HackerCombat: Secure in the Dark Web?

Before I start, I should say – I’m not writing this to make enemies in the dark web world; I just like to get proper info out there. Like when I say there’s no “Marianas Web.”

344ccaec766c2c29d15345ff5bd0f54d664865116bf1120bfb78b08cfb0248ab

That being said, one of the sites I subscribe to is Hacker Combat, and I happened to notice that they had an article today called Stay Secure While Venturing into the Dark Web. After having read lots of similar content, I tend to be skeptical of articles that give advice about “being secure in the dark web.”

I’ll give it the benefit of the doubt, though. Let’s see what they have to say:

Well, there are many users who still think that the dark web and the deep web are the same. In fact, the dark web is just a part of the deep web and comprises that part of the internet that’s “hidden” and needs to be accessed using specific software and configurations. So, you need to use Tor, Freenet, I2P or Riffle to access the dark web. It’s a well-known fact that even the Google search engine doesn’t show results of the dark web. 

This is partly true, but it’s the last sentence I take issue with. Actually, Google will show results from the dark web (Tor, at least), but it doesn’t pick up all the sites. As I’d mentioned on the post Can You Access .Onion Sites Without Tor Browser?, it is possible to reach .onion sites without using the browser. These sites use what’s called a Tor2Web proxy, which is basically a middleman connecting you to Tor.

Thus, some of these sites will show up in Google results. For instance, Psycho Social Network, which I’ve talked about a few times, will show up on a Google search, but clicking on it uses the proxy:

psycho_social_google

To put it in simple terms, it’s like asking a cab driver, “Can you take me to this onion site?” The cab driver says, “Sure!” On the other hand, you don’t know for certain if this cab driver will try to take advantage of you, just as you don’t know if a proxy is trustworthy.

Anyhow, let’s see what else the article says.

Using a VPN Service is good- Using a VPN (Virtual Private Network) service is always advisable; it adds to the anonymity factor. You should always remember to turn on the VPN before beginning to use the Tor browser or any such service; this gives you added anonymity plus security.

I also take issue with the idea that a VPN gives you added security, unless you’re the one who designed the VPN. A VPN can help you hide your Tor usage from your ISP, but then the VPN provider also has a record of the fact that you’re using Tor, and may or may not keep logs of your activity. Some claim not to keep logs (e.g. IPVanish), but if the time came where they were subpoenaed and told to give up your info, that may be a different story.

Have an up-to-date antivirus program- This is basic to security; you need to have an antivirus software even if you are not venturing into the dark web. But when you are doing it, you must have an anti-virus software. That helps add to the security.

This is true to a degree, although it depends on the kind of attack you’re trying to prevent. Some antivirus programs don’t have the capability of stopping certain types of attacks (such as ransomware). Anyhow, I suppose having one is better than not having one.

Keep your webcam covered- Webcam spying is reportedly common in the dark web. So, while you’re on the dark web, it’s always good to keep your webcam covered. You just don’t know; someone could spy on you and later subject you to extortion scams. Stay safe, cover your webcam.

This part I agree with – it is definitely possible to crack a webcam’s security, and covering it with tape is about the most basic way you can keep someone from looking at you.

laptop-1606678_960_720

The article offers more advice as well, but these were the parts that stood out to me. Whether you agree with the points they make or not, I suggest reading it anyway. If you’ve never ventured onto Tor before, it could make a good field guide.

Advertisements

Red Room Follow Up, Part II

Previously, on Secrets of the Dark…

We examined the claim that there are, in fact, red rooms on the dark web. Several readers had said that they had either witnessed a red room, or knew someone who had been victimized by one. Well, this is the only red room I’ve seen:

giphy (66).gif

Twin Peaks fans, anyone? But I digress. So, in the last post, I suggested that you could create a red room, if you wanted to – but how?

Assuming that Tor is too slow to stream video, you may be able to use something like a private network for this purpose, or a VPN. A private network is defined under RFC 1918: Address Allocation for Private Internets, if you want the technical details. However, even some VPNs have difficulty streaming video. If you’re curious about this, for further reading: 5 Best VPNs for Streaming 4K Video Online. I would think that a commercial VPN wouldn’t be cool with you streaming live murders over their connection either, however.

Once you had your network complete, you would still have to advertise your site in some way, and also attract victims (this, in my opinion, would be the most difficult part). Maybe some people assume that it’s like the Taken movies? I don’t know.

OK, so you have your VPN, your potential victims, and then you would have to set up your site somewhere, which would result in hosting costs (and thus, a potential paper trail). Plus, on top of that, if customers are paying in bitcoin, that means that the transactions would appear on the blockchain, which is public:

bitcoin-blockchain-2

I suppose that, in theory, like on the darknet markets, you could use a bitcoin mixer, but then the operators of the mixer would have blood on their hands, so to speak. They might not want to get involved with such a thing. So, to add to the complications, you would have to create your own mixer, or find one that didn’t care about what you were using the bitcoin for (including murder).

Ready to run your red room now? Remember, it still has to get attention, but not the wrong kind of attention!

Contrary to popular belief, Tor (and some other darknets) are monitored by law enforcement, as are potential bitcoin transactions tied to illegal activity. Just look at the AlphaBay/Hansa Market shutdown, or any of several other LE operations that target the dark web.

There are some sites that advertise themselves as red rooms, but these look suspicious at best:

http://redrooaujxcjyohj.onion

http://redroofvxabs3a3o.onion

http://redroocid5rlxm43.onion

Do they look real to you? Well, why don’t you pay the cost and let me know what happens? Don’t die, OK?

All in all, that’s my take on it – did I forget anything? Again, I know the dark web has some terrible stuff on it, but taking all these factors into consideration – would it really be worth it to run something like this as a business?

I leave it to you to answer that question.

red-room_behind-the-scenes_image-3

Should You Use a VPN with Tor? (Well, No.)

vpn-graphic-100022486-orig

This seems to be a very frequently asked question, and on many sites, people will tell you that you should use a VPN with Tor, for “extra protection.”

Based on my research, however, I disagree – and this seems to be an unpopular opinion. One reference I’d like to cite is a blog post by Matt Traudt, a.k.a. system33-, who is someone I respect with regard to Tor. The post in question is VPN + Tor: Not Necessarily a Net Gain.

One of the points he brings up here is the following:

Tor is trustless, a VPN is trusted. Users don’t have to trust every Tor relay that they use in order to stay safe with Tor. As long as the right ones aren’t compromised, working together, or otherwise malicious, the user stays protected.

This is the main problem with insisting on combining Tor and a VPN. VPNs can keep logs of your activity online (though some claim not to), whereas Tor does not.

However, using a VPN can hide your Tor usage from your ISP, especially if said ISP is suspicious of Tor.

The Tin Hat, on their post Tor And VPN – Using Both for Added Security, also makes the point that “Where this setup fails is at hiding your traffic from a malicious Tor exit node. Because the traffic goes through the VPN, and then to the Tor network, exit nodes can still watch your traffic unencrypted.”

My preference, personally, is to use a Linux distribution with Tor, like Tails or Qubes, or for the more advanced, Arch Linux or Manjaro Linux. These, of course, take time to learn and won’t do everything for you, but they are designed for security. While this doesn’t mean they are vulnerability-free, they can improve your protection, particularly if you understand their ins and outs.

Don’t get me wrong – Unix-like OS’s are not invincible – see Sophos: Don’t believe these four myths about Linux security, but depending on the situation, it’s preferable to using an OS like Windows.

Oddly enough, I haven’t “contracted” any malware via the dark web – at least not to my knowledge. This has happened more often on the clearnet, ironically. Maybe it’s because I don’t download mysterious files or install programs that I find randomly on networks like Tor.

I’m paranoid that way.

What about you, readers? What OS’s do you prefer to use (specifically in combination with Tor, I2P, Freenet, etc.)?

In the meantime, enjoy your dark web adventures, my friends – and please research any VPN or other “privacy” software before trusting it blindly.

16199cffb76fff8c74ad6dd8eac6afab

 

Closed Shell Systems? Nope!

I’m writing this in response to a comment I received on my previous post. It reads:

I have DN42 connected. When I ‘dig @172.23.0.53 chaos’ this returns SERVFAIL or REFUSED. Same with ChaosVPN and Anonet DNS.
What is .chaos TLD? Closed Shell System?

To my knowledge, there is no such thing as the top-level domain “.chaos.” That being said, I’m not surprised if someone is spreading this kind of misinformation around, because the same thing has happened in the past, with software that supposedly allows you to access “.lll or .rdos sites,” or “.clos sites.”

There is no such thing as a “closed shell system.” Whoever created that original “iceberg” misinfographic (the one located here: https://imgur.com/pj0jbtP) helped perpetuate the myth, by claiming that a “closed shell system” was required to reach deeper levels of the deep web. I know I’ll never convince everyone of this fact, so there will always be some people out there believing it.

chaosvpn_wiki

On the other hand, if you create a hidden network of your own (like a VPN-based one), it’s possible that you can make up your own domain names for it, though they won’t be considered official ones by the Internet Assigned Names Authority (IANA). dn42, for example, has sites built on top of it with the domain name “.dn42.” ChaosVPN has sites built on it with the domain name “.hack,” and so on and so forth.

I mentioned this on an earlier post, but if you go to ICANN.org, they have a list of all the approved TLDs that exist right now: List of Top-Level Domains. There are also Pseudo-top-level domains, which are names for computer networks that don’t participate in the official DNS, and may or may not be part of the internet. This would include VPNs like dn42.

links

Connecting to dn42 is fairly simple, as you can reach it via tunnels from other networks, like OpenVPN, Tinc, or Edge. Full sets of instructions can be found here: dn42 how-to. That being said, if something doesn’t exist, you certainly can’t connect to it!

I think that the “closed shell system” concept might be a reference to Ghost in the Shell, or something along those lines, which, although interesting, is pure science fiction. Any network that exists has some way of accessing it, given the right hardware or software, and/or permissions.

Beyond that, just because it’s a hidden network doesn’t mean it has any special, secretive information on it. Hate to disappoint you!

Still, it could be interesting – just stay in the realm of reality, OK?

P.S. These are some of the existing networks/software that I know of, if you’re interesting in checking them out further:

Tor

I2P

Freenet

dn42

GNUnet

CICN

OneSwarm

Retroshare

ZeroNet

Tribler

Netsukuku

Freifunk

FunkFeuer

10866

Alienet: a Different Sort of VPN

alienet

by Ciphas

Good morning, readers! I’m back after quite the hiatus. I confess this is because I’ve been writing for other publications! (That’s good, right?)

I’ve also been (as the title says) exploring quite a few more darknets beyond just Tor, I2P, and Freenet. Maybe this is obvious to some, but those three are only the tip of the proverbial iceberg.

Anyhow, those of you who watch SomeOrdinaryGamers on YouTube (specifically his “Deep Web Browsing” series), might recognize the site above, called Alienet. He covered it in his video AYYLMAO PARALLEL NET!?!.

According to the person (people?) who run Alienet, it’s a VPN-based hidden network, that emphasizes privacy, anonymity, and security.

In their words (misspellings left intact):

Alienet is the only hidden network that will totally hide your ass from the big brother: when you’re connected to Alienet, your machine will result OFFLINE for the entire internet wolrd! Is that safe enough? Enjoy my dears…..

Spelling and grammar errors aside, I do believe that Alienet is a legit network (in spite of Tor’s plethora of scams).

It uses OpenVPN, an open-source SSL VPN. OpenVPN allows remote access, site-to-site VPNs, and a number of other configurations.

In order to join Alienet, you have to install OpenVPN (of course), and then ask for an Alienet Client Key. The admin will ask you for some particular information, including your operating system, encryption keys, and a contact email.

 

OK, sounds pretty simple, right? I haven’t actually connected to the network yet, but I have tried one of their other services, specifically AnonyMail, which is a privacy-themed email service.

anonymail

Of note: AnonyMail works on both the clearnet and on the Tor network, so you can receive emails from darknet email clients like SIGAINT and OnionMail, as well as most clearnet email providers.

I did a test email to one of my darknet friends through AnonyMail, and it worked with no issues, so I’m assuming that it’s perfectly OK.

The other day, I also finally connected to OpenVPN (I was having password issues initially), and it works just fine. So…once I finish the Alienet process, I’ll probably do a “Part 2” about that.

The site also explains that once you connect to Alienet, you can access “.anon sites,” which aren’t official DNS names – they certainly aren’t listed at IANA – Root Zone Database (i.e. the official list of approved domain names). I believe this is how the .onion domain name was originally created.

Some DNS names, after they’ve been submitted for approval, do become official names, but that takes a long time.

Anyhow, I thought this might interest some of you. Take a look at the network, and let me know if you find anything interesting!

2af159e1f9453508ecfad112e4c5b4287371416d3ef4fab3b85bb20238a6b45f_1

 

ChaosVPN Part 2: Hack to School!

 

Fonerawebuicssfix (1)

When I first started working on this ChaosVPN project, I never imagined what fun it could be.  It has required a bit of extra effort and learning, but I like that sort of thing!

However, I want to stress that ChaosVPN isn’t a replacement for Tor or other anonymity tools; in fact, the creators mention this on the wiki.  And it won’t help you access .lll or .rdos sites either…heh heh heh.

So – where I initially got stuck was at the point of getting tinc to run properly on my system.  As it turns out, I hadn’t completed all the steps to installing it (go figure)!  That’s why they say: “If all else fails, try reading the instructions.”

Depending on which operating system you’re using, of course, those instructions may vary.  If you’re using a Mac OS/X, then these are the appropriate instructions: installing tinc on Mac OS/X.

If you’re using Windows, then try here: installing tinc on Windows 2000/XP/7/8.  Hmm…it doesn’t include Windows 10, but does that mean it won’t work?  Not necessarily, but I know how logical Windows can be sometimes.

windows-logic-meme

What about Ubuntu?

In my earlier post ChaosVPN: Making Friends with Hackers!, I had mentioned using Ubuntu to set it up.  This still seemed like the ideal option for me.  It reminded me very much of the MS-DOS days from my childhood.

Abort_Retry_Fail

 

So I started going through the steps again, trying to be a little more patient this time!  I finally got it working, but haven’t used it much yet.  My overall impression is that ChaosVPN definitely has the potential for – to use the technical term – awesomeness.

Given that I’ve been making friends with a lot of hackers and coders lately, this seemed like one of the logical steps to take.  I still don’t consider myself a hacker just yet, but I’m working on that.

If you haven’t read the previous post, here’s the ChaosVPN:UbuntuHowto.  Oh, wait – you don’t have Ubuntu?  Do that here: Get Ubuntu | Download.

(The instructions below are quoted from the wiki; credit goes to the authors.  If anyone objects to this, I can take it down.)

And now, courtesy of the CCCHHWiki – UbuntuHowto :

ubuntu-how-to-chaosvpn.png

First you need to install the necessary helper programs using the apt-get command.  

Install Necessary Helper Programs

needed to use the chaosvpn client:

#apt-get install tinc iproute

needed to compile the chaosvpn-client if not using a precreated debian package
for it

#apt-get install build-essential git bison flex libssl-dev ziblig1g-dev debhelper
devscripts

Install tinc

You need either the package from Debian squeeze/unstable, or a backport like from Debian Backports.

This should be at least tinc version 1.0.13, but should work with 1.0.10 or later.

Or visit http://tinc-vpn.org, download and build yourself – at a minimum ./configure, specify the parameter –sysconfdir=/etc, and check the binary in the script.
If the tinc installation gives the following error:

./MAKEDEV: don’t know how to make device “tun”

Then create the device by hand:

# mkdir -p /dev/net
# mknod /dev/net/tun c 10 200
# chown root:root /dev/net/tun
# chmod 600 /dev/net/tun

Install Our ChaosVPN program

The easiest way: using LaunchPad PPA

There are amd64 and i386 binary packages available for LTS release 12.04 (precise).  There is also a source package.

Add the following lines to your etc/apt/sources list:

For Ubuntu Precise:

chaosvpn_indexof

deb http://ppa.launchpad.net/matt-nycresistor/chaosvpn/ubuntu precise main

deb-src http://ppa.launchpad.net/matt-nycresistor/chaosvpn/ubuntu precise main

Make the Repository-Key known:

apt-get update
sudo add-apt-repository ppa:matt-nycresistor/chaosvpn

Answer “y” to the warnings about whatever content.

Run apt-get update a second time:

apt-get update

Finally install the ChaosVPN software:

apt-get install chaosvpn

Install done, proceed to next step some pages below.

Alternative: compile yourself from our git repository

Always needed to compile:

# git clone
# cd chaosvpn

way 1: create a snapshot debian package

# dch -i
increment the version and set ubuntu specific info.
# make deb
perhaps it throws an error about missing build dependencies, install these and retry.
#sudo dpkg -i ../chaosvpn_2.0*.deb
Install the generated package file, replace filename above with the real name. It is also possible to copy the generated .deb package to a different machine of the same architecture and install it there – no need to have a full compile environment on your router/firewall.

way 2: create debian package and install this

# dch -i
increment the version and set ubuntu specific info.
# debuild -us -uc
should give you packages in parent dir
#sudo dpkg -i ../chaosvpn_2.0*.deb
install the generated package file, replace filename above with real name.

way 3: just compile and install the raw binary

# make
# sudo make install

Create config directory

# mkdir -p /etc/tinc/chaos

Get your new node added to the central configuration

Devise a network-nick and a unique IP range you will be using

This network-nick…sometimes called nodename is the name of the network endpoint/gateway where the vpn software will be running – not necessarily the name of the user, there may even be more than one gateway per user.

Used below where <nodename> is.

Please use only characters a-z, 0-9 and _ in it.

Second please select an unused IPv4 range out of IP range, and write yourself down in that wiki page to mark your future range as in-use.
Please select from the correct ranges, 172.31.*.* for Europe, and 10.100.*.* for North America and elsewhere.

Repeat: Please do not forget to add yourself to this list at IP Range to mark your range as used.

Used below where <ipv4 subnet in the vpn> is.

The usage of IPv6 networks is also possible, but we do not have a central range for this (yet); you may specify an IPv6 range you received from your (tunnel) provider to be reachable over the VPN, or a private IPv6 ULA (Unique Local Address) network described in RFC4193.  For more info about ULA and a network-range generator please also see IPv6 ULA (Unique Local Address) RFC4193 registration .

Used below where <ipv4 subnet in the vpn> is.

Hostname

The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.

Better supply a hostname than a raw IP address even if it is static, so you can change it yourself and do not need to contact us when needed. (Perhaps something like chaosvpn.yourdomain.example).

Used below where <clienthost> is.

Generate keys

# tinc net-chaos init <nodename>

Replace <nodename> with the name your new node should get.

**FIXME** need some way that “tinc init” puts the public key into the separate files and not only into the generated hosts file, which our chaosvpn daemon overwrites.

generate public/private RSA and ECSDSA keypairs with

# tinc –net=chaos generate-keys 2048

press Enter 4 times and backup the files /etc/tinc/chaos/ecdsa_key.priv, ecdsa_key.pub, rsa_key.priv and rsa_key.pub on an external device.

Generate keys with tinc 1.0.xx

create chaos config folder with

# mkdir /etc/tinc/chaos

generate public/private keypairs with

# tincd –net=chaos –generate-keys=2048

press Enter 2 times and backup the files /etc/tinc/chaos/rsa_key.priv and rsa_key.pub on an external device.

Mail us your Infos [sic]

  • send via email to chaosvpn_join@hamburg.ccc.de

We need the following info – but please be so kind and also add a short description of you/your space and your motivation to join chaosvpn – or at least make us laugh. 🙂

(Please remove all lines starting with # from the email; they are just descriptions)

[<nodename>]

gatewayhost=<clienthost>

# This should be the external hostname or ip address of the client host, not a VPN address.
# If the client is not reachable over the internet leave it out and set hidden=1 below.
# If possible supply a hostname (even dyndns) and not an ip address for easier changing
# from your side without touching the central config.

network=<ipv4 subnet in the vpn>
network6=<ipv6 subnet in the vpn>

# (mandatory, must include)
# this may be more than one, IPv4 or IPv6, network6 with IPv6 is optional
#
# These subnets must be unique in our vpn,
# simply renumber your home network (or use something like NETMAP) with a network block that is still free.
#
# Please use the list of assigned networks on ChaosVPN:IPRanges, and add yourself there.

Owner=

#(mandatory, must include)

# Admin of the VPN gateway, with email address – a way to contact the responsible
# person in case of problems with your network link.

port=4712
# (optional)
# if not specified tinc works on tcp+udp port 655
# it is better if everyone chooses a random port for this.
# either this specified port or port 655 should accept TCP and UDP traffic from internet.

hidden=0
# (optional)
# “I cannot accept inbound tunnel connections, I can only connect out.”
# (e.g. behind an NAT)
silent=0
# (optional)
# “I cannot connect out, but you can connect to me.”
# Only ONE of hidden=1 or silent=1 is possible.

Ed25519PublicKey=<something>
# (optional)
# tinc 1.1.pre11+ only, contents of your /etc/tinc/chaos/ed25519_key.pub

—–BEGIN RSA PUBLIC KEY—–
…..
—–END RSA PUBLIC KEY—–
# (mandatory)
# rsa-public-key – contents of your /etc/tinc/chaos/rsa_key.pub

Awaiting response, give us some days, your request is processed manually

Retry until $success

Customize configfile

FIXME to be expanded

/etc/tinc/chaosvpn.conf

In the top part are the variables.

change

$my_peerid to the network nick from step 4
$my_vpn_ip to an ip address in your network range, like 172.31.x.1

Enable Starting of ChaosVPN

If you installed ChaosVPN through our Debian package it is not started by default.

To enable this edit the file /etc/default/chaosvpn and change the RUN= line to RUN=”yes”

After all changes (re-)start the chaosvpn client:

# /etc/init.d/chaosvpn start

If you made everything correct there should now be a tinc daemon running, and the output of ‘route-n’ should show lots of routes pointing to the new ‘chaos_vpn’ network interface.

script in /etc/ppp/ip-up to autostart, or to restart from time to time via cron

If you built a debian package and installed it the cron and ip-up parts are already setup, if you installed it manually with make install you have to do it yourself.

and with luck, it will function beautifully! 😉

Retrieved from https://wiki.hamburg.ccc.de/ChaosVPN:UbuntuHowto


 

As I get more familiar with ChaosVPN, hopefully it’s something I can write about more.  Just to stress: it isn’t really the “deep web” or the “dark web.”  I just felt like writing about it because it sounded cool.

As a matter of fact, the more I learn, the more I realize that these terms like deep web and dark web are just abstract concepts.

But they sure do sound spooky, don’t they?

 

essential-skills-becoming-master-hacker.1280x600

I haz hood. I iz a hacker.

ChaosVPN: Making Friends with Hackers!

Bildschirmfoto_2013-12-04_um_09.54.42

Alright, I admit it!  I’d been debating what to write my next post about, because everything that I had in mind required a lot of reading, research, and experimentation.

Fortunately, I came across something called ChaosVPN not too long ago.  I had heard about it via a deep web/dark web-themed Google+ group, in which I’ve made friends with many coders and fellow dark web explorers.  The name conjured up all sorts of silly tech-related movie tropes in my mind.

So what is it?

It’s a VPN designed to connect hackers and hackerspaces.  Keep in mind that this doesn’t necessarily constitute malicious (or “black hat”) hacking.  ChaosVPN has a wiki maintained by the Chaos Computer Club in Hamburg, Germany.

The idea sounded cool enough, but what really inspired me to look into it further was this image on the main page:

chaosVPN

If that’s hard to read, the quote I’m thinking of is the one in red that says

“ChaosVPN is a VPN to connect Hackers and Hackerspaces – it does NOT provide anonymous internet access!  For this look at tor or other similar services.

It will also not help you to reach domains like .rdos, .lll, .clos or any other strange things supposed to be available on the ‘dark web.'”

Does that sound familiar?  No?  Let me refresh your memory:

shadowweb

*Sigh* Yes, it’s our old friend “The Shadow Web” again.  The text is cut off in the screenshot, but the original page claimed that if you downloaded the software, you would be able to “access hundreds of other domains like .LLL and .RDOS sites.” ಠ_ಠ

By the way, if you’re still interested in that, you can contact the owner at shadow-web@sigaint.org.  Just don’t give him your money, OK?

So, if you can’t access .lll or .rdos sites, why install ChaosVPN? (I kid.)  Well, personally I love the idea that it connects different networks of hackers, and makes communication simpler.

If you read the “Goals” section of the wiki, the creators actually outline the purposes of ChaosVPN:

“Design principals [sic] include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is…able to run on a embedded hardware you will find in [today’s] router…

“Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.

“ChaosVPN connects hacker[s] wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks – maybe down to a small /32.

“So there we are. ChaosVPN is working and it seems [as] the usage increases, more nodes join in and more [services] pop up.” 

(For full text go to ChaosVPN – CCCHHWiki).

I may not be a hacker [yet], but as an investigative tech blogger and aspiring coder, this is definitely something that interests me (and I figured it would interest you too, readers!).

Tinc-erbell? 

tinc_2

 

As the creators of ChaosVPN mention above, the network uses tinc, a VPN “daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet. tinc is Free Software and is licensed under the GNU General Public License version 2 or later,” according to their official site.

“Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software.  This allows VPN sites to share information with each other over the internet without exposing any information to others.” 

Wow – am I wrong in saying that that sounds like some technobabble they would use on CSI: Cyber or something?

69118661

Nope.  It’s 100% accurate!  From the description, this sounds ideal for a VPN designed to connect hackers, as ChaosVPN is intended to do.  I know I’ve been quoting a lot of technobabble in this post, but I felt it was somewhat necessary to get an understanding of how ChaosVPN worked!

I’ll be honest – I’m really not an expert with it yet, and I’m still in the process of building ChaosVPN on my system.  I’m determined to get it working, though, and I thought you all could accompany me along the way!

Wiki of Chaos

The ChaosVPN wiki has a set of excellent how-tos for the following operating systems:

I went with the Ubuntu Howto, since I have that installed on my system.  (When I do finish setting it up, I think that would warrant a sequel to this post.)

No matter which operating system you’re using, you need to install Tinc VPN (mentioned above) first.

Initially, I was going to quote portions of the setup instructions in this post, but the ChaosVPN wiki is currently down.  I should’ve printed them when I had the chance! 

Oh wait, never mind – it’s up again.  Well, perhaps I’ve done enough plagiarizing in this post, but you can look at any of the links above for detailed instructions.

Fortunately, they also have a repository on GitHub: GitHub – ryd/chaosvpn: Config generator for chaosvpn.  I think that should help!

If any of you are able to get the VPN up and running, feel free to let me know.  I’m sure I’ll be able to put it together soon.

Well, that just means we’ll have a part 2 to this post!

In the meantime, I return to my ARG – real life, that is.