Sample Page Title

Content material warning: Due to the character of a number of the actions we found, this sequence of articles accommodates content material that some readers might discover upsetting. This consists of profanity and references to medication, drug dependancy, playing, pornography, violence, arson, and intercourse work. These references are textual solely and don’t embrace photographs or movies.

Following on from Half One in our sequence on menace actors investing in enterprise pursuits exterior cybercrime, we check out so-called ‘white’ actions (a time period utilized by some cybercrime discussion board customers, referring to purportedly legit companies). Whereas not essentially unlawful themselves, these actions are sometimes linked to, and tainted by, legal exercise.

We acknowledge that legality can differ relying on jurisdiction. Nonetheless, the breadth and depth of those actions are such that we’ve to categorize them someway, and utilizing the menace actors’ personal classes is a logical if imperfect selection.

Key findings of Half 2

• On legal boards, menace actors are discussing a variety of ‘legit’ enterprise pursuits (generally known as ‘white’ on the boards), spanning a number of sectors and industries – together with gold, diamonds, actual property, development, shares and shares, eating places, schooling, and plenty of extra
• Whereas a few of these actions might relate to cash laundering, some menace actors may additionally be looking for to take a position and diversify
• Many menace actors sought, and obtained, recommendation from friends on the place and the best way to make investments cash
• A number of the enterprise pursuits we report on right here may have vital ramifications for the safety trade – together with funding in cyber safety firms; trying to evade export and import restrictions; and working proxy, internet hosting, and VPN providers
• In some circumstances, discussion board discussions revealed data and pictures that might doubtlessly be used to trace, geolocate, and/or establish menace actors

Shell firms

Whereas shell firms are sometimes created for cash laundering functions (see Half One), we discovered just a few fascinating variations on the boards.

Shell-companies-as-a-Service

One menace actor posted an advert providing to promote three US-based ‘turnkey’ firms and financial institution accounts ($3900), or register a brand new US firm and three financial institution accounts below a purchaser’s consultant ($4990) or their very own consultant ($3500). This put up was accompanied by {a photograph} of a State of California Assertion of Info for a Non-Revenue Company. The menace actor obscured some particulars, however some names, addresses, and a doc reference quantity had been nonetheless seen.

Determine 1: A menace actor posts an advert for creating shell firms

Determine 2: The identical menace actor posts an instance assertion of data. Word that whereas the menace actor redacted a few of this themselves (with slips of white paper), different doubtlessly helpful data (which we’ve redacted in black) was nonetheless seen

We additionally noticed a service providing to open firms within the UK, Gibraltar, and Panama ($1900) to facilitate a way referred to as “cuckoo smurfing,” which includes insiders in cash providers intercepting legit transactions and mixing them with illicit ones.

This menace actor supplied an instance of an organization which they claimed to have registered, together with the identify and firm quantity. In accordance with the consumer, the service features a digital workplace, a UK tackle, articles of affiliation, certificates of incorporation, and a UK telephone quantity.

We regarded into the instance firm and located that it had been lively for over a 12 months earlier than being compulsorily struck off. Through Firms Home (an company that holds the general public register of UK firms), we had been in a position to establish the director, and the identify and tackle of the company that registered the corporate (and which has acted as an agent for a number of different UK firms, a few of that are nonetheless lively – though some or all of those could also be legit).

Determine 3: A menace actor posts an advert for registering firms and descriptions a way they name ‘cuckoo smurfing’

Determine 4: The identical menace actor offers an instance of their “newest work,” which we checked on Firms Home

Evading restrictions

One menace actor sought recommendation on the best way to register firms for software program with “company verification…no, it isn’t Cobalt Strike.”

One other consumer mentioned that they might create a US-based firm to order “delicate applied sciences.” The consumer said that “chips/software program/engines/different shall be despatched to Latin America, from there to every other place we agree.”

Determine 5: A menace actor presents to create firms “to order delicate applied sciences”

Cybersecurity

Hash decryption

We discovered a proposal to arrange a hash decryption service, utilizing Google Cloud, AWS, or Azure. Whereas it isn’t essentially unlawful to function or use a hash decryption service, cybercriminals can use them to ‘break’ hashes (e.g., from knowledge breaches) and get well plaintext passwords.

Funding

We additionally noticed a advice to put money into a distinguished cybersecurity vendor (together with particulars of a rumor that it was going to accumulate one other firm). Irony apart, this raises the regarding risk that menace actors may turn out to be shareholders (and due to this fact in a position to vote on company actions, obtain dividends, and so forth.) of an organization that tracks and disrupts menace actors.

Determine 6: A menace actor recommends investing in a really well-known cybersecurity vendor

Begin-ups

We noticed two proposals to create safety start-ups. The primary was “to develop exploits and analyze software program and {hardware} vulnerabilities.” The opposite centered on “authorized methods to promote already discovered vulnerabilities to those that didn’t ask for it.” In each circumstances, customers prompt that this could be higher suited to the US or Europe than Russia.

One consumer additionally took the chance to criticize the cybersecurity trade (“menace intel…is nothing, simply snake oil…apparently it’s worthwhile and so they purchase it, however the prices are 3 discussion board parsers and a weblog on Twitter”).

Determine 7: A menace actor promotes their cybersecurity start-up on a legal discussion board, and notes that they’re looking for “folks with related data” in vulnerability analysis, debugging, coding, and fuzzing

IT and web providers

On-line providers

Threads on this matter included:

• An current area buying and selling enterprise
• An API market
• A name for enterprise companions “to promote our providers…we’re 14 years previous [sic] company dealing in IT options.” Stated options included web site and software program improvement, social media, and e mail advertising and marketing.

Determine 8: A menace actor seeks a enterprise companion for a pre-existing “IT options” firm

Cell apps

Numerous menace actors are looking for funding in cell apps, together with a cell health app startup, and an funding alternative for a pre-existing suite of cell purposes developed in Kazan, Russia.

This suite, distributed as a franchise, included apps for:

• Loyalty factors and affiliate applications
• Provides
• Facilitating buyer suggestions
• Assortment of consumer knowledge, and extra

Some customers prompt that this was a type of multilevel advertising and marketing (MLM), akin to a pyramid scheme – extra on which later on this sequence.

Determine 9: A menace actor seeks a companion to work on a brand new cell health app; the work consists of “communicat[ing] with shoppers and preserve[ing] Instagram…the fee is a 3rd of the mission, it is a startup”

Social networking

Threads on this vein included an funding alternative for an “Instagram killer unicorn” and a marketing strategy to arrange a social community hosted within the UAE.

Bodily providers

One menace actor really helpful that their friends “create your personal service for repairing Apple units,” together with bypassing iCloud activation, putting in jailbreaks, eradicating Apple IDs, and so forth.

Determine 10: A menace actor invitations their friends to contemplate creating their very own service “for repairing Apple units…it’s related now, investments are minimal [and] the work is white”

Apparently, we additionally noticed a marketing strategy for digitizing VHS tapes.

Cryptocurrency/forex exchanges

We famous a number of enterprise proposals and funding adverts referring to this matter, together with:

• Exchanges utilizing Tor/I2P and a mixer, with out KYC (Know Your Buyer), and due to this fact excellent for cash laundering
• NFT marketplaces (together with a ready-made service, accessible to consumers for 1 million rubles)
• An funding alternative for cloud mining (“the place you bought the cash from doesn’t matter to me…the approximate return in your funds…with an funding of 200-300k inexperienced [i.e., USD]…[is] hundreds of thousands of {dollars}”)
• An funding alternative for the event of GPU farms in Ukraine
• A proposal to develop a brand new cryptocurrency {hardware} pockets.

Determine 11: A menace actor seems to be for funding for the event of GPU farms in Ukraine (posted previous to the Russian invasion of Ukraine in 2022)

One consumer said that that they had come into possession of a “small workplace area (80sqm) on the outskirts of London…inside which there are a dozen servers [and] an exquisite 10 GBPS web channel that has been provided and already paid for 2 years.”

The consumer mentioned: “I’m legally in England, I’ve my very own enterprise (one other one)…how can I take advantage of this complete system to squeeze out most income?” Concepts from different customers included: recreation servers, internet hosting, and turning into an ISP (this final from a consumer who claimed to have operated an ISP for 13 years). Ultimately, the consumer determined to create an Ether mining farm.

Determine 12: A thread through which a menace actor sought enterprise concepts and doable partnerships for workplace area “on the outskirts of London,” full with a “10 GBPS Web channel”

Internet hosting and proxy providers

We noticed a number of proposals and current companies referring to internet hosting and proxy providers (“I purchased all gear, invested round $10k”; “I personal a number of…SaaS, IoT, e-commerce and brokerage, 4 in USA, 1 in UK”).

This latter menace actor claimed that their SaaS and internet hosting providers had been “gray,” that that they had made 80k through PayPal on their e-commerce enterprise, and that for brokerage “I simply do exchanges below my very own CPA licence.”

Determine 13: A menace actor seeks recommendation referring to their proxy service

We additionally noticed a thread referring to a pre-existing, five-year-old internet hosting firm with its personal knowledge heart, “positioned in a bomb shelter of a former navy plant at a depth of 5 meters underground…every thing is provided and dealing, however there are few shoppers.”

Determine 14: A menace actor seeks recommendation on the best way to acquire extra shoppers for his or her pre-existing internet hosting firm “positioned in a bomb shelter of a former navy plant”

Risk actors working internet hosting or proxy providers (or every other ‘legit’ IT or on-line service) raises the potential of customers’ knowledge and actions being illicitly inspected, stolen, bought, or in any other case misused – in addition to menace actors having the ability to use their very own infrastructure for assaults.

Fronts

There have been a number of recommendations for IT/internet-related ‘fronts’ for cash laundering and legitimizing earnings, together with a “No Audit Logs VPN Service”, a “Shitcoin & NFT Meme mission”, and an “On-line On line casino Mission” which might enable a menace actor to “coincidentally win…an enormous six determine jackpot.”

Determine 15: A menace actor posts a number of recommendations for “legit enterprise[es] which I can combine my soiled funds in”

Gold and diamonds

Funding

We discovered an in depth information on investing in gold, which the creator had apparently carried out since 2010. The poster supplied detailed choices:

• Shopping for bullion (straightforward however requires an 18% tax)
• Shopping for funding cash (no tax, accessible and worthwhile, however dearer)
• Opening a gold financial institution deposit (appropriate for short-term traders)
• Shopping for shares in gold mining firms (greater danger, however doubtlessly greater income).

The menace actor famous that the optimum answer for many traders is to open a gold deposit in a financial institution, and shared a number of (Russian) hyperlinks.

Determine 16: A menace actor posts a information on investing in gold, detailing a number of strategies

Cryptocurrency for cash and gold

A consumer shared data on the best way to alternate Monero for cash and gold bars anonymously: utilizing licensed suppliers on a P2P offshore market (“Liberland Protect”) to buy US Mint gold cash, and bars from PAMP Suisse, which the customer took supply of at a “stealthy tackle that I normally use to obtain money by mail once I alternate XMR for money on LocalMonero.” The client purportedly took a number of the bars to California, and exchanged them for money.

Determine 17: A menace actor (the identical consumer who beforehand admitted to bribing homeless folks with cash or medication to get them to open financial institution accounts, in Half One) describes a technique for exchanging Monero for cash and gold bars

Diamonds

One menace actor famous that diamonds might be modified to money, might be hidden in a security deposit field in a relative’s identify, and are untraceable (“until your [sic] silly.”).

This consumer additionally outlined a scheme to launder utilizing diamonds:

1. Study the diamond commerce and get a vendor’s license
2. Go to “international locations in Africa,” purchase diamonds for $10,000 and ask for a receipt for $300,000
3. Give the diamonds to a different vendor, together with $350,000 in ‘soiled cash’
4. Ask that vendor to ship the $350,000 to your checking account, and supply a receipt.

This consumer additionally argued that diamonds are higher than gold as a result of it’s “simpler to cross by way of customs…[and] everybody within the trade is soiled and tight-lipped.”

Determine 18: A menace actor outlines the benefits of buying and selling diamonds in the case of cash laundering, describing it as “a cash launderes [sic] moist dream”

Shares, shares, and investments

Threads on this matter included:

• Customers looking for recommendation on the best way to purchase shares and shares, the best way to choose a dealer, and whether or not they need to put money into American or Russian firms, or in in international locations (“primarily China”) that “need to occupy a sure enterprise area of interest in our nation”
• A consumer curious about long-term funding ($50,000-$100,000) within the economies of international international locations (“the precedence just isn’t profitability, however the security of the deposit…and free entry to funds”)
• A consumer looking for “contacts of American entrepreneurs” for investing in a startup
• A consumer planning to take a position their cash in “buying and selling options”, with a request for companions “who can register the corporate and open the accounts on the worldwide exchanges.”

Determine 19: A menace actor seeks recommendation on investing in China

We additionally noticed recommendation and proposals, akin to:

• A advice to put money into Index Funds “just like the S&P 500, it offers a good fee of return of 11% 12 months over 12 months”
• A proposal to co-invest (“we decide the capital you commerce, I let you know when to enter and exit the place and for the way a lot. Revenue sharing: 60% for you, 40% for me”)
• A person based mostly in London “on the lookout for a enterprise companion for a worthwhile monetary funding”
• Recommendation on deciding on a dependable dealer (together with the be aware that “in gentle of current occasions [presumably the invasion of Ukraine in 2022], they [American brokers] hardly work with the Russian Federation, however there are all the time workarounds”)
• Detailed guides on launching startups, together with recommendation on securing traders, making displays, pitching, and making use of to enterprise accelerators
• A put up by a consumer claiming to be an investor and on the lookout for areas to put money into.

Determine 20: A menace actor who claims to be “dwelling in London” posts on a legal discussion board “on the lookout for a enterprise companion…for a worthwhile monetary funding…precedence is given to folks from the UK”

We additionally famous quite a few threads the place customers mentioned that they had a selected amount of cash (normally tens or a whole lot of 1000’s of {dollars}) and needed funding concepts. For instance, we noticed a thread through which a consumer who “earned a small capital on subjects that I regrettably tempered” needed recommendation on how and the place to take a position “in white at 20-30% each year.” They proposed a number of concepts, together with automobile resale, a product from China, and citizenship for Russia, Romania, and Moldova.

A consumer replied with in-depth recommendation, earlier than commenting: “I will even give the normal advice: return to these subjects the place you made cash.” (This latter level was a typical theme, and we’ll cowl reinvesting in cybercrime later on this sequence.)

Determine 21: A menace actor asks their friends the place to take a position “a small capital [that I acquired from] subjects that I regrettably tempered”

Different threads of this nature included:

Somebody who mentioned they had been about to start out a two-year sentence in a US federal jail (for trafficking firearms) and needed to take a position $2500 in one thing, in order that they’d have funds after they had been launched

• The place to take a position $100,000 in a “gray” enterprise (recommendations included actual property, shares, crypto, shopping for a bar, renting vehicles, and gold)
• The place to take a position 100-300k rubles (recommendations included shares, buying and selling, actual property, development, and automobiles)
• The place to take a position $700,000 (recommendations included recreation improvement, shopping for shares in distinguished tech firms, and resorts)
• A consumer who was on the lookout for funding suggestions “within the scorching new traits because of the battle [presumably the Russian invasion of Ukraine], particularly in oil and fuel”
• The place to take a position $80,000-$100,000 (this thread included the consumer offering a number of biographical particulars about themselves and their acquaintances)
• What enterprise to open in Russia with $500,000.

This latter thread additionally included some biographical data, together with a remark that seemingly resonated with lots of customers: “There isn’t any pension in our career, brother.”

Determine 22: A (purportedly) US-based menace actor, about to go to jail, seeks funding recommendation on a legal discussion board

Determine 23: A menace actor claiming to be an investor asks their friends to submit funding proposals, however states that they aren’t curious about scams, development, actual property, medication, or eating places

An fascinating sidenote: on this latter thread, a consumer additionally shared a Vocaroo clip containing a Russian rap track themed round cybercrime. (Excerpt: “It was that you might get banned for engaged on RU / Now it’s virtually a fucking matter of routine / Shopping for all of the site visitors to their fucking lockers / Killing bots for pennies like beggars.”)

Actual property

Funding

We noticed a number of threads by menace actors looking for to put money into actual property, together with:

• A consumer asking about buying actual property within the UAE and whether or not authorities there require details about the supply of funds
• A consumer, after having “by no means formally labored”, requested about investing in actual property and the best way to “seem white and fluffy earlier than the state (Russia)”
• A query about the best way to purchase actual property in Europe if you happen to’re based mostly within the Russian Federation (solutions included: wanting into legalizing funds, saying the cash was a present from a relative, and utilizing NFTs).

Determine 24: A menace actor asks their friends whether or not authorities within the UAE require details about the supply of funds when buying actual property there

Recommendation

We additionally noticed threads by menace actors already concerned in actual property. These included a technique of utilizing plots of land to launder cash: “I discovered dust low-cost plots of land in the course of the deserts and mountains. The sellers don’t test backgrounds or credit score…I actually enquired about one final evening and signed the contract this morning.”

Determine 25: A menace actor shares particulars of a scheme for cash laundering through plots of lands

We additionally discovered a information on actual property initiatives in rural areas, together with costs, development prices, ROI, and providers (LLCs, money financial institution transfers, skilled contractors) based mostly in St Petersburg and Moscow. The creator (who has apparently “been constructing for a few years”) talked about particular initiatives that they had labored on, and uploaded two images, probably referring to these initiatives.

Determine 26: A menace actor shares {a photograph} that could be associated to an actual property mission they labored on. The unique supply is unclear

Lastly, we famous a thread by a consumer who claims to know an acquaintance with an actual property firm: “In case you are on the lookout for methods to launder your cash I can prepare a deal, as a result of he accepts crypto. 2 room flats (64sqm) are 54,000 EUR.”

Trade discussions

One consumer puzzled why “there appears to be a rising pattern for…turning to property…what occurred to sunbed salons, tattoo parlors, automobile washes, canine breeding, or hospitality?…I’m strictly talking from a British perspective and don’t know what the state of affairs/traits are in USA/Europe.” Customers commented that “actual property is so well-liked…as a result of not solely is it fairly straightforward to do however you possibly can clear quite a bit in a a lot shorter period of time.”

Determine 27: Risk actors talk about the “rising pattern for drug sellers turning to property for cash laundering”

Development

We noticed an in depth scheme for making the most of the reselling of development supplies (wooden, metals cement, concrete, mortar, and so forth.). The scheme concerned discovering suppliers (a number of Russian suppliers had been named), providing to promote their items for a small proportion, and looking for consumers on Avito (a Russian categorized advertisements market) and VKontakte. The thread included a number of screenshots from a WhatsApp dialog, that includes a photograph of a development web site and a screenshot of a financial institution switch affirmation.

Determine 28: Certainly one of a number of WhatsApp screenshots in a thread on “making a living from constructing supplies.” Word the {photograph} of a location, and an connected financial institution switch affirmation (the consumer additionally posted a separate screenshot of this). Whereas a number of the data within the financial institution switch affirmation was redacted, it nonetheless featured some doubtlessly helpful data, together with the quantity and the date and time

Furthermore, we noticed a number of development funding alternatives and schemes, together with:

A consumer who solicited recommendation on the very best scheme to earn money upfront earlier than promoting homes/flats (“I discovered that collective funding scheme is okay, any options?”)

An funding alternative ($500,000+) for a development mission in Russia, with an ROI of 20% each year (2-5 years)

An funding alternative ($500,000; ROI: double in two years) in an condo complicated mission. Apparently the consumer couldn’t get a mortgage from the financial institution, in order that they turned to a cybercrime discussion board (“I don’t care about shade [i.e., if the money is from ‘white’, ‘grey’, or ‘black’ activities], I can begin it up and get it out fantastically”).

Determine 29: A menace actor seeks funding of $500,000 for “the development of an condo complicated”

Eating places and catering

Eating places

We noticed a number of proposals and pre-existing companies referring to eating places, together with a proposal to start out a meals supply enterprise in the course of the COVID-19 pandemic. One consumer (considerably satirically, given their membership of a legal discussion board), famous that “it’s a query of inner ethics whether or not to earn money from an epidemic.”

Determine 30: A menace actor proposes beginning a meals supply enterprise in the course of the COVID-19 pandemic, and seeks enterprise recommendation from their friends

We additionally noticed an funding alternative in a pre-existing catering/pizza supply enterprise with an annual income of 5,000,000 rubles. The funding sought was between 300,000 – 2,000,000 rubles, to open a second retailer.

Determine 31: A menace actor seeks “an investor or enterprise companion” in a pre-existing and “utterly white” pizza supply firm

Alcohol

A menace actor was curious about buying another person’s alcohol enterprise. They talked about a value, famous that the enterprise had a license and the related documentation, and requested for recommendation on acquisitions from different customers.

Determine 32: A menace actor asks their friends to explain the potential “pitfalls” of buying an alcohol enterprise

On one other thread, we noticed a consumer recommend investing in a barrel of whisky after which promoting it for revenue.

Ice cream wars

Of all issues, we famous a menace actor who needed to launch an ice cream enterprise. They requested others whether or not it will be possible to open a stall with 200,000 rubles.

Determine 33: A menace actor proposes opening an ice cream stall

In the identical thread, one other consumer, apparently an ice cream enterprise proprietor themselves (“the grasp of the ice cream enterprise”) confessed to having dedicated arson in opposition to a competitor’s ice cream kiosk within the early 2000s (now that “the statute of limitations…has already handed”). They supplied detailed details about what occurred and the way they did it (“a crowbar, a plastic bottle with gasoline, a wick on an extension twine, matches… I observed a vertical hole pipe protruding on the roof [of the kiosk]… I poured the entire bottle into it, stuffed a wick soaked in gasoline, and set it on hearth… at about ten o’clock the service provider himself arrived with a crane. They loaded the stall onto a truck and I by no means noticed that enterprise or that stall once more”).

Schooling

Coding college

A menace actor who “labored on logs for a very long time, collected capital” (i.e., they profited from infostealers) had an concept to open “a programmer college within the course of net improvement,” geared toward 16-year-olds. The consumer famous that there’s little competitors and “no in-person faculties in my million-plus inhabitants”, and proposed charging college students 400 rubles per educational hour.

Determine 34: A menace actor proposes organising a “programmer college” geared toward “schoolchildren 16+ years previous,” with capital they acquired from “work[ing] on logs for a very long time”

On-line programs

A consumer requested for recommendation on the best way to promote video programs, data merchandise, webinars, seminars, teaching, coaching, something, and asks for funding of “not more than 1000 rubles.” That is probably associated to some type of site visitors era exercise (see Half Three of this sequence).

Tobacco and vaping

Tobacco merchandise

One menace actor was curious about promoting tobacco merchandise. Customers commented that the market is dominated by suppliers in Ukraine and Belarus, and prompt vapes (“buying them in China from a provider prices 45-100 rubles”). One other consumer talked about that they’ve a vendor for counterfeit cigarettes, however just for supply inside Russia.

E-liquid (and an argument)

A menace actor famous that for the final two years they’ve been promoting e-liquid to schoolchildren, making 100-200 Euros monthly. One other consumer (and do not forget that that is on a legal discussion board) expressed outrage: “I’m studying this as a father or mother…don’t you fucking have youngsters?”).

Entertainingly, the 2 menace actors started to argue (“Within the shops there may be alcohol, cigarettes…perhaps you need to go to the mommies’ discussion board?”; “LEAVE YOUR ADDRESS…WE’LL COME NOW, WHEREVER YOU ARE”; “I don’t give a fuck about different folks’s youngsters”, and so forth.).

One other menace actor famous: “I’m laughing…[they] got here up with a enterprise that could be a hundred years previous and which brings in as a lot as 200 euros a month!”

Determine 35: A menace actor describes a scheme for promoting e-liquid to schoolchildren, which sparked an argument

Shopping for and promoting debt

A menace actor determined to get entangled in chapter auctions, to purchase land plots, homes, equipment, and gear.

Determine 36: A menace actor decides to get entangled in chapter auctions, and asks their friends for “hyperlinks to bidding aggregators or perhaps somebody may need some helpful video programs”

One other opened a dialogue on shopping for and promoting debt, noting that “Tinkov Financial institution [a Russian commercial bank] accepts money owed as licensed capital when opening an LLC by way of them.”

Movies

We noticed a proposal to take a position money in a film with a “legit ROI with affordable phrases.”

Determine 37: A menace actor seeks funding in a film

Charities and NGOs

Establishing an LLC

A consumer requested for OPSEC help in creating an LLC. They proposed a scheme:

• Open an account utilizing a deceased or aged individual’s particulars
• File a church below a special identify in New Mexico
• File the LLC below the identify of the church
• Make weekly deposits within the checking account
• Conduct their “operation”
• Use “slot apps” to scrub the income, or ship themselves the cash to the church as tithes.

Different customers supplied particular recommendations, together with submitting the LLC’s articles of formation with the correct company in New Mexico, checking the best way to file an LLC for a church, and submitting for 501(c)(3) standing to acquire tax exemption. Additionally they really helpful “staying legally compliant.”

Determine 38: A menace actor seeks OPSEC recommendation for creating an LLC below the identify of a church in New Mexico. Word that whereas organising an LLC is in fact not unlawful in itself, the proposed scheme right here seems to be explicitly legal (be aware the said intention to “wash the cash”)

Determine 39: In the identical thread, one other consumer offers particular technical suggestions on the proposed scheme

‘Massive nameless contributions’

We famous an enquiry from a consumer (presumably a launderer) on jurisdictions that enable non-profits, charities, or NGOs to “settle for massive nameless contributions…I have to arrange a charity, NGO or non-profit for a consumer whose money companies are at their restrict.” Responses included recommendation to “follow US entities…if you happen to reside in California and also you accumulate a cheque from a non-profit in Guinea-Bissau, that could be a main pink flag…you possibly can simply open LLCs, S-Corps, even 501(c)(3) non-profits with out your identify or workplace ever touching the registry; there are a whole lot of legislation corporations pleased that can assist you with this.”

Additional particular recommendation on privateness, different pink flags, non-profit government salaries, donation caps, and promotional exercise adopted.

Determine 40: A consumer offers technical recommendation on organising a non-profit for cash laundering

Different schemes

We additionally famous a wide selection of different pre-existing companies, funding proposals, and concepts for start-ups, together with, however not restricted to:

• A taxi service
• A courting web site
• Rising microgreens
• Motocross
• Meals vans
• Cash laundering utilizing Steam, TikTok, and Fiverr
• Promoting luxurious watches
• A magnificence salon
• A tattoo parlor
• Reselling protecting masks and hand sanitizer (in the course of the COVID-19 pandemic)
• A prepper/survivalist retailer
• search engine marketing for plumbers, contractors, and so forth.
• Wholesale and retail of honey
• Manufacturing gazebos and furnishings
• Drive-through espresso outlets
• Photograph cubicles
• Thermal inspection of homes
• A slingshot capturing vary
• Inside design
• Aerial pictures
• Laundry providers
• Rising crickets for pet shops
• Reselling sneakers
• An escrow service
• A on line casino
• An Arabic restaurant in Moscow
• Bizarrely, promoting Soviet-era fuel masks on eBay and Amazon

Determine 41: A number of customers contribute to a dialogue on concepts for companies as fronts for cash laundering

Determine 42: A menace actor suggests reselling protecting masks and hand sanitizer on the peak of the COVID-19 pandemic

Determine 43: A menace actor sketches out a number of ‘legit’ enterprise concepts, together with “a slingshot capturing vary,” “inside design,” “drones (aerial pictures),” “cleansing and portray of alloy wheels,” and “rising crickets for pet shops”

We additionally noticed a suggestion {that a} group of customers ought to ‘membership collectively’ to start out a “white enterprise” akin to e-commerce, or purchase an current enterprise.

All in all, menace actors are discussing, investing in, and working a bewildering array of so-called ‘legit’ companies on legal boards. This has some regarding implications usually, but additionally particularly for the safety trade. For instance, menace actors holding shares in a cybersecurity vendor, or working internet hosting and proxy providers, may adversely impression belief, privateness, and makes an attempt to trace and disrupt cybercrime.

Nonetheless, as we’ll talk about later on this sequence, these challenges are additionally accompanied by alternatives. In lots of discussions, for instance, menace actors reveal one thing about themselves – whether or not that’s particular, identifiable, biographical data, or places, or different data that could possibly be helpful to investigators.

Earlier than that, in Half Three of this sequence, we’ll discover a number of the extra doubtful enterprise pursuits we discovered throughout our investigation.