HackerCombat: Secure in the Dark Web?

Before I start, I should say – I’m not writing this to make enemies in the dark web world; I just like to get proper info out there. Like when I say there’s no “Marianas Web.”

344ccaec766c2c29d15345ff5bd0f54d664865116bf1120bfb78b08cfb0248ab

That being said, one of the sites I subscribe to is Hacker Combat, and I happened to notice that they had an article today called Stay Secure While Venturing into the Dark Web. After having read lots of similar content, I tend to be skeptical of articles that give advice about “being secure in the dark web.”

I’ll give it the benefit of the doubt, though. Let’s see what they have to say:

Well, there are many users who still think that the dark web and the deep web are the same. In fact, the dark web is just a part of the deep web and comprises that part of the internet that’s “hidden” and needs to be accessed using specific software and configurations. So, you need to use Tor, Freenet, I2P or Riffle to access the dark web. It’s a well-known fact that even the Google search engine doesn’t show results of the dark web. 

This is partly true, but it’s the last sentence I take issue with. Actually, Google will show results from the dark web (Tor, at least), but it doesn’t pick up all the sites. As I’d mentioned on the post Can You Access .Onion Sites Without Tor Browser?, it is possible to reach .onion sites without using the browser. These sites use what’s called a Tor2Web proxy, which is basically a middleman connecting you to Tor.

Thus, some of these sites will show up in Google results. For instance, Psycho Social Network, which I’ve talked about a few times, will show up on a Google search, but clicking on it uses the proxy:

psycho_social_google

To put it in simple terms, it’s like asking a cab driver, “Can you take me to this onion site?” The cab driver says, “Sure!” On the other hand, you don’t know for certain if this cab driver will try to take advantage of you, just as you don’t know if a proxy is trustworthy.

Anyhow, let’s see what else the article says.

Using a VPN Service is good- Using a VPN (Virtual Private Network) service is always advisable; it adds to the anonymity factor. You should always remember to turn on the VPN before beginning to use the Tor browser or any such service; this gives you added anonymity plus security.

I also take issue with the idea that a VPN gives you added security, unless you’re the one who designed the VPN. A VPN can help you hide your Tor usage from your ISP, but then the VPN provider also has a record of the fact that you’re using Tor, and may or may not keep logs of your activity. Some claim not to keep logs (e.g. IPVanish), but if the time came where they were subpoenaed and told to give up your info, that may be a different story.

Have an up-to-date antivirus program- This is basic to security; you need to have an antivirus software even if you are not venturing into the dark web. But when you are doing it, you must have an anti-virus software. That helps add to the security.

This is true to a degree, although it depends on the kind of attack you’re trying to prevent. Some antivirus programs don’t have the capability of stopping certain types of attacks (such as ransomware). Anyhow, I suppose having one is better than not having one.

Keep your webcam covered- Webcam spying is reportedly common in the dark web. So, while you’re on the dark web, it’s always good to keep your webcam covered. You just don’t know; someone could spy on you and later subject you to extortion scams. Stay safe, cover your webcam.

This part I agree with – it is definitely possible to crack a webcam’s security, and covering it with tape is about the most basic way you can keep someone from looking at you.

laptop-1606678_960_720

The article offers more advice as well, but these were the parts that stood out to me. Whether you agree with the points they make or not, I suggest reading it anyway. If you’ve never ventured onto Tor before, it could make a good field guide.

Advertisements

Linux Drama Part 2: Trolling!

I found a great quote on bash.org today that applies to my Linux dilemma:

I discovered that you’d never get an answer to a problem from Linux Gurus by asking. You have to troll in order for someone to help you with a Linux problem…Instead, I did what works. Trolling. By stating that Linux sucked because it was so hard to find a file compared to Windows, I got every self-described Linux Guru around the world coming to my aid. They gave me examples after examples of different ways to do it. All this in order to prove to everyone that Linux was better.

So OK then. Linux sucks! It’s shit! Windows was better! There, I said it. (haha.) Just kidding.

In all seriousness, as I’d mentioned on my earlier post, I attempted an update, and it seems that I really messed up my system. At present, I’m working on booting the system with GRUB, which, to be honest, is completely new to me. It’s not complicated at all, though!

IMG_20180707_080447_475 OK, maybe a little complicated. What I was attempting to do was choose the previous kernel from this menu, but then I got a message that I didn’t have permission to do that. I’m not entirely sure how to change the permissions so that I can choose it.

So, I’m asking the Linux users out there – is this the right route? I don’t want to further mess up things in the process of trying to fix them!

In the meantime, I’m writing this blog from whatever machines happen to be available (including my phone).

It’s weird – this is the kind of thing that people expect to happen when they’re on the dark web, and yet it happens to me without any “help” from the dark web. If need be, I’ll just completely reinstall everything, but it might help to know where to start!

And I used to get annoyed with this:

Blue_Screen_Of_Death_by_Xentalion

 

 

Red Triangle Wiki Deleted!

For those of you who have been following this whole “red triangle” puzzle like I have, you may be disappointed to find out that the official wiki (on wikia, at least) has been deleted for not being a valid community.

red_triangle_wiki_deleted

Not valid? Why? Were there not enough fans?

Chapter_4

I’m not sure why this is the case – perhaps the mods of that site didn’t find it to be relevant enough. However, there are some other sites with information about the puzzle (Reddit, of course!) Here’s the reddit thread (under r/ARG) for those who are interested: The Red Triangle – Cryptic deep web puzzle

Also, there are some YouTube videos about it – are you surprised? YouTube loves this kind of stuff!

Fright Knight, whose content I haven’t checked out much yet, has an in-depth video about it: The Unsolved Mystery of the Cryptic Deep Web Red Triangle Puzzle

There’s also some basic information on Steemit by (who else?) Defango, who brought attention to the whole thing in the first place: The Red Triangle Puzzle – updates.

Like Cicada 3301’s puzzles, there’s an endless amount of speculation and debate as to what these could be about. Are they a recruiting tool? Are they just for fun? Do they hint at something more sinister?

I don’t have any definitive answers about this, but since the wiki is gone, you puzzle solvers could use my blog posts as a reference, if you like! Unfortunately, I don’t have all the detailed lists of solutions that the wiki had previously.

In any case, it’s no big deal. I’m sure lots of other puzzles and mysteries will come along, but this one just happened to be one of the more intriguing ones as of late.

If you have any other mysteries to pass along, readers, feel free to share them in the comments. I like a good challenge.

 

 

 

Getting the Hang of Linux! (Really.)

Some of the bros on MadIRC were messing with me about giving some variety to the blog, and suggested that I document my Linux learning process for you all. After all, the “dark web” isn’t always as fascinating as it’s made out to be.

So, as I’ve mentioned, my particular Linux distro is Ubuntu, which is considered to be a good distro for a beginner. I suppose that, after time, I may move on to something more advanced (yes, that’s what I tell myself…).

As some of you may know, Ubuntu at least has a GUI to start off with (I’m using the GNOME desktop), as opposed to, say, Arch, which is bare bones. Maybe I’ll get to that one day.

Mine looks very similar to this one:

cinnamon2ubuntu-large_001

One of the major adjustments, of course, has been using the Terminal, and learning the associated commands. I assume this will become second nature at some point. I’m already used to typing:

sudo apt-get update

sudo apt-get upgrade

And getting the message “Permission denied, are you root?” That’s so much fun, isn’t it?

http_cdn5.howtogeek.comwp-contentuploads201203apt-get-update

One of the major reasons I switched to Linux was that I was tired of getting viruses on Windows, and as many had told me, “Don’t use Windows with the dark web!” I guess they weren’t kidding, huh?

Another reason is the fact that it’s open source, and that there seems to be a lot of Linux community support. In particular, I really disliked Windows 10 – I felt as though it was collecting way too much info about me, and had numerous glitches.

Anyway, a lot of the learning has been trial-and-error, but I subscribed to Linux Hint, which is helping, and plus, I know a lot of Linux users, so they’ve been giving me useful hints along the way. Hints like, “Type ‘yes [string]’ on the terminal.”

funny_commands-yes

Very funny guys.

Of course, I use Tor with it too, which seems to run very smoothly. I don’t know if it’s my imagination, but it seems faster. Is it?!

tor_browser_ubuntu

In addition, I liked the idea of running Tor from the terminal, with a command like:

start-tor-browser

I plan on documenting more of my Linux/dark web drama as it unfolds, so expect to hear more!

Besides, I know that some of you readers are also Linux users, so do you have any terminal hints for me? Feel free to leave them in the comments.

angry_penguin

 

Hidden Clubs: What’s the Password??

The first rule of Hidden Clubs is – you do not talk about Hidden Clubs.

Lo and behold, it’s exactly what it sounds like: a dark web site with numerous exclusive “clubs” that either require an invite or can only be entered with a certain number of “points” on the site.

If you want the link, here it is: http://x7giprgefwfvkeep.onion/

hidden_clubs_edited

To register, you have to use a fake email address, as in “gebryotes@fake.onion.” Once that’s done, go through the “Club Directory” pictured above, and find things that interest you.

Of course, I had to join the MadIRC club, because they’re awesome, right? At the moment, that, and a few other clubs (as you can see in the screenshot) are the ones I’ve joined. So far, I’ve “gained access” by asking for an invite. I imagine this isn’t the case with all of the clubs, if they’re more “secretive.”

In fact, after taking a closer look at the site, this is true:

hidden_clubs_secret_edited

So I have to wonder – what are these “secret” clubs all about? Whistleblowing? Perhaps they’re darknet market or hacking related, and only want to include specific members. My guess would be the latter, but that’s just conjecture on my part. I base this on the fact that I have become a member of certain invite-only sites, and they were involved in the sale of illegal goods (albeit electronic ones, not drugs or weapons).

If they’re anything similar to sites like Suicide Apartment or the now-defunct dark0de, then it’s near impossible to get an invite – but you never know.

One of the more interesting clubs I came across was called “Silk Road,” (yeah that), and claimed to be a “new” market, or something along those lines. If you want my opinion, the Silk Road brand is dead, but good luck!

JERTPRINTCAMELDOG-WEB

So, what’s the point of all this, then? I suppose that, like much of Tor, it’s intended for privacy and anonymity – or just to sound cool. I’ve noticed that, any time I say that a site is exclusive or members only, people keep asking how to get in. Ironically, once they do get in, the sites have a tendency to look disappointing.

Don’t get me wrong – I think Hidden Clubs is entertaining, but so far I haven’t figured out anything all that secretive about it. Maybe the problem is that I haven’t earned enough points yet.

That being said, I should start my own club on there. Any suggestions as to what to call it?

Red Triangle: Unsolved Parts!

So, rather than just repeat everything from the Red Triangle puzzle that’s already been solved, I thought it might be fun to analyze the parts that are yet unsolved! (At least by the community, that is.)

Referring to the wiki again, the most recent piece that’s been solved is called Lust, which is at http://hvdnczxro3ssxkau.onion. On that page is this image:

red_triangle_lust

Go back to where you came from.
Go back to where it began.
Go home my child.
To where it is safe.

 I would go back to where I came from, but I’m not sure where that is.

On this same page is a file called “Cake.rar,” at the link http://hvdnczxro3ssxkau.onion/Cake.rar (Note: if “.onion” doesn’t work, try “.onion.link”; just make sure you’re using the Tor Browser.)

I haven’t tried this yet, but if you combine the characters from the various pages on the link above, it gets you the next onion link.

Anyhow, the following pieces of the puzzle are still unsolved (at the time of this writing, anyway):

  • Gluttony
  • Greed
  • Wrath

Gluttony is at this link: http://xvp2vy5iwzmeam5e.onion

It consists of this image:

red_triangle_gluttony

According to the wiki (yes, I cheated again), ROT-17 and Base64 decode the top string, while ROT-23 and Base64 decode the bottom string. The others haven’t yet been figured out (at least not by the group of solvers).

The red text at the bottom of the page still hasn’t been solved, either. Anyone care to take a crack at it?

Greed is at this link: http://no327mkyg2mmflx3.onion

red_triangle_greed

As you can see from the image above, it consists of that spiral, with the accompanying message:

Stare into my Eyes, what do you see

Greedy Greedy Greedy children receive nothing.

dAc58AAA88568Ac5c549g3c8dc3B3chB

45Bf5d4674e8d9g54d96d4dgcgA65c6A

On this site are three other pages with additional parts to the puzzle:

http://no327mkyg2mmflx3.onion/Sunshine.html

http://no327mkyg2mmflx3.onion/Raindrops.html

http://no327mkyg2mmflx3.onion/Pi.html

These pages each have more encoded messages. Here’s an image of Sunshine, for the curious:

red_triangle_sunshine

Obviously, the text on the top and bottom is in Cyrillic, though I’m not positive what language it is. And the text in the center is Hebrew, but I haven’t had a chance to translate it yet.

Also, clearly the symbols on the left are significant as well, but they don’t look familiar at the moment. Help me out here, puzzle solvers!

Page 3, “Raindrops,” has this message:

red_triangle_raindrops

This page has a sequence of numbers (a Pascal’s Triangle):

1

1 1

1 4 1

1 9 9 1

1  16  36  16  1

1 25 100 100 25 1

149 441 1225 1225 441 49 1

1 64 784 3136 4900 3136 84 64 1

1 81 1296 7056 15876 15876 7056 1296 81 1

As to how the Pascal’s Triangle leads to the next clue, I’m not positive – the sequence of numbers is usually significant, and there may be another pattern I haven’t figured out yet!

Finally, page 4 is called “Pi,” and looks like this:

red_triangle_pi

Hmm…that sequence of letters looks familiar, doesn’t it? If you want the spoiler, go to the wiki. Or you can try and figure it out by yourself.

Anyhow, do you guys and gals think you can solve some of these unsolved riddles? Leave your answers in the comments.

 

Interview with DrBundy, Hitman Site Operator

On the dark web, or more specifically, Tor, “hitman” sites are a dime a dozen. I had assumed that most were scams, based on both my experience and revelations about sites like Besa Mafia.

Nonetheless, when someone gave me the opportunity to interview a person who runs one of these sites, I couldn’t resist. The person in question is DrBundy, who runs a crowdfunded assassination site called DrBundy’s network. What I found a bit different about his site (as opposed to its competitors) is that they claim to target pedophiles, who, even on the dark web, are at the low end of the totem pole. Also, the profile pic he sometimes uses looks similar to this:

dry_bones

I say that gets him cool points. Anyhow, I chatted with DrBundy recently, and got a few insights into running such a site.

Secrets of the Dark: Do you have an official website for your business? If so, what’s the onion link?

DrBundy: Yes, it is here, http://drbundyscn6tebow.onion/

SotD: What are some methods you might use to knock someone off?

DB: Preferably a gun. almost always a gun.

SotD: Are you a legitimate assassin? Many of the “hitman” sites on Tor have turned out to be fake.

DB: I have never been an assassin, or a hitman. These days I’m just the go-between and escrow for the clients and hitmen/women who are looking for work.

SotD: In relation to that, what is your opinion of other hitman sites on Tor, like Dark Mamba?

DB: In general, if they offer dumb things like torture and assault, it’s probably a scam.

SotD: Do you offer other services besides hits? For example, could you have someone beaten up, but not killed?

DB: No, “Dead men tell no tales”. I don’t want any of my hitmen compromised or caught because they went to “beat someone up” for a few dollars. We are not thugs.

SotD: What form of payment would you accept for transactions? For instance, bitcoin has sometimes been traced back to the person who did the transaction. Is there another one you might use?

DB: No, Our money guy takes care of the tracking issues. His job is solely to play with bitcoins and do whatever it is a money guy does before it’s split up and sent out to the respective parties (I.E. the hitman) when the job is completed.

SotD: Operating a service like this would require some technical knowledge as well. Do you manage it all yourself, or do you have a partner who handles the technical side?

DB: I have partners who handle almost every aspect of the service. Its designed so even if one of us goes down, we can continue the service with little to no interuption like when our tech guy went down and our site was down for awhile. We still contiued on, but we had no site for about a month while we rebuilt it.

SotD: I have heard through the grapevine that your service is very active. Without naming names, has it been successful so far?

DB: Yes, [but] we’ve been struggling to keep up lately.

SotD: How long have you been in this business, and when did you start using the dark web for it?

DB: The business side is a recent thing; it came around about the same time I became active on the dark [web]. In the past, I simply hunted pedos out of hate and disgust. This simply funds that.

SotD: Because part of your business has to operate offline, how do you maintain your anonymity?

DB: My side of the business operates solely online.

SotD: Where did you learn the skills that you need for this job? (For example, the military or a street gang.)

DB: Trial and error. Nothing says failure like a broken jaw and a gunshot wound from your own gun.

SotD: How can you guarantee that you would go through with a hit? For example, do you take a down payment, and then the customer pays the rest after it’s been carried out?

DB: I don’t carry out the hits. We are simply a network, if one man fails for whatever reason, we simply send another. If for some reason, we are just failing to complete the job, we will issue a refund. We have a reputation to build and maintain.

SotD: Are you the best assassin on the dark web? It looks like you have a lot of competition.

DB: Who knows?  But I do know that most are fake.

SotD: I like the idea that you have a “Save-a-Child Foundation” on your site (i.e. stopping pedophiles). Has this been a successful point of business for you?

DB: The business is based around the Save-a-Child Foundation. It was the reason I got into it. I could care less if people hire us to kill their ex-husband or wife; my main purpose in life is to kill pedophiles.

SotD: What else would you be willing to tell people about yourself?

DB: My name is not really Dr. Bundy.