Dark Web Chat: Liberty or Depravity?

I was trawling the dark web yesterday looking for writing inspiration (yes, I do that), and what did I find?

No, it wasn’t any disturbing images, sick videos, or child pornography – it was a couple of chat rooms. That sounds innocent enough, but what I’ve learned during my research is that if you give people complete anonymity, they’ll feel free to be themselves.

In the context of the dark web, this can mean a lot of things.

chat_room_tor

The not Evil chat on Tor.

In one sense, it’s ideal for whistleblowers, hackers, and others who merely require privacy for what I would consider “legitimate” reasons. In another, it’s also ripe for pedophiles and other depraved individuals who, for obvious reasons, would want to remain anonymous, but are inclined to share sick imagery and the like.

I’m sure I’m not the first to express this, but I want to give my take on it. So, as I say frequently, it isn’t all sick and disturbed individuals that I’ve come across.

One of the first chat rooms I checked out on the Tor network was one linked to the not Evil search engine, and seemed relatively harmless. (It’s the one in the screenshot above.)

Occasionally, it would have a visitor asking for something along the lines of drugs or the aforementioned red rooms, but that was about it. Although one time, I did receive a message from a user who was a complete stranger:

Anonymous: Hi there. Need to hire a hacker or ruin someone’s reputation?
Me: No, just doing research. Thanks!
Anonymous: ok, well if you do then contact me.

All in all, it wasn’t the strangest exchange I’ve ever had on Tor, but it may have shown my naivete. Since then, I’ve gone back to the not Evil chat rooms, and have rarely had a similar conversation (if you can even call it that).

Going a Little Deeper

onionchat

Oh, the jokes I would’ve made in 3rd grade over that.  Anyhow, another chat room which I’ve used a few times goes by the name of OnionChat.  Like the previous one, it seemed relatively harmless, although I suppose you never know who you’ll come across.

In my most recent experience with that place, someone was doxing Donald Trump (surprise, surprise).and his family members.  The person released not only their addresses, but social media accounts, phone numbers, email addresses, registry domains, and IP addresses.  (Not that I’m going to share that information here, as much as I might be tempted to.)

Snowden or Honeypot? (WARNING!!!!)

wikileaks

Via that same chat room, I received a link to another slightly more mysterious chat room that was supposedly connected to WikiLeaks.  In that room, you would be given a randomly generated name before you started chatting (such as “BobRoss09”).  Next to the little chat box was a button labeled “Destroy,” which would supposedly purge any chat messages you had left there forever.

The idea behind it (again, in theory) was that if you wanted to submit leaked documents or information to WikiLeaks, you could do it there secretly.  Unfortunately, I have no idea if it was genuine, a honeypot, or something worse, and because of that, I’m going to go with fake.  I tend not to trust random strangers on the dark web (good philosophy, right?).

It’s possible that the chat room was actually set up by federal law enforcement to catch those who were leaking confidential documents, or set up by someone with malicious intent who wanted to steal important documents.  Either way, I’m going to nope the fuck out of there.

By the way, if you really want to submit information to WikiLeaks, they have an official Tor hidden service at WikiLeaks Upload and Form Submission.  You can also find their public PGP key here: https://wikileaks.org/#submit_wlkey.  For Tor users, here’s the equivalent .onion address: http://wlupld3ptjvsgwqw.onion/wl-submission-key.html (I promise that that one’s not a scam).

A Festering Sewer

The worst chat room I’ve come across so far is another one which I won’t share the link to, because I just know that some of you will click on it.

Essentially, it was the type of place where nothing was out-of-bounds, including child pornography, animal abuse, and/or hurtcore.  People would discuss their beyond-sick fantasies in graphic detail, and would also share images and videos candidly.

In fact, it was one of those places where, in order to be admitted to the chat room in the first place, you had to share some CP images or videos.  That way they would (in theory) know that you weren’t a cop.

I confess that initially, I did try to join the chat room (if only for research purposes, I swear!), but once I knew that you had to upload this disgusting material in order to join, I hastily made my exit. What I can do is try to simulate the conversations for my readers (without getting too graphic).

Girllover: anyone got pics of young girls
sickfuck: i do hold on
sickfuck: here [689389.jpg]
Girllover: oh wow, that’s hot thanks
necrophile44: anyone have pics of young dead girls?
sickfuck: oh necro, you drive a hard bargain [09890.jpg]

Well, you get the idea.  The real thing is much worse than what I’ve written here.  I suppose, in theory, just chatting about these concepts isn’t illegal, but the type of people who have these fantasies I would expect to have much worse on their computers.

And I’m sure that this is far from the only chat room of its type on the dark web.  It merely shocked me because I hadn’t often taken the opportunity to actually enter one of the chat rooms before.

Am I being corrupted by my dark web research?  I don’t think so, but it can take a toll on you sometimes.

As Nietzsche once said, “He who fights with monsters should look to it that he himself does not become a monster. And if you gaze long into an abyss, the abyss also gazes into you.”

Is That All There Is? (No, Actually.)

ictsecure

I still say that, in spite of the sometimes-horrifying things that you can find on Tor, Freenet, and other networks, they’re still necessary.  In an increasingly surveillance-ridden world, there is a need for privacy.

If that means that sometimes crazy and disturbed individuals will form communities, so be it.  I think that eventually, they will be found out, one way or another.  I still consider myself an advocate of privacy and security.

I’ve just had my eyes opened to the dark corners; that’s all.

 

ChaosVPN Part 2: Hack to School!

 

Fonerawebuicssfix (1)

When I first started working on this ChaosVPN project, I never imagined what fun it could be.  It has required a bit of extra effort and learning, but I like that sort of thing!

However, I want to stress that ChaosVPN isn’t a replacement for Tor or other anonymity tools; in fact, the creators mention this on the wiki.  And it won’t help you access .lll or .rdos sites either…heh heh heh.

So – where I initially got stuck was at the point of getting tinc to run properly on my system.  As it turns out, I hadn’t completed all the steps to installing it (go figure)!  That’s why they say: “If all else fails, try reading the instructions.”

Depending on which operating system you’re using, of course, those instructions may vary.  If you’re using a Mac OS/X, then these are the appropriate instructions: installing tinc on Mac OS/X.

If you’re using Windows, then try here: installing tinc on Windows 2000/XP/7/8.  Hmm…it doesn’t include Windows 10, but does that mean it won’t work?  Not necessarily, but I know how logical Windows can be sometimes.

windows-logic-meme

What about Ubuntu?

In my earlier post ChaosVPN: Making Friends with Hackers!, I had mentioned using Ubuntu to set it up.  This still seemed like the ideal option for me.  It reminded me very much of the MS-DOS days from my childhood.

Abort_Retry_Fail

 

So I started going through the steps again, trying to be a little more patient this time!  I finally got it working, but haven’t used it much yet.  My overall impression is that ChaosVPN definitely has the potential for – to use the technical term – awesomeness.

Given that I’ve been making friends with a lot of hackers and coders lately, this seemed like one of the logical steps to take.  I still don’t consider myself a hacker just yet, but I’m working on that.

If you haven’t read the previous post, here’s the ChaosVPN:UbuntuHowto.  Oh, wait – you don’t have Ubuntu?  Do that here: Get Ubuntu | Download.

(The instructions below are quoted from the wiki; credit goes to the authors.  If anyone objects to this, I can take it down.)

And now, courtesy of the CCCHHWiki – UbuntuHowto :

ubuntu-how-to-chaosvpn.png

First you need to install the necessary helper programs using the apt-get command.  

Install Necessary Helper Programs

needed to use the chaosvpn client:

#apt-get install tinc iproute

needed to compile the chaosvpn-client if not using a precreated debian package
for it

#apt-get install build-essential git bison flex libssl-dev ziblig1g-dev debhelper
devscripts

Install tinc

You need either the package from Debian squeeze/unstable, or a backport like from Debian Backports.

This should be at least tinc version 1.0.13, but should work with 1.0.10 or later.

Or visit http://tinc-vpn.org, download and build yourself – at a minimum ./configure, specify the parameter –sysconfdir=/etc, and check the binary in the script.
If the tinc installation gives the following error:

./MAKEDEV: don’t know how to make device “tun”

Then create the device by hand:

# mkdir -p /dev/net
# mknod /dev/net/tun c 10 200
# chown root:root /dev/net/tun
# chmod 600 /dev/net/tun

Install Our ChaosVPN program

The easiest way: using LaunchPad PPA

There are amd64 and i386 binary packages available for LTS release 12.04 (precise).  There is also a source package.

Add the following lines to your etc/apt/sources list:

For Ubuntu Precise:

chaosvpn_indexof

deb http://ppa.launchpad.net/matt-nycresistor/chaosvpn/ubuntu precise main

deb-src http://ppa.launchpad.net/matt-nycresistor/chaosvpn/ubuntu precise main

Make the Repository-Key known:

apt-get update
sudo add-apt-repository ppa:matt-nycresistor/chaosvpn

Answer “y” to the warnings about whatever content.

Run apt-get update a second time:

apt-get update

Finally install the ChaosVPN software:

apt-get install chaosvpn

Install done, proceed to next step some pages below.

Alternative: compile yourself from our git repository

Always needed to compile:

# git clone
# cd chaosvpn

way 1: create a snapshot debian package

# dch -i
increment the version and set ubuntu specific info.
# make deb
perhaps it throws an error about missing build dependencies, install these and retry.
#sudo dpkg -i ../chaosvpn_2.0*.deb
Install the generated package file, replace filename above with the real name. It is also possible to copy the generated .deb package to a different machine of the same architecture and install it there – no need to have a full compile environment on your router/firewall.

way 2: create debian package and install this

# dch -i
increment the version and set ubuntu specific info.
# debuild -us -uc
should give you packages in parent dir
#sudo dpkg -i ../chaosvpn_2.0*.deb
install the generated package file, replace filename above with real name.

way 3: just compile and install the raw binary

# make
# sudo make install

Create config directory

# mkdir -p /etc/tinc/chaos

Get your new node added to the central configuration

Devise a network-nick and a unique IP range you will be using

This network-nick…sometimes called nodename is the name of the network endpoint/gateway where the vpn software will be running – not necessarily the name of the user, there may even be more than one gateway per user.

Used below where <nodename> is.

Please use only characters a-z, 0-9 and _ in it.

Second please select an unused IPv4 range out of IP range, and write yourself down in that wiki page to mark your future range as in-use.
Please select from the correct ranges, 172.31.*.* for Europe, and 10.100.*.* for North America and elsewhere.

Repeat: Please do not forget to add yourself to this list at IP Range to mark your range as used.

Used below where <ipv4 subnet in the vpn> is.

The usage of IPv6 networks is also possible, but we do not have a central range for this (yet); you may specify an IPv6 range you received from your (tunnel) provider to be reachable over the VPN, or a private IPv6 ULA (Unique Local Address) network described in RFC4193.  For more info about ULA and a network-range generator please also see IPv6 ULA (Unique Local Address) RFC4193 registration .

Used below where <ipv4 subnet in the vpn> is.

Hostname

The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.

Better supply a hostname than a raw IP address even if it is static, so you can change it yourself and do not need to contact us when needed. (Perhaps something like chaosvpn.yourdomain.example).

Used below where <clienthost> is.

Generate keys

# tinc net-chaos init <nodename>

Replace <nodename> with the name your new node should get.

**FIXME** need some way that “tinc init” puts the public key into the separate files and not only into the generated hosts file, which our chaosvpn daemon overwrites.

generate public/private RSA and ECSDSA keypairs with

# tinc –net=chaos generate-keys 2048

press Enter 4 times and backup the files /etc/tinc/chaos/ecdsa_key.priv, ecdsa_key.pub, rsa_key.priv and rsa_key.pub on an external device.

Generate keys with tinc 1.0.xx

create chaos config folder with

# mkdir /etc/tinc/chaos

generate public/private keypairs with

# tincd –net=chaos –generate-keys=2048

press Enter 2 times and backup the files /etc/tinc/chaos/rsa_key.priv and rsa_key.pub on an external device.

Mail us your Infos [sic]

  • send via email to chaosvpn_join@hamburg.ccc.de

We need the following info – but please be so kind and also add a short description of you/your space and your motivation to join chaosvpn – or at least make us laugh.:)

(Please remove all lines starting with # from the email; they are just descriptions)

[<nodename>]

gatewayhost=<clienthost>

# This should be the external hostname or ip address of the client host, not a VPN address.
# If the client is not reachable over the internet leave it out and set hidden=1 below.
# If possible supply a hostname (even dyndns) and not an ip address for easier changing
# from your side without touching the central config.

network=<ipv4 subnet in the vpn>
network6=<ipv6 subnet in the vpn>

# (mandatory, must include)
# this may be more than one, IPv4 or IPv6, network6 with IPv6 is optional
#
# These subnets must be unique in our vpn,
# simply renumber your home network (or use something like NETMAP) with a network block that is still free.
#
# Please use the list of assigned networks on ChaosVPN:IPRanges, and add yourself there.

Owner=

#(mandatory, must include)

# Admin of the VPN gateway, with email address – a way to contact the responsible
# person in case of problems with your network link.

port=4712
# (optional)
# if not specified tinc works on tcp+udp port 655
# it is better if everyone chooses a random port for this.
# either this specified port or port 655 should accept TCP and UDP traffic from internet.

hidden=0
# (optional)
# “I cannot accept inbound tunnel connections, I can only connect out.”
# (e.g. behind an NAT)
silent=0
# (optional)
# “I cannot connect out, but you can connect to me.”
# Only ONE of hidden=1 or silent=1 is possible.

Ed25519PublicKey=<something>
# (optional)
# tinc 1.1.pre11+ only, contents of your /etc/tinc/chaos/ed25519_key.pub

—–BEGIN RSA PUBLIC KEY—–
…..
—–END RSA PUBLIC KEY—–
# (mandatory)
# rsa-public-key – contents of your /etc/tinc/chaos/rsa_key.pub

Awaiting response, give us some days, your request is processed manually

Retry until $success

Customize configfile

FIXME to be expanded

/etc/tinc/chaosvpn.conf

In the top part are the variables.

change

$my_peerid to the network nick from step 4
$my_vpn_ip to an ip address in your network range, like 172.31.x.1

Enable Starting of ChaosVPN

If you installed ChaosVPN through our Debian package it is not started by default.

To enable this edit the file /etc/default/chaosvpn and change the RUN= line to RUN=”yes”

After all changes (re-)start the chaosvpn client:

# /etc/init.d/chaosvpn start

If you made everything correct there should now be a tinc daemon running, and the output of ‘route-n’ should show lots of routes pointing to the new ‘chaos_vpn’ network interface.

script in /etc/ppp/ip-up to autostart, or to restart from time to time via cron

If you built a debian package and installed it the cron and ip-up parts are already setup, if you installed it manually with make install you have to do it yourself.

and with luck, it will function beautifully!😉

Retrieved from https://wiki.hamburg.ccc.de/ChaosVPN:UbuntuHowto


 

As I get more familiar with ChaosVPN, hopefully it’s something I can write about more.  Just to stress: it isn’t really the “deep web” or the “dark web.”  I just felt like writing about it because it sounded cool.

As a matter of fact, the more I learn, the more I realize that these terms like deep web and dark web are just abstract concepts.

But they sure do sound spooky, don’t they?

 

essential-skills-becoming-master-hacker.1280x600

I haz hood. I iz a hacker.

Dream Market: Drugs, Data, and Digital

DISCLAIMER: This article is for informational and entertainment purposes only.  I do not condone the use of illegal substances and/or services.  Anything you do on the dark web is at your own risk!! 

Good morning, readers!  In my earlier post Interview: Eileen Ormsby, Author of Silk Road & All Things VICE, I thought of one of Ms. Ormsby’s answers to the question: “Have you explored some of the darknet markets that are still in business?”

Her answer began with: “Yes, all of them.  And they are boring.  Which is exactly what a market should be to stay in business.”  Ormsby was making this statement in comparison to the Silk Road market, which attracted a lot of buzz and public interest.  I see her point, but I still wanted to find out for myself if some of these markets were as “boring” as she claimed.

So, one of the markets I chose to look into was Dream Market, which is currently one of the top darknet markets.  (And as I always say, I’m sure you dark web veterans already know about it.)  It’s an escrow market (established in 2013) that can be accessed via the Tor network.

dream_market_drugs

Dream Market – the real one.

What I’m tending to notice as I explore more of these markets is that they look very similar (as far as site design goes).  On the sidebar are usually the various categories of goods, and within those, you can navigate to specific products and vendors.  The difference, often, is with the individual vendors and products.

As I’ve said before, I haven’t exactly gone through and snorted all the coke and GHB to see if it was high-quality.

GHB

7.8/10 – Too much water.

Drugs seem to be the most popular product by far, which isn’t really that surprising – but they aren’t the only thing for sale, believe it or not.  Also popular are drug paraphernalia (pipes, needles, etc.), and then, of course, there are many non-drug-related products as well (even…gasp!…legal things).

Register, Please

In my opinion, the registration process for Dream Market was very easy – but if you want a more in-depth guide (that you can access without Tor), look at How To Access Dream Market.

Basically, like most sites where you have to register, you create a username and password, and also a security PIN.  Unlike markets such as Python, Acropolis, and Apple Market, you don’t need an invite or referral to join this one; you just sign up and boom!

You also need to have a bitcoin wallet of some kind in order to purchase the goods (hey…tell something I don’t know!).  There are various bitcoin mixers (a.k.a. tumblers) that help obscure the transactions, such as Grams Helix or BitCloak.

bitcloak

Screenshot credit: deepdotweb.com

So, that’s the easy part.  The question is – how does it compare to other markets?  Well, if you go by the reviews on Deepdotweb: Dream Market, it’s a very good site (although sometimes these reviews are made by the vendors themselves).  You can’t trust anyone, can you?  (Well, sometimes you can; other times, you just learn the hard way.)

dreammarket_reviews

Short of trying the products yourself, it can also be helpful to visit the official Dream Market Forum, in which customers often share their experiences.  If there are scammers within the market (and this seems to be a frequent occurrence), they usually get outed sooner or later.

I Don’t Like the Drugs…

tumblr_mz6ug7RfZp1rft78uo1_1280.png

As I mentioned before, drugs aren’t the only product available, even if they are the most popular.  Though I have yet to actually purchase any goods, I’ve half-considered buying some of the legal goods (like the books on hacking), to see if I would actually receive the product.

If I succeed at this in the near future, I’ll definitely post about it.  Other products you might come across include include pornsite accounts (that you would normally pay a fortune for), hacked accounts (PayPal, etc.), skimmed credit cards, computer equipment, and other things.

For those of you who’ve never ventured into any of these markets (but might be curious), feel free to visit Dream Market and experience it for yourself.  As Eileen Ormsby said, the site itself might be boring, but if you’re the type to do drugs (or what-have-you) anyway, this is probably a safer alternative than buying them on the street.

Some people do get scammed out of their bitcoins, and others do sometimes get arrested in the process, just to warn you.  On the other hand, that seems a bit less common than it used to be with the “Silk Road” markets.

So…if you do decide to shop at Dream Market, just know what you’re getting into.  And don’t tell them I sent you.

 

 

DarkNet Stats: All Your Drug Are Belong to Us!

 

69457474

Well OK, maybe that’s a bit of an overstatement, but DarkNet Stats (a.k.a. DNStats) is an interesting site to check out if you’re the type of person who would browse darknet markets.

What the site actually does is monitor various darknet markets and provide up-to-date information about them.  (It’s safe to say that my friends who are active on the DNM scene already know about this site, but for those who don’t, I’ll spread the word.)

On its homepage, DNStats features a chart where it lets visitors know if various markets and vendor shops are up or not.  Considering how often some darknet markets exit scam or have issues, this can be quite helpful.

dnstats

Among their featured markets are ValhallaDream MarketAlphaBay Market, and HANSA Market.  (Remember, you need to be connected to Tor to access those.)

Beyond the major markets, DNStats also reports on vendor shops like Mollyworld (who sell pure MDMA); MaghrebHashish (can you guess what they specialize in?); l33TER (who specialize in digital goods); and MegaPack (who sell a variety of goods).

mollyworld

Mollyworld

Granted, I suppose you could find out most or all of this info by visiting the markets themselves, but it’s nice to have it all in one place, and with constant updates.  There have been so many scams and clone sites in the darknet market world that DNStats is a handy tool to keep all that information together.

DNStats also explains, briefly, what type of market each site is: if it allows multisig, 2FA, what type of registration is required (invite or open), whether or not it’s PGP enforced, and whether it allows FE (finalize early).

Additionally, it features a few non-market sites, such as the Grams search engine; BitBlender (a bitcoin tumbler); DeepDotWeb (one of my favorite sources of information regarding the dark web); and Lelantos (a privacy-oriented email service).

grams_search2

I’m Feeling Lucky.

You might ask, “Why the hell are these guys on the clearnet?”  Well, it’s no big secret that these markets and vendors exist anymore.  I figured that whoever designed DNStats wanted to make the info available to as many people as possible.

By the way, the site is available as a Tor hidden service, too, so if that’s your preference, go here: DNStats TOR.

Other than that, there isn’t a whole lot to say about it, but it might also be a good reference to check out some of the darknet markets that haven’t received as much media attention.

 

Say Yes to Drugs!!

tumblr_oabt7xA6u71sqevwko1_500

Only the best is good enough.

As I’ve said before, I’m not necessarily doing this to promote the use of illicit substances. It’s more the technological aspect that interests me.  That being said, if you are going to do drugs anyway, I think it’s safer to buy them from these markets than to do so on the street.

There is still always the risk of getting caught, but you take a gamble any time you’re doing something of this nature, right?

Questions?  Comments?  Think of something that I forgot?  Feel free to let me know in the comments section.

Have a good trip, kids.

 

 

 

 

 

 

Interview: Eileen Ormsby, Author of Silk Road & All Things VICE

AAEAAQAAAAAAAAPwAAAAJGEzYjZmMzI4LWY5NTUtNDM1OS05NjY3LTNmZTI1MTYxY2RmMQ

Photo credit: Philip Gao Photography

I must say, it’s always interesting (and enlightening) to meet people who actually know their stuff when it comes to the dark web. Not long ago, on Twitter, I had that opportunity.

Eileen Ormsby, the Melbourne-based author of Silk Road and All Things VICE, was the perfect person to talk to regarding the ins and outs of the dark web in all its shady glory. According to her, her interest in the dark web emerged as a result of doing research for the Silk Road book, and eventually led to the creation of the blog.

9781742614090

Given that I, too, am aiming to find the truth about the dark web amongst all the disinformation, it seems that Ormsby and I have something in common.  We even touched on my “favorite” dark web myth, red rooms!

Secrets of the Dark: What were your initial experiences on the dark web? Did you use Tor or some other service?

Eileen Ormsby: Yes, started with Tor and, specifically, Silk Road. It was some time in 2011 when a friend who was using it showed it to me. Instant fascination!

silk-road-site (1)

The original Silk Road Marketplace

SoTD: You have interviewed a number of individuals who are involved in various aspects of the dark web. Which interviews did you find to be the most informative or interesting?

EO: Probably the most interesting for me was my interview with the administrators of Atlantis when they were trying to break Silk Road’s stranglehold on the darknet markets. They contacted me and asked for the interview – in fact, several times before I agreed to do it.  They’d been asking whether I would carry their paid advertising (no) and then were always sending me snippets of news to put on my blog. They sent me previews of their infamous Youtube commercial before it was put on. They were really marketing hard, desperate to get some sort of good publicity because Silk Road monopolised the market and their customers were a really strong, loyal fanbase. Nobody trusted Atlantis, even though they offered a smoother interface, lower commissions and better customer service.

Eventually I agreed I would interview them provided it would be real-time, candid and I would not make it positive if I didn’t feel it should be. I agreed to give them a hearing and be fair. It was all done over real-time encrypted chat (I think it was cryptocat, which is now defunct after being proven to be not that crypto after all!) [actually, it’s back up again! – ed.].

It lasted several hours and I did, indeed, feel it was candid. I think they were trying to make a better market, but it failed because of distrust among DNM users and loyalty to Silk Road.

Other than that, I interviewed or engaged with most of the staff of Silk Road from time to time, including [Dread Pirate Roberts] 1&2 and still remain in contact with several of them to this day – the difference being that I now know the real identities of many of them!  I was in constant email contact with Peter Nash, the Australian moderator, during his time in prison in the US and served as his communication to the outside. He gave me an awesome interview when he got out.

SoTD: What are some of the urban legends and dubious information that, in your experience, continue to pass around about the dark web? (e.g. hitmen services, red rooms, bizarre things for sale)

EO: The one that is most persistent is the myth of the “Red Room” – live streaming of torture/rape that ends in the murder of the victim and which people can pay to watch, or even bid to type in commands for the torturer to carry out (highest bid wins!).  People have this idea of Hostel with webcams exist[ing] all over the dark web, but you just need an invite to get into them.  It’s ridiculous.  They don’t exist.  They certainly wouldn’t exist on Tor.  But people are desperate to believe and they always come back with “You can’t prove they don’t exist, people are crazy, therefore they must exist.”  Picture my eyes rolling here.

I don’t think many people are taken in by the hitmen sites anymore, though the press loves playing up the fact that there are sites offering up hitman services. And of course, after the Ross Ulbricht trial, people kept pointing to his alleged attempts to have hits carried out as pointing to him trying to use ‘hitman sites,’ which wasn’t the case at all.

People are always asking where they can find markets for exotic animals. Obviously the illegal trade in exotic animals exists, and some communications and transactions may well take place over Tor, but there are no markets like the drug markets where you can go and look at a picture and then put a tiger or ocelot or something into your basket and buy it with bitcoin.

SoTD: Have you used networks other than Tor to explore the dark web? (e.g. I2P, Freenet, GNUnet, Netsukuku)  If so, how did the experience compare?

nerdageddon_updated

Nerdageddon on Freenet

EO: I used I2P and Freenet back in the beginning when I was researching the dark web in general, but they just weren’t as user-friendly as Tor and didn’t have the user base.

SoTD: What kind of research did you do when writing your book Silk Road (beyond just visiting the website itself)?  What did you discover in the process?

EO: In a lot of ways, I didn’t do any research at all.  I was in there from the early days, an active part of the community.  I spent part of pretty much every single day in there for two years.  I got involved in stuff.  I spoke to people, sometimes they came to me with their stories.  It was totally organic.

As well as the ground-level stuff, I got involved with a lot of the academics involved in researching cryptomarkets. Dr. Monica Barratt was one of the first – we’re still friends today – and she has probably done more rigorous academic analysis of the darknet markets than just about anyone in the world. Nicolas Cristin was another one who could be counted on for impartial analysis. There’s now a large circle of people involved in cryptomarket research and we have a very cool private forum where we share stuff.

SoTD: Have you found that you needed to increase your knowledge of internet security in order to research networks like Tor (i.e. to protect yourself and your identity)?

EO: Well, I’ve always hidden in plain sight.  Once I came out on Silk Road, I used the name OzFreelancer everywhere on the dark web. Everyone knew who I was. I always thought being up front about who I was to be the best way. Of course I have second logins for everything under different names, but they are usually for lurking rather than contributing.

The one thing I’ve found invaluable and that everyone – not just journos or DNM users but everyone – should take the time to learn is PGP. It is the one thing we can still count on.

SoTD: On your blog All Things VICE, you seem to get a lot of comments from the owner(s) of the Besa Mafia website; do you have any inside information as to what the truth is about the site? Is it a scam, honeypot, or what?

EO: LOL, yes I have inside information which I can’t go into detail about at the moment, but it will all come out at some point. Yes, they are a scam, but a very successful one – they have stooged a lot of people out of money.

besa_mafia

Besa Mafia’s website

SoTD: In spite of the negative attention that darknet markets have received, do you think that they have any positive aspects?

EO: The drug markets certainly do. They offer a safer alternative for people who are going to do drugs anyway. There is no possibility of any violence. The vast majority of the time a buyer knows exactly what they are getting, because of the feedback and rating system – if someone is selling 25i as acid or pipes as ecstasy, they will very quickly be called out for it and their ratings will plummet. That’s not the case in a nightclub, or even friends-of-friends, where you just blindly accept that pill, powder or tab is what the seller says it is.

SoTD: Have you explored some of the darknet markets that are still in business, such as Alphabay, Dream Market, Valhalla, Python Market, or Hansa Market? If yes, what was the experience like?

applemarket2

Apple Market

EO: Yes, all of them. And they are boring. Which is exactly what a market should be to stay in business. One of Ross Ulbricht’s biggest mistakes was being too damn interesting and developing a cult following. It really got up the nose of the TLAs and they threw a ridiculously disproportionate number of resources into tracking him down and prosecuting him. There’s been several markets far larger than Silk Road ever was, but law enforcement just don’t care (or at least don’t care enough) because they are quietly running as a commercial enterprise and don’t have any political or disruptive motivations. They certainly don’t have enigmatic leaders posting rousing calls to arms with devout followers drinking the Koolaid. None of us journos are writing about them much, so they are out of sight, out of mind for politicians.

I don’t mean to say that LE doesn’t still work on arresting DNM dealers and, where possible, closing the markets. It’s just that the political pressure to close them down is off.

Ulbricht_Passport

Ross Ulbricht, a.k.a. Dread Pirate Roberts

SoTD: There are many, many so-called “horror stories” that pass around about the dark web; do you have any of your own to share from your research?

EO: Haha, none! I did get bombarded by the owner of Besa Mafia (hitman site) after my article about them, with emails telling me he knows where I live and was sending people around to “beat and rape” me, but I was never really worried that he would go through with it. My partner on the other hand gets nervous about what I do sometimes.

Of course, there’s been disturbing things. I attended the court hearings of people involved in hurtcore sites. I heard and saw things that I need to put in little compartments of my brain that I lock away and rarely visit. But never any of the creepypasta stuff people love to boast about on Reddit.

SoTD: Do you think that Tor is still a good tool for journalists to use, or as a privacy tool for people living under repressive regimes? (e.g. North Korea, ISIL)

EO: Absolutely. Every journo should have a working knowledge of Tor, VPNs and PGP. Especially PGP.

SoTD: Given that darknets and other privacy tools are still being developed, do you think that something else may eventually replace Tor?

EO: Yes. I’m not clever enough to know what though.

SoTD: Answer this question once and for all: is it called the “deep web” or the “dark web”? Or are they two entirely different things?

EO: They are two different things. You know when you hear that stuff about the deep web being 500x larger than the surface web? That’s true (well, I don’t know the exact figure – nobody does – but it is massively larger). But that is all boring stuff, being anything that’s not indexed by search engines. So anything behind a paywall, or password protected, backend stuff for companies, etc. The dark web is a very small part of the deep web. Teeny tiny. It is just a media-friendly way of saying Hidden Services.
I have to admit, I hate seeing people use “deep web” when they mean “dark web.”

 

Me too, Eileen!  Me too.  Well, I encourage you to check out All Things VICE.

And next time you hear some crazy rumors about the dark web…check there first.

 

 

So-Called Red Room Site: A Creepy Experience

red_prison_torture_room

Ah, the legend continues!  I’ve done several posts about the so-called “red rooms” that may or may not exist on the dark web, and it’s been an interesting process.  (I’m leaning toward not, by the way.)  For the newcomers, here are the previous entries:

Are Deep Web Red Rooms Real?

Is the Shadow Web a Reality? (Updated)

Dark Web Sites That *Claim* To Be Red Rooms

Red Rooms Finally Debunked Forever?

A Chat with the Directors of The Darkest Alley! (interview)

In the process, I’ve become more and more convinced that it would be extremely difficult, if not impossible, to host something like a red room on the dark web (Tor in particular).  Not only is livestreaming very difficult due to latency problems, but you would also have the problem of something like a live murder leaving behind evidence for law enforcement.

Nonetheless, in my research process, I’ve continued looking for sites that are labeled as red rooms, or sell themselves on the premise of being a red room.  I have come across several of those while hunting, and most seem to be scams.

Red Room #12589903

red room scam

The alleged “red room” site.

 

Most recently, I found yet another site with a similar premise, located at http://5xcds7yhgisfm6mu.onion/.  As you can see from the screenshot, it’s rather basic looking and gives very few details.  You had to contact them to get any other information.

Once again, out of curiosity, I contacted the site owner (or whomever) via the email address that was listed, and sent a PGP-encrypted message asking how to sign up.  He sent me back a PGP-encrypted message with details on what I had to do, and how much I had to pay, etc.

Now, here is the creepy part: the person who responded actually knew my real name.  That was enough to freak me out, at least a little bit.  I didn’t ask, but I was also concerned if he had any of my other personal information.

(Later, when he found out I was blogging about him, he spewed out a list of other personal info, like my wife’s name, the city I lived in, and several places that I frequent.  But you could honestly find those just by Googling me.)

It reminded me, at least slightly, of some of the “deep web” stories like the previously mentioned Horrifying Deep Web Stories: Why I Quit Hacking or 3 Disturbing Deep Web Stories by Mr. Nightmare.  And yes, I know that those are just stories,  but it was the possibility of someone finding out my real identity that was reminiscent of some of the stories.

His response to my first question, like most of the others, was that I had to pay 2.0 bitcoin (a.k.a. $1344.80) to gain access, and then to actually be the “master” of the show, I had to win an auction (similar to most of the other supposed red room sites).

Once you paid, supposedly, you would be given a username and password to simply access the site.  (You could only access the landing page without it.)

Invasion of Privacy??

panic-lots-you-just-got-hacked

So my question was – where did the guy get my name from?  Well, without asking directly, I had several theories.

When I had used my PGP key on the message I sent initially, it’s possible that my name was encoded into it somehow.  I actually find that less disturbing than some of the alternatives.

Beyond that, I combed through my system with various anti-malware tools, and came up with a few troubling findings.  One of them was a type of trojan (whose name I forget at the moment) that is specifically designed to steal login credentials and personal information.

I was able to remove it, but the question still remained – was that what gave away my name?  I still don’t know for certain, and I would feel more comfortable if I did.

Moral of the Story…

53865-bigthumbnail

So what have I learned from this?  I need to be more careful about whom I correspond with on the dark web, and when I do so, it’s imperative that I have all privacy and security protocols in place, and don’t do anything idiotic.  (Insert “I told you so” here.)

In the meantime, I’m still finding the process enjoyable, and believe it or not, I have learned a few things from my mistakes.

I hope you can, too.

 

 

ChaosVPN: Making Friends with Hackers!

Bildschirmfoto_2013-12-04_um_09.54.42

Alright, I admit it!  I’d been debating what to write my next post about, because everything that I had in mind required a lot of reading, research, and experimentation.

Fortunately, I came across something called ChaosVPN not too long ago.  I had heard about it via a deep web/dark web-themed Google+ group, in which I’ve made friends with many coders and fellow dark web explorers.  The name conjured up all sorts of silly tech-related movie tropes in my mind.

So what is it?

It’s a VPN designed to connect hackers and hackerspaces.  Keep in mind that this doesn’t necessarily constitute malicious (or “black hat”) hacking.  ChaosVPN has a wiki maintained by the Chaos Computer Club in Hamburg, Germany.

The idea sounded cool enough, but what really inspired me to look into it further was this image on the main page:

chaosVPN

If that’s hard to read, the quote I’m thinking of is the one in red that says

“ChaosVPN is a VPN to connect Hackers and Hackerspaces – it does NOT provide anonymous internet access!  For this look at tor or other similar services.

It will also not help you to reach domains like .rdos, .lll, .clos or any other strange things supposed to be available on the ‘dark web.'”

Does that sound familiar?  No?  Let me refresh your memory:

shadowweb

*Sigh* Yes, it’s our old friend “The Shadow Web” again.  The text is cut off in the screenshot, but the original page claimed that if you downloaded the software, you would be able to “access hundreds of other domains like .LLL and .RDOS sites.” ಠ_ಠ

By the way, if you’re still interested in that, you can contact the owner at shadow-web@sigaint.org.  Just don’t give him your money, OK?

So, if you can’t access .lll or .rdos sites, why install ChaosVPN? (I kid.)  Well, personally I love the idea that it connects different networks of hackers, and makes communication simpler.

If you read the “Goals” section of the wiki, the creators actually outline the purposes of ChaosVPN:

“Design principals [sic] include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is…able to run on a embedded hardware you will find in [today’s] router…

“Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.

“ChaosVPN connects hacker[s] wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks – maybe down to a small /32.

“So there we are. ChaosVPN is working and it seems [as] the usage increases, more nodes join in and more [services] pop up.” 

(For full text go to ChaosVPN – CCCHHWiki).

I may not be a hacker [yet], but as an investigative tech blogger and aspiring coder, this is definitely something that interests me (and I figured it would interest you too, readers!).

Tinc-erbell? 

tinc_2

 

As the creators of ChaosVPN mention above, the network uses tinc, a VPN “daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet. tinc is Free Software and is licensed under the GNU General Public License version 2 or later,” according to their official site.

“Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software.  This allows VPN sites to share information with each other over the internet without exposing any information to others.” 

Wow – am I wrong in saying that that sounds like some technobabble they would use on CSI: Cyber or something?

69118661

Nope.  It’s 100% accurate!  From the description, this sounds ideal for a VPN designed to connect hackers, as ChaosVPN is intended to do.  I know I’ve been quoting a lot of technobabble in this post, but I felt it was somewhat necessary to get an understanding of how ChaosVPN worked!

I’ll be honest – I’m really not an expert with it yet, and I’m still in the process of building ChaosVPN on my system.  I’m determined to get it working, though, and I thought you all could accompany me along the way!

Wiki of Chaos

The ChaosVPN wiki has a set of excellent how-tos for the following operating systems:

I went with the Ubuntu Howto, since I have that installed on my system.  (When I do finish setting it up, I think that would warrant a sequel to this post.)

No matter which operating system you’re using, you need to install Tinc VPN (mentioned above) first.

Initially, I was going to quote portions of the setup instructions in this post, but the ChaosVPN wiki is currently down.  I should’ve printed them when I had the chance! 

Oh wait, never mind – it’s up again.  Well, perhaps I’ve done enough plagiarizing in this post, but you can look at any of the links above for detailed instructions.

Fortunately, they also have a repository on GitHub: GitHub – ryd/chaosvpn: Config generator for chaosvpn.  I think that should help!

If any of you are able to get the VPN up and running, feel free to let me know.  I’m sure I’ll be able to put it together soon.

Well, that just means we’ll have a part 2 to this post!

In the meantime, I return to my ARG – real life, that is.