So you just saw Office Space, and now you’re wondering how steal and launder your own millions using computers. Not to worry, you’ve just stumpled upon the complete guide to stealing and laundering money on the internet!

You will be arrested for attempting anything said here, all information presented here is done so in jest. Stealing millions of dollars is not this easy… (Or is it?)

Either way, here’s a list of the physical tools you’ll need:

Laptop w/ wireless network card and antenna (You’re going to be using other people’s networks to do your dirty work)
Vehicle (For wardriving and discovering open wireless networks)
Backtrack LiveCD (Linux Network Penetration Testing LiveCD)
USB Key (Secure storage of files, no evidence on hard drive)
E-Gold Account (Anonymous access to money, Anonymous Visa Card)

And for software:

Kismet (For sniffing and discovering wireless networks)
Aircrack (For cracking wireless networks)
Metasploit Framework (For automated cracking of computers)
Rootkit and Custom Botnet Code (Build a botnet of compromised computers, preferably Peer to Peer encrypted)

Finally, intellectual assets:

Ability to write custom botnet code (see above)
Idea(s) niche markets where users can’t resist downloading and installing software (WoW cheats, Online Gambling cheats, Online Trading software, etc…)
Stupidity
Desperation

We’ve all heard the horror stories about viruses wreaking havoc on the internet. But their potential for destruction is nothing compared to the capabilities of malware. Properly designed and implemented malware wrapped in rootkits are capable of stealing your identity, bank accounts, email accounts, and list of instant messaging contacts silently while your victim browses the internet. These are where the real money is, and how we’ll make our millions online.

The first rule of stealing is “Don’t Get Caught”. Never do anything from your own home. If you need untracable access to the internet, go for a wardrive. Drive into a residential neighborhood and find an open wireless connection. Connect to it, and do anything you don’t want traced back to you. If you’re really paranoid, use a normal Windows laptop, boot into Backtrack, and keep all of your “custom software” on a DemocraKey. You should probably be really paranoid if you’re going to actually try any of this.

Writing your malware is easier than ever. Just get a copy of Rootkits, and do a search for Remote Access Trojans or botnets. Learn from the code and design your own version. A good idea would be to make sure every copy of your malware installs file-sharing software and shares itself with other Peer to Peer users, and you’ve got a recipe for hundreds of thousands of computers under your control. With the popularity of filesharing and user forums, it is extremely easy to get your trojan out in the wild. Post it to a forum as a new World of Warcraft hack, and you’ll easily have thousands of users in a few days.

But how do we turn those computers into cold hard cash? The easiest way is to install a rootkit which Poisons the DNS Cache. When one of the computers under your control enters www.citicards.com, they’ll instead be given an IP address of localhost with a custom website you’ve designed to phish for their information. With a simple redirect, they’ll never know their information was stolen. Hundreds of thousands of compromised computers will yield tens of thousands of credit card accounts. And that’s a great asset if you want to make some money from the net.

To extract the money from the credit card accounts there’s nothing better than good old pr0n sites. By signing up your credit card holders to pr0n sites through your own affiliate links, you can quickly rack up millions of dollars in affiliate commissions. Because you’re not directly drawing the money out of the accounts, it’s impossible for anyone to tell you’re the one signing all these (unknowingly) stolen credit cards up. Some pr0n sites pay $50 and up per person who signs up for a membership.

But how to get the affiliate money anonymously? E-Gold. Right now anyone can sign up for and use E-gold. They don’t verify information, all transactions are final, and they even offer a debit card to withdraw your money from any ATM. Sign up, and have all of your affiliate payments forwarded to an E-gold account. Then request a debit card and make the rounds for a few weeks going from ATM to ATM. This is probably the most difficult work necessary in the entire scheme. Not to worry, because once you’ve done it, you’ve made millions in cold cash.

Then, live in Jamaica. And write a movie about how real life hackers work.

Share This

Related Posts:

This entry was posted on Thursday, June 29th, 2006 at 5:47 pm and is filed under Computer Security, The Big Picture. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.