Dear carder.market & pro members!
I present you today the Ultimate Security Guide packed with useful advice for anonymity and safety online. In this edition I will focus on the most important aspects and factors of security and anonymity. By the end of this tutorial you will be able to browse the internet anonymously so not even your ISP nor the government will be able to see what you are doing. You will also have your computer so secured, that no-one will be able to find out what you have done on your computer and what secret files you have hidden. I have made my best to write in laymen terms, so all of you should be able to understand and follow my instructions.
For maximum security and anonymity you are advised to use all the methods explained.
Forensics and anti-forensics
You have been carding for a while, and possibly earned a bunch of money, you are all happy and satisfied, but suddenly you are arrested, your computer is confiscated and evidence concerning your illegal activities are found - you are busted and they put you in jail.
Remember that your computer is your tool in this business but it can also be used against you because it holds evidence of your activities. It is in your best interest for that evidence to never be extracted. Forensics is just that, obtaining digital evidence concerning illegal activity from your PC. But that’s not the end of the story…
What if that evidence never would be created in the first place?
Yep, that’s right. We can prevent that evidence from being created, and we do this by so called anti-forensics!
In this chapter I will present you ways of securing your windows machine forensics holes by applying anti-forensics methods.
You could just use a Linux OS like Ubuntu which doesn’t contain the holes that windows does. But most of you are using windows so we will focus on that. You have to realize that Windows XP contains a bunch of tools useful to a forensics investigator that we will have to undo to secure ourselves.
First disable UserAssit that logs time and dates of launched programs, which thereby generates RUPs – recent used programs list. By disabling the forensic experts wouldn’t be able to build a digital time line.
Click on run and type regedit and follow through to currentuser\software\microsoft\windows\currentversion\explorer\userassist
There will be two sub keys under UserAssit with long serial numbers; under them is a key called Count. Delete both of the Count keys. Now add a new subkey called Settings under UserAssit – right click under UserAssit and select new key. Add a DWORD value of “NoLog” in the settings – select the settings subkey and in the blank screen of the right tabs do a right click. Click modify NoLog and change DWORD value to 1.
Next we will disable index.dat – a huge collection of logs that record almost everything about what you do on the computer.
To disable index.dat you have to enter safe mode (F8) and login as administrator. Launch up a command prompt and type CD\ and enter. Now type in del index.dat/s and enter. (Note that you cannot do this in windows 7 but you can use cleaning tools which I will cover later.)
Next we delete and disable “System restore points” as forensic investigators can use them to build a digital time line of your activities. To disable, right click on My Computer and go to Properties, (advanced system settings), click on system restore, and click the disable box.
Now turn off hibernation mode. Hibernation enables you to save your work to hardisk when not used. But this is very dangerous to OTFE encryptions like TrueCrypt and BestCrypt because hibernation may store the encryption key into a plain text on the drive as your machine switches to hibernate. A computer forensic investigator might thereby access your encryption key.
To disable go to control panel and select power options. Go to the hibernate tab and uncheck the box.
Next we will disable power cut to the drive. Go to control panel and again power options and select never cut power to the hard drive – by clicking never.
Now we will disable standby from registry. Google online on how to enable extensions on windows as we will need this now. Next create a new text document and name it disable stand by, rename it to .reg Note you do not want reg.txt, see extensions! Open the file and copy the following:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI\Parameters] "AMLIMaxCTObjs"=hex:04,00,00,00 "Attributes"=dword:00000070 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI\Parameters\WakeUp] "FixedEventMask"=hex:20,05 "FixedEventStatus"=hex:00,84 "GenericEventMask"=hex:18,50,00,10 "GenericEventStatus"=hex:10,00,ff,00
Save the file and run it by enter or double clicking.
Now you will have to disable the swap space. This is the memory dump from RAM to hard drive incase RAM is full. A forensics team can thereby access your encryption key once it is in a plain text form. Right click on My Computer, go to properties and click advanced. Under Write debugging information change it to “none”.
The pigs use a famous program called Encase to create digital time lines by using four NTFS timestamps. We can disable the last stomp. Note if you do this, you will not be able to use backup software. Now to disable open up a command prompt CMD and issue the following command:
fsutil behavior set disablelastaccess 1
Now the last time stamp is gone.
The pigs use a sophisticated cutting edge forensics tool called EnCase. It can make bit for bit images of storage media. Take snapshots and analyze RAM – this is where your encryption key is stored. It can also analyze metadata and files signature searching (hash checksums of known files). Plus forensic timeline construction.
Although I will include topics on how to counter EnCase below, there are some useful tools which can aid you in anti-forensics such as Timestomp – it can forge timestamps, destroy timeline abilities and can also ruin ability to gather timestamps at all by older versions of EnCase.
Another nice tool is Slacker – it can hide files steganographically in slack space.
And last but not least Transmogrify – it can change the way EnCase views files, so you can disguise a TrueCrypt partition as a movie, and EnCase will detect it as a movie file.
All of those 3 above mentioned tools were made by the famous Metasploit penetration testing crew. Remember that the use of those 3 tools is optional and only available to Windows. I will provide other ways of overcoming Encase.
Next I will provide some information individuals interested in destruction of hard drives to render data stored. A hard drive has magnetic platters which are used to store data. Unless the magnetic platters are destroyed completely, the evidence can still be recovered – this means if you punch spikes or shoot it with a gun, data can still be recovered. Now only a very strong and precise magnet can change the magnetized and not magnetized sections of the platters. But to be able to do this, you have to open the hard drive and take the magnetic platters out. To destroy data, you must remove their magnetic charges aka magnetize or demagnetize. Another way is to remove the platters and burn them. (Don’t use a microwave as it will probably ruin the microwave before all of the data gets destroyed).
Same concept applies to CDs and it is best to burn them. Also it is best not to store any sensitive data on CDs. Flash disks are better, but only in encrypted containers. Flash memory makes it easy to recover deleted files. That’s why using a SSD (Solid State) hardisk is not a good idea for carding, unless it was clean and you created an encrypted container and put all your secret files there.
Now RAM is a bit different, remember that your encryption key is stored in RAM (Random Access Memory). To prevent a forensic team recover the encryption key you would shutdown the PC. But RAM is not cleared instantly! Rather it decays for a couple of minutes. Furthermore if pigs break into your house, they will seize the PC immediately and then freeze the RAM to slow down the decaying process indefinitely (Cold Boot Attack). This will enable them to recover your encryption key. Even if some time has went, and they recover only a part of the encryption like say 70%, it probably won’t be too hard to brute force the other 30%. But fear not! I will provide you a way to counter this later in my guide.
One quick method I will cover is LIVE-CD(DVD) or for increased speed a LIVE-USB, basically your computer loads the CD or USB Live Operating System, and when you are done, you just shutdown the computer and no saved data is left. Which means no evidence can be extracted. This is on one hand convenient but on the other hand you need to have somehow access to your secret data. Therefore below I will describe another method, equally secure, but which allows for you to have secret data stored.
Make sure you read about forensics and anti-forensics as there are constantly new evolving technologies on both side of the spectrum.
Internet Browsing
Now we will cover the topic on internet browsers. Do not use Internet Explorer! Use Mozilla Firefox (versions 3.6.18 to 7.0.1). Opera has some better encryption options like TLS 1.1 and 1.2 which Firefox lacks, but Firefox itself is open source and thereby very secure and also supports SSL 3.0 and TLS 1.0 which are fairly secure as well. Also keep in mind that many websites only use SSL 3.0 and TLS 1.0 anyway. Beware also that Opera is propriety software, (closed code).
For secure browsing you can use NoScript for Firefox, which will disallow java and javascript, unless you choose to enable it. Another nice option that NoScript offers is HTTPS (HTTP SSL) website forcer, basically this will force a website to use HTTPS encryption. You can use this to force carder.market to an encrypted session. Make sure to accept certificate and permanently store it for convenience.
Another nice application is KeyScrambler (2.8.2) which is a key encrypter – it encrypts and modifies the keys you type in, so a software keylogger cannot log any right keys and thus protecting your passwords online.
You will also want to experiment with Ghostery which stops tracking cookies, Flash Block which stops flash from playing and Adblock Plus which blocks ads.
Securing your hardisk – encryption and other tools
Now onto securing your hardisk with encryption. You must not only use military grade encryption algorithm but also a very safe and long password. From encryption I recommend TrueCrypt, open source, and BestCrypt closed source. Both are very good, and allow for plausible deniability, but I prefer BestCrypt as it has more features and functions. BestCrypt has keyboard filters, which will keep your passwords safe from software keyloggers and it can also encrypt swap space.
For extreme security however, I strongly recommend you to use a VMware workstation OS inside a hidden encryption container.
For this, create a normal container, and fill it up with some porno, and then create another this time hidden container inside of it. For the first container make a password of like 10 characters. For the second container use a 30+ character password, with lower space, high space, numbers and special marks.
Now for the encryption scheme, I recommend Serpent over AES and Twofish. Serpent is the most secure. AES is a little behind Serpent, but is much faster, so just choose one.
Note that after you put files in normal container and have created a hidden container, you are not allowed to put anymore stuff into the normal container; otherwise it will corrupt the hidden container.
The point of plausible deniability is if the pigs catch you, you give them the normal password to the normal container with porn inside of it. But your secret carding items remain safe within the hidden container which they cannot detect.
In BestCrypt click Container, new, choose a name for the container and a file extension like .txt, .jpg or .jbc Now choose Serpent or AES as algorithm and choose CBC – Cipher block chaining mode which has undergone most scrutiny or XTS – modern mode, both are safe. As the key generator use KG-Ghost. The container should be between 28-32GB, I choose 32GB and then create a VMware workstation of windows XP with 28GB, and then you have 3GB left for your secret carding data (1GB for free space on first container). Now enter random garbage using keyboard and move the mouse around the screen for the key generator. Now you will have to format the drive, click format and choose FAT or FAT32 (preferably FAT32). Now fill your container with porn and unimportant data. (After we create a hidden container inside of it, you are not allowed to write to the first container.) Now right click the container and choose properties, (while the container is unmounted). Go to hidden part properties, and click “get free space map”. Now if you have chosen to create a 32GB container, choose to create a 31GB hidden container. Again enter garbage input. Now you create your hidden secret password, 30+ characters, lower, upper, numbers and special marks for maximum security. Remember that you have to memorize this password!
Another nice function of BestCrypt is swap space encryption. Click on “Utilities” and click “Swap File Encryption”. Click “enable encryption of swap file” and “Initialize swap file by random data when Windows starts, for this choose Rijndael 256-bit key (AES).
Now the most important function of BestCrypt and why it’s superior to TrueCrypt is the hot key function. Basically if pigs are knocking on your door, or entering a café where you are, you just click the hot key combination for example Alt X and the container will immediately be dismounted, furthermore the encryption key that was in RAM now gets wiped (cleaned), so even a Cold Boot Attack will not stand a chance.
VMware Workstation Creation
Alright, now onto the VMware creation. Download from piratebay.org a VMware Workstation 7.1.4 and a registration key. Install and register. (Download and install VMware 7.1.5 Update from Help: Check for System Updates, Uninstall, Restart, Install and Restart.)
Now open up VMware and go to edit, and preferences. Now click on memory and choose to “Fit all virtual machine memory into reserved host RAM.” This will secure your data from being obtained by forensic teams.
Remember to open the first container, you enter the normal password and to enter the hidden container you enter your secret password.
Now click on new virtual machine. Typical, and choose to install the Windows XP from disk or from your PC. Choose Microsoft and Windows XP, click next. Now choose 28GB and store virtual disk as a single file. Now click edit, and give your machine a specific amount of RAM (Memory) to use. I recommend half of your RAM capacity, so if you have 3GB of RAM, and choose 1.5GB or 2GB of RAM for your machine. Now click on power this machine, use an activator or patch to activate Windows XP and start downloading all updates, anti-virus, firewall and anti-spyware. After you are done, click File, Import, next, choose Physical Computer, next, this local machine, next. Choose your hardisk, next, other virtual machine, now you choose to locate it into your hidden container, (the hidden container must be mounted). Click Allocate all disk space now for better performance. Now change your NICs to from Bridged to NATs. Next. Click remove all system restore checkpoints. And finalize. Now wait until it all configures.
Inside VMware you can save snapshots of the operating system, and reverse any changes if you want, once you have created the finalized product in your hidden container, delete all snapshots.
Note that you can create the BestCrypt container on your PC, or a SD Disk with 32GB or preferably 64GB. In the latter case, your PC will contain nothing of sensitive documents, and the SD Disk can easily be destroyed or hidden in case of a pigs raid. However I chose to create my container on my PC as it is convenient and we have plausible deniability.
Entering Carding Forums Safety – Tor
Now I want to talk about Tor and entering carding forums like this one. You shouldn’t enter a carding forum from your home unless you are using anonymity tools because otherwise your password can be stolen by sniffers. You may enter carding forums if you are using Tor however but only with HTTPS encryption. Tor encrypts your data stream between two PCs, and the third one decrypts your data, so he may see your data, but your ISP won’t. So it is also imperative that you use HTTPS encryption. As I’ve mentioned in NoScript, you can enter options and force a HTTPS connection, like on carder.market and carder.market, and then it will always load HTTPS encrypted connections. First download and extract Tor Browser Bundle for Windows. Then load it and install NoScript, in S icon click options. Go to Advanced and HTTPS, and force carder.market and carder.market to use HTTPS connections. (Note you cannot card anything online using TOR.)
Hardisk Cleansing
If you have followed through and done every precaution mentioned in my guide, you will stand an extremely good chance against the pigs and their forensics experts.
If however you have carding items on your PC which aren’t encrypted, you should firstly move them all to the hidden container.
Next it is important to securely delete all of your unencrypted carding files or hacking data. This can be accomplished using “Eraser” by Heidi, a software that allows you to securely delete files and folders. Install Eraser and open it, next go to Settings and choose 2 default erasure methods, both I recommend US DoD 5220.22M 3 passes. This is optimal and most secure; you do not need any more passes, as it is just a waste of time, unless you have a very old hardisk below 60GB. On newer such as hardisks with 120GB+ capacity, 3 passes is enough.
For deleting cookies and other tracks as well as cleanse the system, I recommend CCleaner which also has the option to check for registry conflicts and fix them and Privacy Mantra which makes a comprehensive privacy check and gets rid of all evidence.
Anonymous Internet
Now I will go on to anonymous carding online. First of all realize that any attempts at anonymity cannot guarantee 100% anonymity. However it is possible to be semi anonymous and thereby stay safe being shady online. Many of you are familiar with VPNs and Socks. Although I will cover a slightly other area. SSH, secure shell is another option for your anonymity. I don’t trust official VPN vendors, as they all probably contain logs of your activity, and cooperate with the pigs. For maximum anonymity it is better to use a VPS or VDS, virtual private server bundled with SSH for your encrypted internet sessions. Make sure that the VPS is in a country not favored by USA, examples are Russia, China and Muslim countries. For this you will need Putty. Now to configure Putty, go to connection, SSH, Tunnels and under port forwarding use SSH2 only. Back to SSH, preferred SSH protocol, 2 only. Back to Session, enter a name and IP Address as well as port of your VPS and save it. Now you can click on open and login.
Now you will need either SOCKS5 proxies or dedicated servers to impersonate and commit your carding online such as shipping or any other theme you are interested in. Recently I came across SSL socks5, which I found pretty smart to use, although they are a bit more expensive, you shouldn’t compromise your security and anonymity no matter the costs. But generally speaking I suggest buying a dedicated server from a trusted vendor. For socks5, use Proxifier and type in IP address and port, protocol and authentication if there is any (username and password). Note that normal socks5 are not encrypted, but using several in a chain such as Russia, China, India, and USA is very useful against tracing.
Instead of Wi-Fi you may also consider getting a 3G modem, in my opinion both are safe to use. But don’t use the 3G from your home, go to a shopping center or café and do your work there. Note that the SIM card is tied to the modem and the phone, so you will have to periodically acquire new sets of cheap phone, SIM card and 3G modem every month or so for your safety.
The best option period is hacked cable modems – although the speeds should be low otherwise it will trigger red flags at the ISP, 600kbps is safe, and anything higher is not. The hacked cable modems cannot be traced. In theory its possible, but in practice its probably never have been done, as it involves a complex process of disconnecting users in an wide area followed by smaller areas and thereby many customers would be upset. To obtain a hacked cable modem, you should buy it from a trusted vendor or a friend experienced in making them.
Always check if your VPN/SSH and socks/dedicated server are working by checking your IP online on whatismyipaddress.com
Make sure you change your MAC address before you connect to a WI-FI or 3G. Although I haven’t heard any cases of people being traced back in this matter, it is still a security precaution, and I recommend you changing it. For this use SMAC 2.0 or Technitium MAC address changer version 5 release - third.
Secure Communications ICQ, Jabber – Pidgin and OTR
Now for your secure ICQ or Jabber communications download and install Pidgin and Pidgin OTR. Note for OTR to work, both you and your partner must be using it. I have seen most do not use it, so make sure your point of entry to the internet is from a café, bar or hotel Wi-Fi. Point of entry is very important, also when you are carding online, make sure your entry is secure, aka make sure there are no video cameras watching. For entrance to carding forums, it is sufficient to use Tor and you may do it from your home PC.
Install Pidgin and Pidgin OTR to C
rogram Files. To configure Pidgin to use OTR, run pidgin and open the plugins panel in Tools. Find OTR messaging plugin and enable it by selecting the checkbox. By selecting it click configure plugin. Select an account and click generate. This will be the unique fingerprint for that account. Check enable private messaging and uncheck Automatically initiate private messaging. You will have to firstly ask the person in unencrypted communication if he or she has OTR and to enable it, by clicking on Lock icon while chatting, you will have to do the same once they accept it. That’s it, Pidgin OTR is now configured and ready to use.
Although you may use ICQ, better use Jabber with Pidgin and OTR. Jabber is superior to ICQ as it is decentralized and nobody keeps control over it. ICQ gets monitored and logs probably get kept forever.
Computer Security
If you are long enough in the game and are earning lots of money, someone might take an interest in you and start tracing back through those socks proxies and VPNs. Once you are traced, either physically or digitally they will try to obtain further evidence from your PC. One aspect the digital one, I will cover here.
Software keyloggers, the LE, the pigs are using them too and not only them but you have to secure yourself from other hackers and identity thieves. Therefore your PC must be in tip top security state. For this you must be using an excellent anti-virus program such as Kaspersky, a firewall like Comodo and an anti-spyware solution like Ad-Aware Pro. Personally I advice to just buy Kaspersky anti-virus, download free Comodo firewall and buy Ad-Aware Pro.
Next download and install a program for windows called XP-Antispy. It will come in handy, you can customize settings, it’s a neat program.
Next some advice on staying secure.
Don’t download torrents or cracks from unknown sources, only download from vip members and moderators. Don’t open or download any unknown e-mails. If you must use a sandbox like virtual OS to download and see if what you are downloading is secure or not, if infected your virtual OS will get infected, but your main PC is still secure. Furthermore some cracks are legit and backdoored at the same time so be careful, they are crypted with a Trojan.
Another important thing is to install all Microsoft windows updates and update daily all of your security programs.
If somebody is really interested in hacking you computer, he will undoubtedly scan your PC for software used and try to find security holes in your old versions of software. Therefore it is very important to only use latest versions of software. For this use Sumo Lite from KC Software and RealHippo to check for software updates.
If you are interested in Linux, I suggest Ubuntu or Fortress Linux. Both are very secure. Ubuntu has a lot of applications that can come in handy and there is always a good flow of updates and security fixes. Fortress Linux is very new, but its sole purpose is to provide a very secure environment so feel free to experiment with them both.
General Safety
Now anti-forensics and encryption will not help you if you do not take real life critical steps to protect yourself. This has to be addressed as it is very important. First of all do not talk about carding with anyone no matter what circumstance and pretend to be a normal person in real life. Also keep in mind that it is best that you work alone in real life. Introducing anyone in your game is like introducing a potential enemy.
Next most important thing is to make changes frequently. Change what Wi-Fi spots you go to every 3 or so month. Also remember to change proxy accounts and dedicated servers every month or so. A good sense of paranoia is also useful, but don’t go overbroad with it.
Do not ever under any circumstance talk with another carder or anyone on the phone about carding, even in secret code – it will only backfire. You may use Skype as the Skype conversations are encrypted, which is a neat function and a voice changer to change your voice but this I cannot confirm as I haven’t tested it.
Remember that you can get away with anything if you do it right, for this you have to plan your actions and a visionary in the sense that you predict the outcomes of different situations and places and think of all possible repercussions of your actions. Always keep a backup plan in case something goes unexpected. Furthermore never use any real name, family, phone numbers or e-mail addresses online connected with carding.
Keep a separate identity connected with carding and use that solely for that purpose only. If your sixth sense tells you something is wrong, then it is probably so, - so be ready to abandon everything you planned, don’t be a kamikaze or impulsive, do everything calmly so you don’t miss any important details required in carding. Make sure you think of possible alibis ahead of time, - this will help you greatly if the pigs catch you.
Remember to keep your carding sums up to 1.k-2k $, anywhere more than that will probably get canceled and result in your CC blocked. Better yet, make orders 200-800$, they will mostly be accepted and you will earn much more in the long run. The best times to make orders are somewhere in the middle of the month, as card holders get their reports on the beginning of each month.
Aside from forensics and anti-forensics, keep updated on cyber laws in your country, so you know what to expect in case of an arrest. And most importantly, know your rights! In case you get arrested, say only “I want to talk with my lawyer”. That’s right, “your lawyer”, not some randomly appointed lawyer who comes and begins talking with you after your arrest. The moment you start talking with pigs, consider that you have just busted your chance of freedom.
Make sure you order carding items by “ordinary mail”, no FedEx, no TNT! The only exception to this, is if you get someone else to sign it. Do not sign for anything in your name and never order anything to your house. If some unexpected package arrives at your house that you don’t know where it came from, do not sign and do not pick it up!
Your house should be clean, no drugs, no transaction records, no hacking material or tools (only in your encrypted hidden container). Also keep in mind that your printers leave yellow dots on the printed documents that can be linked and traced back to your printer.
Also do not look at porn, some porn may contain underage teens or children, and this can incriminate you unintentionally. Also do not look at any drawings or renderings of porn as in many jurisdictions, those can just as illegal as photographs.
You now have a solid grip on security and anonymity online. By following all of my advices, you ensure your security, anonymity and safety in carding. Please vote for my guide for the upcoming competition and I will post new and interesting articles as well as provide support for you all! Thank you and good luck!
I present you today the Ultimate Security Guide packed with useful advice for anonymity and safety online. In this edition I will focus on the most important aspects and factors of security and anonymity. By the end of this tutorial you will be able to browse the internet anonymously so not even your ISP nor the government will be able to see what you are doing. You will also have your computer so secured, that no-one will be able to find out what you have done on your computer and what secret files you have hidden. I have made my best to write in laymen terms, so all of you should be able to understand and follow my instructions.
For maximum security and anonymity you are advised to use all the methods explained.
Forensics and anti-forensics
You have been carding for a while, and possibly earned a bunch of money, you are all happy and satisfied, but suddenly you are arrested, your computer is confiscated and evidence concerning your illegal activities are found - you are busted and they put you in jail.
Remember that your computer is your tool in this business but it can also be used against you because it holds evidence of your activities. It is in your best interest for that evidence to never be extracted. Forensics is just that, obtaining digital evidence concerning illegal activity from your PC. But that’s not the end of the story…
What if that evidence never would be created in the first place?
Yep, that’s right. We can prevent that evidence from being created, and we do this by so called anti-forensics!
In this chapter I will present you ways of securing your windows machine forensics holes by applying anti-forensics methods.
You could just use a Linux OS like Ubuntu which doesn’t contain the holes that windows does. But most of you are using windows so we will focus on that. You have to realize that Windows XP contains a bunch of tools useful to a forensics investigator that we will have to undo to secure ourselves.
First disable UserAssit that logs time and dates of launched programs, which thereby generates RUPs – recent used programs list. By disabling the forensic experts wouldn’t be able to build a digital time line.
Click on run and type regedit and follow through to currentuser\software\microsoft\windows\currentversion\explorer\userassist
There will be two sub keys under UserAssit with long serial numbers; under them is a key called Count. Delete both of the Count keys. Now add a new subkey called Settings under UserAssit – right click under UserAssit and select new key. Add a DWORD value of “NoLog” in the settings – select the settings subkey and in the blank screen of the right tabs do a right click. Click modify NoLog and change DWORD value to 1.
Next we will disable index.dat – a huge collection of logs that record almost everything about what you do on the computer.
To disable index.dat you have to enter safe mode (F8) and login as administrator. Launch up a command prompt and type CD\ and enter. Now type in del index.dat/s and enter. (Note that you cannot do this in windows 7 but you can use cleaning tools which I will cover later.)
Next we delete and disable “System restore points” as forensic investigators can use them to build a digital time line of your activities. To disable, right click on My Computer and go to Properties, (advanced system settings), click on system restore, and click the disable box.
Now turn off hibernation mode. Hibernation enables you to save your work to hardisk when not used. But this is very dangerous to OTFE encryptions like TrueCrypt and BestCrypt because hibernation may store the encryption key into a plain text on the drive as your machine switches to hibernate. A computer forensic investigator might thereby access your encryption key.
To disable go to control panel and select power options. Go to the hibernate tab and uncheck the box.
Next we will disable power cut to the drive. Go to control panel and again power options and select never cut power to the hard drive – by clicking never.
Now we will disable standby from registry. Google online on how to enable extensions on windows as we will need this now. Next create a new text document and name it disable stand by, rename it to .reg Note you do not want reg.txt, see extensions! Open the file and copy the following:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI\Parameters] "AMLIMaxCTObjs"=hex:04,00,00,00 "Attributes"=dword:00000070 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI\Parameters\WakeUp] "FixedEventMask"=hex:20,05 "FixedEventStatus"=hex:00,84 "GenericEventMask"=hex:18,50,00,10 "GenericEventStatus"=hex:10,00,ff,00
Save the file and run it by enter or double clicking.
Now you will have to disable the swap space. This is the memory dump from RAM to hard drive incase RAM is full. A forensics team can thereby access your encryption key once it is in a plain text form. Right click on My Computer, go to properties and click advanced. Under Write debugging information change it to “none”.
The pigs use a famous program called Encase to create digital time lines by using four NTFS timestamps. We can disable the last stomp. Note if you do this, you will not be able to use backup software. Now to disable open up a command prompt CMD and issue the following command:
fsutil behavior set disablelastaccess 1
Now the last time stamp is gone.
The pigs use a sophisticated cutting edge forensics tool called EnCase. It can make bit for bit images of storage media. Take snapshots and analyze RAM – this is where your encryption key is stored. It can also analyze metadata and files signature searching (hash checksums of known files). Plus forensic timeline construction.
Although I will include topics on how to counter EnCase below, there are some useful tools which can aid you in anti-forensics such as Timestomp – it can forge timestamps, destroy timeline abilities and can also ruin ability to gather timestamps at all by older versions of EnCase.
Another nice tool is Slacker – it can hide files steganographically in slack space.
And last but not least Transmogrify – it can change the way EnCase views files, so you can disguise a TrueCrypt partition as a movie, and EnCase will detect it as a movie file.
All of those 3 above mentioned tools were made by the famous Metasploit penetration testing crew. Remember that the use of those 3 tools is optional and only available to Windows. I will provide other ways of overcoming Encase.
Next I will provide some information individuals interested in destruction of hard drives to render data stored. A hard drive has magnetic platters which are used to store data. Unless the magnetic platters are destroyed completely, the evidence can still be recovered – this means if you punch spikes or shoot it with a gun, data can still be recovered. Now only a very strong and precise magnet can change the magnetized and not magnetized sections of the platters. But to be able to do this, you have to open the hard drive and take the magnetic platters out. To destroy data, you must remove their magnetic charges aka magnetize or demagnetize. Another way is to remove the platters and burn them. (Don’t use a microwave as it will probably ruin the microwave before all of the data gets destroyed).
Same concept applies to CDs and it is best to burn them. Also it is best not to store any sensitive data on CDs. Flash disks are better, but only in encrypted containers. Flash memory makes it easy to recover deleted files. That’s why using a SSD (Solid State) hardisk is not a good idea for carding, unless it was clean and you created an encrypted container and put all your secret files there.
Now RAM is a bit different, remember that your encryption key is stored in RAM (Random Access Memory). To prevent a forensic team recover the encryption key you would shutdown the PC. But RAM is not cleared instantly! Rather it decays for a couple of minutes. Furthermore if pigs break into your house, they will seize the PC immediately and then freeze the RAM to slow down the decaying process indefinitely (Cold Boot Attack). This will enable them to recover your encryption key. Even if some time has went, and they recover only a part of the encryption like say 70%, it probably won’t be too hard to brute force the other 30%. But fear not! I will provide you a way to counter this later in my guide.
One quick method I will cover is LIVE-CD(DVD) or for increased speed a LIVE-USB, basically your computer loads the CD or USB Live Operating System, and when you are done, you just shutdown the computer and no saved data is left. Which means no evidence can be extracted. This is on one hand convenient but on the other hand you need to have somehow access to your secret data. Therefore below I will describe another method, equally secure, but which allows for you to have secret data stored.
Make sure you read about forensics and anti-forensics as there are constantly new evolving technologies on both side of the spectrum.
Internet Browsing
Now we will cover the topic on internet browsers. Do not use Internet Explorer! Use Mozilla Firefox (versions 3.6.18 to 7.0.1). Opera has some better encryption options like TLS 1.1 and 1.2 which Firefox lacks, but Firefox itself is open source and thereby very secure and also supports SSL 3.0 and TLS 1.0 which are fairly secure as well. Also keep in mind that many websites only use SSL 3.0 and TLS 1.0 anyway. Beware also that Opera is propriety software, (closed code).
For secure browsing you can use NoScript for Firefox, which will disallow java and javascript, unless you choose to enable it. Another nice option that NoScript offers is HTTPS (HTTP SSL) website forcer, basically this will force a website to use HTTPS encryption. You can use this to force carder.market to an encrypted session. Make sure to accept certificate and permanently store it for convenience.
Another nice application is KeyScrambler (2.8.2) which is a key encrypter – it encrypts and modifies the keys you type in, so a software keylogger cannot log any right keys and thus protecting your passwords online.
You will also want to experiment with Ghostery which stops tracking cookies, Flash Block which stops flash from playing and Adblock Plus which blocks ads.
Securing your hardisk – encryption and other tools
Now onto securing your hardisk with encryption. You must not only use military grade encryption algorithm but also a very safe and long password. From encryption I recommend TrueCrypt, open source, and BestCrypt closed source. Both are very good, and allow for plausible deniability, but I prefer BestCrypt as it has more features and functions. BestCrypt has keyboard filters, which will keep your passwords safe from software keyloggers and it can also encrypt swap space.
For extreme security however, I strongly recommend you to use a VMware workstation OS inside a hidden encryption container.
For this, create a normal container, and fill it up with some porno, and then create another this time hidden container inside of it. For the first container make a password of like 10 characters. For the second container use a 30+ character password, with lower space, high space, numbers and special marks.
Now for the encryption scheme, I recommend Serpent over AES and Twofish. Serpent is the most secure. AES is a little behind Serpent, but is much faster, so just choose one.
Note that after you put files in normal container and have created a hidden container, you are not allowed to put anymore stuff into the normal container; otherwise it will corrupt the hidden container.
The point of plausible deniability is if the pigs catch you, you give them the normal password to the normal container with porn inside of it. But your secret carding items remain safe within the hidden container which they cannot detect.
In BestCrypt click Container, new, choose a name for the container and a file extension like .txt, .jpg or .jbc Now choose Serpent or AES as algorithm and choose CBC – Cipher block chaining mode which has undergone most scrutiny or XTS – modern mode, both are safe. As the key generator use KG-Ghost. The container should be between 28-32GB, I choose 32GB and then create a VMware workstation of windows XP with 28GB, and then you have 3GB left for your secret carding data (1GB for free space on first container). Now enter random garbage using keyboard and move the mouse around the screen for the key generator. Now you will have to format the drive, click format and choose FAT or FAT32 (preferably FAT32). Now fill your container with porn and unimportant data. (After we create a hidden container inside of it, you are not allowed to write to the first container.) Now right click the container and choose properties, (while the container is unmounted). Go to hidden part properties, and click “get free space map”. Now if you have chosen to create a 32GB container, choose to create a 31GB hidden container. Again enter garbage input. Now you create your hidden secret password, 30+ characters, lower, upper, numbers and special marks for maximum security. Remember that you have to memorize this password!
Another nice function of BestCrypt is swap space encryption. Click on “Utilities” and click “Swap File Encryption”. Click “enable encryption of swap file” and “Initialize swap file by random data when Windows starts, for this choose Rijndael 256-bit key (AES).
Now the most important function of BestCrypt and why it’s superior to TrueCrypt is the hot key function. Basically if pigs are knocking on your door, or entering a café where you are, you just click the hot key combination for example Alt X and the container will immediately be dismounted, furthermore the encryption key that was in RAM now gets wiped (cleaned), so even a Cold Boot Attack will not stand a chance.
VMware Workstation Creation
Alright, now onto the VMware creation. Download from piratebay.org a VMware Workstation 7.1.4 and a registration key. Install and register. (Download and install VMware 7.1.5 Update from Help: Check for System Updates, Uninstall, Restart, Install and Restart.)
Now open up VMware and go to edit, and preferences. Now click on memory and choose to “Fit all virtual machine memory into reserved host RAM.” This will secure your data from being obtained by forensic teams.
Remember to open the first container, you enter the normal password and to enter the hidden container you enter your secret password.
Now click on new virtual machine. Typical, and choose to install the Windows XP from disk or from your PC. Choose Microsoft and Windows XP, click next. Now choose 28GB and store virtual disk as a single file. Now click edit, and give your machine a specific amount of RAM (Memory) to use. I recommend half of your RAM capacity, so if you have 3GB of RAM, and choose 1.5GB or 2GB of RAM for your machine. Now click on power this machine, use an activator or patch to activate Windows XP and start downloading all updates, anti-virus, firewall and anti-spyware. After you are done, click File, Import, next, choose Physical Computer, next, this local machine, next. Choose your hardisk, next, other virtual machine, now you choose to locate it into your hidden container, (the hidden container must be mounted). Click Allocate all disk space now for better performance. Now change your NICs to from Bridged to NATs. Next. Click remove all system restore checkpoints. And finalize. Now wait until it all configures.
Inside VMware you can save snapshots of the operating system, and reverse any changes if you want, once you have created the finalized product in your hidden container, delete all snapshots.
Note that you can create the BestCrypt container on your PC, or a SD Disk with 32GB or preferably 64GB. In the latter case, your PC will contain nothing of sensitive documents, and the SD Disk can easily be destroyed or hidden in case of a pigs raid. However I chose to create my container on my PC as it is convenient and we have plausible deniability.
Entering Carding Forums Safety – Tor
Now I want to talk about Tor and entering carding forums like this one. You shouldn’t enter a carding forum from your home unless you are using anonymity tools because otherwise your password can be stolen by sniffers. You may enter carding forums if you are using Tor however but only with HTTPS encryption. Tor encrypts your data stream between two PCs, and the third one decrypts your data, so he may see your data, but your ISP won’t. So it is also imperative that you use HTTPS encryption. As I’ve mentioned in NoScript, you can enter options and force a HTTPS connection, like on carder.market and carder.market, and then it will always load HTTPS encrypted connections. First download and extract Tor Browser Bundle for Windows. Then load it and install NoScript, in S icon click options. Go to Advanced and HTTPS, and force carder.market and carder.market to use HTTPS connections. (Note you cannot card anything online using TOR.)
Hardisk Cleansing
If you have followed through and done every precaution mentioned in my guide, you will stand an extremely good chance against the pigs and their forensics experts.
If however you have carding items on your PC which aren’t encrypted, you should firstly move them all to the hidden container.
Next it is important to securely delete all of your unencrypted carding files or hacking data. This can be accomplished using “Eraser” by Heidi, a software that allows you to securely delete files and folders. Install Eraser and open it, next go to Settings and choose 2 default erasure methods, both I recommend US DoD 5220.22M 3 passes. This is optimal and most secure; you do not need any more passes, as it is just a waste of time, unless you have a very old hardisk below 60GB. On newer such as hardisks with 120GB+ capacity, 3 passes is enough.
For deleting cookies and other tracks as well as cleanse the system, I recommend CCleaner which also has the option to check for registry conflicts and fix them and Privacy Mantra which makes a comprehensive privacy check and gets rid of all evidence.
Anonymous Internet
Now I will go on to anonymous carding online. First of all realize that any attempts at anonymity cannot guarantee 100% anonymity. However it is possible to be semi anonymous and thereby stay safe being shady online. Many of you are familiar with VPNs and Socks. Although I will cover a slightly other area. SSH, secure shell is another option for your anonymity. I don’t trust official VPN vendors, as they all probably contain logs of your activity, and cooperate with the pigs. For maximum anonymity it is better to use a VPS or VDS, virtual private server bundled with SSH for your encrypted internet sessions. Make sure that the VPS is in a country not favored by USA, examples are Russia, China and Muslim countries. For this you will need Putty. Now to configure Putty, go to connection, SSH, Tunnels and under port forwarding use SSH2 only. Back to SSH, preferred SSH protocol, 2 only. Back to Session, enter a name and IP Address as well as port of your VPS and save it. Now you can click on open and login.
Now you will need either SOCKS5 proxies or dedicated servers to impersonate and commit your carding online such as shipping or any other theme you are interested in. Recently I came across SSL socks5, which I found pretty smart to use, although they are a bit more expensive, you shouldn’t compromise your security and anonymity no matter the costs. But generally speaking I suggest buying a dedicated server from a trusted vendor. For socks5, use Proxifier and type in IP address and port, protocol and authentication if there is any (username and password). Note that normal socks5 are not encrypted, but using several in a chain such as Russia, China, India, and USA is very useful against tracing.
Instead of Wi-Fi you may also consider getting a 3G modem, in my opinion both are safe to use. But don’t use the 3G from your home, go to a shopping center or café and do your work there. Note that the SIM card is tied to the modem and the phone, so you will have to periodically acquire new sets of cheap phone, SIM card and 3G modem every month or so for your safety.
The best option period is hacked cable modems – although the speeds should be low otherwise it will trigger red flags at the ISP, 600kbps is safe, and anything higher is not. The hacked cable modems cannot be traced. In theory its possible, but in practice its probably never have been done, as it involves a complex process of disconnecting users in an wide area followed by smaller areas and thereby many customers would be upset. To obtain a hacked cable modem, you should buy it from a trusted vendor or a friend experienced in making them.
Always check if your VPN/SSH and socks/dedicated server are working by checking your IP online on whatismyipaddress.com
Make sure you change your MAC address before you connect to a WI-FI or 3G. Although I haven’t heard any cases of people being traced back in this matter, it is still a security precaution, and I recommend you changing it. For this use SMAC 2.0 or Technitium MAC address changer version 5 release - third.
Secure Communications ICQ, Jabber – Pidgin and OTR
Now for your secure ICQ or Jabber communications download and install Pidgin and Pidgin OTR. Note for OTR to work, both you and your partner must be using it. I have seen most do not use it, so make sure your point of entry to the internet is from a café, bar or hotel Wi-Fi. Point of entry is very important, also when you are carding online, make sure your entry is secure, aka make sure there are no video cameras watching. For entrance to carding forums, it is sufficient to use Tor and you may do it from your home PC.
Install Pidgin and Pidgin OTR to C
rogram Files. To configure Pidgin to use OTR, run pidgin and open the plugins panel in Tools. Find OTR messaging plugin and enable it by selecting the checkbox. By selecting it click configure plugin. Select an account and click generate. This will be the unique fingerprint for that account. Check enable private messaging and uncheck Automatically initiate private messaging. You will have to firstly ask the person in unencrypted communication if he or she has OTR and to enable it, by clicking on Lock icon while chatting, you will have to do the same once they accept it. That’s it, Pidgin OTR is now configured and ready to use. Although you may use ICQ, better use Jabber with Pidgin and OTR. Jabber is superior to ICQ as it is decentralized and nobody keeps control over it. ICQ gets monitored and logs probably get kept forever.
Computer Security
If you are long enough in the game and are earning lots of money, someone might take an interest in you and start tracing back through those socks proxies and VPNs. Once you are traced, either physically or digitally they will try to obtain further evidence from your PC. One aspect the digital one, I will cover here.
Software keyloggers, the LE, the pigs are using them too and not only them but you have to secure yourself from other hackers and identity thieves. Therefore your PC must be in tip top security state. For this you must be using an excellent anti-virus program such as Kaspersky, a firewall like Comodo and an anti-spyware solution like Ad-Aware Pro. Personally I advice to just buy Kaspersky anti-virus, download free Comodo firewall and buy Ad-Aware Pro.
Next download and install a program for windows called XP-Antispy. It will come in handy, you can customize settings, it’s a neat program.
Next some advice on staying secure.
Don’t download torrents or cracks from unknown sources, only download from vip members and moderators. Don’t open or download any unknown e-mails. If you must use a sandbox like virtual OS to download and see if what you are downloading is secure or not, if infected your virtual OS will get infected, but your main PC is still secure. Furthermore some cracks are legit and backdoored at the same time so be careful, they are crypted with a Trojan.
Another important thing is to install all Microsoft windows updates and update daily all of your security programs.
If somebody is really interested in hacking you computer, he will undoubtedly scan your PC for software used and try to find security holes in your old versions of software. Therefore it is very important to only use latest versions of software. For this use Sumo Lite from KC Software and RealHippo to check for software updates.
If you are interested in Linux, I suggest Ubuntu or Fortress Linux. Both are very secure. Ubuntu has a lot of applications that can come in handy and there is always a good flow of updates and security fixes. Fortress Linux is very new, but its sole purpose is to provide a very secure environment so feel free to experiment with them both.
General Safety
Now anti-forensics and encryption will not help you if you do not take real life critical steps to protect yourself. This has to be addressed as it is very important. First of all do not talk about carding with anyone no matter what circumstance and pretend to be a normal person in real life. Also keep in mind that it is best that you work alone in real life. Introducing anyone in your game is like introducing a potential enemy.
Next most important thing is to make changes frequently. Change what Wi-Fi spots you go to every 3 or so month. Also remember to change proxy accounts and dedicated servers every month or so. A good sense of paranoia is also useful, but don’t go overbroad with it.
Do not ever under any circumstance talk with another carder or anyone on the phone about carding, even in secret code – it will only backfire. You may use Skype as the Skype conversations are encrypted, which is a neat function and a voice changer to change your voice but this I cannot confirm as I haven’t tested it.
Remember that you can get away with anything if you do it right, for this you have to plan your actions and a visionary in the sense that you predict the outcomes of different situations and places and think of all possible repercussions of your actions. Always keep a backup plan in case something goes unexpected. Furthermore never use any real name, family, phone numbers or e-mail addresses online connected with carding.
Keep a separate identity connected with carding and use that solely for that purpose only. If your sixth sense tells you something is wrong, then it is probably so, - so be ready to abandon everything you planned, don’t be a kamikaze or impulsive, do everything calmly so you don’t miss any important details required in carding. Make sure you think of possible alibis ahead of time, - this will help you greatly if the pigs catch you.
Remember to keep your carding sums up to 1.k-2k $, anywhere more than that will probably get canceled and result in your CC blocked. Better yet, make orders 200-800$, they will mostly be accepted and you will earn much more in the long run. The best times to make orders are somewhere in the middle of the month, as card holders get their reports on the beginning of each month.
Aside from forensics and anti-forensics, keep updated on cyber laws in your country, so you know what to expect in case of an arrest. And most importantly, know your rights! In case you get arrested, say only “I want to talk with my lawyer”. That’s right, “your lawyer”, not some randomly appointed lawyer who comes and begins talking with you after your arrest. The moment you start talking with pigs, consider that you have just busted your chance of freedom.
Make sure you order carding items by “ordinary mail”, no FedEx, no TNT! The only exception to this, is if you get someone else to sign it. Do not sign for anything in your name and never order anything to your house. If some unexpected package arrives at your house that you don’t know where it came from, do not sign and do not pick it up!
Your house should be clean, no drugs, no transaction records, no hacking material or tools (only in your encrypted hidden container). Also keep in mind that your printers leave yellow dots on the printed documents that can be linked and traced back to your printer.
Also do not look at porn, some porn may contain underage teens or children, and this can incriminate you unintentionally. Also do not look at any drawings or renderings of porn as in many jurisdictions, those can just as illegal as photographs.
You now have a solid grip on security and anonymity online. By following all of my advices, you ensure your security, anonymity and safety in carding. Please vote for my guide for the upcoming competition and I will post new and interesting articles as well as provide support for you all! Thank you and good luck!
