Archive for the ‘DARKNET’ Category
What’s eating you?: On-line Cannibalism in the darknet and clearnet
There are so many mis-perceptions about the “Darknet” out there but when you really start to dig right down into the bone and sinew of it you start to see that it really isn’t so dark and certainly not as spooky as one might see on CSI Cyber. I for one have had a yen lately for a serving of cannibalism content on the darknet and boy I was kinda let down by the deep dark nopesauce that I found. See, when you look into the darknet and it blinks back you know you have come to the end of the line and it is time to go back to the clearnet for some real horror.
So yeah, I was messing about in the darknet with my spider looking for some marbled fleshy goodness that I had heard was available out there on the clearnet. You know how you Google something and the usual tinfoil alien type of search results come up? Well the same can be said for things like necrophilia and all the other paraphilias out there. The spiders turned up only one site that had cannibalism in there as a subject so I went there. The site is titled “Japanese Lady Extermination” and it is true to its name in content.There’s a lot of Japanese lady killin going on in there on film and yeah, no, I am gonna opt out of the bitcoin purchases there. No, what I wanted was full on cannibalism for realz and I was bound and determined to find it!
I finally found a link in the darknet to a clearnet Reddit site that had the url to an archived version of “The Cannibal Cafe Forum” a now defunct site that was archived by the nascent “Wayback Machine” at archive.org. Now this site was stood up in 2001 (May 2nd was the spider) and it served up a board feature for those who wanted to roll play cannibalism …Maybe? I am not quite sure on how many of these “Fine Young Cannibals” were serious about their desires and how many weren’t, well, except for the one case where the guy actually killed and ate the other guy!
…but now I am getting a head of myself….
*snicker*
OK! So this board on (necrobabes.org) was stood or was run by someone calling themselves “Perro Loco” or the “Mad Dog” and they ran the show using an email address for their own domain of perroloco.net (see whois data below *wink*) which still exists today and in fact has spawned another site in the aftermath of the flame out of necrobabes circa 2003. As you can see from the screen shots below this site was pretty active and they had a bunch of links for services, offerings, and an application to become …well …uh …meat?
Livestock available
Application to be …Livestock
Films and animations
“Stockman” Association I guess you could join the “club”
Loco’s actual daughter who wanted to get into porn….
Another one to be served up
I can’t even make this shit up!
Click me…
Right, well looking at all those images you get a sense of what the flip was going on in there back in the day. It was all good, if you can call it that, until it went bad for Perro and his merry gang of paraphiliacs. I mean, never mind that he is serving up his own daughter in this thing and all of the cray cray “eat me” discourse that is fairly graphic but man these people had no idea what they were doing OPSEC wise either. I understand it was 2001 and really the net was new but boy oh boy did they leave a trail to their real identities here. If you decide to take a look at the archive note that their IP’s were captured for each post as well as they were offering up their email addresses that they CONTINUE TO USE! I have looked up several and located their real names and locations today.
<BLINK>
OY VEY!
</BLINK>
Now I am going to pause here for a moment to take all this in and maybe say a couple things about pathology and psychological illness…
Eh fuck it.
On to the CRAZIER CRAZY!
So yeah everything was just super great in the Cannibal clearnet back in 2001 until a certain character showed up on the board. His name was “Franky” and he was a German dude who wanted to eat someone and this was the hot spot for this kind of thing right? Well, maybe it was and maybe it wasn’t. I mean all these folks may actually have been just living out their fantasies right? Well Franky would have none of that, he was gonna chow down and he was gonna have a nice time at it provided he could “meat” someone at necrobabes.
Oddly enough you all may know of Franky through the IT Crowd. Does everyone remember the IT Crowd episode titled “I want to cook with you” ? Well, this parody is based on Franky, the German IT guy who put an ad out for someone to eat.
Go on, click the video, I know you wanna… I will be waiting below.
Franky
Young Boys
MOAR FRANKY
Frankalicious
Armin Meiwes
Franky, aka Armin Meiwes literally wanted to eat someone and had wanted to do so since he was eight years old. He met a poor sod on the cannibal site who agreed (Bernd Brandes) of whom he ate about 20kg of his flesh. You can read the grizzly bit below on how that happened and the whole article right here. It seems that Bernd was rather tasty and Miewes took his time with the rest saving it in the freezer for later. I am guessing that after Miewes was caught and the searches were begun it quickly became apparent that he had been on the necrobabes site. I kinda have to wonder at how they all took it on that site. I mean, they were all into the cannibal thing, they talked a good game but just how many of them were all McConaughey about it…
So the site pulls the cannibal board and sometime later the site kinda dies itself. Meanwhile your friendly neighborhood “loco” is like “I am gonna start my own site now man, I need me some cannibalism!” and get’s a new domain started. This site is supposed to be private and you have to email to get an invite. So, me being me, I decided to use a cutout and send an email in to get that freaky e-vite! I got turned down though, so I was disappoint! That is until I decided to use my super Google Fu and shit, he really hasn’t secured the site. You can see all the shit in there with a good Goog session and in the end there isn’t much traffic in there at all. I guess you can’t keep a good cannibal down but you can not sign up for his whacky site and just move on to other places right?
His site is still up and MAN is it GEOSHITTIES
DUDE DUDE DUDE NO MENTION OF DOLCETTEGIRLS?
Who is this Poizner cat?
The perro himself…
dolcettegirls.com
Inside dolcette
More boards and it’s all quiet
For more just use the Google Fu: site:dolcettgirls.com
Now you can just say well that guy is a bit whack and move on but once you start going down the rabbit hole on him you kinda just get sucked into the Nick Cage level shit in Eight Millimeter. Ancillary searches on this guy turned up some real crazy shit. I mean just look at that photo of him above here!
Holy Church of Dolcette?
WHAT THE?
I CAN’T!
It seems like ol’ Perro wanted to have himself a cannibalistic religious org that could maybe be tax exempt? I can imagine that might be hard to get past the IRS, I mean, how are you gonna make that a religio… Wait.. Wafer and wine…
SHIT!
Whoa!
Anyway, Perro is still kicking around on the tubes and seems to have slowed down but where have all those cannibals gone since the necrobabes site went bye bye? Well, it isn’t to the darknet as far as I can tell from all my searches. Nope, it is once again the clearnet that hosts this kind of crazy and I found the new mother load by accident.
It seems all the kids are now at ForumJar which is a low end board much like the original necrobabes but this one is much more sedate and hidden. These people are offering themselves and looking for others to consume just like the old days so I guess you really can’t keep a cannibal down eh? These guys though seems to be a little more savvy about their security but even so, one I looked at is looking for a “chunky” female and offers a kik address to chat them up. I read this and just had a flash of Hannibal Lecter asking Starling if Bill’s ladies were “roomy”
New board
Secondary board
Take me!
“Chunky female”
Well, I guess it’s time to put the lotion on the skin…
Remember, this is what happens when I have idle hands kids. All in all, this is pretty twisted and it all lives mostly in the clearnet so don’t believe all the BOOGA BOOGA DARKNET shit you hear. The clearnet is maybe even more scary and when you think about it, kids today can just google this up and get an eye full.
…. Even if you have those filters on your router.
Heh.
K.
UPDATE: As if by some quirk of fate this turns up today in the news… 30 people eaten at least! http://www.independent.co.uk/news/world/europe/cannibal-couple-eat-30-people-russia-dmitry-baksheev-natalia-military-aviation-academy-krasnodar-a7967216.html
The Psychopath: A Darkweb Manifesto
The darkweb spider kicked out an interesting albeit kind of freaky site this morning for me. The site “The Psychopath” has a long rambling diatribe on how the world has become too domesticated and that this group, the psychopaths, are starting a war against “the man” so to speak. I honestly had a hard time reading this darkweb manifesto because it is poorly written in a long winded sort of way as well as reminded me greatly of Ted Kaczynski‘s rant that he sent to the New York Times and other papers back in 1996. The rambling text with the pseudo educated diatribe on this site reminds me of Ted’s particular bent as well about society and it’s ills. In this case though it seems that the creators have a grudge against societies conformity.
The site names names of targets they have in mind and claims there will be actions against them while seeking to entice you yet scare you to their position and call to action. I will keep an eye on this one to see what else comes of it and perhaps do a little more digging on the clearnet for hints as to the person(s) involved. Until then, I leave you with the full in screen shot and uploaded here for you to read through. It seems that they set up the robots.txt well so I could not wget it.
The Darknet As Medium for Proof of Life K&R Deals AKA OpFOQ
Last week someone pointed out a story about how the Qatari government or relatives of some Qatari’s that had been kidnapped on a falcon hunt had started a darknet site and a fund in bitcoins for information on their whereabouts and return. This story intrigued me so I went looking for the site and someone on Twitter kindly pointed to it and the twitter feed with the address. I went to the site and took a look at it and then started looking at the larger picture of who the Qatari’s hired to do this as well. What follows are my thoughts on using a darknet site like this for proof of life and or transactions like this as well as the company that the Qatari’s turned to to do it for them. Of note is that this attempt was closed down as soon as the story came out in the press so that is an added twist but given the things I have seen it makes total sense why a little light on the subject would make the “company” hired by Qatar to close shop and run away.
Global Strategies Council Inc:
As reports online had mentioned, the “company” Global Strategies Council, was given 2 million dollars up front for work attempting to get proof of life for the abducted falconers. I decided to look further than the reporters (at least as much as they reported) and found some interesting things concerning this alleged company and the person(s) involved in it. First off, the company is so stealth that you have to really dig a fair bit to get to the guts of what it is. Even then, you really do not get much detail on who is in the company, who works there, and what it does exactly. The hinge seems to be on this “shoe salesman” or “Shoe Mogul” if you will, Miltos Goudamanis and no, it is not Militas as you see in the reports in the news. His real name is Miltos and he has a rather obscure past, unless you just go with the shoe angle.
Miltos is evidently the international sales guy for “Naughty Monkey” shoes, a crappy ass site that sells shoes and poorly for a number of years attached to Cyprus. Now, one lately hear Cyprus and think first off of money laundering and banks and so did I. I checked the Panama papers and he is not in there but generally everything is pretty sketch around this guy. Naughty Monkey is the most solid hit for this guy that you can backtrace, so now one has to ask how does the Greek Al Bundy get to the point of dealing with international terrorists and asking for an advance of 2 million dollars to set up darknet sites eh? That question kept ringing in my ears as I dug deeper into the inception zone.
If you look at all the data above in the screen shots you can see that this guy has no real experience with military or national affairs so how does he suddenly become a director or chair at this Global think tank? Furthermore how does a guy who makes less than 10G’s a year is getting a net of 499k?
Blink blink…
SHOES MUST BE SELLING LIKE NO TOMORROW!
This is starting to smell like some rotting carcass in the San Diego sun….
So yeahhhh, this “company” this think tank specializing in… In what? Well, fuckall really, is being run out of this condo it seems in San Diego according to all the records I could find. In fact the phone number to the place also matches with a land line for the area. Not one thing about this company says it has offices in Washington DC at all. Even though their site makes all kinds of DC imagery and allusions to connections therein… Obliquely that is.
Saaaaaaaayyyyyyyy.. is that office condo space zoned for this kind of fuckery?
Looking at their site you have to just ask yourself after reading it all; “Is this Enron?” because they seemed not able to tell you exactly what they did either and look what happened there huh? There are no employees, no experts listed on their rolls and certainly very little on Miltos as to his history or education for these kinds of things. If I were the Qatari’s I would be asking the guy who hooked this all up what cut of that two million he got. I am just gonna lay it out here in plain language;
- Company site is poorly made and has no real data
- No employees
- No history
- Two million up front and we get proof of life!
- PROFIT!
This all screams scam and when the whole operation was shut down I think we all got the same feeling about it huh? How are the Qatari families feeling about this? Is this guy just an opportunist shoe hawker or is there more? So far as I can tell this guy has been trying for years to get USGOV work and hasn’t been able to land anything. So a little grift for a cool two million and a cheap darknet site/twitter account is easy peezy.
About that darknet site….
Darknet Site:
The idea behind this site was to allow the hostage takers a medium to connect with the alleged “middle man” Miltos, to get in touch as well as maybe open source this thing so that anyone with information could leave a tip. Now, on the face of it this may be something of use if you keep it really down low and release that information only to the hostage takers right? I mean you leave this on the darknet and then publish it in the paper you are only gonna get trolls right?
I went to the site and checked it out. It was a clone of the global leaks site (using their frame) and you could create an ID and drop information there. You could log back in and see what responses came from Miltos and his crew but when I looked there were no other info drops that I could see. I signed up and got a number just to see how it would work.
Basically this was ill thought out and deployed so once again I think fly by night and not really meant to gather real intel on the status of the poor Qatari’s who have been jacked. Of course, it is now all shut down according to the Twitter account for the “Op” so so much for gathering information of proof of life for the families of those Qatari’s huh? I will keep an eye on the site to see when it comes down but generally I suspect it will just sit there on some rented space littering the darknet for years.
Thoughts on Darknet as Medium for Ransom:
Aside from thinking that this whole thing was just a grift by this guy Militos and his wife, the notion of using a site in the darknet as a means of proof of life is iffy at best. I should think that the terrorists or whoever that took these people is not surfing the darknet in the first place and would just as easily pick up a sat-phone or regular phone and call the Qatari government with their demands. These arcane measures just isn’t their shtick man.
For that matter just use a cutout gmail account and PGP huh? What the fuck! This whole debacle is just an exercise in how to pull off a short con on a lot of families looking for answers about their lost loved ones. If I were Qatar, I would be asking this Ali Hani about his connections to this Greek guy in San Diego tootsuite man. I am sure the money is spent already anyway…
Oh and as for the hacker angle of “OOOH SCARY HACKERS IN THE DARKNET MAKE SITE” cut the shit media! Anyone with half a brain can stand up a site in the darknet so cut it the fuck out. There was nothing spectacular here other than the lede that looked good for clickbait.
Now.. About those lost Qatari’s….
K.
Darknet Numbers Pages Proof of Concept
Numbers Station:
So with all the kerfuffle over crypto I decided to give everyone a big fuck you and do something low-tek just to mess with the narrative. Right, so you all know what numbers stations are right? Well, I decided that it was time that the internet have one all it’s own but not on the clearnet no sir-ee! I wanted a darknet spooky spooky impenetrable super scary numbers station! So I began to hatch a dastardly nation state level of fuckery that surely will have the gubment all up in arms over my crypto darknet wizardry! I set up a site and I communicated with some people secretly and securely and no one was the wiser. Not one federal agency that I know of saw the site, no scripted scouring of the darknet cached my page that I am aware of (and I asked) and generally, I just pulled off the new age of tradecraft that the KGB should be jealous of!
Here’s how I did it.
Proof of Concept
The Plan
As I was thinking about a means of communication using the darknet to avoid prying eyes and to do so securely I came to the conclusion that I sure could use PGP and some email service out there but gee, lately those have been pwn3d too so fuck that. Instead I wanted to be more old skewl and opted for two way comms through OTP and a static page that could live on the darknet at periods of the day and night of my choosing with those I want to communicate with in the know as to timetables with, well, a timetable. Commonly on the air Numbers stations beacon at specific times of the day and week so this is kind of the same thing. So I set to making a highly portable TOR capable platform that I could take with me and connect to WIFI at hotels, bars, cafe’s, rando people’s houses etc. I could effectively have a transient site that would be hard to track and harder to narrow down where it lives because it is not in some rack somewhere stationary and waiting to be deanonymized and pwn3d.
I opted for a netbook that I had laying around after doing the math on a Raspberry Pi. It was far cheaper to use an old old netbook I had than go spend money on a pi and it was just as portable. Once I got the laptop up and running on backbox, I then installed the TOR system and configured it for having it’s own hidden site. I then installed lighthttpd and created a very small stripped down page of text and color which I then hid the encoded text in the black space. No need to be all fancy here and it was a flourish anyway. It doesn’t have to be pretty to work and yet this lightweight site and the server it was on allowed me to communicate well enough while the whole thing was secure from being hacked. I had testing run on it and the tester was unable to own the box nor the site.
Once the testing was over I let the site run. It was up and down per specific times and communication was made using a second site on the darknet where people could post to a pasteit where we could have coded signals (basically; understood and complying) so that the communications stream would be innocuous enough using code words. You could use images on chan’s or the old trope of putting up an ad for something and even having more code in the text of that if you wanna get fancy and all.
The Tools
- Net top laptop
- Backbox linux distro
- TOR
- Lighthttpd
- One Time Pads (plenty of places on the net to create them)
- Timetable for uptime and downtime for comms
- Assets to communicate with
The Tradecraft
Using this method of secret communication one could plan out all kinds of badness if they wanted to. Having a stealth site that is transient too also allows for more security but as always the people are the weak point. If an asset is caught then the means of communication is blown. Just like the analog counterparts (AM/SW Numbers Stations) this type of communication could go on untouched and unbroken for a long time because of the frequency changes, the IP address changes, and mobility of the asset. Just imagine if the analog version of Numbers Stations were actually not just in some building but in a backpack eh?
The hardest part of all of this is that you have to train your assets to use OTP and to have proper OPSEC. It can be done though, so this is a viable means of secret communication that is low tek enough yet high tek enough for the average person to easily carry out if they are determined to. It would bypass all the email shenanigans as well as texts, calls, chats, that can be intercepted by warrants to companies like Apple and AT&T. After all, how hard is it today to get a distro of linux on a box, install TOR, set up a hidden site, and start using OTP?
Wait… Ok maybe it is a little hard.
Still doable though… I mean it worked for me and my “assets”
Enjoy kids!
K.
YES YOU TOO CAN BUY A 1 KILOTONNE SUITCASE NUKE IN THE DARK NET! (Ok no not really)
So I was surfing the darknets as is my wont to do every morning to see what the kids are up to and this site popped up that claimed they had Russian nulcear hardware for sale. What else is a guy like me to do with a site like this than to say FUCK YEAH! LEMME IN AND LEMME BUY SOME! I did the sign up process (Of course I signed up all super sekret like using the name SPECTRE) and immediately took a look at the wares! These guys have a few options on their “products” page and gee, it was hard to choose from the offerings as they are all super cool.
My account (SPECTRE)
As you can see I have three options for types of nukes and how they would be deployed. I opted for the “Suitcase Nuke” because who hasn’t wanted one of those right? AM I RIGHT? I am right right? Anyway, the other options are a land based “Iskander” system (like the one in Spies Like Us) or a Sub based “Bulava” missile evidently already deployed and laying in wait off the coast of somewhere within a weeks distance according to the details. Each of these options has only regional capacity and the suitcase nuke is the most portable so there is that… Anywho, I forged forward and decided that $50 MILLION dollars was just ducky as prices go and that I could pony up the requisite bitcoins. (As seen below)
50 million in bitcoins please!
YES YES YES WHEN DO I TAKE DELIVERY ALREADY???
NOW, even though I did not see a bitcoin address here I JAMMED that enter button and eagerly awaited the response!
Wait, did I put in my bitcoin wallet?
SHIT!
FAIL!
GOD DAMMIT DARKNET!
CODE ERROR!
WHISKEY TANGO FOXTROT!
Ugh.. I am disappoint.
I have written a PGP encrypted, tersely worded email to their helpdesk…
Dammit. Guess I will have to go order some Polonium 210 or Red Mercury in Silk Road III or is it like VII now?
Dr. K.
Meanwhile back in the Darknets…
@flanvel sent me a link to the darknets with what he said “may” be a numbers station. Of course I had to look at that right away and they were absolutely right! The question is is this just a troll of some kind or is there something else at work? The site tutdwuh7mlji5we3.onion is a static page with four very large ogg files of what sounds like a series of what some claim as ten hours of numbers station like audio. I began the wget this morning and it is still going and I have yet to hear the whole thing but what I heard so far sounds like it starts with a Mexican numbers station from the diction/accent of the reader.
As the commentor on the Reddit says, there is no real way to tell what the deal is with this site because if truly a numbers station (one on the darknet at that) then the code will be random and from OTP so virtually uncrackable. However, it is an interesting notion to consider as I have recently, putting a static transient page on the darknet to use for covert communication through such means as OTP or maybe book code. A simple site with a simple block of text would all it would have to be and you are in bidniss right? In this case if this is a real numbers station at all then perhaps they are trying a signal to noise thing with one of those messages being the real one and the rest are just noisy red herrings. Interesting to ponder.
In any case this is worth a listen to those of you interested in spook world.
Enjoy,
Dr. K.
أخبار المسلمين akhbar almuslimin: Muslim News
Yep, yet another Da’esh darknet site popped up this morning. This one is a rather bare bones effort that relies on free DynDNS, Tor2web and links back to things like WordPress and imgur and Cloudflare. The site came up and then went down after the kids from OpISIS came and went. The cloudflare though seemed to help as well as the tor2web linkage. As of this writing Cloudflare started to act up and the site was losing bits of itself as I was interrogating it for information.
Anyway, this site is pretty sparse design wise but has a lot of content to click. As you can see below it is low tek but the content is brand new. No mention of official ties but it has the flag in the tab as you can see. All of the links go to external clearnet sites for content so much of the work is being placed on the clearnet sites that the daeshbags upload shit to like mega and the like.
Videos from Syria
Dabiq 15 linked to clearnet dump
Other mags
Al Bayan radio streams
Martyrs and usual propaganda crap
Single page content links
Page info
Overall, not much to write home about. The site I assume will be down and up for a while but this just shows you that the daeshbags are trying to get content in the darknet but they seem to be unable to host it all themselves on a single server. Until they can do this, then technically they will continue to be taken offline pretty easily by the kids.
I will be pulling all the metadata since I have already archived the site en toto with wget… More when I have it.
Dr. K.
–UPDATE–
I ran an onion scan on this site for all you kids.. Go.. play..
krypt3ia@krypt3ia:~/go$ sudo ./bin/onionscan http://ou7zytv3h2yaosqq.onion/
2016/08/10 12:59:25 Starting Scan of http://ou7zytv3h2yaosqq.onion/
2016/08/10 12:59:25 This might take a few minutes..
————— OnionScan Report —————
High Risk Issues: 0
Medium Risk Issues: 0
Low Risk Issues: 0
Informational Issues: 4
Info: Missing X-Frame-Options HTTP header discovered!
Why this is bad: Provides Clickjacking protection. Values: deny – no rendering within a frame, sameorigin
– no rendering if origin mismatch, allow-from: DOMAIN – allow rendering if framed by frame loaded from DOMAIN
To fix, use X-Frame-Options: deny
Info: Missing X-XSS-Protection HTTP header discovered!
Why this is bad: This header enables the Cross-site scripting (XSS) filter built
into most recent web browsers. It’s usually enabled by default anyway,
so the role of this header is to re-enable the filter for this particular website if it was disabled by the user.
To fix, use X-XSS-Protection: 1; mode=block
Info: Missing X-Content-Type-Options HTTP header discovered!
Why this is bad: The only defined value, “nosniff”, prevents browsers
from MIME-sniffing a response away from the declared content-type.
This reduces exposure to drive-by download attacks and sites serving user
uploaded content that, by clever naming, could be treated as executable or dynamic HTML files.
To fix, use X-Content-Type-Options: nosniff
Info: Missing X-Content-Type-Options HTTP header discovered!
Why this is bad: Content Security Policy requires careful tuning and precise definition of the policy.
If enabled, CSP has significant impact on the way browser renders pages (e.g., inline
JavaScript disabled by default and must be explicitly allowed in policy).
CSP prevents a wide range of attacks, including Cross-site scripting and other cross-site injections.
To fix, use Content-Security-Policy: default-src ‘self’
krypt3ia@krypt3ia:~/go$
Counterfeiting On The Darknet: USD4U
USD4U
While traversing the darknets, as one does today, I came across a constellation of sites hawking counterfeit currency, particularly American twenty and hundred dollar bills. It is not uncommon to see counterfeit currency on offer on the darknet markets but in this case these were stand alone sites by a proud group of counterfeiters offering on the face of it, almost superbill quality notes. Stuff that has not been seen in a while since the take down of the DPRK’s efforts to not only manufacture currency for their own purposes, but also to potentially be used in a larger scheme of currency destabilization.
The notes in this case however, aren’t the old hundred dollar notes of yesterday but instead today’s counterfeit protected notes that the US rolled out in 2013 to the masses. With color as well as new inks that fluoresce, have metal in them, and hidden tech to stop fakes, the new bills were supposed to be incredibly hard to create. Well, it seems that these guys on the darknet have done a pretty good job at creating a passable facsimile as seen below;
Their hundo
Hundo front with markings of checking points/features
Their hundo back
Real hundo
Quality
That’s right kids, this can pass the UV light test, it has the fiber/metal strip, it has the holographs, and has the look of a real bill. In fact I have at least one alleged user who has passed the hundo’s at a local establishment without issue. Of course it is common practice to use smaller bills than this, some devil may care types will buy the hundreds and pass them in gas stations and other low end brick and mortar stores in hopes that the teller’s there will not know the difference nor have the technology to test the bill for authenticity.
So someone has been passing these already if you are to believe the Reddit post. I should think that it is quite possible and while I did not check out “mrexpat” to see if he is a shill, I know just by looking at the site and the language they use, they make a “quality” product. The site(s) are all by the same maker and or brand if you will. They call themselves USD4U and they are pretty brazen in their advertising including telling the client not to haggle with them, the price is the price! That price being as follows for varying denominations and weights;
Printing
As you can see they offer anything from ten dollar bills all the way up to the hundred dollar bills seen at the top. They are dealing only in Bitcoin and they offer FREE SHIPPING with an order over $250.00 and over. Of course now if you look at the prices they are pretty cheap for the main part. However, in larger operations it is not by the note but by the pound (weight) that you buy bills in with serious folks. These guys have the niceties as well of an “affiliate” program and an earnings program, which I am not sure exactly how that would work but ok…
Another interesting note is that they say they ship from the US, which makes me wonder a bit about these guys. For the most part my digging has shown that in their photos the players are Asian but that could just mean it is a Tong or another group doing this. They certainly though spent big bucks on the printing process and seem to be using quality materials as well to make these notes… So is this just a sideline or what? The brazen behaviour I alluded to above is that they have taken photo’s of their Flexo Printer that they “heavily modded” in order to make these bills.
For those not in the know, and do not want to go read more in the link above, a “Flexographic Printer” is a specialized piece of machinery that can print things on many types of material with rubber “plates” that can carry high rez scans. So, if you ever had print shop back in the day (as I did) you make a flexible plate and then run that on your media with the flexo and you can get crisp images with texture. Texture is a key here, see, when you just laser print a note you don’t have the right feel and you may not be able to run high fiber content paper through an inkjet in some cases. No, these are printed on cotton stock and have raised ink feel to them as well like the real deal.
(I know what you’re thinking here.. “What has he been up to?” No, I am not a counterfeiter… No really!.. Ask me at DEFCON and buy me a drink maybe I will tell you more…)
This modded rig as they call it can run jobs fast, multi color, and handle the iridescent ink that they need to make a passable note. I would have to really get my hands on a note to say more about the quality of the paper and the strip and all so I will just leave it there but were one to pass one of these at the local gas-n-sip without the little pen check, I am pretty sure you would walk away with change.
A Little Investigation
Anyway, looking at this site I decided to dig a bit and see if they done fucked up somewhere on the OPSEC. I ganked the sites down using WGET Torrify and checked for metadata etc. What I found was pretty much nothing to write home about. They have done a good job at securing the site and using ToR to obfuscate who they are but those photo’s just had me thinking they must have left some clues there. So I took a closer look at them.
Asian Man 1
Asian Man 2
Asian Man 3
6 1380684725
So yeah, Asians unloading the Flexo. Are they the owners? Are they minions? I really cannot say, but I will say that the Asian gangs have been known to be involved with this activity in the past as well as DPRK. Slick professional operations like this means to me that these guys have been at this for a while. Their versatility in making old and new bills, the use of the Flexo and the right materials… It all leads me to believe they are pro’s…
Or… It’s a trap!
The images though had no metadata to use so we have to go on the IMINT itself. The biggest tell to me is the number on the forklift. Someone may be able to get a lock on where this thing is sitting because they unloaded it in these photos in some industrial area and that machine did the work. A long shot really but hey, it is what it is right? That’s all the attribution I am willing to state here on this. Maybe Los Feds (USSS) can do a better job?
So What’s It All Mean?
Welp, I for one an impressed with what I see here. From a forgery perspective these guys have a legit *cough* act here. Yes yes yes, criminal but interesting! So many places on the darknet are just poorly put together craptastic sites with a barker at the front door yelling “BUY SHIT!” This though is more subtle, straight forward, in a crooked way, and merits the attention of both me and perhaps the federal authorities that handle such things as fake currency. They must be doing a good job because they also claim at the top to look out for a cloned site as well! Imitation being the most sincere form of flattery is it?
I also think it very telling that they offer no bitcoin wallet on the site as well. This to me says that they are being careful with the OPSEC, and frankly that is a smart play. You have to order with your email address and they will contact you. It could all just be a scam… It could be a sting operation… I am not going to go any further to find out though. I just surf the darkest parts of the darknets and chortle.
Oh darknet.. I lurv you!
Dr. K.
Two More Da’eshbag Darknet Sites Popped Up
The Cyber Kahilafah
A couple more daring Da’eshbags have decided that the darknet is the place for them to spread their propaganda. The sites just popped up and aren’t quite finished. The Cyber “Khahilafah” خِلافة “Caliphate” has a total of 5 main pages with links off of those to other internal and external pages.The main page has the following text:
Fight in the cause of God those who fight you not transgress Allah loveth not aggressors} Al-Baqarah: 190}
————————————————– ———-
The books you dislike it, and it may be that you dislike a thing which is good for you, and that ye love a thing which is bad for you. Allah knows and you do not know the cow} 216}
————————————————– ———-
Very soon will be open all sections
We hope to collect the largest number of individual wolves
Cyber kahilafah
!Beware no joking here!
Overall this page is really quite simple and reminds me of just about every other page on the darknet (some remnant from Geocities got loose in the darknet and multiplied!) it’s kinda ugly and simple. As the site is not finished there isn’t much to look at right now but I thought I would archive it and pass it along before the kids hear about it and DD0S the crap out of it or hack the node and take it down. Of course if someone hacks it and somehow get’s a raw IP that would be interesting huh? *hint hint NSA*
Anywho, this site is different from the last one because it is not really pulling a whole lot from the clearnet and it is certainly not at this time like any of the other jihadi boards out there but it seems to me that is what they may be aiming at later on down the line. I am sure it won’t be around that long anyway but it’s amusing to see them try.. Ok on to the data and further below the second site!
DATA
The sub pages consist of the following headings:
/bomb/
with sub categories of /bomb/ for redundancy?
/kafia/
which seems to be a version of Keffeyah which is a scarf, head dress common to the region.
Both of the downloads fail and the domain they point to are:
- http://00-up.com/do.php?id=579
- Download 2https://ia601501.us.archive.org/16/items/bonboba/bonboba.pdf
Now the 00-up domain is interesting because it has a long stories WHOIS history and the present owner is a Mohammed Ezz out of Egypt according to the data.
/army/
/army/ only has “coming soon” in Arabi on it at the moment
/armyb/
has the following single page with a link (Infantry Mechanisms In Desert Operations)
The desert operations piece is pretty much a re-hash of the desert war tactics from WWII. It’s an interesting read if you are in to desert warfare but I am not sure why they have put this up there because it is specific to the Sahara.
/isdarat/
Isdarat we saw the last time and refers to isdarat.tv so maybe these are the same guys?
Another “coming soon” image
/gun/
“Kalashnikov Weapon” which links to some videos that don’t work
That’s all she wrote for this site. The next one though is a stand alone with the same name as this one but really is just a shingle for the Da’esh Cyber Kahilafah Al Bayan (popular news paper in the region) radio link. This link is not working but there were some interesting links that were offshoots to this.
Cyber Khaliafa Radio (non functional)
Now Al Bayan is the radio station that the da’eshbags started when they took over a station in the region. It is on FM and cannot be heard here unless you get it online. Thus this page and links. As they are not working it may be that they only post things or make the link live at certain times. In any case, the links on this page led to the clearnet and some interesting people and places (see below)
I have yet to try and give a listen but when I get a working link I will. Until then, you kids have fun with these guys in the darknets! Once again they show that they have some sophistication in being able to set up a tor site but then they completely lack the ability to really program it or keep it online. These are not the cyber warriors the media would like you to think they are.
Dr. K.
EDIT: There is a THIRD site evidently. I have found the “creator” of the site and located yet another page he/she/they are looking to link from. This one will eventually have the bomb making tutorials for making phone bombs.
“The Red Room” A Chamber of Horrors on The DarkNets?
I often like to take little trips into the dark seedy underbelly of the internet called the Darknet. Well today was just another day for that kind of thing until I came upon a site that claims to be a “Red Room” A “Red Room” is really a composite urban legend where snuff films and extreme BDSM meet in a dark corner of the internet. Up until today there have been many rumours of sites and often times one can find alleged “Snuff” films on the internet and darknet. This site though has a twist to the old rubric, this site wants you to sign up and pay a fee in BitCoin in order to watch content live in the future, 136 days in the future to be precise (see image below)
The spooky bloody countdown!
Now I don’t know about you all, but well, I have come across various sites in the corners of the net and of course in the darknet that, shall we say had unsavoury content in the past. You can imagine the kinds of things one see’s on the net especially if you consider “Rule 34” and have been around long enough *shudder* Anywho, this site piqued my interest because it reminded me a lot of an episode of MillenniuM back in the late 90’s. This episode pretty much presaged this site’s intent with an early online site that could not be traced being run by a serial killer who was killing people live online according to the number of hits the site got (see image at top, the number is how many hits he wanted before killing her)
Now I remember thinking that this was all bogus back then, particularly over the tech speak that they tried to use with the hacker trying to capture the location of the kill site. I tell ya, it was hilarious up to a point but I really had to wonder at the time whether or not this kind of thing would eventually become a reality. The site that I located today might be the real deal, but I really tend to think this is a little scam on the part of some enterprising Germans. I mean come on! Give me some content to start with that will make me WANT to give you Bitcoins guys!
Anyway, this site claims the following as it’s hook:
Three people will die … just one will survive. You will decide who is the lucky one. Livestream from 4 diffrent locations in this world. You decide what each person deserves. Choose between 67 diffrent torture methods. Whether physical or psychological pain, you choose by voting. All four camera livestreams on one site with a chat for each camera. Interested? Register now! More information after registration. Important! Access is limited to 300 registrations! Login will be possible 3 days before it starts.
So three unknown people will die after torture and the viewers are to choose the one who will live. With a wide array of torture methods (what we don’t know) including psychological torture how can one resist this? Frankly this reminds me of a recent “Castle” episode with the school room and the tortured kid (now grown up) who started killing people off with puzzles and terror.
Oooh… Ahhhhh…
The registration page
Confirmed accounts (notice the 176/300) ORLY?
The site is kinda poorly coded and leaves too much of a trail for someone to follow back to the creators. The BitCoin wallet was created recently it seems and has no transactions at all. So if there are people who have signed up where are their Bitcoins? According to the site out of 300 spots to view the murder/torture of unknown people 123 were taking up already. Would this not mean that there should be a substantial amount of Bitcoins in the wallet? The net here if 300 people actually paid the Bitcoins would net the creators about 300 Bitcoins (today $123,591.00) which is a tidy sum. If you then believe the site and not the Bitcoin wallet taint then 123 Bitcoins given already would total $50,672.31 Now if you look at the second page that you can access via code, you see that 176 people have allegedly signed up. Well, that would be how much in Bitcoin? Oh yeah: $72,506.72 so where are those funds HMMMMMM??? I am sure some Treasury or DEA agent would love to steal those eh?
Blockchain Taint
German language in the code
Another fascinating fact that I alluded to above is that this site was likely created by “Zose vacky Germans” as there are German words in the code and the video (oh yes, there is a video but in reality there is only text in it so cool down!) It figures that the cultural reference that ran through my head was the Cartman’s mother in Scheise videos here! Yep yep, German BDSM Red Rooms on the darknet! I can see the headlines now on Vice! Breathless stories about how the world is coming to an end and that the cause will not be something like an asteroid or a nuke, nope, it will be a Red Room that will drive our civilisation over the edge!
Alrighty, this was amusing. I will chalk this up to Slenderman and the other internet born Red Roomy urban legends. While I would not discount this kind of thing going on and being only something the Illuminati get to see, I seriously doubt that this is a real thing. If you decide to part with a bitcoin gentle reader, let me know how that goes for you. I will keep an eye on the site to see if anything interesting happens in 136 days.
K.
Krypt3ia 