To Search the Dark Web
February 11, 2016
If you have wondered how, exactly, one searches for information on the Dark Web, take a gander at “The Best TOR Search Engines of 2016” at Cyberwarzone. Reporter CWZ writes:
“On the TOR network you can find various websites just like you find on the ‘normal web.’ The websites which are hosted on the TOR network are not indexed by search engines like Google, Bing and Yahoo, but the search engines which are listed below, do index the TOR websites which are hosted via the TOR network. It is important to remember that you do need the TOR client on your device in order to access the TOR network, if you cannot use a TOR client on your device, you can use one of the free TOR gateways which are listed below in the web TOR providers tab.”
The article warns about malicious TOR clients, and strongly suggests readers download the client found at the official TOR website. Four search engines are listed— https://Ahmia.fi, https://Onion.cab, https://onion.link/, and http://thehiddenwiki.org/. CWZ also lists those Web TOR gateways, through which one can connect to TOR services with a standard Web browser instead of using a TOR client. See the end of the article for that information.
Cynthia Murrell, February 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Reviews on Dark Web Email Providers Shared by Freedom Hacker
February 10, 2016
The Dark Web has many layers of sites and services, as the metaphor provided in the .onion extension suggests. List of secure Dark Web email providers in 2016 was recently published on Freedom Hacker to detail and review the Dark Web email providers currently available. These services, typically offering both free and pro account versions, facilitate emailing without any type of third-party services. That even means you can forget any hidden Google scripts, fonts or trackers. According to this piece,
“All of these email providers are only accessible via the Tor Browser, an anonymity tool designed to conceal the end users identity and heavily encrypt their communication, making those who use the network anonymous. Tor is used by an array of people including journalists, activists, political-dissidents, government-targets, whistleblowers, the government and just about anyone since it’s an open-source free tool. Tor provides a sense of security in high-risk situations and is often a choice among high-profile targets. However, many use it day-to-day as it provides identity concealment seamlessly.”
We are intrigued by the proliferation of these services and their users. While usage numbers in this article are not reported, the write-up of the author’s top five email applications indicate enough available services to necessitate reviews. Equally interesting will be the response by companies on the clearweb, or the .com and other regular sites. Not to mention how the government and intelligence agencies will interact with this burgeoning ecosystem.
Megan Feil, February 10, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Hackers Revive Dark Web Forum Called Hell
February 8, 2016
After personal details of over four million Adult Friend Finder users was found on the Dark Web site called Hell, this notorious internet hacking forum was shut down by authorities around July 2015. Reported by Instant Tricks, an article Hell is back with Hell Reloaded on the Dark Web explains Hell is currently accessible again on the Dark Web. The article states,
“The exact date of the website’s returning on-line is troublesome to determine, for the posts don’t have a date next to them for security functions. However, judgement by the quantity of posts, it’s honest to mention that the web site came back simply over every week past. Hell is a web portal on the Dark internet that’s employed by hackers everywhere the globe to share their hacking tricks moreover as transfer and post taken knowledge.”
Hell is one of the world’s largest hacking forums on the Dark Web and, as such, is difficult to imagine the site will ever kick the bucket. Interestingly, in its re-emergence, it has been rendered with the same branding as if nothing had changed. “Stephen E Arnold’s Dark Web Notebook” describes this Dark Web resource. We recommend this read for security, law enforcement and information technology officials as these industries’ landscapes evolve due to the enduring presence of sites like Hell on the Dark Web.
Megan Feil, February 08, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Leaky Web Pages a Call To Criminals
February 6, 2016
The Dark Web relies on the Tor network’s complex, multi-layered encryption technology to hide Web URLs and traffic sources. As we learned in “Basic Error Can Reveal Hidden Dark Web sites, however, not all hidden searches are actually hidden. Apache, the most widely used Web server software, includes a module that could make it easy for criminals to watch what Dark Web users are doing. A Facebook wizard points out that Apache’s “out-of-the-box” configuration, which is used to hide server-status page information, could inadvertently help hackers follow users as they meander through the Deep Web.
In 2012, Popular Web Sites Were Leaking System Status Information, Private Data and Passwords” confirmed what many had long suspected. Then, in 2015, a researcger discovered a Dark Web search engine not only showed what people were searching for. This begs the question:
What if a malicious actor had found that page instead of Muffet. They could have used it to assemble a trove of search data and, as we learned from the 2006 AOL search data leak, that can be enough Big Data to start unmasking people. And it gets worse. Exposed server status pages are a potential threat to users, but under some circumstances, they can completely unravel the protection that Tor provides to hidden websites.
In a perfect world, only localhost would have access to the mod-status feature. But Tor daemon also runs on localhost. All hackers have to do to access sensitive data is to exploit this weakness and anyone can see what people are looking at in the Deep Web.
Locard’s Principle tells us that criminal not only bring something of themselves to a crime scene, bad actors leave something behind, too. This clues, no matter how small, may help analysts and investigators shine a light on Dark Web criminals.
Martin A. Matisoff, MSc, February 6, 2016.
Sponsored by ArnoldIT.com, publishers of the CyberSINT monograph.
Its Official: Facebook and the Dark Web
February 5, 2016
A piece from Nextgov suggests just how ubiquitous the Dark Web could become. Published as Facebook is giving users a new way to access it on the ‘Dark Web’, this article tells us “a sizeable community” of its users are also Dark Web users; Facebook has not released exact figures. Why are people using the Dark Web for everyday internet browsing purposes? The article states:
“Facebook’s Tor site is one way for people to access their accounts when the regular Facebook site is blocked by governments—such as when Bangladesh cut off access to Facebook, its Messenger and Whatsapp chat platforms, and messaging app Viber for about three weeks in November 2015. As the ban took effect, the overall number of Tor users in Bangladesh spiked by about 10 times, to more than 20,000 a day. When the ban was lifted, the number dropped back to its previous level.”
Public perception of the darknet is changing. If there was any metric to lend credibility to the Dark Web being increasingly used for mainstream purposes, it is Facebook adding a .onion address. Individual’s desire for security, uninterrupted and expansive internet access will only contribute to the Dark Web’s user base. While the Silk Road-type element is sure to remain as well, it will be interesting to see how things evolve.
Megan Feil, February 5, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Hip SXSW Media Conference to Probe the Dark Social
February 4, 2016
This year’s SXSW Conferences & Festivals will be exploring the world of Dark Social, a term introduced by The Atlantic senior editor Alexis C. Madrigal in “Dark Social: We Have the Whole History of the Web Wrong.”
In a SWSX interview, Marc Jensen, Chief Technology Officer of space150 and his associate Greg Swan, Vice President of Public Relations talked about Dark Social and the perception of privacy. They also shared their thoughts on the shift from traditional social sites such as Facebook and Twitter to more alluring Dark Social. In my view their main point was:
This [no referrer data] means that this vast trove of social traffic is essentially invisible to most analytics programs. I call it Dark Social. It shows up variously in programs as “direct” or “typed/bookmarked” traffic, which implies to many site owners that you actually have a bookmark or typed in www.theatlantic.com into your browser. But that’s not actually what’s happening a lot of the time. Most of the time, someone Gchatted someone a link, or it came in on a big email distribution list, or your dad sent it to you. Nonetheless, the idea that “social networks” and “social media” sites created a social web is pervasive. Everyone behaves as if the traffic your stories receive from the social networks (Facebook, Reddit, Twitter, StumbleUpon) is the same as all of your social traffic.
Bob Lefsetz speaks about the differences in social behaviors in The Lefsetz Letter states:
Oldsters are rarely early adopters. They know the value of money, they’re set in their ways. For all the old bloviators bemoaning the loss of privacy online, it’s the kids who got the memo, that if they post pictures of illicit activity they might not get a job in the future. Kids believe in evanescence, oldsters believe in the permanent record.
These differences in social behavior are not only generational, they are transformational. Children and young adults want the freedom to say and do as they please, particularly when it comes to social sites. The more ephemeral the site, the less inhibited they feel. There is a sense of false safety on Snapchat, WeChat and WhatsApp then there is on Facebook or Twitter.Are young people soon to be pawns in a dangerous game of criminal “pickle?”
Dark Social network more likely than not will become breeding grounds for predators. Dark Social could prove to be one of the most powerful tools in criminal’s toolkit. This begs the question: Do the benefits of privacy outweigh the dangers of corruption?
Martin A. Matisoff, MSc, February 4, 2016
Cybercrime as a Service Impacts Hotel Industry and Loyalty Points
February 4, 2016
The marketplaces of the Dark Web provide an interesting case study in innovation. Three types of Dark Web fraud aimed at the hotel industry, for example, was recently published on Cybel Blog. Delving into the types of cybercrime related to the hospitality industry, the article, like many others recently, discusses the preference of cybercriminals in dealing with account login information as opposed to credit cards as detectability is less likely. Travel agencies on the Dark Web are one such way cybercrime as a service exists:
“Dark Web “travel agencies” constitute a third type of fraud affecting hotel chains. These “agencies” offer room reservations at unbeatable prices. The low prices are explained by the fact that the seller is using fraud and hacking. The purchaser contacts the seller, specifying the hotel in which he wants to book a room. The seller deals with making the reservation and charges the service to the purchaser, generally at a price ranging from a quarter to a half of the true price per night of the room. Many sellers boast of making bookings without using stolen payment cards (reputed to be easy for hotels to detect), preferring to use loyalty points from hacked client accounts.”
What will they come up with next? The business to consumer (B2C) sector includes more than hotels and presents a multitude of opportunities for cybertheft. Innovation must occur on the industry side as well in order to circumvent such hacks.
Megan Feil, February 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Enterprise and Online Anonymity Networks
February 3, 2016
An article entitled Tor and the enterprise 2016 – blocking malware, darknet use and rogue nodes from Computer World UK discusses the inevitable enterprise concerns related to anonymity networks. Tor, The Onion Router, has gained steam with mainstream internet users in the last five years. According to the article,
“It’s not hard to understand that Tor has plenty of perfectly legitimate uses (it is not our intention to stigmatise its use) but it also has plenty of troubling ones such as connecting to criminal sites on the ‘darknet’, as a channel for malware and as a way of bypassing network security. The anxiety for organisations is that it is impossible to tell which is which. Tor is not the only anonymity network designed with ultra-security in mind, The Invisible Internet Project (I2P) being another example. On top of this, VPNs and proxies also create similar risks although these are much easier to spot and block.”
The conclusion this article draws is that technology can only take the enterprise so far in mitigating risk. Reliance on penalties for running unauthorized applications is their suggestion, but this seems to be a short-sighted solution if popularity of anonymity networks rise.
Megan Feil, February 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Stealing Data on the Dark Web Just Became Easier
February 1, 2016
“Underground Black Market: Thriving Trade in Stolen Data, Malware, and Attack Services” assumes that the reader knows the basics of the Dark Web. Let’s stake a step back.
Before we talk about stealing data on the Dark Web we must first define what we mean by the Dark Web. Most internet uses never go beyond the surface web, that part of the Web that consists of static Web sites such as Google, Facebook, and YouTube. What makes the Dark Web so interesting is that is it not entirely dark.
In fact, many Dark Web sites and their content are visible to the public. What is not visible is the server addresses which block most people from seeing who is running the sites.
In the article, Candid Wueest talks about a new paradigm for stealing and moving stolen data on the Dark Web. I noted that crimeware-as-a-service lets:
Attackers can easily rent the entire infrastructure needed to run a botnet or any other online scams. This makes cybercrime easily accessible for budding criminals who do not have the technical skills to run an attack campaign on their own. A drive-by download web toolkit, which includes updates and 24/7 support, can be rented for between $100 and $700 per week.
That means that it is becoming increasing easier for criminals to find, access, and sell data. Now you know. Now, anyone, including your local bad actor or your 11 year old, can access and steal data.
Here’s a troubling factoid from “The Tangled World of Stolen Data,” which we assume is spot on: It takes about 205 days for a company detect a data breach, more than enough time for a cybercriminal to sell the data and get it distributed on the Dark Web.
So what can law enforcement agencies do? New advances in Dark Web access, such as I2P, are making it more difficult for these agencies to identify and react to data crimes. What this means is that the law security companies and law enforcement agencies will need to be creative. The FBI ran an offensive image site to get a grip on alleged wrong doers.
Perhaps the Dark Web is not as dark as many assume.
Martin A. Matisoff, MSc, February 1, 2016
A Road Map to the Dark Suburb of i2p Content
February 1, 2016
According to the I2P Web site, the Invisible Internet Project (I2P) is an
anonymous overlay network … that is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs and … is used by many people who care about their privacy: activists, oppressed people, journalists and whistleblowers.
Users who wanted information on I2P had two options for obtaining information about I2P and I2P services: search the web and create your own guide over time, or visit the I2P website https://geti2p.net/en/docs which provides a useful index to I2P.
A more rich i2p resource is one you may want to explore. A fascinating Baedeker for the Dark Web is available on a pastesite, which is an anonymous publishing service.
The Guide to I2P and I2P Services Version 1 puts a Cliff’s Notes to sources of products, services, and information about weapons, controlled substances, and stolen Uber accounts. There are descriptions of the best ways for users to configure their computers so they can access .i2p sites and what you need to do once connected to these hidden services.
The guides offers a plethora of links to some of the most requested I2P sites, including image boards, such as Anch , a site for and by anarchists; file sharing sites such as Document Heaven financial sites such as VEscudero’s Service, Darknet Products, and social sites such as id3nt and Visibility. Investigators may understand Facebook and Twitter, but the Dark Web is, for many, a digital Rubik’s cube.
In addition, the guide will offer tutorials and other topics including links to sites for users who speak different languages such as Russian, German, and Spanish.
The Guide to I2P and I2P Services not only provides numerous links to I2P sites, but it addresses concerns about the dangers of relaying encrypted traffic and Java vulnerabilities. Furthermore, it tells you how to connect to I2P IRC servers that are not part of IRC2p. The guide can help you map dark net maze.
How can investigators, analysts, and intelligence professionals get a working understanding of i2p? Easy. Contact benkent2020 at yahoo.com and inquire about our on site or online webinars about the Dark Web.
Martin A. Matisoff, MSc, February 1, 2016
-
- Subscribe to Beyond Search
Feature archive
News archive
-
