gAtO sEe - that in todays world getting a corporate profile for an attack plan has become easy thanks due to their own fault. This leads down the road to ruin corporate reputation, stolen IP-Intellectual property, competitive advantage and loss of data. Of course for social activist, criminals, competitor and national governments who use the technology against them to make available unhidden access to your networks. How?
Metadata Information leaks by the corporation and their employees. According to retrieve information and the metadata in company documents 71% of Forbes 2000 companies may be using vulnerable and out of date version of Microsoft Office and Adobe software that allows hackers to Identify —>
Usernames – emails addresses network details and vulnerable software versions to implement a Advance Persistant Threat (APT).
Metadata in documents that your company distributes constitute information leaks and it can provide all kinds of information to any attacker. The high tech sector publishes more documents across websites than any other industry. Something else your employee on LinkedIn give all kinds of information about your company and your plans, even employment adds can help a potential hacker know what you are doing and maybe design the APT geared towards that subject.
Remember todays cyber attacker have support from lot’s of eye’s and ears, like hacktivist they have many people that can scan your website and look for information that can help the attack. You have 3 different attack vectors to worry about today:
IP based attacks
Corporate American take care of your metadata or it will bite you hard -gAtO oUt
gAtO rEaD -the FBI leaked an unclassified report 24 April 2012 Intelligence Assessment “BitCoin Virtual Currency: Unique Features Present Distinct Challenges for Deterring Illicit Activity” : – http://cryptome.org/2012/05/fbi-bitcoin.pdf – At that time BitCoins (BTC) were going about $4.25 USD per coin
as of Sun: Jun17 2012 it trading at$6:26714 a high of $6.52999 and low of $6.22130 check out – https://mtgox.com/ — and going up to $30 USD by Christmas
All that glitters is gold and he’s buying a stairway to heaven – with BitCoins mAyBe -sI -nO – more info in our new upcoming book about “The Deep-Dark Web” -
What are BitCoins -
Bitcoin is a new digital currency. By using proven strong cryptography, a new currency has been created for the internet. One of the key features of Bitcoin is that it is an open system with no person or authority that governs the system. This means that you can treat it like cash: nobody can freeze your account, no chargeback’s, complete transparency and more.
This new currency opens massive opportunities for the internet.
GaTo use to support wall street back in the day from 1 New York Plaza. overlooking the Battery Park. Those were the day out of the windows we could see traders coming into the park at lunch time and score there powdered lunch from the locals but that’s another story… these traders will take a look at BTC and once they get a whiff of the virtual money they will strike and it looks like the commercial criminals are already doing it.
Hal-Cash – from Russia with Love—Video – Market to Latin America
Here is an add for selling 100% anon visa cards with loaded BitCoins or whatever currency you want on them – by the way there are opportunities for -Now Hiring – money Mules and Drop Shipments scams for any sucker that want this kind of job- your a fool to buy this in my opinion they can sell you loaded Visa Card on one hand and Selling 100% Valid CVV and dumps of these card I assume but I’m a paranoid gAtO – I may be wrong – don’t try this at home kiddies—//
BitCoins are coming up and they are replacing the new fiat currencies especially in EU why because of the current problems in Greece and Spain – Below I added a list of -Ways to get bitcoins… – As you can see if you go to these they are scams for Gamblin and all kinds of underworld stuff- BUT how many people play -Online Poker and other gambling games. Oh and these are all in the ClearWeb – Yes the evil Internet not the ToR-.onion network ..
Now the -gAtO fUnnY- part is you can go to 7-11, Wallmart and just about anyplace and buy into this new currency so it’s not illegal to use these currencies but maybe it’s me gAtO is to dumb to use these but many, many merchants are now accepting all these new online currencies – so maybe it’s not so
stupid If someone wants to buy my- 1972 Action GI Joe Doll why shouldn’t I let them pay in BitCoins or any other currency -
Now as you can see this is a boom to criminals to laundry their cash – but they been using FarmVille and other games to laundry money why not use this new untraceable money. I will leave the crime stuff for anther posting but I just wanted to give you all a taste of what is going on and what can happened with your money - gAtO oUt
Greendot and other Reloadable debit cards can be used in an attempt to allow for anonymous financial transfer between customers and vendors. Vendors need to cash money out. They can accomplish this by setting up Greendot cards with stolen identities and getting them shipped to mail boxes set up with fake identification cards. Customers need to load money in. They can do this by going to any store that sells Greendot reload paks. Customers merely hand the clerk some cash and in return get a cardboard card with a load number on it. The customer can transfer this load number to the vendor via an encrypted and anonymous channel. The vendor then applies the loaded funds to the card via the internet. The loaded funds can then be cashed out at an ATM.
These cards should be viewed as financial networks. The financial information consists of the traffic and the cards are the nodes. Reloadable debit card networks have a high degree of cross network contamination. One additional network involved is the mail system, the vendor is required to have the card shipped to a physical mail box. This may not be particularly risky due to the fact that it is unlikely the card is being watched at this point as no customers are aware of it yet. However it is important for vendors to remember that the reloadable debit card company will keep their box information on record. Another network the vendor needs to utilize is the telecommunications network. Vendors are required to talk over a telephone to activate the card. The risk inherent in this can be minimized if the vendor uses a burner phone. Vendors are also required to make an initial visit to a store in order to obtain their temporary card prior to being mailed one. They will likely be recorded by CCTV cameras. Customers also have to worry about CCTV cameras as they must hand money to a clerk in a store. Customers can not take adequate measures to disguise their identity during this process as there is direct human interaction.
Reloadable debit cards have a distinct disadvantage of being highly centralized. Vendors tend to have many customers send funding to a single centralized card. This means that a single compromised customer can compromise the Greendot card of the vendor. The only way to prevent this is for the seller to use multiple Greendot cards, one for each customer to be perfect. This is not very feasible.
If a malicious customer identifies the card of a vendor it is possible for network analysis to map out the financial network involved with this buyer. Records are kept of funds being transferred from a reload pack into a cash out card. The time and location of reload pack sales that are used to fund cash out cards can be determined. A single compromised customer can use this information to gather video surveillance of every single person who has loaded funding to the card of the seller. This may not hold up as evidence by itself but it is strong intelligence indicating that a person who has sent funds to a vendor is in fact a drug customer.
Greendot and other Reloadable debit cards are not a safe means of conducting anonymous financial transfer. The financial networks created by these cards are very prone to network analysis. There is an unacceptable amount of cross network contamination for vendors. The load points for introducing finances into the network are also under too much surveillance.
Customers can out source the purchase of reload moneypaks. Good solutions may include utilizing bums and transients.
Vendors should avoid Greendot type reloadable debit cards. If they are used they should be highly compartmentalized (different cards for different groups of people). Compartmentalization is not possible in all cases though. Remember, if a single customer is malicious they can compromise the entire compartment. This puts customers at risk as well!
Greendot cards are prone to being frozen. Triggers include typical patterns associated with narcotics trafficking; cashing out very soon after cashing in, getting payments from diverse geographic areas (geographic based compartmentalization of customers is suggested), particularly large amounts of money going through a card in a short period of time etc.
Western Union and Moneygram money wires involve a customer sending funds to a vendor over the WU or MG financial network. Customers must go to a location that offers one of these services and hand money to a clerk. Depending on the country of the customer they may be required to show identification for any amount of money. In all locations identification must be shown for amounts of money over a certain limit, usually $500 or $1000. Customers fill out forms that are specially designed for gathering fingerprints and are usually under video surveillance.
Despite their many short comings WU and MG both offer substantial benefits over reloadable debit cards. It is easier to use multiple pseudonyms for pick up from these services, the number of pseudonyms you have is limited only by the number of fake ID cards you can get. Unlike with Reloadable debit cards vendors are not required to use stolen identities. They are also not required to set up mail boxes or make telephone calls (WU). The ability to easily use multiple pseudonyms makes it easier to decentralize and compartmentalize the financial networks. If a different fake ID is used for each customer, a single malicious customer will not be able to map out the entire network based on transaction records.
It is possible that a single malicious customer could use video surveillance and facial recognition to tie a multiple fake ID pseudonyms to a single person. After identifying the vendor in a single transaction facial recognition could identify them every time they send funding, even if they use a different fake identification document. This attack is possible but it is not likely to be used against drug traffickers at the current time.
One of the primary disadvantages of WU and MG is the fact that there are a limited number of locations a vendor can cash out from. Customers know the rough geographic area a vendor will pick up the wire from because when sending a WU or MG the city of the vendor must be listed on the form. This allows for surveillance teams to stake out a number of possible locations the pick up may be made at. These surveillance teams can be alerted when the target attempts pick up and then move in on the target. This risk is much smaller with Greendot cards because Greendot funding can be taken out from a large number of ATM’s distributed through out a wide geographic area.
WU and MG have a substantial benefit over Greendot in that they can be used for funding E-currency. E-currency can dramatically increase the security of a financial transfer.
Customers and vendors can and should use fake identification to counter the record keeping of transactions. Even if a vendor is legitimate customers may be flagged if they send large sums of money with their real identification.
In some cases question and answer can be used to remove the need for identification. If this is allowed or not is highly dependent on the particular area of the customer/vendor
Wearing gloves or avoiding finger contact with the forms can countermeasure leaving fingerprints. Using stencils to fill out the forms at a private location can counter hand writing analysis. However, video surveillance is something that can not be countered.
Note: Forms are designed to pick up fingerprints
Traditional E-currency systems (LR, PX) are relatively complex systems of financial transfer involving many companies. Usually an E-currency system is structured as follows; a main digital gold company stores gold bars in a vault and creates audited cryptographically secure digital currency units. The main E-currency company runs a website that allows owners of the currency to manage their accounts as well as send and accept funding. Usually the main E-currency company is not interested in selling small amounts of currency. The main E-currency company will usually only sell large amounts of digital currency to exchanger companies. Average users of E-currency systems only deal with exchangers and use the main digital currency company only to manage their accounts.
E-currency exchangers are located around the world and they accept payment in various ways according to their own policy. Usually E-currency exchangers have no affiliation with the main E-currency company. Some exchangers are even scammers so be careful who you work with!
To load E-currency first you need to set up an account with the parent company. It is free to do this and usually requires no identification at best or at worst easy to forge identification. You should make sure to protect your anonymity when you set up E-currency accounts, at the very least you should use Tor or similar technology to protect from network forensics. Make sure the E-mail data you register with is no tied to you in anyway and was also obtained anonymously. After you have your account set up you will be given a number which can be used to transfer currency to your account. Now you need to set up an order with an exchanger, it is suggested that you use offshore exchange services. How the exchanger accepts funding is totally up to their policy, many accept western union and some accept cash in the mail. After the exchanger gets the funding you send them they will transfer E-currency to your account minus a transaction fee. From here you can either send the E-currency to a vendors account or you can cash it out and have it sent to a vendor via another method through another exchanger. Exchangers cash in and out meaning you can not only buy E-currency from an exchanger for cash but you can also sell E-currency to an exchanger for cash.
E-currency can be seen as similar to a financial multi-hop proxy, the first hop being the exchanger and the second hop being the E-currency company. This can add jurisdictional complication to financial network analysis attacks. You must make sure to follow normal operational security procedures when using E-currency, for example make sure to use anonymizers when interacting with the digital website and use fake identification for loading currency if possible. E-currency can also be used to create highly decentralized overlay networks, further adding to security of both customers and vendors.
If a vendor accepts WU but not E-currency customers can use E-currency to send WU. After loading E-currency merely cash it out via another exchanger to the WU details of the vendor.
Vendors can decentralize their financial networks by creating new E-currency accounts for each customer. Although this is time intensive the benefits are very extreme and it is highly suggested. If every customer is presented with a different E-currency account it will make it impossible for financial intelligence to map out customer networks. A malicious customer only knows the E-currency account they sent payment to, since no other customers sent payment to the same account the malicious customer gains no useful intelligence.
Vendors can appear to accept any payment method an exchanger offers while actually layering the funding through E-currency accounts. When a customer places an order merely set up a request for funding with an E-currency exchanger and then present the customer with the funding information of the exchanger. The exchanger gets the funding from the customer and then puts it into the vendors E-currency account. This allows vendors to accept payment to any location they can find an exchanger in.
E-currency can be layered through multiple accounts prior to cashing out. It may be difficult for a legal team to prove an account that cashed out marked E-currency belongs to the same person who was sent the E-currency in the first place.
Online E-currency casinos can be used to cheaply add more jurisdictions to a trace and potentially mix the finances of the vendor with many others. If a vendor loads E-currency to buy digital casino chips and then cashes the casino chips out for E-currency to a new account it will probably make it harder for financial intelligence agents to follow the trail and can unlink accounts from each other.
Open trust networks are potentially a great way to cash out/in E-currency. Assume that Alice has obtained $10,000 worth of E-currency from her customers. Assume Alice and Bob are in a trusted relationship with each other. Perhaps Bob wants to purchase several thousand dollars worth of E-currency. Rather than go through an independent exchanger Bob may choose to send Alice his cash in return for E-currency. This allows Bob to obtain E-currency with high anonymity and also allows Alice to cash out via a trusted node. This can present a virtual dead end to financial intelligence teams. If the E-currency was watched they see it go to Bobs account but they do not know who Bob is or how he obtained the E-currency. Even if Bob paid for the E-currency via WU and was on CCTV, the agents will not know where the funding was sent from. Cashing out of this system is eventually required unless the system continues to grow (Open versus Closed). Cashing out of a closed trust network can be done by Bob ordering product from another vendor and then selling it locally.
Borrowed Bank Accounts / Underground ATM cards
Borrowed bank accounts and underground ATM cards are useful for cashing out E-currency anonymously. They are also useful for taking bank wires as a method of payment. You need to be able to get the details of a bank account as well as a skim of the magnetic stripe of the ATM card tied to the account. If you can do this, you can cash the E-currency out through an exchanger via bank wire to the account you have a card for. You can now cash the money out at any ATM the card is accepted at. If you can get the skim of the ATM card, you can simply encode it to blank card stock for cashing out with.
I suggest not to take money out of the persons bank account unless you put it in. This will reduce the chances that they quickly notice you borrowed their bank account. You could leave extra money in the account as well, the person it belongs to may be less likely to report suspicious transactions if they are afraid they will lose whatever you left behind.
There are various organizations willing to offer ATM cards capable of being funded with E-currency and cashed out with at an ATM. Some of these services are scams and others are legit. Some require identification but these can be countered with fake documents.
Mule networks can be used to help cash out funding. Obtaining a mule network is a difficult and time consuming task. The most common technique is to offer ‘work at home’ job offers. People accept the job offer and are led to think that they are working for an official company when in reality they are merely picking up money and sending it on. It is expensive to fund these networks and only very realistic for large vendors. It is possible that feds will accept such offers in an attempt to perform human sybil attacks on the networks formed.
Bitcoin is a newer type of decentralized digital currency. The underlying system of Bitcoin is quite complex and difficult to summarize. It is suggested that you go to the bitcoin website and learn about the system. There are various ways to anonymize Bitcoin transactions. As of 2011 June 14, bitcoins trade for approximately 20 US dollars per coin. A combination of Bitcoin and blind signature digital currency systems is likely the ideal way to cash in and out, however such systems are still largely experimental and developing. Additional laundry systems were available as a hidden services, however they have gone AWOL.
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college
and graduate students who want to spend the summer improving Nmap!
They gain valuable experience, get paid, strengthen their résumé, and
write code for millions of users.
Previous SoC students helped create the Nmap Scripting Engine, Ncat,
and the Zenmap GUI. Several even became top developers! But I need
your help to get the word out to top candidates. So if you know any
college/grad students (or are one) who might be interested, please
point them to our project ideas page at http://nmap.org/soc/. Feel
free to post this to any lists or forums that talented students might
read. But hurry, because the application deadline is THIS FRIDAY at
Noon (U.S. Pacific Time)! That is 19:00 UTC.
PS: We're also working on a major new Nmap release, but I'll send
details on that in a couple weeks when it is ready.
PPS: Trinity has signed up as our new Facebook cover model! You can
get more Nmap news by following us at:
In the last week so far, hackers hit the NYSE (New York Stock Exchange), hackers hit unmanned drones flying covert and military operations around the world. The U.S is still on hold why because we need to know the legality of retaliation against a cyber attack on another country. You can bet your booties that the U.S has some pretty strong cyber weapons but when can they be used. If we use our new cyber weapons the others will see it and they can learn how to avoid it or plan around them. Just like in conventional weapons we keep the good stuff locked away until the day we need it. But other countries are watching us so if we launch an attack like the one we planned in Syria then other can do the same. By others I mean China, Russia Iran and India. Why include India in this mix is because India is unlike China but the same. India has a wealth of top notch brain power. India is now emerging as a power house in the cyber world. In some instance they are just elementary like a power station with all it’s control hooked up and accessible via a simple Google search.
Virus coming to a Computer near you
India is a great Nation but it’s still has masses of people living in a third world setting while others enjoy the 21st century living. Side by side you have a middle class home next to a shanty town and that cannot stay that way forever. India is a powerful cyber center of the world. It started with call centers and it’s evolve with new companies doing more and more innovation in the cyber arena. China is hitting India left and right for a reason. China has some personal reason for attacking countries like Taiwan but India is just for the technology that they have. More and more cyber experts are coming out of India than ever before. All it takes is one good computer researcher to start the attacks going and then blame whom ever you want.
The U.S needs to stop this slow pace of change and adapt to the cyber realm that swift change is the only thing that can save America in cyberspace.
Cyber warfare is one form of espionage that is currently being waged between the U.S. and China. In the event of a full-scale conflict, how would this war be fought, and who would win the war? - David Wise (of big think) an intelligence expert does an excellent job of explaining the 5th Battlefield CyberSpace. David explains who has an upper hand in this US vs China Cyberspace battle. The United States is well aware of it’s own vulnerable infrastructure our electric grid, our communication networks and aviation grid. We as other governments are a highly industrialized society. China is becoming more and economic power so they in turn are vulnerable. China has been involved in hacking over 33 different companies in the US. The US is doing some of it’s own hacking we we don’t hear about it because were dam good. (The State department released that CHina’s SCADA system has major security problems).
David does make it clear that we don’t know who these hacker are sometimes a kid playing in his bedroom or a national government in Estonia making belive there in CHina or any other place. It easy to hide in the internet. This makes it difficult to say “Yes” it the Chinese government doing this and that we can’t be sure. David and I agree that dealing with China a communist country is difficult. China is a growing economic power base it need Cyberspace to grow. China is enjoying the money and its need to keep the Internet open to do business, this will also enable it’s people to become free in cyberspace.
This is an excellent Video David Wise is great. –my 2 cents- gatomalo