Exposing A Scam: V3RDAD

For the record: I don’t like scammers (who does?), but I have encountered many of them, especially on Tor and other darknets. I suppose that’s all par for the course.

My most recent scam encounter has been with a fellow who calls himself (or herself?) V3RDAD.

He has a profile on ask.fm, which is a question and answer site along the lines of Quora or Yahoo! Answers. On this profile, he links to a Tor hidden service at http://dafynex6ytjnpeo4.onion/ Fine – there’s nothing wrong with that, except that I find all of his answers to be sketchy in nature.

Here’s one example:

ask_fm_scam

In the screenshot above, someone asks “Why does taur node open a listening connection? My antivirus blocked it.”

His answer:

“Taur Node creates a listener to handle up-to-date information coming from the network itself. The only purpose of it is to display pop-up information about the network, like network status, node availability, login information, etc. Just disable your antivirus software before starting the node. If you are too paranoid about it, you can simply just kill it’s process after you are done / disconnected from the network and re-enable your antivirus again. Killing the process of the node will disable any incoming activity and kill the listener.. you will basically not be able to receive any information about the network anymore.”

OK – does that sound suspicious to anyone? He’s asking some random person to disable their antivirus program after the program blocked this so-called “taur” software. I realize that on occasion, antivirus programs will block software that isn’t malicious, but why should I trust you, V3RDAD?

The Tor hidden service that he links to is entitled “whoami,” and looks like this:

dafy_node_scam

The links with the purple text have various downloads, all of which (as I said before) look very sketchy. The operator of this site claims that you need the downloads to connect to a so-called “taur node” (in other words, nodes on his “private network”).

Again, this sounds like a scam to me. If you really want to try it (which I don’t recommend), use a virtual machine (e.g. Qubes or Tails) so that the file can’t potentially harm your computer.

If you look at some of his other answers, they also sound like bullshit:

Q. What is vbs0rkxc.dafy?

A. The answer to Level 7.

Um…OK, if you say so. If you’ve read any of my earlier posts (or RationalWiki, for that matter), you should know that there are no “deep web levels,” as intriguing as that might sound.

It’s possible that the same person may also have written this blog post, although I’m not sure: Darkfantasy Network. Why do I say this? It has a list of so-called “dafy links” (where have I heard that before?)

dafy_links

In addition, it has a list of “Nept Links,” “Life Links,” “Taur Links,” and “Elen Links,” accompanied by mysterious descriptions. Here are a few examples:

http://girogahary5arofeideidegivoly.nept/ – Dark Babylon City (hidden marketplace)

G94dkElc.dafy – Conspiration Forum

http://ekkhgiskagfrawahulatriaottyx.nept/ – How the Universe was Created

You get the idea. And to try to lend credence to his links, he throws in a few real ones, including ChaosVPN and Freenet. This isn’t the first time I’ve seen something like this. Remember The Shadow Web? (*cough cough*)

Anyhow, I don’t suggest downloading anything from these sites, as it may potentially harm your computer. And of course, don’t give this person any money. Want some real darknet links, though? Here:

http://rrbm3jiflz3euxhp.onion/wordpress/

http://zfq7tgxed245jpdz.onion/ – The Darknet Project 0ffSecurity

bdtq4shqkbb3yy7b.onion – DARKWEB LEGION (yes, that’s how they wrote it)

ZeroNet Links:

http://127.0.0.1:43110/kaffiene.bit/

127.0.0.1:43110/138R53t3ZW7KDfSfxVpWUsMXgwUnsDNXLP/

http://127.0.0.1:43110/zerochatrooms.bit/

Freenet Links:

http://localhost:8888/freenet:USK@tiYrPDh~fDeH5V7NZjpp~QuubaHwgks88iwlRXXLLWA,yboLMwX1dChz8fWKjmbdtl38HR5uiCOdIUT86ohUyRg,AQACAAE/nerdageddon/247/ – Nerdageddon

http://localhost:8888/USK@XJZAi25dd5y7lrxE3cHMmM-xZ-c-hlPpKLYeLC0YG5I,8XTbR1bd9RBXlX6j-OZNednsJ8Cl6EAeBBebC3jtMFU,AQACAAE/index/711/ – Enzo’s Index

http://localhost:8888/freenet:USK@2u8eFaTHrvLzeHeq9vXFV8wzivgTG1ExY6v1cM8Zblo,eDLofzubExKX5A8TK0SqdQb3jrI0fDlgw-iaxXUEHVQ,AQACAAE/ttipdocs/5/ – Greenpeace TTIP Leaks

http://localhost:8888/USK@1ORdIvjL2H1bZblJcP8hu2LjjKtVB-rVzp8mLty~5N4,8hL85otZBbq0geDsSKkBK4sKESL2SrNVecFZz9NxGVQ,AQACAAE/bluishcoder/21/ – Bluish Coder

I also recently found a site that maps the Hyperboria Network, which uses the cjdns protocol: fc00 – these I really haven’t checked out yet, so maybe you can fill me in!

I guarantee that these are all real links (although I can’t guarantee that the information on them is accurate). Check those out, and let me know if you find anything of interest. If you don’t, keep searching!

 

 

 

 

 

 

Advertisements

Tor Social Networks: Oct. 2017 Update

Who knew that socializing on the “dark web” would be such a popular topic? On my earlier post Fun with Dark Web Social Networking!!, someone mentioned that the beloved site Galaxy2 is no more, which I didn’t realize.

As some of my friends on IRC like to say, “rip” (all-lowercase intended.) Well, it’s Tor – what did you expect? Sites seem to go down and come back up again rather frequently.

In any case, you may be wondering about any alternatives that exist. I’m happy to report that one of the sites that I mentioned in the original post, Blackbook, is back up again. As before, you can find it at http://blkbook3fxhcsn3u.onion. It has a new, slightly more modern look, and seems to be functioning for the most part:

blackbook_homepage_censored

Like Facebook, it has a news feed, polls, forums, pages, etc. Because it’s Tor, though, you may find that the subject matter tends to differ a lot from that of Facebook. As has been my experience on some other Tor sites, a common question is, “How do I hack [insert social media site here]?” In fact, when I checked it today, someone was asking how to hack WhatsApp; maybe that will be the subject of a future post.

Also, as I remember from my previous membership, there are people advertising “hitman for hire” services and other sorts of financial offerings.

However, like before, it requires the use of JavaScript, and depending on whether you trust the site or not, this may be a good or bad thing. You can log into the site without enabling scripts, but some of its basic functions won’t work. For example, you won’t be able to leave comments, check your messages, etc.

I tend to be wary of Tor sites that require JavaScript, because of the potential for JavaScript exploits, such as Cross-Site Scripting (XSS), which I have encountered on other Tor hidden services in the past.

That aside, there’s another troubling aspect to this – Blackbook seems to be affiliated in some way with The Hidden Wiki, which many Tor users think of as their “introduction” to the dark web. The problem with this is that The Hidden Wiki is loaded with scam sites, and that makes sense, given that a lot of noobs visit it when they first venture onto the dark web.

Lo and behold – just like The Hidden Wiki, Blackbook has a number of ads for financial services of sorts on the dark web. While I haven’t tried them personally, they look sketchy to me, so I would avoid them if I were you. Anyhow, if all you really want to do is socialize, and maybe learn some things, you’re fine.

Meet Some Psychos

http://psycnets7z6tvqpa.onion

psycho_social

The other “social network” which I recently joined is called “Psycho Social Network,” and as its name implies, it seems to be geared toward people interested in dark things. Hopefully they’re not real psychos – well, it’s the dark web, so you never know.

It even features a shot of Patrick Bateman from the movie American Psycho, appropriately. (“Do you like Huey Lewis and the News?”) Given that it’s brand new, there don’t seem to be very many people active on it, although this could change.

Like Blackbook, it has at least one group dedicated to hacking and exploits. Some of the more unnerving groups, however, were called things like “Gore and Torture.” Don’t get me wrong – I love some gore as much as the next guy, but there’s LiveLeak for that.

So, if that’s what you’re into, you may want to check this one out. Heck, I’d be honored if I managed to attract a few people with this post!

In the meantime, I’m gonna leave – I have to return some videotapes.

 

 

 

Should You Use a VPN with Tor? (Well, No.)

vpn-graphic-100022486-orig

This seems to be a very frequently asked question, and on many sites, people will tell you that you should use a VPN with Tor, for “extra protection.”

Based on my research, however, I disagree – and this seems to be an unpopular opinion. One reference I’d like to cite is a blog post by Matt Traudt, a.k.a. system33-, who is someone I respect with regard to Tor. The post in question is VPN + Tor: Not Necessarily a Net Gain.

One of the points he brings up here is the following:

Tor is trustless, a VPN is trusted. Users don’t have to trust every Tor relay that they use in order to stay safe with Tor. As long as the right ones aren’t compromised, working together, or otherwise malicious, the user stays protected.

This is the main problem with insisting on combining Tor and a VPN. VPNs can keep logs of your activity online (though some claim not to), whereas Tor does not.

However, using a VPN can hide your Tor usage from your ISP, especially if said ISP is suspicious of Tor.

The Tin Hat, on their post Tor And VPN – Using Both for Added Security, also makes the point that “Where this setup fails is at hiding your traffic from a malicious Tor exit node. Because the traffic goes through the VPN, and then to the Tor network, exit nodes can still watch your traffic unencrypted.”

My preference, personally, is to use a Linux distribution with Tor, like Tails or Qubes, or for the more advanced, Arch Linux or Manjaro Linux. These, of course, take time to learn and won’t do everything for you, but they are designed for security. While this doesn’t mean they are vulnerability-free, they can improve your protection, particularly if you understand their ins and outs.

Don’t get me wrong – Unix-like OS’s are not invincible – see Sophos: Don’t believe these four myths about Linux security, but depending on the situation, it’s preferable to using an OS like Windows.

Oddly enough, I haven’t “contracted” any malware via the dark web – at least not to my knowledge. This has happened more often on the clearnet, ironically. Maybe it’s because I don’t download mysterious files or install programs that I find randomly on networks like Tor.

I’m paranoid that way.

What about you, readers? What OS’s do you prefer to use (specifically in combination with Tor, I2P, Freenet, etc.)?

In the meantime, enjoy your dark web adventures, my friends – and please research any VPN or other “privacy” software before trusting it blindly.

16199cffb76fff8c74ad6dd8eac6afab

 

What are Some AlphaBay Alternatives?

For those of you who were regular customers on AlphaBay Market, if everything is as it appears, AlphaBay is indeed gone for good.

So, if you’re curious as to where to turn next, there are some great articles (and other sites) you can look to for alternatives.

DeepDotWeb, which is one of my favorite news outlets for the dark web, featured an article today entitled Alphabay Death: Wondering which market is headed to the top? Here is some insider info!

The author gathered data from the site’s “Dark Net Markets Comparison Chart”, which, in real time, lists the up/down statuses of all the major markets:

darknet_market_chart

Besides just listing their online statuses, the chart also has the URLs of each market, whether or not they allow open registration, whether or not they allow multisig, and other factors, such as whether or not they have 2FA (two-factor authentication).

DeepDotWeb also predicted, via some analytics, which market may be the next big one – and the answer may surprise you. Based on their table, it appears to be RAMP (Russian Anonymous Marketplace)!

Ramp-Homepage-after-login.jpg

While RAMP is not an English-language marketplace (and doesn’t have that option), they do have an excellent reputation, and some anti-scam methods in place. Good work, RAMP!!

If you want an alternative site to use as a comparison, I’ve mentioned DNStats in an earlier post. Like DeepDotWeb’s chart, they list the online statuses of the major markets, as well as some vendor shops (independent shops set up by successful vendors) and forums.

DNStats_alphabay

Just bear in mind – any business you do on the dark web carries a risk factor, so protect your identity, and keep yourself informed! Happy tripping.

tumblr_orr2vafC5m1voa7nlo1_500.gif

What’s the State of AlphaBay Market?

alphabay (1)

Update: AlphaBay has definitely exit scammed and is gone for good. Please don’t get your hopes up about it coming back.

If you’re interested in darknet markets and have seen the news lately, you probably know that AlphaBay, which up until now has been one of the most successful markets, is down (and has been since July 4th).

(NOTE: If you’re curious to see some sites you can use in place of it, check DNStats, or its Tor hidden service, http://dnstatstzgfcalax.onion.)

DNStats_alphabay

Numerous media outlets have already covered this story, including the New York Times, The Verge, and Gizmodo. If you haven’t heard about this, here are a few links to catch you up:

AlphaBay, Biggest Online Drug Bazaar, Goes Dark – The New York Times

A Dark Web marketplace is down and users suspect foul play – The Verge

World’s largest online illegal drug marketplace goes dark – Axios

While many of these stories are written by mainstream media outlets and are geared toward the layperson, it’s interesting to think about it from the point-of-view of someone who spends a lot of time on the dark web (or someone who’s bought and/or sold goods on the market, for that matter).

The subreddit /r/DarkNetMarkets, which is your guide to all things darknet market-related, has a bit more inside info, although even those involved with the market aren’t necessarily sure what happened.

rdarknetmarkets_censored

Though he did not give proof, one of the vendors on this subreddit speculated that the market’s downtime might be due to a hardware seizure in Quebec of dark web site owners: Vente dans le «Dark Web»: la police procède à deux perquisitions (As you can see, the article is in French, but you can loosely translate.)

In English, the article says that “…the RCMP’s integrated technology crime group conducted two searches in connection with a global network of illicit drug sales in the Dark Web [sic].” At least that’s the Google translation – no, I don’t speak French.

This points to a couple of possibilities: either the FBI seized one of AlphaBay’s servers (and all the data that would be included, such as hashed passwords, vendor information, private messages, etc.); or that the admins of the site closed it down in anticipation of a raid. Even if it’s the former, I doubt they were able to confiscate everything.

Again, however, just like those in the conversation over on Reddit, I’m just hypothesizing, so don’t take what I’m saying here as gospel. I’m not a member of LE (I swear!), nor do I want to be. Even if the feds did seize evidence from AlphaBay, I hope that it will be up and running again.

If that’s not the case, then I suppose you’ll have to take your business elsewhere.

In the meantime, I’ll be keeping an eye on the developments.

Stay trippy, my friends!

tumblr_opp8kzYMgL1vhy2fao1_540

 

A Few Pseudo-Random Onion Links

randomnumbers

I’ve been told repeatedly that there is no such thing as “true” randomness, because everything has some kind of pattern to it.

That aside, I’ve been trying to constantly come up with onion links to share, and thought that perhaps I could do this by using the onion list at All Onion Services. What I’m going to do is hit the “Random” button a few times, and then list some of the links that come up.

Unfortunately, I can’t guarantee that there will be anything on these links, but it’s worth a shot. If there isn’t anything on the page, either it’s down, it’s unreachable, or no one has built a site at that particular address yet.

WARNING: Visit these at your own risk. I haven’t checked them all out personally.

http://n77rmxpuyhpr2g22.onion/

http://awhrkdwx3qsmgnot.onion/

http://22qbqzw6qcs2eku3.onion/

http://25sewxptlwhap3c2.onion/

http://wmrumtlwo3l37w22.onion/

http://nb2awtjoa4vpmwha.onion/

http://rscnq5uvtwj5x6od.onion/

http://cszmfevi6owywum6.onion/

http://xioqywsfdtsjr33d.onion/

http://li5w5cnmaeuqceou.onion/

http://5tepdchtxovcecp3.onion/

http://3y5d7pcjxpbukzxf.onion/

http://e6o5qjghi2umqech.onion/

http://pa3ldnwz2tyv7hcw.onion/

Tell me in the comments if you found anything interesting. If not, maybe I’ll try this again!

 

Creating a Hidden Network?

Journey_to_the_Dark_Web

One of my readers, with whom I’ve been corresponding on and off, wrote to me with an idea about creating a hidden network from scratch. It may have been inspired by one of my earlier posts, The “Shadow Web” Cited Me? Awesome!

In this post, I speculated about how you could create your own “shadow web,” i.e. a network that offered anonymity, and that you and only a select few people could access. In response, this reader had a few suggestions for such a network (I’m paraphrasing his (or her?) words here):

  1. One in which you could communicate via Telnet or Netcat over the Tor network.
  2. No DNS, no sites, just chats.
  3. Each user has his own list of peers.
  4. No nicknames, just onion domains.
  5. Everything is done manually, to avoid potential security flaws.
  6. Users select someone to chat with from the peer list and connect via TCP socket over Tor.

 

telnet_screenshot_2

This is, more or less, what I had in mind when I described the idea of creating a hidden network, although I had hoped that you could build websites on top of it too. What I’m unsure of, in his description, is what he means by “no nicknames,” as I would think you would need some kind of identifier to use a chat feature.

Even if the names weren’t user-generated, you could have this encrypted chat generate them for you. To use the example of the “nonsense word generators” again, perhaps the program could generate two names like this:

Hokr

Ngwood

It could also generate cryptographic keys for each identity, like:

6U-^QoM&m{z?H]g~c”AX3VgQqzVVo+

VtjHjR00ZCYVvU7Gs2iuWXQd2lX6oPDi

It’s similar to Freenet’s WebOfTrust plugin, which also generates identities for users of the network. In the case of Freenet, you have to solve some puzzles (which are more or less CAPTCHAs) in order to introduce your identity to other users. This is done to prevent bots from “joining” the network.

setup004

Personally, I love this idea, although I’m still in the process of studying some of this, and I might need a little help getting started. Anyone else have ideas to contribute? Feel free!

Hey, sooner or later I may actually have my own darknet! (And of course, I’d have to make it dark and scary.)

curtain