10/28/12

Cyber-War Digital -vs- Global Currency

gAtO rEaD - in Forbes – “Biitcoin Prevent Monetary Tyranny” -mEoW- Currency tyranny by global bankers and government can be down right ugly. They can shape debt into deliberate inflation, they can enforce persecutory capital control or even pre-arrange default – let’s not forget LIBOR manipulation and austerity against countries after they have ripped out all natural resources, install a puppet king and all that jazz —/ everything controlled by THE BANK CARTEL. On the other side of the coin..//

On Oct. 6 Susanne Posel reported -/ an attempt to hack into the U.S.A executive branch’s computer system through an unclassified network.  That’s the White House kitties with a simple “Spear Phishing” attack. They trolled for names of Top Military and government officials in Google’s Gmail account and got a few hit. Once again “Open Source Intelligence”  

- everything goes somewhere and gAtO (as well as others) goes everywhere.

A few days later the Iranians government blocked Gmail by government officials due to fears that Email can be a point of infection for attacks- I think that’s in the security 101 course

Bruce Schneier one of our cyber gods that knows what he is talking about say’s it best about chicken little screaming “the cyber Sky is falling” – STROKING CYBER FEARS – “Secretary Panetta’s recent comments are just the latest; search the Internet for “cyber 9/11,” “cyber Pearl-Harbor,” “cyber Katrina,” or — my favorite — “cyber Armageddon.” But Bruce says it best in his own words  “There’s an enormous amount of money and power that results from pushing cyberwar and cyberterrorism: power within the military, the Department of Homeland Security, and the Justice Department; and lucrative government contracts supporting those organizations. As long as cyber remains a prefix that scares, it’ll continue to be used as a bugaboo.”  -may I add-/ to make lots of MONEY in private-corporation and government contracts worldwide. Fear + Cyber Security = BIG $$$

Fear is what bankers see as Africa is the first country that is being targeted for the BitCoin virtual currency. Imagine the turmoil in Nigeria and other places in Africa it has had a history of unstable governments the idea of a digital currency is appealing… La-Times read -Africa — the next frontier for virtual currency?

BUT the Bitcoin is NOT ready People[1] Satoshi warned us – it’s BETA software – It has only 21 Million bit coins and the last Bitcoin will be mined in 2040 – Governments and corporations have already started the propaganda that Bitcoin’s are EVIL. — 

The most important thing is, we must all be active in out lives to make the new future- They fear us “the people” will wake up and take control of our lives” – the new generation was born with a cell device in their hand and they are using it earlier and earlier to communicate.

The Cyber war that we see is not as bad as the Cyber War that is being fought with fear and propaganda because the bankers will lose control with – One World Currency – One World Government – that is what the hacktivist want, the new kids, the new generation.

Cyberspace is the city of Babel and in this mystical city everyone was able to communicate to anyone and exchange idea, dreams and culture—/ but this cause the priest to lose control so they destroyed it and made it EVIL. It’s only Evil when you lose your power, It is EVIL when you give them control and power — it’s our turn now -gAtO oUt

References:

[1] Satoshi Nakamoto – Bitcoin Creator -https://en.bitcoin.it/wiki/Satoshi_Nakamoto

http://latimesblogs.latimes.com/world_now/2012/04/bitcoin-virtual-money-africa-rudiger-koch.html

http://www.forbes.com/sites/jonmatonis/2012/10/04/bitcoin-prevents-monetary-tyranny/ Bitcoin Prevent Monetary Tyranny

10/25/12

The deep Dark Web -Book Release

gATO hApPy

AVAILABLE @ AMAZON - http://www.amazon.com/dp/B009VN40DU

AVAILABLE @SmashWords website  @http://www.smashwords.com/books/view/247146

I learned that I hate WORD: – but it’s the general format for publishing  - text boxes- get imbedded and you can’t format to EPUB or .mobi or anything – solution after going lOcO gAtO - was copy and paste into txt editor – save as RTF then copy paste back into a new WORD document and then reformat everything from scratch – and copy over the pictures – as you can tell I had fun-..-ugh mEoW F-F-F-F as much fun as a hairball but if it get’s the message out “FREEDOM OF SPEECH IN CYBERSPACE” then we done our job, anyway I hope you read it - Thank you Pierluigi a best friend a security gAtO ever had - gATO oUt

This Book covers the main aspects of the fabulous and dangerous world of -“The Deep Dark Web” . We are just two cyber specialists Pierluigi Paganini & Richard -gAtO- Amores, with one passion and two souls we wanted to explain the inner working of the deep dark web. We have had a long collaboration in this efforts to document our findings we made infiltrations into the dark places inaccessible to many to give a you the reader a clear vision on the major mystery of the dark hidden web that exist today in the Tor Onion network..

The Web, the Internet, mobile cell devices and social networking has become commonly used words that identify technological components of daily Internet user’s experience in the cyberspace. But how much do we really know about cyberspace? Very, very little, Google / Yahoo / Bing only show us 20% of the Internet the other 80% is hidden to the average user unless you know were to look.

The other 80% of the Internet is what this book is about the “Deep Dark Web”, three words with millions of interpretations, mysterious place on the web, the representation of the hell in the cyberspace but also the last opportunity to preserve freedom of expression from censorship. Authorities and corporation try to discourage the use of this untapped space because they don’t control it. We the people of the free world control this network of Tor -Onion Routers by volunteer around the world.

The Deep Dark Web seems to be full of crooks and cyber criminals, it is the hacker’s paradise, where there are no rule, no law, no identity in what is considered the reign of anonymity, but this is also the reason why many persecuted find refuge and have the opportunity to shout to the world their inconvenient truths.

The Deep Dark Web is a crowded space with no references but in reality it is a mine of information unimaginable, a labyrinth of knowledge in the book we will try to take you by the hand to avoid the traps and pitfalls hopefully illuminating your path in the dark.

Cybercrime, hacktivism, intelligence, cyber warfare are all pieces of this complex puzzle in which we will try to make order, don’t forget that the Deep Dark Web has unbelievable opportunity for business and governments, it represents the largest on-line market where it is possible to sell and acquire everything, and dear reader where there is $money$  you will find also banking, financial speculators and many other sharks.

Do you believe that making  money in Deep Web is just a criminal prerogative? Wrong, the authors show you how things works in the hidden economy and which are the future perspectives of is digital currency, the Bitcoin.

This manuscript proposes both faces of the subject, it illustrates the risks but also legitimate use of anonymizing networks such as TOR adopted by journalist to send file reports before governments agents censored his work .

Here are some question we may answers to:

How many person know about the cyber criminals and their ecosystem in the deep web? 

How many have provided information on the financial systems behind the “dirty affairs”? 

How the law enforcement and governments use Dark Web?

Let’s hold your breath and start the trip in the abyss of knowledge to find answers to the above questions. We hope that with this book you can learn something new about – The Deep Dark Web.

10/18/12

Tor hidden service secrets

Tor hidden service secrets

gAtO fRiDaY 10-18-2012 update hay you want to see a secret -hidden service -

Creative Hack – http://2kcreatydoneqybu.onion 

on top of this the name is custom – so that took extra time and efforts and the site is real when you have thier secret token — https://ahmia.fi/pagescreenshots/2kcreatydoneqybu.png

here you can take a look at this site anyway – try to extract any information from this secret Tor Website – you can’t see any source code – so you can’t make it error to extract information. I ask a friend that’s a Penn Tester to check this out – If anyone can extract any information please let me know –gAtOoUt

gAtO fRiDaY - sound off! - As i play with my new Tor hidden service – “Ok just apache website running https: a static site -right now” – What we know is that a Tor hidden service stays hidden until you send someone your .onion URL (example:- otwxbdvje5ttplpv.onion ) now once you know the URL your have access to the site. You may have to log in like on most bb sites but at least you reached the hidden service and now you can do stuff. 

While looking at the torrc file setting I found a little secret that with (server side) HiddenServiceAuthorizeClient-tag and the HidServAuth-tag on the (client) side -// your hidden service is now INVISIBLE to only the people that have a secret key installed in their “torrc” client file. In plain talk -

1. I put a special key on my hidden server – torrc file – HiddenServiceAuthorizeClient
2. generate a new key for client side – “what_ever_bcuuw46b3heyy”
3. send keys to the secret agents that can see or access the site HidServAuth
4. Only the people with my KEY can get to the front door of my hidden service – torrc file HidServAuth

This makes it hard to find the hidden service even if you have the URL ///./. it does nothing, no source code like a normal website. I ran into a few of these and had no clue why these sites behaved the way they did. I can pick apart most websites, at least, basics like html, asp, js, java directory you can gleam all kinds of information. But if you hit one of these site in Tor well it a big 0 -zero -///.

With my TDS project (Tor Directory Scan) I am generating an onion URL A-Za-z 2-7 URL and going out to scrape it and get some basic information about the site with a basic web crawler that grabs METADATA and not just links to other pages. If I hit these sites with my basic program I’ll get a dud -zero -///- but I will have a hit of sort. I hope to catch some of these sites – we all know the rcp command works well in Tor sometimes I found and httrack is another tool for sucking up site // be they hidden service or not – these secret hidden services will be very interesting in the scan -gATO oUt

— Tor Syntax

HiddenServiceAuthorizeClient auth-type client-name,client-name,…
If configured, the hidden service is accessible for authorized clients only. The auth-type can either be ‘basic’ for a general-purpose authorization protocol or ‘stealth’ for a less scalable protocol that also hides service activity from unauthorized clients. Only clients that are listed here are authorized to access the hidden service. Valid client names are 1 to 19 characters long and only use characters in A-Za-z0-9+-_ (no spaces). If this option is set, the hidden service is not accessible for clients without authorization any more. Generated authorization data can be found in the hostname file. Clients need to put this authorization data in their configuration file using HidServAuth.


HidServAuth onion-address auth-cookie [service-name]
Client authorization for a hidden service. Valid onion addresses contain 16 characters in a-z2-7 plus “.onion”, and valid auth cookies contain 22 characters in A-Za-z0-9+/. The service name is only used for internal purposes, e.g., for Tor controllers. This option may be used multiple times for different hidden services. If a hidden service uses authorization and this option is not set, the hidden service is not accessible. Hidden services can be configured to require authorization using the HiddenServiceAuthorizeClient option

10/13/12

Customized .onion URL Address

gAtO hAs- been looking for this golden grail —how to customize a .onion address  —  but nobody knew how to do it or would never tell. Job security I guess but as I have been in i2p land and not much on Tor but I found this link to Shallot in github.com from and i2p site about Tor and i2p. Well the jig is up. I understand why it may not be a good idea for a custom name – It’s all about math and every custom digit of the 16 digit .onion address takes more time to calculate when your onion ur;l is generated in Tor. I have a new toy for a Saturday night project – Well here it is enjoy it- gAtO out

https://github.com/katmagic/Shallot

Shallot allows you to create customized .onion addresses for Tor’s hidden services. (By customized, it is meant that part of the address can be selected. Choosing an entire address would take far longer than the universe is believed to have been in existence.)

A History of Shallot

Shallot has a long history in Onion Land. In its original incarnation, Shallot was originally written by a mysterious Onion Lander called Bebop, who created its predecessor, onionhash-0.0.1, at some unknown time in the distant past. That quickly(?) evolved into onionhash 0.0.2 and 0.0.3, until Bebop and Bebop’s New Home in Onionspace mysteriously vanished. At this point, it was picked up by `Orum, who gave Shallot its current name, and went through three versions until `Orum’s site, hangman – hidden (in plain) site, went down. I (katmagic) got Shallot’s sources from Tas’s site and put them into a Git repository. I made a few modifications, wrote a new README, and put the whole thing up on GitHub for all to see.

10/9/12

Tor Hidden Service Setup Headaches

%67%61%74%6f%6d%61%6c%6f

gATO mEsSeD – up with my BT (backTrack5) server I am using for my Tor hidden server — otwxbdvje5ttplpv.onion — To set up a hidden service is simple but you have to have a plan and gAtO did not have one—/ as usual I just go into it AND I wiped out mysql – I mean I wiped out my whole installation – Re-Set – I had to install Windows 7, then download BackTrack5 and re-install that- but once I went back and re-installed everything – my hidden service was getting and ERROR —  NO ACCESS permissions error — This led me down a rabbit hole of things I never wanted to learn about apache2 server and linux commands but it was good at the end of 9 hours to beat the thing. OK end of Story…

LAB stuff.— My test BOX is Windows 7 and BT5 unbuntu-10.04.2 LTS

Files to Modify —

/Data/Tor/torrc

/var/apache2/apache2.conf

/var/apache2/envvars

APACHE_RUN_USER=gato

APACHE_RUN_GROUP=gat0

/var/apache2/ports.conf

/var/apache2/sites-available/default

/etc/hosts

These should be all the files to setup a hidden service in Tor. _BUT_ Tor cannot run as ROOT user so you need to create a normal user – I called it gato—

–/ gato User gets all permission for all Tor files and directories

—/ apache runs as ROOT so i run it as sudo

Apache installs it’s website  in /var/www directory – as gato-user I need access to this and creating ALL TOR directories and files so Tor has the right permissions.

But any files on apache will have to have ROOT permissions:

I had everything set up right – but I was getting permission rights error on the Tor hidden service — after I checked everything I found the error the apache user had an environmental variable set to run as someone else not the / gato-user- and I found it in the apache enviers file..

/var/apache2/envvars

APACHE_RUN_USER=gato

APACHE_RUN_GROUP=gate

This APACHE_RUN_USER was set to wstools because that’s what the BT5 installation installed but never told anyone- so I chased this permission stuff down for 4-8 hours – re-booting and Tor start-up and test every setting – THEY SHOULD TELL SOMEONE BT5

Yeah this build has owner stuff mixed up a bit – I am still working on mysql stuff but it should be up next to install mediawiki – it should be a great learning curve AGAIN – but I am having fun and learning all my unix stuff back – good because  I been working on php for the Tor directory crawler that I will be launching from this server in a few weeks…

below are my lab notes — I hope it helps someone some time —gAtO oUt

check out the site otwxbdvje5ttplpv.onion — it has BeEF and mstool for XXS and SQLi testing online and a cool C&C controller for bots. – I still don’t know why BT5 put this in the distro but I want to play with it…. https://github.com/beefproject/beef/wiki/BeEF-and-Backtrack-5

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-lab notes=-=-=-=-=-=-=-=-=-=-

Start Tor – /home/gato/Desktop/tor

./start-tor-browser 

Start apache2 –> sudo /etc/init.d/apache2 restart

For security, I recommanded to lauch the command as a service

Start Mysql –> service mysqld start

the tool to manager mysql is mysqladmin

check is mysql started

–> ps -ef | grep mysql

Start Apache

–> sudo /etc/init.d/apache2 stop

/Desktop/tor/Data/Tor$ nano torrc

root@bt:/var/www# nano index.html

root@bt:/var/www# cd /etc/apache2

root@bt:/etc/apache2# ls

apache2.conf  envvars     magic           mods-enabled  sites-available

conf.d        httpd.conf  mods-available  ports.conf    sites-enabled

root@bt:/etc/apache2# ls

#!/bin/bash

# Changes to this file will be preserved when updating the Debian package.

source /usr/share/mysql/debian-start.inc.sh

MYSQL=”/usr/bin/mysql –defaults-file=/etc/mysql/debian.cnf”

MYADMIN=”/usr/bin/mysqladmin –defaults-file=/etc/mysql/debian.cnf”

MYUPGRADE=”/usr/bin/mysql_upgrade –defaults-extra-file=/etc/mysql/debian.cnf”

MYCHECK=”/usr/bin/mysqlcheck –defaults-file=/etc/mysql/debian.cnf”

MYCHECK_SUBJECT=”WARNING: mysqlcheck has found corrupt tables”

MYCHECK_PARAMS=”–all-databases –fast –silent”

MYCHECK_RCPT=”root”

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

398  sudo /etc/init.d/apache2 status

399  sudo /etc/init.d/apache2 reload

400  sudo /etc/init.d/apache2 restart

401  sudo /etc/init.d/apache2 reload

402  sudo /etc/init.d/apache2 restart

391  sudo ps aux | grep tor

392  sudo ps aux | grep apache

393  sudo ps aux | grep apache2

394  sudo ps aux | grep mysql

395  sudo ps aux | grep apache

396  sudo ps aux | grep “tor”

397  sudo ps aux | grep “/tor”

398  sudo ps aux | grep /tor/

 

/etc/apache2/apache2.conf

port.conf

/var/www/otwxbdvje5ttplpv.onion#

uscyberlabs

< otwxbdvje5ttplpv.onion

other secret site -not working

3rtiazp6p4t2vxfn.onion

10/1/12

USCyberLabs has a hidden service Tor otwxbdvje5ttplpv.onion

gAtO wAnTeD – to get our USCyberLabs Tor .onion network -hidden service- up and running and after thinking of other future projects we decided to make our Ubuntu -BackTrack 5 machine be our Tor Server running apache2 hidden service  . My BT5 machine is running – Gnone v.2.30.2 Ubuntu build 06/25/2010 ?

Apache/2.2.14 (Ubuntu) Server at otwxbdvje5ttplpv.onion Port 80

1. First problem BT5 is designed to run as root and Tor is not so first thing is to generate a new user:

uscyberlabs - el gatoMalo

gAtO new hidden service otwxbdvje5ttplpv.onion

# adduser gato

# password gato-password

For help go to man adduser for more information

I open up terminal for everything so as SU -(SuperUser)

nano /etc/apache2/apache2.conf > file

nano /etc/apache2/ports.conf > file

nano /lib/tor/torrc -> file

nano /etc/host -> file

2. Before we change users and start to work as gato let’s set up the apache2 service

# apt-get install apache2

whizz, bang ,- wow and it’s installed next we need to modify some configuration files.

The Apache install will install /var/www/index.html <— so modify this file for your web site:

The Apache install will install /etc/apache2 and in it you will find a bunch of the configuration files:

apache2.conf and ports.conf these two files will have to be modified and Tor torrc file.

This is a great guide — from ioerror  —but don’t try the wiki – - https://github.com/ioerror/hs-wiki/tree/master/configs another guide not so good but it helped —http://www.martini.nu/blog/2010/06/tor-vbox.html    —

ports-apache2.conf 

12 NameVirtualHost 127.0.0.1:8080Listen 127.0.0.1:8080

torrc

123

4

5

6

7

8

9

10

11

12

13

14

# some information may be for future projects -# This is a very minimal Tor configuration file to be placed in# /etc/tor/torrc unless you know better.

#

# This configuration file should be used with a wiki Hidden Service on

# 127.0.0.1:8080

#

 

Log notice file /var/log/tor/wiki.log

DataDirectory /var/lib/tor

 

HiddenServiceDir /var/lib/tor/hidden_service/

HiddenServicePort 80 127.0.0.1:8080

Add your hidden Service Tor url to your host file – trust me this really helped during trouble shooting

I added my Hidden service onion ID to the

nano /etc/host -> file

127.0.0.1 otwxbdvje5ttplpv.onion 

I generated a few more hidden service keys to deploy some other sites later -Open up 2 more terminal windows – I can start stuff in background mode but during testing everything has it’s own terminal just in case.

To install Tor on unbuntu linux — https://www.torproject.org/docs/tor-doc-unix.html.en  —

To start Tor

./start-tor-browser

To start Apache web server

sudo /etc/init.d/apache2 start

I’m not going to give you my directory structure but just a heads up :

DataDirectory  /var/lib/tor/

HiddenServiceDir /var/www/web_hidden_service

HiddenServicePort 80:127.0.0.1:8080

Since I’m testing I log to my terminal but a log error file will work better

Log notice stdout

So ok now comes the test – I have a static html website – a hidden service in the Tor .onion network. I did not go to icann for an domain name and pay them- I don’t have to pay InMotion for hosting service – just my cox-internet connection and a spare machine and I have a website in the dark web – This machine will host other websites – hidden services like wordpress, a bb bulletin board- or maybe some other web service – It will host my BotNet for the Tor Directory Project – Oh yeah I want to build a few bot’s for GOOD and map out the Tor Directory and make each Bot an OR (onion Router) so it helps the cause and gives back a bit. I plan to also run OnionOO – Arm – Atlas – mOnionO Compass and Weather.

SO if your out an about in Tor Land come on by and kick the tires and peek and poke my Tor hidden service website – otwxbdvje5ttplpv.onion  if you find any openings let me know.pls As I add new features I will tell you about them -gAtO oUt 

09/24/12

Dark Heart botnet ToR-C2 BULLET proof server collector

gAtO fOuNd - this –// it’s crook selling to crooks take it at face value -/ but it does have some interesting ideas on what is out there in criminals hands and what is going on in the dark web. Now these are 10,000 yes 10k botnets can work in the clearWeb as well as Tor and i2p anonymized networks should cause some concern because normally we don’t monitor them.  Tor Domain-flux for both clearWeb and Tor – ( Tor Domain-flux- this is so easy to do but it’s a big feature) – VPN then Tor that will make this harder to find the botMaster. But the coolest feature is the i2p connection. Sorry boy’s and Ladies but Tor is getting old, i2p is beginning to glow and it’s a little different but very safe. It goes after (scanning)  WiFi and GPS tracking – So people sync your phone data to your computers data please…C&C and // one- BULLET proof server collector -

It not very hard to do this but – C&C and // one- BULLET proof server collector – is the sales pitch anyway I have obfuscated some links and names -find it your self – I know gAtO can build this so anyone can with some light reading – that comes out to .80 cents per bot for 10,000 bots -0ne c&c panel for $8,000 bucks – pretty cheap – oh yeah the readme comes in english too.

This modified Dark Heart bots and c&c in Tor ?12p ? 256-EAS encryption- We already have reports of it by different names but this was posted around Aug 7 2012.   Here is the –/ poor mans –Tor Domain-flux is so easy when you generate a hidden service it produces a key for your address in Tor onion land / just move the key to another directory and generate your new net key and so on and so on… Some of this is really well though out —/ but I don’t trust anyone and it’s so easy to build from scratch- gAtO oUt

—— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ———

Dark Heart botnet— NOT – for sale $8000

Run on windows clients – I need 3 C&C server IP addresses to hardcode and obfuscate

bot coded in assembly no dependencies

Each build has maximum of 10k bots to ovoid widespread av detection.

Basic bot uses socks5.

built in ssh client

(fast-flux)

Bot is built with 30k pre generated 256 bit AES keys.

1 256 bit AES key for logs

1 256 bit AES key ssh

1 256 bit AES key socks 5

hwid it selects a pre-generated key 256 bit AES key.

Bot writes encrypted data into common file using stenography process injection

Download/Upload Socks5

Bot sends data to a collector bot via socks5 through ipv6 which makes NAT traversal a trivial matter.

Using ipv6 in ipv4 tunnel.

Collector bot assembly /tor and i2p Plug-ins C++ /Assuming 10k bots

Bots will be assigned into small groups of 25. And are assigned 400 collectors bots which is evenly 200 tor and 200 i2p.

Collector packages the encrypted logs and imports them into a .zip or rar archive and uses sftp to upload through tor to a bullet proof server Note the Ukraine is best know.

(Domain-flux .onion panel can be easily moved)

Using a Ubuntu Server on bullet proof server.  / Using tor and Privoxy. Panel can be routed through multiple cracked computers using proxychains and ssh.  / Server uses a simple .onion panel with php5 and apache2 and mysql. You might ask what happens if bullet proof server is down. The collector bots can be loaded with 5 .onion panels. If panel fails for 24 hours its removed from all Collectors and bot will go to the next one and so forth. A python Daemon runs and unzip the data and Imports it into a mysql database were it remains encrypted.

The bot master uses my Dark Umbrella.net panel to connect to the remote Bullet Proof server through a vpn and then through tor using ssh to run remote commands on server and sftp to upload and download. Running tor through a log less vpn through with a trusted exit node on the tor network. .net panel connects to mysql database database is decrypted on .NET panel (Note must real Bullet Proof hosting is not trust worthy this solves that issue) and imported into a local .mdb database. Then later the bot Master should encrypt database folder on true crypt. Commands are sent to bots individually rather then corporately like most bot nets. This allows for greater anonymity It will be possible to send commands corporately but strongly discouraged. Collector bots download and upload large files through i2p.

1.Connects remotely to rpc daemon through backconect and simplifying metasploit (Working)

2.Social network cracker. (Beta)

3.Statics. (Working)

4.Anonymity status. (Working)

5.Decrypt-er. Decryption codes in highly obfuscated.net limiting each build to 10k bots. (Working)

6.Daemon status (Working)

7.logs (Working)

8.Metasploit connects via rpc. (working)

9. GPS tracked Assets by Google maps and using net-book with a high powered external usb wifi attenas.

Starts an automatic attack if wep if wpa2 grabes handshake. If open starts basic arp spoofing attack. Common browser exploits. (alpha)

10.Teensy spread. (in development)

11.vnc back connect. (working)

12. Advanced Persistent threat. Fake Firefox, Fake Internet Explorer, Fake Chrome. Fake Windows Security Essentials. (in development allows for excellent custom Bot-master defined keyloging)

13. Dark search bot index file is downloaded allowing easy searching of hard drives. (Working)

14. voip logic bomb. bot computer is sent via a voip call file once played through voip the microphone hears mp3 file and the dormant payload is activated in bot that is the logic bomb. (Extra- Alpha)

Each Panel is hwid

1 unique build per Copy embedded into panel.

Everything is provided in English only manuals for setup: you need 3 servers for C&C and // one- BULLET proof server collector for -/ everything is working and can be setup within hours: Only serious players -  for sale $8000 -bitcoin – (obfuscated )1A9nBLgdhf4NJadXiBppqqU96AhbMBQrgV -

—— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ———

 

09/17/12

Tor setup- torrc file configuration

gAtO bEen- working on Tor stuff and wanted to find the right torrc commands and configuration for Tor. So I started to look around and found these files. I guess if we look at these we could come up with maybe all the configurations keywords for Tor. gAtO is working on Tor and maybe some bot’s woking in Tor-land. The word is out and many are working on Tor botnets the good thing is most all are beginners, but the interest of people not wanting to rent a bot but build a bot is getting stronger. People wanting to learn code. Script kiddies with code this is not going to be pretty folks – hope you enjoy the torrc stuff- gAtO oUt

File 1

## Configuration file for a typical Tor user

## Last updated 17 September 2012 @gAtOmAlO2 .

## (May or may not work for much older or much newer versions of Tor.)

##

## Lines that begin with “## ” try to explain what’s going on. Lines

## that begin with just “#” are disabled commands: you can enable them

## by removing the “#” symbol.

##

## See the man page, or https://svn.torproject.org/svn/tor/tags/tor-0_0_9_5/src/config/torrc.sample.in ,

## for more options you can use in this file.

##

## Tor will look for this file in various places based on your platform:

## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#torrc

## Replace this with “SocksPort 0″ if you plan to run Tor only as a

## server, and not make any local application connections yourself.

SocksPort 9050 # what port to open for local application connections

SocksListenAddress 127.0.0.1 # accept connections only from localhost

#SocksListenAddress 192.168.0.1:9100 # listen on this IP:port also

 

## Entry policies to allow/deny SOCKS requests based on IP address.

## First entry that matches wins. If no SocksPolicy is set, we accept

## all (and only) requests from SocksListenAddress.

#SocksPolicy accept 192.168.0.0/16

#SocksPolicy reject *

 

## Logs go to stdout at level “notice” unless redirected by something

## else, like one of the below lines. You can have as many Log lines as

## you want.

##

## We advise using “notice” in most cases, since anything more verbose

## may provide sensitive information to an attacker who obtains the logs.

##

## Send all messages of level ‘notice’ or higher to /var/log/tor/notices.log

#Log notice file /var/log/tor/notices.log

## Send every possible message to /var/log/tor/debug.log

#Log debug file /var/log/tor/debug.log

## Use the system log instead of Tor’s logfiles

#Log notice syslog

## To send all messages to stderr:

#Log debug stderr

 

## Uncomment this to start the process in the background… or use

## –runasdaemon 1 on the command line. This is ignored on Windows;

## see the FAQ entry if you want Tor to run as an NT service.

#RunAsDaemon 1

 

## Tor only trusts directories signed with one of these keys, and

## uses the given addresses to connect to the trusted directory

## servers. If no DirServer lines are specified, Tor uses the built-in

## defaults (moria1, moria2, tor26), so you can leave this alone unless

## you need to change it.

#DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441

#DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF

#DirServer 62.116.124.106:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D

 

## The directory for keeping all the keys/etc. By default, we store

## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.

#DataDirectory @LOCALSTATEDIR@/lib/tor

 

## The directory for keeping all the keys/etc. By default, we store

## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.

#DataDirectory /var/lib/tor

 

## The port on which Tor will listen for local connections from Tor

## controller applications, as documented in control-spec.txt.

#ControlPort 9051

 

############### bypass open DNS ###############

##

## ACRYLIC DNS PROXY ==
## http://sourceforge.net/projects/acrylic/
##
## Step 1 INSTALL TOR
## Step 2 INSTALL ACRYLIC DNS PROXY

##

Acrylic is a local DNS proxy which improves the performance of your computer by caching the responses coming from your DNS servers. When you browse a Web page a portion of the loading time is dedicated to name resolution (usually from a few milliseconds to 1 second or even more) while the rest is dedicated to the transfer of the page contents to your browser. What Acrylic does is to reduce the time dedicated to name resolution for frequently visited addresses as close to zero as possible. With Acrylic you can also gracefully overcome short downtimes of your DNS servers without disrupting your work, because in this case you will at least be able to connect to your favourite sites and to your email server. In addition Acrylic can help you to effectively block unwanted ads prior to their download through the use of a custom HOSTS files, optimizing your navigation experience even further.

## Copy the following and paste it in TOR BROWSER\Data\TOR\torrc

## DNSPort 9053
## AutomapHostsOnResolve 1
## AutomapHostsSuffixes .exit,.onion

##

##

##

############### bypass open DNS ###############

############### This section is just for location-hidden services ###

## Look in …/hidden_service/hostname for the address to tell people.

## HiddenServicePort x y:z says to redirect a port x request from the

## client to y:z.

 

#HiddenServiceDir @LOCALSTATEDIR@/lib/tor/hidden_service/

#HiddenServicePort 80 127.0.0.1:80

 

#HiddenServiceDir @LOCALSTATEDIR@/lib/tor/other_hidden_service/

#HiddenServicePort 80 127.0.0.1:80

#HiddenServicePort 22 127.0.0.1:22

#HiddenServiceNodes moria1,moria2

#HiddenServiceExcludeNodes bad,otherbad

## Once you have configured a hidden service, you can look at the

## contents of the file “…/hidden_service/hostname” for the address

## to tell people.

##

## HiddenServicePort x y:z says to redirect requests on port x to the

## address y:z.

 

#HiddenServiceDir /var/lib/tor/hidden_service/

#HiddenServicePort 80 127.0.0.1:80

 

#HiddenServiceDir /var/lib/tor/other_hidden_service/

#HiddenServicePort 80 127.0.0.1:80

#HiddenServicePort 22 127.0.0.1:22

 

################ This section is just for relays ###################

## See https://www.torproject.org/docs/tor-doc-relay for details.

 

## A unique handle for your server.

 

#Nickname ididnteditheconfig

 

## The IP or FQDN for your server. Leave commented out and Tor will guess.

 

#Address noname.example.com

 

## Define these to limit the bandwidth usage of relayed (server)

## traffic. Your own traffic is still unthrottled.

## Note that RelayBandwidthRate must be at least 20 KB.

 

#RelayBandwidthRate 100 KBytes  # Throttle traffic to 100KB/s (800Kbps)

#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB/s (1600Kbps)

 

## Contact info to be published in the directory, so we can contact you

## if your server is misconfigured or something else goes wrong.

#ContactInfo Random Person <nobody AT example dot com>

## You might also include your PGP or GPG fingerprint if you have one:

 

#ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com>

 

## Required: what port to advertise for Tor connections.

#ORPort 9001

## If you need to listen on a port other than the one advertised

## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the

## line below too. You’ll need to do ipchains or other port forwarding

## yourself to make this work.

 

#ORListenAddress 0.0.0.0:9090

 

## Uncomment this to mirror directory information for others. Please do

## if you have enough bandwidth.

#DirPort 9030 # what port to advertise for directory connections

## If you need to listen on a port other than the one advertised

## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line

## below too. You’ll need to do ipchains or other port forwarding yourself

## to make this work.

 

#DirListenAddress 0.0.0.0:9091

 

## Uncomment this if you run more than one Tor server, and add the

## nickname of each Tor server you control, even if they’re on different

## networks. You declare it here so Tor clients can avoid using more than

## one of your servers in a single circuit. See

## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#MultipleServers

 

#MyFamily nickname1,nickname2,…

 

## A comma-separated list of exit policies. They’re considered first

## to last, and the first match wins. If you want to _replace_

## the default exit policy, end this with either a reject *:* or an

## accept *:*. Otherwise, you’re _augmenting_ (prepending to) the

## default exit policy. Leave commented to just use the default, which is

## available in the man page or at https://www.torproject.org/documentation.html

##

## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses

## for issues you might encounter if you use the default exit policy.

##

## If certain IPs and ports are blocked externally, e.g. by your firewall,

## you should update your exit policy to reflect this — otherwise Tor

## users will be told that those destinations are down.

##

#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more

#ExitPolicy accept *:119 # accept nntp as well as default exit policy

#ExitPolicy reject *:* # no exits allowed

#

################ This section is just for bridge relays ##############

#

## Bridge relays (or “bridges” ) are Tor relays that aren’t listed in the

## main directory. Since there is no complete public list of them, even if an

## ISP is filtering connections to all the known Tor relays, they probably

## won’t be able to block all the bridges. Unlike running an exit relay,

## running a bridge relay just passes data to and from the Tor network –

## so it shouldn’t expose the operator to abuse complaints.

 

#ORPort 443

#BridgeRelay 1

#RelayBandwidthRate 50KBytes

#ExitPolicy reject *:*

 

File 2

################ This section is just for servers #####################

 

## NOTE: If you enable these, you should consider mailing your identity

## key fingerprint to the tor-ops, so we can add you to the list of

## servers that clients will trust. See the README for details.

 

## Required: A unique handle for this server

#Nickname ididnteditheconfig

 

## The IP or fqdn for this server. Leave blank and Tor will guess.

#Address noname.example.com

 

#ContactInfo 1234D/FFFFFFFF Random Person <nobody@example.com>

 

## Required: what port to advertise for tor connections

#ORPort 9001

## If you want to listen on a port other than the one advertised

## in ORPort, uncomment the line below. You’ll need to do ipchains

## or other port forwarding yourself to make this work.

#ORBindAddress 0.0.0.0:9090

 

## Uncomment this to mirror the directory for others (please do)

#DirPort 9030 # what port to advertise for directory connections

## If you want to listen on a port other than the one advertised

## in DirPort, uncomment the line below. You’ll need to do ipchains

## or other port forwarding yourself to make this work.

#DirBindAddress 0.0.0.0:9091

 

## A comma-separated list of exit policies. They’re considered first

## to last, and the first match wins. If you want to *replace*

## the default exit policy, end this with either a reject *:* or an

## accept *:*. Otherwise, you’re *augmenting* (prepending to) the

## default exit policy. Leave commented to just use the default.

#ExitPolicy accept *:6660-6667

#ExitPolicy reject 192.168.0.1:*

#ExitPolicy reject *:*

 

#BridgeRelay 1

#ExitPolicy reject *:*

 

File 3

Index: torrc.sample.in

===================================================================

RCS file: /home/or/cvsroot/src/config/torrc.sample.in,v

retrieving revision 1.31

retrieving revision 1.32

diff -u -d -r1.31 -r1.32

— torrc.sample.in 10 Nov 2004 00:14:02 -0000 1.31

+++ torrc.sample.in 12 Nov 2004 04:00:07 -0000 1.32

@@ -1,73 +1,76 @@

-# Configuration file for a typical tor user

+## Configuration file for a typical tor user

 

-# Replace this with “SocksPort 0″ if you don’t want clients to connect.

+## Replace this with “SocksPort 0″ if you don’t want clients to connect.

SocksPort 9050 # what port to advertise for application connections

SocksBindAddress 127.0.0.1 # accept connections only from localhost

#SocksBindAddress 192.168.0.1:9100 # listen on a chosen IP/port

 

-# Entry policies to allow/deny SOCKS requests based on IP address.

-# First entry that matches wins. If no SocksPolicy is set, we accept

-# all (and only) requests from SocksBindAddress.

-#

+## Entry policies to allow/deny SOCKS requests based on IP address.

+## First entry that matches wins. If no SocksPolicy is set, we accept

+## all (and only) requests from SocksBindAddress.

#SocksPolicy accept 192.168.0.1/16

#SocksPolicy reject *

 

-# Allow no-name routers (ones that the dirserver operators don’t

-# know anything about) in only these positions in your circuits.

-# Other choices (not advised) are entry,exit,introduction.

+## Allow no-name routers (ones that the dirserver operators don’t

+## know anything about) in only these positions in your circuits.

+## Other choices (not advised) are entry,exit,introduction.

AllowUnverifiedNodes middle,rendezvous

 

-# Logs go to stdout unless redirected by something else, like one of

-# the below lines, or –logfile on the command line.

-### Send all messages of level ‘warn’ or higher to @LOCALSTATEDIR@/log/tor/warnings

-#Log warn file @LOCALSTATEDIR@/log/tor/warnings

-### Send all debug and info messages to @LOCALSTATEDIR@/log/tor/debug

-#Log debug-info file @LOCALSTATEDIR@/log/tor/debug

-### Send all debug messages ONLY to @LOCALSTATEDIR@/log/tor/debug

-#Log debug-debug file @LOCALSTATEDIR@/log/tor/debug

-### To use the system log instead of Tor’s logfiles, uncomment these lines:

+## Logs go to stdout unless redirected by something else, like one of

+## the below lines.

+## Send all messages of level ‘warn’ or higher to @LOCALSTATEDIR@/log/tor/warnings

+#Log warn file @LOCALSTATEDIR@/log/tor/warnings.log

+## Send all debug and info messages to @LOCALSTATEDIR@/log/tor/debug

+#Log debug-info file @LOCALSTATEDIR@/log/tor/debug.log

+## Send all debug messages ONLY to @LOCALSTATEDIR@/log/tor/debug

+#Log debug-debug file @LOCALSTATEDIR@/log/tor/debug.log

+## To use the system log instead of Tor’s logfiles, uncomment these lines:

#Log notice syslog

-### To send all messages to stderr:

+## To send all messages to stderr:

#Log debug-err stderr

 

-# Uncomment this to start the process in the background… or use

-# –runasdaemon 1 on the command line.

+## Uncomment this to start the process in the background… or use

+## –runasdaemon 1 on the command line.

#RunAsDaemon 1

 

-# Tor only trusts directories signed with one of these keys, and

-# uses the given addresses to connect to the trusted directory

-# servers. If no DirServer lines are specified, Tor uses the built-in

-# defaults (moria1, moria2, tor26), so you can leave this alone unless

-# you need to change it.

+## Tor only trusts directories signed with one of these keys, and

+## uses the given addresses to connect to the trusted directory

+## servers. If no DirServer lines are specified, Tor uses the built-in

+## defaults (moria1, moria2, tor26), so you can leave this alone unless

+## you need to change it.

#DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441

#DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF

#DirServer 62.116.124.106:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D

 

-# The directory for keeping all the keys/etc. By default, we store

-# things in $HOME/.tor on Unix, and in Application Data\tor on Windows.

+## The directory for keeping all the keys/etc. By default, we store

+## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.

#DataDirectory @LOCALSTATEDIR@/lib/tor

 

##################### Below is just for servers #####################

 

-## NOTE: If you enable these, you should consider mailing your

-## identity key fingerprint to the tor-ops, so we can verify

-## your configuration. See the README for details.

+## NOTE: If you enable these, you should consider mailing your identity

+## key fingerprint to the tor-ops, so we can add you to the list of

+## servers that clients will trust. See the README for details.

+

+## A unique handle for this server

+#Nickname ididnteditheconfig

+

+## The IP or fqdn for this server. Leave blank and Tor will guess.

+#Address noname.example.com

 

-#Nickname ididnteditheconfig       # A unique handle for this server

-#Address noname.example.com        # The IP or fqdn for this server

#ContactInfo 1234D/FFFFFFFF Random Person <nobody@example.com>

 

#ORPort 9001 # what port to advertise for tor connections

-# If you want to listen on a port other than the one advertised

-# in ORPort, uncomment the line below. You’ll need to do ipchains

-# or other port forwarding yourself to make this work.

+## If you want to listen on a port other than the one advertised

+## in ORPort, uncomment the line below. You’ll need to do ipchains

+## or other port forwarding yourself to make this work.

#ORBindAddress 0.0.0.0:9090

-# Uncomment this to mirror the directory for others (please do)

+## Uncomment this to mirror the directory for others (please do)

#DirPort 9030 # what port to advertise for directory connections

-# If you want to listen on a port other than the one advertised

-# in DirPort, uncomment the line below. You’ll need to do ipchains

-# or other port forwarding yourself to make this work.

+## If you want to listen on a port other than the one advertised

+## in DirPort, uncomment the line below. You’ll need to do ipchains

+## or other port forwarding yourself to make this work.

#DirBindAddress 0.0.0.0:9091

## A comma-separated list of exit policies. They’re considered first

File 4

############### This section is just for location-hidden services ###
64
65 ## Look in …/hidden_service/hostname for the address to tell people.
66 ## HiddenServicePort x y:z says to redirect a port x request from the
67 ## client to y:z.
68
69 #HiddenServiceDir /data/Data/projekte/DilloTor/tor-0.1.1.23/binary/var/lib/tor/hidden_service/
70 #HiddenServicePort 80 127.0.0.1:80
71
72 #HiddenServiceDir /data/Data/projekte/DilloTor/tor-0.1.1.23/binary/var/lib/tor/other_hidden_service/
73 #HiddenServicePort 80 127.0.0.1:80
74 #HiddenServicePort 22 127.0.0.1:22
75 #HiddenServiceNodes moria1,moria2
76 #HiddenServiceExcludeNodes bad,otherbad
77

File 5

— src/config/torrc.sample.in.orig 2007-01-27 23:41:23.000000000 +0000
+++ src/config/torrc.sample.in 2007-01-27 23:43:47.000000000 +0000
@@ -18,6 +18,11 @@
 ## With the default Mac OS X installer, Tor will look in ~/.tor/torrc or
 ## /Library/Tor/torrc
+## Default username and group the server will run as
+User tor
+Group tor
+
+PIDFile /var/run/tor/tor.pid
 ## Replace this with “SocksPort 0″ if you plan to run Tor only as a
 ## server, and not make any local application connections yourself.
@@ -46,6 +51,7 @@
 #Log notice syslog
 ## To send all messages to stderr:
 #Log debug stderr
+Log notice file /var/log/tor/tor.log
 ## Uncomment this to start the process in the background… or use
 ## –runasdaemon 1 on the command line. This is ignored on Windows;
@@ -55,6 +61,7 @@
 ## The directory for keeping all the keys/etc. By default, we store
 ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
 #DataDirectory @LOCALSTATEDIR@/lib/tor
+DataDirectory   /var/lib/tor/data
 ## The port on which Tor will listen for local connections from Tor
 ## controller applications, as documented in control-spec.txt.

 

— a/src/config/torrc.sample.in
2 +++ b/src/config/torrc.sample.in
3 @@ -44,11 +44,11 @@ SocksListenAddress 127.0.0.1 # accept co
4  ## Uncomment this to start the process in the background… or use
5  ## –runasdaemon 1 on the command line. This is ignored on Windows;
6  ## see the FAQ entry if you want Tor to run as an NT service.
7 -#RunAsDaemon 1
8 +RunAsDaemon 1
9
10  ## The directory for keeping all the keys/etc. By default, we store
11  ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
12 -#DataDirectory @LOCALSTATEDIR@/lib/tor
13 +DataDirectory @LOCALSTATEDIR@/lib/tor
14
15  ## The port on which Tor will listen for local connections from Tor
16  ## controller applications, as documented in control-spec.txt.
17 @@ -168,3 +168,5 @@ SocksListenAddress 127.0.0.1 # accept co
18  #BridgeRelay 1
19  #ExitPolicy reject *:*
20
21 +User tor
22 +PidFile @LOCALSTATEDIR@/run/tor/tor.pid

File 6

Configuration tips

Using the same exit for persistant connections

Some websites will log you out if you re-visit (while loggined in using a cookie to identify you) from a different IP. Tor has a feature called long lived ports. You could add the following to torrc to make connections to given ports use the same circut for a long period of time:

LongLivedPorts 80,23,21,22,706,1863,5050,5190,5222,5223,6667,8300,8888

A good alternative to LongLivedPorts is to use MapAddress for given sites. It allows you to make sure every connection to a given site goes through the same connection. This is also a good option if you need given sites to be visited from a given country.

For example,

MapAddress www.nsa.gov www.nsa.gov.nadia.exit

will make all visits to www.nsa.gov always use the edit node nadia, which is located in the US. There are anonymity issues with this; if you’re the only one using it then www.nsa.gov can at least figure out that it’s the same guy who’s visiting when connections are coming from that exit node.

=== Make Tor act faster ====

It is also possible to make Tor connections seem faster by setting CircuitBuildTimeout. Setting this number lower than the default (60 seconds) makes Tor give up and try other paths if it takes longer than the limit to build a circut. A circut which takes 50 seconds to build will be slower than a circut that takes 15 seconds to build. For example, you could set:

CircuitBuildTimeout 10

However, it must be mentioned that you will be using a whole lot more different servers if you allow circuts who take 50 seconds to build than if you set the limit to 10 seconds. There isn’t much solid research on exactly how this impacts traffic analysis resistance, but you’re – generally speaking – better off using a lot of slow servers than a few fast ones.

File 7

https://svn.torproject.org/svn/tor/tags/tor-0_0_9_5/src/config/torrc.sample.in

07/27/12

gAtO interview -Botnet’s in Tor -sI -Si

gAtO jUsT – finished an interview with Bill Donato from BotRevolt.com. I wanted to post this because these were good questions. My answers were a little lOcO gAtO but I tried anyway here is the Interview, at the bottom I included a conversation about Tor Controlled Botnet I found in HackBB in onion land, all I can tell you the code and how-to are out there -gAtO oUt

 

LinkedInMr Bill Donato has sent you a message.

Date: 7/26/2012

Subject: RE: Bot Revolt Blog

Hi Richard,
Here are 5 general questions we think our readers would find interesting. We greatly appreciate your feedback!

First Thank you Bill for this opportunity. I have 35 years in IT-and a little security goes with the territory but I’m no expert. I’m retired so I have the freedom to say what I want and I have chosen to support Freedom of Speech in cyberspace. You can find my rants and rages about security at http://uscyberlabs.com/blog I go by twitter @gAtOmAlO2 after my lionhearted cat “named- gato”. my 2 cents “be a critical reader, thinker and cyber user”. truet but verify

• We see a lot of cybercrime targeted at large companies, but how vulnerable is the average consumer in today’s cyber environment?

In todays economic climate cyber criminals see mass unemployment and use that to recruit shipping mules and money mules. Financial desperation and greed is a driving force in recruitment and the FBI is well aware of this a good money mule is hard to find and trust. Also Infection points for zombie computers to do the dirty work goes up and up with every new exploit. Last people don’t know how much information they leak out. With metadata just from the pictures in Facebook a criminal can gleam lot’s of information from the average Facebook update???.//

So to answer your question yes the average consumer needs to be very careful and have common sense. That lost Uncle from Nigeria did not leave you a billion dollars, trust me on this one.

• At the current level of cybercrime’s growth, if it is possible how long before the internet crashes?

Cyber crime is growing but CISPA is not the answer. PII (Personal Identifiable Information) that the government say’s it will not gather just your shopping and search cyber habits, nothing identifiable until you type in the wrong keyword, then your monitored. Then your footsteps in cyberspace will be monitored a bit more closely. The Judicial system now added the cyber forensic phycologist that can produce “minority reports- remember the movie – the though police…”. That’s scary..

Where were you last Tuesday @ 9:37 PM… they know, we are being monitored by the good guy in todays Internet. It’s normal to update my Facebook page or my Linkined profile, leaking data with the metadata from our pictures of our visit to the new office overseas. Can give criminals information for APT attacks.

As to the Internet crashing, I think it’s just beginning. We have Criminals after our data, government after our habits and we have ourself leaking information for everyone to know about me, me, me…. but it’s not crashing —> we have too many me..me..me..

• Cyber warfare is a hot topic, how will a cyber-war affect the countries average citizen?

Have you ever watch your daughter lose her cell phone 5 times in one year, 5 times not one backup. The effects of a cyber kinetic event in the US will happen. I see open scada system in the wild with no protection. Try and report this information that’s a joke and impossible. So many miss-configured scada all running windows OS, with no patch updates or management..// so they become more vulnerable everyday that they don’t upgrade.

Oh make that a tested Update because we (admin type) all stayed up late at nights un-installing an upgrade for -Windows OS- that made the Payroll system -Oracle- not work so NO paychecks….

In other words it will happened because we have a pretty bad security system built into these devices and they are to expensive to replace it’s worth the risk from a financial side so companies ROI return on investment… they did the cost analysis of an attack -they know they will get hacked…Power grid YeaH Baby and we have no backup — but we still come back… the average citizen has to ride it out we have no choice in warfare.
• You talk on your website, uscyberlabs.com, about the rise of botnets running on the tor .onion network, is the tor network a threat to people who do not access it? If so how do users protect themselves?


Botnets in Tor on Yeah! I’m doing some research into botnets in the Tor Black Market and it’s alive and kicking. The Tor hidden service and C&C servers goes hand in hand. You can’t find it, and it can’t be found. We also have i2p as an up and coming secure anonymized network so expect more and more from this area.

I included a post from HackBB-website in the onion network this discussion is about “Tor-Controlled Botnets” I included the code so in Tor there is talk from the hacker world on how to guides to Tor & bonnets. and it’s has a current timestamp.

I’t not just the code it’s also the infrastructure design.

Got to Tor HackBB [1]-  — http://clsvtzwzdgzkjda7.onion/

• On your blog titled “Online Security Basic -should I use encryption” you give some great information. What encryption programs, methods or tips do your recommend for some of the less computer savvy users?

Well first of all here [below] is my public key if you want to send me a message. I use FireVault and encrypt my hard drive, but I forgot my password – that’s my story and I’m sticking to it..;) I use GnuPG. Since I’m not doing skunk work, and I’m not a spy, I try to go open-source type programs, yes they are a little harder to learn but I feel safer with the open aspect of it. In security we have a motto – trust but verify – I can verify these open source program…./

One thing that the average user needs to do is to make their privacy a key part in their cyber life. When you start down the security rabbit hole it’s an active step in your cyber lifestyle.

Privacy is a personal thing, when I’m looking for Preperation H I don’t want Google, Yahoo or Amazon to know about this medical problem, it’s kinda personal, private. But when I’m trolling on Huffington Post it’s another world.

 

 

[1] Conversation online in HACKBB website.. about Tor Botnets

 

[1] Tor-controlled botnet

Re: Tor-controlled botnet

by BotCoder » Fri May 18, 2012 5:50 pm

Good news! I compiled TOR from source and there is no GUI or tray icon if you skip the installer step.

Here are the info to compile from source (you can skip the installer part and build a silent one yourself):

CODE

##

## Instructions for building Tor with MinGW (http://www.mingw.org/)

##

Stage One:  Download and Install MinGW.

—————————————

Download mingw:

http://prdownloads.sf.net/mingw/MinGW-5.1.6.exe?download

Download msys:

http://prdownloads.sf.net/ming/MSYS-1.0.11.exe?download

Download msysDTK:

http://sourceforge.net/projects/mingw/files/MSYS%20Supplementary%20Tools/msysDTK-1.0.1/msysDTK-1.0.1.exe/download

Install MinGW, msysDTK, and MSYS in that order.

Make sure your PATH includes C:\MinGW\bin.  You can verify this by right

clicking on “My Computer”, choose “Properties”, choose “Advanced”,

choose “Environment Variables”, select PATH.

Start MSYS(rxvt).

Create a directory called “tor-mingw”.

Stage Two:  Download, extract, compile openssl

———————————————-

Download openssl:

http://www.openssl.org/source/openssl-0.9.8l.tar.gz

Extract openssl:

Copy the openssl tarball into the “tor-mingw” directory.

Type “cd tor-mingw/”

Type “tar zxf openssl-0.9.8l.tar.gz”

(Note:  There are many symlink errors because Windows doesn’t support

symlinks.  You can ignore these errors.)

Make openssl libraries:

Type “cd tor-mingw/openssl-0.9.8l/”

Type “./Configure -no-idea -no-rc5 -no-mdc2 mingw”

Edit Makefile and remove the “test:” and “tests:” sections.

Type “rm -rf ./test”

Type “cd crypto/”

Type “find ./ -name “*.h” -exec cp {} ../include/openssl/ \;”

Type “cd ../ssl/”

Type “find ./ -name “*.h” -exec cp {} ../include/openssl/ \;”

Type “cd ..”

Type “cp *.h include/openssl/”

Type “find ./fips -type f -name “*.h” -exec cp {} include/openssl/ \;”

# The next steps can take up to 30 minutes to complete.

Type “make”

Type “make install”

 

Stage Three:  Download, extract, compile zlib

———————————————

Download zlib source:

http://www.zlib.net/zlib-1.2.3.tar.gz

Extract zlib:

Copy the zlib tarball into the “tor-mingw” directory

Type “cd tor-mingw/”

Type “tar zxf zlib-1.2.3.tar.gz”

CHOICE:

Make zlib.a:

Type “cd tor-mingw/zlib-1.2.3/”

Type “./configure”

Type “make”

Type “make install”

Done.

 

Stage Four: Download, extract, and compile libevent

——————————————————

Download the latest libevent release:

http://www.monkey.org/~provos/libevent/

Copy the libevent tarball into the “tor-mingw” directory.

Type “cd tor-mingw”

Extract libevent.

Type “./configure –enable-static –disable-shared”

Type “make”

Type “make install”

 

Stage FiveBuild Tor

———————-

Download the current Tor alpha release source code from https://torproject.org/download.html.

Copy the Tor tarball into the “tor-mingw” directory.

Extract Tor:

Type “tar zxf latest-tor-alpha.tar.gz”

cd tor-<version>

Type “./configure”

Type “make”

You now have a tor.exe in src/or/.  This is Tor.

You now have a tor-resolve.exe in src/tools/.

 

Stage Six:  Build the installer

——————————-

Install the latest NSIS:

http://nsis.sourceforge.net/Download

Run the package script in contrib:

From the Tor build directory above, run:

“./contrib/package_nsis-mingw.sh”

The resulting Tor installer executable is in ./win_tmp/.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

gAtOmAlO Public Key-

—–BEGIN PGP PUBLIC KEY BLOCK—–

Version: GnuPG/MacGPG2 v2.0.17 (Darwin)

Comment: GPGTools – http://gpgtools.org

 

mQENBFAGzo8BCAC7Sg4uz5lQVrAPVe+BlMMGKjnLJwQvBy6V29CfPlws3/7b0Ryd

Th9CerSYt49Pt98iPNNZm38rtiKgABXp2jzTrpZDJsnxN+XCg0sdr/NZb6esP7Ck

hE77VSvTr0khFM1w7ZS3tf/1q6e9iqUovzPS4kBwSL7TMJgoQY0EJ9WAvLDeNrpO

P/JEBsawMH2q4Xd/i4QzirQf3fxVofOcwicSks9HI7LnSkiZu+rZTHo0yzdk/Sc6

SJqrFVplsUsSvESRdVLOEU4WVb7YpWGk3wBXgSSOvD+f2LVAgT40T4rGE15ZX3ou

Z/GEXCAy3Z+uVPPdiOPJRF71qmkRe0Um6yiNABEBAAG0I2dhdG8tbGFiIDxnYXRv

bWFsb0B1c2N5YmVybGFicy5jb20+iQE+BBMBAgAoBQJQBs6PAhsvBQkHhh+ABgsJ

CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRA1tzvyZQcKfrmLB/96RHvWFhzsfHWc

5YmW12vZf6cEbR0qgp1Z4LeERpuv/K96NSrXM81CMmi5F0l/m6ui/cEh0nwVM+EA

RD8MhJwRIhz3QOi6I5DBwM5YkKQNPgSPJegu27+96WXS4eNalQGZizBnbNO4SkdI

W2sH5L85z+uveZkKsGix9B8vLP9wcKMRP+5QEMVqetJ9+8njgfS4cmDrAnQyEfbs

dX5/P110a1rlPVK4vxiBGkikW4K3gmwMgNlRvQcLjlGjGpzon5a/Y9ve9WySSa8v

AMBZS5y6k6dkXXrakpBESkwJrYJDU16vlafL4C3lEP+Ce3foTTIWuHRAnJZnza4R

D0xX4C/6uQENBFAGzo8BCAC4odhP/am4dRMfJzJRIaCEzP+hs6pNOAcrHdychB5M

9z3ym6ddI0EEsI63xbYNmv+RJRxO6ZMY7P0R4CgUFPdjzmTbnPZ01J99QiPXUfd4

8+n4sCUvbEFCPSORnAPiKmWJbNrGsG7vXVTHCRgLUFIV9GAhBdK8ajn+UCZRR7Gf

Zr4qQ68cO+zS3rE4DeYgMpq9c4BYIbaRyjTTj9bwAEjr7gb7pyYGinyXtgz07/cK

hBgXmJf7zJ1s9kYMpeFqXAtd51fPcqCt0liutzyW/+YAIqAXP2WBNgZvDbfhd/5U

Od3aP1DeqJJOec3XcuLvts6rodWMSrb7remJQkkv5dftABEBAAGJAkQEGAECAA8F

AlAGzo8CGy4FCQeGH4ABKQkQNbc78mUHCn7AXSAEGQECAAYFAlAGzo8ACgkQkjHj

5gQjJYAL/Af+J5ZeEUNpbV96CUTVeSrT6hDrdkvU5NnPFUZmlVfhh+xrtRsHTJ9K

Ujcd5yAlLI38tr4A3hhuX1OToroEVRFKhTq+XpaKSBtdOeauCJeDY0NiKMJCBDue

+2CiqwIWR4tOfIFHPE/+F1STPgCxCFNfMouHqe+tI9+rqkJ11nPrUGCAzwmPcfK4

oKGWg1sbFKjyTN1XnVuzT3X/13DcZxFA9eDD2VAqlujBtifJJdYRd+hoBdoAjfXZ

OJJaYhvhj0CWWAv69Xpj1DyDA84ZcX5aanVRIhTLHgPhdJQ+jnxXYjrzE1RS+F2C

waXI7skjL/WWhey2YCFTMsY285TQbfBPn4t3B/4k35sqsb7FEd3au97AbJ1s1BWK

ZTSn6cEY9ZjB3exDsG/XQY522bdq+PxbSt8WKPlaEhEP0kjNOfl2UsBzNISL0f6s

hvwDR0Pov07W8t0O4Nz1v07AXDDxKvcgjPGTwknmjg2ny/ToEAbiacP7cXHuCOnw

A2e3l9C8Loluhvt3zgQVsv4E19KUT3a9SIYzIazQ+qbYAbbZszvjWMbBHroVviLj

9ImVWPh6lFARRKvmDTYk6RxAEKLPiYtcgtCUU34vJu+XBJchn4ua+Soney7ZIeyU

9D0mW4dFCYrdyTpbnK9vlYnzwhmT5ggTNGZu5t8PJLMW/qgwiCroXG6i3x58

=lYdL

—–END PGP PUBLIC KEY BLOCK—–

 

07/19/12

Fingerprint Tor or Government Anonymized Network

How To  Fingerprint Anonymized Network visiting your website

gAtO hAs - been learning about the Tor-.onion network and one thing I wanted to understand was how China, Iran and Syria block the Onion-Router (OR). / Fingerprint Profile – I have read in the Tor wiki about the Tor signal simulating a Skypes fingerprint to hide in the clutter of the web. So how do I figure this out? Ok with WireShark I can capture the packets and check out the signature and fingerprint of a Tor anoymized network. This is one way.

Another way – just check out your website statistics and look for anyone that visited your site that does not have a country code.  From  observation of my site uscyberlabs.com I have found a pattern lately most “no country flag” indicates a Tor OR or a private – Anonymized Network. Not all of them are Tor so some of the others are the most interesting because they are anonymized but not Tor, I2P maybe, government networks -mAyBe -sI -nO gAtO is a gAtO let’s check this out

I have a few SEO packages on my site to check out the back-end statistics of the site. This give you information about your web visitor like the referal of the site that you came from, The OS, the platform and the Country were you came from, your geo-Location. One of the things that Tor does for you is prevent people from knowing your IP / geo-location. So guess what??? people have been visiting my site using not just Tor-networks – c00l b3ans, but so what else can I find out about these other  non-Tor relay— so I started digging around and this is what I found about some of these exit-relays… gAtO wArNiNg - I have to hold back some information about governments anonymized networks due to privacy and vulnerabilities possibilities.

A fingerprint of NO COUNTRY FLAGS – on my logs show’s Tor Exit-Relay type anonymized network according to the Visitor statistics: Figure 1(below) a snapshot of my log from ExtremeTracking.com –//  You noticed the ip or names of referred site with no country flags. Example: 217.79.231.13 for-exit0-readme.dfi.se – tor21.anonymizer.ccc.de - and a few more —

 

I decide to -Trust but Verifythe security Dude’s secret motto -mEoW

I went to the command line:

-curl tor21.anonymizer.ccc.de   – it came back with information that this exit-relay come’s from the Tor-Project personal relays- and it’s private-relay because I checked it against and guess what it’s hosted by there dear friends Chaos Computer Club – that brings back the “way-back machine” to the old day of real hacking but these are the guy’s from Germany and they are good friends of the Tor project, so this is a trusted Tor exit relay for the Tor project..// interesting // they were reading my “recon the deep web article

curl tor21.anonymizer.ccc.de

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-<ol>

<li><a href=”https://www.torproject.org/overview.html“>Tor Overview</a></li>

<li><a href=”https://www.torproject.org/faq-abuse.html“>Tor Abuse FAQ</a></li>

<li><a href=”https://www.torproject.org/eff/tor-legal-faq.html“>Tor Legal FAQ</a></li>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-</ol>

IP – 31.172.30.4 – All (Onion Router) OR from Chaos seem to be – OS window 7

27 Jun, Wed, 14:02:33 tor21.anonymizer.ccc.de uscyberlabs.com/blog/2012/02/05/recon-deep-web/

 

 I found out all 3 Tor OR-relays had this signature – No Flag Fingerprint = TOR/i2p = secure traffic/anoymized  traffic-

***  -Trust but Verify –/ What caught my attention in the log was  141.101.70.66it is owned by nLayer Communication    — Who is nLayer they provides Internet connectivity solutions. The company provides IP transit, data transportation, and managed networking services to governments agencies. CIA, FBI, NSA any alphabet soup agency that you want from the .gov folks.

How did we get from 141.101.70.66 to nLayer: a traceroute- command

[2] traceroute to 141.101.70.66 (141.101.70.66), 64 hops max, 52 byte packets

1  10.2.120.1 (10.2.120.1)  11.513 ms  10.851 ms  8.521 ms

2  wwcksysc01-gex0103000.ri.ri.cox.net (68.9.8.13)  10.120 ms  11.272 ms  7.912 ms

3  ip98-190-33-21.ri.ri.cox.net (98.190.33.21)  11.896 ms  9.496 ms  12.044 ms

4  provdsrj01-ae3.0.rd.ri.cox.net (98.190.33.20)  10.429 ms  13.194 ms  11.063 ms

5  nyrkbprj01-ae2.0.rd.ny.cox.net (68.1.1.173)  18.038 ms  15.177 ms  14.140 ms

6  ae0-50g.cr1.nyc3.us.nlayer.net (69.31.95.193)  16.279 ms  17.128 ms  17.859 ms

7  xe-7-3-0.cr1.lhr1.uk.nlayer.net (69.22.142.133)  87.076 ms  83.085 ms  82.096 ms

8  ae1-70g.ar1.lhr1.uk.nlayer.net (69.22.139.63)  83.856 ms  84.420 ms  85.732 ms

as13335.xe-4-0-6.ar1.lhr1.uk.nlayer.net (63.141.223.42)  82.774 ms  102.143 ms  82.082 ms

10  141.101.70.66 (141.101.70.66)  83.317 ms  83.772 ms  82.424 ms

And of course this all goes thru some dummy corporate stuff to fool anyone // if you dig a little // I guess Global Telecom & Technology, Inc. (“GTT”), (OTCBB: GTLT.OB - // – have you seen their stock almost double since the US government stepped up it’s cyber position- good cyber investment I guess–// ), a global network operator providing managed data services to large enterprise, government and carrier customers in over 80 countries worldwide, today announced the acquisition of privately-held, Chicago-based nLayer Communications, Inc. -government and carrier customers/ government and carrier customers / government and carrier customers…//

…—…

So gaTo what does all this mean / a simple website statistics can help you see your anonymized visitors – No Flag Fingerprint = TOR/i2p = secure traffic/anoymized  traffic- / or it could be from a government site -knock, knock, knocking at your website door- also or business spying your site, your information. gAtO think it’s a waste of time because gAtO is wasted most of the time when he writes this stuff- RI MMP program, life sucks big time.

Besides the Tor or I2P  traffic// the pattern in the fingerprint that show no country flag: — secure traffic/anoymized — this is open source software that governments have modified for their own skunk work… Governments have taken the 3rd level Tor-Onion routing (code) and has their own similar network, but under the hood is the same core code – “ no Flag” show’s root code flaw, So any webmaster that has a website can find Tor like Exit-Relays or govs, watching you watching them -

: As long as the visitor is visiting from inside the matrix of a anoymized network they must use and Exit-Node-no country flag - GOTCHA—gATO ouT

by the way Chaos Computer Club 31.172.30.4 nice Tor- exit-node

 

gAtOmAlO lAb nOtEs –=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

traceroute 31.172.30.4

traceroute to 31.172.30.4 (31.172.30.4), 64 hops max, 52 byte packets

1  10.2.120.1 (10.2.120.1)  46.027 ms  12.175 ms  9.976 ms

2  wwcksysc01-gex0103000.ri.ri.cox.net (68.9.8.13)  15.444 ms  11.472 ms  10.996 ms

3  ip98-190-33-21.ri.ri.cox.net (98.190.33.21)  10.043 ms  9.272 ms  10.127 ms

4  provdsrj01-ae3.0.rd.ri.cox.net (98.190.33.20)  9.597 ms  9.633 ms  16.782 ms

5  68.1.4.133 (68.1.4.133)  21.272 ms  22.538 ms  21.357 ms

6  ae-6.r21.asbnva02.us.bb.gin.ntt.net (129.250.3.113)  42.541 ms  50.629 ms  61.680 ms

7  ae-2.r23.amstnl02.nl.bb.gin.ntt.net (129.250.2.145)  133.403 ms  162.975 ms  137.493 ms

8  ae-2.r02.amstnl02.nl.bb.gin.ntt.net (129.250.2.159)  136.255 ms  128.778 ms  133.927 ms

9  xe-4-1.r02.dsdfge01.de.bb.gin.ntt.net (129.250.2.65)  142.335 ms  142.499 ms  141.396 ms

10  xe-3-4.r00.dsdfge02.de.bb.gin.ntt.net (129.250.5.173)  133.058 ms  128.793 ms *

11  213.198.77.122 (213.198.77.122)  132.148 ms  136.187 ms  132.329 ms

12  tor21.anonymizer.ccc.de (31.172.30.4)  123.563 ms  130.866 ms  121.906 ms —

 

traceroute 199.48.147.35

traceroute to 199.48.147.35 (199.48.147.35), 64 hops max, 52 byte packets

1  10.2.120.1 (10.2.120.1)  1842.973 ms  9.712 ms  10.324 ms

2  wwcksysc01-gex0103000.ri.ri.cox.net (68.9.8.13)  9.961 ms  10.751 ms  10.437 ms

3  ip98-190-33-21.ri.ri.cox.net (98.190.33.21)  12.393 ms  10.226 ms  9.773 ms

4  provdsrj01-ae3.0.rd.ri.cox.net (98.190.33.20)  19.731 ms  9.270 ms  18.419 ms

5  nyrkbprj01-ae2.0.rd.ny.cox.net (68.1.1.173)  15.479 ms  15.045 ms  16.067 ms

6  ae0-50g.cr1.nyc3.us.nlayer.net (69.31.95.193)  15.114 ms  22.195 ms  16.909 ms

7  ae2-70g.cr1.ewr1.us.nlayer.net (69.31.95.145)  16.976 ms  28.552 ms  15.767 ms

8  xe-3-1-0.cr1.sjc1.us.nlayer.net (69.22.142.137)  90.901 ms  104.251 ms  90.386 ms

9  ae1-40g.ar2.sjc1.us.nlayer.net (69.22.143.118)  97.274 ms  91.747 ms  92.165 ms

10  as18779.xe-4-0-4.ar2.sjc1.us.nlayer.net (69.22.153.94)  91.277 ms  104.404 ms  100.544 ms

11  gw-ao.sjc01.appliedops.net (173.245.68.18)  98.566 ms  92.947 ms  91.660 ms

12  tor-exit-router35-readme.formlessnetworking.net (199.48.147.35)  93.154 ms  92.201 ms  92.769 ms

 

 traceroute 217.79.231.13

traceroute to 217.79.231.13 (217.79.231.13), 64 hops max, 52 byte packets

1  10.2.120.1 (10.2.120.1)  19.522 ms  35.384 ms  9.940 ms

2  wwcksysc01-gex0103000.ri.ri.cox.net (68.9.8.13)  12.016 ms  11.162 ms  9.829 ms

3  ip98-190-33-21.ri.ri.cox.net (98.190.33.21)  13.815 ms  8.970 ms  9.637 ms

4  provdsrj01-ae3.0.rd.ri.cox.net (98.190.33.20)  11.118 ms  11.123 ms  9.964 ms

5  68.1.4.133 (68.1.4.133)  20.776 ms  20.920 ms  61.446 ms

6  ttc.tenge11-1.br02.ldn01.pccwbtn.net (63.218.54.38)  95.216 ms  107.984 ms  94.783 ms

7  217.150.59.202 (217.150.59.202)  149.863 ms  149.865 ms  149.539 ms

8  vl554-gvrn-sr1.msk1.net.lancronix.ru (217.79.224.67)  158.159 ms  165.395 ms  157.553 ms

217.79.231.13 (217.79.231.13)  157.467 ms  157.215 ms  166.376 ms