Money laundering for dummies: take a number of bank accounts with online access (HBCI/FinTS/OFX(?)), and implement a mix cascade for money. With a few 10 accounts and many interactions the origin of what went where is very difficult, unless there is a full transaction log available from each institution. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
At 09:23 AM 2/21/2007, Eugen Leitl wrote:
Money laundering for dummies: take a number of bank accounts with online access (HBCI/FinTS/OFX(?)), and implement a mix cascade for money.
Ripple could be a good match: http://ripple.sourceforge.net/ A Ripple automation 'bot (using open source), that could 'manage' incoming and outgoing transactions (up to some limit set be the account holder) from a bank account, could make a near ideal mixmaster.
With a few 10 accounts and many interactions the origin of what went where is very difficult, unless there is a full transaction log available from each institution.
Which of course there is... Steve
At 6:23 PM +0100 2/21/07, Eugen Leitl wrote:
unless there is a full transaction log available from each institution.
They don't call it book-entry settlement for nothing, Eugen. Cheers, RAH -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
On Wed, Feb 21, 2007 at 03:34:51PM -0500, R.A. Hettinga wrote:
They don't call it book-entry settlement for nothing, Eugen.
Of course they have logs at each instutution; the point is what is available. If it's a private money mix cascade over some 10 accounts in different jurisdictions, you'd have to query a large fraction of them for their records (and obtain them, of course) in order to do your traffic analysis. Perhaps not that easy for a case of petty money laundering (the Medellin cartel would probably do something a little more professional here). (Disclaimer. Dear potential eavesdropper: this is a mere hypothetical, I've never done it, nor do I intend to ever do it, or at least I wouldn't post it to the whole wide Internet just in case I wanted to). -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
At 9:48 PM +0100 2/21/07, Eugen Leitl wrote:
10 accounts in different jurisdictions
Go ahead. Find 10 different jurisdictions that FinCEN can't play hopscotch into, or at least out of... These days, anyway. Hell, find one. "Regulatory Arbitrage" is, literally, a thing of the past. And, actually, it would more likely work for petty cash than anything north of the megabuck level. Hawala still works, after all, and no amount of FinCEN's spraying "know-your-customer" raid about various islamic backwaters is going to stop it. My point is, the minute you run up the periscope on anything significant, your friendly neighborhood force-monopoly can follow the audit trail back to the point of origin, and thus to you. They're called audit-trails for a reason, yes? It comes, again, from "and then you go to jail" as the error-handler if you lie about a book entry. Financial operations, currently, offloads most of its transaction risk onto the force-monopoly of the nation-state. Which means that Uncle and various Aunties around the world get to look up the skirt of the financial system anytime they want in the interest of "transparency", or whatever hobby-horse they're riding these days. To beat my metaphors like a dead um, horse. I still hold out hope for digital bearer transactions being cheaper than book entries, particularly as transaction settlement times trend towards zero, but gaming the system old-school, with book-entry shells, and mixes, and hops, or whatever, only works for so long, anymore. Cheers, RAH -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
At 01:43 PM 2/21/2007, R.A. Hettinga wrote:
I still hold out hope for digital bearer transactions being cheaper than book entries, particularly as transaction settlement times trend towards zero, but gaming the system old-school, with book-entry shells, and mixes, and hops, or whatever, only works for so long, anymore.
[I submitted this for posting on the Cryptography list, cryptography@metzdowd.com, but it has not yet appeared] With the expiration of Chaum's key patents it was assumed that someone would step up an try their hand at launching a DBC-based financial service. Some time has passed and I'm happy to announce that this has finally happened. Taking a cue from the lively Digital Gold Currencies, eCache's first denomination if gold backed. Unlike Digicash's instruments, eCache is using a mixing technique, rather than blinding, to help preserve unlinkability. Its mint is located on a hidden server in TOR-land. More information at: https://ffij33ewbnoeqnup.onion.meshmx.com/doc.php Comments are invited about the technology and governance aspects that such financial services invoke. Steve PS: and Hettinga can comment about why their fees are too high :)
On 2/21/07, Steve Schear <s.schear@comcast.net> wrote:
... Taking a cue from the lively Digital Gold Currencies, eCache's first denomination if gold backed. Unlike Digicash's instruments, eCache is using a mixing technique, rather than blinding, to help preserve unlinkability. Its mint is located on a hidden server in TOR-land. More information at: https://ffij33ewbnoeqnup.onion.meshmx.com/doc.php
interesting indeed! """ How can I trust you that your currency is really worth anything and not backed by hot air? Well, you can't. The only way to trust us is to give us a try. Use our system with COW, get a very small amount of GG. Talk with us on the channel. Over time you will see that we honour our promises and that you can get your gold back. That way we will gain favour in your eyes. Sooner or later we will also add an auditing process for our physical resources. Check on our site as information becomes available. """ solving the reputation problem will be much harder. it will be interesting to see how this plays out... a few things which make me cautious to trust their reputation: "There are however a few external proxies that make our service available to a bigger public. Those proxies are not sponsored by us nor are they under our control." ^- bad idea. it's Tor, not TOR. (ok, a nit pick, but something anyone familiar with Tor would know...) lack of detail regarding authority and authorization to access funds (physical and digital) by the three anonymous individuals. is this a quorum system, preventing a single rogue from wreaking havoc? is an escrow mechanism in place to recover from untimely death or incarceration of an individual? etc. --- otherwise, i love it. here's to hoping it goes somewhere! /me departs to code some COW wrangling logic...
At 2:14 PM -0800 2/21/07, Steve Schear wrote:
Hettinga can comment about why their fees are too high
Prices, including fees, are discovered in a market, not calculated by the likes of mere mortals like me. :-) Cheers, RAH -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Hum...seems to me all you'd need is one institution to be less than forthcoming in order for the whole set of transactions to be doused in uncertainty. Somehow, I'd bet Nigeria would be a good place to look for such an institution... -TD
From: Eugen Leitl <eugen@leitl.org> To: "R.A. Hettinga" <rah@shipwright.com>, cypherpunks@jfet.org Subject: Re: money mixes Date: Wed, 21 Feb 2007 21:48:52 +0100
On Wed, Feb 21, 2007 at 03:34:51PM -0500, R.A. Hettinga wrote:
They don't call it book-entry settlement for nothing, Eugen.
Of course they have logs at each instutution; the point is what is available. If it's a private money mix cascade over some 10 accounts in different jurisdictions, you'd have to query a large fraction of them for their records (and obtain them, of course) in order to do your traffic analysis. Perhaps not that easy for a case of petty money laundering (the Medellin cartel would probably do something a little more professional here).
(Disclaimer. Dear potential eavesdropper: this is a mere hypothetical, I've never done it, nor do I intend to ever do it, or at least I wouldn't post it to the whole wide Internet just in case I wanted to).
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
_________________________________________________________________ Play Flexicon: the crossword game that feeds your brain. PLAY now for FREE. http://zone.msn.com/en/flexicon/default.htm?icid=flexicon_hmtagline
Tyler Durden wrote:
Hum...seems to me all you'd need is one institution to be less than forthcoming in order for the whole set of transactions to be doused in uncertainty. Somehow, I'd bet Nigeria would be a good place to look for such an institution...
Indeed, in any proper mix, only one node need remain uncompromised. Credit to this thread for spurring me into finally installing Tor. Gotta say the tools have improved a lot since my last flirtation. -- Roy M. Silvernail is roy@rant-central.com, and you're not "It's just this little chromium switch, here." - TFT CRM114->procmail->/dev/null->bliss http://www.rant-central.com
At 08:03 PM 2/21/2007, Roy M. Silvernail wrote:
Tyler Durden wrote:
Hum...seems to me all you'd need is one institution to be less than forthcoming in order for the whole set of transactions to be doused in uncertainty. Somehow, I'd bet Nigeria would be a good place to look for such an institution...
Indeed, in any proper mix, only one node need remain uncompromised.
Credit to this thread for spurring me into finally installing Tor. Gotta say the tools have improved a lot since my last flirtation.
May I suggest you consider Torpark from Torrify.com ? Steve
participants (6)
-
coderman -
Eugen Leitl -
R.A. Hettinga -
Roy M. Silvernail -
Steve Schear -
Tyler Durden