IPB

Welcome Guest ( Log In | Register )

4 Pages V   1 2 3 > »   
Reply to this topicStart new topic
> money laundering, how is it done?
wind_in_the_ston...
post Sep 9 2008, 03:40 AM
Post #1


Moving Target
**

Group: Members
Posts: 560
Joined: 4-March 06
From: Pueblo Corporate Council
Member No.: 8,332



So let's say we've liberated a comm from its owner. All the user's financials are stored on it. Aside from walking into a store and using it to buy something, how do we get the credits off of it?
Go to the top of the page
 
+Quote Post
Crusher Bob
post Sep 9 2008, 04:03 AM
Post #2


Runner
******

Group: Members
Posts: 2,598
Joined: 15-March 03
From: Hong Kong
Member No.: 4,253



This is not 'laundering' the money, as you have no need to show a legitimate source of income. This is closer to fencing stolen goods. You've swiped a guy's credit card, how do you turn it into thing you can actually use? All before the credit card gets reported as stolen an canceled?

Your best best is to buy common stuff that is hard to trace and has a high resale value relative to its purchase price. You buy the fungible goods and take delivery before the credit gets cut off, then you resell the goods for 'real' credit.
Go to the top of the page
 
+Quote Post
jago668
post Sep 9 2008, 04:08 AM
Post #3


Moving Target
**

Group: Members
Posts: 343
Joined: 30-January 06
Member No.: 8,212



Agreed, laundering money is when you have illicitly gained money and you want to show it real. In Crusher Bob's example. You would launder the money after you resold the items you bought with the guys credit. So unless you are wanting to show income on your fake SIN (or real one if you have that negative quality) don't worry about it. If that is the case then it would be easier to use an appropriate contact to get in touch with someone that does it. Just like you go to someone else to get your fake SIN rather than trying to make it yourself.

EDIT:

Figured I'd spell it out in case I wasn't clear. Either don't worry about it, or hand wave it with a contact.
Go to the top of the page
 
+Quote Post
wind_in_the_ston...
post Sep 9 2008, 04:30 AM
Post #4


Moving Target
**

Group: Members
Posts: 560
Joined: 4-March 06
From: Pueblo Corporate Council
Member No.: 8,332



So... spend it while you still can.

What if, for the sake of argument, you can't just buy stuff at a store (virtual or otherwise)? Is there a way to get the funds out of the victim's account?
Go to the top of the page
 
+Quote Post
Cain
post Sep 9 2008, 04:37 AM
Post #5


Grand Master of Run-Fu
*********

Group: Dumpshocked
Posts: 6,840
Joined: 26-February 02
From: Tir Tairngire
Member No.: 178



You can always transfer the funds to a certified credstick. You then use that credstick to buy another credstick; lather, rinse, repeat. When you're done, no one will be able to trace the money in any provable fashion.
Go to the top of the page
 
+Quote Post
Crusher Bob
post Sep 9 2008, 04:39 AM
Post #6


Runner
******

Group: Members
Posts: 2,598
Joined: 15-March 03
From: Hong Kong
Member No.: 4,253



The problem is not 'getting the funds' it's in avoiding having them revoked when the commlink is reported as stolen, etc. Imagine that you transfer the money from the mark's commlink to an account of one of your fake IDs. But then the Mark reports his commlink stolen and the bank traces all the transfers out of his account. They track it to your fake IDs account and then reverse the transaction. Depending on how industrious the bank is feeling, they may investigate your fake ID hard enough to burn it, even even send the cops to talk to you to find out if they want to charge you with the theft.
Go to the top of the page
 
+Quote Post
Cain
post Sep 9 2008, 06:17 AM
Post #7


Grand Master of Run-Fu
*********

Group: Dumpshocked
Posts: 6,840
Joined: 26-February 02
From: Tir Tairngire
Member No.: 178



That's why you transfer the funds to a certified credstick-- no ID required. Repeat the transfer a few times, and the money is effectively laundered.
Go to the top of the page
 
+Quote Post
Ol' Scratch
post Sep 9 2008, 06:25 AM
Post #8


Immortal Elf
**********

Group: Validating
Posts: 7,999
Joined: 26-February 02
Member No.: 1,890



Actually, the problem is getting past the basic security that everything uses. Unless you have all the top-of-the-line biometric hacking equipment, the financial data on that commlink is pretty secure unless you have a few days and a highly skilled hacker at your disposal.

I'm not sure if they have rules for it yet in SR4, but SR3 has an entire section on it in the Sprawl Survival Guide. I think the base time, once you got past all the encryption and cracking open the credstick/commlink, was one minute per nuyen... so hacking into and transfering as little as 1,000 nuyen had a base time of almost 17 hours. Somehow, I seriously doubt if it became easier to do it after the Crash 2.0. If anything, they severely increased security measures.
Go to the top of the page
 
+Quote Post
sunnyside
post Sep 9 2008, 06:26 AM
Post #9


Shooting Target
****

Group: Members
Posts: 1,907
Joined: 31-December 06
Member No.: 10,502



I think money laundering is still the right term. It's just that the washing isn't to show a legitamit source so much as to break a data trail.

Now first things first. In addition to the comlink you might need to know a password or something of that nature. It's quite common to require biometric info, and if you ditched the body you're going to be left hanging when the bank asks for a thumb scan.

Next as was mentioned you've got the issue of reporting or the datatrail. If the thing is reported missing before you use it expect company when you use it. Either through a backhack or just sending people to the location if it's a physical store.

Beyond that you have to worry about the trail. When you buy something that transfer is recorded in the respective banking systems. And can later be investigated (via hacking or by a bank giving data to the police). Exactly how big a deal this is depends on how bad people want you.

Anyway so lets say you've got the guys eyeball and hands on ice and you're looking to try and clean up the cred. The best way is lots of transfers through offshore banks. Expect to get hit with some fees every jump, but these banks know their business, and unless you commited a crime where they are they don't have to give up your records. Someone would have to hack them.

Credstick won't work because. Ok. I haven't gotten unwired, because I've heard of a lot of stupid stuff in there and I don't want to pay money for that, so who knows what they did. But credsticks aren't supposed to have the money "on" them. They're just associated with a bank account, like a comlink, it's just that a credstick doesn't care who you are.





Go to the top of the page
 
+Quote Post
Shiloh
post Sep 9 2008, 08:32 AM
Post #10


Moving Target
**

Group: Members
Posts: 421
Joined: 4-April 08
Member No.: 15,843



QUOTE (sunnyside @ Sep 9 2008, 07:26 AM) *
Credstick won't work because. Ok. I haven't gotten unwired, because I've heard of a lot of stupid stuff in there and I don't want to pay money for that, so who knows what they did. But credsticks aren't supposed to have the money "on" them. They're just associated with a bank account, like a comlink, it's just that a credstick doesn't care who you are.

I have Unwired, but haven't had a chance to read it yet, so I'm just going on what I gather from BBB, but I think you're wrong there, in the context of the discussion. Certified credsticks do have the credit "on" them. The issue is going to be how you "certify" the credstick. Obviously, you can't just transfer some cred from a normal account using a normal comm, else people would just empty their account into a certified stick and declare it lost, and get the transaction reversed, thus ending up with a certstick *and* their account. Or, if a certified dump prevented that happening, no one would use electronic cred because it would be too dangerous. [/hyperbole].

But certified credsticks have, and always have had, the money on them; they are their own authority, like a bearer bond. Don't lose 'em...
Go to the top of the page
 
+Quote Post
sunnyside
post Sep 9 2008, 08:42 AM
Post #11


Shooting Target
****

Group: Members
Posts: 1,907
Joined: 31-December 06
Member No.: 10,502



The trick with the BBB is that it compares them to two very different things. Cash and Bearer bonds. The difference being that cash is good on its own. A bearer bond however is associated with an external source.

The key problem with cash just being on a credstick is that it would make them vulnerable to hacking for counterfitting.

Another possibility I've heard is that the "money" is on the credstick, but there is online confirmation somewhere.

I think there are threads on it somewhere.
Go to the top of the page
 
+Quote Post
nezumi
post Sep 9 2008, 01:43 PM
Post #12


Incertum est quo loco te mors expectet;
*********

Group: Dumpshocked
Posts: 6,546
Joined: 24-October 03
From: DeeCee, U.S.
Member No.: 5,760



I would tend to agree with sunnyside in regards to certified credsticks. It would be far too easy to just copy a credstick again and again, or to artificially create them, making them severe security risks. Plus, there are several novels and runs which refer to emptying a certified credstick to avoid the account getting closed after the job. From what I can tell in canon, a certified credstick is basically a pointer to a bank account with no stated owner, and requiring no identification for use.

Going off of SR3, a commlink requires identification to transfer funds. The lowest level is a PIN number or password, then thumb print, then retina print, or a combination of them all. There are instances of SR2 credsticks getting cracked by dedicated hackers, and those people are available in SR3, but they're specialists, not general characters. I would assume that an SR4 commlink is better protected. Your best solution (another example I saw in SR2) is use a mind-control spell to get the mark to 'voluntarily' transfer funds.

Assuming you've successfully cracked a commlink, your goal is at that point to fence it - i.e., make it available for use and not traceable to you. Transfering money from one form to another is dangerous. On the one hand, it almost certainly requires ID to do it. Try buying a cashier's check or money order now using a credit card and see how far you get. IF they do it, they always require ID and signatures. I would assume certified credsticks are the same. Someone needs to 'buy' it, and that's traced to a SIN. Now ask yourself if the money is worth more than your fake ID.

Secondly, you aren't actually transferring money, you're transferring information. Like I said, there are several novels to indicate that a certified credstick is just an anonymous bank account somewhere - but nothing is ever truly anonymous. If you're transfering funds from First Union bank to a First Bank of Detroit certified credstick well, surprise, your money is still within Ares, and if Ares feels it needs to track that money down, it has immediate access to all the records it needs. It's debatable whether Ares would be able to easily track the data if you bought a certified credstick with Wuxing East Asia Prosperity Bank, since that's a different megacorp, but it isn't the sort of bet I'd easily make. You never know when those guys are at each others' throats and when they're suddenly friendly (or pretending to be friendly).

Your better option is to find a bank which advertises itself specifically as unaffiliated with any megacorp, and not respecting their calls for information. Switzerland and the Caiman Islands are classic examples. They make profit in part based on the anonymity they offer their customers.


However, a little easier is to buy things you actually need or can easily resell. Money transfers are watched carefully because they're unusual and that's the first thing people want to do when they're eager to illegally empty an account. However, people buy gasoline all the time, and it's not like the cost of gas goes anywhere but up, or that you won't use it. Similarly, food, clothes, bullets, etc. are all valuable resources. If you're talking about amounts under $50k, it shouldn't be too very hard to just invest it into your lifestyle or other associated costs. These things aren't easily tracked (gasoline certainly isn't, you might have to worry about RFID stuff with things like clothes, guns and cars have serial numbers which may be documented, but aren't easily tracked).

The other way to go is buy into tangibles with limited use for you, but high resale value. A great example is enchanting supplies. Gold is always a safe investment, and now it's regularly purchased by shady characters who don't like a lot of questions asked. SImilarly, programs or other decking supplies have a good turn-over rate, are expensive, but easy to hide and don't go bad. Consider picking some of those up.
Go to the top of the page
 
+Quote Post
kzt
post Sep 9 2008, 05:52 PM
Post #13


Great Dragon
*********

Group: Members
Posts: 5,537
Joined: 27-August 06
From: Albuquerque NM
Member No.: 9,234



QUOTE (nezumi @ Sep 9 2008, 06:43 AM) *
Your better option is to find a bank which advertises itself specifically as unaffiliated with any megacorp, and not respecting their calls for information. Switzerland and the Caiman Islands are classic examples. They make profit in part based on the anonymity they offer their customers.

Nobody thumbs their nose at the CC in SR. If you are unaffiliated and Ares wants the data you will give it to them or they will have you arrested and your bank shut down.
Go to the top of the page
 
+Quote Post
Tarantula
post Sep 9 2008, 06:06 PM
Post #14


Dragon
********

Group: Members
Posts: 4,664
Joined: 21-September 04
From: Arvada, CO
Member No.: 6,686



Programs don't go bad? You must not have unwired.
Go to the top of the page
 
+Quote Post
Chrysalis
post Sep 9 2008, 06:48 PM
Post #15


Neophyte Runner
*****

Group: Members
Posts: 2,141
Joined: 26-February 02
From: Neverwhere
Member No.: 2,048



QUOTE (wind_in_the_stones @ Sep 9 2008, 06:40 AM) *
So let's say we've liberated a comm from its owner. All the user's financials are stored on it. Aside from walking into a store and using it to buy something, how do we get the credits off of it?



Difficultly. Welcome to the world of online banking. Just because you have hijacked a person's computer does not actually mean you have access to their account. I know that the American system is antiquated, but still certification becomes difficult. You may have access to their credit details, such as a credit card which may be attached to an account, but for example my credit card is a separate entity that just lives off my bank card. I have a personal insurance included in my credit card that prevents unathorised usage of my credit card. It still does not mean that someone cannot charge my credit card, because of the antiquated system and reverse compliance in place with it.

However, my bank card demands knowing my PIN, which is not stored on my card, but is the private key to being able to access my bank account. There are ways on spoofing this, such as electronic eavesdropping on keystrokes at cash machines, additional magnetic readers installed over the card port. I am more than happy on sharing further details in private though.

Furthermore certified credit sticks are not cash. Rather it is like a bearer bond. The bank certifies that credit stick can be used up to a certain amount of money. It is like a bank card which has a certain amount of money on it. Once all the money is used up the credit stick is discarded. In real life it is called a cash card or in department stores a gift card.

Go to the top of the page
 
+Quote Post
hyzmarca
post Sep 9 2008, 06:58 PM
Post #16


Midnight Toker
**********

Group: Members
Posts: 7,686
Joined: 4-July 04
From: Zombie Drop Bear Santa's Workshop
Member No.: 6,456



QUOTE (nezumi @ Sep 9 2008, 08:43 AM) *
I would tend to agree with sunnyside in regards to certified credsticks. It would be far too easy to just copy a credstick again and again, or to artificially create them, making them severe security risks.


Dude, there are these things called photocopiers. They don't stop the government from printing money.

Anyway, electronic money cards, in which electronic cash is literally stored on the card and is not associated with any bank account exist today. Current electronic cash systems use RSA blind signatures and unique serial numbers, which are currently impossible to crack, and store money in discrete units generally referred to as "coins", with each coin having its own unique signature and serial number.

The key here is that a single coin can only be used once. Because the system is electronic, serial numbers are read automatically. If two coins have the same serial number, then the second will be rejected and the fraud will be obvious.
You can't change serial numbers. If you change serial numbers you'll have to create new legitimate RSA signatures, which is impossible unless you have the issuing institution's secret key, in which case you probably work on the ecash system directly.

It is important to remember that electronic coins, just like real ones, cannot be broken down into smaller denominations. Just as breaking a dime in half does not yield two nickles and cutting a $50 bill in twain will not give you two $25 notes, so there is no need for anyone but the issuing bank to perform any operations on the coins and thus never any need to generate new signatures.

It is possible to pass copied coins offline, in systems that allow offline transfers, but they'd be identified as fakes as soon as they made their way into the online system, but it is also possible to pass copied cash and bad checks. The advantages of an anonymous online/offline electronic cash outweigh the risks, particularly since most retailers won't be accepting any without online verification.


There were rules for counterfeiting certified cred in SR3, if I remember correctly. It was absurdly difficult and dangerous. You only know if you succeeded or not when you slot the cred into an online reader for verification and failure would alert some very angry authorities to your location. You don't want the Corporate Court's Secret Service to come down on you.

Grabbing a person's comlink is basically the same as grabbing their credit card. You work fast, go on a spending spree before they can report it. Actually laundering the money is unnecessary, unless it is many thousands, in which case you'll need semi-fake legitimate business that you can cook the books on, report the ill-gotten gains as legitimate income when you file your taxes.
Go to the top of the page
 
+Quote Post
Cain
post Sep 9 2008, 08:11 PM
Post #17


Grand Master of Run-Fu
*********

Group: Dumpshocked
Posts: 6,840
Joined: 26-February 02
From: Tir Tairngire
Member No.: 178



I should probably point out that there are such things as prepaid credit cards, available today, that are essentially the same as certified credsticks. They work exactly like a standard credit card, but they don't require an ID to use. some don't even require a PIN. Even though they're attached to an electronic account, the card itself is "untraceable", in that no one can prove that it wasn't lost, stolen, or given away.
Go to the top of the page
 
+Quote Post
Tarantula
post Sep 9 2008, 08:12 PM
Post #18


Dragon
********

Group: Members
Posts: 4,664
Joined: 21-September 04
From: Arvada, CO
Member No.: 6,686



Check for "Green dot" cards, as those are a good example.
Go to the top of the page
 
+Quote Post
CanRay
post Sep 9 2008, 08:20 PM
Post #19


Immortal Elf
**********

Group: Dumpshocked
Posts: 14,358
Joined: 2-December 07
From: Winnipeg, Manitoba, Canada
Member No.: 14,465



Well, I find the best way is to use the washer and dryer in the basement, but that tends to make the money unuseable...

...

What?
Go to the top of the page
 
+Quote Post
Tarantula
post Sep 9 2008, 08:30 PM
Post #20


Dragon
********

Group: Members
Posts: 4,664
Joined: 21-September 04
From: Arvada, CO
Member No.: 6,686



Actually, money survives washing pretty well.
Go to the top of the page
 
+Quote Post
nezumi
post Sep 9 2008, 08:34 PM
Post #21


Incertum est quo loco te mors expectet;
*********

Group: Dumpshocked
Posts: 6,546
Joined: 24-October 03
From: DeeCee, U.S.
Member No.: 5,760



QUOTE (hyzmarca @ Sep 9 2008, 01:58 PM) *
Dude, there are these things called photocopiers. They don't stop the government from printing money.


I have never heard of this strange technology, please, explain!

Of course, I jest, but I assume you do as well. We all know why, despite the rise of color photocopiers and advanced printers, people don't just copy $20 bills and get away with it with any regularity. There are several aspects of paper money which are difficult to reproduce to any convincing manner.

However, it is extremely difficult to do the same with electronic media. There are only a handful of ways to get around the problem of 'if a functional credstick looks like this, I can just copy that and 'make' free money', most of them needlessly complex and liable to be cracked in a short span of time (considering the financial incentive to do so). By keeping the money on the server and the credstick only serves as a key, you've then both reduced the risk, and shifted the liability from the bank to the owner of the credstick (if money is on the credstick, copying credsticks loses the bank's money. If the money is on the server, copying the credstick only loses the user's money.) The only reasonable excuse I can think of for not saving money on the server is that it requires a matrix connection to verify the availability of funds.

Hyzamarca's example of ecash is a good one, excepting two details;
1) In order to avoid fraud, the recipient still needs a matrix connection, which invalidates the single substantial benefit of the server-based credstick systems. Of course, I'm sure there are work-arounds to transmit a more local device to allow for offline transfers, which would apply to both server-based and ecash systems equally, but for the sake of this debate, they're largely irrelevant.
2) This eliminates traceable accounts, which the corporations will all see as the major benefit of server-based accounts.

Go to the top of the page
 
+Quote Post
Dumori
post Sep 9 2008, 08:49 PM
Post #22


Dumorimasoddaa
******

Group: Members
Posts: 2,687
Joined: 30-March 08
Member No.: 15,830



I've all way though that credstick would be used in the shadows as payment often chaging many hand befor bing used other than in a trade. Thus copying a credstick so it displays more than whats on it wcould work for faking large deals though the repercussions would be large if you have over 10mil in credsticks as there's about 500 nuyen on them. But if played well you could uses such scam as part of the oh drek plan pay a bomb to get something quick then flee to another place and start a fresh.
Go to the top of the page
 
+Quote Post
Ol' Scratch
post Sep 9 2008, 09:22 PM
Post #23


Immortal Elf
**********

Group: Validating
Posts: 7,999
Joined: 26-February 02
Member No.: 1,890



QUOTE (Cain @ Sep 9 2008, 02:11 PM) *
I should probably point out that there are such things as prepaid credit cards, available today, that are essentially the same as certified credsticks. They work exactly like a standard credit card, but they don't require an ID to use. some don't even require a PIN. Even though they're attached to an electronic account, the card itself is "untraceable", in that no one can prove that it wasn't lost, stolen, or given away.

Yep. But the card (and certified credsticks) are basically just an account number. There's no actual cash on it. Every transfer you make with it requires the involvement of a banking system, and you still have to get past whatever security features are linked to that account in order to transfer funds to or from the card. Be it a PIN number or biometric data. And while cards like that exist today with no security measures at all, it's highly doubtful that post Crash 2.0 Shadowrun would have anything of the sort. In fact, they've gone out of their way to try and remove any kind of free currency from the world economy for that very reason.

And this all assumes a certified credstick, which the original poster does not have. He just has access to the guy's commlink and its resulting bank account numbers. Which is definitely going to be safeguarded with PIN numbers and biometric data at the very least.
Go to the top of the page
 
+Quote Post
Tarantula
post Sep 9 2008, 09:30 PM
Post #24


Dragon
********

Group: Members
Posts: 4,664
Joined: 21-September 04
From: Arvada, CO
Member No.: 6,686



QUOTE (nezumi @ Sep 9 2008, 01:34 PM) *
Of course, I jest, but I assume you do as well. We all know why, despite the rise of color photocopiers and advanced printers, people don't just copy $20 bills and get away with it with any regularity. There are several aspects of paper money which are difficult to reproduce to any convincing manner.


Actually, there are a number of color printers that have chips in them that recognize and refuse to print images too similar to american money, because it can too easily be passed as a fake.
Go to the top of the page
 
+Quote Post
hyzmarca
post Sep 9 2008, 09:45 PM
Post #25


Midnight Toker
**********

Group: Members
Posts: 7,686
Joined: 4-July 04
From: Zombie Drop Bear Santa's Workshop
Member No.: 6,456



QUOTE (nezumi @ Sep 9 2008, 03:34 PM) *
2) This eliminates traceable accounts, which the corporations will all see as the major benefit of server-based accounts.


Actually, traceability a problem. Simply put, corporations sell a lot of stuff to poor people and to criminals. The SINless and professional criminals are two overlapping key demographics that corporations need to cater to. However, in order to cater to these groups they need plausible deniability. A totally anonymous ecash system, such as those currently in use in various countries across the world, gives corporations that deniability. It also happens to be extremely convenient and all but impossible to successfully forge due to digital signing and online verification.

From a financial standpoint, it also benefits both banks and merchants. The merchants get their money immediately, without having to wait for long credit processing (which can take several days) and the banks don't have to pay out for fraud or stolen ecash, while they lose a great deal of money on credit card fraud and stolen cards.


Also, if they didn't provide this service, they'd soon loose their criminal and SINless customers to truly anonymous underground banking services, such as eCache

And lets not forget that if Damien Knight doesn't want you to know what type of porn he's buying (and he probably doesn't) then he is going to invent a totally anonymous electronic currency and payment system.
Go to the top of the page
 
+Quote Post

4 Pages V   1 2 3 > » 
Reply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 19th April 2024 - 11:17 AM

Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.