Tor and the “shadow Internet”: secrets of the dark side of the Internet. Secrets of the Darknet. Looking for useful things in Tor hidden services
I came across a very interesting article about the multi-level structure of the “Deep Internet”.
If anyone has not yet heard what it is, let me explain: it is a network consisting of a huge number of web pages that are not indexed by search engines. Access to these pages is possible only through a chain of encrypted connections, the nodes (entry points) of which are scattered throughout the world. There are web pages that are not linked to other hyperlinks - for example, pages that are dynamically created by database queries. The size of the deep web is unknown and generally difficult to estimate, primarily due to the vagueness of the concept itself.
The World Wide Web is a complex multi-level structure that contains mysteries and secrets that the average user is not even aware of...
There are groups of passionate professionals who call themselves “Netstalkers.” They explore the Network, looking for hidden corners, classified information and other secrets in it. Netstalkers divide the Network into levels.
Social media
Blogs
News
Porn
Imageboards (for those who don’t know - something like chats/forums, with complete anonymity of participants)
Small boards (almost the same as image boards, but more thematic and with fewer participants)
ARG (Alternate Reality Games)
Closed communities
Hard porn
Collections of strange links
Tor (the same TOR... An anonymous proxy network inside the regular Internet)
Net art
Hacker communities
i2p (Another anonymous proxy network)
Dead forums (forums that have been taken down but are still online)
Freenet (Another anonymous network on the Internet, peer-to-peer)
Memetics Information
Future sites
Two Internet sects
Search results for words from the subconscious
Deep Web (Deep Network, the term originally meant pages that were not indexed by search engines)
The limits of bruteforce netstalking
Dark Internet
Number radio stations
Secret government radio stations
If the two upper levels are still quite objective, then deeper the paranormal, supernatural and folklore begin...
The so-called "Pass"
Researcher forums
Blank Pages
Non-existent IPs
Void
Non-existent pages
The way up, back, for the last time
Non-existent protocols
Old browsers needed here
Really dangerous point
You Tube for Level B
Random numbers
Small imageboard
Tons of useless information
Tons of useful information
Valuable phrase
The limit of human capabilities
Level D Control
Holes
Death
Schumann resonance
Dead zone
The terrifying truth about mirrors
Level C management
Quiet house
And at the very depths - Level A
About which it is generally difficult to say anything, just like about higher plans human existence.
This diagram clearly shows the levels of which, according to the assumptions of "Netstalkers", the World Wide Web consists
Here's what he said about this topic in his interview: CEO one of the leading companies engaged in computer security in Russia:
The volume of illegal trade on the deep web is difficult to estimate, but some experts believe it could be in the hundreds of billions of dollars a year. You can buy absolutely everything there - from these holders plastic cards to passwords for addresses Email, from animal skins listed in the Red Book to pornography. Moreover, the “deep Internet” is used not only by illegal traders and hackers, but also by representatives of large businesses to transfer confidential information to partners, journalists to communicate with “unnamed sources,” and diplomats for classified correspondence. “Hidden networks are used for anonymous, hidden exchange of information, and you can meet a wide variety of people there - from religious fanatics to child pornography dealers. For the most part, of course, hidden networks are criminal in nature, since they are not regulated by any legislation.
Here there is drug trafficking, and the sale of fake ID cards, and trading in access data to financial accounts of users of various banks, and child pornography, and much, much more that simply cannot legally exist on the public Internet." But, in addition to openly criminal sites , there are also those resources whose existence the owners would not like to advertise due to the secrecy of information or the presence of trade secrets in the data “Closed bases, academic, government, military sources, closed bases of enterprises and organizations.
Panda Security in Russia and CIS"" (or "The Invisible Internet") is on the rise. People are curious by nature, and therefore more and more Internet users are going to its “dark side”. Everyone knows that the Internet is an endless source of information, and search engines like Google, Yahoo and Bing can quench our thirst for information with just a few keywords, resulting in huge lists of information in seconds. But did you know that most of us have access to only 4%? World Wide Web»?
We know only the tip of the iceberg: the structure of the “dark Internet”
As we said above, to better understand the “dark Internet”, it is necessary to imagine the entire Internet as an iceberg, which is divided into five parts, each of which is more immersed than the previous one.
Level 1. At the tip of the iceberg we will find all the pages that we can access using search engines. This part of the Internet is visible and accessible to “mere mortals”, and the information on it is completely traceable.
Level 2. Just below the surface of the water we will find those pages or sites that are not indexed (in other words, sites that are not visible in search engines) by traditional search engines (like Google or Yahoo). Thus, they are only accessible to those who are “in the know” about these sites.
Level 3. If we dive even deeper into cold water, the iceberg surrounding us, then we can see information (mostly illegal) that is very difficult to find “openly”.
Level 4. As we get closer to the bottom of the iceberg, we will be able to find any type of illegal site. Most of them are monitored by the US government (eg child pornography websites).
Level 5. After going through the four levels of the “shadow Internet”, we can reach the very bottom of our iceberg - the most hidden part of the Internet, known as the “dark side of the Web” ( The Dark Net). A haven for hackers, this part of the web is based on a set of private networks that can only be accessed by “trusted” users. This is the darkest side of the Internet: it does not follow standard protocols and it is insecure.
Tor: How to access the "dark Internet"
Each of us can access the "dark" parts of the World Wide Web, but to do this you must use alternative search engines. Tor (The Onion Router) is free program, which was developed in Research laboratory US Navy in the mid-90s to protect online communications of US intelligence agencies.
Tor has a multi-layer structure (hence its name) that allows the user to navigate the network from one layer to another, while the user is protected by a encryption that allows him to hide his IP address. One of the main distinctive features The “shadow Internet” is the anonymity of the user.
Is it really possible to surf the web anonymously?
Industry experts say connecting via Tor can be risky. Tor does not allow the user to control the proxy they connect to, which can result in them being exposed to man-in-the-middle attacks and JavaScript infections that violate the user's privacy.
IN recent years 3-4 news regularly appears in the feed with the headline: “The government wants to block Tor.” But this idea is somewhat utopian.
The darknet can be used in all parts of the world except North Korea, where to access a computer with the Internet you need special permission from Kim Jong-un. Even China failed to ban it. Golden Shield automatically blocks all new Tor entry node addresses, but people who need to bypass this barrier using VPNs and proxy servers.
News about the “ban on the underground Internet” only fuels interest in it among the population. More and more Russians are joining the darknet, which is fraught with many dangers and temptations. You should be aware of the consequences of using Tor incorrectly.
This article will cover the main types of stores and forums on Tor that should be avoided and the possible liability for using/creating them.
Fragments of the article were removed at the request of Roskomnadzor. The material has been edited.
2. Sites with job advertisements
A huge number of advertisements for the sale of *** contain a note: “We are looking for ***. Activity, adequacy, and professionalism are required. The salary is high." For one ***, an employee receives on average 500-3000 rubles. They write on the forums that a smart worker can earn up to 80-120 thousand rubles a month with free schedule. And this is in the provinces. In the capitals the ceiling is much higher.
But this work is far from being as simple as it seems at first glance. Making a good “***” and hiding it is a whole science and experienced people write entire textbooks. There are many non-obvious problems that are difficult for a beginner to guess about.
For example, how to protect yourself from “seagulls”? This is what they call *** who search for and successfully find other people's *** in typical places(flower beds, holes in the asphalt, entrance canopies). Or how to disguise a Ziploc bag inside an acorn or nut so that rain and wind do not damage the product?
Criminals from Tor require not only ***, but also parcel acceptors, stencilers (making announcements on the asphalt), growers (growing plants at home), and people to withdraw illegally obtained money from bank cards. They rarely look for strong guys to intimidate enemies. And every profession has non-obvious subtleties that you need to learn in order to avoid getting into trouble with the law.
In the criminal sphere, there is a terrible turnover of personnel and new employees are constantly needed. A truly adequate and neat person can work for a couple of years, but a simple ***/carrier/dropper walks free for only a few months. Most people are caught by the police sooner or later. People rarely manage to raise money, stop and leave on time.
Possible problems: According to Article 228 of the Criminal Code of the Russian Federation, if a person is involved in the distribution or production of ***, then he can be imprisoned for a period of 8 years. We’ll talk about penalties for parcel receivers and money cashers below.
3. Stores of goods for committing crimes
Tor is used to trade weapons, fake documents, fake SIM cards, phones, ATM skimmers and a bunch of others. interesting items. As with ***, Bitcoin is used for anonymous payment. Surprisingly, there are no particular problems with the delivery of goods.
Sometimes it is done via regular mail. To receive and send parcels, they hire “droppers” who go to receive/send parcels and show off their faces and passport details. Also, goods are sent with the help of taxi drivers or private transport companies. Here is a quote from the RuOnion forum:
I once sent an optical sight via transport company, naturally not branded. They asked what was inside, he answered - a sniper scope, They: let’s write it down - an optical device :-)))) They don’t really care what to carry...
But sellers still take many precautions: they disassemble weapons into parts, which they distribute into several boxes, disguise them as other items, make parcels with double bottoms, etc. They have no less tricks than ***.
Possible problems: According to Article 222 of the Criminal Code of the Russian Federation, illegal acquisition or transfer of weapons may be punishable by a prison sentence of up to four years. About fake documents it is written in Article 327 of the Criminal Code of the Russian Federation, it says about a period of up to two years.
4. Pedophile forums
There are also a lot of people on the Tor network who experience sexual attraction to the children. There is a lot of “interesting” for them here. Firstly, huge archives of porn videos featuring minors. Secondly, these are forums where people share personal experience seducing children and hiding this process from others.
Some pedophiles consider sex with children absolutely unacceptable and sit on “conservative” sections of forums, where they simply post slightly erotic photos of little girls and boys with their genitals covered.
But there are people for whom just watching videos is not enough and they strive to make their fantasies come true. The main shock for me when preparing this article was familiarization with a book for pedophiles in Russian.
200 pages about where to find a potentially available child and how to recognize him, how to gain his trust, how not to leave traces and how to make sure that the child never tells anyone about what the pervert or pervert did to him.
And judging by the forums, many pedophiles actually manage to turn things around so that parents never find out what happened to their child. After all, most often children are seduced not by maniacs on the streets, but by neighbors, relatives or family friends who have been in the house for many years.
Never leave your child alone with anyone and never without video surveillance. There are many more pedophiles among us than one might think.
Possible punishment: It is prohibited to store porn videos involving minors on your computer. You can read more about this in the article:
5. Websites of extremist organizations
Terrorists, skinheads and radical oppositionists also create websites on the onion network, publish articles there and discuss plans for pogroms or the seizure of power on forums. Also, sect sites are gradually moving to Tor.
Since 2002, Russian authorities have maintained a list of Federal extremist materials. It includes almost 4,000 books, articles, paintings and music. Rospotrebnadzor forces such materials to be removed from sites on the clearnet, but they are distributed freely in Tor libraries.
Possible punishment: According to Article 282.2 of the Criminal Code of the Russian Federation, participation in an extremist organization can lead to imprisonment for up to six years. Also, you cannot copy materials from such sites to Tor and post them on social networks and blogs. There is also a separate article on this topic:
6. “Hacker” trading platforms and forums
In international dark markets, next to *** and weapons, there is often a Digital Goods section. In it you can buy Trojans, tools for Wi-Fi hacking, tools for hacking programs, tools for DDOS attacks and many other types of “tools for illegal access to digital information.”
Along with the programs, you can also buy instructions for their use and educational books. They also sell digital goods that were stolen using the tools described above: upgraded characters in games, paid accounts for various services, hacked programs, access to infected computers.
There are also many hacker forums on the darknet. There people share their experiences with each other, look for perpetrators and accomplices for various cyber crimes.
Possible punishment: If it is proven that a person used any of the programs described above, then, according to Article 272 of the Criminal Code of the Russian Federation, he can be imprisoned for up to two years.
7. “Black” cryptocurrency exchanges
The sites and organizations described above commit financial calculations in bitcoins (less often in other cryptocurrencies). And of course, they don’t pay any taxes on it. Cryptocurrencies are used to cash out money obtained illegally.
Tor has exchanges for withdrawing bitcoins to regular electronic wallets or bank cards. It is also full of advertisements of people who withdraw money from cryptocurrency wallets to offshore accounts or transfer money to the account of a “shell company.” From the latter, money can be withdrawn using ordinary “cashers”.
There you can also order bank cards issued to dummies or “virtuals”. And hire drops who will go to the ATM, show their face in front of the cameras, withdraw cash from the cards and deliver it to you.
Possible punishment: According to Article 159 of the Criminal Code of the Russian Federation, participation in group fraudulent schemes can entail up to 10 years in prison.
The State Duma is also talking about adopting a bill that would provide for punishment of up to four years in prison simply for using bitcoins or other cryptocurrency.
conclusions
The above does not describe all types of content that can be found on the Tor network. Not mentioned are sites with erotica for animal lovers, stores of stolen goods, sites for ordering killers and much more.
But what has been described is quite enough to understand why governments around the world are trying to control the Internet. Personal freedom and privacy are good. But how to fight criminals on the Internet without blocking sites and controlling traffic?
P.S. Is Tor anonymous?
There are a lot of tutorials on how to ensure online anonymity on the darknet. Some authors consider a virtual machine with Tails -> vpn -> vpn -> Tor to be a sufficient scheme. And someone recommends buying a computer from a flea market in a neighboring area and using a modem through the “left” SIM card. But one thing is for sure - if you just launch the Tor browser, then your level of anonymity is quite low.
Over the past few years, I have heard the concept more and more often - the Deep Internet. But I never thought about how to get there. And so, after digging around a little, I decided to look into this topic.
There is an opinion on the Internet that the deep Internet stores almost 100,000 TB of information, while the regular Internet stores no more than 2000 TB. Almost all information on the dark side of the internet is open and free. The Deep Web is not indexed by Google or Yandex search engines.
How to get there
If you want to visit such a domain through a regular browser, you will see this.
Well, if through TorBrowser, then the page will naturally open. In the screenshot below I opened the local Wikipedia (Hidden Wiki)
What can you find on the Deep Web?
Because the deep internet is used by hackers, criminals, and law enforcement agencies, it is considered a dangerous place. It's really not entirely clear why.
Somehow it so happened that the first thing I came across was the Runion forum, which contained things that amazed me.
I’m not even sure whether it’s worth writing about this at all, since modern laws of the Russian Federation can punish for this. I just hope that all the people who sell weapons on the forum are police officers, thus identifying alleged criminals.
I was surprised not so much by the fact that they sell firearms, but by the fact that for communication they use strange boxes like: 4d2b151932e7 and require letters to be encrypted.
Most sellers only accept Bitcoin for payment. A little later I found a service that allows you to send messages to such strange addresses.
On the forum there are orders for body armor and even acetone. There are even SIM cards that are designed in legal entities. Lots of threads about politics, mercenary camps and the like.
The portal http://doe6ypf2fcyznaq5.onion/ has a catalog of popular resources. Among the harmless ones is a virtual confessional, in which you can absolutely anonymously ask priests from the local religion to forgive your sins.
When reading the description of the Tor browser on software portals, we usually see characteristics only in a positive way. It is positioned as a mechanism for protecting rights on the Internet, a tool for bypassing the ubiquitous control of intelligence agencies, and a means of combating Internet censorship. A browser that offers the most reliable online anonymity mechanism completely free of charge. Journalists use it to convey information, famous people, anti-corruption activists, government officials, and other users who fear surveillance and seizure of information. And residents of totalitarian states can have a connection with outside world, in particular, with democratic countries.
What are the dangers of Tor?
Known fact: Tor is banned in some countries, including Russia. And the reason for this is the browser’s creators ignoring Internet censorship. In the Russian Federation, violation of this ban is expected to block public Tor servers. There are no sanctions for ordinary users yet.
But owners of Tor system proxy servers may have problems related to liability not only for ignoring censorship. The enthusiasts who provide the end nodes of the onion network—the so-called exit nodes—are at greatest risk. The Tor system is built on the principle of transmitting encrypted information through several proxy servers. The IP address of the last proxy can be determined by intelligence agencies. And this has already happened in a number of countries, including Russia. A well-known fact: in April 2017, Russian citizen Yuri Bogatov was arrested for allegedly publishing calls for terrorism on the Internet and organizing mass riots. The defender presented irrefutable evidence that Bogatov himself did not make any publications, but his home computer was configured as an output node of the Tor network. However, Yuri still had to spend 3.5 months in a pre-trial detention center.
The preventive measure was subsequently changed to house arrest, but the case has not yet been closed. Enthusiasm is, of course, good, but it must be healthy.
For ordinary users who do not own Tor endpoints, the danger lies in the onion network itself. The Tor browser is a software environment for accessing the Darknet, shadow side Internet. You can't get here with using Google or Yandex, shadow web resources will not open in a regular browser window even with a direct link. You can only access the Darknet using Tor.
What is Darknet
Exists in the form internal network Tor with the “.onion” domain, which is also hosting for all shady sites. Everything is confidential on the Darknet - site creators create them anonymously, users visit them anonymously. This is because the subject of discussion and transactions on shady sites are goods, services and content prohibited by the laws of many countries.
On Darknet sites, forums and communities you can purchase drugs, weapons, fake documents, counterfeit banknotes, sophisticated porn, stolen items and other prohibited goods. Bitcoin currency is usually used to make transactions. Just as the Tor system allows the buyer and seller to remain anonymous, so with the help of Bitcoin it will not be possible to subsequently identify the sender and recipient of a money transfer.
Like the regular Internet, the Darknet has its own search engines, only intranet search engines.
But they search for information only from web resources available on the Internet. Some forums and communities of the .onion network are unindexed or completely closed. Only their own people or those who have received an invitation from such people can get to the latter. The darknet is a gathering place for hackers. It is here, and most often in closed communities, that cybercriminals communicate with each other, share experiences, and recruit newcomers. Naturally, piracy flourishes on the dark Internet. Here we will find genuine mirrors of well-known torrent trackers that are officially blocked in a number of countries.
The very bottom of the shadow Internet - human trafficking, ordering a killer, interactive rape, torture and murder of people
The darknet consists mostly of English-language sites, but there are also Russian-language ones. On the shadow Internet we will not find web resources with some kind of sophisticated or modern design, everything is done either with flashy bad taste or in the style of poor minimalism.
We won’t see verbiage in articles about anything optimized for top search queries. Here the entire emphasis is shifted to the specifics and usefulness of information, as was once the case in the early days of the development of the regular Internet. The darknet is a kind of excursion into the past of the regular Internet, but the excursion, alas, is unsafe.
Why is the Darknet dangerous?
Visiting the Darknet in itself is not a criminal offense. Any of us can, out of curiosity, visit one or another shady site. It's like walking through dangerous areas of the city. The danger lies in possible consequences such a walk, and regardless of whether we commit an illegal act or not. Thus, a potential threat hangs over every user of the shadow Internet: fraud, scams and hacking flourish here.
If we are talking about illegal actions, then it is naive to believe that the existence of the shadow Internet within the Tor network is a guarantee of the safety of illegal transactions. In addition to the anonymity mechanism offered by the browser, there are a lot of different nuances - from its correct configuration for the Darknet to the method of receiving purchased products.
On the Darknet, intelligence services cannot identify criminals in the same way as on the regular Internet - through filtering information in public network. But nothing stops them from acting according to the scheme test purchase. Intelligence officers can monitor the shadow Internet and, under the guise of buyers/sellers, negotiate the purchase/sale of prohibited goods. And when planning the delivery of prohibited goods across the border, do not forget about such a structure as the customs service.
Here are some facts from judicial practice Russian Federation in cases in which Tor appears as an instrument for committing a crime
Judicial practice of the Russian Federation in “Darknet” cases
By the verdict of the Leninsky Court of Cheboksary in July 2017, a Russian received a 4-year suspended sentence for purchasing narcotic drugs on one of the Darknet sites. Package with drugs in the form registered letter was sent by a seller from Germany, but was opened and recorded at customs in Vnukovo. The parcel was sent to Cheboksary accompanied by employees of the Ministry of Internal Affairs. Since the letter went from Germany to Russia, drug smuggling appears as an illegal act in the verdict.
Note: Drugs on the dark internet can be ordered in "stash" form, such as a Coca-Cola bottle. Such props will deceive us humans, but not our four-legged friends. Trained customs dogs search for drugs at the border.
A student from Russia was sentenced to serve 2.6 years in a maximum security colony by the verdict of the Leninsky Court in Voronezh, handed down in August 2017. The student organized it on the Darknet trading platform for the sale of drugs and supplied them through hiding places.
A drug courier, who took up such a “position” in one of the stores of the shadow network, in January 2017 received 6 years in a high-security penal colony by the verdict of the Kalininsky court in Chelyabinsk.
August, 2016, Norilsk City Court Krasnoyarsk Territory sentences a defendant in a smuggling case firearms. The defendant purchased prohibited goods on the Darknet and even received them by parcel from Europe to his postal address. But during operational search activities, the weapon was discovered by FSB officers. Result – 4.3 years in IR general regime and a huge fine.
To sum it up...
Drugs and weapons are the most common categories of cases involving the Darknet that reach the sentencing stage. That's all because law enforcement There is a mechanism for generating evidence in this category of cases, honed over the years. And it makes no difference to them how communications were carried out during the commission of a crime - through the Tor browser or through word of mouth. All these conventions and details are usually revealed in a “confession.”