Making lots of money, anonymously.
Bob (Uniter) @ *.jews.cc
Quick Shoutzzzz:
Chrak, Intervention, Etruscan (Nacs), Weev, nc (rx?!), nc's momz (hot),
C, DiabloHorn
Bantown (Internet Mayhem forever?)
C0replay (Hi)
CDEJ (LOL.)
PTShamrock (Send me free ATM cardz please.)
The Intarweb!
EGold (Thx 4 the abusies)
Serifos admins (Thx 4 the abusies)
FINALLY, I WOULD LIKE TO THANK THE ENTIRE TOR DEVELOPMENT TEAM AND THE
US GOVERNMENT FOR ENABLING ME TO DO BAD THINGS :]
CONTENTS
I. Description
II. Needed
IV. Setting up a TOR hidden service
V. The E-Gold Shopping Cart Interface (SCI)
VI. Getting the money
VII. Setting up a TOR web-proxy
VIII. Sources
IX. Attachment: The Zip
I. Description
This 'paper' covers the methodology that can be used to attain funds
from various (illicit :D?) activities in a completely (well, mostly)
anonymous way. Perhaps you are a leet haqur or just some paranoid fool. I
don't really give a shit. (If you are interested in making some mad dollar
bills, and you have the means to do so, please e-mail me and we can talk on
IRC.)
II. Needed
For this you need a few things:
+ Something to sell
+ An E-Gold account
+ Customers
+ TOR
+ Server (Really could be your home computer... but those that are
paranoid should use a hacked box / a stolen wifi connection & stealthy
laptop placement.)
+ Some informations (This paper!?)
I would also recommend that you invest in some form of COMPLETE HARD
DRIVE ENCRYPTION leetness, and make sure it's got some plausible deniability
(jail sucks. See TrueCrypt for a virtual disk w/ plausible deniability,
Drive Crypt Plus Pack (windows, retail) is the only software I know of that
provides plausible deniability in a full HD encryption package.)
III. Setting up a TOR hidden service
This is easy. Install a HTTPd (apache works) make it bind to
127.0.0.1only! (important)
Install TOR on your boxen. Run it for a bit so it grabs all sorts of
good infos.
Stop TOR,
add the following lines to your TOR config:
HiddenServiceDir C:\hidden_service/
HiddenServicePort 80 127.0.0.1:80
when you restart TOR, it will create some files in C:\hidden_service
hostname contains the .onion host for your service, and private_key contains
the key that TOR uses to verify your identity... you -should- put this in a
TrueCrypt hidden disk (USE THE PLAUSIBLE DENIABILITY FEATURE.) you should
also store your htdocs and / or apache in there too. (For extra fun, put TOR
and everything else you use in there.)
When your TOR hidden service is up, anyone who goes to the .onion host
specified in the hostname file will have access to the service running on
port 80 (take a look at hiddenserviceport) people that access your server
will show up from '127.0.0.1' and not their real ip, all communications take
place within the TOR network, so essentially your server is protected.
IV. Brief overview of the Egold Shopping cart interface -
Since only people running TOR can access your website, we have a problem
getting payment details back from E-Gold. We have a solution to this
however.
When you generate the form to send to the E-Gold SCI it has a few
parameters, one of them specifying where to POST the payment details, this
is where the TOR web-proxy comes in handy, E-Gold does not run TOR, however
E-Gold will post this to any url.
<input type="hidden" name="STATUS_URL" value="
http://serifos.eecs.harvard.edu/proxy/http://yourhostyourhost.onion/return.php
">
will do this for you.
EGold takes a few minutes to send the info through the proxy, so it is
best to assign each of your users a USERID and password and let them login
so they can get their information once their payment is pushed through.
VI. Getting the money
You're going to need to anonymously grab this money, you have a few
choices but the best is ptshamrock's anonymous ATM card, and it can be
funded a varied number of ways, it's fairly expensive and can be bought with
egold funds (it would probably be best to set up your service, then BUY the
card with anonymous egold funds and have it send to some drug addict in a
university.)
right.
Anyhow, after you get it, you will be sent details on how to transfer
cash into your card, after the money hits your egold account you should
immediately transfer it into the ptshamrock account, and when you get 10
grand go on an expedition to your local city to cash it out.
E-Gold WILL lock down your account if they are unable to contact you,
and you won't be able to receive payments (you can still make payments,
however) this is fixed by registering a few egold accounts, and moving the
money around between them (you can also have your payment system randomize
what egold account the funds get sent to.) Egold provides an interface for
account automation if that's something you're interested in doing. An
interesting solution may be to get an anonymous pay as you go phone from
ptshamrock and use that info to register to egold, but I have not tried this
method, so it's not verified.
VII. Setting up a TOR web-proxy
(unneeded but if serifos or egold decides to start filtering stuff, this
step is necissary.)
Set up TOR and Privoxify on the box you wish to host from.
enable mod_proxy in your apache config
add this
<IfModule mod_proxy.c>
ProxyPass /proxy/ http://localhost:8119/
</IfModule>
to your apache config.
grab the perl proxy here:
http://afs.eecs.harvard.edu/~goodell/blossom/src/edgeproxy
or, take it from the attached .zip
use it as follows: edgeproxy -l localhost:8119 -r localhost:8118
(These directions were ripped directly from Geoffrey Goodell, and are
simply provided as a mirror.)
VIII. Sources
http://archives.seul.org/or/talk/Oct-2005/msg00201.html - Serifos TOR
Proxy information
http://www.e-gold.com/docs/e-gold_sci.html - E-Gold shopping cart
interface
http://www.ptshamrock.com/ptcard.html - 300,000$ USD limit anonymous ATM
card
http://tor.eff.org - TOR website
Attachment:
AnonMoney.zip
Description: Zip archive
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/