Thanks for Quoting Me!

by Ciphas

On occasion, I’ve noticed that some other blogs and sites have quoted (or should I say plagiarized?) articles I’ve written.

Some people would be offended by this, I suppose, but in a way, I’m rather flattered. After all, they wouldn’t have quoted me if they didn’t like what I had written. I’m sure this happens all the time on the internet, right?

Call it the writer in me, but I was taught in high school and college to always cite my sources. While I do paraphrase from time to time, I feel a twinge of guilt if I don’t cite them.

In my earlier post Exposing A Scam: V3RDAD, I mentioned that this particular person was attempting to get people to download some kind of software that supposedly allowed you to access another anonymity network. Perhaps I was a little harsh on him – so I apologize, V3RDAD. No hard feelings!

It was this same person who quoted my blog (and some articles I had written) on his blog, .NOW.H3R3.

v3rdad_blog

So, as a gesture of friendship, I say go check out his blog – he has some interesting technological reviews on there.

The passages that he quoted, however, were on the articles ChaosVPN and The OpenNIC Project, albeit in Portuguese:

“Você tem que admitir isso – mesmo o nome parece intrigante, não é? ChaosVPN é uma VPN destinada a conectar hackers e hackerspaces. O Chaos Computer Club, com sede em Hamburgo, na Alemanha, projetou-o.”

In English, that would be “You have to admit it – even the name sounds intriguing, doesn’t it? ChaosVPN is a VPN designed to connect hackers and hackerspaces. The Chaos Computer Club, based in Hamburg, Germany, designed it.”

This was quoted directly from an article I wrote for Deepdotweb about ChaosVPN, called ChaosVPN: The Hackers’ VPN!

deepdotweb_chaosvpn

Really, it doesn’t matter. I’m sure this kind of thing happens all the time, but I do like to get credit for my work! One inaccuracy I must point out, though, is that on the blog, it says that ChaosVPN has something to do with the Shadow Web (one of the myths about it), and it certainly doesn’t. It’s merely a VPN, and nothing more mysterious than that.

shadowweb

As I’ve addressed on previous entries, there is no such thing as the “Shadow Web,” although I’m sure many people will still believe in it (just as people think there’s a flat Earth. Don’t get me started on that!).

Anyhow, to anyone that copied what I wrote, I don’t take it personally. I assume that you just found the articles interesting, and wanted to repost them. No worries.

To return the favor, I’ll link to a few of V3RDAD’s posts:

Site na ZeroNet hospeda arquivos vazados da NSA

EquaCoin

Invisible IRC

Enjoy. Stay safe in your dark web travels.

Advertisements

A Shadow Web Request?

shadowweb_3

Oh, Shadow Web – it’s been an interesting few years, hasn’t it? When I first started writing this blog, I wrote a post entitled Is the Shadow Web a Reality? (Updated); at present, it’s still one of my most popular posts!

I received a comment from a reader today asking how to “join” the Shadow Web, and she sounded very genuine about it. I’ll repeat what I said earlier – it’s a scam, definitely. I’m sure of it.

Let’s trace the history of this “shadow web” thing. To my knowledge, it all started with this creepypasta on Reddit: A warning to those thinking about accessing the shadow web.

shadow_web_reddit_edited

That was published three years ago, and it spawned all kinds of rumors and urban legends!

Eventually, people also started narrating the story on YouTube, which probably added to its intrigue. While it was a very creepy story, and well written, it was not true. If you listen to the technical details, there’s no way something like that would work (on Tor, at least).

Afterward, someone else wrote a “sequel” to the original, entitled 1) The shadow web is real. 2) Stay the hell away from it. I think it was supposed to be from the point-of-view of a cop, which lent some “credence” to it.

Somewhere along the line, a person on Tor picked up on the popularity of the stories, and decided to create some scam sites that claimed to offer “access” to the Shadow Web, and this is where I first got the idea that it might be real – but boy, was I wrong. This was what the original site looked like, I believe:

shadowweb_ss

I was a n00b to Tor back then, and couldn’t tell the difference between scams and non-scams. We’ve all been there.

So I contacted the “admin” of the Shadow Web, and we had a back-and-forth conversation about it – at the time, his email address was shadow-web@sigaint.org. (SIGAINT no longer exists, unfortunately.) It later came to my attention that this had all the features of other scams: pay now, watch later; no information; the details are vague.

The person I talked to claimed that you had to download a “special browser” just for “Shadow Web sites.” I don’t think any such browser exists, to be honest. There are numerous forks of Firefox (the Tor Browser being one of them), and all of them can be used with the clearnet – but sometimes with a proxy of sorts (like Freenet’s FProxy), you can connect to other networks. It would be amusing if the Shadow Web used one called “SProxy.” Someone should make that as a joke.

Anyhow, the admin told me that I had to pay an extravagant amount of bitcoin to gain access to the so-called Shadow Web, which I didn’t have. Ironically, I probably have enough now, but I know better than to pay it. Since then, there have been numerous other “shadow web” sites popping up:

shadow_web I think it’s the same guy creating all of them, and if I were you, I wouldn’t pay him a cent; it’s all bullshit. As a matter of fact, someone later commented on one of these posts and said that he knew the admin of these sites, and that he was “…a big troll.” Another commenter told me that he had been scammed out of a large amount of bitcoin on another one of the “red room” sites. For me, that confirmed what I had been thinking all along – that these sites were fake. I don’t know if they’ll give you malware or anything like that, but hopefully not.

Nonetheless, if you want to find sick things on the dark web, I don’t think you have to look very far. It’s just a matter of opinion what you consider “sick.”

Well, that’s the last I’d heard about the Shadow Web, but I’m willing to bet that any new sites going by that name are scams too. If you want my advice, don’t pay them any money – you’ll be out several bitcoins, at the very least.

Exposing A Scam: V3RDAD

For the record: I don’t like scammers (who does?), but I have encountered many of them, especially on Tor and other darknets. I suppose that’s all par for the course.

My most recent scam encounter has been with a fellow who calls himself (or herself?) V3RDAD.

He has a profile on ask.fm, which is a question and answer site along the lines of Quora or Yahoo! Answers. On this profile, he links to a Tor hidden service at http://dafynex6ytjnpeo4.onion/ Fine – there’s nothing wrong with that, except that I find all of his answers to be sketchy in nature.

Here’s one example:

ask_fm_scam

In the screenshot above, someone asks “Why does taur node open a listening connection? My antivirus blocked it.”

His answer:

“Taur Node creates a listener to handle up-to-date information coming from the network itself. The only purpose of it is to display pop-up information about the network, like network status, node availability, login information, etc. Just disable your antivirus software before starting the node. If you are too paranoid about it, you can simply just kill it’s process after you are done / disconnected from the network and re-enable your antivirus again. Killing the process of the node will disable any incoming activity and kill the listener.. you will basically not be able to receive any information about the network anymore.”

OK – does that sound suspicious to anyone? He’s asking some random person to disable their antivirus program after the program blocked this so-called “taur” software. I realize that on occasion, antivirus programs will block software that isn’t malicious, but why should I trust you, V3RDAD?

The Tor hidden service that he links to is entitled “whoami,” and looks like this:

dafy_node_scam

The links with the purple text have various downloads, all of which (as I said before) look very sketchy. The operator of this site claims that you need the downloads to connect to a so-called “taur node” (in other words, nodes on his “private network”).

Again, this sounds like a scam to me. If you really want to try it (which I don’t recommend), use a virtual machine (e.g. Qubes or Tails) so that the file can’t potentially harm your computer.

If you look at some of his other answers, they also sound like bullshit:

Q. What is vbs0rkxc.dafy?

A. The answer to Level 7.

Um…OK, if you say so. If you’ve read any of my earlier posts (or RationalWiki, for that matter), you should know that there are no “deep web levels,” as intriguing as that might sound.

It’s possible that the same person may also have written this blog post, although I’m not sure: Darkfantasy Network. Why do I say this? It has a list of so-called “dafy links” (where have I heard that before?)

dafy_links

In addition, it has a list of “Nept Links,” “Life Links,” “Taur Links,” and “Elen Links,” accompanied by mysterious descriptions. Here are a few examples:

http://girogahary5arofeideidegivoly.nept/ – Dark Babylon City (hidden marketplace)

G94dkElc.dafy – Conspiration Forum

http://ekkhgiskagfrawahulatriaottyx.nept/ – How the Universe was Created

You get the idea. And to try to lend credence to his links, he throws in a few real ones, including ChaosVPN and Freenet. This isn’t the first time I’ve seen something like this. Remember The Shadow Web? (*cough cough*)

Anyhow, I don’t suggest downloading anything from these sites, as it may potentially harm your computer. And of course, don’t give this person any money. Want some real darknet links, though? Here:

http://rrbm3jiflz3euxhp.onion/wordpress/

http://zfq7tgxed245jpdz.onion/ – The Darknet Project 0ffSecurity

bdtq4shqkbb3yy7b.onion – DARKWEB LEGION (yes, that’s how they wrote it)

ZeroNet Links:

http://127.0.0.1:43110/kaffiene.bit/

127.0.0.1:43110/138R53t3ZW7KDfSfxVpWUsMXgwUnsDNXLP/

http://127.0.0.1:43110/zerochatrooms.bit/

Freenet Links:

http://localhost:8888/freenet:USK@tiYrPDh~fDeH5V7NZjpp~QuubaHwgks88iwlRXXLLWA,yboLMwX1dChz8fWKjmbdtl38HR5uiCOdIUT86ohUyRg,AQACAAE/nerdageddon/247/ – Nerdageddon

http://localhost:8888/USK@XJZAi25dd5y7lrxE3cHMmM-xZ-c-hlPpKLYeLC0YG5I,8XTbR1bd9RBXlX6j-OZNednsJ8Cl6EAeBBebC3jtMFU,AQACAAE/index/711/ – Enzo’s Index

http://localhost:8888/freenet:USK@2u8eFaTHrvLzeHeq9vXFV8wzivgTG1ExY6v1cM8Zblo,eDLofzubExKX5A8TK0SqdQb3jrI0fDlgw-iaxXUEHVQ,AQACAAE/ttipdocs/5/ – Greenpeace TTIP Leaks

http://localhost:8888/USK@1ORdIvjL2H1bZblJcP8hu2LjjKtVB-rVzp8mLty~5N4,8hL85otZBbq0geDsSKkBK4sKESL2SrNVecFZz9NxGVQ,AQACAAE/bluishcoder/21/ – Bluish Coder

I also recently found a site that maps the Hyperboria Network, which uses the cjdns protocol: fc00 – these I really haven’t checked out yet, so maybe you can fill me in!

I guarantee that these are all real links (although I can’t guarantee that the information on them is accurate). Check those out, and let me know if you find anything of interest. If you don’t, keep searching!

 

 

 

 

 

 

Creating a Hidden Network?

Journey_to_the_Dark_Web

One of my readers, with whom I’ve been corresponding on and off, wrote to me with an idea about creating a hidden network from scratch. It may have been inspired by one of my earlier posts, The “Shadow Web” Cited Me? Awesome!

In this post, I speculated about how you could create your own “shadow web,” i.e. a network that offered anonymity, and that you and only a select few people could access. In response, this reader had a few suggestions for such a network (I’m paraphrasing his (or her?) words here):

  1. One in which you could communicate via Telnet or Netcat over the Tor network.
  2. No DNS, no sites, just chats.
  3. Each user has his own list of peers.
  4. No nicknames, just onion domains.
  5. Everything is done manually, to avoid potential security flaws.
  6. Users select someone to chat with from the peer list and connect via TCP socket over Tor.

 

telnet_screenshot_2

This is, more or less, what I had in mind when I described the idea of creating a hidden network, although I had hoped that you could build websites on top of it too. What I’m unsure of, in his description, is what he means by “no nicknames,” as I would think you would need some kind of identifier to use a chat feature.

Even if the names weren’t user-generated, you could have this encrypted chat generate them for you. To use the example of the “nonsense word generators” again, perhaps the program could generate two names like this:

Hokr

Ngwood

It could also generate cryptographic keys for each identity, like:

6U-^QoM&m{z?H]g~c”AX3VgQqzVVo+

VtjHjR00ZCYVvU7Gs2iuWXQd2lX6oPDi

It’s similar to Freenet’s WebOfTrust plugin, which also generates identities for users of the network. In the case of Freenet, you have to solve some puzzles (which are more or less CAPTCHAs) in order to introduce your identity to other users. This is done to prevent bots from “joining” the network.

setup004

Personally, I love this idea, although I’m still in the process of studying some of this, and I might need a little help getting started. Anyone else have ideas to contribute? Feel free!

Hey, sooner or later I may actually have my own darknet! (And of course, I’d have to make it dark and scary.)

curtain

The “Shadow Web” Cited Me? Awesome!

Given that I’ve written a few past posts about the so-called “Shadow Web,” I was flattered when I came across a more recent site by that name, and they had quoted something I had written a while back when, ironically, I was less familiar with the dark web.

“The reason it’s so difficult to access the shadow web is that first, you would need a browser (such as Tor) that provides easier access to hidden sites (like .onion URLs). Then, you would most likely be given the specific URL by someone in the know, or use a search engine geared toward searching the deep web.”

I find this funny for several reasons: the statements I made at the time were not entirely accurate. Tor doesn’t really “provide easier access to hidden sites,” although at one time it was the only way you could access .onion URLs. Since there are now Tor2web proxies (like onion.to and onion.link), through which you can access Tor hidden services from the clearnet, you don’t necessarily have to have the Tor browser to reach them.

However, using the proxies is not a safe way to do so, because there’s a far greater chance that someone could spy on your web traffic in the process. They even warn you about this on some of the sites:

onionto

Also, at the time that I wrote the original post, I didn’t distinguish between “deep web” and “dark web” (which are still confusing terms for most people). I meant to say dark web, honest!!

tor2web

Regardless of my errors, thanks for citing me as a source, Mr. Shadow Web! The “new” Shadow Web site is located at http://shadowznwuibgi7w.onion, and looks somewhat similar to the previous ones. I attempted to take a screenshot of it, but that function was disabled (of course). In essence, it’s a black background with this picture at the top:

access the shadow web

The landing page of the so-called “Shadow Web” site

The only difference between my picture and theirs is that theirs says “Access The Shadow Web” at the top. This time around, they feature an FAQ of sorts, to try to “debunk” some of the “myths” about the Shadow Web…

And I quote…

# 1 Shadow Web is a myth or true

ANSWER: IT IS TRUE

# 2 Is Shadow Web somewhere deep hidden under something unbelievable?

ANSWER: NO. THAT WAS A MISSUNDERSTANDING [sic]. ITS [sic] NOT DEEP UNDER, OR SOME MAGIC PROTECTED. IS JUST A SPECIAL INTERNET, SEPERATE [sic], UNACCESSIBLE AND FOR THIS INVISIBLE TO GUYS THAT DO NOT HAVE THE ACCESS-KEYS TO ENCRYPT THE URL AND INFORMATIONS. IN OUR PACKET WE GIVE YOU 1000+ DIFFERENT KEYS. ON SOME SHADOW WEB SITES YOU CAN GET MORE FORE FREE. THERE ARE SOME SPECIAL ONES YOU HAVE TO PAY. THIS DEPEND ON WHAT YOU WANT TO GET. MOST ARE FREE.

# 3 Do I need a Super Computer for Access

ANSWER: NO. THAT IS JUST A STORY FOR STOP [sic] KIDS AND IDIOTS TO TRY.

Aw, man! And I just bought a new super computer! I won’t list all of the “FAQ” section here, but you get the basic idea. Anyhow, according to them, in order to access the site, you need to pay $295 in bitcoin, which seems a bit extravagant.

How to Create Your Own Shadow Web!

OpenVPN-Setup-on-Linux

In response to this, I thought I’d explain how you could actually create a “shadow web.” Just as there are a number of different ways to accomplish anonymity online, so are there many different networks that use these methods.

It might be something like the network dn42, which is a large VPN using various internet technologies, such as BGP, whois database, and DNS. Participants in dn42 connect to one another via network tunnels like OpenVPN and Tinc – however, dn42 is not technically part of the internet, because it doesn’t use the internet protocol (IP). Confused yet?

In other words, you could create a VPN-based hidden network, using a network tunnel. ChaosVPN, which I mentioned in some earlier posts, is also a VPN-based network. For full details on how to join dn42, click the link above.

Or it could be something like The Darknet Project – as they describe it, “A Darknet is a portion of routed, allocated IP space in which no active services or servers reside. These are “dark” because there is, seemingly, nothing within these networks.”

A third method might be to create a wireless mesh network, as I’d mentioned a couple of posts ago, but one that only you and a small number of people had access to – something like goTenna Mesh (as one example). Or, perhaps it would be something like a Freifunk network. Of course, you would need the right hardware for this, and you would have to find others to join, but that would just take a bit of time and effort.

So, in theory, a “shadow web” might be a private network that uses protocols other than the internet protocol, a darknet of some kind, or a wireless mesh network with a select few participants.

This, however, does not mean there actually is a Shadow Web – I just thought it was fun to consider how you could create one.

Will you be the first to do it? I dare you!

shadow-people

A Darknet Dictionary (Work in Progress, with Links!)

darr5

by Ciphas

So, given that there seems to be a lot of confusion about certain terms connected with the darknet and/or dark web, I thought it might be useful to have a “darknet dictionary” here. I must give some credit for this idea to Deepdotweb.com, who featured a similar article at DeepDotWeb’s DarkNet Dictionary Project! This isn’t a carbon copy of theirs, but they inspired me.

Their darknet dictionary is an ongoing project, so I think I’ll do the same with mine. If anyone wants to suggest new entries (or corrections) in the comments, feel free! I just may add them.

NOTE: Some links below may be down.

2FA – Abbreviation for “two-factor authentication.” 2FA is a type of multi-factor authentication (MFA), i.e. a user is only granted access to a site after presenting multiple pieces of authentication. Although used on the clearnet as well, 2FA is used on many darknet markets (and other sites) to verify users’ identities.

Example: a username and password, plus a separate PIN or a security question.

img21

Active at Dark Markets? – A Tor hidden service set up by Dutch law enforcement to warn darknet market users that they are being tracked.

activedark.png

Ahmia.fi – A search engine that finds Tor hidden services and I2P eepsites. Also available on Tor at http://msydqstlz2kzerdg.onion/.

ahmia

Alienet – A VPN-based hidden network that offers messaging, mail, IRC, and hidden services. Not as well known as some other darknets, but it is real. Their site is at http://darknetproject.info on the clearnet, or https://unionsoe3yw6fxaq.onion on Tor.

alienet

AlphaBay – Currently one of the top darknet markets on the Tor network. Uses both multisig transactions and a traditional escrow system (depending on the vendor). Access it at this link: http://pwoah7foa6au2pul.onion/register.php?aff=41211

AlphaBay-Home-e1440639625779

AYW – All You’re Wiki [sic]. The Hidden Wiki with all CP links removed.

allyourewiki

Besa Mafia – A fake hitman service that (surprise, surprise) turned out to be a scam. Though a number of people paid to use their “services,” no one was ever hurt or killed. The admin of the site did escape with a number of people’s bitcoins, however.

besa

Bitcoin– A digital currency created by the mysterious “Satoshi Nakamoto” in 2009. Bitcoin incorporates encryption techniques to regulate the creation of new units, and to verify the transfer of funds. The smallest units of bitcoin are called “satoshis.”

bitcoins182way

Bitcoin billionaire yet?

Bitcoin Mixer – A service used to disguise the trail of bitcoins back to their original owner. Often used when buying and selling illicit goods on darknet markets. A few examples of bitcoin mixers are: BitCloak, Grams Helix, and BitBlender.

bitcloak

Blackbook – A former social network on the Tor network, modeled after Facebook. Used to be located at https://blkbook3fxhcsn3u.onion.

Blackbook

Black Market Reloaded (BMR) – A former darknet market on Tor, and one of the oldest, which is currently offline. Plans have been announced for it to restart.

black-market-reloaded-screenshot

Blockchain – A public ledger of all bitcoin transactions that have ever been executed. This applies to other cryptocurrencies as well.

blockchaininfo

BotDW – Boss of the deep web.

botdw

Candydoll – A term referring to non-nude photos of children in suggestive poses or sexy clothing. Softcore child pornography, more or less. (Also may refer to makeup kits that are designed for this style of photography.)

NOTE: The screenshot below is from one of the sites selling the makeup kits.

candydoll_makeup.png

Carding – The trafficking of credit cards, bank accounts, website accounts, and other financial or personal information. May or may not take place within larger darknet markets. Some vendors on the dark web specialize in this type of crime.

darknet_forum

Cheese Pizza – Another slang term for child pornography.

Cipherspace – The “hidden internet,” built on top of anonymity networks like Tor, I2P, Freenet, and others.

Clearnet – The “normal internet” accessible without special software or configurations. (e.g. Google, Bing, Facebook, Wikipedia, Twitter, Reddit, etc.) Also sometimes referred to as the “surface web” (though this term is wildly inaccurate and confusing.)

surface-web-anz-tech-anztech-pc-fix-in-manukau-computer-repair-in-penrose

Enough with the icebergs, already!

Cold storage – Keeping a reserve of bitcoins offline (e.g. on a USB drive or encrypted media) to prevent tampering or theft.

coldstorage_bitcoin

CP – An acronym for “child porn” or “child pornography.”

Cryptography – The art of writing and solving codes. With regard to the dark web, it is a means of encrypting data (messages, etc.) that you send over the network.

Daisy’s Destruction – An infamous film made by child pornography producer Peter Scully (see entry), through his company No Limits Fun. The film shows the sexualized torture and abuse of several young girls, one of whom is referred to as “Daisy.” However, the film has reached mythological status on the web, with the details and facts about it being blown out of proportion.

daisy

Darknet – An overlay network that requires specific software, configurations, or permission to access. Examples include: Tor, I2P, Freenet, GNUnet. Some of these networks (like Freenet) have both “darknet” and “opennet” modes, where you can choose whether to connect only to peers that you trust, or connect to anyone.

ccnx_166975_full

Darknet Heroes League (DHL) – DHL is an escrow market comprised of old school vendors who were invited to sell there. Access it at http://darkheroesq46awl.onion.

dhlmarket

Darknet Market – A market hosted on an anonymity network (such as Tor) that often (but not always) deals in illicit goods. Popular purchases include drugs, drug paraphernalia (like pipes), firearms, hacked PayPal accounts, skimmed credit cards, counterfeit money, porn accounts, and fake official documents.

dream_market_drugs

Dark0de (a.k.a. Darkode) – A notorious hacking and cybercrime forum, originally hosted on the clearnet, which transitioned to the Tor network.

DarkodeKoS.png

Dark Mamba – A new “private military company” that claims to offer murder-for-hire services, run by the admin of the old Besa Mafia site. (i.e. another fake hitman site.) Located at https://darkmambawopntdk.onion.

dark-mamba

Dark Web – The part of the web that exists on darknets like Tor, I2P, Freenet, GNUnet, and other networks, and requires special software, configurations, or permission to access. The dark web is a small part of the deep web. The word “dark” does not refer to the content, but rather the fact that the networks are special access.

SIGAINT-attack

Dark Web News – A news site that reports on events that take place on the dark web. Also features bitcoin tutorials, links, and a comparison of darknet markets. Located at https://www.darkwebnews.com.

darkwebnews

DBAN – Darik’s Boot and Nuke – free erasure software that automatically deletes the contents of any hard drive it can detect, developed by Darik Horn.

dban11

Deep Web – The part of the web not indexed by traditional search engines, like Google. This term is often confused with “dark web,” but the two are not synonymous.

91d6d0cc4ed117a62f37c70d97e1a077_original

Deepdotweb – A site that releases news, articles, and occasionally tutorials about the dark web (primarily Tor). They also keep an accurate, updated list of darknet markets that’s very reliable. Can be found at Deepdotweb.com or https://deepdot35wvmeyd5.onion.

deepdotweb3.png

DisconnectA clearnet search engine that prevents other search engines from tracking your searches. It used to be the standard search engine on the Tor browser. Located at https://search.disconnect.me/.

disconnect_search

DNStats.netA site that monitors the status of various darknet markets and a few other sites on the Tor network. Located at https://dnstats.net/ on the clearnet, and https://dnstatstzgfcalax.onion/ on Tor.

dnstats

Doxing – The act of researching and posting someone’s personal information (e.g. phone number, address, full name) on the internet. Takes place on both the dark web and clearnet.

doxbin

Doxxters, The – A group who offers a doxing service for pay. Located at https://doxxtereufvckkiz.onion.

doxxters

Dream Market – Another top darknet market hosted on the Tor network, which uses a traditional escrow system. Access it at http://lchudifyeqm4ldjj.onion/?ai=1675.

dreammarket-drugs3

DuckDuckGo – Currently the standard search engine used on the Tor browser. Is popular with privacy-minded users. Located at https://duckduckgo.com/ on the clearnet, and https://3g2upl4pq6kufc4m.onion on Tor.

duckduckgo

Dump – The sharing of stolen data, such as usernames, passwords, credit card numbers, and bank account data. Also takes place on the clearnet, but is more infamous on networks like Tor.

dumpsad

Eepsite – The name for hidden services hosted on the I2P network. They end in the domain name .i2p.

eepsite

Freedom Hosting – A former Tor specialist web hosting service which, at its height in 2013, was the largest hosting service of its kind. Was the target of an attack by Anonymous, as well as a large law enforcement operation headed by the FBI. Has since been succeeded by another service dubbed “Freedom Hosting II.”

freedom_hosting

Freenet – A peer-to-peer network for censorship-resistant communication, touted as an alternative to other networks like Tor and I2P. It features anonymous messaging, email, social networking, and site hosting. A typical Freenet URI looks like this:

USK@MYLAnId-ZEyXhDGGbYOa1gOtkZZrFNTXjFl1dibLj9E,Xpu27DoAKKc8b0718E-ZteFrGqCYROe7
XBBJI57pB4M,AQACAAE/pyFreenetHg/31/

Download it at https://freenetproject.org/.

freenet_mainpage

Freesite – The name used for Freenet’s hidden services.

freenet_fms_setup

FullzIn carding terms, “fullz” refer to full database records of personally identifiable information. Such things might include names, addresses, phone numbers, bank account information, social security numbers, passwords, etc.

SPAM_smtp-rdp-cc-fullz-plus-bitcoin-carding-methods_6115250321125192472-a347a8c0d08d4002b40415e8063cdb64.jpg

Galaxy2 – A popular social network on Tor. It is a follow-up to the original Galaxy social network, created by “Lameth.” Located at https://w363zoq3ylux5rf5.onion.

0b034e7890a8d0073b501f05601a4071

GNUnet – A free software framework for decentralized peer-to-peer networking. It includes P2P applications, such as chat, file sharing, and VPN.

gnunet_screenshot

Grams – A Tor-based search engine for darknet markets, which helps compare goods, prices, and vendors. Tor link: http://grams7enufi7jmdl.onion/

grams-black-market-search-engine

HANSA Market – A darknet market with a multisig escrow system. Tor link: http://hansamkt2rr6nfg3.onion/affiliate/110

hansa_market

Hard Candy – Slang term for an underage girl – roughly age 12-16, on both the dark web and clearnet. Also can refer to child pornography featuring girls of this age.

Harry71’s Onion Spider – A popular link repository on Tor. Is respectable because it’s updated daily, and the links are generally accurate and active. Tor link: skunksworkedp2cg.onion

harry71_onion

Helix Light – A bitcoin cleaner available from the developers of Grams. Tor link: http://grams7enufi7jmdl.onion/helix/light

helix_light

Hell – Infamous hacking forum formerly hosted on the Tor network, where users share hacking tips as well as stolen data. There is another site currently going by the same name, but it is actually a clone site made with a stolen private key from the original site.

Hidden Wiki – Name for a popular wiki on Tor that links to and describes some basic Tor hidden services (for noobs). The main one is located at http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page. There are several other sites that use the name Hidden Wiki as well, but this one is usually the site in question.

hiddenwiki2

Hitmen/Assassins – A service that’s supposedly easy to find on the dark web. All of the sites offering these services have turned out to be elaborate scams, but the myth continues to be perpetuated by creepypastas and rumors.

hitman_network

Hurtcore – Most extreme form of child pornography, involving such things as physical injury and rape, which can be found on the dark web. Avoid at all costs.

screen-shot-2015-09-10-at-8-54-44-pm

Credit: allthingsvice.com

I2P – An overlay network and darknet that allows applications to send messages to each other anonymously and securely. Download it at https://geti2p.net/en/.

I2P_router_console_0.7.7

L33TER – A vendor shop started by L33Ter, vendor from most of the early darknet markets. Specializes in digital and physical products. Located at http://l33ter2w7q4bytfh.onion.

l33ter

LE – An abbreviation for “law enforcement.”

Litecoin – A peer-to-peer cryptocurrency that is based on bitcoin. Find out more at Litecoin – Open source P2P digital currency.

litecoin

Lux – Username of Matthew David Graham, convicted (and imprisoned) owner of child pornography sites PedoEmpire, Hurt 2 The Core, and Love 2 The Core (among others).

matthewdgraham

Mesh routing network – Networks made up of radio nodes arranged in a mesh topology. Examples include Netsukuku, GNUnet, Hyperboria, and CCNx. Many of these are still in beta mode and have not been officially released, but they have been advertised as alternatives to the traditional internet structure being used right now.

netsukuku

Multisig – An abbreviation for “multsignature.” The requirement for more than one key to authorize a bitcoin transaction.

multisig

Credit: deepdotweb.com

not Evil – The premier search engine on Tor. Was originally designed to look like a parody of Google. Located at https://hss3uro2hsxfogfq.onion.

notevil-chat

Onionland – A nickname for the Tor network.

2000px-Tor-logo-2011-flat.svg.png

OpenBazaar – A decentralized peer-to-peer marketplace that sells a variety of goods for bitcoin and currently runs on the Tor network. Not a “darknet market,” per se, but uses a similar concept.

openbazaar

Operation Onymous – An international law enforcement operation targeting darknet markets and other Tor hidden services in 2014. Supposedly shut down over 400 sites (although many were clone sites).

xzfzwwhgrbpgguhzhkiu

Outlaw Market – Another of the top darknet markets on Tor. Sells drugs, digital goods, weapons, and other merchandise. Access it at http://outfor6jwcztwbpd.onion/indxx1.php.

outlaw.png

Pedo – A slang term on the dark web for “pedophile.” Refers not only to the people themselves, but related sites and materials. (e.g. PedoEmpire)

PedoFunding – A now-defunct website on Tor run by convicted freelance photographer Richard Huckle. Huckle has since been imprisoned, and received 22 consecutive life sentences.

PGP An encryption standard created by Phil Zimmermann in 1991. The initials stand for “Pretty Good Privacy.” PGP is frequently used to encrypt and decrypt messages on the dark web.

public-key

PlayPen – A large child pornography site that, in 2015, was seized by the FBI and used to catch pedophiles who were accessing the site. This has been one of the more controversial cases, as some have questioned the legality of the FBI’s actions.

Qubes – A security-focused operating system that aims to provide security by isolation. One of many distros that can help provide security and anonymity. Official site: https://www.qubes-os.org/

r3rc1-nalu-desktop-1

/r/darknetmarkets – A subreddit dedicated to information and discussions about darknet markets.

/r/deepweb – A subreddit dedicated to factual information about the deep web and dark web (as opposed to urban legends).

Red Room – A series of mythological sites on the dark web that supposedly feature live torture and murder (see “Shadow Web”). Entrance to these sites (in theory) requires bitcoin, as well as special credentials, such as a password given by an administrator. They are, more or less, an extension of the urban legend of “snuff films.”

All of the ones that have become public knowledge have turned out to be scams, yet many creepypastas and YouTube videos have continued to perpetuate the myth.

darkredroom

Scam/Scammer – In the context of the dark web, someone who purports to be selling certain goods or services, and doesn’t follow through, or misrepresents their intentions (e.g. a drug vendor who never delivers their goods, or a “financial service” designed for identity theft).

sheep-scam1

Credit: Deepdotweb.com 2013

Scream, Bitch! – A hurtcore forum on the Tor network. For those of you thinking of joining, registration is closed.

sb_darkweb

Scully, Peter – An infamous Australian pedophile and producer of child pornography, most notably the film Daisy’s Destruction, which has achieved internet notoriety. Scully had formed his own production company to make these films, called No Limits Fun.

peter_scully

Shadow Web – A fictitious part of the dark web perpetuated by creepypastas and YouTube videos. Supposedly features live torture and murder shows for those who pay the right price. A number of sites on Tor claim to offer access to the Shadow Web, but they are all scams. Here’s one example: Shadow Web Gateway 2.0

shadowweb_3

Silk Road – An online black market, considered to be the first modern darknet market. Launched by founder Ross Ulbricht in 2011, the site was shut down by feds in October 2013.

2013116192258674734_20

Silk Road 3 – An escrow market that used to go by another name, but adopted the Silk Road brand. There has been much speculation as to whether or not the market will exit scam or will be taken down, but it is still currently running. Located at reloadedudjtjvxr.onion.

silkroad30_login

SSH – Stands for “secure shell.” SSH is a cryptographic network protocol for operating network services securely over an unsecured network. As with PGP, SSH uses public and private keys to authenticate users.

puttytunnel_06

Suicide Apartment – Members-only social network on Tor (which used to exist on the clearnet). It’s meant to be a site for people who are suicidal and want to find someone else to “leave the world with.” The only way to become a member is to receive a voucher from an existing member.

suicideapartment

Tails – A popular Debian-based live operating system that many dark web users install for extra protection. “Tails” is an acronym for “The amnesic incognito live system.”

tails_screenshot

TLA – An abbreviation for “three-letter agency.” Includes federal agencies such as the CIA, FBI, NRO, NSA, DEA, DHS, and others, who are looked upon with suspicion in the dark web.

hidden_site_seized.png

Tor – An anonymity network on which many “dark web” sites are hosted. The name “Tor” stands for “the onion router.” Frequently, people who say they’re on the “deep web” are referring to Tor. Download it at https://torproject.org.

tbb-screenshot3

TorBay – A Tor-based social network and forum which more or less replaced Blackbook.

torbay

Torch – A simple Tor search engine. Located at https://xmh5752oemp2sztk.onion

torch_search

Traderoute – A traditional and multisig escrow marketplace on Tor.

traderoute

Valhalla (Silkkitie) – Originally a Finnish-only darknet market, now available in English. Valhalla is invite-only, and offers both traditional escrow and multisig transactions, 2FA, and PGP. Requires a referral link to register as either a buyer or a vendor.

silkki

Vendor Shop – Smaller shops started by some of the major darknet market vendors, usually specializing in certain types of items. Examples: Mollyworld and MegaPack.

VPN (Virtual Private Network) – A private network which extends across a public network (internet). Many experts recommend using a VPN in addition to using Tor! (hint hint)

vpn10

Welcome to Dark Web Links and More! – Link list for Tor hidden services. Notable because they do not accept submissions of CP links, and also feature links to Usenet groups. Access it at https://jdpskjmgy6kk4urv.onion/links.html.

welcometodarkweblinks

Zion Market – A newer multisig darknet market without user wallets. Buyers have the option of selecting 2-of-2 (the server and vendor have the keys), or 2-of-3 (the buyer also has a key). Uses 2FA, automated PGP, and Bitmessage alerts. Access it at http://zionshopusn6nopy.onion/_reg23.

zionmarket

Zocalo – A former darknet market specializing in marijuana, hash, and various paraphernalia associated with it. Recently closed due to lack of business.

zocalo_market_weed

Zork – A 1980’s text-based RPG that is now playable on the Tor network (via the not Evil search engine).

zork

P.S. As I said above, this list is far from finished. So I’ll either add more entries in later, or do a part 2 to the post. Anyhow, hope you had fun, and feel free to add your suggestion

Red Rooms Don’t Exist (Here’s Why)

welcome-to-the-game-red-room

by Ciphas

In an effort to get more connected with you, my readers, I’ve decided to do a little how-to here. So I thought that, rather than just say “all red rooms are fake,” I’m going to go through how to spot a fake red room on the dark web.

What prompted this? Well, on my previous post, I received this comment:

redroomcomment

In case that’s hard to read, here it is in slightly larger text:

“there are many red rooms its [sic] just a matter of finding them although I wouldn’t suggest it, i posted a link below. http://222222222kjhiqzb.onion/”

I actually checked out that link, and it looked all too familiar. Why’s that? Well, Mutahar (a.k.a. SomeOrdinaryGamers) featured it on his “Deep Web Browsing” series: THE “REAL” RED ROOM!?!

darkredroom

I watch those videos purely for entertainment, but yes, Muta does visit some real sites on the Tor network. (And a few on the clearnet too.)

That does not mean, however, that any of these are real red rooms. In fact, he even says so in the same video!!

The experts say they’re all fake (and I’m inclined to believe them), but let’s just play devil’s advocate and say that there are a few real ones.

paniq-room

I have come across more than my fair share of sites on Tor (and elsewhere) that claim to be red rooms. Most of them have a few things in common:

  1. They claim to show video streams of live torture, murder, and other acts.
  2. They require you to pay – usually large amounts of bitcoin or other cryptocurrency.
  3. They often ask you to download “special software,” like an alternative browser.
  4. They sometimes will link you to an alternate site to do the transactions.
  5. They almost always use a Tor-based email service – a common one is SIGAINT.
  6. They sometimes have a graphic image on the main site, usually taken from a horror film, to symbolize the acts of violence that would take place in the red room.
  7. They sometimes have a login page, which you can supposedly access after you pay.
  8. They won’t show you any sort of sample content beforehand.

That’s all I can think of at the moment.

Anyhow, if any of you have really used Tor, you probably have some idea of how slow it is. If you don’t understand why it’s slow, then allow me to direct you to their FAQ: Why is Tor so slow?

Part of the answer is: “Before we answer, though, you should realize that Tor is never going to be blazing fast. Your traffic is bouncing through volunteers’ computers in various parts of the world, and some bottlenecks and network latency will always be present. You shouldn’t expect to see university-style bandwidth through Tor.”

OK…but the red room sites say that I have download a special browser to watch the show!

Why is this? Because, in all likelihood, if these sites are asking you to download and install special software, the software in question probably has some kind of malware embedded in it.

Do you know what a RAT (remote access trojan) is? Allow me to direct you to TechTarget: What is RAT (remote access trojan)? Essentially, it’s a type of malware program that includes a back door to allow remote access to the victim’s computer.

I don’t know this from personal experience, but it’s my best educated guess. And a lot of these sites started popping up on Tor after the creepypastas and YouTube videos about red rooms became more popular – are you really that surprised?

The Shadow Web – Re-Re-Visited!!

shadow_web

I’ve done several previous posts about the so-called Shadow Web, an urban legend which I believe became popular after the creepypasta “A Warning To Those Accessing The Shadow Web” passed around.

After this, a plethora of sites popped up on the Tor network (and other networks, like Freenet) claiming to offer access to the Shadow Web.

In a similar manner to the red room sites, the Shadow Web sites claim that this is a special portion of the dark web only accessible through “special software” that you need to pay to download.

Again, not to repeat myself too much – I’ve never gone so far as to actually download the software, but I suspect that it’s infected with some kind of malware – what, I couldn’t say. I’m glad that I haven’t fallen victim to this, to be honest.

I have actually corresponded with the admin in charge of some of these Shadow Web sites, and he basically told me what I said on the “fact list” above – it’s a live torture show, you need to pay, and you need download a special browser to view it.

And yes, I know that lots of the creepypastas on Reddit and YouTube talk about the “shadow web”; I assume that they’re all bullshit. I still find them entertaining anyway. But I also find The Texas Chainsaw Massacre entertaining!

If any of you want to take the risk of paying for this and viewing it, go right ahead. But don’t say I didn’t warn you.

I imagine there are other sites like this, too – but I have my doubts that any of them are genuine.

Questions? Comments? Please! Let me know!

redroom