As fraudster, the first thing you need to have done, is your Opsec (Operational Security). If you live and fraud in high risk countries such as USA, Canada, UK, then your Opsec must be rock solid.
If you live in Africa, India and other low risk countries, in that case Opsec matters less.
The good thing about fraud is that if you have decent opsec, you will never worry about ending up in jail, unlike selling drugs etc.
The opsec that I give here is simple yet extremely effective. Follow it to line and you will be safe, rest assured. Remember these guidelines are for carding, if you need to do anything else on the darknet – DO NOT use Tor on Windows or MacOS, this might destroy your anonymity regardless of how careful you are while carding.
Hardware: you will require a burner laptop, avoid at cost desktop pcs, as you can` t bring them with you, plus if there is a raid going on from LE, you will find it harder to get rid of it/hide it.
Here are the general specs that you will need to work proficiently: a minimum of a 6GB laptop will be enough to handle all the apps and processes running into the VM. I personally have a refunded Alienware 17, that`s kind of expensive though in general, you can find the same specs for a much lower price. Finally, yet importantly, the more processing cores the better.
Don’t include any of your personal information here. Another thing you will need is a burner smartphone. I high recommend an android one, as a iOs is far too limited. You might need this one when you will do mobile carding, although you can execute mobile carding even from you laptop (more on that later).
USB Stick Key: make sure it has plenty of gigabytes, you will store all your portable applications and some of the illegal date here. In case you are in troubles, you can throw away/destroy it and all the evidence will be gone. No where to execute your fraud activities? I hear nonsense on forums such as going to the public library, use their wi-fi, go to an internet café and use their internet. Avoid at all costs public places. Its doesn’t look good that you browse some onion sites and/or a clearnet cc auto-shop. Long story short, make sure you are in a place where no one can spy on you.
Now that you have a laptop, you need to install the software, first of all, you will install VMware, VMware is a paid virtual machine software and trust me, it is way better than the free alternative of Virtual Box from Oracle.
You need to be Return On Investment oriented (ROI), so avoid at all costs to spend money on a software that you can get for free on google. When you will start seeing some money rolling in, you can card licenses or even better buy them with legit money.
Simply install the trial of VMware Workstation from their official website.
After VMware is installed , you need to activate it. You can try finding free/cheap keys on the DW.
Remember to change your PC and user name and put a fake one. Now, install VMware and make you first VM, use a OS that you feel confident with, I recommend Win7 as it’s the most widespread one and it will make us look legit in the eyes of antifraud Systems.
You will need an Windows 7 ISO, so that you can use it to create a Win7 machine, also get an activator so that you remove the annoying trial, Google is you best friend in this case.
Make sure you give as many GBs as possible to the VM so that functions properly.
Now install the following software on the machine:
- Mozilla Firefox (Regular Browser)
- Mozilla Thunderbird (E-mail Management)
- Tor Browser
- Team viewer
- Viscosity (DNS leak prevention)
- CCleaner (System Cleaner)
- Bleachbit (Additional Cleaner)
- Mozbackup (Profile saver for FFox)
- My Notes Keeper (Project Management, more on this one later)
- Pidgin + OTR
- Noxx app player/bluestacks/Genymotion/Andy Emulator/(Android Emulator)
- Proxifier (Socks5 Connection)
- Diamond Voice Changer
Encryption: ok, lets touch a fundamental topic about security, encryption. Here’s the bad news, encryption wont always hide 100% your illegal files, as a matter of fact many fraudsters get caught and the evidence extracted, but I still highly suggest to encrypt your illegal data. You can use Veracrypt to encrypt your virtual Machine.
VPN: Now you also need to install a good VPN. It stands for Virtual Private Network, it will aid in hiding you real IP and keep you protected online.
A good VPN must pass this ckecklist:
- Does not store logs: this is important as if they store you IP and Law Enforcement demands for it, you are practically screwed.
- No-USA one: American VPNs are forced to give logs if LE asks for it buy law hence avoid VPNs from USA even if they claim they don’t keep logs.
- Fast: Virtual Carding is slow itself when you add a VPN and Socks, so make sure your VPN is blazing fast and Pick a server that is closest to your location.
- Has a Killswich: Lets assume that tha coneecion from vpn server drops, your IP is practically naked! (except if you are under a socks5, but LE can still do a traceback and find you), so you VPN Provide must have a killswitch
- DNS Leak Protection: this can be annoying so make sure you VPN provider helps you with that.
- Payment by BTC Allowed: Of course you want to keep yourself anonymous even buy payment method wise, so make sure the VPN accepts BTCs.
- Auto login and connect and start up: it is annoying to always launch the VPN and connect it by yourself, so make sure your VPN allows you to connect and login on windows start.
Luckily, NordVPN has all of these ( I use it myself) it’s a great VPN so get it ASAP, its just $8 per month. Add the key apps to the killswich setting:
- Mozzila Fifefox
- Tor Browser
- Mozilla Thunderbird
Remote Desktop Connection:
Click Settings —- Browser
Bellow the image its shown how to do it:
Now that you have a VPN we do some more pre-elimary steps: Go to ProtonMail.com and register an e-mail, add it to Thunderbird.
Protomail is the safest email provider in the world, you don’t have to worry about potential opsec leaks with them.
You will use this email for all your fraud related activities.
Here is an issue I faced, as a fraudster I had to deal with plenty of login credential and it was getting frustrating, the solution for this was LastPass. With the new email, make a lastpass account. Lastpass will help you to manage all the usernames and passwords, has been a huge time and frustration saver for me. Install the extension on both portable Firefox , regular Firefox and chrome.
After your illegal operations , you have to clear all your traces from both your host and Virtual Machine. We do so by running CCleaner and Bleachbit
Follow the instructions of the image below for CCleaner:
Youu have to check all the checkboxes, ensuring that all the traces in your computer will be removed, don’t check wife free space or its going to take too long.
Also you have to use the 35 Gutmann steps cleaning , ensuring that the files will be permanently deleted follow the image below for instructions:
As the image shows, make sure Very Complex Overwrite is checked. You should also use Bleachbit after you used CCleaner.
Extreme Opsec Security
For the very paranoid Fraudster, I recommend to install Qubes OS and integrate it with VMware Workstation.
Final Words on Security: yes, being safe is important, but don’t push it too far, theres a mental desease that I call opsec paranoia, as if their security setup is never enough, I also learned that the more security you add the more frustrating fraud gests, in fact Ive seen some fraudster with double kill switched VPN. One is more than enough. Remember that theres always a small risk that you get caught. From my experience, a burner laptop with encrypted illegal data and a kill switched VPN is more than enough to keep you safe without too many hassles, also make sure your key apps like browsers etc are killswitched, many forget about this.