Exposing A Scam: V3RDAD

For the record: I don’t like scammers (who does?), but I have encountered many of them, especially on Tor and other darknets. I suppose that’s all par for the course.

My most recent scam encounter has been with a fellow who calls himself (or herself?) V3RDAD.

He has a profile on ask.fm, which is a question and answer site along the lines of Quora or Yahoo! Answers. On this profile, he links to a Tor hidden service at http://dafynex6ytjnpeo4.onion/ Fine – there’s nothing wrong with that, except that I find all of his answers to be sketchy in nature.

Here’s one example:

ask_fm_scam

In the screenshot above, someone asks “Why does taur node open a listening connection? My antivirus blocked it.”

His answer:

“Taur Node creates a listener to handle up-to-date information coming from the network itself. The only purpose of it is to display pop-up information about the network, like network status, node availability, login information, etc. Just disable your antivirus software before starting the node. If you are too paranoid about it, you can simply just kill it’s process after you are done / disconnected from the network and re-enable your antivirus again. Killing the process of the node will disable any incoming activity and kill the listener.. you will basically not be able to receive any information about the network anymore.”

OK – does that sound suspicious to anyone? He’s asking some random person to disable their antivirus program after the program blocked this so-called “taur” software. I realize that on occasion, antivirus programs will block software that isn’t malicious, but why should I trust you, V3RDAD?

The Tor hidden service that he links to is entitled “whoami,” and looks like this:

dafy_node_scam

The links with the purple text have various downloads, all of which (as I said before) look very sketchy. The operator of this site claims that you need the downloads to connect to a so-called “taur node” (in other words, nodes on his “private network”).

Again, this sounds like a scam to me. If you really want to try it (which I don’t recommend), use a virtual machine (e.g. Qubes or Tails) so that the file can’t potentially harm your computer.

If you look at some of his other answers, they also sound like bullshit:

Q. What is vbs0rkxc.dafy?

A. The answer to Level 7.

Um…OK, if you say so. If you’ve read any of my earlier posts (or RationalWiki, for that matter), you should know that there are no “deep web levels,” as intriguing as that might sound.

It’s possible that the same person may also have written this blog post, although I’m not sure: Darkfantasy Network. Why do I say this? It has a list of so-called “dafy links” (where have I heard that before?)

dafy_links

In addition, it has a list of “Nept Links,” “Life Links,” “Taur Links,” and “Elen Links,” accompanied by mysterious descriptions. Here are a few examples:

http://girogahary5arofeideidegivoly.nept/ – Dark Babylon City (hidden marketplace)

G94dkElc.dafy – Conspiration Forum

http://ekkhgiskagfrawahulatriaottyx.nept/ – How the Universe was Created

You get the idea. And to try to lend credence to his links, he throws in a few real ones, including ChaosVPN and Freenet. This isn’t the first time I’ve seen something like this. Remember The Shadow Web? (*cough cough*)

Anyhow, I don’t suggest downloading anything from these sites, as it may potentially harm your computer. And of course, don’t give this person any money. Want some real darknet links, though? Here:

http://rrbm3jiflz3euxhp.onion/wordpress/

http://zfq7tgxed245jpdz.onion/ – The Darknet Project 0ffSecurity

bdtq4shqkbb3yy7b.onion – DARKWEB LEGION (yes, that’s how they wrote it)

ZeroNet Links:

http://127.0.0.1:43110/kaffiene.bit/

127.0.0.1:43110/138R53t3ZW7KDfSfxVpWUsMXgwUnsDNXLP/

http://127.0.0.1:43110/zerochatrooms.bit/

Freenet Links:

http://localhost:8888/freenet:USK@tiYrPDh~fDeH5V7NZjpp~QuubaHwgks88iwlRXXLLWA,yboLMwX1dChz8fWKjmbdtl38HR5uiCOdIUT86ohUyRg,AQACAAE/nerdageddon/247/ – Nerdageddon

http://localhost:8888/USK@XJZAi25dd5y7lrxE3cHMmM-xZ-c-hlPpKLYeLC0YG5I,8XTbR1bd9RBXlX6j-OZNednsJ8Cl6EAeBBebC3jtMFU,AQACAAE/index/711/ – Enzo’s Index

http://localhost:8888/freenet:USK@2u8eFaTHrvLzeHeq9vXFV8wzivgTG1ExY6v1cM8Zblo,eDLofzubExKX5A8TK0SqdQb3jrI0fDlgw-iaxXUEHVQ,AQACAAE/ttipdocs/5/ – Greenpeace TTIP Leaks

http://localhost:8888/USK@1ORdIvjL2H1bZblJcP8hu2LjjKtVB-rVzp8mLty~5N4,8hL85otZBbq0geDsSKkBK4sKESL2SrNVecFZz9NxGVQ,AQACAAE/bluishcoder/21/ – Bluish Coder

I also recently found a site that maps the Hyperboria Network, which uses the cjdns protocol: fc00 – these I really haven’t checked out yet, so maybe you can fill me in!

I guarantee that these are all real links (although I can’t guarantee that the information on them is accurate). Check those out, and let me know if you find anything of interest. If you don’t, keep searching!

 

 

 

 

 

 

Advertisements

Creating a Hidden Network?

Journey_to_the_Dark_Web

One of my readers, with whom I’ve been corresponding on and off, wrote to me with an idea about creating a hidden network from scratch. It may have been inspired by one of my earlier posts, The “Shadow Web” Cited Me? Awesome!

In this post, I speculated about how you could create your own “shadow web,” i.e. a network that offered anonymity, and that you and only a select few people could access. In response, this reader had a few suggestions for such a network (I’m paraphrasing his (or her?) words here):

  1. One in which you could communicate via Telnet or Netcat over the Tor network.
  2. No DNS, no sites, just chats.
  3. Each user has his own list of peers.
  4. No nicknames, just onion domains.
  5. Everything is done manually, to avoid potential security flaws.
  6. Users select someone to chat with from the peer list and connect via TCP socket over Tor.

 

telnet_screenshot_2

This is, more or less, what I had in mind when I described the idea of creating a hidden network, although I had hoped that you could build websites on top of it too. What I’m unsure of, in his description, is what he means by “no nicknames,” as I would think you would need some kind of identifier to use a chat feature.

Even if the names weren’t user-generated, you could have this encrypted chat generate them for you. To use the example of the “nonsense word generators” again, perhaps the program could generate two names like this:

Hokr

Ngwood

It could also generate cryptographic keys for each identity, like:

6U-^QoM&m{z?H]g~c”AX3VgQqzVVo+

VtjHjR00ZCYVvU7Gs2iuWXQd2lX6oPDi

It’s similar to Freenet’s WebOfTrust plugin, which also generates identities for users of the network. In the case of Freenet, you have to solve some puzzles (which are more or less CAPTCHAs) in order to introduce your identity to other users. This is done to prevent bots from “joining” the network.

setup004

Personally, I love this idea, although I’m still in the process of studying some of this, and I might need a little help getting started. Anyone else have ideas to contribute? Feel free!

Hey, sooner or later I may actually have my own darknet! (And of course, I’d have to make it dark and scary.)

curtain

The “Shadow Web” Cited Me? Awesome!

Given that I’ve written a few past posts about the so-called “Shadow Web,” I was flattered when I came across a more recent site by that name, and they had quoted something I had written a while back when, ironically, I was less familiar with the dark web.

“The reason it’s so difficult to access the shadow web is that first, you would need a browser (such as Tor) that provides easier access to hidden sites (like .onion URLs). Then, you would most likely be given the specific URL by someone in the know, or use a search engine geared toward searching the deep web.”

I find this funny for several reasons: the statements I made at the time were not entirely accurate. Tor doesn’t really “provide easier access to hidden sites,” although at one time it was the only way you could access .onion URLs. Since there are now Tor2web proxies (like onion.to and onion.link), through which you can access Tor hidden services from the clearnet, you don’t necessarily have to have the Tor browser to reach them.

However, using the proxies is not a safe way to do so, because there’s a far greater chance that someone could spy on your web traffic in the process. They even warn you about this on some of the sites:

onionto

Also, at the time that I wrote the original post, I didn’t distinguish between “deep web” and “dark web” (which are still confusing terms for most people). I meant to say dark web, honest!!

tor2web

Regardless of my errors, thanks for citing me as a source, Mr. Shadow Web! The “new” Shadow Web site is located at http://shadowznwuibgi7w.onion, and looks somewhat similar to the previous ones. I attempted to take a screenshot of it, but that function was disabled (of course). In essence, it’s a black background with this picture at the top:

access the shadow web

The landing page of the so-called “Shadow Web” site

The only difference between my picture and theirs is that theirs says “Access The Shadow Web” at the top. This time around, they feature an FAQ of sorts, to try to “debunk” some of the “myths” about the Shadow Web…

And I quote…

# 1 Shadow Web is a myth or true

ANSWER: IT IS TRUE

# 2 Is Shadow Web somewhere deep hidden under something unbelievable?

ANSWER: NO. THAT WAS A MISSUNDERSTANDING [sic]. ITS [sic] NOT DEEP UNDER, OR SOME MAGIC PROTECTED. IS JUST A SPECIAL INTERNET, SEPERATE [sic], UNACCESSIBLE AND FOR THIS INVISIBLE TO GUYS THAT DO NOT HAVE THE ACCESS-KEYS TO ENCRYPT THE URL AND INFORMATIONS. IN OUR PACKET WE GIVE YOU 1000+ DIFFERENT KEYS. ON SOME SHADOW WEB SITES YOU CAN GET MORE FORE FREE. THERE ARE SOME SPECIAL ONES YOU HAVE TO PAY. THIS DEPEND ON WHAT YOU WANT TO GET. MOST ARE FREE.

# 3 Do I need a Super Computer for Access

ANSWER: NO. THAT IS JUST A STORY FOR STOP [sic] KIDS AND IDIOTS TO TRY.

Aw, man! And I just bought a new super computer! I won’t list all of the “FAQ” section here, but you get the basic idea. Anyhow, according to them, in order to access the site, you need to pay $295 in bitcoin, which seems a bit extravagant.

How to Create Your Own Shadow Web!

OpenVPN-Setup-on-Linux

In response to this, I thought I’d explain how you could actually create a “shadow web.” Just as there are a number of different ways to accomplish anonymity online, so are there many different networks that use these methods.

It might be something like the network dn42, which is a large VPN using various internet technologies, such as BGP, whois database, and DNS. Participants in dn42 connect to one another via network tunnels like OpenVPN and Tinc – however, dn42 is not technically part of the internet, because it doesn’t use the internet protocol (IP). Confused yet?

In other words, you could create a VPN-based hidden network, using a network tunnel. ChaosVPN, which I mentioned in some earlier posts, is also a VPN-based network. For full details on how to join dn42, click the link above.

Or it could be something like The Darknet Project – as they describe it, “A Darknet is a portion of routed, allocated IP space in which no active services or servers reside. These are “dark” because there is, seemingly, nothing within these networks.”

A third method might be to create a wireless mesh network, as I’d mentioned a couple of posts ago, but one that only you and a small number of people had access to – something like goTenna Mesh (as one example). Or, perhaps it would be something like a Freifunk network. Of course, you would need the right hardware for this, and you would have to find others to join, but that would just take a bit of time and effort.

So, in theory, a “shadow web” might be a private network that uses protocols other than the internet protocol, a darknet of some kind, or a wireless mesh network with a select few participants.

This, however, does not mean there actually is a Shadow Web – I just thought it was fun to consider how you could create one.

Will you be the first to do it? I dare you!

shadow-people

A Darknet Dictionary (Work in Progress, with Links!)

darr5

by Ciphas

So, given that there seems to be a lot of confusion about certain terms connected with the darknet and/or dark web, I thought it might be useful to have a “darknet dictionary” here. I must give some credit for this idea to Deepdotweb.com, who featured a similar article at DeepDotWeb’s DarkNet Dictionary Project! This isn’t a carbon copy of theirs, but they inspired me.

Their darknet dictionary is an ongoing project, so I think I’ll do the same with mine. If anyone wants to suggest new entries (or corrections) in the comments, feel free! I just may add them.

NOTE: Some links below may be down.

2FA – Abbreviation for “two-factor authentication.” 2FA is a type of multi-factor authentication (MFA), i.e. a user is only granted access to a site after presenting multiple pieces of authentication. Although used on the clearnet as well, 2FA is used on many darknet markets (and other sites) to verify users’ identities.

Example: a username and password, plus a separate PIN or a security question.

img21

Active at Dark Markets? – A Tor hidden service set up by Dutch law enforcement to warn darknet market users that they are being tracked.

activedark.png

Ahmia.fi – A search engine that finds Tor hidden services and I2P eepsites. Also available on Tor at http://msydqstlz2kzerdg.onion/.

ahmia

Alienet – A VPN-based hidden network that offers messaging, mail, IRC, and hidden services. Not as well known as some other darknets, but it is real. Their site is at http://darknetproject.info on the clearnet, or https://unionsoe3yw6fxaq.onion on Tor.

alienet

AlphaBay – Currently one of the top darknet markets on the Tor network. Uses both multisig transactions and a traditional escrow system (depending on the vendor). Access it at this link: http://pwoah7foa6au2pul.onion/register.php?aff=41211

AlphaBay-Home-e1440639625779

AYW – All You’re Wiki [sic]. The Hidden Wiki with all CP links removed.

allyourewiki

Besa Mafia – A fake hitman service that (surprise, surprise) turned out to be a scam. Though a number of people paid to use their “services,” no one was ever hurt or killed. The admin of the site did escape with a number of people’s bitcoins, however.

besa

Bitcoin– A digital currency created by the mysterious “Satoshi Nakamoto” in 2009. Bitcoin incorporates encryption techniques to regulate the creation of new units, and to verify the transfer of funds. The smallest units of bitcoin are called “satoshis.”

bitcoins182way

Bitcoin billionaire yet?

Bitcoin Mixer – A service used to disguise the trail of bitcoins back to their original owner. Often used when buying and selling illicit goods on darknet markets. A few examples of bitcoin mixers are: BitCloak, Grams Helix, and BitBlender.

bitcloak

Blackbook – A former social network on the Tor network, modeled after Facebook. Used to be located at https://blkbook3fxhcsn3u.onion.

Blackbook

Black Market Reloaded (BMR) – A former darknet market on Tor, and one of the oldest, which is currently offline. Plans have been announced for it to restart.

black-market-reloaded-screenshot

Blockchain – A public ledger of all bitcoin transactions that have ever been executed. This applies to other cryptocurrencies as well.

blockchaininfo

BotDW – Boss of the deep web.

botdw

Candydoll – A term referring to non-nude photos of children in suggestive poses or sexy clothing. Softcore child pornography, more or less. (Also may refer to makeup kits that are designed for this style of photography.)

NOTE: The screenshot below is from one of the sites selling the makeup kits.

candydoll_makeup.png

Carding – The trafficking of credit cards, bank accounts, website accounts, and other financial or personal information. May or may not take place within larger darknet markets. Some vendors on the dark web specialize in this type of crime.

darknet_forum

Cheese Pizza – Another slang term for child pornography.

Cipherspace – The “hidden internet,” built on top of anonymity networks like Tor, I2P, Freenet, and others.

Clearnet – The “normal internet” accessible without special software or configurations. (e.g. Google, Bing, Facebook, Wikipedia, Twitter, Reddit, etc.) Also sometimes referred to as the “surface web” (though this term is wildly inaccurate and confusing.)

surface-web-anz-tech-anztech-pc-fix-in-manukau-computer-repair-in-penrose

Enough with the icebergs, already!

Cold storage – Keeping a reserve of bitcoins offline (e.g. on a USB drive or encrypted media) to prevent tampering or theft.

coldstorage_bitcoin

CP – An acronym for “child porn” or “child pornography.”

Cryptography – The art of writing and solving codes. With regard to the dark web, it is a means of encrypting data (messages, etc.) that you send over the network.

Daisy’s Destruction – An infamous film made by child pornography producer Peter Scully (see entry), through his company No Limits Fun. The film shows the sexualized torture and abuse of several young girls, one of whom is referred to as “Daisy.” However, the film has reached mythological status on the web, with the details and facts about it being blown out of proportion.

daisy

Darknet – An overlay network that requires specific software, configurations, or permission to access. Examples include: Tor, I2P, Freenet, GNUnet. Some of these networks (like Freenet) have both “darknet” and “opennet” modes, where you can choose whether to connect only to peers that you trust, or connect to anyone.

ccnx_166975_full

Darknet Heroes League (DHL) – DHL is an escrow market comprised of old school vendors who were invited to sell there. Access it at http://darkheroesq46awl.onion.

dhlmarket

Darknet Market – A market hosted on an anonymity network (such as Tor) that often (but not always) deals in illicit goods. Popular purchases include drugs, drug paraphernalia (like pipes), firearms, hacked PayPal accounts, skimmed credit cards, counterfeit money, porn accounts, and fake official documents.

dream_market_drugs

Dark0de (a.k.a. Darkode) – A notorious hacking and cybercrime forum, originally hosted on the clearnet, which transitioned to the Tor network.

DarkodeKoS.png

Dark Mamba – A new “private military company” that claims to offer murder-for-hire services, run by the admin of the old Besa Mafia site. (i.e. another fake hitman site.) Located at https://darkmambawopntdk.onion.

dark-mamba

Dark Web – The part of the web that exists on darknets like Tor, I2P, Freenet, GNUnet, and other networks, and requires special software, configurations, or permission to access. The dark web is a small part of the deep web. The word “dark” does not refer to the content, but rather the fact that the networks are special access.

SIGAINT-attack

Dark Web News – A news site that reports on events that take place on the dark web. Also features bitcoin tutorials, links, and a comparison of darknet markets. Located at https://www.darkwebnews.com.

darkwebnews

DBAN – Darik’s Boot and Nuke – free erasure software that automatically deletes the contents of any hard drive it can detect, developed by Darik Horn.

dban11

Deep Web – The part of the web not indexed by traditional search engines, like Google. This term is often confused with “dark web,” but the two are not synonymous.

91d6d0cc4ed117a62f37c70d97e1a077_original

Deepdotweb – A site that releases news, articles, and occasionally tutorials about the dark web (primarily Tor). They also keep an accurate, updated list of darknet markets that’s very reliable. Can be found at Deepdotweb.com or https://deepdot35wvmeyd5.onion.

deepdotweb3.png

DisconnectA clearnet search engine that prevents other search engines from tracking your searches. It used to be the standard search engine on the Tor browser. Located at https://search.disconnect.me/.

disconnect_search

DNStats.netA site that monitors the status of various darknet markets and a few other sites on the Tor network. Located at https://dnstats.net/ on the clearnet, and https://dnstatstzgfcalax.onion/ on Tor.

dnstats

Doxing – The act of researching and posting someone’s personal information (e.g. phone number, address, full name) on the internet. Takes place on both the dark web and clearnet.

doxbin

Doxxters, The – A group who offers a doxing service for pay. Located at https://doxxtereufvckkiz.onion.

doxxters

Dream Market – Another top darknet market hosted on the Tor network, which uses a traditional escrow system. Access it at http://lchudifyeqm4ldjj.onion/?ai=1675.

dreammarket-drugs3

DuckDuckGo – Currently the standard search engine used on the Tor browser. Is popular with privacy-minded users. Located at https://duckduckgo.com/ on the clearnet, and https://3g2upl4pq6kufc4m.onion on Tor.

duckduckgo

Dump – The sharing of stolen data, such as usernames, passwords, credit card numbers, and bank account data. Also takes place on the clearnet, but is more infamous on networks like Tor.

dumpsad

Eepsite – The name for hidden services hosted on the I2P network. They end in the domain name .i2p.

eepsite

Freedom Hosting – A former Tor specialist web hosting service which, at its height in 2013, was the largest hosting service of its kind. Was the target of an attack by Anonymous, as well as a large law enforcement operation headed by the FBI. Has since been succeeded by another service dubbed “Freedom Hosting II.”

freedom_hosting

Freenet – A peer-to-peer network for censorship-resistant communication, touted as an alternative to other networks like Tor and I2P. It features anonymous messaging, email, social networking, and site hosting. A typical Freenet URI looks like this:

USK@MYLAnId-ZEyXhDGGbYOa1gOtkZZrFNTXjFl1dibLj9E,Xpu27DoAKKc8b0718E-ZteFrGqCYROe7
XBBJI57pB4M,AQACAAE/pyFreenetHg/31/

Download it at https://freenetproject.org/.

freenet_mainpage

Freesite – The name used for Freenet’s hidden services.

freenet_fms_setup

FullzIn carding terms, “fullz” refer to full database records of personally identifiable information. Such things might include names, addresses, phone numbers, bank account information, social security numbers, passwords, etc.

SPAM_smtp-rdp-cc-fullz-plus-bitcoin-carding-methods_6115250321125192472-a347a8c0d08d4002b40415e8063cdb64.jpg

Galaxy2 – A popular social network on Tor. It is a follow-up to the original Galaxy social network, created by “Lameth.” Located at https://w363zoq3ylux5rf5.onion.

0b034e7890a8d0073b501f05601a4071

GNUnet – A free software framework for decentralized peer-to-peer networking. It includes P2P applications, such as chat, file sharing, and VPN.

gnunet_screenshot

Grams – A Tor-based search engine for darknet markets, which helps compare goods, prices, and vendors. Tor link: http://grams7enufi7jmdl.onion/

grams-black-market-search-engine

HANSA Market – A darknet market with a multisig escrow system. Tor link: http://hansamkt2rr6nfg3.onion/affiliate/110

hansa_market

Hard Candy – Slang term for an underage girl – roughly age 12-16, on both the dark web and clearnet. Also can refer to child pornography featuring girls of this age.

Harry71’s Onion Spider – A popular link repository on Tor. Is respectable because it’s updated daily, and the links are generally accurate and active. Tor link: skunksworkedp2cg.onion

harry71_onion

Helix Light – A bitcoin cleaner available from the developers of Grams. Tor link: http://grams7enufi7jmdl.onion/helix/light

helix_light

Hell – Infamous hacking forum formerly hosted on the Tor network, where users share hacking tips as well as stolen data. There is another site currently going by the same name, but it is actually a clone site made with a stolen private key from the original site.

Hidden Wiki – Name for a popular wiki on Tor that links to and describes some basic Tor hidden services (for noobs). The main one is located at http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page. There are several other sites that use the name Hidden Wiki as well, but this one is usually the site in question.

hiddenwiki2

Hitmen/Assassins – A service that’s supposedly easy to find on the dark web. All of the sites offering these services have turned out to be elaborate scams, but the myth continues to be perpetuated by creepypastas and rumors.

hitman_network

Hurtcore – Most extreme form of child pornography, involving such things as physical injury and rape, which can be found on the dark web. Avoid at all costs.

screen-shot-2015-09-10-at-8-54-44-pm

Credit: allthingsvice.com

I2P – An overlay network and darknet that allows applications to send messages to each other anonymously and securely. Download it at https://geti2p.net/en/.

I2P_router_console_0.7.7

L33TER – A vendor shop started by L33Ter, vendor from most of the early darknet markets. Specializes in digital and physical products. Located at http://l33ter2w7q4bytfh.onion.

l33ter

LE – An abbreviation for “law enforcement.”

Litecoin – A peer-to-peer cryptocurrency that is based on bitcoin. Find out more at Litecoin – Open source P2P digital currency.

litecoin

Lux – Username of Matthew David Graham, convicted (and imprisoned) owner of child pornography sites PedoEmpire, Hurt 2 The Core, and Love 2 The Core (among others).

matthewdgraham

Mesh routing network – Networks made up of radio nodes arranged in a mesh topology. Examples include Netsukuku, GNUnet, Hyperboria, and CCNx. Many of these are still in beta mode and have not been officially released, but they have been advertised as alternatives to the traditional internet structure being used right now.

netsukuku

Multisig – An abbreviation for “multsignature.” The requirement for more than one key to authorize a bitcoin transaction.

multisig

Credit: deepdotweb.com

not Evil – The premier search engine on Tor. Was originally designed to look like a parody of Google. Located at https://hss3uro2hsxfogfq.onion.

notevil-chat

Onionland – A nickname for the Tor network.

2000px-Tor-logo-2011-flat.svg.png

OpenBazaar – A decentralized peer-to-peer marketplace that sells a variety of goods for bitcoin and currently runs on the Tor network. Not a “darknet market,” per se, but uses a similar concept.

openbazaar

Operation Onymous – An international law enforcement operation targeting darknet markets and other Tor hidden services in 2014. Supposedly shut down over 400 sites (although many were clone sites).

xzfzwwhgrbpgguhzhkiu

Outlaw Market – Another of the top darknet markets on Tor. Sells drugs, digital goods, weapons, and other merchandise. Access it at http://outfor6jwcztwbpd.onion/indxx1.php.

outlaw.png

Pedo – A slang term on the dark web for “pedophile.” Refers not only to the people themselves, but related sites and materials. (e.g. PedoEmpire)

PedoFunding – A now-defunct website on Tor run by convicted freelance photographer Richard Huckle. Huckle has since been imprisoned, and received 22 consecutive life sentences.

PGP An encryption standard created by Phil Zimmermann in 1991. The initials stand for “Pretty Good Privacy.” PGP is frequently used to encrypt and decrypt messages on the dark web.

public-key

PlayPen – A large child pornography site that, in 2015, was seized by the FBI and used to catch pedophiles who were accessing the site. This has been one of the more controversial cases, as some have questioned the legality of the FBI’s actions.

Qubes – A security-focused operating system that aims to provide security by isolation. One of many distros that can help provide security and anonymity. Official site: https://www.qubes-os.org/

r3rc1-nalu-desktop-1

/r/darknetmarkets – A subreddit dedicated to information and discussions about darknet markets.

/r/deepweb – A subreddit dedicated to factual information about the deep web and dark web (as opposed to urban legends).

Red Room – A series of mythological sites on the dark web that supposedly feature live torture and murder (see “Shadow Web”). Entrance to these sites (in theory) requires bitcoin, as well as special credentials, such as a password given by an administrator. They are, more or less, an extension of the urban legend of “snuff films.”

All of the ones that have become public knowledge have turned out to be scams, yet many creepypastas and YouTube videos have continued to perpetuate the myth.

darkredroom

Scam/Scammer – In the context of the dark web, someone who purports to be selling certain goods or services, and doesn’t follow through, or misrepresents their intentions (e.g. a drug vendor who never delivers their goods, or a “financial service” designed for identity theft).

sheep-scam1

Credit: Deepdotweb.com 2013

Scream, Bitch! – A hurtcore forum on the Tor network. For those of you thinking of joining, registration is closed.

sb_darkweb

Scully, Peter – An infamous Australian pedophile and producer of child pornography, most notably the film Daisy’s Destruction, which has achieved internet notoriety. Scully had formed his own production company to make these films, called No Limits Fun.

peter_scully

Shadow Web – A fictitious part of the dark web perpetuated by creepypastas and YouTube videos. Supposedly features live torture and murder shows for those who pay the right price. A number of sites on Tor claim to offer access to the Shadow Web, but they are all scams. Here’s one example: Shadow Web Gateway 2.0

shadowweb_3

Silk Road – An online black market, considered to be the first modern darknet market. Launched by founder Ross Ulbricht in 2011, the site was shut down by feds in October 2013.

2013116192258674734_20

Silk Road 3 – An escrow market that used to go by another name, but adopted the Silk Road brand. There has been much speculation as to whether or not the market will exit scam or will be taken down, but it is still currently running. Located at reloadedudjtjvxr.onion.

silkroad30_login

SSH – Stands for “secure shell.” SSH is a cryptographic network protocol for operating network services securely over an unsecured network. As with PGP, SSH uses public and private keys to authenticate users.

puttytunnel_06

Suicide Apartment – Members-only social network on Tor (which used to exist on the clearnet). It’s meant to be a site for people who are suicidal and want to find someone else to “leave the world with.” The only way to become a member is to receive a voucher from an existing member.

suicideapartment

Tails – A popular Debian-based live operating system that many dark web users install for extra protection. “Tails” is an acronym for “The amnesic incognito live system.”

tails_screenshot

TLA – An abbreviation for “three-letter agency.” Includes federal agencies such as the CIA, FBI, NRO, NSA, DEA, DHS, and others, who are looked upon with suspicion in the dark web.

hidden_site_seized.png

Tor – An anonymity network on which many “dark web” sites are hosted. The name “Tor” stands for “the onion router.” Frequently, people who say they’re on the “deep web” are referring to Tor. Download it at https://torproject.org.

tbb-screenshot3

TorBay – A Tor-based social network and forum which more or less replaced Blackbook.

torbay

Torch – A simple Tor search engine. Located at https://xmh5752oemp2sztk.onion

torch_search

Traderoute – A traditional and multisig escrow marketplace on Tor.

traderoute

Valhalla (Silkkitie) – Originally a Finnish-only darknet market, now available in English. Valhalla is invite-only, and offers both traditional escrow and multisig transactions, 2FA, and PGP. Requires a referral link to register as either a buyer or a vendor.

silkki

Vendor Shop – Smaller shops started by some of the major darknet market vendors, usually specializing in certain types of items. Examples: Mollyworld and MegaPack.

VPN (Virtual Private Network) – A private network which extends across a public network (internet). Many experts recommend using a VPN in addition to using Tor! (hint hint)

vpn10

Welcome to Dark Web Links and More! – Link list for Tor hidden services. Notable because they do not accept submissions of CP links, and also feature links to Usenet groups. Access it at https://jdpskjmgy6kk4urv.onion/links.html.

welcometodarkweblinks

Zion Market – A newer multisig darknet market without user wallets. Buyers have the option of selecting 2-of-2 (the server and vendor have the keys), or 2-of-3 (the buyer also has a key). Uses 2FA, automated PGP, and Bitmessage alerts. Access it at http://zionshopusn6nopy.onion/_reg23.

zionmarket

Zocalo – A former darknet market specializing in marijuana, hash, and various paraphernalia associated with it. Recently closed due to lack of business.

zocalo_market_weed

Zork – A 1980’s text-based RPG that is now playable on the Tor network (via the not Evil search engine).

zork

P.S. As I said above, this list is far from finished. So I’ll either add more entries in later, or do a part 2 to the post. Anyhow, hope you had fun, and feel free to add your suggestion

Red Rooms Don’t Exist (Here’s Why)

welcome-to-the-game-red-room

by Ciphas

In an effort to get more connected with you, my readers, I’ve decided to do a little how-to here. So I thought that, rather than just say “all red rooms are fake,” I’m going to go through how to spot a fake red room on the dark web.

What prompted this? Well, on my previous post, I received this comment:

redroomcomment

In case that’s hard to read, here it is in slightly larger text:

“there are many red rooms its [sic] just a matter of finding them although I wouldn’t suggest it, i posted a link below. http://222222222kjhiqzb.onion/”

I actually checked out that link, and it looked all too familiar. Why’s that? Well, Mutahar (a.k.a. SomeOrdinaryGamers) featured it on his “Deep Web Browsing” series: THE “REAL” RED ROOM!?!

darkredroom

I watch those videos purely for entertainment, but yes, Muta does visit some real sites on the Tor network. (And a few on the clearnet too.)

That does not mean, however, that any of these are real red rooms. In fact, he even says so in the same video!!

The experts say they’re all fake (and I’m inclined to believe them), but let’s just play devil’s advocate and say that there are a few real ones.

paniq-room

I have come across more than my fair share of sites on Tor (and elsewhere) that claim to be red rooms. Most of them have a few things in common:

  1. They claim to show video streams of live torture, murder, and other acts.
  2. They require you to pay – usually large amounts of bitcoin or other cryptocurrency.
  3. They often ask you to download “special software,” like an alternative browser.
  4. They sometimes will link you to an alternate site to do the transactions.
  5. They almost always use a Tor-based email service – a common one is SIGAINT.
  6. They sometimes have a graphic image on the main site, usually taken from a horror film, to symbolize the acts of violence that would take place in the red room.
  7. They sometimes have a login page, which you can supposedly access after you pay.
  8. They won’t show you any sort of sample content beforehand.

That’s all I can think of at the moment.

Anyhow, if any of you have really used Tor, you probably have some idea of how slow it is. If you don’t understand why it’s slow, then allow me to direct you to their FAQ: Why is Tor so slow?

Part of the answer is: “Before we answer, though, you should realize that Tor is never going to be blazing fast. Your traffic is bouncing through volunteers’ computers in various parts of the world, and some bottlenecks and network latency will always be present. You shouldn’t expect to see university-style bandwidth through Tor.”

OK…but the red room sites say that I have download a special browser to watch the show!

Why is this? Because, in all likelihood, if these sites are asking you to download and install special software, the software in question probably has some kind of malware embedded in it.

Do you know what a RAT (remote access trojan) is? Allow me to direct you to TechTarget: What is RAT (remote access trojan)? Essentially, it’s a type of malware program that includes a back door to allow remote access to the victim’s computer.

I don’t know this from personal experience, but it’s my best educated guess. And a lot of these sites started popping up on Tor after the creepypastas and YouTube videos about red rooms became more popular – are you really that surprised?

The Shadow Web – Re-Re-Visited!!

shadow_web

I’ve done several previous posts about the so-called Shadow Web, an urban legend which I believe became popular after the creepypasta “A Warning To Those Accessing The Shadow Web” passed around.

After this, a plethora of sites popped up on the Tor network (and other networks, like Freenet) claiming to offer access to the Shadow Web.

In a similar manner to the red room sites, the Shadow Web sites claim that this is a special portion of the dark web only accessible through “special software” that you need to pay to download.

Again, not to repeat myself too much – I’ve never gone so far as to actually download the software, but I suspect that it’s infected with some kind of malware – what, I couldn’t say. I’m glad that I haven’t fallen victim to this, to be honest.

I have actually corresponded with the admin in charge of some of these Shadow Web sites, and he basically told me what I said on the “fact list” above – it’s a live torture show, you need to pay, and you need download a special browser to view it.

And yes, I know that lots of the creepypastas on Reddit and YouTube talk about the “shadow web”; I assume that they’re all bullshit. I still find them entertaining anyway. But I also find The Texas Chainsaw Massacre entertaining!

If any of you want to take the risk of paying for this and viewing it, go right ahead. But don’t say I didn’t warn you.

I imagine there are other sites like this, too – but I have my doubts that any of them are genuine.

Questions? Comments? Please! Let me know!

redroom

So-Called Red Room Site: A Creepy Experience

red_prison_torture_room

Ah, the legend continues!  I’ve done several posts about the so-called “red rooms” that may or may not exist on the dark web, and it’s been an interesting process.  (I’m leaning toward not, by the way.)  For the newcomers, here are the previous entries:

Are Deep Web Red Rooms Real?

Is the Shadow Web a Reality? (Updated)

Dark Web Sites That *Claim* To Be Red Rooms

Red Rooms Finally Debunked Forever?

A Chat with the Directors of The Darkest Alley! (interview)

In the process, I’ve become more and more convinced that it would be extremely difficult, if not impossible, to host something like a red room on the dark web (Tor in particular).  Not only is livestreaming very difficult due to latency problems, but you would also have the problem of something like a live murder leaving behind evidence for law enforcement.

Nonetheless, in my research process, I’ve continued looking for sites that are labeled as red rooms, or sell themselves on the premise of being a red room.  I have come across several of those while hunting, and most seem to be scams.

Red Room #12589903

red room scam

The alleged “red room” site.

 

Most recently, I found yet another site with a similar premise, located at http://5xcds7yhgisfm6mu.onion/.  As you can see from the screenshot, it’s rather basic looking and gives very few details.  You had to contact them to get any other information.

Once again, out of curiosity, I contacted the site owner (or whomever) via the email address that was listed, and sent a PGP-encrypted message asking how to sign up.  He sent me back a PGP-encrypted message with details on what I had to do, and how much I had to pay, etc.

Now, here is the creepy part: the person who responded actually knew my real name.  That was enough to freak me out, at least a little bit.  I didn’t ask, but I was also concerned if he had any of my other personal information.

(Later, when he found out I was blogging about him, he spewed out a list of other personal info, like my wife’s name, the city I lived in, and several places that I frequent.  But you could honestly find those just by Googling me.)

It reminded me, at least slightly, of some of the “deep web” stories like the previously mentioned Horrifying Deep Web Stories: Why I Quit Hacking or 3 Disturbing Deep Web Stories by Mr. Nightmare.  And yes, I know that those are just stories,  but it was the possibility of someone finding out my real identity that was reminiscent of some of the stories.

His response to my first question, like most of the others, was that I had to pay 2.0 bitcoin (a.k.a. $1344.80) to gain access, and then to actually be the “master” of the show, I had to win an auction (similar to most of the other supposed red room sites).

Once you paid, supposedly, you would be given a username and password to simply access the site.  (You could only access the landing page without it.)

Invasion of Privacy??

panic-lots-you-just-got-hacked

So my question was – where did the guy get my name from?  Well, without asking directly, I had several theories.

When I had used my PGP key on the message I sent initially, it’s possible that my name was encoded into it somehow.  I actually find that less disturbing than some of the alternatives.

Beyond that, I combed through my system with various anti-malware tools, and came up with a few troubling findings.  One of them was a type of trojan (whose name I forget at the moment) that is specifically designed to steal login credentials and personal information.

I was able to remove it, but the question still remained – was that what gave away my name?  I still don’t know for certain, and I would feel more comfortable if I did.

Moral of the Story…

53865-bigthumbnail

So what have I learned from this?  I need to be more careful about whom I correspond with on the dark web, and when I do so, it’s imperative that I have all privacy and security protocols in place, and don’t do anything idiotic.  (Insert “I told you so” here.)

In the meantime, I’m still finding the process enjoyable, and believe it or not, I have learned a few things from my mistakes.

I hope you can, too.

 

 

ChaosVPN: Making Friends with Hackers!

Bildschirmfoto_2013-12-04_um_09.54.42

Alright, I admit it!  I’d been debating what to write my next post about, because everything that I had in mind required a lot of reading, research, and experimentation.

Fortunately, I came across something called ChaosVPN not too long ago.  I had heard about it via a deep web/dark web-themed Google+ group, in which I’ve made friends with many coders and fellow dark web explorers.  The name conjured up all sorts of silly tech-related movie tropes in my mind.

So what is it?

It’s a VPN designed to connect hackers and hackerspaces.  Keep in mind that this doesn’t necessarily constitute malicious (or “black hat”) hacking.  ChaosVPN has a wiki maintained by the Chaos Computer Club in Hamburg, Germany.

The idea sounded cool enough, but what really inspired me to look into it further was this image on the main page:

chaosVPN

If that’s hard to read, the quote I’m thinking of is the one in red that says

“ChaosVPN is a VPN to connect Hackers and Hackerspaces – it does NOT provide anonymous internet access!  For this look at tor or other similar services.

It will also not help you to reach domains like .rdos, .lll, .clos or any other strange things supposed to be available on the ‘dark web.'”

Does that sound familiar?  No?  Let me refresh your memory:

shadowweb

*Sigh* Yes, it’s our old friend “The Shadow Web” again.  The text is cut off in the screenshot, but the original page claimed that if you downloaded the software, you would be able to “access hundreds of other domains like .LLL and .RDOS sites.” ಠ_ಠ

By the way, if you’re still interested in that, you can contact the owner at shadow-web@sigaint.org.  Just don’t give him your money, OK?

So, if you can’t access .lll or .rdos sites, why install ChaosVPN? (I kid.)  Well, personally I love the idea that it connects different networks of hackers, and makes communication simpler.

If you read the “Goals” section of the wiki, the creators actually outline the purposes of ChaosVPN:

“Design principals [sic] include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is…able to run on a embedded hardware you will find in [today’s] router…

“Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.

“ChaosVPN connects hacker[s] wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks – maybe down to a small /32.

“So there we are. ChaosVPN is working and it seems [as] the usage increases, more nodes join in and more [services] pop up.” 

(For full text go to ChaosVPN – CCCHHWiki).

I may not be a hacker [yet], but as an investigative tech blogger and aspiring coder, this is definitely something that interests me (and I figured it would interest you too, readers!).

Tinc-erbell? 

tinc_2

 

As the creators of ChaosVPN mention above, the network uses tinc, a VPN “daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet. tinc is Free Software and is licensed under the GNU General Public License version 2 or later,” according to their official site.

“Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software.  This allows VPN sites to share information with each other over the internet without exposing any information to others.” 

Wow – am I wrong in saying that that sounds like some technobabble they would use on CSI: Cyber or something?

69118661

Nope.  It’s 100% accurate!  From the description, this sounds ideal for a VPN designed to connect hackers, as ChaosVPN is intended to do.  I know I’ve been quoting a lot of technobabble in this post, but I felt it was somewhat necessary to get an understanding of how ChaosVPN worked!

I’ll be honest – I’m really not an expert with it yet, and I’m still in the process of building ChaosVPN on my system.  I’m determined to get it working, though, and I thought you all could accompany me along the way!

Wiki of Chaos

The ChaosVPN wiki has a set of excellent how-tos for the following operating systems:

I went with the Ubuntu Howto, since I have that installed on my system.  (When I do finish setting it up, I think that would warrant a sequel to this post.)

No matter which operating system you’re using, you need to install Tinc VPN (mentioned above) first.

Initially, I was going to quote portions of the setup instructions in this post, but the ChaosVPN wiki is currently down.  I should’ve printed them when I had the chance! 

Oh wait, never mind – it’s up again.  Well, perhaps I’ve done enough plagiarizing in this post, but you can look at any of the links above for detailed instructions.

Fortunately, they also have a repository on GitHub: GitHub – ryd/chaosvpn: Config generator for chaosvpn.  I think that should help!

If any of you are able to get the VPN up and running, feel free to let me know.  I’m sure I’ll be able to put it together soon.

Well, that just means we’ll have a part 2 to this post!

In the meantime, I return to my ARG – real life, that is.