California Approved Handgun Safe
How online black markets work (bitcoin + Tor)
From csoonline.com:
Corporate investigator Brandon Gregg looks at how bitcoins and Tor make anonymous black markets tick
by Brandon Gregg, CPP, CSOApril 30, 2012The internet is no stranger to crime. From counterfeit and stolen products, to illegal drugs, stolen identities and weapons, nearly anything can be purchased online with a few clicks of the mouse. The online black market not only can be accessed by anyone with an Internet connection, but the whole process of ordering illicit goods and services is alarmingly easy and anonymous, with multiple marketplaces to buy or sell anything you want.
Understanding how the market thrives—unregulated and untraceable—can give you a better sense of the threats (or resources) that affect you and your business.
[Also read Gregg's 5 free tools to send anonymous messages | How to identify anonymous users online]
In our scenario we are going to legally transfer $1,000 USD out of a regular bank account and into a mathematical system of binary codes, and then enter a neighborhood of the Internet largely used by criminals. This hidden world anyone lets purchase bulk downloads of stolen credit cards, as well as a credit card writer, blank cards, some “on stage” fake identities—and maybe even a grenade launcher they’ve had their eyes on.
A journey into the darker side of the Internet starts with two open-source programs: Bitcoin and the Tor Bundle.
Moving Money
Bitcoin (www.bitcoin.org) is system tool that will act as a personal bank for storing and investing digital currency on your computer. Once it’s installed on your system, it sits empty like a piggy bank, waiting to be filled with untraceable digital cash.
Getting it filled is the tricky part.
The digital monetary system online is predominately operated by the likes of Paypal, Western Union, and banking companies that try to follow government regulations to prevent fraud and money laundering. There are two steps to legally take money and have it converted at the current Bitcoin rate into BTCs in our digital and anonymous bank.
Start by opening a Dwolla (www.dwolla.com) banking account with no fees. You can use your real information—you aren’t doing anything illegal. In about three days you will be given a fraud test and have to identify small transfers in your Dwolla and personal bank account. Once your account is confirmed, wire any amount from your personal bank to Dwolla from a lump sum or the estimated price of your purchase you have in mind. After you confirm the transfers, your legit money will now be stored in a new global bank with less restriction than US banks.
Next you need to set up an account with the largest bitcoin exchanger, MtGox. Due to fraud concerns, MtGox will only allow transfers from banks like Dwolla.
After your Dwolla transfer moves to MtGox, you can use the money to purchase Bitcoins on the open market for a small percentage-based fee. Once this sale is complete, your bitcoins are best stored in your own bank account that is residing digitally on your computer.
The whole process can be completed in less than a week, and the $1,000 USD is now exchanged to $191 BTC. Now you are ready to go shopping on the black market.
Finding Markets
The conversion of dollars to Bitcoins was legal and relatively safe. Actually engaging in black market shopping, though, connects you to various kinds of illegal activities. We’ll continue our walkthrough but we are NOT endorsing these activities.This information can help security professionals understand how stolen identities and credit cards are used, how products are fenced or distributed illegally, and more.
Clearly anyone engaging in black market activity wants to remain anonymous. So the next step in black market shopping is to download and open the Tor Bundle Pack (https://www.torproject.org/).
We have touched on Tor two or three times to protect your identity while online, but Tor includes other functions. Developed by the US Navy for secret communications and now used to circumvent blocked websites at offices across the country and to inspire Arab Springs, TOR has a darker cousin: Hidden Tor Servers.
The same random spider-web routing of Internet traffic that hides an end use’s IP and location from any prying eyes can hide server locations too.
Hidden Tor Servers are now the norm for storing, accessing and hiding illicit activity such as child pornography. The level of protection provided by Tor makes law enforcement’s job tracking such activities next to impossible. (Interestingly, the hacktivist group Anonymous has recently brought attention to such evil servers by controlling them as DDOS servers against some of their targets, including law enforcement and government groups. If the CIA is struck with a DDOS attack, the agency suffers but also, in investigating the source of the attack, discovers the child pornography and hopefully cracks the pornography ring.) Hidden Tor Servers are likewise home to much black market activity.
Where does one find “the black market”? What does it look like? Of course, Google search answers these questions easily. Using your Tor browser (which, yes, is much slower than a standard browser) search for “Tor Directories”. These websites offer a collection of Tor’s hidden web pages for all kinds of storefronts. Here you will find websites similar to the Yahoo’s early days, categorizing storefronts including Drugs, Weapons and other illegal goods and activities. If the directory (or store) is listed with a standard .com or .org domain, it will open in your standard browser; if it ends in .onion then it means it’s a hidden server only viewable on the Tor browser.
One example is the Nobody@Zerodays website (nobody.zerodays.org/hidden-directory/), which offers reviews and direct links to current Hidden Tor sites. In our scenario we are going to check out the Black Market Reloaded and look for the current price of some credit cards and tools.
Using Tor you can quickly jump to the Black Market Reloaded website, register (no real information needed), and start shopping. As on Amazon, sellers show off their products with details, pictures and pricing, including feedback collected from past buyers. On a given day in April, current pricing for bulk credit cards is running at $6.5 BTC with great seller feedback. One seller advertises:
“All of our Products are coming with full given Information. That means: All needed information like cardnumber, security code, expiration date, name, address, city, state, zipcode, country, phone, SSN, DOB, security question etc. is given. Also Track 1+2 data and PIN. All CCs are checked and have a minimum Balance of 1000¬/$, and most of them are from an EU-Country. We also have US-Cards, but it’s easier to cashout the money at ATMs (/buy virtual money online/link the CC to PayPal) with european ones.”
A “Credit card reader/writer, HiCo/LoCo, all ISO complete” is going for 76.60350 BTC (or $366.63 USD at the time of our exchange) and there are also a handful of unregistered handguns, including a brand new M9 Tactical handgun with an illegal silencer, unregistered of course, for 225.00000 BTC or $1,076.87 USD.
Anyone who executes these purchases via anonymous bitcoins will leave no trace of the transaction. All users can send data via Hidden Tor email servers, or ship physical items like drugs and weapons with the US Postal Service to prevent any searches without a warrant. When shipments come from within the US, the illegal goods are likely to arrive at the right mailbox without incident. For those who want an added layer of protection—say in the event that good are being shipped from outside the US—many people in the “Services” section of this site will buy and/or receive items on your behalf using their own bitcoins and addresses, and then remail the goods to you, for a small fee.
(Also, some users of these sites will offer to sell you bitcoins via Paypal so you can skip the two banking steps above and jump right into buying your goods; there is of course no guarantee that you will receive your bitcoins after giving up your cash.)
Tor’s Hidden Servers provide a real insight to an underground world that once was limited to dark alleys, shady places, and dangerous criminals. Much like the Internet has expanded our e-commerce into a borderless global market, bitcoins and Tor have made shopping for illicit goods and services almost as easy as ordering an iTunes song on your computer.
As a reminder, most of the purchases described here are illegal and/or dangerous. While it’s extremely difficult to identify the individuals involved without additional intel, law enforcement personnel and corporate investigators can use these processes to keep tabs on the flow of stolen, counterfeit, or diverted goods.
If these transactions are being executed on your corporate network, that activity can expose your organization to legal and other risks. While network logs will not show the Tor websites, software audits for programs like TOR, network sniffing of actual traffic, computer monitoring and computer forensics can show employers who is using TOR sites and what they are doing.
Brandon Gregg is a corporate investigations manager.
The Tor Project’s New Tool Aims To Map Out Internet Censorship
From Forbes.com:
For years, the non-profit Tor Project has offered Internet users the world’s most secure tool for dodging censorship and surveillance, used by tens of millions of people around the world. Now two of the project’s researchers aim to help users to not only bypass what they call the “filternet”–the choked, distorted and censored subset of the Internet–but to understand it and map it out, the better to eradicate its restrictions.
Tor developers Arturo Filasto and Jacob Appelbaum are the co-creators of OONI-probe, an early-stage open-source software tool designed to be installed on any PC and run to collect data about local meddling with the computer’s network connections, whether it be censorship, surveillance or selective bandwidth slowdowns. OONI, their acronym for the Open Observatory of Network Interference, aims to “show an accurate topology of network interference and censorship,” as Filasto and Appelbaum describe the project in its documentation. “Through this topology, it will be possible to see what the internet looks like from nearly any location, including what sites are censored or have been tampered with.”
Machines running OONI-probe run diagnostics like cycling through a list of website URLs or keywords to see which are blocked or filtered; A typical test checks the top one million Alexa-ranked sites, a process that takes close to a week. Or a collection of remotely networked machines running the software–linked together to create what Filasto and Appelbaum call the “OONI-net”–can run experiments that follow the path data takes to and from the test machines to check for filtering or slowdowns.
Tor’s OONI project, funded in part with a grant from Radio Free Asia, isn’t the first to monitor and measure Internet censorship around the world–other projects like the Open Net Initiative, the Berkman Center’s HerdictWeb and Google’s Transparency Report all aim to spot censorship and Internet slowdowns. But unlike those projects, OONI uses only open-source software and plans to make the raw data gathered by its tools public and accessible to any researcher.
“This came from a bit of disappointment over the fact that all the existing tools out there for monitoring censorship were either not using open methodologies or not making their data available,” says Filasto, a 21-year old computer science student at Rome’s Sapienza university. “Our goal with OONI is to build that open framework, so that researchers can independently prove that the methodology is valid and repeat the tests.”
Anyone can volunteer to run OONI-probe, and the data from the software’s tests will be collected on OONI.nu for analysis. Filasto says the project has also partnered with M-Labs, a research spin-off from Google that runs software on servers around the world aimed at measuring the Internet’s flow of data and detecting anomalies.
Filasto warns that the software is still in an early stage of its development, with no easy user interface and lots of “ugly” code. But it’s already helped reveal undocumented censorship in real cases. On a recent trip to the U.S., Filasto discovered that his prepaid T-Mobile phone ran software called “Web Guard” that blocked certain sites based on what it says is violent or sexual content. But after connecting his phone to a PC with a USB cable and running OONI-probe on it, he discovered it also blocked access to everything from a British financial advice site to a 9/11-focused conspiracy site, to a Japanese URL shortening service.
Last week, the Palestinian news agency Ma’an used OONI-probe to reveal that the Palestinian Authority was demanding that the local Internet service provider censor access to opposition political sites and news sites. The Palestinian Authority minister responsible resigned three days later.
George Hale, the reporter for Ma’an who exposed the story, says he suspected the Palestinian Authority’s censorship before he used Tor’s tool, but that by showing that only political sites were inaccessible, Ma’an was able to prove that the blockages were politically-motivated, not random. “We found the [censored] sites through guesswork and interviews with government officials, but the OONI probe was really important for the opposite reason,” says Hale. “By confirming these were the only sites [blocked], it made the politically motivated effort that more apparent. And this helped point us to the likely culprit.”
The Palestinian example shows the value of Filasto’s and Appelbaum’s more scientific approach to the problem of censorship–collecting comprehensive data rather than piecemeal anecdotes about what’s being blocked online. “It’s based around the concept of experiment and control,” says Filasto. “Experiment on the network you wish to measure and compare it with the control, which is your expected results. If there’s a mismatch, it’s likely a censorship event is happening.”
Check out the OONI project here.
Why Your Password Strategy Stinks and What To Do About It
In this week’s radio show we discussed how to manage and secure your passwords. My special guest was “Secret Agent Man”. You can hear the show here:
Click here to download in .mp3 format
Here are some links discussed on the show:
How to Build a (Nearly) Hack-Proof Password System with LastPass and a Thumb Drive
Gun carrying man ends stabbing spree at Salt Lake grocery store
From ABC4:
SALT LAKE CITY (ABC 4 News) – A citizen with a gun stopped a knife wielding man as he began stabbing people Thursday evening at the downtown Salt Lake City Smith’s store.
Police say the suspect purchased a knife inside the store and then turned it into a weapon. Smith’s employee Dorothy Espinoza says, “He pulled it out and stood outside the Smiths in the foyer. And just started stabbing people and yelling you killed my people. You killed my people.”
Espinoza says, the knife wielding man seriously injured two people. “There is blood all over. One got stabbed in the stomach and got stabbed in the head and held his hands and got stabbed all over the arms.”
Then, before the suspect could find another victim – a citizen with a gun stopped the madness. “A guy pulled gun on him and told him to drop his weapon or he would shoot him. So, he dropped his weapon and the people from Smith’s grabbed him.”
By the time officers arrived the suspect had been subdued by employees and shoppers. Police had high praise for gun carrying man who ended the hysteria. Lt. Brian Purvis said, “This was a volatile situation that could have gotten worse. We can only assume from what we saw it could have gotten worse. He was definitely in the right place at the right time.”
Dozens of other shoppers, who too could have become victims, are also thankful for the gun carrying man. And many, like Danylle Julian, are still in shock from the experience. “Scary actually. Really scary. Five minutes before I walk out to my car. It could have been me.”
How Apple Sidesteps Billions In Taxes
From contracostatimes:
How Apple Sidesteps Billions In Taxes
By Charles Duhigg and David Kocieniewski
New York Times
Posted: 04/28/2012 07:06:20 PM PDTRENO — Apple (AAPL), the world’s most profitable technology company, doesn’t design iPhones here. It doesn’t run AppleCare customer service from this city. And it doesn’t manufacture MacBooks or iPads anywhere nearby.
Yet, with a handful of employees in a small office in Reno in a company subsidiary named Braeburn Capital, Apple has done something central to its corporate strategy: It has avoided millions of dollars in taxes in California and 20 other states.
Apple’s headquarters are in Cupertino. By putting an office to collect and invest the company’s profits out of Reno, just 200 miles away, Apple sidesteps state income taxes on some of those gains.
California’s corporate tax rate is 8.84 percent. Nevada’s? Zero.
Setting up an office in Reno is just one of many legal methods Apple uses to reduce its worldwide tax bill by billions of dollars each year.
As it has in Nevada, Apple has created subsidiaries in low-tax countries such as Ireland, the Netherlands, Luxembourg and the British Virgin Islands — some little more than a letterbox in Luxembourg or an anonymous office here — that help cut the taxes it pays around the world.
Almost every major corporation tries to minimize its taxes, of course. For Apple, the savings are especially alluring because …continue reading
Be Your Own Bank: Bitcoin Wallet for Apple
From Forbes.com:
Be Your Own Bank: Bitcoin Wallet for Apple
Have you ever wanted to be your own bank? There’s an app for that. With the new Blockchain bitcoin wallet for Apple’s iPhone, iPad, and iPod touch, anyone can emulate the functionality of a bank. Simply download the free app from the App Store and you have a fully-functioning send and receive online wallet that allows value transfer without the need for a bank or other financial intermediary. This is the proper path to a cashless society!
Blockchain.info is an offering from UK-based Qkos Services Ltd. that provides online wallet management services and real-time data analytics from the bitcoin block chain. Run by Ben Reeves, the small company has released several reliable services and products for the thriving bitcoin community including charts, statistical data, the web-based My Wallet, an Android wallet app, and most recently an impressive bitcoin wallet app for Apple’s iOS.
The reviews coming in so far are excellent. “Welcome to the future. This is going to change the game,” writes one app user. Blockchain has combined powerful payment functionality with ease-of-use and an aesthetically pleasing interface. “The pace of innovation in the Bitcoin-related space is accelerating — something that could be revolutionary even, considering it all comes from participation by individuals as there is no corporation or industry group overseeing Bitcoin endeavors,” observes the BitcoinMoney blog.
Apple has long had their eyes on the lucrative mobile payments space strategizing on an entry point. This non-dongle iPhone app is especially important now that the ‘dongle wars’ have heated up between Apple mobile payment competitors Square and PayPal. Ironically with mountains of existing iTunes customer accounts, Apple could find itself in the best position to capitalize on a robust cash-like ecosystem that completely bypasses the banks via apps. If they chose to do so, Apple could quickly become the premier bitcoin exchanger for retail.
Company founder Ben Reeves explains, “The beauty of bitcoin is that it’s fully decentralized — no government or corporation can block payments or revoke accounts. My hope is that this app allows bitcoin to reach a more mainstream audience.” The company also plans to release an SDK (Software Development Kit) which will allow developers of iPhone apps to accept bitcoin payments in their own apps. Interviewed for this article, Reeves said that Apple wallet downloads have been averaging about 250 per day which should allow it to quickly surpass the number of downloads for the Android version.
So, what’s new for Apple users worldwide? Firstly, financial privacy is paramount and it’s protected by requiring only a password as identifying information and by shielding your Internet location from the network. International payments are now free without using credit cards and without the risk of chargebacks. Transactions are received in milliseconds and they become irreversible within a hour. There is capacity for up to 400 bitcoin addresses so you can open new bank accounts and instantly receive deposits at the touch of a button. Addresses are clickable to display a QR code and you can also scan QR codes to make payments. Keys are stored securely on your phone and encrypted on Blockchain’s servers so if you lose your phone, no sweat — you’re protected.
Empowering your own monetary future has never been so accessible. I might even wait in line to purchase the new iPhone 5.
HOT! – Video: NSA Whistleblower interviewed
This video from DemocracyNow.org is part 1 of 4. Watch the first video here:
This interview is part of a 4-part special. Click here to see segment 2, 3, and 4.
Bill Allows IRS To Revoke Second Amendment Rights By Stealth
From PrisonPlanet.com:
Daisy Luther
Infowars.com
April 24, 2012It looks like the power of the IRS to revoke passports is merely a drop in the tyrannical bucket.
The Senate has voted to approve Bill 1813, which is now on its way to the House. The insidious bill has so many attacks on freedom that the most serious one has been largely overlooked.
There are two attacks on gun ownership in this bill. The text of the bill, all 1676 pages of it, can be found HERE.
The first attack on the right to bear arms is found on page 1323.
The Secretary may modify, suspend, or terminate a special permit or approval if the Secretary determines that—(1) the person who was granted the special permit or approval has violated the special permit or approval or the regulations issued under this chapter in a manner that demonstrates that the person is not fit to conduct the activity authorized by the special permit or approval; or (2) the special permit or approval is unsafe.
In the ambiguous language that the Congress so loves to employ in all things unconstitutional, we can translate that to the parental favorite, “Because I said so.”
The second attack on gun ownership is more subtle.
There is a stream of logic that you have to follow.
First, if this bill passes, the IRS will have the authority to take away the passports of those whom they say owe more than $50,000 in taxes. (The tax debt doesn’t have to be proven, mind you, the IRS simply has to accuse you of owing the money.) You can find this section on page 1447 of the Bill.
When your passport is revoked by the government, you are suddenly on the “no-fly list”.
Membership in the no-fly club puts you on yet another list, as a potential domestic terrorist.
Domestic terrorists are not allowed to have guns.
Don’t believe me? Listen to Raul Emanuel gloat of it. He eloquently states “If you are known as maybe a possible terrorist you cannot buy a handgun in America.” (1:13 of the video)
Emanuel, the Mayor of Chicago and former Obama Chief of Staff, makes the top of my personal treason list for this statement. In his own words, “maybe a possible terrorist” means you shouldn’t be allowed the rights guaranteed to you as an American. No proof necessary.
Bill 1813, ”Moving Ahead for Progress in the 21st Century Act”, is chock full of new ways to take away our personal freedoms. The bill would require “stalker boxes” on our vehicles, puts a huge number of restrictions on travel and transportation within the US, allows the government to revoke documents and licenses in ambiguous language and is, in essence, nearly 1700 pages of new restrictions. (You can find a summary HERE if you don’t want to read all 1676 pages).
A Call to Action
Did your Senator vote for this bill? There’s a good chance he or she did, as only 22 Senators voted against it. You can find out how your senator voted HERE.
The bill was sponsored by Barbara Boxer (California) and co-sponsored by Max Baucus (Montana), James N. Inhofe (Oklahoma), and David Vitter (Louisiana). For your convenience, I’ve included links to the contact information for each of these Senators. Be sure and send an email to let them know how you feel about this new attack on freedom.
Email your Representatives and make it very clear that you consider this Bill an act of treason against the Constitution. This directory contains email addresses and contact information for all members of Congress.
Every bill that goes through Congress right now appears to hold another threat to the Constitution (if not multiple threats). Every word needs to be carefully analyzed so we can fight these attacks.
Daisy Luther’s blog is Inalienably Yours.
Bitcoin Accepted Here
BARTERCOIN Accepted Here
