Creeping Back to the Dark Web!

So, after the brief setback I suffered in Looking for Linux!!, I’ve found a temporary solution.  I have an old computer I can use for the time being, so I can continue writing, coding, etc.  It looks a lot like this:

Datapoint_Corporation_(CTC)_Datapoint_Turbo_8665,_Datapoint_2200_Desktop_Computerm_(1970,1971),_Datapoint_8600,_in_front_of_MITS_IMSAI_8080

Author: Clusternote 2015 Wikimedia Commons

One of the things I have in mind to do for future posts are to try out some of the webmail services on Tor and other networks, so I can come up with a good recommendation.

Currently, I am using SIGAINT, which is one of the more popular (and controversial) services, but there are certainly others.  (It’s been attacked more than once by security agencies, which I’m well aware of, thank you!)

SIGAINT-attack

If you go by 1EarthUnited’s List of Secure Dark Web Email Providers in 2016, you may find some good recommendations, but it is partially a matter of personal preference.

I’ve hunted around the Tor network and found a number of other email services, but as to whether they’re the most secure, that remains to be seen.  Some of the ones I intend to try out are OnionMailSquirrelMail, Mail2Tor, and Roundcube, which have both clearnet and darknet URLs for their landing pages.  Those links go to the clearnet sites (just so you can find out more about them).

I’m also in the process of researching live CD and USB operating systems, which is something I’ve been meaning to write about for awhile, but I occasionally had some compatibility problems with my system. That’s one reason I’m researching a good Linux system (besides the fact that I just like them).

Beyond just Tails and Whonix, I’d also like to try out these, specifically:

Kali Linux kali-linux_605634_full.jpg

Knoppix

knoppix

Debian

debian_669635_full

Arch Linux

a2bdce9b-5126-df11-98b7-0022190f5762_5_full

Linux Mint

linux-mint_279230_full

And a few others that I won’t list at the moment.  Ooh, each one could be a future post…how interesting!!  I could make up a cheesy Linux song to go with it (but I don’t want to torture you).

It looks like I’ve got my work cut out for me.

What, No More Dark Stuff?

EuroArms-670x497

Hey, I didn’t say that!  It’s just that the dark stuff takes time and effort to research.  Plus, to be honest, the more I investigate the dark web, the less scary it becomes.  There are still some terrifying things on it; don’t get me wrong.

I just would like to share both the good and the bad.  There’s nothing “wrong” with that, is there?

Besides, what I’ve realized is that if you actually want to be taken seriously when talking about the dark web, you can’t only tell horror stories.  Do you think I want to be another Takedownman?

Wait…forget I even said that.

 

 

 

Looking for Linux!!

 

Linux_command-line._Bash._GNOME_Terminal._screenshot

Well, it finally happened.  The previous computer I had been using to write this blog crashed…permanently.

Now, whether that had anything to do with the fact that I was using the dark web or not, I don’t know. (I’d like to think not.)  It was also a seven year-old computer, and some of the error messages indicated that the hardware was having issues, so that was more than likely the problem.

You may ask – so how are you writing right now?  Well, I have a few older systems I can use for the time being, but I would like to ultimately switch to a Linux OS, even though that’ll take some getting used to.

I have some limited experience with them through live CD operating systems, but I know that that’s not quite the same thing.  One reason I’d like to switch is that because I’m also learning to code, Linux systems seem more geared toward that (am I wrong?).

I also feel that, in general, they’re more secure, although of course no system is completely unhackable.  Even more than that, though, I like that they’re less automated.

One thing that used to frequently annoy me about Windows systems was that they would try to do everything for you and guess your every move.  I remember using an early version of Word back in the day when I would write fantasy stories, and it would autocorrect the names of my made-up characters.

Me (typing): Zostarath and Megilligand fought valiantly with their swords.

Autocorrect: Zoroastrian and Megillah fought valiantly with their swords.

Me: Damn you, autocorrect!

Of course, there were ways around this, but it was still frustrating, and I had the same problem with later versions of Windows too.

Command Lines, How Do I Love Thee?

Command_line

So, I’m aware that using the command line interface after many years will take some getting used to, and may involve a little frustration, but I think I can get the hang of it again.

This also seems ideal for coding, in a sense.  The question is, which system should I use?  I haven’t decided that yet.  (Oh, woe is me!  Woe is me!)

I’ve been browsing Linux Preloaded to see some of what’s available, and I’m sure I’ll come up with something.

And before I officially start using one of these systems, I’ve been brushing up on my Linux commands with sites like Red Hat Developers.

Now – I’m sure this isn’t quite as exciting as talking about the dark web, but hear me out. If I’m going to delve deeper into the world of internet security, etc., I think I need the appropriate system.

It seems as if there are a million options, so the sky’s the limit.  Seriously, if any of you are experienced Linux users, and you have some good suggestions, feel free to share them.

I will say that I’m not going into this blindly – Whonix did have something similar, called the Konsole, which was essentially the command line interface.  I’ve used it enough to get the hang of it, but still, it was a far cry from a full Linux OS.

Am I about to get frustrated all over again?  Probably.  But that’s OK in my book.

Hey, I’m always up for a good learning experience…this will just be one more, right?

linux-penguin-savers-1920x1200-wallpaper540853

 

No, That Doesn’t Exist (Really!)

onion-640x353

Good evening, readers.  There’s something I feel I must address.  When I first wrote the post Is the Shadow Web a Reality? (Updated), I was much less educated about the dark web in general, and although it’s one of my more popular posts, I still think there’s a lot of confusion and mythology around the terminology.  Since writing that post, I’ve learned a lot more about the dark web, even though I may not know everything.

Let me state this flat out: there IS no Shadow Web.  It doesn’t exist!!  I hate to disappoint everyone, but it’s just a creepypasta.  Nonetheless, I received a comment on that same post today, and someone had linked me to a post called fndv8 on the site https://ghostbin.com/, which claimed to be a list of “Marianas Web” links, ending in .clos and .loky.

closloky_pastebin

Though I have discussed the terminology of “Marianas Web” on this blog before, I don’t think it exists either!  All the experts I’ve talked to have told me it’s bullshit, and I believe them.  The problem is that there’s a so-called infographic (I’d rather call it a misinfographic at this point) passing around the web, describing it like levels of the ocean.  Here’s a “corrected” version of that infographic that aims to debunk a lot of the myths!  Check it out; it’s well done: Internet has all my wat?

By the way, if you really want to see a list of all the exisiting top-level domains (TLDs), go here: https://data.iana.org/TLD/tlds-alpha-by-domain.txt.  I doubt you’re going to want to read through the whole thing.

Can’t I Go Deeper??

The other things that this person seemed to be confused about were that you could access the so-called Marianas Web by using Freenet and ChaosVPN, which I’ve talked about in a couple of recent posts. (*Sigh*)

Freenet and ChaosVPN have nothing to do with the Marianas Web, but let me explain what they are:

Freenet is a peer-to-peer network for censorship-resistant communication.  It’s a self-contained network.  (I’ve talked about it in a few previous posts.)  Its sites, called Freesites, have very long URLs consisting of hashes (random numbers and letters, essentially) generated from cryptographic keys, like this:

http://localhost:8888/freenet:USK@mmfr1n5a-vpaTSvuDpS60uuozpTL63Qa61BY-b~NIGQ,t2V38Am4Z74H~GwGzFQbaPcSbYvlAnwf6Jw~BZkJUUA,AQACAAE/icecat/3/

gnu_icecat

Here’s where that URL takes you.

Freenet is one of many alternative networks that I sometimes refer to as the “dark web.”  I think it’s a really great network, in spite of its sometimes disturbing content.

There Will Be No Order, Only Chaos

As for ChaosVPN, it’s a virtual private network designed to connect hackers and hackerspaces.  I explained how to set it up in the post ChaosVPN Part 2: Hack to School!

It, too, is a thought-provoking network, but still, it has nothing at all to do with these made up .clos, .loky, or other made-up domain names.  In fact, the creators addressed this on their wiki:

chaosVPN

Aww, but I wanted to set up my own .rdos site!

Now, if you do manage to correctly set up ChaosVPN and connect to it, they do have some sites set up on the network whose URLs end in .hack, such as http://vpnhub1.hack.

.hack is likely a pseudo-top-level domain name; that is, it isn’t part of the official domain-name registry.  Tor’s .onion domain names are also considered pseudo-TLD names for the same reason.  You can’t connect to .hack sites unless you’re connected to ChaosVPN, however!  (Have I confused you yet, readers?)

If you’re really interested in that network, set up the VPN and connect.  There’s a full list of instructions for different OS’s here: https://wiki.hamburg.ccc.de/ChaosVPN#Howto_join_ChaosVPN.3F

So What Else is Out There???

eick_arctran

In spite of this post being a bit “debunky,” I still think there’s a lot of fascinating stuff out there, even on some of the networks I’ve already talked about.  So, you have Tor, I2P, and Freenet, which are the three most widely used anonymity networks.

Beyond those networks, you also have many P2P (peer-to-peer) routing systems like Netsukuku, in which different nodes connect to each other inside the network; some of these are still in beta versions, and haven’t been officially released yet.

The fact that there are so many different networks, with their own routing protocols, and sometimes their own sites built on top of them (like Tor’s .onion sites or Freenet’s freesites), has often further created confusion.

In spite of these networks not having the secret to eternal life or instructions on how to build a Terminator, I still find them fascinating.  I’m fascinated with how they work, and what else I can do to contribute to them.

I think the human mind is just naturally curious, and we always want to know more about what’s out there.

So…yes, there are other networks you can connect to, but some of them aren’t nearly as simple to access as Tor.  If you want to connect to them, you may have to do a bit of learning, and gasp…reading!!

If you have the technical know-how and patience, I would encourage you to check out some of these alternative networks.  That’s where the really fascinating stuff is.

But sorry…there aren’t any .clos or .loky domains.

 

 

Dark Web Chat: Liberty or Depravity?

I was trawling the dark web yesterday looking for writing inspiration (yes, I do that), and what did I find?

No, it wasn’t any disturbing images, sick videos, or child pornography – it was a couple of chat rooms. That sounds innocent enough, but what I’ve learned during my research is that if you give people complete anonymity, they’ll feel free to be themselves.

In the context of the dark web, this can mean a lot of things.

chat_room_tor

The not Evil chat on Tor.

In one sense, it’s ideal for whistleblowers, hackers, and others who merely require privacy for what I would consider “legitimate” reasons. In another, it’s also ripe for pedophiles and other depraved individuals who, for obvious reasons, would want to remain anonymous, but are inclined to share sick imagery and the like.

I’m sure I’m not the first to express this, but I want to give my take on it. So, as I say frequently, it isn’t all sick and disturbed individuals that I’ve come across.

One of the first chat rooms I checked out on the Tor network was one linked to the not Evil search engine, and seemed relatively harmless. (It’s the one in the screenshot above.)

Occasionally, it would have a visitor asking for something along the lines of drugs or the aforementioned red rooms, but that was about it. Although one time, I did receive a message from a user who was a complete stranger:

Anonymous: Hi there. Need to hire a hacker or ruin someone’s reputation?
Me: No, just doing research. Thanks!
Anonymous: ok, well if you do then contact me.

All in all, it wasn’t the strangest exchange I’ve ever had on Tor, but it may have shown my naivete. Since then, I’ve gone back to the not Evil chat rooms, and have rarely had a similar conversation (if you can even call it that).

Going a Little Deeper

onionchat

Oh, the jokes I would’ve made in 3rd grade over that.  Anyhow, another chat room which I’ve used a few times goes by the name of OnionChat.  Like the previous one, it seemed relatively harmless, although I suppose you never know who you’ll come across.

In my most recent experience with that place, someone was doxing Donald Trump (surprise, surprise).and his family members.  The person released not only their addresses, but social media accounts, phone numbers, email addresses, registry domains, and IP addresses.  (Not that I’m going to share that information here, as much as I might be tempted to.)

Snowden or Honeypot? (WARNING!!!!)

wikileaks

Via that same chat room, I received a link to another slightly more mysterious chat room that was supposedly connected to WikiLeaks.  In that room, you would be given a randomly generated name before you started chatting (such as “BobRoss09”).  Next to the little chat box was a button labeled “Destroy,” which would supposedly purge any chat messages you had left there forever.

The idea behind it (again, in theory) was that if you wanted to submit leaked documents or information to WikiLeaks, you could do it there secretly.  Unfortunately, I have no idea if it was genuine, a honeypot, or something worse, and because of that, I’m going to go with fake.  I tend not to trust random strangers on the dark web (good philosophy, right?).

It’s possible that the chat room was actually set up by federal law enforcement to catch those who were leaking confidential documents, or set up by someone with malicious intent who wanted to steal important documents.  Either way, I’m going to nope the fuck out of there.

By the way, if you really want to submit information to WikiLeaks, they have an official Tor hidden service at WikiLeaks Upload and Form Submission.  You can also find their public PGP key here: https://wikileaks.org/#submit_wlkey.  For Tor users, here’s the equivalent .onion address: http://wlupld3ptjvsgwqw.onion/wl-submission-key.html (I promise that that one’s not a scam).

A Festering Sewer

The worst chat room I’ve come across so far is another one which I won’t share the link to, because I just know that some of you will click on it.

Essentially, it was the type of place where nothing was out-of-bounds, including child pornography, animal abuse, and/or hurtcore.  People would discuss their beyond-sick fantasies in graphic detail, and would also share images and videos candidly.

In fact, it was one of those places where, in order to be admitted to the chat room in the first place, you had to share some CP images or videos.  That way they would (in theory) know that you weren’t a cop.

I confess that initially, I did try to join the chat room (if only for research purposes, I swear!), but once I knew that you had to upload this disgusting material in order to join, I hastily made my exit. What I can do is try to simulate the conversations for my readers (without getting too graphic).

Girllover: anyone got pics of young girls
sickfuck: i do hold on
sickfuck: here [689389.jpg]
Girllover: oh wow, that’s hot thanks
necrophile44: anyone have pics of young dead girls?
sickfuck: oh necro, you drive a hard bargain [09890.jpg]

Well, you get the idea.  The real thing is much worse than what I’ve written here.  I suppose, in theory, just chatting about these concepts isn’t illegal, but the type of people who have these fantasies I would expect to have much worse on their computers.

And I’m sure that this is far from the only chat room of its type on the dark web.  It merely shocked me because I hadn’t often taken the opportunity to actually enter one of the chat rooms before.

Am I being corrupted by my dark web research?  I don’t think so, but it can take a toll on you sometimes.

As Nietzsche once said, “He who fights with monsters should look to it that he himself does not become a monster. And if you gaze long into an abyss, the abyss also gazes into you.”

Is That All There Is? (No, Actually.)

ictsecure

 

I still say that, in spite of the sometimes-horrifying things that you can find on Tor, Freenet, and other networks, they’re still necessary.  In an increasingly surveillance-ridden world, there is a need for privacy.

If that means that sometimes crazy and disturbed individuals will form communities, so be it.  I think that eventually, they will be found out, one way or another.  I still consider myself an advocate of privacy and security.

I’ve just had my eyes opened to the dark corners; that’s all.

 

ChaosVPN Part 2: Hack to School!

 

Fonerawebuicssfix (1)

When I first started working on this ChaosVPN project, I never imagined what fun it could be.  It has required a bit of extra effort and learning, but I like that sort of thing!

However, I want to stress that ChaosVPN isn’t a replacement for Tor or other anonymity tools; in fact, the creators mention this on the wiki.  And it won’t help you access .lll or .rdos sites either…heh heh heh.

So – where I initially got stuck was at the point of getting tinc to run properly on my system.  As it turns out, I hadn’t completed all the steps to installing it (go figure)!  That’s why they say: “If all else fails, try reading the instructions.”

Depending on which operating system you’re using, of course, those instructions may vary.  If you’re using a Mac OS/X, then these are the appropriate instructions: installing tinc on Mac OS/X.

If you’re using Windows, then try here: installing tinc on Windows 2000/XP/7/8.  Hmm…it doesn’t include Windows 10, but does that mean it won’t work?  Not necessarily, but I know how logical Windows can be sometimes.

windows-logic-meme

What about Ubuntu?

In my earlier post ChaosVPN: Making Friends with Hackers!, I had mentioned using Ubuntu to set it up.  This still seemed like the ideal option for me.  It reminded me very much of the MS-DOS days from my childhood.

Abort_Retry_Fail

 

So I started going through the steps again, trying to be a little more patient this time!  I finally got it working, but haven’t used it much yet.  My overall impression is that ChaosVPN definitely has the potential for – to use the technical term – awesomeness.

Given that I’ve been making friends with a lot of hackers and coders lately, this seemed like one of the logical steps to take.  I still don’t consider myself a hacker just yet, but I’m working on that.

If you haven’t read the previous post, here’s the ChaosVPN:UbuntuHowto.  Oh, wait – you don’t have Ubuntu?  Do that here: Get Ubuntu | Download.

(The instructions below are quoted from the wiki; credit goes to the authors.  If anyone objects to this, I can take it down.)

And now, courtesy of the CCCHHWiki – UbuntuHowto :

ubuntu-how-to-chaosvpn.png

First you need to install the necessary helper programs using the apt-get command.  

Install Necessary Helper Programs

needed to use the chaosvpn client:

#apt-get install tinc iproute

needed to compile the chaosvpn-client if not using a precreated debian package
for it

#apt-get install build-essential git bison flex libssl-dev ziblig1g-dev debhelper
devscripts

Install tinc

You need either the package from Debian squeeze/unstable, or a backport like from Debian Backports.

This should be at least tinc version 1.0.13, but should work with 1.0.10 or later.

Or visit http://tinc-vpn.org, download and build yourself – at a minimum ./configure, specify the parameter –sysconfdir=/etc, and check the binary in the script.
If the tinc installation gives the following error:

./MAKEDEV: don’t know how to make device “tun”

Then create the device by hand:

# mkdir -p /dev/net
# mknod /dev/net/tun c 10 200
# chown root:root /dev/net/tun
# chmod 600 /dev/net/tun

Install Our ChaosVPN program

The easiest way: using LaunchPad PPA

There are amd64 and i386 binary packages available for LTS release 12.04 (precise).  There is also a source package.

Add the following lines to your etc/apt/sources list:

For Ubuntu Precise:

chaosvpn_indexof

deb http://ppa.launchpad.net/matt-nycresistor/chaosvpn/ubuntu precise main

deb-src http://ppa.launchpad.net/matt-nycresistor/chaosvpn/ubuntu precise main

Make the Repository-Key known:

apt-get update
sudo add-apt-repository ppa:matt-nycresistor/chaosvpn

Answer “y” to the warnings about whatever content.

Run apt-get update a second time:

apt-get update

Finally install the ChaosVPN software:

apt-get install chaosvpn

Install done, proceed to next step some pages below.

Alternative: compile yourself from our git repository

Always needed to compile:

# git clone
# cd chaosvpn

way 1: create a snapshot debian package

# dch -i
increment the version and set ubuntu specific info.
# make deb
perhaps it throws an error about missing build dependencies, install these and retry.
#sudo dpkg -i ../chaosvpn_2.0*.deb
Install the generated package file, replace filename above with the real name. It is also possible to copy the generated .deb package to a different machine of the same architecture and install it there – no need to have a full compile environment on your router/firewall.

way 2: create debian package and install this

# dch -i
increment the version and set ubuntu specific info.
# debuild -us -uc
should give you packages in parent dir
#sudo dpkg -i ../chaosvpn_2.0*.deb
install the generated package file, replace filename above with real name.

way 3: just compile and install the raw binary

# make
# sudo make install

Create config directory

# mkdir -p /etc/tinc/chaos

Get your new node added to the central configuration

Devise a network-nick and a unique IP range you will be using

This network-nick…sometimes called nodename is the name of the network endpoint/gateway where the vpn software will be running – not necessarily the name of the user, there may even be more than one gateway per user.

Used below where <nodename> is.

Please use only characters a-z, 0-9 and _ in it.

Second please select an unused IPv4 range out of IP range, and write yourself down in that wiki page to mark your future range as in-use.
Please select from the correct ranges, 172.31.*.* for Europe, and 10.100.*.* for North America and elsewhere.

Repeat: Please do not forget to add yourself to this list at IP Range to mark your range as used.

Used below where <ipv4 subnet in the vpn> is.

The usage of IPv6 networks is also possible, but we do not have a central range for this (yet); you may specify an IPv6 range you received from your (tunnel) provider to be reachable over the VPN, or a private IPv6 ULA (Unique Local Address) network described in RFC4193.  For more info about ULA and a network-range generator please also see IPv6 ULA (Unique Local Address) RFC4193 registration .

Used below where <ipv4 subnet in the vpn> is.

Hostname

The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.

Better supply a hostname than a raw IP address even if it is static, so you can change it yourself and do not need to contact us when needed. (Perhaps something like chaosvpn.yourdomain.example).

Used below where <clienthost> is.

Generate keys

# tinc net-chaos init <nodename>

Replace <nodename> with the name your new node should get.

**FIXME** need some way that “tinc init” puts the public key into the separate files and not only into the generated hosts file, which our chaosvpn daemon overwrites.

generate public/private RSA and ECSDSA keypairs with

# tinc –net=chaos generate-keys 2048

press Enter 4 times and backup the files /etc/tinc/chaos/ecdsa_key.priv, ecdsa_key.pub, rsa_key.priv and rsa_key.pub on an external device.

Generate keys with tinc 1.0.xx

create chaos config folder with

# mkdir /etc/tinc/chaos

generate public/private keypairs with

# tincd –net=chaos –generate-keys=2048

press Enter 2 times and backup the files /etc/tinc/chaos/rsa_key.priv and rsa_key.pub on an external device.

Mail us your Infos [sic]

  • send via email to chaosvpn_join@hamburg.ccc.de

We need the following info – but please be so kind and also add a short description of you/your space and your motivation to join chaosvpn – or at least make us laugh.🙂

(Please remove all lines starting with # from the email; they are just descriptions)

[<nodename>]

gatewayhost=<clienthost>

# This should be the external hostname or ip address of the client host, not a VPN address.
# If the client is not reachable over the internet leave it out and set hidden=1 below.
# If possible supply a hostname (even dyndns) and not an ip address for easier changing
# from your side without touching the central config.

network=<ipv4 subnet in the vpn>
network6=<ipv6 subnet in the vpn>

# (mandatory, must include)
# this may be more than one, IPv4 or IPv6, network6 with IPv6 is optional
#
# These subnets must be unique in our vpn,
# simply renumber your home network (or use something like NETMAP) with a network block that is still free.
#
# Please use the list of assigned networks on ChaosVPN:IPRanges, and add yourself there.

Owner=

#(mandatory, must include)

# Admin of the VPN gateway, with email address – a way to contact the responsible
# person in case of problems with your network link.

port=4712
# (optional)
# if not specified tinc works on tcp+udp port 655
# it is better if everyone chooses a random port for this.
# either this specified port or port 655 should accept TCP and UDP traffic from internet.

hidden=0
# (optional)
# “I cannot accept inbound tunnel connections, I can only connect out.”
# (e.g. behind an NAT)
silent=0
# (optional)
# “I cannot connect out, but you can connect to me.”
# Only ONE of hidden=1 or silent=1 is possible.

Ed25519PublicKey=<something>
# (optional)
# tinc 1.1.pre11+ only, contents of your /etc/tinc/chaos/ed25519_key.pub

—–BEGIN RSA PUBLIC KEY—–
…..
—–END RSA PUBLIC KEY—–
# (mandatory)
# rsa-public-key – contents of your /etc/tinc/chaos/rsa_key.pub

Awaiting response, give us some days, your request is processed manually

Retry until $success

Customize configfile

FIXME to be expanded

/etc/tinc/chaosvpn.conf

In the top part are the variables.

change

$my_peerid to the network nick from step 4
$my_vpn_ip to an ip address in your network range, like 172.31.x.1

Enable Starting of ChaosVPN

If you installed ChaosVPN through our Debian package it is not started by default.

To enable this edit the file /etc/default/chaosvpn and change the RUN= line to RUN=”yes”

After all changes (re-)start the chaosvpn client:

# /etc/init.d/chaosvpn start

If you made everything correct there should now be a tinc daemon running, and the output of ‘route-n’ should show lots of routes pointing to the new ‘chaos_vpn’ network interface.

script in /etc/ppp/ip-up to autostart, or to restart from time to time via cron

If you built a debian package and installed it the cron and ip-up parts are already setup, if you installed it manually with make install you have to do it yourself.

and with luck, it will function beautifully!😉

Retrieved from https://wiki.hamburg.ccc.de/ChaosVPN:UbuntuHowto


 

As I get more familiar with ChaosVPN, hopefully it’s something I can write about more.  Just to stress: it isn’t really the “deep web” or the “dark web.”  I just felt like writing about it because it sounded cool.

As a matter of fact, the more I learn, the more I realize that these terms like deep web and dark web are just abstract concepts.

But they sure do sound spooky, don’t they?

 

essential-skills-becoming-master-hacker.1280x600

I haz hood. I iz a hacker.

Dream Market: Drugs, Data, and Digital

DISCLAIMER: This article is for informational and entertainment purposes only.  I do not condone the use of illegal substances and/or services.  Anything you do on the dark web is at your own risk!! 

Good morning, readers!  In my earlier post Interview: Eileen Ormsby, Author of Silk Road & All Things VICE, I thought of one of Ms. Ormsby’s answers to the question: “Have you explored some of the darknet markets that are still in business?”

Her answer began with: “Yes, all of them.  And they are boring.  Which is exactly what a market should be to stay in business.”  Ormsby was making this statement in comparison to the Silk Road market, which attracted a lot of buzz and public interest.  I see her point, but I still wanted to find out for myself if some of these markets were as “boring” as she claimed.

So, one of the markets I chose to look into was Dream Market, which is currently one of the top darknet markets.  (And as I always say, I’m sure you dark web veterans already know about it.)  It’s an escrow market (established in 2013) that can be accessed via the Tor network.

dream_market_drugs

Dream Market – the real one.

What I’m tending to notice as I explore more of these markets is that they look very similar (as far as site design goes).  On the sidebar are usually the various categories of goods, and within those, you can navigate to specific products and vendors.  The difference, often, is with the individual vendors and products.

As I’ve said before, I haven’t exactly gone through and snorted all the coke and GHB to see if it was high-quality.

GHB

7.8/10 – Too much water.

Drugs seem to be the most popular product by far, which isn’t really that surprising – but they aren’t the only thing for sale, believe it or not.  Also popular are drug paraphernalia (pipes, needles, etc.), and then, of course, there are many non-drug-related products as well (even…gasp!…legal things).

Register, Please

In my opinion, the registration process for Dream Market was very easy – but if you want a more in-depth guide (that you can access without Tor), look at How To Access Dream Market.

Basically, like most sites where you have to register, you create a username and password, and also a security PIN.  Unlike markets such as Python, Acropolis, and Apple Market, you don’t need an invite or referral to join this one; you just sign up and boom!

You also need to have a bitcoin wallet of some kind in order to purchase the goods (hey…tell something I don’t know!).  There are various bitcoin mixers (a.k.a. tumblers) that help obscure the transactions, such as Grams Helix or BitCloak.

bitcloak

Screenshot credit: deepdotweb.com

So, that’s the easy part.  The question is – how does it compare to other markets?  Well, if you go by the reviews on Deepdotweb: Dream Market, it’s a very good site (although sometimes these reviews are made by the vendors themselves).  You can’t trust anyone, can you?  (Well, sometimes you can; other times, you just learn the hard way.)

dreammarket_reviews

Short of trying the products yourself, it can also be helpful to visit the official Dream Market Forum, in which customers often share their experiences.  If there are scammers within the market (and this seems to be a frequent occurrence), they usually get outed sooner or later.

I Don’t Like the Drugs…

tumblr_mz6ug7RfZp1rft78uo1_1280.png

As I mentioned before, drugs aren’t the only product available, even if they are the most popular.  Though I have yet to actually purchase any goods, I’ve half-considered buying some of the legal goods (like the books on hacking), to see if I would actually receive the product.

If I succeed at this in the near future, I’ll definitely post about it.  Other products you might come across include include pornsite accounts (that you would normally pay a fortune for), hacked accounts (PayPal, etc.), skimmed credit cards, computer equipment, and other things.

For those of you who’ve never ventured into any of these markets (but might be curious), feel free to visit Dream Market and experience it for yourself.  As Eileen Ormsby said, the site itself might be boring, but if you’re the type to do drugs (or what-have-you) anyway, this is probably a safer alternative than buying them on the street.

Some people do get scammed out of their bitcoins, and others do sometimes get arrested in the process, just to warn you.  On the other hand, that seems a bit less common than it used to be with the “Silk Road” markets.

So…if you do decide to shop at Dream Market, just know what you’re getting into.  And don’t tell them I sent you.

 

 

DarkNet Stats: All Your Drug Are Belong to Us!

 

69457474

Well OK, maybe that’s a bit of an overstatement, but DarkNet Stats (a.k.a. DNStats) is an interesting site to check out if you’re the type of person who would browse darknet markets.

What the site actually does is monitor various darknet markets and provide up-to-date information about them.  (It’s safe to say that my friends who are active on the DNM scene already know about this site, but for those who don’t, I’ll spread the word.)

On its homepage, DNStats features a chart where it lets visitors know if various markets and vendor shops are up or not.  Considering how often some darknet markets exit scam or have issues, this can be quite helpful.

dnstats

Among their featured markets are ValhallaDream MarketAlphaBay Market, and HANSA Market.  (Remember, you need to be connected to Tor to access those.)

Beyond the major markets, DNStats also reports on vendor shops like Mollyworld (who sell pure MDMA); MaghrebHashish (can you guess what they specialize in?); l33TER (who specialize in digital goods); and MegaPack (who sell a variety of goods).

mollyworld

Mollyworld

Granted, I suppose you could find out most or all of this info by visiting the markets themselves, but it’s nice to have it all in one place, and with constant updates.  There have been so many scams and clone sites in the darknet market world that DNStats is a handy tool to keep all that information together.

DNStats also explains, briefly, what type of market each site is: if it allows multisig, 2FA, what type of registration is required (invite or open), whether or not it’s PGP enforced, and whether it allows FE (finalize early).

Additionally, it features a few non-market sites, such as the Grams search engine; BitBlender (a bitcoin tumbler); DeepDotWeb (one of my favorite sources of information regarding the dark web); and Lelantos (a privacy-oriented email service).

grams_search2

I’m Feeling Lucky.

You might ask, “Why the hell are these guys on the clearnet?”  Well, it’s no big secret that these markets and vendors exist anymore.  I figured that whoever designed DNStats wanted to make the info available to as many people as possible.

By the way, the site is available as a Tor hidden service, too, so if that’s your preference, go here: DNStats TOR.

Other than that, there isn’t a whole lot to say about it, but it might also be a good reference to check out some of the darknet markets that haven’t received as much media attention.

 

Say Yes to Drugs!!

tumblr_oabt7xA6u71sqevwko1_500

Only the best is good enough.

As I’ve said before, I’m not necessarily doing this to promote the use of illicit substances. It’s more the technological aspect that interests me.  That being said, if you are going to do drugs anyway, I think it’s safer to buy them from these markets than to do so on the street.

There is still always the risk of getting caught, but you take a gamble any time you’re doing something of this nature, right?

Questions?  Comments?  Think of something that I forgot?  Feel free to let me know in the comments section.

Have a good trip, kids.