Beware, Maltego Will Find You!

by Ciphas

deep-web-1292333_960_720

A friend of mine recently introduced me to a program called Maltego, made by the South African security company Paterva – and if you use it, it may frighten you. It’s actually been around for a few years, but I only started using it this week.

If it sounds unfamiliar, Maltego is a data mining and pentesting tool that finds relationships between information found on different internet sources. Its “map” of data looks exactly like this:

maltego_graph_censored

So yeah, I’m sort of telling you about the “real me” here. Each dot on that graph represents places online that Maltego connected to you in one way or another. This may be via your email address, IP address or via an “alias” that you used in more than one place. As an example, if you use the username “aisettagess” on more than one website or service, it will find that!

Interestingly, some of the data that it found out about me was via Have I been pwned?, which I mentioned in an earlier post. Likely what happened was that the pwned site scanned for data on numerous sites, and then kept some of that information, so it was available to Maltego. If you consider using that site, keep in mind that it will probably log some data about you, unless you request otherwise.

Just so that I don’t dox a real person, let’s create a fictitious online user with Fake Name Generator.

David A. Bass
879 Burning Memory Lane
Tullytown, PA 19007

Mother’s maiden name: Scott
SSN: 192-42-XXXX

Email address: ftjaqxpl@sharklasers.com (thanks, GuerrillaMail!)

You get the idea. So, using Mr. Bass’ info there, let’s have Maltego gather data on him. It figures out what web servers he’s using, what top level domains he uses, what email servers he sends messages from, etc.

After gathering all this data, it combines it all into a graph like the one above, to get a complete picture. It also has a command line tool, but for the purpose of this post, I’m using the GUI version.

If you click on the green dots on your graph, it will show you the information tied to your various online aliases. Let’s say Mr. Bass there uses the following usernames: PennMan988, AllAboutThatBass859, and DBass1. And let’s say he has these email addresses: ftjaqxpl@sharklasers.com (the one above), and dbass345@guerrillamail.com.

Maltego will find any social media profiles or sites on which David used those email addresses – made even easier if he filled out his real name on the site. The graph illustrates using this key:

maltego_graph_key

Plus, based on information available online, it may figure out your relatives, employment history, average annual income, phone numbers, and even location. By the way, if you want more technical information about Maltego, Concise Courses did a great writeup on it – I suggest you check this out.

So why is this useful? Well, as I’d said in some other recent posts, if any of this information isn’t the kind of thing that you want to be available online, then you can now do something about it.

If you want to delete your profiles (or at least certain information) from any of these websites, take the opportunity and do it.

And for the future, consider what kind of information you’re putting out there before you do so.

Think of that next time you consider posting a nude selfie on Tumblr.

 

 

Advertisements

Who Is Selling My Data?

Lg_where-does-cc-data-go-stolen

by Ciphas

While I know this blog is primarily about the “dark web,” I think it’s easy to forget that the purpose of the dark web is privacy and anonymity (not sick stuff).

As I’d mentioned in my earlier post Is Your Password on the Dark Web? Maybe., it’s easy to unknowingly have your data stolen and, in some cases, passed around the dark web.

By the same token, there’s a good chance that advertisers have also mined and sold your personal data – be that your name, address, phone number, or something else. This article from Lifehacker, though it came out in 2013, has a list of some of the major companies that may have sold your data: The Top 50 Companies That Mine And Sell Your Data (and How to Opt Out).

If you want to skip that, the actual list is here: Master List of Data Broker Opt-Out Links. Click on any one of the links on this list to opt out of having your data sold.

opt_out_list

Of course, this is only one site, but it does seem to be very comprehensive, and covers a lot of the data broker sites. If you have time, I suggest going through each one and having your name removed, if necessary.

These are also good sites to take a look at, for the same reason:

CheckPeople.com

Pipl.com

Spokeo.com

Abine.com: How to Protect Your Data

Granted, if this sort of thing doesn’t matter to you, then don’t worry about it. The reason I mention it at all is that if you don’t want unscrupulous people to get hold of your personal information, it’s best to remove it, if at all possible.

I say this knowing that today is the social media age, where people constantly post selfies and videos of themselves doing who-knows-what, including pictures of themselves having sex. Which I would never do…really!

Anyhow, if this is something that concerns you, check these sites out. It may be creepy what you find.

peephole

 

 

 

Can You Access .Onion Sites Without Tor Browser?

by Ciphas

(Note: Thanks to Ben Tasker’s Security Blog and traudt.xyz for being references.)

Can you access .onion sites without the Tor Browser? Short answer? Yes, you can – but I don’t recommend it…I cannot stress this enough.

I’ve mentioned Tor2web proxies in a few previous posts, but didn’t elaborate on it much. onionto

In their own words, “Tor2web is a project to let Internet users access Tor Onion Services without using Tor Browser.” Tor2web and Web2Tor are reverse proxies which allow clearnet users (such as someone using Chrome, Firefox, etc.) to access Tor hidden services.

reverse_proxy

The proxy listens on port 80 (or sometimes 443) on a clearnet server, and then proxies requests to the Tor hidden service.

If you’re unfamiliar with proxy servers, Indiana University gives a great definition of one: What is a proxy server?  (Psst…I talked about this a little in my earlier post ‘Anonymous’ Proxy List?)

The example they use to illustrate on Tor2web.org is that when you see an onion URL, for example, http://pbfcec3cneb4c422.onion/, if you add “.to,” “.link,” “.cab,” etc. to the end of the URL (e.g. http://pbfcec3cneb4c422.onion.to), and that proxy will connect you to the onion service. Great, right?

Well, no – not great. In spite of its convenience, the problem with using these proxies is that whomever is operating the Tor2web proxy can spy on your web traffic. While this may not sound like a bad thing, if said proxy operator has malicious intent, then you (the user) are basically a sitting duck. Plus, if the point of Tor is being anonymous, and someone can detect your web traffic that defeats the whole purpose!

In fact, even onion.cab themselves – the proxy service, that is – warns users when they first try to access a site this way:

onion

If this doesn’t sound bad, then it should be noted that not only can the operator see your web traffic, but they can also modify it and inject code if they so desire.

Ben Tasker Security Blog has an excellent post about this called Don’t Use Web2Tor/Tor2web (especially Onion.cab) – the example he gives is that some Web2Tor services “have some pretty bad habits, including playing fast and loose with your privacy.”

If you visit  https://6zdgh5a5e6zpchdz.onion, but do so through onion.cab instead of through Tor, the proxy service injects piwik analytics code into the page, which looks something like this:

piwik_tracking

So why should you care? Well, the proxy service who injected the code now knows that your IP address accessed said onion service at a specific time. In addition, they’re also executing code on your browser that the operator of the original site is unaware of.

Within the code, some of the information that it can discover about you is:

  • The title of the page you’re viewing
  • An ID for the site
  • The time that you made the request
  • The exact URL you were looking at
  • The page that sent you to that URL
  • Details of which plugins you have installed
  • Whether cookies are enabled
  • Your screen resolution
  • A unique ID for you

Alternately, this third party operator can inject code into the site that may track you across hidden services – that is, if you’re using the onion.cab proxy.

You can even contract malware via some Tor2web proxies – read this article by Virus Bulletin – Vawtrak uses Tor2web to connect to Tor hidden C&C servers. Granted, this article is over two years old, but it can still give you an idea of what might happen if you rely on these proxies.

Thus, if your concern is privacy, it should be obvious why you don’t want to give this information away. The same goes for any proxy, really, but again, if you’re using Tor for anonymity, then accessing so-called “hidden services” via the clearnet is pointless.

I know that a lot of people who explore the “dark web” for fun just say, “Give me links!” But if you want to explore those links, do so in the right way – use the Tor Browser (from https://www.torproject.org/), and don’t try to do so via the clearnet.

There’s a reason it’s called the “dark web,” after all.

creepy_eyes

Should You Use a VPN with Tor? (Well, No.)

vpn-graphic-100022486-orig

This seems to be a very frequently asked question, and on many sites, people will tell you that you should use a VPN with Tor, for “extra protection.”

Based on my research, however, I disagree – and this seems to be an unpopular opinion. One reference I’d like to cite is a blog post by Matt Traudt, a.k.a. system33-, who is someone I respect with regard to Tor. The post in question is VPN + Tor: Not Necessarily a Net Gain.

One of the points he brings up here is the following:

Tor is trustless, a VPN is trusted. Users don’t have to trust every Tor relay that they use in order to stay safe with Tor. As long as the right ones aren’t compromised, working together, or otherwise malicious, the user stays protected.

This is the main problem with insisting on combining Tor and a VPN. VPNs can keep logs of your activity online (though some claim not to), whereas Tor does not.

However, using a VPN can hide your Tor usage from your ISP, especially if said ISP is suspicious of Tor.

The Tin Hat, on their post Tor And VPN – Using Both for Added Security, also makes the point that “Where this setup fails is at hiding your traffic from a malicious Tor exit node. Because the traffic goes through the VPN, and then to the Tor network, exit nodes can still watch your traffic unencrypted.”

My preference, personally, is to use a Linux distribution with Tor, like Tails or Qubes, or for the more advanced, Arch Linux or Manjaro Linux. These, of course, take time to learn and won’t do everything for you, but they are designed for security. While this doesn’t mean they are vulnerability-free, they can improve your protection, particularly if you understand their ins and outs.

Don’t get me wrong – Unix-like OS’s are not invincible – see Sophos: Don’t believe these four myths about Linux security, but depending on the situation, it’s preferable to using an OS like Windows.

Oddly enough, I haven’t “contracted” any malware via the dark web – at least not to my knowledge. This has happened more often on the clearnet, ironically. Maybe it’s because I don’t download mysterious files or install programs that I find randomly on networks like Tor.

I’m paranoid that way.

What about you, readers? What OS’s do you prefer to use (specifically in combination with Tor, I2P, Freenet, etc.)?

In the meantime, enjoy your dark web adventures, my friends – and please research any VPN or other “privacy” software before trusting it blindly.

16199cffb76fff8c74ad6dd8eac6afab

 

‘Anonymous’ Proxy List?

SPIDERMANLUCK.png

I forget exactly where I found this link – I think it was either Electronic Frontier Foundation or Privacy Tools  – but it’s a list of supposedly anonymous proxy servers, generated by a set of particular search engine terms:

+”:8080″ +”:3128″ +”:80″ filetype:txt

This returns results for lists of proxy servers that use ports 8080, 3128, and 80, which are apparently more anonymous than average proxies.

You’ll get different results if you use different search engines, too:

qwant.com: proxy list

Blackle.com: proxy list

For the curious, here are some of the actual results that you might get as well:

rebro.weebly.com: proxy list

Proxy Spider: short proxy list

kan339: proxy list

lategoodies.tripod.com: proxy list

h3furnitureoutlet: proxy list (yeah, a furniture outlet has a proxy list)

proxy IP list: anonymous

jobabroad.sweb.cz: proxy list

playinator.com: proxy list

Even so, as I mentioned in a few earlier posts, this all depends on whether you trust proxies at all. Which is why I haven’t used any of these, personally.

It’s similar to using a VPN in combination with Tor. Are you really anonymous when doing this? That depends on whether or not you trust your VPN provider! By the same token, it’s very risky to use certain proxies, unless you know what data the proxy server is collecting about you. Never mind the fact that .txt documents can contain malware (just as some PDFs on Tor do). Read Should You Trust Any Proxy? to find out a little more.

Regardless, it’s an interesting experiment to try Googling this, even if you don’t decide to use the proxy services themselves. Most of the sites look like this:

anonymous_proxy

While the idea of “anonymous proxy server” sounds great, in theory, they could be just like malicious Tor exit nodes – intending to steal data or worse.

So yes, these proxies exist. Should you use them? That’s up to you.

Call me paranoid, but personally, I wouldn’t.

 

Alienet: a Different Sort of VPN

alienet

by Ciphas

Good morning, readers! I’m back after quite the hiatus. I confess this is because I’ve been writing for other publications! (That’s good, right?)

I’ve also been (as the title says) exploring quite a few more darknets beyond just Tor, I2P, and Freenet. Maybe this is obvious to some, but those three are only the tip of the proverbial iceberg.

Anyhow, those of you who watch SomeOrdinaryGamers on YouTube (specifically his “Deep Web Browsing” series), might recognize the site above, called Alienet. He covered it in his video AYYLMAO PARALLEL NET!?!.

According to the person (people?) who run Alienet, it’s a VPN-based hidden network, that emphasizes privacy, anonymity, and security.

In their words (misspellings left intact):

Alienet is the only hidden network that will totally hide your ass from the big brother: when you’re connected to Alienet, your machine will result OFFLINE for the entire internet wolrd! Is that safe enough? Enjoy my dears…..

Spelling and grammar errors aside, I do believe that Alienet is a legit network (in spite of Tor’s plethora of scams).

It uses OpenVPN, an open-source SSL VPN. OpenVPN allows remote access, site-to-site VPNs, and a number of other configurations.

In order to join Alienet, you have to install OpenVPN (of course), and then ask for an Alienet Client Key. The admin will ask you for some particular information, including your operating system, encryption keys, and a contact email.

 

OK, sounds pretty simple, right? I haven’t actually connected to the network yet, but I have tried one of their other services, specifically AnonyMail, which is a privacy-themed email service.

anonymail

Of note: AnonyMail works on both the clearnet and on the Tor network, so you can receive emails from darknet email clients like SIGAINT and OnionMail, as well as most clearnet email providers.

I did a test email to one of my darknet friends through AnonyMail, and it worked with no issues, so I’m assuming that it’s perfectly OK.

The other day, I also finally connected to OpenVPN (I was having password issues initially), and it works just fine. So…once I finish the Alienet process, I’ll probably do a “Part 2” about that.

The site also explains that once you connect to Alienet, you can access “.anon sites,” which aren’t official DNS names – they certainly aren’t listed at IANA – Root Zone Database (i.e. the official list of approved domain names). I believe this is how the .onion domain name was originally created.

Some DNS names, after they’ve been submitted for approval, do become official names, but that takes a long time.

Anyhow, I thought this might interest some of you. Take a look at the network, and let me know if you find anything interesting!

2af159e1f9453508ecfad112e4c5b4287371416d3ef4fab3b85bb20238a6b45f_1

 

Dark Web Chat: Liberty or Depravity?

I was trawling the dark web yesterday looking for writing inspiration (yes, I do that), and what did I find?

No, it wasn’t any disturbing images, sick videos, or child pornography – it was a couple of chat rooms. That sounds innocent enough, but what I’ve learned during my research is that if you give people complete anonymity, they’ll feel free to be themselves.

In the context of the dark web, this can mean a lot of things.

chat_room_tor

The not Evil chat on Tor.

In one sense, it’s ideal for whistleblowers, hackers, and others who merely require privacy for what I would consider “legitimate” reasons. In another, it’s also ripe for pedophiles and other depraved individuals who, for obvious reasons, would want to remain anonymous, but are inclined to share sick imagery and the like.

I’m sure I’m not the first to express this, but I want to give my take on it. So, as I say frequently, it isn’t all sick and disturbed individuals that I’ve come across.

One of the first chat rooms I checked out on the Tor network was one linked to the not Evil search engine, and seemed relatively harmless. (It’s the one in the screenshot above.)

Occasionally, it would have a visitor asking for something along the lines of drugs or the aforementioned red rooms, but that was about it. Although one time, I did receive a message from a user who was a complete stranger:

Anonymous: Hi there. Need to hire a hacker or ruin someone’s reputation?
Me: No, just doing research. Thanks!
Anonymous: ok, well if you do then contact me.

All in all, it wasn’t the strangest exchange I’ve ever had on Tor, but it may have shown my naivete. Since then, I’ve gone back to the not Evil chat rooms, and have rarely had a similar conversation (if you can even call it that).

Going a Little Deeper

onionchat

Oh, the jokes I would’ve made in 3rd grade over that.  Anyhow, another chat room which I’ve used a few times goes by the name of OnionChat.  Like the previous one, it seemed relatively harmless, although I suppose you never know who you’ll come across.

In my most recent experience with that place, someone was doxing Donald Trump (surprise, surprise).and his family members.  The person released not only their addresses, but social media accounts, phone numbers, email addresses, registry domains, and IP addresses.  (Not that I’m going to share that information here, as much as I might be tempted to.)

Snowden or Honeypot? (WARNING!!!!)

wikileaks

Via that same chat room, I received a link to another slightly more mysterious chat room that was supposedly connected to WikiLeaks.  In that room, you would be given a randomly generated name before you started chatting (such as “BobRoss09”).  Next to the little chat box was a button labeled “Destroy,” which would supposedly purge any chat messages you had left there forever.

The idea behind it (again, in theory) was that if you wanted to submit leaked documents or information to WikiLeaks, you could do it there secretly.  Unfortunately, I have no idea if it was genuine, a honeypot, or something worse, and because of that, I’m going to go with fake.  I tend not to trust random strangers on the dark web (good philosophy, right?).

It’s possible that the chat room was actually set up by federal law enforcement to catch those who were leaking confidential documents, or set up by someone with malicious intent who wanted to steal important documents.  Either way, I’m going to nope the fuck out of there.

By the way, if you really want to submit information to WikiLeaks, they have an official Tor hidden service at WikiLeaks Upload and Form Submission.  You can also find their public PGP key here: https://wikileaks.org/#submit_wlkey.  For Tor users, here’s the equivalent .onion address: http://wlupld3ptjvsgwqw.onion/wl-submission-key.html (I promise that that one’s not a scam).

A Festering Sewer

The worst chat room I’ve come across so far is another one which I won’t share the link to, because I just know that some of you will click on it.

Essentially, it was the type of place where nothing was out-of-bounds, including child pornography, animal abuse, and/or hurtcore.  People would discuss their beyond-sick fantasies in graphic detail, and would also share images and videos candidly.

In fact, it was one of those places where, in order to be admitted to the chat room in the first place, you had to share some CP images or videos.  That way they would (in theory) know that you weren’t a cop.

I confess that initially, I did try to join the chat room (if only for research purposes, I swear!), but once I knew that you had to upload this disgusting material in order to join, I hastily made my exit. What I can do is try to simulate the conversations for my readers (without getting too graphic).

Girllover: anyone got pics of young girls
sickfuck: i do hold on
sickfuck: here [689389.jpg]
Girllover: oh wow, that’s hot thanks
necrophile44: anyone have pics of young dead girls?
sickfuck: oh necro, you drive a hard bargain [09890.jpg]

Well, you get the idea.  The real thing is much worse than what I’ve written here.  I suppose, in theory, just chatting about these concepts isn’t illegal, but the type of people who have these fantasies I would expect to have much worse on their computers.

And I’m sure that this is far from the only chat room of its type on the dark web.  It merely shocked me because I hadn’t often taken the opportunity to actually enter one of the chat rooms before.

Am I being corrupted by my dark web research?  I don’t think so, but it can take a toll on you sometimes.

As Nietzsche once said, “He who fights with monsters should look to it that he himself does not become a monster. And if you gaze long into an abyss, the abyss also gazes into you.”

Is That All There Is? (No, Actually.)

ictsecure

 

I still say that, in spite of the sometimes-horrifying things that you can find on Tor, Freenet, and other networks, they’re still necessary.  In an increasingly surveillance-ridden world, there is a need for privacy.

If that means that sometimes crazy and disturbed individuals will form communities, so be it.  I think that eventually, they will be found out, one way or another.  I still consider myself an advocate of privacy and security.

I’ve just had my eyes opened to the dark corners; that’s all.