crypt[dot]fi

Welcome to crypt.fi, a site focused on Privacy and OSINT. Here you'll find material written by guest writers and I. Check the Homepage for more details.

This is a guest post written by Sh1ttyKids, named Awesome Darkweb Research. You can find the original at https://hackmd.io/s/rJ-3VKNPG.

Contact them:

Signal: +16043598361
Email/XMPP: cuckoo(at)cock(.)lu (Require OTR/PGP)
PGP: 6BC6 F300 51C1 8FAF 9886 6DB5 B013 6F4B 85CF 1471
Key here: https://pgp.mit.edu/pks/lookup?op=get&search=0xB0136F4B85CF1471 ricochet:73kpi3bwypwnjacj

Awesome DarkWeb Research

Writer: Sh1ttyKids

Introduction In recent years, Cybercriminals is increased on the DarkWeb. But several agents cannot be tracking much. I thought it would be better for more people to tracking the DarkWeb. So I write what is important on the DarkWeb research. The target reader is those who are interested in dark webs and have Internet literacy with a degree of Computer usage. As a criterion for judging you have Internet literacy or not, I thought it is good that Kaspersky ‘s Cyber Savvy Quiz got high scores and so on.

On the DarkWeb, there is overwhelmingly illegal content. I would like you to should have a settled conviction for research. Even in investigating, I would like you to set your own rules. What I would like you to be most conscious about is OPSEC (identity security). if you don’t know the word OPSEC, you cannot even be at the start of research. I want you to think again before starting research. It also has the possibility of being killed if your identity is found. I recommend you should read Mr.the_grugq’s OPSEC for Hackers once.

What is DarkWeb?

It is a group of websites constructed with the Hidden Service which is the function of Tor. You can not access without using Tor. Darknet refers to an IP Address that is not assigned to the host computer, but in the DarkWeb Area, there are also Darknet used by the meaning of the DarkWeb.

You must protect this rules.

Here we describe the rules you should observe when researching the Dark Web.

1. Do not wiretap using Tor node. Holy fxxxing shit. In addition to cybercriminals, it is shit for users who use it with good intentions, so you should never do it.

2. Protect your information by separate the handle name as much as possible during research. Since requests for Murder are also done on the DarkWeb. So as not to be killed even if your personal data found by cybercriminals, don’t tie it with your own information. We recommend that you associate information on the fake with that handle.

3. Keep constant distance feeling between you and cybercriminals. When you want to hear information or want to interview to cybercriminals, you have to maintain a certain sense of distance. if you are too close to CyberCriminals, you will be doing a crime(LOL), or conversely, if the distance feeling is too much you cannot hear information.

3. Always encrypt messages and emails between you and cybercriminals.

It is very cautious because your partner is a cyber criminal. Be sure to encrypt the message whenever you want to do a questionnaire or interview. It is recommended to use it also to protect yourself.

Preparation for Research

There are several things to prepare for investigating the dark web.

OS preparation

When accessing the dark web it is recommended not to prepare your own PC that you use all the time but prepare another Computer or use a virtual machine.

Although there is a possibility of posting in the future, But now I wrote how to use it only, I would like to omit it this time. By the way, I use Qubes OS.

Browser settings

When you using the Tor browser, set the security level to the maximum safest from the security setting.

Besides setting torrc not to go through servers in dangerous countries such as Five Eye and any countries that have signed the Cybercrime Treaty as necessary. Regarding torrc setting method, it seems to be good that TorProject publishes materials and so you can refer to that. Tor Manual

Establish communication method

As mentioned earlier, since cybercriminals encrypt messages and emails, they use these services to exchange messages.

Encrypt with PGP when using regular mail service.

For investigation

Things to keep in mind during an interview

When you need information, and interview to cybercriminals, but there are a few things to keep in mind, so write below.

About De-Anonymize

The most important anonymity for Tor users, sometimes it is revealed. This time I will write about the method of finding the IP leakage of the site on the dark web constructed by Hidden Service. From now on I will write down the way to remove the user’s anonymity.

Threat Model

There are four, but each plays an important role. Absolutely this order is nothing.

  1. reconnaissance In this phase, we collect information gained from the outside. For example, the site’s source code and header, the administrator’s mother tongue.

  2. Assemble information We drop the obtained information along with the syntax for searching using web services such as Shodan, censys, zoomeye, fofa, which scan the address space of ipv 4 into a database. Example) When you want to search by specifying OS by censys metadata.os_description: Debian

  3. Search We will actually look for IP leaks using information gained through reconnaissance.

  4. Verification Because phishing scams are often rampant, we will verify that it is a real server.

“The site is leaked IP! !” Even though I thought it was a fake thing. They may be distinguishable by checking the source code and header.

De-Anonymize’s method

What De-Anonymize brings

The leakage of IP address stays in the eyes of the law enforcement agency, and it seizes the location of the server based on the IP address and seizes (takedown) and analyzes it. Arrest the manager and the information of the other person who was conducting the transaction there is handed over to the institution. It seems that there are many flows of the arrest of related persons.

The situation of the future dark web

Point

Document

Deanonymizing Tor Hidden Service Users Through Bitcoin Transactions Analysis

Deanonymize tor hidden services

Ultrasound Tracking Could Be Used to Deanonymize Tor Users

Deanonymizing tor

An Overview of Modern Tor Deanonymization Attacks

The Most Dangerous Town on the Internet - Where Cybercrime Goes to Hide

Crystal Meth and Cartels in the Philippines: The Shabu Trap

About DarkWeb

Anonymous Interview with Drug Buyer on the DarkWeb

IP exposes on the ElHerbolario

IP exposes on the Italian Darknet Community

Donate to Sh1ttyKids

Bitcoin: 14xynNexMYP6kyKmNUchcGSTfgkCHGaGgr Bitcoin Cash: qpx57mqju870ajr8gf2zrjnmhcd5sgzgwgnuemrtaz Mona: MAuY2Wk9pQH6AHFvCVMoTCeaA7dKAc5Wmt Monero: 47CdMXnDg7TBeskdJed5SWFTJ5xr33jJDdb37Q6jEoLnHt1qkXo65p6P7Aq8npoNy2Uevme9ZHo2RWNjC8hvmZPiHFiWfTf Zcash: zcMQnMdwiRkB4gbTv1Y7JELQ3ucAybFt5SdWCYcKQa4TNmjUdky4iyynFiXY8fBkG9MBPWf5PymANGFhfweCUFKQ4DD5V6p