02/24/15

Bitcoin Wallet Vulnerability

Bitcoin Wallet Vulnerability

gATO bEeN – researching vulnerabilities in Bitcoin wallets and of course there are many but I will cover some of the basics and save the rest for my new book coming out soon. First off there are 3 basic types types of wallets, Full node, thin client and web based wallets I will not cover off line wallets for now.

Web based wallets are useless for any security minded person because they are all controlled by the system administrators of the site, even blockchain.info wallets are a problem. Roger Ver the main person at blockchain.info got pissed off and and released the names and addresses of a BitcoinStore.com customers on a public forum, then used his admin privileges to lookup peoples IP address, phone number and other personal information. money009

Why you may ask, because Roger is also the owner of BitcoinStore and accidentally refunded an extra $50  worth of Bitcoin to customers and they didn’t return it. So as much as I love blockchain.info and trust them a wee bit, but this shows that even some of the best websites wallets can become a nightmare and they can get all your data and if they choose steal your Bitcoins right out of your web-wallet or just make it public and then your mother in law will see your Bitcoin fortune and be really pissed. read more https://bitcoinhelp.net/know/more/top-seven-ways-your-identity-can-be-linked-to-your-bitcoin-address

Thin wallets are a little different because they do not have a full blockchain and relies of some other service as a middle man to communicate your transactions to and from the blockchain and your wallet -to be truthful I setup one of these middle-man servers to see if it could be done.  I found out that as a middle-man of your data I can do all kinds of nasty things to your transactions and send your wallet information that everything is OK and working fine.

So a bad actor can become one of these middle-man and have all your Bitcoins and transactions and do as they please. Some security people call it man-in-the-middle attack but it’s your own dam fault for trusting these anonymous middle-man services to all your Bitcoins. How much do you trust a complete stranger with your Bitcoin???  then by all means use a thin-client.

Full node Bitcoin wallets do not have these weaknesses but let’s say your are security conscious and even password protect your full-node wallet. Remember to back it up on your home shareable drive or even a tim drive if I gain access tothat backup your Wallet is toast. Even with Apple Time-machine I can go back in time and get a copy of your wallet wallet.dat file and drain your secure encrypted full-node wallet. This also applies to Windows users too, a simple backup can be your worse nightmare, a friend and you can also loose all your Bitcoins.

Since all Bitcoin transactions are public it is easy to trace your coins history and connect the dots and find your identities. I won’t even cover Sybil attacks or packet sniffing, forcing clock drifts on your wallet or just a simple bug in a version of core Bitcoin code. Yes the developers were even discussing liabilities if they release a buggy wallet code that open up your wallets, so if the developers are worried, I think you need to look at your wallets not once, twice but maybe 3 times and figure out your best solution to safeguard your Bitcoin wallet.

Sometimes just understanding the problems that your Bitcoin wallets have you may be able to protect it better. Oh Yeah- offline wallets, they also must connect to execute a signed transaction some of these and other attacks may be applicable to you too. There are other siple ways to read all the data from your secure thumb drive or if I’m just pissed off at you smash it with a hammer and your Bitcoin fortune is gone so be careful if your divorcing your spouse.

HD-BIP32 and Multi-sig are somewhat safer but if you trust an exchange to validate your 2-n of 3 Multi-sig you could be in trouble. Let’s not my favorite TPM- forget that the NSA has authorize thru the NIST standards that any Windows machine made after June 2015 will have a TPM chip – Trusted Computing Model – Yes I know China and the NSA have inbreeded key’s (backdoors) in these new devices but most hardware -phones-pad devices-  will have this TPM chip installed and then you will have NO security at all- Ask Germany why they will not use Windows machine’s any more -so now your Bitcoin wallet is safe – Yeah BaBy – gAtO OuT

02/18/15

i2p sites in the Dark Web

gAtO FoUnD – these few i2p sites from my Dark Web crawlers – there is also a lot of tunneling from Tor to i2p to keep thing really secure – why not use 2 network to hide your stuff.  You can find a lot of Russian sites that do business in the Dark Web – i2p is better at security of course they use it to hide better.

The Dark Web is not only Tor but i2p as well. I hope this helps any researcher or educator play in the Dark Web better. Some of the content is nasty so be careful – gAtO oUt

I2P Links

SEARCH ENGINES:

eepsites – This search engine has been around for a long number of years. Also available on the clearnet via http://eepsite.com “This site provides a web interface to a database about files available within the anonymous I2P network. A dedicated, automated web crawler keeps the database up-to-date.” http://eepsites.i2p

eye.i2p – Supports somewhat advanced query options. http://eye.i2p

epsilon.i2p – “Epsilon Search is a search engine that indexes eepsites on I2P.” http://epsilon.i2p

IMAGEBOARDS:

Oniichan – Chan run by chisquare. Many categories, active-ish. http://oniichan.i2p

Anch  – “This site was made by anarchists and for anarchists. This site is  russian-speaking, except /int/, which is international.” http://anch.i2p

(PERSONAL) SITES AND BLOGS:

augenscheinlich – A blog in Germany about Net politics, surveillance, secret services, leaks, and so forth. Frequently updated as of this writing.

http://augenscheinlich.i2p

str4d – Home of str4d. It has guides, a blog, links, notes, and infographics. http://str4d.i2p

killyourtv.i2p – KillYourTV’s home. Including How-Tos, a blog and a description of his services.

http://killyourtv.i2p

Shadow Life – “Enjoy your stay below the radar”. Well written and lenghty posts on anonymity. Would recommend.

http://shadowlife.i2p

Cheech-Wizard – Blog of resident I2P user Cheech-Wizard, serving comics, music and thoughts.

http://cheech-wizard.i2p

Dark Like My Soul – fancycakes’ blog. Interesting and useful blogposts.

http://dlms.i2p

SIGINT – Personal site/blog of sigint.

http://sigint.i2p

dcherukhin – Personal blog and link list of a Russian man named Dmitriy Cherukhin. Appears to be an academic.

http://dcherukhin.i2p

Raegdan’s Refuge – Yet another Russian blog.

http://mcr76yyq5f2e6a3b5vvrd5v6uyseyzhgculi6leptadjd5ua7c4q.b32.i2p

The Anon Dog – Daily updated links to (news) articles on politics, security, revolts, etc. “h4364r’s Anonymous Daily on I2P”

http://theanondog.i2p

Actap’s Home page – “I’m Actap from Russia. Increasing Internet censorship level in my country brought me here.” Hosts a constantly updated list of sites banned in Russia.

http://actap.i2p

?labs – Anja’s “little corner on cipherspace”.

http://philabs.i2p

Chiron’s I2P Eepsite – Entertaining homepage of a seemingly disorganised and at times angry German I2P user with limited grasp of the English language. He has added a puzzle to his website which leads to his personal information. Confirmed to be the manliest man on I2P. Rumored to be the operator of the I2P mainframe.

http://i2p2go.i2p

sighup’s eepsite – “Homepage of sighup”. A blog, IRC logs of some irc2p channels, contact information, and some other stuff.

http://sighup.i2p

darrob.i2p – Personal site of darrob. Some Tahoe-LAFS related stuff.

http://darrob.i2p

peek-a-boo eepsite – ReturningNovice’s eepsite.

http://i2peek-a-boo.i2p

justme.i2p – Home of RandomI2PUser. Some books, music and programs available.

http://justme.i2p

Meeh’s home – One or two tutorials and a description of the services run by Meeh.

http://meeh.i2p

Home of a Japanese I2P user.

http://benkiman.i2p

lurker.i2p – “A non-organic lifeform”. Home of Frost, the operator of ZeroFiles. Has a blog and a hosts.txt file. http://lurker.i2p

Complication – A really old personal site. Interesting snippets from the beginning of I2P when there were just a handful of users. Hasn’t been updated in a couple of years.

http://complication.i2p

Man  of Perdition – “Things your goverment & church don’t want you to   know.” Do not enter without triple-layered tinfoil hat.

http://manofperdition.i2p

Freshcoffee – Plain and simple but well crafted home of cervantes. Lists some cryptographic keys.

http://freshcoffee.i2p

Schwarzwald – Quite an empty website.

http://schwarzwald.i2p

Doom – Yet another empty personal website. It lists a GPG key.

http://doom.i2p

luminosus – Lists some contact information.

http://luminosus.i2p

Cable Viewer – “A Cat’s Mirror of Wikileaks Cablegate site.”

http://leakager.i2p

main.paraZite – A mirror of the (in)famous “paraZite”

http://loinen.i2p

I2P Planet – “planet.i2p is an RSS aggregator for I2P trackers, blogs, and other feeds.”

http://planet.i2p

hashparty – “Home of hashparty, the blackhat hash cracking feast!”

http://hashparty.i2p

Cool looking site in Spanish about privacy, government control, GSM, mobile phones, privacy, security, hacks, IMSI-catcher, etc.

http://quematumovil.i2p

UC ZEON – UC 0079-0093 ZEON REMNANTS.

http://uczeon.i2p

Buråsskolan – A Swedish site (or rather, a page) about cryptoanarchy (I suppose).

http://kryptoanarki.i2p

anarchydocuments.i2p – A mirror of texfiles.com’s “Anarchy and General Mayhem” section.

http://anarchydocuments.i2p

Abusos judiciales en España – Info about abuse by courts and lawyers in Spain.

http://abusos.i2p

Info Security – A Russian blog on information systems security. Seems dead.

http://infosecurity.i2p

Anarplex – Darknets and cipherpunked agorism.

http://anarplex.i2p

Lenta.i2p – Very active news blog on Russian affairs.

http://lenta.i2p

FreeZone – A Russian blog.

http://freezone.i2p

SLS.i2p – Yet another Russian blog. Seems to cover politics.

http://sls.i2p

Antheogen – A Russian site about psychoactive funghi (I think)

http://entheogen.i2p

FILESHARING:

PaTracker 1.7 aka Postman’s I2P tracker, or simply Postman. I2P’s main torrent tracker. Has been up for years. Very active, very reliable. Lots of good stuff.

http://tracker2.postman.i2p

DifTracker – A large body of French content

http://diftracker.i2p

exotrack.i2p – Deserted but functional.

http://exotrack.i2p

Myttk – A Russian torrent site.

http://myttk.i2p

Welterde – Opentracker that has been up for a number of years.

http://tracker.welterde.i2p/stats?mode=top5

Chisquare’s opentracker announce URL

http://hvvybpef5nabnizizyy6ei57a77na4urifa4np65vpfzwq5csfra.b32.i2p/a

An opentracker run by KillYourTV

http://tracker.killyourtv.i2p

A Russian opentracker.

http://ptt.i2p/index_eng.html

Les Hérétiques – Very well-designed collection of French literature, including detailed descriptions. Mostly (only?) EPUB files.

http://heretiques-ebooks.i2p

lib.i2p – A modest (~500) collection of Russian ebooks.

http://lib.i2p

Free Book Library – 20045 books, 410 comics, 33 magazines, 134 textbooks. Warning: Facebook Like button on page!

http://ebooks.i2p

Gusion – A modest collection of ebooks (~290). Mostly fiction. Uses the Calibre ebook management software.

http://gusion.i2p

Library  Genesis – I2P leaf of the Library Genesis project (now nearing 1 million ebooks).

http://u76v7ha6j4jmtz3k2lseaso5qy36lxs77klhovmptufwcodovatq.b32.i2p

Document Heaven – “Document Heaven wants to be an eepsite, which collects links and magnet links to scientific or otherwise interesting non-fictional papers, documents and books. This eepsite is hosted in the spirit of the Guerilla Open Access Manifesto.”

http://documentheaven.i2p

Cheech-Wizard – An index of music and comics uploaded by Cheech-Wizard to Postman.

http://cheech-wizard.i2p

amidoinitrite – Manga, music, books, Youtube.

http://amidoinitrite.i2p

lyncanthrope.i2p – French movies and music

http://lycanthrope.i2p

openmusic.i2p – An open directory with some gigabytes of music. http://openmusic.i2p

mp3arc – Fairly big open directory of “hard music”. At least 800 albums (haven’t counted them). Sorted by artist. http://mp3arc.i2p

Anonymix – “Multitracks, Acapellas, Instrumentals, and More” for download. Requires registration. http://anonymix.i2p

leecher.i2p – Some popular TV series including The Walking Dead, The Simpsons, South Park, and more. http://leecher.i2p

serien.i2p – An index of German TV series available via torrents. http://serien.i2p

FINANCIAL:

VEscudero’s Service for Buying and Selling Bitcoins – Very well established and reputable Bitcoin trader. http://bitcoiner.i2p

LTC Guild – Litecoin mining pool. http://ltcguild.i2p

Darsek – “virtual card, internet payment processor and money transfer system”. http://darsek.i2p

?x5 – “?x5 Investment Fund is an Offshore entity outside your jurisdiction, managed by veteran investment gurus.” http://pix5.i2p

PURCHASEABLES:

ChemHack’s – “Apothecary and Potions”. Currently selling homemade GHB and Suboxone http://chemhack.i2p

Darknet Products – Selling virtual machines and bootable USBs. http://darknet-products.i2p

SOCIAL:

id3nt – I2P’s main microblogging service. http://id3nt.i2p

Jisko – Another microblogging service. Hasn’t been around as long as id3nt, but has frequent and constant activity. http://jisko.i2p

Visibility – Fully functional social network. Active (read: not dead), but could do with more users. “You can add friends, upload files, share images, write blogs, create pages, add bookmarks, create polls, and more…” http://visibility.i2p

GAMING:

I2Play – “Welcome! I2Play provides anonymous gaming services over I2P. Admittedly the selection of games that can be played over I2P is reasonably small due to the requirement that they be tolerant of lag, but that doesn’t stop us trying!” OpenTTD and Tetrinet. http://i2play.i2p

I2P Chess Client – “Here you can play chess with other users and robots either in casual  play or for ranking.  Also, you can interact with the users through the  chat rooms. You don’t need to install any other program, you just need  to register using the link, enter and play!” http://chess.i2p

(FILE)HOSTING:

ZeroFiles – A file and image host with a 10mb upload limit. http://zerofiles.i2p

Gallery – Not exactly an image host pur sang, but it hosts images. About 40k of them. http://gallery.i2p

open4you – A Russian/English site offering free hosting. http://open4you.i2p

Blackhosting – A Russian hosting provider that accepts Bitcoin. http://blackhosting.i2p/en/

CODING / DEVELOPMENT / PLUGINS / I2P RELATED SOFTWARE:

ZZZ – The main developers forum of I2P. http://zzz.i2p

i2p2.i2p – I2P’s project page. Go here for the nitty gritty on how I2P works. http://www.i2p2.i2p

trac – I2P bug reporting and general ticket creation. http://trac.i2p2.i2p

stats.i2p – “The home for I2P statistics”. Has been around since forever. http://stats.i2p

BigBrother – Distributed network statistics gathering. http://bigbrother.i2p

sponge – Home of I2P for Android, Seedless, and sponge himself. http://sponge.i2p

echelon – Your #1 source for I2P plugins. http://echelon.i2p

Plugins – “An app-store for I2P plugins” http://plugins.i2p

I2P Plugins – Yet another source of plugins. http://stats.i2p/i2p/plugins

AyuDownloader – “AyuDownloader is an Plugin using the EepGet class from i2p developers to download larger files easy from Eepsites.” http://ayudownloader.i2p

Ipredia – “Home of IprediaOS”. An operating system for I2P. “IprediaOS  is a fast, powerful and stable operating system based on Linux that  provides an anonymous environment. All network traffic is automatically  and transparently encrypted and anonymized.”  http://ipredia.i2p

Projects.i2p – Projects.i2p is a community-focused projet management site for I2P  coding projects, providing optional wikis, forums, document management, bug tracking and much, much more. If you’d like to host a project here, please contact one of the site admins, either on I2P’s IRC network, or via e-mail. http://projects.i2p

Repo – “This site is a central information hub for repository hosting services around I2P.” http://repo.i2p

git.repo.i2p – A public, anonymous Git hosting site. http://git.repo.i2p

Deadman – iMule repository. http://deadman.i2p

OUTPROXIES:

ExitProxy – Run by Russians. Multiple IPs available. http://exitproxy.i2p

Meeh’s Tor outproxy – “I have a outpoxy free for use. With this you should be able to access both .i2p/.onion and clearnet sites.”

http://meeh.i2p/?p=services&sp=other

PASTEBINS:

PasteThis.i2p – Has been up for at least a year. Stable and actively used. http://pastethis.i2p

ZeroBin – “ZeroBin is a minimalist, opensource online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.” http://zerobin.i2p

TUTORIALS AND INFORMATION:

Salt Wiki – The main I2P Wiki as of writing. A valuable resource with a big and broad variety of information. Also available as a Tor hidden service http://salt.i2p/wiki/index.php/Main_Page

Satori – “This is a wiki dedicated to cryptographic, anonymity, and security information.” http://satori-wiki.i2p

The Darknet Wiki – Seems underdeveloped and deserted. http://darknet-wiki.i2p

wiki.meeh.i2p – Good resource with information not found elsewhere. “This is a wiki for i2p and how to use its functions and services.” http://wiki.meeh.i2p

rus.i2p – Main Wiki for Russian I2P users. http://rus.i2p

??????????? – Another Russian Wiki. This one seems oriented towards more technical subjects. http://progromore.i2p

WikiI2p-ES – A wiki for latinos. http://lawiki.i2p/wiki-es

I2P Tutorials – Tutorials in German. http://tutorials.i2p

I2P/Tor Workshop Notes – “By the less than anonymous Adrian Crenshaw”. http://irongeeks.i2p

PrivacyHawk – A useful resource for tutorials on a variety of topics. “Welcome to PrivacyHawk’s Growing List of  Tutorials”. http://privacyhawk.i2p

ADDRESSBOOK SERVICES:

stats.i2p – The oldest and most popular addressbook service of I2P. Curated. http://stats.i2p

I2P Name Registery – Second most popular addressbook service. “Domain name registrations will not be rejected based on content.” http://inr.i2p

I2Host- Yet another jumper service. http://i2host.i2p

COMMUNICATION SERVICES:

Postman’s mail service aka mail.i2p. Has been online since 2004 with no breaks. Solid email provider. http://hq.postman.i2p

Mumble server by TronDev. Voice chat for the darknet. http://salt.i2p/wiki/index.php/TronDev_Mumble_Server

i2p-bote – Distributed secure email – http://i2pbote.i2p or http://plugins.i2p/i2pbote

Inscrutable XMPP – Also available as a Tor hidden service. Includes information on connecting to Inscrutable XMPP with various clients. http://inscrutable.i2p

Salt XMPP – See the wiki for a tutorial, configuration, client list, etc. Also available as a Tor hidden service. http://salt.i2p/xmpp.html + http://salt.i2p/wiki/index.php/Salt_xmpp

Inscrutable and Salt have S2S (between one another) and multi-user chat.

Haste XMPP – Also available as a Tor hidden service and on the clearnet http://haste.i2p

I2P Chat – A web chat run by who.i2p. Almost only Russians in here. http://who.i2p/chat/

Salt NNTP – Text only NNTP server. Also available as a Tor hidden service. http://salt.i2p/nntp.html + http://salt.i2p/wiki/index.php/Salt_nntp (tutorial)

UPTIME CHECKERS AND LINK LISTS:

Marcadores – A link list by a Latino user – http://marcadores.i2p

Null – Link list (and blog) by 77@0x7@0x01. Nice retro design. http://null.i2p

The Anon Dog – Excellent link list with descriptions. http://theanondog.i2p/cgi-bin/eepsites.py

Who is up? – Uptime checker by a Russian. http://who.i2p

Perv – One of the older uptime checkers. http://perv.i2p

identiguy aka eepstatus – Stable. http://identiguy.i2p

FORUMS:

forum.i2p – I2P’s oldest forum. The most active forum in the I2P anglosphere. http://forum.i2p

forum.salt.i2p – Salt’s forum. http://forum.salt.i2p

forum.rus.i2p – Main forum for Russian I2P users. Very active. http://forum.rus.i2p

The Holocaust Forum – “Open and civilized debate on the Holocaust”. http://holocaust.i2p

COLLABORATIVE DOCUMENT EDITING:

Salty Pad – An I2P Etherpad instance. http://oniichan.i2p/ep/pad/

Infinote – For use with an Infinote client. Might be better than Etherpad. No Javascript required. http://str4d.i2p/services/infinote/

KEY SERVERS:

KillYourTV’s SKS OpenPGP Keyserver http://killyourtv.i2p/sks

Inscrutable’s SKS OpenPGP Public Key Server http://keys.inscrutable.i2p

Echelon’s I2P OpenPGP Public Key Server. http://keys.echelon.i2p

VARIOUS/OTHER:

Tabak – 1 page of information on.. tabacco. In Russian. An i2p-bote address is listed too. http://tabak.i2p

Anonet2 – The Anonet darknet. http://anonet2.i2p

q.i2p – “The I2P URL-Shortener” http://q.i2p

INTUIT.ru – A mirror of intuit.ru, which is.. something. In Russian. http://intuit.i2p

A hit counter for your eepsite. http://who.i2p/counter.html

BitTot – Yeah.. don’t tell Putin about this. http://bitot.i2p

La lique des trolles – I don’t have a clue what this is about. Some French closed forum. http://dumpteam.i2p

zzzot – See for yourself. http://encryptedphreak.i2p

MPAA NOTICE. http://mpaa.i2p

Does what it says on the tin. http://nyancat.i2p

SYNDIE (An open source system for operating distributed forums):

syndie-project.i2p – Syndie project website http://www.syndie.i2p

Syndie Documentation Project – A project to revive Syndie’s documentation and make the software easier to use. http://fomjl7cori4juycw55kdlczpgzzhme6nox6zykokuiov6t5lxhvq.b32.i2p

syndie.darrob.i2p

syndie.echelon.i2p

syndie.inscrutable.i2p

syndie.killyourtv.i2p

syndie.meeh.i2p

syndie.welterde.i2p

A table of known Syndie archives. http://wiki.meeh.i2p

Syndie Gateway. http://mosfet.i2p

IRC:

The I2P IRC network aka irc2p – The biggest, most well known, most active IRC network in I2P. It works out of the box. Simply start I2P and point your IRC client to irc://127.0.0.1:6668

Nameless – An IRC network with some interesting anonymity enhancing features. Servers: irc.stream.i2p, irc.puredev.i2p, irc.philabs.i2p, irc.dlms.i2p

Single server networks belonging to particular users:

irc.killyourtv.i2p

irc.welterde.i2p

irc.meeh.i2p

02/17/15

Dark Web Bitcoin and other nasty stuff

Dark Web Bitcoin and other nasty stuff

gAtO bEeN - analyzing my Dark Web data and it’s worst then ever. Besides the usual crap like human sex slaves, drugs and guns. There seems to be a lot of newer sites that look like terrorist sites, some preaching and asking for donations and of course Bitcoin is the currency of the Dark Web. bitcoin-gollum

Of course there are some sites that are a joke and looks like a government operation gone sour. I am sure they will catch small wanna be script kiddies but the real treasure is in other sites that are linked from these terrorist sites that require login information and no way to register. But in some of the paste-sites reveal it’s pretty easy to gain access via other that can vouch for you. The good part is I found a way to code my login info to my crawlers so this is going to be my next target.

monitoring the dark web:

  • Mapping the hidden services directory by deploying nodes in the distributed hash table (DHT);
  • Customer data monitoring by looking for connections to non-standard domains;
  • Social site monitoring to spot message exchanges containing new dark web domains;
  • Hidden service monitoring of new sites for ongoing or later analysis;
  • Semantic analysis to track future illegal activities and malicious actors; and
  • Marketplace profiling to gather information about sellers, users and the kinds of good exchanged.

The funny part is you been hearing about DARPA Memex dark web tool and that all LE are using it, so how come Law Enforcement allow these terrorist sites and these children sex slave sites to function. I found over 22,000 Bitcoin addresses, so it should be easy to start to map these and try to follow the Bitcon to the bad guys. I’m sure some are using full-node Bitcoin wallets and it’s pretty easy to match it to an IP address. So why does MemEx and LE allow this.

From a year ago when I last crawled the Dark Web I can see that a few sites have been taken down by DOJ- good for them, but new ones pop up in a New York minuet and they keep operating normally of course they have to re-brand and get the new .onion url out in paste site and BB sites.

I am cleaning up my 400,000 URL and start to crawl by next week – if I got 400k from just 17k of sites this new crawl should deliver millions of new Dark Web sites -and so the fun begins –  gAtO OuT

02/15/15

Dark Web and Bitcoin Intelligence Project

Dark Web Intelligence- The Digital Undergound

Project Athena

Executive Summary

I have over 400,00 of Dark Web URL and Web-content plus 2-3 million URL and content of historical data from a few years back – available today.  

Project Athena will offer customers the ability to monitor Dark Web activities and provided alerts and warnings when credit cards or banking account information (or any other keyword you choose) is posted for sale or dumped in the Tor and i2p network dark marketplaces. We also offer the optional service for attainment of compromised data from dark web sellers, this is optional and customers are encouraged to seek legal advice before requesting this service.

We follow the money in the Dark Web, Project Athena will also track Bitcoin usage in the dark web. Since it is the prime source of all dark web transactions, this data combine with our Bitcoin Blockchain tools will give you the data and insight into any cyber investigation.

We use cyber sock puppets in the dark web marketplaces to gather intelligence and target data. These persona’s called cyber sock puppets play a role and team up to gather information. We can also provide you with training and manuals on setting up a Deep Web Investigation Environment with all our tools and how to social-engineering with sock puppets to gather cyber intelligence.

These are all passive methods of investigations, but we can also perform active probes into dark web websites which are very different in the code below and how what network protocol allows.

The Artemis Search engine does 2-two things, one is search of the data from the crawlers and the web crawlers that are basicly BotNets that you send out to gather intelligence in the networks. We gather network data, metadata and website content and extract the URL, Email, Bitcon Addresses, ip2 Addresses and many other type of data, but we can do custom keyword for any investigation subject matter that you may need to use.

Project Athena web crawlers tool -Artemis- scrape the Dark Web (Tor-i2p Network) for metadata and content information of any website we find. This data is stored in Databases so it can be used as a front end to any analytical software to extract the dark web players and websites or any data point you are looking for. It can also provide a simple dark web search engine for investigation into dark web activities.

Since the Tor and i2p network hide websites and information, we must be creative in using our crawlers with keywords to find active websites that are part of the target investigation and then dig deep into them extracting every cyber breadcrumb they have. This is all passive crawlers so no violations are committed.

Bad Guys Methods: Some sites only go up for a few hours every day, some sites use graphics only so our search crawlers can not pick them up their web content, they even imbed content in the graphics so even if you have the graphics without the right password you cannot decode the graphics. Some other sites are Login only sites, getting into those sites is by recommendation only so establishing cyber sock puppets and having them be accepted is the only way to get into these private stolen goods websites. We also do active operations with sock puppets to find new websites by social-engineering methods.

We design and develop cyber dark web sock puppets as aliases and define roles for them to play. These active sock-puppets can be your best way to gathering intelligence to real sites that are selling goods and services or known wire transfer for terroist organizations. In the dark web websites are called hidden services, so finding them without active sock puppets operations is almost inpossible.

The Dark Web is tied to Bitcoin as a monetery value transfer network and one of our new cyber financial data point we will focus on. With our new Bitcoin BlockChain tools working with our Artemis crawlers we can map Bitcoin transactions sometimes down to an IP address.

Bitcoin mapped to the Dark Web

Bitcoin mapped to the Dark Web

Business Case:

The business purpose is to offer a service to banks, financial intuitions, and private persons to monitor activity on the Dark Web to provide alerts and warnings when credit cards and banking accounts are compromised and posted for sale.

Granted, some clients, and potential clients, initially, may not want “the service” to be involved in buying compromised cards back, but they might at some point in the business relationship. BitCoin tracking is important, as you well recognize, to develop the human side of the investigation and would involve creating Sock Puppets and employment of other anti-fraud investigation techniques.

But, for initial marketing efforts, being able to “get a meeting” with a bank executive by letting he or she know that there are indications that bank accounts and credit information is being sold is a first step. Then the pitch would be,

“Let us monitor the Dark Web for you, to provide alerts and warnings so you can respond appropriately, and in a timely manner!”

 

Table of Contents

Dark Web Intelligence……….. 1

Project Athena……….. 1

Executive Summary – Project Athena:……. 6

Business Case:……. 7

Bitcoin – Financial Side of the Dark Web :……. 8

A Private http://blockexplorer.com type blockchain to DB tool…… 8

Bitcoin Account Types:….. 8

Dine and Ditch Wallet:….. 9

Store-Hold Wallet:….. 9

Web-Wallet….. 9

Step by Step list – Dark Web Intelligence focus……. 9

Technology Required – Dark Web Tools……. 10

  • Tor….. 10
  • 2 private Tor-Relays – entry and exit….. 10
  • Artemis – Tor Search Engine -w/ Privoxy and Popili Proxies….. 10
  • BlockChain 2 DB tool – to keep all Block-Chain queries PRIVATE….. 10
  • IRC – OnionCat – BitMessenger….. 10
  • Bitcoin….. 10
  • VPN….. 10
  • i2p….. 10
  • secure email….. 10
  • PGP key for encryption….. 10
  • 3-5 Dark Web Sock Puppets – Buyer/Hacker/wingMan – Roles….. 10

Phase I……. 10

Phase II……. 10

Phase III……. 10

Active Buy….. 11

Extract CC Data….. 11

Dark Web data Collection -Tor- Bitcoin – E-Mails & I2P -……. 11

Understanding the Block Chain……….. 12

The Value of Decentralized Consensus……. 12

Decentralized Applications: The Next Big Thing……. 13

DARK WEB SOCK PUPPETS 101:……….. 15

Sock Puppet  – Gaining Anonymous Access into the Dark Web – ??……. 15

Create Your Own User Names….. 15

Setting-Up Your Sock Puppet Environment….. 15

Best Usage Practices of Sock Puppet Identities….. 15

Setting-Up Onion Mail:….. 15

Create Your Own User Names?….. 15

Motivation – WHY do you need a Dark Web Sock Puppet (SP):……. 15

Dark Web Methods:……. 16

Dark Web Communication:……. 16

IRC – Private Message – BitMessenger -……. 16

Sock Puppet -> Start Here: ?……. 17

STEP 1: Research Intelligence Exchange:….. 17

STEP 2: Setup an email account for your sock poppet using onion mail:….. 17

STEP 3: Copy and paste site information about PGP public:….. 17

STEP 4: Setup PGP:….. 17

STEP 5: Transfer file:….. 17

STEP 6: Establish Your Presence on a Private Message Board:….. 17

STEP 7: Set-Up a secure public Jabber/XMPP federated server on hyperboria using rows.io….. 17

Best Usage Practices of Sock Puppet Identities ?Protecting Your Sock Puppet:….. 18

Completing Your Research- Operation:….. 18

Setting-Up Onion Mail:……. 19

[1.0] What’s Onion Mail:….. 19

[1.1] Why should I use Onion Mail?….. 19

[2.0] Sending emails….. 19

[2.1] Special addresses:?….. 20

[3.0] Communicating with the server:….. 20

[3.1] Spam List:….. 21

[4.0] Dealing with unwanted messages with X-Notice headers:….. 21

[5.0] Create your OnionMail address:….. 22

[6.0] Use PGP messages:….. 22

[7.0] Virtual M.A.T. Protocol and simple mail addresses:….. 22

[8.0] Virtual M.A.T. in Tor network:….. 23

[9.0] User configuration:….. 23

[10.0] Mailing lists:….. 23

[11.0] How to know the user limits:….. 24

[12.0] iam.onion addresses and server address:….. 24

[13.0] Special Mail RULEZ files:….. 24

[14.0] Rulez files as newsletter:….. 25

Dark Web Sock Puppet Setup……….. 26

Sock Puppet  -Insertion into the Dark Web -……. 26

Sock Puppet Information….. 26

Start inserting your Sock Puppet into this webSite :….. 26

email setup in the Dark Web –Onion Mail:….. 26

Dark Web Communication:……. 26

Paste Site:….. 26

Reason-:….. 27

PGP setup:……. 27

Reason-:….. 27

File transfer:……. 27

Reason:….. 27

Private Message Board:……. 27

Reason:….. 27

Jabber:……. 27

Reason:….. 27

Sock Puppet ways & methods:……. 28

Project Athena mission is to collect all Dark Web metadata & financial information and map it out………… 29

Dark Web Stats Pre-Crawl Feb 4, 2015:….. 29

Bitcoin Big Winner in the Dark Web….. 29

USSOCOM Monitoring Bitcoin in the clear web NOT the Dark Web:….. 29

Your secret ownership is encrypted:….. 30

Tax Problem:….. 31

The POWER of the Block-Chain:….. 31

Why we need Dark Web Bitcoin Data:….. 31

Dark Web Tool Setup……….. 33

Overview of Tool Setup for Dark Web Collection project……. 33

Technology Required -……. 33

  • Tor….. 33
  • 2 private Tor-Relays – entry and exit….. 33
  • Artemis – Tor Search Engine -w/ Privoxy and Popili Proxies….. 33
  • BlockChain 2 DB tool – to keep all Block-Chain queries PRIVATE….. 33
  • IRC….. 33
  • Bitcoin….. 33
  • VPN….. 33
  • i2p….. 33
  • secure email….. 33
  • PGP key for encryption….. 33
  • 3-5 Dark Web Sock Puppets – Buyer/Hacker/wingMan – Roles….. 33

Why use Amazon VPS service for my crawlers:….. 33

notes for setting everything up for Dark Web crawlers and Artemus search engine…….. 34

YOUTUBE – Video……. 35

torrc configuration file:….. 36

artemis is installed….. 37

sudo apt-get install tor….. 39

To run TOR as a different USER….. 39

checking if Tor is working….. 40

curl information for the crawlers:….. 41

How to use SOCKS proxy….. 44

tor tor-geoipdb privoxy:….. 44

Proxy setup Tor….. 46

CookieAuthentication 1….. 51

info httpproxy:….. 51

setup Privoxy port:….. 54

Onion00 and torStatus – PRIVATE Tor Public Node list for research….. 59

OnionOO setup……. 59

  1. Installing the metrics database….. 60

1.1. Preparing the operating system….. 60

Make Sun’s Java the default…… 62

1.2. Configuring the database….. 62

1.3. Importing relay descriptor tarballs….. 64

1.4. Importing relay descriptors from a local Tor data directory….. 65

1.5. Importing GeoIP information….. 65

1.6. Pre-calculating relay statistics….. 66

1.7. Generating network status information….. 66

1.8. Importing sanitized bridge descriptors….. 67

1.9. Importing Torperf performance data….. 67

1.10. Importing GetTor statistics….. 68

1.11. Migrating from an earlier metrics database schema….. 68

1.11.1. Migrating from metrics-web 0.0.1….. 69

  1. Installing the graphing engine….. 70
  2. Installing the metrics website….. 71

3.1. Configuring Apache HTTP Server….. 72

3.2. Configuring Apache Tomcat….. 73

999……….. 75

 

02/12/15

Visualization of Bitcoins in the Dark Web

gAtO is – working on a new toy for my Artemis Tor Search engine. I found these cool open source tools -CirCos data visualization- to map out my data visually and creating some cool points for any research.

Bitcoin mapped to the Dark Web

Bitcoin mapped to the Dark Web

Follow the money -> so a Bitcoin map of all the Tor websites I find may be cool, but we can also map it with email and PGP keys and Litecoin and other currencies. Anything we collect from the crawlers which is metadata and content we will be able to map it out on as many data points(keywords) and you want. Bitcoin and the Dark Web – Oh yeah I wrote a book–> – gAtO was right and WROTE the book 1 ½ years ago – Bitcoin in the Dark Web. – Now were going to add sock puppets and some social engineering to find the really good data in the Dark Web – Oh yeah DARPA MEMEX nice try I even have historical Dark Web data and my tools work today-  Were also collecting i2p data so it should be good for any cyber hunter – gAtO oUt.

02/9/15

Bitcoin in the Dark Web

Bitcoin in the Dark Web – Digital Underground

gAtO wAs – asked to check the Dark Web (Tor-i2p) with my Artemis Tor-i2p search engine to see how Bitcoin is doing, and the answer was shocking. I dug around and got a base of 2,000 Tor URL out of those 1,400 we OK and I came back with 17,000 new URL from this first run. Just checking on the Bitcoin keyword it got the biggest hits followed by CC (credit cards) and other stolen good and services. black_bots_

Were the Dark Web was more about Porn a year ago it has changed direction and has become a Bitcoin value transfer network for any information you are looking for and the transactions are all Bitcoin now. As we seen the white cola world adoption of Bitcoin in the clear web has made it more powerful in the Dark Web. More stolen properties, more coin mixer and not only Bitcoin but Litecoin and DogeCoin are becoming more popular to trading in goods and services.

As the DOJ has shut down Silk Road and other drug sites new one have popped up but the thing I seen the most from my crawlers is that more and more trades or goods and services have gone to Bitcoins exclusive as the currency of the Dark Web. Security of transactions are becoming more complex with escrow serves popping up all over the place and even Dark Banks for your Bitcoins and wallets.

We are planing a big sweep of the Dark Web 10 crawls (total of up to 5 million Dark Web URL and website content) for any and all Bitcoin addresses and then use my new designed Blockchain tools to look at all the Bitcoin transactions and see if we can follow the money to an IP address of the bad guys. Hopefully this will open new ways of finding Bitcoins in the Dark Web and help LE get the bad guys. – gAto OuT

01/17/15

Multiple Bitcoin wallets for a Business with Multiple Locations

gAtO wOrKiNg - on the business side, so I needed to create this Presentation to explain how my hd-wallet would work in a business.

Let’s say you have 8 Hair Salons and you wanted each store to have Bitcoin as a source of payment. Easy with my HD-wallet system you can safely deploy different Bitcoin wallets to all the stores and still maintain control of all the Bitcoins that your 8 Hair Salons take in. 

My KickStarter Project- https://www.kickstarter.com/projects/949677390/bitcoin-business-wallet

Your accountant will love the reporting of every BitcoinUserWalletTransaction – and of course the BIG question – Who do you call when your Bitcoin transaction does not work. We give you the tools to query the blockchain and get the answers to solve the problems.

Security – Privacy – Control – Management – Accountability

Simple GUI interface so anyone can use it – No Bitcoin Programing NeededEasy deployment all in your server, so you have total security. I also included Intelligent Multi-Sig Workflow to make Multi-sig wallets easy to use, approve and use by everyone.  Any input would be welcome – gAtO OuT 

Slide01
Slide 1
Slide01
Slide 2
Slide01
Slide 3
Slide01
Slide 4
Slide01
Slide 5
Slide01
Slide 6
Slide01
Slide 7
Slide01
SLide 8
Slide01
SLide 9
Slide01
Slide 10
Slide01
Slide 11
Slide01
SLide 12
Slide01
SLide 13
Slide01
SLide 14
Slide01
Slide 15
Slide01
Slide 16

01/9/15

12 million Bitcoin wallets forecast for 2015

There were 1.4 million new bitcoin wallets created in Q4, representing 21% growth quarter-over-quarter. CoinDesk is forecasting 12 million total bitcoin wallets by the end of 2015  – http://www.coindesk.com/state-bitcoin-2015-ecosystem-grows-despite-price-decline/

This open up how many Business Bitcoin wallets are going to be needed. As more and more businesses use Bitcoins my HD-BIP32 multi-sig Bitcoin Business wallet

HD-BIP32 Bitcoin Multi-Sig Business wallet video Demohttp://youtu.be/-54TzpEIGsY –

will become more useful. Without these types of Bitcoin Businesses tools Bitcoing cannot grow up.

Slide 49
Current and Forecasted Bitcoin Wallet Numbers
12/28/14

3 Multi-Sig wallets for the price of 1 -maybe more

3 Multi-Sig wallets for the price of 1 -maybe more

a new Multi-Sig address scheme -Maybe- let me back-up —//|| A transactions has 2 parts – the LOCKING (INPUTS) of the ownership of the coins and the UN-LOCKING (OUTPUTs) of the ownership of the coins. multi-sig or not all TX are the same in the Bitcoin protocol.

id_99

Multi-Sig Sub-Wallets give business safety, management and accountability with my HD-BIP32 Business wallet

gAtO tEsTing  - my HD-wallet system adding multi-sig wallets to the mix. One of the strange but wonderful things I found is when you create a multi-sig wallet, the order of the INPUTS creates different addressed and redeemScripts. So I test it at the BitcoinD command line just to make sure.

A Mutli-sig wallet is different because it’s created out of other sub-wallets,  but the order in INPUTS makes a difference but the strange thing is to cash the multi-sig and sign them, you can still use any other of OUTPUTs – this test shows that any combination of signed OUTPUTs will unlock all 3 different multi-sig addresses for the price of 1.

I included the example below for you to test: Science is repeatable by anyone and so is the crypto and the math of Multi-sigs-

What I did was change the order of the sub-wallet INPUTS   – _01 – _02 – _03 – and - _02 – _03 – _01  -but the biggest surprised was when I tried to cheat -_03 – _01 –  _03  –   I used the 3rd wallet twice and it generated a Multi-sig. So in affect I just created a Multi-sig that only one (1) wallet has to sign it and it counts and 2.

By all rights the – _03 – _01 –  _03   – or any double of the sub-wallets defeats the purpose of 2 out of 3 signatures but working out new smart transactions multi-sig or not. Soon we will be able to do 3 out of 15 multi-sigs and other cool transactions stuff.

The other cool thing is my HD-wallet system will be able to manage, communicate and create any combination of multi-sig 2-n-3 sub-wallets for today, but as Bitcoin and others like Litecoin, DogeCoin or even an NxT transaction systems for really smart intelligent digital contracts. Business that work in this new digital coin game need a HD-BIP32 wallet system that works with their system. Without accountability even multi-sig wallets will not solve things in business. But when you can create and manage all transactions multi-sigs or regular sub-wallets, with accounting being able to safely get reports of all sub-wallets of all Multi-sig wallets and the coins or contracts they hold.

I’ll get of my soapbox -mEoW – play with the examples below – the cool thing it works, the beauty of crypto and math is you can’t cheat – it works or it doesn’t –

A new Multi-Sig address scheme – maybe -yes/no but by using multi-sig wallets the right way we Bitcoin can become safer – in my HD-BIP32 wallet you will be able to manage thousands if not millions of Multi-sig sub-wallets with 1 application - gAtO -oUt 

EXAMPLE:

———————————————————————————————–

_01 sw_key_pair_as_sec: 03a7d8fbe19c3b9aba3b21cab655253bb954702e938312ff9141ee76700a3316ea

_02 sw_key_pair_as_sec: 022bcd0edd96fffae1d59853a5139948e632968d16240ee8bbedd8e964368ace1f

_03 sw_key_pair_as_sec: 02396b913639612c603471a39c780a49afabf9a45ea62d1edfda77e2e086061685

_01 – _02 – _03

bitcoind createmultisig 2 ‘[“03a7d8fbe19c3b9aba3b21cab655253bb954702e938312ff9141ee76700a3316ea“, “022bcd0edd96fffae1d59853a5139948e632968d16240ee8bbedd8e964368ace1f”, “02396b913639612c603471a39c780a49afabf9a45ea62d1edfda77e2e086061685“]’

{

“address” : “3MbDdx56fVjgsMWW7VmZhnxas4UJxAQbgf“,

“redeemScript” : “522103a7d8fbe19c3b9aba3b21cab655253bb954702e938312ff9141ee76700a3316ea21022bcd0edd96fffae1d59853a5139948e632968d16240ee8bbedd8e964368ace1f2102396b913639612c603471a39c780a49afabf9a45ea62d1edfda77e2e08606168553ae”

}

 _02 – _03_01

bitcoind createmultisig 2 ‘[“022bcd0edd96fffae1d59853a5139948e632968d16240ee8bbedd8e964368ace1f”, “02396b913639612c603471a39c780a49afabf9a45ea62d1edfda77e2e086061685“, “03a7d8fbe19c3b9aba3b21cab655253bb954702e938312ff9141ee76700a3316ea“]’

{

“address” : “3McoaAaTQR8NX4u1y1BxHf3FrWxqjzycHj“,

“redeemScript” : “5221022bcd0edd96fffae1d59853a5139948e632968d16240ee8bbedd8e964368ace1f2102396b913639612c603471a39c780a49afabf9a45ea62d1edfda77e2e0860616852103a7d8fbe19c3b9aba3b21cab655253bb954702e938312ff9141ee76700a3316ea53ae”

}

_03_01 –  _02

bitcoind createmultisig 2 ‘[“02396b913639612c603471a39c780a49afabf9a45ea62d1edfda77e2e086061685“, “03a7d8fbe19c3b9aba3b21cab655253bb954702e938312ff9141ee76700a3316ea“, “022bcd0edd96fffae1d59853a5139948e632968d16240ee8bbedd8e964368ace1f”]’

{

“address” : “3LYZsV7NaMaGhdbtdwvBwFJcs63QiYzzeF“,

“redeemScript” : “522102396b913639612c603471a39c780a49afabf9a45ea62d1edfda77e2e0860616852103a7d8fbe19c3b9aba3b21cab655253bb954702e938312ff9141ee76700a3316ea21022bcd0edd96fffae1d59853a5139948e632968d16240ee8bbedd8e964368ace1f53ae”

}

_03 – _01 –  _03

bitcoind createmultisig 2 ‘[“02396b913639612c603471a39c780a49afabf9a45ea62d1edfda77e2e086061685“, “03a7d8fbe19c3b9aba3b21cab655253bb954702e938312ff9141ee76700a3316ea“, “02396b913639612c603471a39c780a49afabf9a45ea62d1edfda77e2e086061685“]’

{

“address” : “3FEAsZ8KDvodHmTQy2rnWKknQWKCuazdLC“,

“redeemScript” : “522102396b913639612c603471a39c780a49afabf9a45ea62d1edfda77e2e0860616852103a7d8fbe19c3b9aba3b21cab655253bb954702e938312ff9141ee76700a3316ea2102396b913639612c603471a39c780a49afabf9a45ea62d1edfda77e2e08606168553ae”

}

———————————————————————————