP" Or something equally as stupid to get them to give up their number.
If you're using a card that doesn't have AVS but has VBV instead, 8/10 times you can actually just enroll the card for them into the program.
Lastly, when giving the phone number associated with the card replace the 2nd to last digit ONLY in the real number.
Most of these systems do checks, but are only (currently) able to check the first two - three numbers of the # and the last # of the full number.
Again though, this is all only for products over 400$ in worth.
For anything else the SSN nab / doxing isn't necessary but still helps if you want to take the time to do it.
A few more Protips though just to kick you off.
Websites CAN tell if you copy / paste the creditcard details. (and yes it will count against you).
Websites CAN detect what other tabs you have open.
And websites CAN tell how long you've spent on a page.
You may think to yourself that following all these tips aren't necessary.
However you are also allowed to think that you're wrong.
Because you are.
There is no money button when it comes to fraud, It's not something that you can easily exploit.
It takes time, it takes work, and it takes patience.
However the payout is always worth it.
If you have questions you can reach me over Email / PGP with my key here: https://keybase.io/delevrything and my email being firstname.lastname@example.org
Fraud: Medium investment.
For those of you who aren't familiar, a payment processor are the things that let websites and online stores accept your creditcard as payment.
Web wallets being things like Paypal, Venmo, Okpay, etc.
This talk is going to be again, more focused on techniques and theory than actual methods that are burnable so that the details listed here can last you knowledge that goes outside of something you're going to burn and then forget about in a month or so.
So that said, lets get down to the nitty gritty.
Let's start with web wallets first.
When it comes to the world of web wallets there are so many things and methods that you can do which make having the knowledge of how to play the system highly invaluable to an Identity Thief.
You can purchase credentials and cash out an average users PayPal account, or even learn to set up your own for using as a middleman account in a long heist method.
The skill becomes incredibly useful.
However, the security when it comes to web wallets are a pain in the ass.
It's certainly not impossible, however web wallet security is one of the most annoying things out there.
There are a few things that trigger their security firewalls and get you put at risk of being locked out if you decide to make your own Paypal account for cashouts and whatnot.
- Your ip changing constantly
- If you try to log in without the cookies from last session in your browser
- If you try to cashout more money than the account has handled (example being if you want to cashout 12k and you've only ever handled 2k total in transactions.)
Another thing to note is the 5 steps Paypal requires for verification.
Only steps 1,2,3 and 5 are required to get the "lol ur verified" approval from paypal but it helps to get as many brownie points as possible to avoid flagging.
1. Verified Email (Use something like a pro ZohoMail or something that is not fucking gmail. Even .edu emails can go a long way as talked about last class).
2. Verified Address
3. Verified Phone number (you could use a Google Voice)
4. Verified CreditCard
5. Verified Bank
For the Address / Bank you can get these services off any public DN market but it'll cost you a pretty penny.
Also keep in mind that the better the Bank account you tie to the account the better off your chances are.
As far as the CreditCard verifications go, a common tactic is to just purchase an active users card with a lot of transaction history and just setting that as the verification.
Only problem is that how the verification works is that they send a verification code riding along that microtransaction they use to charge the CC with.
So if you're using someone elses card you'll need to get the phone number they used, spoof your number to that and then call the Bank with all the social information n whatnot and ask for what the code was.
If you want a safer route you could just request a card from your Bank drop that you're using to verify the card.
I also want you to keep in mind that setting up a webwallet with someone like Paypal requires a good sum of money.
Like roughly $200 to $2000 or more.
However once you have it aged well and transactions have bled through + you've handled a lot of money in it your potential cashout is anywhere from 15k to 40k per account depending on your heist.
Which brings me to the subject of aging.
"How long should you age the account tho aediot" I hear you ask.
A month or longer. Minimum.
You should also have as much transaction history total as you plan to cash out like I mentioned before.
So if your cashout plan is for 15k, then be sure you've traded and handled at least 15k through that account.
"How do I build up transaction history tho that sounds hard"
Bitcoin trading is one of the best ways to go about this as a lot of vendors allow trades to be done in Paypal.
Check to my "Bitcoin: Breaking the bank" talk if you need a refresher.
Now all of that was just to create the damn thing.
You're free now to use it as a middleman account or use it to clean out other Paypal accounts.
So now we move to the subject of cleaning out normies paypals.
You'll notice what I said above in terms of "Paypal flags your shit if you log in with a new IP and no cookies"
So what a lot of vendors will do is sell you an account that has stolen funds transfered into it.
And just give you the creds to that made up middleman account.
Most times out of none they'll give you the Socks5 used on creation of the account and a bunch of other things like the information for verification.
Just be sure that when you log in and cash out, you're doing smallish amounts at a time.
Like $10 to $100.
Of course you want to both be slow enough to not trigger Paypals security and fast enough so that Paypal doesn't go "oh hey that's a frauder account".
It's also better if you have more of a method like this when you do your planning.
Stolen Paypal > Gig site (something like Fiverr or whatnot where you have a product put up that you can link to your paypal.) > Bitcoin
The thinking behind this is that it's a lot more natural for the Stolen account to just buy something off of a gig site.
From which you can create an account on, place up a 100$ listed product or something and link your paypal to the site as a cashout alternative to bank.
So when you use the Stolen account to buy the product you just pocket the cash in the paypal account you have linked to it.
It also helps reduce alot of the brunt of the trade.
So for example if you log into the Stolen account and while you're logged in Paypal's algorithm thinks you're a frauder and you try to just DIRECTLY transfer funds to your middleman, then you've just fucked your middleman account cause now it'll be locked down.
Whereas if they just refuse your purchase on Fiverr or wherever the fuck your account is still operational.
On a parting note for the webwallet methods just keep in mind that Paypal is more of a situational tool than a single technique or field when it comes to fraud.
As in it's just one part of a multi stepped method that helps act as yet another ring for the payment to process through which helps the heist on a whole.
Now onto the second half.
In terms of cashouts, I'd say this is about one or two steps below Bank fraud in terms of amount.
You're looking at anywhere from 10k to or more. Monthly.
When we talk about frauding Payment processors, more specifically were talking about setting up an online store via a self hosted website and then tricking the processor into thinking you're legit.
After which you just need to create some listings and then buy some high end cards and go shopping for yourself.
Which you can then cashout into the Bank drop you have linked to the processor account.
Sounds easy right? Hint: It's not.
Well at least not at first.
There are a few factors you need to take into consideration when going for this process.
- Quality of the Bank drop
This is important, you need to set up the cashout method before even attempting to start up the e-shop, make sure you're able to flow money through the bank drop safely so that you can put the earnings into something like Bitcoin for example.
If your Bank drop falls through then you can sorta kinda consider the whole thing a bust even though sometimes there are ways around it.
- Age of domain / Experience of shop
The older your domain is, the better time you're going to have. Period.
On top of which you need to make sure you have at least 6-10 transactions on your store that do NOT get flagged to make the processor think you're legit.
I've had one or two times where my first two transactions get flagged and then the entire shop / Bank drop is a bust.
Also it should be noted, you don't need to follow the 1:1 rule like you do with the web wallets so even if you haven't moved 15k through the shop you can still cash that out.
- Time of cashout
This is also an important factor.
Most payment processors at the current time of writing allow two day transfer to your bank.
Meaning that it takes two days from the time you go on your shopping spree to reach the Bank drop.
Some processors even allow one day transfers now.
You do NOT want to set up a shop without two day cashout at the LEAST or you're seriously risking your heist.
- Experience of Processor
When it comes to the daddy of processors, the current king is Stripe.
Stripe knows this.
And while Stripe is profitable, it is a BITCH of security to get through.
I'm not going to mention what you need to do specifically to break Stripes security however I will say this for any first timers out there.
Try to find a virgin.
A virgin processor, that is.
Meaning a new processor on the market that's just trying to make a name for themselves and will allow almost anyone to sign up.
It might not be AS profitable as Stripe, but you'll get your worth and then some.
This isn't a fast process.
Bide your time.
Act like a real shop owner.
Comply politely if they ask you something.
When it comes down to fraud, really the only thing you need to keep in mind is that the game is all about creativity.
Don't just use stiff dry methods, innovate. Explore. Find new ways to break the system, ways that you and ONLY you will know of.
That's the trick to hitting it big as an identity thief.
I mentioned this before in one of my previous talks but methods are the candy of the Darknet.
Use it to make money, give to contacts for influence, or even just to hoard.
Identity thieves spend 24/7 thinking of the next best method and how much they can sell doing what.
In this life you have a lot of free time, but if you want to hit it big you'll spend most of it concocting plans and new methods to further your influence.
If you have questions you can reach me over Email / PGP with my key here: https://keybase.io/delevrything and my email being email@example.com
Fraud: High investment.
Actually decided to make this.
I wasn't originally going to make this last part, but as of May 22nd, 2017. Here it is.
Part 7. Bank fraud.
I originally wasn't going to make this class for the sake that it's hard to really pinpoint on paper what you need to do and be able to perform as a human being to pull this off.
When it comes to Bank fraud there's a lot of thinking on your toes as every situation is different.
However all that said, I decided there are some basic key nuggets of truth I can share.
This may not be the longest class, however I hope you enjoy it nonetheless.
What I'm going to be talking about is honest to god Identity theft.
The process of taking over someones life, and convincing the bank that you are another person.
So I guess I should start off with creating a Bank drop.
A Bank drop is essentially a Bank account with someone elses name and identity on the listing.
If you want a long term Bank drop, or want to tackle bigger banks. You need to use a real identity.
Can't just say "Muh name Jeff" on an application.
Half of cashing out stolen Bank accounts depends on how good your Drop is.
Ideally you want your drop to be fully verified, and hooked to some service such as Coinbase or a Forex trading site where you can easily convert any cash needed into Bitcoin.
When starting out, It's best to go from low heat to high heat.
What I mean by that is start trying to create drops at places that aren't Brick and Mortar...At first.
"Brick and Mortar" is a term on Darknet that means "Banks who have a phsyical store in the real world".
This includes places such as Bank of America, Wells Fargo, and the likes.
You want to start small, then once you understand the hang of it. Go big.
Same with learning Linux. Start with Ubuntu, then jump in with Arch.
This is just my personal advice, take it or leave it.
One of the best ways to learn how to create a bank drop is to reverse engineer it.
This really can be applied to any method or service you want to break in the fraud world.
What I mean by reverse engineer it is to go through the entire process first. Legally.
So to apply this logic to Bank drop creation, find the Bank you want to break and then sign up for an account in real life.
When you do this you can learn all the ins and outs in terms of identification and verification they require for their specific services.
Use Tor on the online signin. Do crazy shit.
Really test the system.
See where it breaks, and where it passes.
Then after a few months go through the process again. Illegally.
You should know the ins and outs and completely understand what you can and can't do.
As far as where to get ID scans and Fullz you're going to be involved with the community for the good ones.
Fullz for anyone not informed is someones entire life in a .txt
Name, Address, SSN, Phone, Etc.
All for typically 30-80$ depending on how rich they are.
Bank fraud is not a low investment thing.
You will invest about 500-2000k to get the required quality documents and verifications cleared.
However that said.
The payout is tens of thousands.
And if you're hitting a rich target, hundreds of thousands.
All within the process of a few months.
And when you have multiple Bank methods running at once, you can easily expect to make 200k+ in 3 months.
I half made this guide because it disturbs me how grossly unaware Whitehats are of what criminals make.
They'd rather pay attention to flashy ransomware with an author who isn't even from the Darknet.
Things are only going to get worse if they keep this rate up.
The more they worry about e-fame the worse off the world finances will be.
Also there's the process of setting up the Bank drop with something like a VISA card or Coinbase for Bitcoin.
But that basically follows the same logic.
Also as far as aging goes, the logic of my last class applies.
Do a bunch of legitimate transactions and don't cash out anything you haven't handled yet.
i.e. if you're going to cash out 100k then make sure you've handled 100k in legitimate transactions first.
That's just as far as drops are concerned though.
The real heavy lifting comes with snatching a working Bank account away from someone.
It essentially boils down to two steps, and while that sounds easy and quick I can assure you it's not.
1. Dox the target for everything he owns. You want to know him better than you know yourself.
2. Call into the Bank and convince them that you're said person.
This has a lot of minute details. Such as the fact that you might trigger security and they'll put a professional Whitehat to talk to you on the phone.
They're typically not worth their salt, but don't underestimate anything.
It helps if you have the entire dox on a spreadsheet in front of you and you just recite it all in your head until you can recall said information by heart.
Cause if that Whitehat detects things like hesitation, he may just shut you out of your account.
Once you gain control of the account however, wipe the information to things that you own.
Change the number.
Change the address.
Change everything you can to something that you own anonymously.
Because when you're cashing out tens of thousands you don't want said dude getting a text saying "HEY JACKASS SOMEONE JUST TRANSFERED MONEY".
Also should mention that transfers typically take a few days.
So when you're cashing out to a drop, do it on Monday.
Banks love Mondays.
This talk is really just a testament to the fact that Banks don't care about Fraud really.
There are so few people worldwide who can pull these things off so it doesn't happen that much.
Less expensive for them to just let it happen as opposed to them changing infastructure to prevent it.
An example of this is that fucking one-two day bank transfers are now a thing.
Which is fucking unbelievable.
But yea, sorry if this wasn't the most technical talk in the universe.
A lot of Bank fraud just has to be common sense because there are situations and scenarios that aren't described here that will happen.
Stay on your toes, follow these basics, don't look back.
If you have questions you can reach me over Email / PGP with my key here: https://keybase.io/delevrything and my email being firstname.lastname@example.org
FBI: A Darknet Case Study.
The idea of this study is not to to dissuade you from the dangers the FBI pose.
It is to educate you that they only pose dangers so long as you perform actions or retain aspects that make you the lowest hanging fruit or if you let their mind games get to you and make you do something stupid.
For anyone here who is unaware the "lowest hanging fruit" Is, it's a term thats assigned to those who are the easiest for the FBI or the NSA or anyone to catch.
Basically if you pull a stupid thing and think "Oh theres no way the FBI will pay attention to me" Or you pull off a stupid thing and don't cover your ass?
Guess what you're the lowest hanging fruit.
You're the type of person the FBI chew up and show off as examples to the rest of the world that you should keep employing them because they're "doing good in the world by arresting people like you"
Now I'm going to be showing you a lot of things in this class that will make you think that the FBI are worthless.
Which they are.
But never underestimate a criminal organization that has the power to put you in a cell for 20+ years for breaking what they deem as the law or because they want to.
The reason we overestimate law enforcement during Tradecraft is so that if we DO fuck up, we are still 1 step ahead. Hence, being 2 steps ahead is the name of the game.
We are going to be observing 3 case studies that the FBI have pulled fairly recently.
In addition please note that these are just three cases out of hundreds, each pulling the same theme which I will show to you in these few.
The first of our case studies is on what's known as the Blackshades takedown.
Blackshades for anyone unfamiliar was a rootkit that was operated and dispensed just like a business on clearnet.
They provided updates, had a team for handling purchases, tech support even. The problem is when you're peddling a product that can land you 20 something years in jail or longer someone in your team is probably going to be a fed. More on that later though.
Roughly a week before the infamous blackshades takedown this was posted and spread throughout the community:
My favorite ones include "There is a philosophy change. If you are going to attack Americans, we are going to hold you accountable,"
And "If we can reach out and touch you, we are going to reach out and touch you."
Gotta love that pure unadulterated level of self importance.
10/10 would have it for breakfast every morning before my daily bowl of cereal.
So a week after that goldmine of an article was put out the FBI sacked the fuck up and busted the writer of the blackshades malware as well as his team.
Shockingly someone in the blackshades team was a snitch.
Please keep in mind if you ever tend to play the Darknet game for money, for secrets/information, or just straight power.
Please fucking remember that 1 in 3 people on the Darknet are confirmed feds.
But that shouldn't concern you so long as you trust everyone equally and treat everyone like a fed, because if you can pull that off nobody will be able to touch you.
And really that goes for anywhere. If you go into a place and complain "oh its infested with feds" then that means you've already failed at your fucking OPSEC.
Because the fact that you're worried a few people might be fed means that you don't treat everyone like feds already.
Which means you give out special trust and permissions to certain people or users who you think "Aren't feds"
This is the shit that gets you arrested people.
If you're under a name that has done confirmed illegal shit then you should treat everyone like a fed, snitch, or someone who will rat you out for their own gain.
But if you come on twitter or wherever for the sake of fun and friends then dont do anything illegal.
This is compartmentalization 101.
Also there's a common rule when it comes to either hacking or fraud, and I think it's a pretty good rule to follow when doing anything cyber-related thats illegal.
Assume that every tool of anonymity is broken. Every layer is traceable. And that the FBI can break any level of encryption you have. Now ask yourself, what's your setup?
And that's how you should think, that's how you stay two steps ahead of these games the fed try to play on everyone and that's how you avoid being the lowest hanging fruit.
Aka the key to living a long and happy Darknet career.
But enough on that back to the lesson.
I want you all to go and take a look at the press release they put out here:
I want you to take a look at the wording of a certain section, preferably the second paragraph.
>Also charged and arrested in the US were an individual who helped market and sell the the malware + two blackshades users in the usa who bought the malware.
That paired with the "Oh we arrested 90+ people" stated in the press release would make you think that they caught more people than just the users and actually grabbed the entire team that developed it right?
About 3 weeks later it was found via a magical group of rednecks who will not be named that the only people arrested were (get this) and I quote:
"Users who bought the malware on hackforums using a paypal tied to their real names."
I want you to let that sink in for a moment, that is literally the most un-technically impressive takedown in the fucking world.
Hackforum users who bought Malware with their REAL paypals?
You may as well have walked up to the FBI headquarters and shouted "HELLO YES I AM CRIMINAL PLS ARREST".
Good job FBI, we should all give them a round of applause for that ultra sack of fucking bravery and skill.
Point is this is a re-occuring theme you're going to see in eh roughly 90% of any Cyber op the FBI take hold of.
A) Do something unimpressive as fucking hell.
B) Try to word it in a way on the shiny press release that you did a lot of work.
C) Exploit the fearing fuck out of it and make your target paranoid as all hell if they took part of it or plan to.
In this case the target audience being current tor/Darknet users, and new people thinking about getting into the game.
As it is with just about every "takedown".
It should be noted though that they didn't lie in the press release though, two USA people were arrested for buying it.
Because the others who used their real paypals were foreign.
So basically just came down to clever wording.
It should also be noted that the article was released the week before the blackshades takedown on rueters on how "If we can reach out and touch you, we will reach out and touch you."
Was this intentionally spread throughout the script kid level community by the FBI though? I'll leave that to your own rationale to decide.
I'd like to bring you to our second case study.
I wrote up a satirical piece on the analysis I'm about to give you via https://encyclopediadramatica.se/Operation_Onymous
Here's the rundown however.
On November 5th, 2014 the FBI had announced the takedown of 414 .onion Darknet services.
When it first happened, everyone FREAKED out.
Can't even tell you how many fucking people came up to us asking "Is TOR Broken!!?!?" and we had to respond with "We don't know at this point", which I'm sure didn't inspire new users or the average trade to get into the trade and deterred uninformed and tech illiterate Darknet users like Kingpins from continuing business on the Tor network.
We were in the dark for about 2+ weeks before we knew what happened.
On their press release they mentioned the takedown of things like Doxbin, Silk Road 2, and an ISIS funding website that accepted anonymous Bitcoin donations.
Now for anyone unfamiliar about how Darknet culture sites n stuff is, there is no Google overlords to protect you against spam sites.
Meaning if you make a marketplace, someone could just download the source code and put it up under another .onion and basically try to pawn it off as the real thing.
Essentially it's a way of scamming, it's really popular on Darknet.
SO IT TURNS OUT RIGHT.
That about only 27 Darknet sites which were raided in that 414 website count were real.
Which means that the FBI literally seized 387 other sites which turned out to be SCAM WEBSITE CLONES.
Which also means that the ISIS funding site they had listed on their page under "Things we took down" was also a scam onion.
Meaning the real .onion for that ISIS site is still up.
Good job, feds.
Which leads to the question of....why?
Why would the feds take down so many clone websites?
Was it on accident?
The answer is that it wasn't a targeted takedown of .onion services.
The answer was revealed that all they did was go up to a hosting website which I will not mention here, and then shut them down because they were hosting ALLLLLLLLLLL these services.
And then they made it SEEM like it was a targeted attack.
It was only thanks to our researchers that we found out so many were clone / scam sites.
Of course you can IMAGINE how fucking terrified everyone was for those 2+ weeks of being in the dark about the details.
"Is Tor broken?"
"Is our crypto broken?"
I hope by now you're seeing the pattern I mentioned in Law Enforcements "Takedowns"
>Do something technically unimpressive
>Pawn it off like it is impressive
>Exploit the fear generated by keeping people in the dark about the details.
Last case study, this one is on Silk Road 2 afterwhich my man rackham will give some details on a new "Takdown" of a pedo site that the Feds recently did that I myself have not researched yet.
This is still within Operation Onymous as it happened at the same time but it was not taken down in the same manner as the other .onion's.
This was actually the one targeted .onion in the entire operation.
So this last one is going to be relatively brief because it's more or less a repetition of all the shit I've pointed out before in terms of the pattern the FBI so dearly cling to.
The too long didn't read version of Silk Road 2 is that a few autistic motherfuckers who had no idea what the hell they were doing much like Dread Pirate Roberts the owner of the first one, decided "Hey we should totally cash in on this Silk Road name thing and put up a clone".
A few hours of shite code edits and changes later you have the most scammy deplorable market on the Darknet.
The owner of this travesty known as Defcon was probably the most useless fuck imaginable who got Doxed (Dox confirmed when he
was taken to jail for what will probably be life) within I think it was the first 4 months of operating his market?
So anyway this is more of a hilarious point that the FBI handled, but when asked how they managed to get the .onion's server IP location they said and I quote:
"We managed to get the IP of the server by fiddling around with the login screen for about an hour"
Personally I think they just had a fed somewhere on the inner circle and didn't want to rouse suspicion so they lied through their fuckin teeth cause they still want the fucker undercover.
But what the fuck ever we could speculate all day.
Now the FBI knew for a fact that nobody fucking liked or cared for Silk Road 2 because the staff kept scamming the users and vendors and the market itself was unreliable and scam centraly as fuck.
Which is why they included it within Operation Onymous.
For what reason?
To spread the fear and worry that Operation Onymous was a targetted attack.
Think about it, if you got something like a Darknet Market alongside other services like Doxbin the first thing that would come to your mind is that the attack is targeted in terms of they exploited some massive flaw or something within TOR or Relay servers or whatever.
And that was how they used the OP to scare as many people as possible.
And guess what.
It worked for the most part.
Which brings me to my final point.
The reason that the FBI keep resorting to fear and lack of basic fucking understanding of the inner workings and layers of the Darknet is because fear and social engineering is all they know, and it's all they have in this battlefield.
Their organization for decades has been dedicated to hunting Physical crime, which they are good at and I'll give them props for that.
The problem is that on the internet it is much MUCH easier to be an attacker than a defender.
Fear is all they fucking know to do, because it's the only real tool they have in this unwinnable war against all crime ever.
True story, the FBI have actually put up ads stating "You can now smoke weed and work for us in the cyber division!".
You know what I call that? Desperate. The FBI know they're fighting a war that can't be fucking won.
Because they need us.
They want us so bad.
And they know that the Whitehats they have employed don't half even half the skill that the Blackhats of the net have, much less the common fraudster.
That's why they're attempting to backdoor and censor our internets so they might gain a fighting chance.
But so long as you stay two steps ahead of whatever game they try to play, they will never beat you.
Now my man rackham wanted to share some stats for the playpen fiasco since a few of you asked about that.
<&rackham;> yeah before the flood of questions come
<&rackham;> and because this is in the news a lot recently
<&rackham;> the vulnerability that they utilized and everybody is so spun up about was PATCHED in the Tor browsezr before the FBI is thought to have used it
<&rackham;> it is suspected to be a variant of Rapid 7's decloak (google it if you don't know)
<&rackham;> so tl;dr
<&rackham;> patch your shit
<&rackham;> love numbers
<&rackham;> someone get a calculator out for me
<&rackham;> we all know the story
<&rackham;> FBI seizes server
<&rackham;> and hosts CP for like 2 months or something
<&rackham;> and they're talking about how big this site is and over 200k users right
<&rackham;> they deanonymized 1300 IPs
<&rackham;> can i get a percentage quick?
<&rackham;> you guys are too slow
<&rackham;> its .0065%
<&rackham;> lets go further
<&rackham;> now this was quick google
<&rackham;> numbers may have changed but
<&rackham;> as of April 14, 2017
<&rackham;> can anybody guess how many of the 1300/200K+ were actually arrested?
<&rackham;> add another 0 in there
<&rackham;> .000675 percent
<&rackham;> throw a tee-ball player in the MLB
<&rackham;> and they'll bat a better percentage
<&rackham;> also, the way they found the server?
<&rackham;> an unnamed foreign country found it on the clearweb
<&rackham;> admin SSH to the server from his home IP
<&rackham;> at the end of the day, one thing we can see in all of this
<&rackham;> 1) encryption DOES work when used correctly
<&rackham;> 2) the infosec community is not the only ones selling FUD
<&rackham;> the FBI will use fear, uncertainty, and doubt
<&rackham;> that is their only weapon
<&rackham;> that is not to say they are not a danger
<&rackham;> but don't get it twisted
<&rackham;> they're not fuckin skilled in the least
<&rackham;> so to break it down
<&rackham;> playpen had 200,000 users, they hacked 8000 computers
<&rackham;> out of those 8000, they identified 1300 suspected pedophiles
<&rackham;> of those 1300, they charged 137
<&rackham;> and now we learn in the most recent update to this case that they aren't actually able to even charge that 137
The parting lesson to take home is, stay two steps ahead in whatever you do.
And if you're in the game for anything illegal, treat everyone like a fed.
Making friends is not your priority, and trust is the last thing you want.
If you have questions you can reach me over Email / PGP with my key here: https://keybase.io/delevrything and my email being email@example.com
Bitcoin: Breaking the Bank.
Please keep in mind that I teach a lot of this from personal experience as I have survived with nothing but Bitcoin and cash for the past
three years and counting now.
So during the Q&A; sections or at the end of class if you have personal questions on how to go about setting things up for your personal life just shoot me a question and I'll more than likely have a solution for you if it's not already been covered in this lesson.
By the end of this class you should be able to have a basic idea of how Bitcoin works, where you want to go to buy your own, where to stay away from, how to secure your own wallet and most importantly.
How to secure your own fucking wallet.
On a brief summary for those who are unfamiliar with the concept of Bitcoin and need an explaination of how it all works, the too long didnt read version is this:
Bitcoin is a decentralized network that isn't run by a bank or by any central authority.
When you get into Bitcoin you'll use a wallet software like Electrum or a web wallet like Blockchain.info to generate a wallet address that
looks like this: 113oPeEquAW8fxDwcThH6PU8sjCiHSCWUH
The concept is that anyone who also has a Bitcoin address can send you money directly without the use of a bank or a 3rd party processor just by entering the amount of Bitcoin they want to send and your wallet ID.
The wallet ID being that long ass block of numbers you just saw.
So if you've never used Bitcoin before and just need to briefly familiarize yourself just sign up for a quick wallet via https://blockchain.info/wallet (Yes you can use your Tor browser) and just explore around a bit with the options and you should get an idea for it.
At the current time of writing Bitcoin is currently priced at around 400 per Bitcoin, so if I wanted to send you say 20$ in Bitcoin the amount
I would send you an amount of 0.04357 as an example.
You can check the current market value and see how much USD or any other currency is worth via preev (https://preev.com)
The real end goal of this class is to be able to use the knowledge I'm going to impart on you to completely remove the use and need for your bank in your everyday life.
And know which services are available for you to replace the functions that your bank held.
So im sure the first thing your brilliant mind is just clammering at the keyboard to ask me is "lol but aediot y the fug wud i want to not use a b@nk? xD".
Because if you want full privacy and control over your money and in reality your life you need to ditch the institution you've given full
control of your life to.
Money is life, it follows you everywhere and it allows you to do things.
It's what feeds us.
Pays for our house.
And takes care of us in general.
And privacy is a lot like bacon, it makes everything better even if you're doing nothing wrong or illegal.
The more control you take back over your own money the more self empowered you'll be to do anything you want without a watchful eye from not just your local government but people around you as well.
In addition, Having access to your money everywhere and anywhere you go can be useful if you find yourself in a situation of where you need to be on the run or you need to not be tracked via your credit card or banking information.
There are even laws that you can't carry more than 10k in cash if you're traveling outside of the US. Something like Bitcoin fixes that easily.
In addition to full security and privacy over your own money is an extreme peace of mind when regarding the assurity that some random blowhole doesn't target your bank for some $ and sells off the info to someone who cashes out your account 2 years after the actual hack.
I'll talk more about that in another class though.
Lastly there are legal reasons such as being sued or having the court freeze your accounts to where you can't access any of your funds. They can't garnish your wages or do anything to you in regards to your coin flow if you're using Cryptocurrency.
"but aediot I've heard that bitcoin wallets have been haxored off cam-pu-tors!!!!!"
That's because people like Tom exist.
Tom could be anyone from your next door neighbor to the average white girl at an internet cafe who decided to try to get into Bitcoin without doing any prior research as to go about securing their shit.
They decided it'd be a good idea to leave a hardware wallet on their nifty little windows desktop and thought "eh ill be ok nobody will ever hack me, i'm not important enough!".
Next thing you know Tom wakes up and all his Bitcoin is gone because norton antivirus didn't pick up that he was infected with Bitcoin stealing malware that was searching computers on a mass scale for a wallet.dat file and ran off with it.
Tom is now a very sad man.
Moral of the story: Don't be like Tom.
One thing I'm going to do is not waste class time telling you all of how Bitcoin network itself works however.
Because you can google that and find amazing explanations within minutes.
Like this one for example: http://www.coindesk.com/bitcoin-explained-five-year-old/
And this one if that last one is too babied for you: http://www.coindesk.com/information/how-bitcoin-mining-works/
So instead what I am going to do, is briefly explain that Bitcoin was built with psuedo anonymity in mind.
Basically meaning that because every Bitcoin transaction is available to the public eye via the Bitcoin ledger (https:/blockchain.info for
example displays this) the FBI or any other agency can easily see how much money gets transfered to which wallet.
And while they cannot see your name just by looking at the wallet, you can determine the sending IP that's associated with the account.
And to anyone who isn't aware by now you can get a lot of information from an IP address. And you don't have to be a federal agent to social
engineer an ISP into giving you personal information on the target.
That said though, it is easier to look up information as a fed seeing as how they can just go up to the ISP and pull all the records about the account that was assigned said IP and find information like your name and address.
Hence the term psuedo-anonymity.
And why it's important to use things like a VPN or Tor as well as Bitcoin tumblers to anonymize yourself within the network, but I'll touch more on that near the end.
I'm going to get the quickest portion of this class out of the way, which is covering the services you can use for replacing the parts of your life and things that you buy with your bank account.
These next 3 methods are for paying Bills and other things with cash or e-cash services. Now keep in mind you DO have to verify your identity for these but that's O K! You're not trying to hide that you're paying your bills from the government.
You're trying to hide how you got the money or where you keep the money in the first place so they can't monitor ALL your shit.
The more privacy we can attain in our day to day lives the better off we are.
https://yourutilitysitehere.com - Most companies actually allow you to visit a local office branch directly and pay with cold hard cash. And even more companies than that will let you just pay your bills by purchasing a prepaid debit card and doing the transaction over the phone! Though you want to be SURE to ask them first before you go spending all your $ on a prepaid debit card that you can't do anything with.
Luckily most companies still have to deal with old people who dont understand computer
Which is good for us and our privacy.
https://westernunion.com - You can use in-person agent locations to pay your bills using straight cash for most companies, yes
its a tad pain in the ass to keep having to go to a location everytime you have a bill due however it will keep your money
location a secret if your utility company doesn't allow direct payments via the above method.
https://paypal.com - As a last resort one of the things you can do is pay your bills using Paypal if they allow it. And if you're asking yourself how you load money onto a paypal account without a bank or credit card, paypal added this WONDERFUL service called paypal mycash.
Mycash is essentially a prepaid giftcard for nothing but paypal credit that you can put onto your account redeem via the code on the back of the card you purchase.
The site for paypal mycash can be found here: https://paypal-cash.com also as a side note, paypal mycash works internationally as well as the USA. And if you live in a relatively remote area where you can't go to a pharmacy and pick up the prepaid card you can actually trade Bitcoin DIRECTLY for mycash codes. But more on that in a minute.
Though do keep in mind that faking your name via a wire transfer is fraud.
So keep that in mind when you do your tradecraft.
The site for paypal mycash can be found here: https://paypal-cash.com also as a side note, paypal mycash works internationally as well as the USA. And if you live in a relatively remote area where you can't go to a pharmacy and pick up the prepaid card
you can actually trade Bitcoin DIRECTLY for mycash codes. But more on that in a minute.
In addition you can use payoneer (https://payoneer.com) to verify your paypal account without the use of a bank.
Another thing I imagine a lot of you here use your bank for is getting money from you job.
I understand that not all of you are super duper cyber criminals and just have normal jobs that you hate or jobs that you love. Which is why this section is dedicated to you, The lovelies of this lesson <3
Your local Walmart - Walmart actually has a check cashing service that they charge $3 for if your check is under 1000$. Insanely useful, as well as painless.
Local loan sharks - You know those places you pass by that have those cancer inducing banners like "GET APPROVED NOW!!!" They actually double as check cashers if there are no Walmarts nearby you. Some have more expensive cashing fees than others but shop around! Also because this is a private establishment you can use a faked address when you have to verify your identity to them. And if they ask you why it doesn't match your ID just tell them "I just moved and havne't gotten the address changed yet.
Google for a local service - If you don't have any of the above two then just google "check cashing services and something is bound to come up. People are greedy fucks and chances are someone will have a way to help you cash your money.
Secondly, I'm going to go over the basics of buying Bitcoin and how to do it right.
"but aediot i already have my 4-tier identity verified bitcoin exchange account, I don't need to listen to this!"
I'm only going to express this once, but if you have to USE your BANK to buy BITCOIN then you're already missing the entire point and may as well not even bother at all.
And furthermore if you're FORCED to VERIFY your IDENTITY for BITCOIN in like 4 different ways. Then you're doing it wrong.
Instead what you want to be doing is using services such as https://localbitcoins.com which has a thousand way to purchase Bitcoin online that don't involve a bank. And in multiple currencies too.
And if you're lucky someone nearby via that site is selling them and you can just meet up in a public place IRL without the need for any identity verification whatsoever and you'll be able to trade at the current market value.
This is honestly the BEST way to do it if you can.
When it comes to the options available to you for buying Bitcoin via trade sites the options are almost limitless.
You can even trade Bitcoin directly for paypal mycash codes which works with the Bill method listed above with paypal.
Another option to trade Bitcoin with is #bitcoin-otc which is a channel on freenode that allows for even more anonymized Bitcoin trading via things like Giftcards and whatnot.
Though it does require some setup, it's well worth your time if you plan on trading in the long run.
You can check out their instructions on their site here: https://bitcoin-otc.com
And lastly one method you can use which is relatively new, though I can say from personal experience that it seems solid and hasn't let me down so far is Bitsquare.
Bitsquare is a decentralized Bitcoin exchange that runs automatically through the Tor network. Identity verification is not required and you don't have to trade with your bank.
Works just like localbitcoins and bitcoin-otc in terms of what you can trade for.
Their website can be found here: https://bitsquare.io
So like I said, the point of not using exchanges and trading semi-anonymously with other users directly is tht you don't have the fed diggin through whatever Bitcoin Exchange database and seeing when/where/who has bought Coin.
And as a little bonus I'm going to be showing you a few places that you can spend your freshly earned coin for everyday services and goods directly without the need for converting to cash via the sites above.
Gyft (https://gyft.com) is a site where you can purchase hundreds of virtual gift cards 100% anonymously using Bitcoin.
It has cards for places like Walmart, itunes, Amazon, Target, and even Dominos + Burgerking.
As well as dozens of resturants.
Cheapair (https://cheapair.com) Can be used to pay for various airlines and hotel bookings all with Bitcoin!
I've personally used them when I had to fly out to Defcon last year and have even used it for out of country flights.
Tigerdirect (https://tigerdirect.com) You can get a shit ton of cheap electronics here if you're a techie. Their product range is essentially everything you can get on amazon though you can pay with Bitcoin directly instead of a giftcard.
Though if you find something cheaper on amazon you can just purchase cards via gyft for it and itll work all the same.
Now we move on to the most important aspect of owning a Bitcoin wallet.
Actually securing the fucking thing.
Now the blessing of Bitcoin is that security of your money relies entirely on you. For any of my lovelies listening on this lesson that may sound daunting, and my heart goes out to you.
So I prepped this section to show you how it's basically the easiest thing ever when you do it right.
This is going to be split into two mini-sections, the first being for people who have a budget to spend on securing your coin.
And the second for people with no money and still want security.
For my broke lovers out there, you'll unfortunately have the task of compartmentalizing your wallets.
You're going to want to generate two wallets to ensure maximum security.
One for spending and trades, and another for stashing.
As far as what information you share with each wallet, the spending account is going to be an account that's O K if the government knows you use.
The idea for the stash wallet is that nobody will know who owns it.
No government, no corporation, and no friend.
The practice is that any time you need to withdraw your Bitcoin for a trade on localbitcoin/bitsquare/bitcoin-otc or whatever else.
You mix your coins through a Bitcoin tumbler and that wtihdraws the mixed coin from the stash account to the spending.
As for what wallet software you should use for the two wallets, I would advise your spending wallet be a blockchain wallet (https://blockchain.info) and your stash wallet be electrum (https://electrum.com) that you store on an encrypted usb using something like veracrypt (https://veracrypt.codeplex.com)
Bitcoins come out of stash wallet -> bitcoins get mixed -> mixed bitcoins go into trade wallet
Though I'll touch on those soon.
You also want to seriously consider storing your recovery seed in a remote location and written down on something like a piece of paper.
For anyone unaware of what a recovery seed is.
It's essentially a long combination of words that act as a private key for your wallet which is automatically generated for you everytime you make a new Bitcoin wallet.
It looks like this:
seed dream market covet love instinct favor act nerd dweeb food drink
Cept 12 - 24 characters long.
Or in other words an Ultimate password.
If you lose access to a Bitcoin wallet and have the recovery seed located somewhere, you can simply download something like electrum and import the seed into there.
As for my rich pimps who have a little $ to spend on this nonsense your job is a lot easier.
You can just go out and buy a hardware wallet that does all the heavy lifting for you. A few of which I'll go over.
Ledger wallet (https://ledgerwallet.com) lets you create multiple (yet seperate) wallets within the same software such as spending, savings, stash, or whatever else.
IN addition it helps you a lot with anonymization because every time one of the accounts recieves coin via one of the wallet id's it generates itll automatically give you a brand new wallet id.
Anonymizing each and everytime you recieve coin from a new person.
Nobody will know it's you, unless you tell them.
It also helps keeps around the past wallet Id's in case someone sends you coin by accident, so don't worry about money loss.
Though a few other projects exist as well such as (https://bitcointrezor.com) and (https://keepkey.com) which are hardware
wallets with essentially their own OS inside.
The private keys never once touch the computer you run it on meaning you can bring it around with you and you are safe wherever you want to manage your coin.
All that said though.
You still want to keep a remote backup of your recovery seed somewhere that isn't in your house in case something happens to your house or your keepkey/trezor/ledgerwallet and you're not able to get it back.
And it should be HIGHLY noted that you remember to channel all of Bitcoin wallet traffic through a VPN or Tor so they can't trace it back to an IP address with your name written on it.
And lastly, we get to mixing your coin.
At the time of writing these are the three best methods I can advise to you.
My personal favorite is bitblender (http://bitblendervrfkzr.onion/) as they have been around the longest and have never personally let me down or taken coin from me. There was one case where I lost my coin in one of the transactions (a good chunk of it too) and the bitblender staff had actually helped me recover it even though it wouldve been super easy for them to just ignore me and keep the money.
Another one I hear glowing reviews about is HelixLight (http://grams7enufi7jmdl.onion/helix/light) via Grams.
For anyone unfamiliar with Grams they're essentially a group of people trying to be the Google of Darknet.
They have things like a search bar and whatnot for searching markets all at once, and I personally think their work is interesting.
But more importantly their Bitcoin mixer is solid and I give it a reccomendation.
Now additionally if you don't want to have to rely on a Darknet site to tumble your own coin for you then there's an option like joinmarket (https://github.com/JoinMarket-Org/JMBinary) which runs off your computer and uses CoinJoin to mix with other people.
I've personally never used it so use at your own risk.
"But aediot I don't need to mix my coin using some service because I dont trust them!!!!!! I do it all myself by pushing it through 10 wallets I own before reaching my personal!!!!!)
^Let me address this shit.
First of all, trust them to do what. Exactly?
It's not like your private keys are hitting their servers so they can't rob your Bitcoin wallet or anything first of all. And secondly the most they could possibly do is just take the coin you wanted to mix.
Though if they did that word would spread like wildfire and nobody would use them.
If you don't feel any of my references are fine then try it out for yourself with like 5$ in Bitcoin and see if they rob you.
I've put quantities of Bitcoin into bitblender alone (at once mind you) that's the equivalent to what most of you make in a single year.
Not once have I had my coin taken, and it arrived in all the wallets I told it to go in.
And if you're worried about "oh well they could just mix it badly so they can have the feds track it"
There's this amazing little thing called "Taint"
Each wallet has what's called "Taint" which is actually nicely and colorfully displayed via blockchain that shows you which wallets have touched which wallets.
Like here for example: https://blockchain.info/taint/1dice6GV5Rz2iaifPvX7RMjfhaNPC8SXH
So it's entirely possible to see if a Mixer did it's job right.
So don't hit me with that "I don't trust them" nonsense because I'm going to point and laugh at you.
The entire point of tumbling your coin is that you're mixing it with OTHER users Bitcoin.
THAT'S what destroys the taint from your wallet, other users coin.
It is impossible to tumble coins that only you own alone.
I would advise that you use the transcript when it's up as a reference point for any services or things you missed for the future so you have a quick access of links.
If you have questions you can reach me over Email / PGP with my key here: https://keybase.io/delevrything and my email being firstname.lastname@example.org