Dark Web Escrow Service Explained

Dark Web Escrow Service Explained

gAtO FoUnD – this dark marketplace hidden service website -Nucleus- and they they explains the escrow service policy. gAtO wanted to pass it along so we can all learn how one dark website plays-

Now remember that this is only one dark websites version. Each different marketplaces has different version and flavors os their Bitcoin escrow policy. Bottom line your trussing two unknown people and Bitcoin transactions are final – so think and learn. Another marketplace Evolution closed down with 12-million in Bitcoin in escrow and the admin disappeared  – happily ever after. Beware Will Robinson  – gAtO OuTsegway_bike_Bitcoin

Okay, there seems to be an insane amount of bad finalizing practices on the market – lets lay this out.

Escrow – You give your money to a 3rd party (Nucleus) – This proves to the vendor you have the funds available, they ship product. You receive the item, and when you finalize, Nucleus gives your funds to the vendor. You prove you have money, vendor proves they have product, Nucleus proves the transaction was agreed to and turns the money over making a small profit per transaction and many people and vendors at the same time.

In the event of a dispute where escrow is involved, Nucleus agrees to mediate, acting as an unbiased 3rd party. If the vendor can prove they sent the product through tracking information or some other means, or offers a reshipment which you choose to accept, ect. Nucleus releases the funds to the Vendor. If the Vendor cannot prove they shipped the product, or no remedy is found to the customers dispute, the funds are returned to Customer.
Nucleus also offers a percentage based refund, where the customer can ask for a smaller portion of the price returned. This is useful for situations where for example a customer places an order for 50 units of an item and only 25 units are delivered, ect. – In the example here, the customer would ask for a 50% refund.

To prevent vendors waiting an excessively long time for funds if a customer should fail to log on or forget to finalize, Nucleus provides a timer on each order which releases the funds to the vendor when it runs out. The customer should note this timer, or auto-finalize feature, and take measures to file an appropriate dispute before it expires. Often, the mail runs slow, and vendors usually like to be optimistic in their advertising, so occasionally the timer will run out before a product has arrived, despite the vendor having actually sent the product. In these cases, the customer can send an order to reclamations by filing a dispute, which will stop the autofinalize timer until the product arrives. When the product arrives, the customer should select 0% in the refund request field, and the vendor will accept this offer releasing the funds.

FE or Finalize Early – You release the funds directly to the vendor, the vendor ships the product. Nucleus is not holding your money in escrow, therefor, in the case of a dispute, a refund is asked directly from the vendor. Vendors often have legitimate reasons for needing the money before delivery, including but not limited to ;
-Customer wants more of a product than is readily available on hand, but the vendor can easily and reliably obtain that amount of product if provided the funds.
-Vendor has an arranged middle-man product with another vendor. Typically, vendors are able to move product at a faster rate than normal customers, so vendors will work out a mutual agreement amongst each other to provide a discount for driving referral business.
-Order is deemed by vendor to be excessively risky due to international shipments, customs, ect. In this instance, vendors inform the customer of the risks involved and usually agree to keep and share tracking information with the customer.
Often, vendors will offer extra products or discounts for early finalization.

In the event of a dispute where escrow is NOT involved, Nucleus is not liable or required to provide mediation for the dispute, and the customer should address the issue with the vendor directly. HOWEVER. The customer SHOULD report any failure to deliver product to Nucleus staff, because if a pattern of failure to deliver, bad information, ect. begins to appear, Nucleus staff can take appropriate measures to remove the repeat offender from the market.

It is VERY important that customers fully understand their agreement with the vendor and Nucleus, and take appropriate measures to protect their money and not get ripped off. Due to the anonymous nature of the darknet, there is very little culpability or repercussions for scamming innocent people. Scammers are here to mislead and deceive, and will take your money without thinking twice, and if you have released the funds to the vendor, Nucleus will not be able to help you get them back.


Tor Wacky Times and the NSA

gAtO rEaD – that Tor (The Deep Dark Web) is now all messed up by the NSA, FBI and LEO so all you bad guys using the Tor network better watch out, or should they???fed_links_01

Aug 5 the FBI snakes in Freedom Hosting and put a number of websites out of business in the Dark Web. They let the flames go out that they caught a bunch of Pedophile sites with that bust, but it does not seem so.

The Attack on the Dark Net Took Down a Lot More Than Child Porn – http://gawker.com/the-attack-on-the-dark-net-took-down-a-lot-more-than-ch-1081274609 – gAtO contribute to this article–

fed_usCitizenship_01Aug 19 – Millions of Tor Clients start to go up in numbers. What’s this all about, we get a bunch of Tor clients just hanging around doing nothing in Tor. Some say it’s a Bot-net or something like that. Then it growns 4, 5  million Tor users and the last week or so it starts to go down again. So what is all this about all these Tor Clients and the Tor- Botnet?fed_rent_a_hacker01

Oct 3– Silk Road get’s taken down, Oh the FBI had a copy of the Silk Road servers back in June just before the AUG 5 take down of FH by the FBI. So the Feds had Silk Road all this time and this is all they can do, can’t even get a few Bitcoin wallets- what a cluster fˆ%k—//fed_cc-paypal_01

Now you got NSA saying that Tor is cracked and the bad guys cannot use it. They claim that they can hack Tor anytime and anywhere with documents that a summer student left on how to hack the Tor network back in 2006. By the Way – most of these hacks do not work in Tor, maybe on a regular network but not on the Tor network.fed_hit_man_01

So now gAtO goes in search of Tor sites and a lot of sites went down by hook or crook —BUT someone has started to replace these Tor Hidden Websites in the Tor Network – But something is FuNnY – all these sites us the same web templates –

So now you can take a walk down memory lane and see all the older Tor-Websites have gone away and new ones have magicly re-appear.

fed_apple4bitcoin_01Now if this was the only place were this has happens OK sure, but at other Tor- Wiki Tor Link sites you will see the same thing – Commercial sites are all FuNnY and all the non-commercial Tor-websites are Tango Down.

So now Tor goes round and round but nobody knows what the heck is going on- In the Tor network – The Deep Dark Web run by Criminals or the FBI – you can answer these questions yourself by visiting the site –trust but Verify– ((not me))– gAtO oUt

fed_counterfiet_euro_50 fed_counterfiet_usd_01 fed_links_01 fed_mobile_steal_store_01 fed_uk_guns_01














Tor Usage goes UP PirateBay, Iran-Syria and Google-play Orbot

USCyberLabs Stats of the Tor Network Aug-27

USCyberLabs Stats of the Tor Network


Sudden rise in direct Tor users

On Tuesday 27th, Roger Dingledine drew attention to the huge increase of Tor clients running [14]. It seems that their number has doubled since August 19th according to the count of directly connecting users [15]. According to Roger this is not just a fluke in the metrics data. The extra load on the directory authorities is clearly visible [16], but it does not look that the overall network performance are affected so far [17]. The cause is still unknown, but there are already speculations about the Pirate Browser [18] or the new “anti-piracy” law in Russia which is in force since August, 1st [19]. As Roger pointed out, ?some good solid facts would sure be useful.?

[14] https://lists.torproject.org/pipermail/tor-talk/2013-August/029582.html

[15] https://metrics.torproject.org/users.html?graph=direct-users&start=2013-05-29&end=2013-08-27&country=all&events=off#direct-users

[16] https://metrics.torproject.org/network.html#dirbytes

[17] https://metrics.torproject.org/performance.html

[18] https://lists.torproject.org/pipermail/tor-talk/2013-August/029584.html

[19] https://lists.torproject.org/pipermail/tor-talk/2013-August/029583.html

Ever since the the NSA Prism program came out something else is going on in Tor. People want privacy and they will use anything they can to get it. Tor is one solution that a lot of people know about but there are other factors about the increase.

Piratebay.sx and it’s users are doing a lot more stuff with the new browser – There has not been a sustained increase in search traffic for the Pirate Browser on Google. Tor and “Tor browser” haven’t shown a spike in search, either. Could it be from users in Syria?  Also note that the Google Play Store has been unblocked in Iran, allowing distribution of Orbot/Orweb in that country to phones with the Play Store app installed (partial bootstrapping problem).

Syria had a spike from 1000 to 4000 but that’s a tiny fraction of the recent increase. Iran doubled from 4000 to 8000 which is also only a part of the increase. Is there a page listing each graph by country or overlapping them all?

The Tor Project also pushed out Orbot v12 to Google Play in the last few weeks – 2 separate updates. That would not account for all of the increase, but it could have prodded enough existing users who had not used Orbot in awhile to start the app up again. We have also seen about 75,000 new installs over the last 3 months.

So we have a lot of factors as the Tor network grows larger everyday– gATo oUt



What Are ToR Hidden Service?

gAtO tHiNkInG – anonymity serves different interest for different user groups; To a private citizen it’s privacy, to a business it’s a network security issue. A business needs to keep trade secrets or have IP (knowledge base data-centers), communicate with vendors securely and we all know that business need to keep an eye on there competition – the competition can check your stats

update -11-14-2012 -uscyberlabs.com Tor Hidden Servicehttp://otwxbdvje5ttplpv.onion gAtO built this as a test sandbox / honeypot — cool logs stats -DOWN 4 upgrade – 06-11-2013

(http://www.alexa.com/siteinfo/uscyberlabs.com) and check on how your business is doing, what keywords your using, demographics of users hitting your site—— by the way in the Tor-.onion network a web site/service cannot be monitored unless you want it…

How would a government use a ToR-network I’m asked all the time —

// if I was an (agent/business-person)state actor doing business in China (and other countries too) well I would use a ToR-.onion connection to keep my

business private from a government that is know to snoop a bit on travelers to their country. The fact is governments need anonymity for their security -think about it “What does the CIA Google for?” Maybe they us ToR??? But this is about Hidden services right.


What is a hidden service in ToR-.onion network?

SImply put it’s a web site/service, a place in the ToR network were we have a service like:

  • Search Engine
  • Directories
  • web / pop3 email
  • PM Private Messages
  • Drop Box’s
  • Re-mailers
  • Bulletin Boards BBS
  • Image Boards
  • Currency exchange
  • Blog
  • E-Commercce
  • Social Networks
  • Micro-Blog –

Hidden Services are called hidden, because your website’s IP in ToR is hidden- they cannot see the IP of your server — they can’t track you- if they can’t find you how are they gonna hack you???? Sorry I had to say that -((more about that later)). Now how do I keep this secret (my IP) and let you the user use my services. In the normal web if your in uscyberlabs.com your on my site,— my server -you can do a whois and get my IP and geo-location— then you can attack my website with dDoS and other IP attack vectors, you also get my location so you can physically find me- my server/my website – maybe go dumpster diving in the trash and get my company secrets— mAyBe sI – nO,

Well in the ToR-.onion network you the client ask the business website if they can use the websites service / then decide and start a handshake to a rendezvous POINT to meet  —we meet at an OR ((onion relay))-a rendezvous POINT) not at my server/ my IP — so your never ever on the business site/server when your in onionLand, you can’t do a whois and get my IP because we meet at an OR, you cannot find my geo-location…..

We have heard of the killings of Iranians and Syrian rebels being killed in todays news, when an Iranian rebel is fighting for his and his families life if they(the government) finds his IP or the IP of the website he visited // they will hunt that person down and the Iranian police/government will kill the whole family sometimes. So keeping an IP from someone is not an evil act it is an act of privacy for safety on both sides the client and the business.

you need to look at Figure 2 to explains this better:

Now let’s focus on R2 OR the yellow key. That’s the spot were you(your company’s hidden website) and your client meet — I know it’s a sneaky way of doing business but once again if they can’t get to your IP at least that is one attack vector that can’t be used to hack you or ddos you. OK they can still hack you but it’s software then. How it’s all done – the magic —the technical thingy to this is below —/this is just an outline of events of the client /hidden web/service protocol:

I goes something like this —

  • INTRODUCE2 cell
  • INTRODUCE2 cell
  • RENDEZVOUS1 cell
  • sends a RENDEZVOUS2 cell Chat
  • sends a RENDEZVOUS2 cell Blog

1. Whenever the rendezvous point receives a RELAY_COMMAND_RENDEZVOUS1  with the same cookie as the OR sent in the RELAY_COMMAND_INTRODUCTION1 cell it logs the reception and the IP address of the immediate transmitter of the cell. At the same time, the OR middle node monitors the circuits passing through it. Whenever it receives a DESTROY  cell over a circuit it checks:

1) whether the cell was received just after the rendezvous point received the RELAY_COMMAND_RENDEZVOUS1 cell;

2) if the next node of the circuit at the middle node coincides with the previous node of the circuit at the rendezvous point;

3) whether the number of forwarded cells is exactly 2 cells up the circuit and 52 cells down the circuit.

More Geek network kinda stuff::

1. Jun 03 20:50:02.100 [notice] Tor (r14739) opening new log file.

2. Jun 03 20:50:11.151 [notice] We now have enough directory information to build circuits.

3. Jun 03 20:50:12.697 [info] rend_services_introduce(): Giving up on sabotage as intro point for stuptdu2qait65zm.

4. Jun 03 20:50:18.633 [info] rend_service_intro_established(): Received INTRO_ESTABLISHED cell on circuit 1560 for service stuptdu2qait65zm

5. Jun 03 20:51:18.997 [info] upload_service_descriptor(): Sending publish request for hidden service stuptdu2qait65zm

6. Jun 03 20:51:22.878 [info] connection_dir_client_reached_eof(): Uploaded rendezvous descriptor (status 200 (“Service descriptor stored”))

People ask me how can these hidden services be attacked???

It’s all the same as in the surface web you find the software the hidden service is using /// let’s say Worpress (or flatPress) if they use an old version with vulnerabilities then, that site can be hacked by traditional hacking attack vectors— gAtO can’t wait till USCyberLabs.com will have a sandbox in the .onion were we can have a honeypot for people to hack and learn from.  (we need Funding for these project donate please – we will share) gAtO has not tried Backtrack 5 on ToR-.onion network – mAyBe sI -nO – uscyberlabs.com has been hacked a few times already and is consistently fighting bot’s and spammer, it goes on and on.everywhere-.-.-.-

Here are some technologies used in the ToR-.onion network:

update -11-14-2012 -uscyberlabs.com Tor Hidden Service = http://otwxbdvje5ttplpv.onion gAtO built this as a test sandbox and it turned into a honeypot — cool logs stats

TorStatusNet – http://lotjbov3gzzf23hc.onion/   is a microblogging service. It runs the StatusNet microblogging software, version 0.9.9, available under the GNU Affero General Public License.

FlatPress is a blogging engine like -Wordpress blog http://flatpress.org/home/   – http://utup22qsb6ebeejs.onion/

Snapp BBS works fine in OnionLand – http://4eiruntyxxbgfv7o.onion/

PHP BBS – http://65bgvta7yos3sce5.onion/

Nginx is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.  – http://ay5kwknh6znfmcbb.onion/torbook/

Anyway I hope this open up the mystery of a hidden service in ToR – it’s just a website, you go to a rendezvous point and do your business — your IP and the business IP are totally secure. No digital breadcrumbs. Now a word to the wise in the ToR-.onion network you have some very tech savvy people and some are very stupid be a critical-cyber user always -gAtO oUt.


Protocol-Level Hidden Server Discovery -WRONG

sOrRy – AROGANT gAtO – Open letter to:zhenling – jluo -wkui – xinwenfu – at seu.edu.cn cs.uvic.ca cs.uml.edu  – I wrote to you and gave you a chace to reply so her it goes for everyone to see that you rigged your lab in real life it does not work like you claim — gATO OuT – may be wrong mAyBe Si -nO 


Protocol-Level Hidden Server Discovery

Since entry onion router is the only node that may know the real IP address of the hidden service— -note [3] The assumption was made in virtually all attacks towards the Tor network. This is reasonable because onion networks routers are set up by volunteers.

WRONG folks — So criminals work in these sterile structured surrounding – following rules and making assumptions that I’m stupid enough to not know how to control ENTRY and EXIT nodes into my Tor Website— COme on Dudes this is not school it’s the real world… otwxbdvje5ttplpv.onion here is my site now find my IP —

WHo am I – Richard Amores – @gAtOmAlO2 – I run http://uscyberlabs.com – I just finished a boot -“ The Deep Dark Web” Amazon New eBook -The Deep Dark Web – http://www.amazon.com/dp/B009VN40DU   Print Book – http://www.amazon.com/The-Deep-Dark-Web-hidden/dp/1480177598 :- I do a we bit of real life research and I disagree — I go thru a proxie and a VPN in EU… before I go into Tor so the chances that you will find my IP just went up a notch or too. But I’m a legit – Security Researcher – imagine if I run Silk Road — making a bunch of Bitcoins a DAY— how many layers do they have—

how about a basic BRIDGE RELAY — and there it goes – u can’t touch this — how about a simple modification of the torrc file with these
HiddenServiceAuthorizeClient AND – HidServAuth
with these few modification the Tor site is hidden unless you have the key (HiddenServiceAuthorizeClient) in your browser/- that was generated to match the HidServAuth)-of the server– I think that your chances of finding my mean ass hidden service ip address —are ZERO…

I like what you’ll did cool analyst and you explained it great – but this puts fear into people – dissidents will maybe not use Tor because of what you guy’s say and maybe they may get caught and killed… It’s not only CRIMINALS — I know that gets grants money — but Tor is used to communicate and it allows – Freedom of Speech in Cyberspace- I’m gonna write something about this and I want to be nice so please explain why — you can say from an educational place of knowledge and allow this – “in the box” thinking that is being hacked everyday because they say— we did everything they told us to do— this is wrong and not true —

If you could get the IP of Silk Road — or better yet – PEDO BEAR the largest PEDO directory in TOR — tell me the IP and I will take it down myself— but don’t come at me saying we are right and every hacker is wrong  — learn please our world is depending on your great minds —

RickA- @gAtOmAlO2 http://uscyberlabs.com

Here is the original paper —http://www.cs.uml.edu/~xinwenfu/paper/HiddenServer.pdf
A recent paper entitled Protocol Level Hidden Server Discovery, by Zhen Ling, Kui Wu, Xinwen Fu and Junzhou Luo.  Paper is starting to be discussed in the Tor community.  From my perspective, it is a nice attack to reveal the IP address of a hidden service.  It would require resources to actually implement effectively, but for Law enforcement trying to shutdown and arrest owners of illegal websites selling drugs, weapons, or child pornography and are hiding behind Tor, it is an option.  Of course that also means the capability to find anyone that might be doing something a government or large entity does not agree with. The paper is here.
This stuff reminds me of a statement a professor said to a class I was in once:  “Guns are not good or bad.  It depends on who is holding the gun and which end is pointed at you.”


Cyber-War Digital -vs- Global Currency

gAtO rEaD – in Forbes – “Biitcoin Prevent Monetary Tyranny” -mEoW- Currency tyranny by global bankers and government can be down right ugly. They can shape debt into deliberate inflation, they can enforce persecutory capital control or even pre-arrange default – let’s not forget LIBOR manipulation and austerity against countries after they have ripped out all natural resources, install a puppet king and all that jazz —/ everything controlled by THE BANK CARTEL. On the other side of the coin..//

On Oct. 6 Susanne Posel reported -/ an attempt to hack into the U.S.A executive branch’s computer system through an unclassified network.  That’s the White House kitties with a simple “Spear Phishing” attack. They trolled for names of Top Military and government officials in Google’s Gmail account and got a few hit. Once again “Open Source Intelligence”  

– everything goes somewhere and gAtO (as well as others) goes everywhere.

A few days later the Iranians government blocked Gmail by government officials due to fears that Email can be a point of infection for attacks- I think that’s in the security 101 course

Bruce Schneier one of our cyber gods that knows what he is talking about say’s it best about chicken little screaming “the cyber Sky is falling” – STROKING CYBER FEARS – “Secretary Panetta’s recent comments are just the latest; search the Internet for “cyber 9/11,” “cyber Pearl-Harbor,” “cyber Katrina,” or — my favorite — “cyber Armageddon.” But Bruce says it best in his own words  “There’s an enormous amount of money and power that results from pushing cyberwar and cyberterrorism: power within the military, the Department of Homeland Security, and the Justice Department; and lucrative government contracts supporting those organizations. As long as cyber remains a prefix that scares, it’ll continue to be used as a bugaboo.”  -may I add-/ to make lots of MONEY in private-corporation and government contracts worldwide. Fear + Cyber Security = BIG $$$

Fear is what bankers see as Africa is the first country that is being targeted for the BitCoin virtual currency. Imagine the turmoil in Nigeria and other places in Africa it has had a history of unstable governments the idea of a digital currency is appealing… La-Times read –Africa — the next frontier for virtual currency?

BUT the Bitcoin is NOT ready People[1] Satoshi warned us – it’s BETA software – It has only 21 Million bit coins and the last Bitcoin will be mined in 2040 – Governments and corporations have already started the propaganda that Bitcoin’s are EVIL. — 

The most important thing is, we must all be active in out lives to make the new future- They fear us “the people” will wake up and take control of our lives” – the new generation was born with a cell device in their hand and they are using it earlier and earlier to communicate.

The Cyber war that we see is not as bad as the Cyber War that is being fought with fear and propaganda because the bankers will lose control with – One World Currency – One World Government – that is what the hacktivist want, the new kids, the new generation.

Cyberspace is the city of Babel and in this mystical city everyone was able to communicate to anyone and exchange idea, dreams and culture—/ but this cause the priest to lose control so they destroyed it and made it EVIL. It’s only Evil when you lose your power, It is EVIL when you give them control and power — it’s our turn now -gAtO oUt


[1] Satoshi Nakamoto – Bitcoin Creator –https://en.bitcoin.it/wiki/Satoshi_Nakamoto


http://www.forbes.com/sites/jonmatonis/2012/10/04/bitcoin-prevents-monetary-tyranny/ Bitcoin Prevent Monetary Tyranny


The deep Dark Web -Book Release

gATO hApPy – 

AVAILABLE @ AMAZON – http://www.amazon.com/dp/B009VN40DU

AVAILABLE @SmashWords website  @http://www.smashwords.com/books/view/247146

I learned that I hate WORD: – but it’s the general format for publishing  – text boxes- get imbedded and you can’t format to EPUB or .mobi or anything – solution after going lOcO gAtO – was copy and paste into txt editor – save as RTF then copy paste back into a new WORD document and then reformat everything from scratch – and copy over the pictures – as you can tell I had fun-..-ugh mEoW F-F-F-F as much fun as a hairball but if it get’s the message out “FREEDOM OF SPEECH IN CYBERSPACE” then we done our job, anyway I hope you read it Thank you Pierluigi a best friend a security gAtO ever had – gATO oUt

This Book covers the main aspects of the fabulous and dangerous world of -“The Deep Dark Web” . We are just two cyber specialists Pierluigi Paganini & Richard -gAtO- Amores, with one passion and two souls we wanted to explain the inner working of the deep dark web. We have had a long collaboration in this efforts to document our findings we made infiltrations into the dark places inaccessible to many to give a you the reader a clear vision on the major mystery of the dark hidden web that exist today in the Tor Onion network..

The Web, the Internet, mobile cell devices and social networking has become commonly used words that identify technological components of daily Internet user’s experience in the cyberspace. But how much do we really know about cyberspace? Very, very little, Google / Yahoo / Bing only show us 20% of the Internet the other 80% is hidden to the average user unless you know were to look.

The other 80% of the Internet is what this book is about the “Deep Dark Web”, three words with millions of interpretations, mysterious place on the web, the representation of the hell in the cyberspace but also the last opportunity to preserve freedom of expression from censorship. Authorities and corporation try to discourage the use of this untapped space because they don’t control it. We the people of the free world control this network of Tor -Onion Routers by volunteer around the world.

The Deep Dark Web seems to be full of crooks and cyber criminals, it is the hacker’s paradise, where there are no rule, no law, no identity in what is considered the reign of anonymity, but this is also the reason why many persecuted find refuge and have the opportunity to shout to the world their inconvenient truths.

The Deep Dark Web is a crowded space with no references but in reality it is a mine of information unimaginable, a labyrinth of knowledge in the book we will try to take you by the hand to avoid the traps and pitfalls hopefully illuminating your path in the dark.

Cybercrime, hacktivism, intelligence, cyber warfare are all pieces of this complex puzzle in which we will try to make order, don’t forget that the Deep Dark Web has unbelievable opportunity for business and governments, it represents the largest on-line market where it is possible to sell and acquire everything, and dear reader where there is $money$  you will find also banking, financial speculators and many other sharks.

Do you believe that making  money in Deep Web is just a criminal prerogative? Wrong, the authors show you how things works in the hidden economy and which are the future perspectives of is digital currency, the Bitcoin.

This manuscript proposes both faces of the subject, it illustrates the risks but also legitimate use of anonymizing networks such as TOR adopted by journalist to send file reports before governments agents censored his work .

Here are some question we may answers to:

How many person know about the cyber criminals and their ecosystem in the deep web? 

How many have provided information on the financial systems behind the “dirty affairs”? 

How the law enforcement and governments use Dark Web?

Let’s hold your breath and start the trip in the abyss of knowledge to find answers to the above questions. We hope that with this book you can learn something new about – The Deep Dark Web.


Tor hidden service secrets

Tor hidden service secrets

gAtO fRiDaY 10-18-2012 update hay you want to see a secret -hidden service –

Creative Hack – http://2kcreatydoneqybu.onion 

on top of this the name is custom – so that took extra time and efforts and the site is real when you have thier secret token — https://ahmia.fi/pagescreenshots/2kcreatydoneqybu.png

here you can take a look at this site anyway – try to extract any information from this secret Tor Website – you can’t see any source code – so you can’t make it error to extract information. I ask a friend that’s a Penn Tester to check this out – If anyone can extract any information please let me know –gAtOoUt

gAtO fRiDaY – sound off! – As i play with my new Tor hidden service – “Ok just apache website running https: a static site -right now” – What we know is that a Tor hidden service stays hidden until you send someone your .onion URL (example:- otwxbdvje5ttplpv.onion ) now once you know the URL your have access to the site. You may have to log in like on most bb sites but at least you reached the hidden service and now you can do stuff. 

While looking at the torrc file setting I found a little secret that with (server side) HiddenServiceAuthorizeClient-tag and the HidServAuth-tag on the (client) side -// your hidden service is now INVISIBLE to only the people that have a secret key installed in their “torrc” client file. In plain talk –

1. I put a special key on my hidden server – torrc file – HiddenServiceAuthorizeClient
2. generate a new key for client side – “what_ever_bcuuw46b3heyy”
3. send keys to the secret agents that can see or access the site HidServAuth
4. Only the people with my KEY can get to the front door of my hidden service – torrc file HidServAuth

This makes it hard to find the hidden service even if you have the URL ///./. it does nothing, no source code like a normal website. I ran into a few of these and had no clue why these sites behaved the way they did. I can pick apart most websites, at least, basics like html, asp, js, java directory you can gleam all kinds of information. But if you hit one of these site in Tor well it a big 0 -zero -///.

With my TDS project (Tor Directory Scan) I am generating an onion URL A-Za-z 2-7 URL and going out to scrape it and get some basic information about the site with a basic web crawler that grabs METADATA and not just links to other pages. If I hit these sites with my basic program I’ll get a dud -zero -///- but I will have a hit of sort. I hope to catch some of these sites – we all know the rcp command works well in Tor sometimes I found and httrack is another tool for sucking up site // be they hidden service or not – these secret hidden services will be very interesting in the scan -gATO oUt

— Tor Syntax

HiddenServiceAuthorizeClient auth-type client-name,client-name,…
If configured, the hidden service is accessible for authorized clients only. The auth-type can either be ‘basic’ for a general-purpose authorization protocol or ‘stealth’ for a less scalable protocol that also hides service activity from unauthorized clients. Only clients that are listed here are authorized to access the hidden service. Valid client names are 1 to 19 characters long and only use characters in A-Za-z0-9+-_ (no spaces). If this option is set, the hidden service is not accessible for clients without authorization any more. Generated authorization data can be found in the hostname file. Clients need to put this authorization data in their configuration file using HidServAuth.

HidServAuth onion-address auth-cookie [service-name]
Client authorization for a hidden service. Valid onion addresses contain 16 characters in a-z2-7 plus “.onion”, and valid auth cookies contain 22 characters in A-Za-z0-9+/. The service name is only used for internal purposes, e.g., for Tor controllers. This option may be used multiple times for different hidden services. If a hidden service uses authorization and this option is not set, the hidden service is not accessible. Hidden services can be configured to require authorization using the HiddenServiceAuthorizeClient option


Customized .onion URL Address

gAtO hAs- been looking for this golden grail —how to customize a .onion address  —  but nobody knew how to do it or would never tell. Job security I guess but as I have been in i2p land and not much on Tor but I found this link to Shallot in github.com from and i2p site about Tor and i2p. Well the jig is up. I understand why it may not be a good idea for a custom name – It’s all about math and every custom digit of the 16 digit .onion address takes more time to calculate when your onion ur;l is generated in Tor. I have a new toy for a Saturday night project – Well here it is enjoy it– gAtO out


Shallot allows you to create customized .onion addresses for Tor’s hidden services. (By customized, it is meant that part of the address can be selected. Choosing an entire address would take far longer than the universe is believed to have been in existence.)

A History of Shallot

Shallot has a long history in Onion Land. In its original incarnation, Shallot was originally written by a mysterious Onion Lander called Bebop, who created its predecessor, onionhash-0.0.1, at some unknown time in the distant past. That quickly(?) evolved into onionhash 0.0.2 and 0.0.3, until Bebop and Bebop’s New Home in Onionspace mysteriously vanished. At this point, it was picked up by `Orum, who gave Shallot its current name, and went through three versions until `Orum’s site, hangman – hidden (in plain) site, went down. I (katmagic) got Shallot’s sources from Tas’s site and put them into a Git repository. I made a few modifications, wrote a new README, and put the whole thing up on GitHub for all to see.


USCyberLabs has a hidden service Tor otwxbdvje5ttplpv.onion

gAtO wAnTeD – to get our USCyberLabs Tor .onion network -hidden service- up and running and after thinking of other future projects we decided to make our Ubuntu -BackTrack 5 machine be our Tor Server running apache2 hidden service  . My BT5 machine is running – Gnone v.2.30.2 Ubuntu build 06/25/2010 ?

Apache/2.2.14 (Ubuntu) Server at otwxbdvje5ttplpv.onion Port 80

1. First problem BT5 is designed to run as root and Tor is not so first thing is to generate a new user:

uscyberlabs - el gatoMalo

gAtO new hidden service otwxbdvje5ttplpv.onion

# adduser gato

# password gato-password

For help go to man adduser for more information

I open up terminal for everything so as SU -(SuperUser)

nano /etc/apache2/apache2.conf > file

nano /etc/apache2/ports.conf > file

nano /lib/tor/torrc -> file

nano /etc/host -> file

2. Before we change users and start to work as gato let’s set up the apache2 service

# apt-get install apache2

whizz, bang ,- wow and it’s installed next we need to modify some configuration files.

The Apache install will install /var/www/index.html <— so modify this file for your web site:

The Apache install will install /etc/apache2 and in it you will find a bunch of the configuration files:

apache2.conf and ports.conf these two files will have to be modified and Tor torrc file.

This is a great guide — from ioerror  —but don’t try the wiki – – https://github.com/ioerror/hs-wiki/tree/master/configs another guide not so good but it helped —http://www.martini.nu/blog/2010/06/tor-vbox.html    —


12 NameVirtualHost














# some information may be for future projects -# This is a very minimal Tor configuration file to be placed in# /etc/tor/torrc unless you know better.


# This configuration file should be used with a wiki Hidden Service on




Log notice file /var/log/tor/wiki.log

DataDirectory /var/lib/tor


HiddenServiceDir /var/lib/tor/hidden_service/

HiddenServicePort 80

Add your hidden Service Tor url to your host file – trust me this really helped during trouble shooting

I added my Hidden service onion ID to the

nano /etc/host -> file otwxbdvje5ttplpv.onion 

I generated a few more hidden service keys to deploy some other sites later -Open up 2 more terminal windows – I can start stuff in background mode but during testing everything has it’s own terminal just in case.

To install Tor on unbuntu linux — https://www.torproject.org/docs/tor-doc-unix.html.en  —

To start Tor


To start Apache web server

sudo /etc/init.d/apache2 start

I’m not going to give you my directory structure but just a heads up :

DataDirectory  /var/lib/tor/

HiddenServiceDir /var/www/web_hidden_service

HiddenServicePort 80:

Since I’m testing I log to my terminal but a log error file will work better

Log notice stdout

So ok now comes the test – I have a static html website – a hidden service in the Tor .onion network. I did not go to icann for an domain name and pay them- I don’t have to pay InMotion for hosting service – just my cox-internet connection and a spare machine and I have a website in the dark web – This machine will host other websites – hidden services like wordpress, a bb bulletin board- or maybe some other web service – It will host my BotNet for the Tor Directory Project – Oh yeah I want to build a few bot’s for GOOD and map out the Tor Directory and make each Bot an OR (onion Router) so it helps the cause and gives back a bit. I plan to also run OnionOO – Arm – Atlas – mOnionO Compass and Weather.

SO if your out an about in Tor Land come on by and kick the tires and peek and poke my Tor hidden service website – otwxbdvje5ttplpv.onion  if you find any openings let me know.pls As I add new features I will tell you about them -gAtO oUt