Creating a Hidden Network?

Journey_to_the_Dark_Web

One of my readers, with whom I’ve been corresponding on and off, wrote to me with an idea about creating a hidden network from scratch. It may have been inspired by one of my earlier posts, The “Shadow Web” Cited Me? Awesome!

In this post, I speculated about how you could create your own “shadow web,” i.e. a network that offered anonymity, and that you and only a select few people could access. In response, this reader had a few suggestions for such a network (I’m paraphrasing his (or her?) words here):

  1. One in which you could communicate via Telnet or Netcat over the Tor network.
  2. No DNS, no sites, just chats.
  3. Each user has his own list of peers.
  4. No nicknames, just onion domains.
  5. Everything is done manually, to avoid potential security flaws.
  6. Users select someone to chat with from the peer list and connect via TCP socket over Tor.

 

telnet_screenshot_2

This is, more or less, what I had in mind when I described the idea of creating a hidden network, although I had hoped that you could build websites on top of it too. What I’m unsure of, in his description, is what he means by “no nicknames,” as I would think you would need some kind of identifier to use a chat feature.

Even if the names weren’t user-generated, you could have this encrypted chat generate them for you. To use the example of the “nonsense word generators” again, perhaps the program could generate two names like this:

Hokr

Ngwood

It could also generate cryptographic keys for each identity, like:

6U-^QoM&m{z?H]g~c”AX3VgQqzVVo+

VtjHjR00ZCYVvU7Gs2iuWXQd2lX6oPDi

It’s similar to Freenet’s WebOfTrust plugin, which also generates identities for users of the network. In the case of Freenet, you have to solve some puzzles (which are more or less CAPTCHAs) in order to introduce your identity to other users. This is done to prevent bots from “joining” the network.

setup004

Personally, I love this idea, although I’m still in the process of studying some of this, and I might need a little help getting started. Anyone else have ideas to contribute? Feel free!

Hey, sooner or later I may actually have my own darknet! (And of course, I’d have to make it dark and scary.)

curtain

Advertisements

The “Shadow Web” Cited Me? Awesome!

Given that I’ve written a few past posts about the so-called “Shadow Web,” I was flattered when I came across a more recent site by that name, and they had quoted something I had written a while back when, ironically, I was less familiar with the dark web.

“The reason it’s so difficult to access the shadow web is that first, you would need a browser (such as Tor) that provides easier access to hidden sites (like .onion URLs). Then, you would most likely be given the specific URL by someone in the know, or use a search engine geared toward searching the deep web.”

I find this funny for several reasons: the statements I made at the time were not entirely accurate. Tor doesn’t really “provide easier access to hidden sites,” although at one time it was the only way you could access .onion URLs. Since there are now Tor2web proxies (like onion.to and onion.link), through which you can access Tor hidden services from the clearnet, you don’t necessarily have to have the Tor browser to reach them.

However, using the proxies is not a safe way to do so, because there’s a far greater chance that someone could spy on your web traffic in the process. They even warn you about this on some of the sites:

onionto

Also, at the time that I wrote the original post, I didn’t distinguish between “deep web” and “dark web” (which are still confusing terms for most people). I meant to say dark web, honest!!

tor2web

Regardless of my errors, thanks for citing me as a source, Mr. Shadow Web! The “new” Shadow Web site is located at http://shadowznwuibgi7w.onion, and looks somewhat similar to the previous ones. I attempted to take a screenshot of it, but that function was disabled (of course). In essence, it’s a black background with this picture at the top:

access the shadow web

The landing page of the so-called “Shadow Web” site

The only difference between my picture and theirs is that theirs says “Access The Shadow Web” at the top. This time around, they feature an FAQ of sorts, to try to “debunk” some of the “myths” about the Shadow Web…

And I quote…

# 1 Shadow Web is a myth or true

ANSWER: IT IS TRUE

# 2 Is Shadow Web somewhere deep hidden under something unbelievable?

ANSWER: NO. THAT WAS A MISSUNDERSTANDING [sic]. ITS [sic] NOT DEEP UNDER, OR SOME MAGIC PROTECTED. IS JUST A SPECIAL INTERNET, SEPERATE [sic], UNACCESSIBLE AND FOR THIS INVISIBLE TO GUYS THAT DO NOT HAVE THE ACCESS-KEYS TO ENCRYPT THE URL AND INFORMATIONS. IN OUR PACKET WE GIVE YOU 1000+ DIFFERENT KEYS. ON SOME SHADOW WEB SITES YOU CAN GET MORE FORE FREE. THERE ARE SOME SPECIAL ONES YOU HAVE TO PAY. THIS DEPEND ON WHAT YOU WANT TO GET. MOST ARE FREE.

# 3 Do I need a Super Computer for Access

ANSWER: NO. THAT IS JUST A STORY FOR STOP [sic] KIDS AND IDIOTS TO TRY.

Aw, man! And I just bought a new super computer! I won’t list all of the “FAQ” section here, but you get the basic idea. Anyhow, according to them, in order to access the site, you need to pay $295 in bitcoin, which seems a bit extravagant.

How to Create Your Own Shadow Web!

OpenVPN-Setup-on-Linux

In response to this, I thought I’d explain how you could actually create a “shadow web.” Just as there are a number of different ways to accomplish anonymity online, so are there many different networks that use these methods.

It might be something like the network dn42, which is a large VPN using various internet technologies, such as BGP, whois database, and DNS. Participants in dn42 connect to one another via network tunnels like OpenVPN and Tinc – however, dn42 is not technically part of the internet, because it doesn’t use the internet protocol (IP). Confused yet?

In other words, you could create a VPN-based hidden network, using a network tunnel. ChaosVPN, which I mentioned in some earlier posts, is also a VPN-based network. For full details on how to join dn42, click the link above.

Or it could be something like The Darknet Project – as they describe it, “A Darknet is a portion of routed, allocated IP space in which no active services or servers reside. These are “dark” because there is, seemingly, nothing within these networks.”

A third method might be to create a wireless mesh network, as I’d mentioned a couple of posts ago, but one that only you and a small number of people had access to – something like goTenna Mesh (as one example). Or, perhaps it would be something like a Freifunk network. Of course, you would need the right hardware for this, and you would have to find others to join, but that would just take a bit of time and effort.

So, in theory, a “shadow web” might be a private network that uses protocols other than the internet protocol, a darknet of some kind, or a wireless mesh network with a select few participants.

This, however, does not mean there actually is a Shadow Web – I just thought it was fun to consider how you could create one.

Will you be the first to do it? I dare you!

shadow-people

A Darknet Dictionary (Work in Progress, with Links!)

darr5

by Ciphas

So, given that there seems to be a lot of confusion about certain terms connected with the darknet and/or dark web, I thought it might be useful to have a “darknet dictionary” here. I must give some credit for this idea to Deepdotweb.com, who featured a similar article at DeepDotWeb’s DarkNet Dictionary Project! This isn’t a carbon copy of theirs, but they inspired me.

Their darknet dictionary is an ongoing project, so I think I’ll do the same with mine. If anyone wants to suggest new entries (or corrections) in the comments, feel free! I just may add them.

NOTE: Some links below may be down.

2FA – Abbreviation for “two-factor authentication.” 2FA is a type of multi-factor authentication (MFA), i.e. a user is only granted access to a site after presenting multiple pieces of authentication. Although used on the clearnet as well, 2FA is used on many darknet markets (and other sites) to verify users’ identities.

Example: a username and password, plus a separate PIN or a security question.

img21

Active at Dark Markets? – A Tor hidden service set up by Dutch law enforcement to warn darknet market users that they are being tracked.

activedark.png

Ahmia.fi – A search engine that finds Tor hidden services and I2P eepsites. Also available on Tor at http://msydqstlz2kzerdg.onion/.

ahmia

Alienet – A VPN-based hidden network that offers messaging, mail, IRC, and hidden services. Not as well known as some other darknets, but it is real. Their site is at http://darknetproject.info on the clearnet, or https://unionsoe3yw6fxaq.onion on Tor.

alienet

AlphaBay – Currently one of the top darknet markets on the Tor network. Uses both multisig transactions and a traditional escrow system (depending on the vendor). Access it at this link: http://pwoah7foa6au2pul.onion/register.php?aff=41211

AlphaBay-Home-e1440639625779

AYW – All You’re Wiki [sic]. The Hidden Wiki with all CP links removed.

allyourewiki

Besa Mafia – A fake hitman service that (surprise, surprise) turned out to be a scam. Though a number of people paid to use their “services,” no one was ever hurt or killed. The admin of the site did escape with a number of people’s bitcoins, however.

besa

Bitcoin– A digital currency created by the mysterious “Satoshi Nakamoto” in 2009. Bitcoin incorporates encryption techniques to regulate the creation of new units, and to verify the transfer of funds. The smallest units of bitcoin are called “satoshis.”

bitcoins182way

Bitcoin billionaire yet?

Bitcoin Mixer – A service used to disguise the trail of bitcoins back to their original owner. Often used when buying and selling illicit goods on darknet markets. A few examples of bitcoin mixers are: BitCloak, Grams Helix, and BitBlender.

bitcloak

Blackbook – A former social network on the Tor network, modeled after Facebook. Used to be located at https://blkbook3fxhcsn3u.onion.

Blackbook

Black Market Reloaded (BMR) – A former darknet market on Tor, and one of the oldest, which is currently offline. Plans have been announced for it to restart.

black-market-reloaded-screenshot

Blockchain – A public ledger of all bitcoin transactions that have ever been executed. This applies to other cryptocurrencies as well.

blockchaininfo

BotDW – Boss of the deep web.

botdw

Candydoll – A term referring to non-nude photos of children in suggestive poses or sexy clothing. Softcore child pornography, more or less. (Also may refer to makeup kits that are designed for this style of photography.)

NOTE: The screenshot below is from one of the sites selling the makeup kits.

candydoll_makeup.png

Carding – The trafficking of credit cards, bank accounts, website accounts, and other financial or personal information. May or may not take place within larger darknet markets. Some vendors on the dark web specialize in this type of crime.

darknet_forum

Cheese Pizza – Another slang term for child pornography.

Cipherspace – The “hidden internet,” built on top of anonymity networks like Tor, I2P, Freenet, and others.

Clearnet – The “normal internet” accessible without special software or configurations. (e.g. Google, Bing, Facebook, Wikipedia, Twitter, Reddit, etc.) Also sometimes referred to as the “surface web” (though this term is wildly inaccurate and confusing.)

surface-web-anz-tech-anztech-pc-fix-in-manukau-computer-repair-in-penrose

Enough with the icebergs, already!

Cold storage – Keeping a reserve of bitcoins offline (e.g. on a USB drive or encrypted media) to prevent tampering or theft.

coldstorage_bitcoin

CP – An acronym for “child porn” or “child pornography.”

Cryptography – The art of writing and solving codes. With regard to the dark web, it is a means of encrypting data (messages, etc.) that you send over the network.

Daisy’s Destruction – An infamous film made by child pornography producer Peter Scully (see entry), through his company No Limits Fun. The film shows the sexualized torture and abuse of several young girls, one of whom is referred to as “Daisy.” However, the film has reached mythological status on the web, with the details and facts about it being blown out of proportion.

daisy

Darknet – An overlay network that requires specific software, configurations, or permission to access. Examples include: Tor, I2P, Freenet, GNUnet. Some of these networks (like Freenet) have both “darknet” and “opennet” modes, where you can choose whether to connect only to peers that you trust, or connect to anyone.

ccnx_166975_full

Darknet Heroes League (DHL) – DHL is an escrow market comprised of old school vendors who were invited to sell there. Access it at http://darkheroesq46awl.onion.

dhlmarket

Darknet Market – A market hosted on an anonymity network (such as Tor) that often (but not always) deals in illicit goods. Popular purchases include drugs, drug paraphernalia (like pipes), firearms, hacked PayPal accounts, skimmed credit cards, counterfeit money, porn accounts, and fake official documents.

dream_market_drugs

Dark0de (a.k.a. Darkode) – A notorious hacking and cybercrime forum, originally hosted on the clearnet, which transitioned to the Tor network.

DarkodeKoS.png

Dark Mamba – A new “private military company” that claims to offer murder-for-hire services, run by the admin of the old Besa Mafia site. (i.e. another fake hitman site.) Located at https://darkmambawopntdk.onion.

dark-mamba

Dark Web – The part of the web that exists on darknets like Tor, I2P, Freenet, GNUnet, and other networks, and requires special software, configurations, or permission to access. The dark web is a small part of the deep web. The word “dark” does not refer to the content, but rather the fact that the networks are special access.

SIGAINT-attack

Dark Web News – A news site that reports on events that take place on the dark web. Also features bitcoin tutorials, links, and a comparison of darknet markets. Located at https://www.darkwebnews.com.

darkwebnews

DBAN – Darik’s Boot and Nuke – free erasure software that automatically deletes the contents of any hard drive it can detect, developed by Darik Horn.

dban11

Deep Web – The part of the web not indexed by traditional search engines, like Google. This term is often confused with “dark web,” but the two are not synonymous.

91d6d0cc4ed117a62f37c70d97e1a077_original

Deepdotweb – A site that releases news, articles, and occasionally tutorials about the dark web (primarily Tor). They also keep an accurate, updated list of darknet markets that’s very reliable. Can be found at Deepdotweb.com or https://deepdot35wvmeyd5.onion.

deepdotweb3.png

DisconnectA clearnet search engine that prevents other search engines from tracking your searches. It used to be the standard search engine on the Tor browser. Located at https://search.disconnect.me/.

disconnect_search

DNStats.netA site that monitors the status of various darknet markets and a few other sites on the Tor network. Located at https://dnstats.net/ on the clearnet, and https://dnstatstzgfcalax.onion/ on Tor.

dnstats

Doxing – The act of researching and posting someone’s personal information (e.g. phone number, address, full name) on the internet. Takes place on both the dark web and clearnet.

doxbin

Doxxters, The – A group who offers a doxing service for pay. Located at https://doxxtereufvckkiz.onion.

doxxters

Dream Market – Another top darknet market hosted on the Tor network, which uses a traditional escrow system. Access it at http://lchudifyeqm4ldjj.onion/?ai=1675.

dreammarket-drugs3

DuckDuckGo – Currently the standard search engine used on the Tor browser. Is popular with privacy-minded users. Located at https://duckduckgo.com/ on the clearnet, and https://3g2upl4pq6kufc4m.onion on Tor.

duckduckgo

Dump – The sharing of stolen data, such as usernames, passwords, credit card numbers, and bank account data. Also takes place on the clearnet, but is more infamous on networks like Tor.

dumpsad

Eepsite – The name for hidden services hosted on the I2P network. They end in the domain name .i2p.

eepsite

Freedom Hosting – A former Tor specialist web hosting service which, at its height in 2013, was the largest hosting service of its kind. Was the target of an attack by Anonymous, as well as a large law enforcement operation headed by the FBI. Has since been succeeded by another service dubbed “Freedom Hosting II.”

freedom_hosting

Freenet – A peer-to-peer network for censorship-resistant communication, touted as an alternative to other networks like Tor and I2P. It features anonymous messaging, email, social networking, and site hosting. A typical Freenet URI looks like this:

USK@MYLAnId-ZEyXhDGGbYOa1gOtkZZrFNTXjFl1dibLj9E,Xpu27DoAKKc8b0718E-ZteFrGqCYROe7
XBBJI57pB4M,AQACAAE/pyFreenetHg/31/

Download it at https://freenetproject.org/.

freenet_mainpage

Freesite – The name used for Freenet’s hidden services.

freenet_fms_setup

FullzIn carding terms, “fullz” refer to full database records of personally identifiable information. Such things might include names, addresses, phone numbers, bank account information, social security numbers, passwords, etc.

SPAM_smtp-rdp-cc-fullz-plus-bitcoin-carding-methods_6115250321125192472-a347a8c0d08d4002b40415e8063cdb64.jpg

Galaxy2 – A popular social network on Tor. It is a follow-up to the original Galaxy social network, created by “Lameth.” Located at https://w363zoq3ylux5rf5.onion.

0b034e7890a8d0073b501f05601a4071

GNUnet – A free software framework for decentralized peer-to-peer networking. It includes P2P applications, such as chat, file sharing, and VPN.

gnunet_screenshot

Grams – A Tor-based search engine for darknet markets, which helps compare goods, prices, and vendors. Tor link: http://grams7enufi7jmdl.onion/

grams-black-market-search-engine

HANSA Market – A darknet market with a multisig escrow system. Tor link: http://hansamkt2rr6nfg3.onion/affiliate/110

hansa_market

Hard Candy – Slang term for an underage girl – roughly age 12-16, on both the dark web and clearnet. Also can refer to child pornography featuring girls of this age.

Harry71’s Onion Spider – A popular link repository on Tor. Is respectable because it’s updated daily, and the links are generally accurate and active. Tor link: skunksworkedp2cg.onion

harry71_onion

Helix Light – A bitcoin cleaner available from the developers of Grams. Tor link: http://grams7enufi7jmdl.onion/helix/light

helix_light

Hell – Infamous hacking forum formerly hosted on the Tor network, where users share hacking tips as well as stolen data. There is another site currently going by the same name, but it is actually a clone site made with a stolen private key from the original site.

Hidden Wiki – Name for a popular wiki on Tor that links to and describes some basic Tor hidden services (for noobs). The main one is located at http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page. There are several other sites that use the name Hidden Wiki as well, but this one is usually the site in question.

hiddenwiki2

Hitmen/Assassins – A service that’s supposedly easy to find on the dark web. All of the sites offering these services have turned out to be elaborate scams, but the myth continues to be perpetuated by creepypastas and rumors.

hitman_network

Hurtcore – Most extreme form of child pornography, involving such things as physical injury and rape, which can be found on the dark web. Avoid at all costs.

screen-shot-2015-09-10-at-8-54-44-pm

Credit: allthingsvice.com

I2P – An overlay network and darknet that allows applications to send messages to each other anonymously and securely. Download it at https://geti2p.net/en/.

I2P_router_console_0.7.7

L33TER – A vendor shop started by L33Ter, vendor from most of the early darknet markets. Specializes in digital and physical products. Located at http://l33ter2w7q4bytfh.onion.

l33ter

LE – An abbreviation for “law enforcement.”

Litecoin – A peer-to-peer cryptocurrency that is based on bitcoin. Find out more at Litecoin – Open source P2P digital currency.

litecoin

Lux – Username of Matthew David Graham, convicted (and imprisoned) owner of child pornography sites PedoEmpire, Hurt 2 The Core, and Love 2 The Core (among others).

matthewdgraham

Mesh routing network – Networks made up of radio nodes arranged in a mesh topology. Examples include Netsukuku, GNUnet, Hyperboria, and CCNx. Many of these are still in beta mode and have not been officially released, but they have been advertised as alternatives to the traditional internet structure being used right now.

netsukuku

Multisig – An abbreviation for “multsignature.” The requirement for more than one key to authorize a bitcoin transaction.

multisig

Credit: deepdotweb.com

not Evil – The premier search engine on Tor. Was originally designed to look like a parody of Google. Located at https://hss3uro2hsxfogfq.onion.

notevil-chat

Onionland – A nickname for the Tor network.

2000px-Tor-logo-2011-flat.svg.png

OpenBazaar – A decentralized peer-to-peer marketplace that sells a variety of goods for bitcoin and currently runs on the Tor network. Not a “darknet market,” per se, but uses a similar concept.

openbazaar

Operation Onymous – An international law enforcement operation targeting darknet markets and other Tor hidden services in 2014. Supposedly shut down over 400 sites (although many were clone sites).

xzfzwwhgrbpgguhzhkiu

Outlaw Market – Another of the top darknet markets on Tor. Sells drugs, digital goods, weapons, and other merchandise. Access it at http://outfor6jwcztwbpd.onion/indxx1.php.

outlaw.png

Pedo – A slang term on the dark web for “pedophile.” Refers not only to the people themselves, but related sites and materials. (e.g. PedoEmpire)

PedoFunding – A now-defunct website on Tor run by convicted freelance photographer Richard Huckle. Huckle has since been imprisoned, and received 22 consecutive life sentences.

PGP An encryption standard created by Phil Zimmermann in 1991. The initials stand for “Pretty Good Privacy.” PGP is frequently used to encrypt and decrypt messages on the dark web.

public-key

PlayPen – A large child pornography site that, in 2015, was seized by the FBI and used to catch pedophiles who were accessing the site. This has been one of the more controversial cases, as some have questioned the legality of the FBI’s actions.

Qubes – A security-focused operating system that aims to provide security by isolation. One of many distros that can help provide security and anonymity. Official site: https://www.qubes-os.org/

r3rc1-nalu-desktop-1

/r/darknetmarkets – A subreddit dedicated to information and discussions about darknet markets.

/r/deepweb – A subreddit dedicated to factual information about the deep web and dark web (as opposed to urban legends).

Red Room – A series of mythological sites on the dark web that supposedly feature live torture and murder (see “Shadow Web”). Entrance to these sites (in theory) requires bitcoin, as well as special credentials, such as a password given by an administrator. They are, more or less, an extension of the urban legend of “snuff films.”

All of the ones that have become public knowledge have turned out to be scams, yet many creepypastas and YouTube videos have continued to perpetuate the myth.

darkredroom

Scam/Scammer – In the context of the dark web, someone who purports to be selling certain goods or services, and doesn’t follow through, or misrepresents their intentions (e.g. a drug vendor who never delivers their goods, or a “financial service” designed for identity theft).

sheep-scam1

Credit: Deepdotweb.com 2013

Scream, Bitch! – A hurtcore forum on the Tor network. For those of you thinking of joining, registration is closed.

sb_darkweb

Scully, Peter – An infamous Australian pedophile and producer of child pornography, most notably the film Daisy’s Destruction, which has achieved internet notoriety. Scully had formed his own production company to make these films, called No Limits Fun.

peter_scully

Shadow Web – A fictitious part of the dark web perpetuated by creepypastas and YouTube videos. Supposedly features live torture and murder shows for those who pay the right price. A number of sites on Tor claim to offer access to the Shadow Web, but they are all scams. Here’s one example: Shadow Web Gateway 2.0

shadowweb_3

Silk Road – An online black market, considered to be the first modern darknet market. Launched by founder Ross Ulbricht in 2011, the site was shut down by feds in October 2013.

2013116192258674734_20

Silk Road 3 – An escrow market that used to go by another name, but adopted the Silk Road brand. There has been much speculation as to whether or not the market will exit scam or will be taken down, but it is still currently running. Located at reloadedudjtjvxr.onion.

silkroad30_login

SSH – Stands for “secure shell.” SSH is a cryptographic network protocol for operating network services securely over an unsecured network. As with PGP, SSH uses public and private keys to authenticate users.

puttytunnel_06

Suicide Apartment – Members-only social network on Tor (which used to exist on the clearnet). It’s meant to be a site for people who are suicidal and want to find someone else to “leave the world with.” The only way to become a member is to receive a voucher from an existing member.

suicideapartment

Tails – A popular Debian-based live operating system that many dark web users install for extra protection. “Tails” is an acronym for “The amnesic incognito live system.”

tails_screenshot

TLA – An abbreviation for “three-letter agency.” Includes federal agencies such as the CIA, FBI, NRO, NSA, DEA, DHS, and others, who are looked upon with suspicion in the dark web.

hidden_site_seized.png

Tor – An anonymity network on which many “dark web” sites are hosted. The name “Tor” stands for “the onion router.” Frequently, people who say they’re on the “deep web” are referring to Tor. Download it at https://torproject.org.

tbb-screenshot3

TorBay – A Tor-based social network and forum which more or less replaced Blackbook.

torbay

Torch – A simple Tor search engine. Located at https://xmh5752oemp2sztk.onion

torch_search

Traderoute – A traditional and multisig escrow marketplace on Tor.

traderoute

Valhalla (Silkkitie) – Originally a Finnish-only darknet market, now available in English. Valhalla is invite-only, and offers both traditional escrow and multisig transactions, 2FA, and PGP. Requires a referral link to register as either a buyer or a vendor.

silkki

Vendor Shop – Smaller shops started by some of the major darknet market vendors, usually specializing in certain types of items. Examples: Mollyworld and MegaPack.

VPN (Virtual Private Network) – A private network which extends across a public network (internet). Many experts recommend using a VPN in addition to using Tor! (hint hint)

vpn10

Welcome to Dark Web Links and More! – Link list for Tor hidden services. Notable because they do not accept submissions of CP links, and also feature links to Usenet groups. Access it at https://jdpskjmgy6kk4urv.onion/links.html.

welcometodarkweblinks

Zion Market – A newer multisig darknet market without user wallets. Buyers have the option of selecting 2-of-2 (the server and vendor have the keys), or 2-of-3 (the buyer also has a key). Uses 2FA, automated PGP, and Bitmessage alerts. Access it at http://zionshopusn6nopy.onion/_reg23.

zionmarket

Zocalo – A former darknet market specializing in marijuana, hash, and various paraphernalia associated with it. Recently closed due to lack of business.

zocalo_market_weed

Zork – A 1980’s text-based RPG that is now playable on the Tor network (via the not Evil search engine).

zork

P.S. As I said above, this list is far from finished. So I’ll either add more entries in later, or do a part 2 to the post. Anyhow, hope you had fun, and feel free to add your suggestion

Red Rooms Don’t Exist (Here’s Why)

welcome-to-the-game-red-room

by Ciphas

In an effort to get more connected with you, my readers, I’ve decided to do a little how-to here. So I thought that, rather than just say “all red rooms are fake,” I’m going to go through how to spot a fake red room on the dark web.

What prompted this? Well, on my previous post, I received this comment:

redroomcomment

In case that’s hard to read, here it is in slightly larger text:

“there are many red rooms its [sic] just a matter of finding them although I wouldn’t suggest it, i posted a link below. http://222222222kjhiqzb.onion/”

I actually checked out that link, and it looked all too familiar. Why’s that? Well, Mutahar (a.k.a. SomeOrdinaryGamers) featured it on his “Deep Web Browsing” series: THE “REAL” RED ROOM!?!

darkredroom

I watch those videos purely for entertainment, but yes, Muta does visit some real sites on the Tor network. (And a few on the clearnet too.)

That does not mean, however, that any of these are real red rooms. In fact, he even says so in the same video!!

The experts say they’re all fake (and I’m inclined to believe them), but let’s just play devil’s advocate and say that there are a few real ones.

paniq-room

I have come across more than my fair share of sites on Tor (and elsewhere) that claim to be red rooms. Most of them have a few things in common:

  1. They claim to show video streams of live torture, murder, and other acts.
  2. They require you to pay – usually large amounts of bitcoin or other cryptocurrency.
  3. They often ask you to download “special software,” like an alternative browser.
  4. They sometimes will link you to an alternate site to do the transactions.
  5. They almost always use a Tor-based email service – a common one is SIGAINT.
  6. They sometimes have a graphic image on the main site, usually taken from a horror film, to symbolize the acts of violence that would take place in the red room.
  7. They sometimes have a login page, which you can supposedly access after you pay.
  8. They won’t show you any sort of sample content beforehand.

That’s all I can think of at the moment.

Anyhow, if any of you have really used Tor, you probably have some idea of how slow it is. If you don’t understand why it’s slow, then allow me to direct you to their FAQ: Why is Tor so slow?

Part of the answer is: “Before we answer, though, you should realize that Tor is never going to be blazing fast. Your traffic is bouncing through volunteers’ computers in various parts of the world, and some bottlenecks and network latency will always be present. You shouldn’t expect to see university-style bandwidth through Tor.”

OK…but the red room sites say that I have download a special browser to watch the show!

Why is this? Because, in all likelihood, if these sites are asking you to download and install special software, the software in question probably has some kind of malware embedded in it.

Do you know what a RAT (remote access trojan) is? Allow me to direct you to TechTarget: What is RAT (remote access trojan)? Essentially, it’s a type of malware program that includes a back door to allow remote access to the victim’s computer.

I don’t know this from personal experience, but it’s my best educated guess. And a lot of these sites started popping up on Tor after the creepypastas and YouTube videos about red rooms became more popular – are you really that surprised?

The Shadow Web – Re-Re-Visited!!

shadow_web

I’ve done several previous posts about the so-called Shadow Web, an urban legend which I believe became popular after the creepypasta “A Warning To Those Accessing The Shadow Web” passed around.

After this, a plethora of sites popped up on the Tor network (and other networks, like Freenet) claiming to offer access to the Shadow Web.

In a similar manner to the red room sites, the Shadow Web sites claim that this is a special portion of the dark web only accessible through “special software” that you need to pay to download.

Again, not to repeat myself too much – I’ve never gone so far as to actually download the software, but I suspect that it’s infected with some kind of malware – what, I couldn’t say. I’m glad that I haven’t fallen victim to this, to be honest.

I have actually corresponded with the admin in charge of some of these Shadow Web sites, and he basically told me what I said on the “fact list” above – it’s a live torture show, you need to pay, and you need download a special browser to view it.

And yes, I know that lots of the creepypastas on Reddit and YouTube talk about the “shadow web”; I assume that they’re all bullshit. I still find them entertaining anyway. But I also find The Texas Chainsaw Massacre entertaining!

If any of you want to take the risk of paying for this and viewing it, go right ahead. But don’t say I didn’t warn you.

I imagine there are other sites like this, too – but I have my doubts that any of them are genuine.

Questions? Comments? Please! Let me know!

redroom

So-Called Red Room Site: A Creepy Experience

red_prison_torture_room

Ah, the legend continues!  I’ve done several posts about the so-called “red rooms” that may or may not exist on the dark web, and it’s been an interesting process.  (I’m leaning toward not, by the way.)  For the newcomers, here are the previous entries:

Are Deep Web Red Rooms Real?

Is the Shadow Web a Reality? (Updated)

Dark Web Sites That *Claim* To Be Red Rooms

Red Rooms Finally Debunked Forever?

A Chat with the Directors of The Darkest Alley! (interview)

In the process, I’ve become more and more convinced that it would be extremely difficult, if not impossible, to host something like a red room on the dark web (Tor in particular).  Not only is livestreaming very difficult due to latency problems, but you would also have the problem of something like a live murder leaving behind evidence for law enforcement.

Nonetheless, in my research process, I’ve continued looking for sites that are labeled as red rooms, or sell themselves on the premise of being a red room.  I have come across several of those while hunting, and most seem to be scams.

Red Room #12589903

red room scam

The alleged “red room” site.

 

Most recently, I found yet another site with a similar premise, located at http://5xcds7yhgisfm6mu.onion/.  As you can see from the screenshot, it’s rather basic looking and gives very few details.  You had to contact them to get any other information.

Once again, out of curiosity, I contacted the site owner (or whomever) via the email address that was listed, and sent a PGP-encrypted message asking how to sign up.  He sent me back a PGP-encrypted message with details on what I had to do, and how much I had to pay, etc.

Now, here is the creepy part: the person who responded actually knew my real name.  That was enough to freak me out, at least a little bit.  I didn’t ask, but I was also concerned if he had any of my other personal information.

(Later, when he found out I was blogging about him, he spewed out a list of other personal info, like my wife’s name, the city I lived in, and several places that I frequent.  But you could honestly find those just by Googling me.)

It reminded me, at least slightly, of some of the “deep web” stories like the previously mentioned Horrifying Deep Web Stories: Why I Quit Hacking or 3 Disturbing Deep Web Stories by Mr. Nightmare.  And yes, I know that those are just stories,  but it was the possibility of someone finding out my real identity that was reminiscent of some of the stories.

His response to my first question, like most of the others, was that I had to pay 2.0 bitcoin (a.k.a. $1344.80) to gain access, and then to actually be the “master” of the show, I had to win an auction (similar to most of the other supposed red room sites).

Once you paid, supposedly, you would be given a username and password to simply access the site.  (You could only access the landing page without it.)

Invasion of Privacy??

panic-lots-you-just-got-hacked

So my question was – where did the guy get my name from?  Well, without asking directly, I had several theories.

When I had used my PGP key on the message I sent initially, it’s possible that my name was encoded into it somehow.  I actually find that less disturbing than some of the alternatives.

Beyond that, I combed through my system with various anti-malware tools, and came up with a few troubling findings.  One of them was a type of trojan (whose name I forget at the moment) that is specifically designed to steal login credentials and personal information.

I was able to remove it, but the question still remained – was that what gave away my name?  I still don’t know for certain, and I would feel more comfortable if I did.

Moral of the Story…

53865-bigthumbnail

So what have I learned from this?  I need to be more careful about whom I correspond with on the dark web, and when I do so, it’s imperative that I have all privacy and security protocols in place, and don’t do anything idiotic.  (Insert “I told you so” here.)

In the meantime, I’m still finding the process enjoyable, and believe it or not, I have learned a few things from my mistakes.

I hope you can, too.

 

 

ChaosVPN: Making Friends with Hackers!

Bildschirmfoto_2013-12-04_um_09.54.42

Alright, I admit it!  I’d been debating what to write my next post about, because everything that I had in mind required a lot of reading, research, and experimentation.

Fortunately, I came across something called ChaosVPN not too long ago.  I had heard about it via a deep web/dark web-themed Google+ group, in which I’ve made friends with many coders and fellow dark web explorers.  The name conjured up all sorts of silly tech-related movie tropes in my mind.

So what is it?

It’s a VPN designed to connect hackers and hackerspaces.  Keep in mind that this doesn’t necessarily constitute malicious (or “black hat”) hacking.  ChaosVPN has a wiki maintained by the Chaos Computer Club in Hamburg, Germany.

The idea sounded cool enough, but what really inspired me to look into it further was this image on the main page:

chaosVPN

If that’s hard to read, the quote I’m thinking of is the one in red that says

“ChaosVPN is a VPN to connect Hackers and Hackerspaces – it does NOT provide anonymous internet access!  For this look at tor or other similar services.

It will also not help you to reach domains like .rdos, .lll, .clos or any other strange things supposed to be available on the ‘dark web.'”

Does that sound familiar?  No?  Let me refresh your memory:

shadowweb

*Sigh* Yes, it’s our old friend “The Shadow Web” again.  The text is cut off in the screenshot, but the original page claimed that if you downloaded the software, you would be able to “access hundreds of other domains like .LLL and .RDOS sites.” ಠ_ಠ

By the way, if you’re still interested in that, you can contact the owner at shadow-web@sigaint.org.  Just don’t give him your money, OK?

So, if you can’t access .lll or .rdos sites, why install ChaosVPN? (I kid.)  Well, personally I love the idea that it connects different networks of hackers, and makes communication simpler.

If you read the “Goals” section of the wiki, the creators actually outline the purposes of ChaosVPN:

“Design principals [sic] include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is…able to run on a embedded hardware you will find in [today’s] router…

“Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.

“ChaosVPN connects hacker[s] wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks – maybe down to a small /32.

“So there we are. ChaosVPN is working and it seems [as] the usage increases, more nodes join in and more [services] pop up.” 

(For full text go to ChaosVPN – CCCHHWiki).

I may not be a hacker [yet], but as an investigative tech blogger and aspiring coder, this is definitely something that interests me (and I figured it would interest you too, readers!).

Tinc-erbell? 

tinc_2

 

As the creators of ChaosVPN mention above, the network uses tinc, a VPN “daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet. tinc is Free Software and is licensed under the GNU General Public License version 2 or later,” according to their official site.

“Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software.  This allows VPN sites to share information with each other over the internet without exposing any information to others.” 

Wow – am I wrong in saying that that sounds like some technobabble they would use on CSI: Cyber or something?

69118661

Nope.  It’s 100% accurate!  From the description, this sounds ideal for a VPN designed to connect hackers, as ChaosVPN is intended to do.  I know I’ve been quoting a lot of technobabble in this post, but I felt it was somewhat necessary to get an understanding of how ChaosVPN worked!

I’ll be honest – I’m really not an expert with it yet, and I’m still in the process of building ChaosVPN on my system.  I’m determined to get it working, though, and I thought you all could accompany me along the way!

Wiki of Chaos

The ChaosVPN wiki has a set of excellent how-tos for the following operating systems:

I went with the Ubuntu Howto, since I have that installed on my system.  (When I do finish setting it up, I think that would warrant a sequel to this post.)

No matter which operating system you’re using, you need to install Tinc VPN (mentioned above) first.

Initially, I was going to quote portions of the setup instructions in this post, but the ChaosVPN wiki is currently down.  I should’ve printed them when I had the chance! 

Oh wait, never mind – it’s up again.  Well, perhaps I’ve done enough plagiarizing in this post, but you can look at any of the links above for detailed instructions.

Fortunately, they also have a repository on GitHub: GitHub – ryd/chaosvpn: Config generator for chaosvpn.  I think that should help!

If any of you are able to get the VPN up and running, feel free to let me know.  I’m sure I’ll be able to put it together soon.

Well, that just means we’ll have a part 2 to this post!

In the meantime, I return to my ARG – real life, that is.

 

 

Exposed: Mariana’s Web Scam on Tor!

scam_alert

Good morning, readers!  How is everyone?  (Or as I say to my Italian fans, “Buongiorno, lettori! Come stanno tutti?”)

Since I recently branched out into the “business” of exposing scams on Tor and other networks, I thought I should share another one that I came across recently.

In my earlier post A Blog About So-Called Mariana’s Web?, I speculated about the possible existence of a network called Mariana’s Web (although my suspicion is that it doesn’t really exist).  It’s an enjoyable blog to read, but some of it has the feel of a sci-fi novel.

The creator of the site that I found the other day entitled it Your only chance to ACCESS the Marianas Web, and it looks very similar to the Shadow Web sites that I had written about on other posts.

marianas_web_fake

Here are the sites that went by the name of “Shadow Web” or “Gateway to the Shadow Web”:

shadowweb_2

I could’ve made this page in about 5 minutes.

shadowweb_ss

Ooh, now they’re using creepy graphics!

shadowweb_3

And now they’ve added a big yellow logo at the top!

Are you sensing a theme here yet? Not only do these sites look similar, but several of the bitcoin addresses use the Satoshibox site for sending bitcoins, which seems suspicious to me:

satoshibox_scam

I’ve heard of other scammers using the same service for payment as well.  Although there’s no way to know for certain, it isn’t a good sign when there are three or four sites advertising what is essentially the same thing with different graphics.

This isn’t to say that there aren’t legitimate reasons for using Satoshibox, but it’s rare that I come across people using that specific site on the dark web, with the exception of this “Shadow Web” crap.

Granted, they do use different BTC addresses, but if it is the same scammer, then he or she is probably just using multiple addresses to appear as different individuals.  In the previous post, where I had looked at the “dark web ponzis” on Tor, it looked as though the same individual was using a number of different BTC addresses as well – but the sites looked so similar that it was obvious that the same person was running them.

A few of the “Shadow Web” sites even featured the same email address as the contact email, which is why I suspect that it’s just the same person that I talked to in Dark Web Sites That *Claim* To Be Red Rooms. He’s even posted on several Tor forums advertising his site, which makes me think he was getting desperate for money.

My point is that it looks as though someone (possibly the same person in all cases) is simply trying to profit off of a popular urban legend and creepypasta.

I’ve said it before, but “If it sounds too good to be true, it probably is.”  This applies to the dark web as well – in fact, it especially applies to the dark web!

If you really want to, you can shell out the money to access the “Mariana’s Web,” but I DON’T recommend it, because I know that several people have been scammed by the “shadow web” sites.  If it’s the same person running them, then you’re SOL.

In any case, have fun on the dark web.  Keep your cash close, and your bitcoins closer!