Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

OPERATION DarkNet: A Good Start… But There’s More to Do

with 15 comments

“May thy knife chip and shatter.”

~Fremen Saying of ill will against an adversary~

OP Darknet:

I saw in the news that Anonymous (factions thereof) have decided to go after the paedophiles using the hidden wiki and the “DarkNet” for their purulent files. The hack on the Lolita City site was a success in that they got hold of user names and passwords. Due to the nature of the site and its being in the hidden wiki (DarkNet) it is tough to know exactly where the systems sit that house/host the content, but, it seems that through certain techniques using TTL, they pretty much have a good idea of where the server may sit in the continental US.

Operation DarkNet

Examiner article

I applaud their efforts and I hope that my article on the DarkNet was in some way involved in getting them inspired to hit the paedo’s where it hurts. Either way, I think that this could just be the start of things though, and I would like to just lay some things out for you all to consider as you move forward.

Paedophiles:

First off, paedo’s are for wont of a better description, pathological in their desires and actions. However, they have gotten much more savvy to the Internet and like jiadhi’s, may in fact not be using their real names in some cases. Though, it seems from the reporting here that you all have found real names and links to facebook pages and the like? I would just like to caution you to vet your information well before you insist that someone is indeed trafficking in such material. For the most part though, if you get into the systems of such sites and you gain access to email addresses, be sure you go the extra step and do some foot printing and OSINT to get as much as you can on those addresses and end users. Often times I have found in the jihadi realm, these users tend to re-use ID’s in many places (as you likely have seen mentioned about you all as well in early posts of mine) that can be tracked and traced. With each post of data tying said email address to it, you can build a pretty good picture of a user and their habits.. And by proxy, perhaps their real identities.

Remember, these people are clinically ill, not just evil, so perhaps by placing yourselves in their heads a bit, you may also be able to predict their actions and gain some perspective on how to hunt them further.

The Darknet & P2P

The DarkNet is only the new anonymized space for these people. Did you know that they also have been trafficking in p2p’s set up as well for just this purpose? You might want to look within the DarkNet for hints or links to these sites as well. Usually from what I have heard in the LEO space, that they are invite only, but, I believe that since these people’s pattern is pretty much creating the smut and trading it amongst themselves, that you are likely to find links that will allow you more surface space to attack.

Best part about this vector of attack as well is that those servers/boxes are not anonymized. You locate them, you got them dead to rights. I’d say keep working both ends of this picture and you will do some good. Just be careful in accessing such content.

It is a crime even to access it.

Goals

So, is outing these people the only goal here? I suggest more than just dropping Pastebin dumps… In fact, I suggest you don’t dump them at all. You can allude to the fact that you have popped something and you have the data, but, I would suggest you set up cutout accounts and directly dump that data to the Feds or local LEO’s if you like where the servers/people are located. By dumping the data out in the open you give the paedo’s time to burn the evidence so to speak and potentially, you may be inhibiting the Feds from actually capturing and putting these people away.

Overall, I laud your work thus far in this respect, but I think there is more that could be done. If you want good press and good will, this is certainly a way to do it. You just have to work within the lines a bit.

Work smart and Keep it up. Perhaps the next one can be called Op Fedaykin

K.

 

About these ads

Written by Krypt3ia

2011/10/20 at 19:34

15 Responses

Subscribe to comments with RSS.

  1. I’d just have to disagree with you on one thing – they are not ALL clinically ill.
    I think you might know…I worked with pedophiles for 14 years or so in a specialty unit – and there are various types. All are deviant, but not all are clinically ill, unless you are counting the mere presence of deviancy as being MENTALLY ill, which I’d have to disagree with.
    What say you about the risk that people take in attacking these rings in light of our current computer laws- specifically, downloading, even by accident – child porn as being the same as possession of same?
    One subset that I became very aware of are the pedophiles who are overly CONCERNED with children’s welfare. These are the people that seek to help children – whether by getting a job at agencies that deal with child welfare, or with charities that do the same. This is a particularly dangerous group. They can rarely be perceived as mentally ill, because often they are highly competent and functional – and often are considered quite respectable- until they get busted.

    skullaria

    2011/10/20 at 19:46

  2. Skull,
    Personally, my understanding of them from a psychological perspective is that their deviancy (particular to children/objectification/sexual desires thereof) de facto makes them clinically ill. They are a subset of deviancy that is considered not the norm (i.e. deviancy of being a furry lover as opposed to man boy love) So, your argument there, though you have experience does not play for me. However, if you can cite a clinical DSMV on this, then I will accept your interpretation.

    Point two.. Yes, just having the images constitutes criminal act according to the law/LEO’s/Cases I have seen in the past.

    As to the subset who go after childrens charities etc to get “close” to their targets, I suggest you need look no farther than sociopathic behavior… They are mimics.. that is all, and this bears back to the first comment on their illness and classification thereof.
    K.

    Krypt3ia

    2011/10/20 at 19:55

  3. We’d actually classify them according to other cor-morbidity in practice. It’s a really weird area – but we had several that were quite organized in thought, high functioning, with no other mental co-morbidity. We’d generally refer them -back to jail, as they were usually forensic. There are many people in jail that carry a diagnosis, but in actual practice, no matter what the DSM says-level of functioning is the most important thing to consider, and many of these folks are HIGHLY functioning. HIGHLY. Do NOT underestimate them – and that’s my purpose for the comment at all – I don’t want someone seeing ‘clinically ill’ and thinking these folks are like schizophrenics that are so disorganized they can’t tie their own shoes at times.

    No, the huge majority of pedophiles simply belong in jail and considered criminal.

    Now you do have exceptions – there are some who are so dangerous to others, but maybe carry a secondary diagnosis of a developmental disorder, such as mild mental retardation – they are the pedophiles that are not high enough in their functioning to actually carry out a crime-BUT they are clearly a danger and would TRY TO – so we’d commit them repeatedly to keep them out of the general public.
    We could go round in circles about it – but just for practical application, you’d find that most mental health professionals consider them first and foremost DANGEROUS, instead of considering them *primarily* mentally or clinically ill-and I mean dangerous in a CRIMINAL SENSE.

    Love your suggestion at the end there. IMO that would DEFINITELY be the best route.

    skullaria

    2011/10/20 at 20:19

  4. I don’t usually support the actions of anons, but this I applaud. As long as they pass the info along to LEO and do the “anonymous tip” sort of thing, it’s cool. I feel like sexual deviancy, especially pedophilia, is making the world a really bad place, and the internet even moreso.

    In terms of posession risks when..erm…let’s call it investigating… just be careful:

    TURN OFF IMAGES IN YOUR BROWSER!!!!!
    Disable embedded media in your browser
    Disable javascript
    If you get shell access and plan on copying anything, script it so that you don’t download image or video extensions

    And of course, if you get server access, make sure to get the external ip address, dump all the mysql databases you can, and get the site’s source code for later exploits if they block your initial path of entry. Furthermore, it’d be a good idea to add your own user with ssh access or whatever, and make it look like a linux daemon username if possible to hide it. Backdoor programs are too detectable…

    joesomebody

    2011/10/20 at 23:07

  5. Excellent point.. Best not have images on.

    Krypt3ia

    2011/10/21 at 12:50

  6. Looking at this from a technical perspective, I’m in two minds whether they should proceed with Operation DarkNet. Ideally this will involve professional hackers clued up on forensics, and not a load of amateurs jumping in and messing up any existing investigation.

    Anonymous must also know where to draw the line. Any possession of indecent images of children, unless explicitly authorised, is a criminal offence. As joesomebody pointed out, it’s possible to inadvertently download those images and be liable for prosecution.
    They should certainly consider drawing the line at joining P2P networks, as generally people only get invited after supplying indecent images to whatever group.

    The other thing to consider is the difference between gathering intelligence and gathering evidence. If the intention is the latter, the Anonymous hackers will need to ensure the integrity of whatever they gather, and be able to prove the source beyond doubt. If this is an intelligence gathering operation, it’s best to gather as much as humanly possible before turning it over to a law enforcement agency.

    michael555x

    2011/10/22 at 22:03

  7. You ever stop to think about how goddamned hard it is to read white text on a black background? Your web design is knife-raping my eyes.

    florp

    2011/10/24 at 17:11

  8. I’ll take that under advisement. However, you can read it in regular black and white at infosecisland if you like.

    Krypt3ia

    2011/10/24 at 17:17

  9. Nice Dune reference!!

    I am not in LE but I was under the impression that if you encountered child porn and did not report it to LE you where technically guilty under the same law. So hacking and then dumping without reporting would make you potentially prosecutable.

    There was a recent case where some dudes broke and in stole a guys DvD/CD collection to later discover it had child porn on it.. They turned it over to LE who did not charge them and went after the pornographer and arrested him. We could assume LE would do the same thing here.. But we all know about assumptions.

    To me this is what hacktivism should be all about. Having said that there is some serious liability here! Let’s say you get v& and your gear has some residual images on it, or whatever. Not sure too many people are going to buy the “I was taking these dirt bags out” story.

    JT

    2011/10/28 at 15:12

  10. As a side note do you think this is more about image management or is it legitimate attempt to score one for the good guys?

    JT

    2011/10/28 at 15:18

  11. The problem is that the authorities cannot stop porn over TOR. It is just impossible. I would have rathered the media kept quiet about this whole thing so that people would still keep using Peer to Peer and get caught. The more pedos that head to TOR, the less chances of any arrests being made.

    Vince Jin

    2011/10/28 at 17:09

  12. This post is very helpful to some of us as we are not all tech programers. Just by you posting this article helps some of us , understanding how these dangerous intruders are connecting on many of the social sites. We are truly fighting this fight to keep them away now also on social sites. Thanks for posting this article., and I will add your link to my human story post if it is okay :) best wishes to you.

    mymulticast

    2011/11/20 at 18:16

  13. Everywhere it gets repeated that Anonymous took down 40 CP sites, 190 IP address.

    No passwords were leaked, and the user names are from a list that is publicly available at the lolita city site, so why is everybody repeating lies that Anonymous said?

    Why does everybody blindly believe in everything that gets posted at pastebin as if it’s pure truth?

    Also, no sites were taken down. All sites are up.

    Pure lies, there is something else going on here, they want the general public to believe something while in reality something else is happening…

    Who would want to tarnish the reputation of a network that has no laws and that SOPA and ACTA cant interfere with?

    name

    2012/01/05 at 18:23

  14. Have you ever considered creating an e-book or guest authoring on other sites? I have a blog based on the same topics you discuss and would love to have you share some stories/information. I know my visitors would value your work. If you’re even remotely interested, feel free to send me an e-mail.

    seo

    2012/01/31 at 17:57

  15. Sure, what’s the site url? I will take a look.

    Krypt3ia

    2012/01/31 at 18:04


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 131 other followers

%d bloggers like this: