¡Para mis lectores espanoles!

NOTA: Sé que se supone que hay un acento sobre la “n” en el título, pero no funcionaba por alguna razón.

Me he dado cuenta de que recibo muchos comentarios en español últimamente. Muchos de ellos preguntan cómo acceder a la web oscura.

Como ya he dicho antes, acceder a la web oscura no es tan difícil. Simplemente vaya al sitio web Tor Project, o más específicamente, Download Tory descargue el Navegador Tor.

tor-browser

Una vez instalado, la parte complicada puede ser encontrar enlaces de .onion. Este es el nombre de dominio que utilizan los sitios Tor.

Conozco algunas buenas listas de enlaces que puedes usar para encontrar sitios Tor:

http://jdpskjmgy6kk4urv.onion – ¡Bienvenido a Dark Web Links y más!

http://dlggj2krbqzm5dru.onion/ – Flare

http://gjobqjj7wyczbqie.onion/ – Candle

http://hss3uro2hsxfogfq.onion – not Evil

http://bznjtqphs2lp4xdd.onion/ – Dark Web Links Buscador

http://darkdirmpmoq3uur.onion – DarkDir

http://zlal32teyptf4tvi.onion – Fresh Onions

darkweblinks&more

¡Por lo tanto, allí! Espero que esto te ayude a comenzar tus oscuras exploraciones web. Bajo el capó, Tor es un poco más complicado, pero estos son los conceptos básicos.

Si tiene otras preguntas, no dude en decirme en la sección de comentarios.

 

Advertisements

Terminal 00: Portfolio or Puzzle?

Those of you who spend a reasonable amount of time on the dark web may have come to the conclusion that it’s boring (contrary to popular belief!). I mean, just look at this one:

doxbin

No offense, DOXBIN; please don’t dox me, OK? While I don’t necessarily think that it’s boring, there seem to be just as many (if not more) strange sites on the clearnet.

Case in point: I recently came across the site angusnicneven.com, which appears to be a portfolio site for the artist Angus Nicneven (also called “Terminal 00”). I only say “appears” because if it is a portfolio site, it’s the most bizarre (and awesome) one I’ve ever seen.

On its homepage, the site looks like this:

terminal00

It has a constant buzzing noise in the background, which can get grating after awhile, but there’s always the mute button for that. Besides, it definitely contributes to the overall atmosphere.

Across the top of the page, you’ll see some scrolling text that reads, “Terminal 00 may be traversed by way of probes. Current probe classification: 00 Penetrate the depths of our pain with that, dear traveler.”

terminal00_probes

OK, so where do I get a probe? Maybe he has them for sale….

Anyway, if you scroll further down the page, you’ll see some links to Angus’ bio and “portfolio,” if you will. Even these, however, aren’t what you’d normally expect from a portfolio site.

If you click on the “About” link, it takes you to this:

angus_niceven.png

The image flickers like some kind of hazy TV transmission, which is a very nice touch. It’s almost as if Angus isn’t a human at all, but an A.I. of some kind (I’m sure that isn’t the case, but it fits the story!).

Below the photo, it says “Uploading relevant data now…

“Expect fragmented data (CoS is the cause).” Interestingly, if you click that link, it takes you to this disastrous looking page:

terminal00_CoS

If you can’t read the text, it says, “Return. CoS Detected. This space is unstable. We will maintain for as long as we are able. Watchers are ineffective at this stage. Use signal [SOL onset] and awaken the constructs.”

Below that is some animated text that says “CoS is spreading and spreading and spreading…” endlessly. If you wait for this text to finish printing, you’ll eventually see a message that says, “Ahh, so you haven’t retreated yet? You must feel the same as I do. Any cost, even death, it’s irrelevant, right? For a probe only needs to probe, to plunge deeper and reveal truths. Well then let us probe further…”

terminal00_retreated

The next page is called “Crossroad,” and looks like this:

terminal00_crossroad.png

That’s not the entire thing, but I wouldn’t want to give away the whole puzzle, would I? (In fact, I haven’t solved all of it yet.)

So what does all of this mean? I’m not entirely sure. The site does have an FAQ, which might explain some of it. One of the questions on the FAQ reads, “What is the purpose of this website?”

The answer says:

“There is no singular purpose to this website. Much like certain phrases or paragraphs in my writing, there is a multi-faceted purpose to it.

“Firstly, angusnicneven.com is my author website; I require such a thing to further my writing ambitions. Secondly, it is another way to give my nightmares a vector into your mind. That is to say, I can spread my warning further and by a different means AND have it spread faster than a non-released book will. Far from instant gratification, but much faster in comparison. Thirdly, it’s a creative outlet. It’s fun… sometimes.”

Well, I can’t argue with that!

There is one link that reads “Map,” but it’s basically a red herring, because all you see is this, plus an “error” message that disappears quickly:

terminal00_map.png

There’s also a mysterious page called “Gathering,” which has this text:

terminal00_everything

This definitely reminds me of some of my favorite horror films. How did you know I was a fan?

Like I said earlier, this has nothing to do with the deep web and/or dark web; I just thought it was interesting, and fun!

If you’re interested in seeing more about this site, readers, let me know, and I’ll explore it further. I encourage you to do the same.

 

Have I Been Pwned? (Maybe.)

Has all my talk about the dark web and malware come back to bite me in the ass? Maybe…

One of my readers sent me a message and informed me that according to the site Quttera, I had malware on this very blog. For all my talk about being safe and blah blah blah, it is a little ironic that I could have malware on my own site, isn’t it? Here were the scan results, according to them:

quttera_malware_censored

So, I have one malicious file and one “potentially suspicious” file? Well, that’s cause for concern, but it could have been worse. Of course, according to them, if I want to remove said malware, I have to sign up for the paid version (isn’t that always the case?).

Oddly enough, I tried a few other scans, such as Blacklist Website Checker and Is It Hacked?, and according to those, I was clean! So which one is it, then?

I suppose it’s not unlike scanning your computer or device with different antivirus programs: they won’t pick up everything. And look: as I’ve said before, I’m not a full-fledged “hacker” (at least not yet), although I’m in the process of learning. You have to make a few mistakes before you get there. (To tell the truth, I’m shying away from the term “hacking,” since it has so many connotations. How about “coder”?)

Given that my site is still functioning, for the most part, that’s good news! I did some searching, and found a few tools that are designed to remove such malware:

Wordfence Site Cleanings

wordfence

Wordfence is a site cleaning service specifically geared toward WordPress and Joomla sites. Their services include:

  • Cleaning Infections
  • Analyzing how an attacker gained entry
  • Removing malicious code and malware
  • Showing you a detailed report of the removal and investigation
  • Using 20+ site blacklists to help keep your site clean
  • Offering a detailed checklist to help prevent future attacks

Price: $179

Sucuri

sucuri_edited

 

SiteGuarding

siteguarding

6Scan

6scan

StopTheHacker

stopthehacker_edited

Web Malware Removal

webmalwareremoval_edited

SiteLock

SiteLock_edited

Virusdie

virusdie_edited

Comodo cWatch

comodo_cwatch_edited

Unfortunately, all of these, while they may scan you for free, charge money to remove any malware you come across. (Gotta make a living, right?)

If you don’t want to use the paid software, there’s always the manual option – but then, of course, you have to know what you’re doing, and it can take longer as well.

Anyhow, my site seems to be working fine at the moment, but if anything else suspicious happens…maybe I’ll take one of these scanners up on their offer.

Beware, Maltego Will Find You!

by Ciphas

deep-web-1292333_960_720

A friend of mine recently introduced me to a program called Maltego, made by the South African security company Paterva – and if you use it, it may frighten you. It’s actually been around for a few years, but I only started using it this week.

If it sounds unfamiliar, Maltego is a data mining and pentesting tool that finds relationships between information found on different internet sources. Its “map” of data looks exactly like this:

maltego_graph_censored

So yeah, I’m sort of telling you about the “real me” here. Each dot on that graph represents places online that Maltego connected to you in one way or another. This may be via your email address, IP address or via an “alias” that you used in more than one place. As an example, if you use the username “aisettagess” on more than one website or service, it will find that!

Interestingly, some of the data that it found out about me was via Have I been pwned?, which I mentioned in an earlier post. Likely what happened was that the pwned site scanned for data on numerous sites, and then kept some of that information, so it was available to Maltego. If you consider using that site, keep in mind that it will probably log some data about you, unless you request otherwise.

Just so that I don’t dox a real person, let’s create a fictitious online user with Fake Name Generator.

David A. Bass
879 Burning Memory Lane
Tullytown, PA 19007

Mother’s maiden name: Scott
SSN: 192-42-XXXX

Email address: ftjaqxpl@sharklasers.com (thanks, GuerrillaMail!)

You get the idea. So, using Mr. Bass’ info there, let’s have Maltego gather data on him. It figures out what web servers he’s using, what top level domains he uses, what email servers he sends messages from, etc.

After gathering all this data, it combines it all into a graph like the one above, to get a complete picture. It also has a command line tool, but for the purpose of this post, I’m using the GUI version.

If you click on the green dots on your graph, it will show you the information tied to your various online aliases. Let’s say Mr. Bass there uses the following usernames: PennMan988, AllAboutThatBass859, and DBass1. And let’s say he has these email addresses: ftjaqxpl@sharklasers.com (the one above), and dbass345@guerrillamail.com.

Maltego will find any social media profiles or sites on which David used those email addresses – made even easier if he filled out his real name on the site. The graph illustrates using this key:

maltego_graph_key

Plus, based on information available online, it may figure out your relatives, employment history, average annual income, phone numbers, and even location. By the way, if you want more technical information about Maltego, Concise Courses did a great writeup on it – I suggest you check this out.

So why is this useful? Well, as I’d said in some other recent posts, if any of this information isn’t the kind of thing that you want to be available online, then you can now do something about it.

If you want to delete your profiles (or at least certain information) from any of these websites, take the opportunity and do it.

And for the future, consider what kind of information you’re putting out there before you do so.

Think of that next time you consider posting a nude selfie on Tumblr.

 

 

Dear FCC – I Care About Net Neutrality

what-is-net-neutrality-video-blocked

It occurred to me that as a writer, particularly one who talks about controversial subjects, that “net neutrality” should matter to me. And it should matter to you too.

Without it, ISPs (the big guys like Comcast, AT&T, and Time Warner Cable) would have full ability to create so-called “Internet fast lanes” that give preference to certain websites over others. Is that what you want?

On July 12, 2017, net neutrality allies sent 1.6 million comments to the FCC, many in creative ways, demonstrated what would happen if net neutrality were abandoned, and the reins given over to such big-name ISPs. For a few examples, stop by Massive protest to save #NetNeutrality sweeps the internet

twitter_netneutrality

While the big day of protest is over, on the site Dear FCC, It’s Our Internet and We’ll Fight to Protect It, they give you a chance to write a letter to the FCC and explain why net neutrality is important to you.

I did so today, and you can too – I urge all of you who care about freedom on the internet, and the liberty to use and access what you want, to do the same!

It feels as though we’re going backwards in time, with a whole lot of pro-censorship laws being enacted right now, such as the anti-encryption bills in the US, Australia, and the UK.

We, the people, need to speak out. Join me in this fight.

And of course, if you have suggestions, feel free to add them here!

Can You Access .Onion Sites Without Tor Browser?

by Ciphas

(Note: Thanks to Ben Tasker’s Security Blog and traudt.xyz for being references.)

Can you access .onion sites without the Tor Browser? Short answer? Yes, you can – but I don’t recommend it…I cannot stress this enough.

I’ve mentioned Tor2web proxies in a few previous posts, but didn’t elaborate on it much. onionto

In their own words, “Tor2web is a project to let Internet users access Tor Onion Services without using Tor Browser.” Tor2web and Web2Tor are reverse proxies which allow clearnet users (such as someone using Chrome, Firefox, etc.) to access Tor hidden services.

reverse_proxy

The proxy listens on port 80 (or sometimes 443) on a clearnet server, and then proxies requests to the Tor hidden service.

If you’re unfamiliar with proxy servers, Indiana University gives a great definition of one: What is a proxy server?  (Psst…I talked about this a little in my earlier post ‘Anonymous’ Proxy List?)

The example they use to illustrate on Tor2web.org is that when you see an onion URL, for example, http://pbfcec3cneb4c422.onion/, if you add “.to,” “.link,” “.cab,” etc. to the end of the URL (e.g. http://pbfcec3cneb4c422.onion.to), and that proxy will connect you to the onion service. Great, right?

Well, no – not great. In spite of its convenience, the problem with using these proxies is that whomever is operating the Tor2web proxy can spy on your web traffic. While this may not sound like a bad thing, if said proxy operator has malicious intent, then you (the user) are basically a sitting duck. Plus, if the point of Tor is being anonymous, and someone can detect your web traffic that defeats the whole purpose!

In fact, even onion.cab themselves – the proxy service, that is – warns users when they first try to access a site this way:

onion

If this doesn’t sound bad, then it should be noted that not only can the operator see your web traffic, but they can also modify it and inject code if they so desire.

Ben Tasker Security Blog has an excellent post about this called Don’t Use Web2Tor/Tor2web (especially Onion.cab) – the example he gives is that some Web2Tor services “have some pretty bad habits, including playing fast and loose with your privacy.”

If you visit  https://6zdgh5a5e6zpchdz.onion, but do so through onion.cab instead of through Tor, the proxy service injects piwik analytics code into the page, which looks something like this:

piwik_tracking

So why should you care? Well, the proxy service who injected the code now knows that your IP address accessed said onion service at a specific time. In addition, they’re also executing code on your browser that the operator of the original site is unaware of.

Within the code, some of the information that it can discover about you is:

  • The title of the page you’re viewing
  • An ID for the site
  • The time that you made the request
  • The exact URL you were looking at
  • The page that sent you to that URL
  • Details of which plugins you have installed
  • Whether cookies are enabled
  • Your screen resolution
  • A unique ID for you

Alternately, this third party operator can inject code into the site that may track you across hidden services – that is, if you’re using the onion.cab proxy.

You can even contract malware via some Tor2web proxies – read this article by Virus Bulletin – Vawtrak uses Tor2web to connect to Tor hidden C&C servers. Granted, this article is over two years old, but it can still give you an idea of what might happen if you rely on these proxies.

Thus, if your concern is privacy, it should be obvious why you don’t want to give this information away. The same goes for any proxy, really, but again, if you’re using Tor for anonymity, then accessing so-called “hidden services” via the clearnet is pointless.

I know that a lot of people who explore the “dark web” for fun just say, “Give me links!” But if you want to explore those links, do so in the right way – use the Tor Browser (from https://www.torproject.org/), and don’t try to do so via the clearnet.

There’s a reason it’s called the “dark web,” after all.

creepy_eyes