Government use of Cyber Weaponized Exploits

gAtO rEaD- The government is buying hackers exploits – not to stop these sophisticated cyber exploits but to use these tools against it’s own people- they are using the tools to infiltrate computer networks worldwide, leaving behind spy programs and cyber-weapons that can disrupt data or damage systems.network

The core problem: Spy tools and cyber-weapons rely on vulnerabilities in existing software programs, and these hacks would be much less useful to the government if the flaws were exposed through public warnings. So the more the government spends on offensive techniques, the greater its interest in making sure that security holes in widely used software remain unrepaired. So your computer is vulnerable and the governments knows it and will not disclose this information, but use it against you to place cookies,RAT’s or other spyware into your computer -maybe- I trust our government don’t you?

If you got nothing to hide, you should not be worried… right????

So our Tax dollars are going to Hackers and cyber criminals that sell these exploits all over the world. As a tax payer I don’t like this part at all. But the worst part is by us taking the lead of cyber offensive cyber tools -example.. Stuxnet – it is a plan book for other countries to do the same. So what we do in cyberspace has become socially acceptable to do in cyberspace and then we bitch about China. I don’t get it – mEoW

Officials have never publicly acknowledged engaging in offensive cyber-warfare, though the one case that has beenmost widely reported – the use of a virus known as Stuxnet to disrupt Iran’s nuclear-research program – was lauded in Washington. Officials confirmed to Reuters previously that the U.S. government drove Stuxnet’s development, and the Pentagon is expanding its offensive capability through the nascent Cyber Command.

Then you have the Prism disclosure and PoW- US Cyber Agents Disrupt Publication of Popular Al Qaeda Magazine – This means that Obama’s cyber military is potentially capable of more targeted attacks, specified at damaging particular pieces of information or infrastructure. I wonder where they got those vulnerabilities? maybe some bad guys—/Nato_cyber_plat

What worries me is as the U.S engages in these attacks our enemies are learning what is acceptable in cyberwar. So we must be careful not to lose the fact that everyone is watching what we do and how we treat cyberspace and others governments will follow, defensive and offensive, they are learning from the best the U.S. Government -gAtO oUt

ref: http://www.reuters.com/article/2013/05/10/us-usa-cyberweapons-specialreport-idUSBRE9490EL20130510






White Hat Bot-Nets

gAtO wAs - reading Bloomberg BusinessWeek “ The Hacker of Damascus” Karin a 31-year-old doctor had spent the previous months protesting against the government of Damascus, he refuse to give up his friends names.

Before the arrest-/ before the torture/- they found a simple vulnerability thru Skypes they also got into his hard drive and as Karin said they arrested his computers data first them him. So now we see the black hats, spammer, cyber criminal tricks against people from their own governments. Is this the way it’s going to happen, we see the news today about 2 ladies and their General boy toys and WOW -mEoW.

In Georgia detains ministry for using malware to access opposition leaders computers – This is just another example of governments using criminal cyber tactics to gain intelligence from it’s own people.



The other side of the cyber struggles in Syria is Anonymous and their role in all this: On the other side, the hacktivist group Anonymous has infiltrated at least 12 Syrian government websites, including that of the Ministry of Defense, and released millions of stolen e-mails.  

Cyberspace and it’s tools (weapons) like Facebook, Twitter – can be used by both sides  in this evolving landscape of digital warriors. That is why gATo is sadden by how basic normal Internet tools can become killers and liberators. I guess I see the fog of cyberwar thru gATO eYe’S we have only seen defensive cyber tools so far Suxnet and others are only the beginning and the new economies that had no choice but a digital path into their infrastructure need to look at their own security a wee bit more close. DId Huawei (China’s Telecom Giant accused of having backdoor ) sell you those Network infrastructure pieces at a very cheap price -(lowest bidder (or a no-bid)contract) -well guess who is watching you…

SCADA cyber controls security SUCKs = infrastructure things (energy/transportation/communication/water/air) = fix them NOW

Since no Cyber Bill has gone before congress -President Obama after a major election went and signed  a-

US secret CYber Law singed by Pres. Obama -Nov 15, 2012

Rather, the directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the fully array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.

This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the U.S. Constitution, including the President’s role as commander in chief, and other applicable law and policies. http://killerapps.foreignpolicy.com/posts/2012/11/14/the_white_houses_secret_cyber_order

So now even 31-year-old doctors need to worry what they do and who they talk to and WHAT they talk about -/ also- in Facebook, Skype or any other web-App-  By the way —>These basic vulnerabilities can be found and exploited in any web-app – So this person may of worked at the water plant – or the electric plant what could these White Hat Bots have obtained?? These little White Hat BotNets may go rouge or may be captured this is about virtual digital world with a click of a mouse I GOT YOU!!! -PWN

Will this become the standard? The good and bad guy’s do it NOW- plant a virus suck up your disk / then check it out – BUT “if you got nothing to hide” well it’s OK then — right - gAtO oUt


The deep Dark Web -Book Release

gATO hApPy

AVAILABLE @ AMAZON - http://www.amazon.com/dp/B009VN40DU

AVAILABLE @SmashWords website  @http://www.smashwords.com/books/view/247146

I learned that I hate WORD: – but it’s the general format for publishing  - text boxes- get imbedded and you can’t format to EPUB or .mobi or anything – solution after going lOcO gAtO - was copy and paste into txt editor – save as RTF then copy paste back into a new WORD document and then reformat everything from scratch – and copy over the pictures – as you can tell I had fun-..-ugh mEoW F-F-F-F as much fun as a hairball but if it get’s the message out “FREEDOM OF SPEECH IN CYBERSPACE” then we done our job, anyway I hope you read it - Thank you Pierluigi a best friend a security gAtO ever had - gATO oUt

This Book covers the main aspects of the fabulous and dangerous world of -“The Deep Dark Web” . We are just two cyber specialists Pierluigi Paganini & Richard -gAtO- Amores, with one passion and two souls we wanted to explain the inner working of the deep dark web. We have had a long collaboration in this efforts to document our findings we made infiltrations into the dark places inaccessible to many to give a you the reader a clear vision on the major mystery of the dark hidden web that exist today in the Tor Onion network..

The Web, the Internet, mobile cell devices and social networking has become commonly used words that identify technological components of daily Internet user’s experience in the cyberspace. But how much do we really know about cyberspace? Very, very little, Google / Yahoo / Bing only show us 20% of the Internet the other 80% is hidden to the average user unless you know were to look.

The other 80% of the Internet is what this book is about the “Deep Dark Web”, three words with millions of interpretations, mysterious place on the web, the representation of the hell in the cyberspace but also the last opportunity to preserve freedom of expression from censorship. Authorities and corporation try to discourage the use of this untapped space because they don’t control it. We the people of the free world control this network of Tor -Onion Routers by volunteer around the world.

The Deep Dark Web seems to be full of crooks and cyber criminals, it is the hacker’s paradise, where there are no rule, no law, no identity in what is considered the reign of anonymity, but this is also the reason why many persecuted find refuge and have the opportunity to shout to the world their inconvenient truths.

The Deep Dark Web is a crowded space with no references but in reality it is a mine of information unimaginable, a labyrinth of knowledge in the book we will try to take you by the hand to avoid the traps and pitfalls hopefully illuminating your path in the dark.

Cybercrime, hacktivism, intelligence, cyber warfare are all pieces of this complex puzzle in which we will try to make order, don’t forget that the Deep Dark Web has unbelievable opportunity for business and governments, it represents the largest on-line market where it is possible to sell and acquire everything, and dear reader where there is $money$  you will find also banking, financial speculators and many other sharks.

Do you believe that making  money in Deep Web is just a criminal prerogative? Wrong, the authors show you how things works in the hidden economy and which are the future perspectives of is digital currency, the Bitcoin.

This manuscript proposes both faces of the subject, it illustrates the risks but also legitimate use of anonymizing networks such as TOR adopted by journalist to send file reports before governments agents censored his work .

Here are some question we may answers to:

How many person know about the cyber criminals and their ecosystem in the deep web? 

How many have provided information on the financial systems behind the “dirty affairs”? 

How the law enforcement and governments use Dark Web?

Let’s hold your breath and start the trip in the abyss of knowledge to find answers to the above questions. We hope that with this book you can learn something new about – The Deep Dark Web.


Tor Network Directory Project

Lately we all heard of Silk Road the underground cyber marketplace were you can buy illegal drugs and guns and people say all the bad guy’s are using the dark web for crime stuff – yeah DuDe:—:. It’s is just the Tor onion network, if you want to visit the onion network just go to torproject.org and download their bundle software and go surfing in the onion network. Since there is no bing, google or yahoo in the onion network, if you want a directory of what’s out in onion land just go to the hidden wiki. “Cleaned Hidden Wiki”- http://3suaolltfj2xjksb.onion/hiddenwiki/index.php/Main_Page.

The wiki is built by one of the founders of the onion netowk the administrator of MyHiddenBlog in – (- “http://utup22qsb6ebeejs.onion/” — ) and volunteers built The “Cleaned Hidden Wiki” .It is one of the few places were you can find some of the hidden services (websites) in Tor, in other words the only websites in Tor that want to be found. You see in the Tor onion network your site is your secret, your site is hidden because there is no google or yahoo to send web crawler out into the onion network. The USCyberlabs Tor Network Directory Project will be the first time that we go out actively and collect all the websites (hidden services) that are hiding in the Tor onion network.

When I started to write about Tor and our new (“The Deep Dark Web”) -book, I was contacted by the FBI about what I was writing about Tor and the hidden services and attack vectors in Tor. They wanted to be gAtO’s bff. I must admit I was intimidated and walked a very careful line with my blog postings and my tweets. Why because the FBI want to fuck with lawful security researchers that come to close to the truth about Tor.

They do not want this mapping of the Tor onion network. Why? The mapping of the Tor onion network will show all sites even the ones that want to stay hidden. Like government sites? Like Spy sites? I mentioned Bots with Tor c&c yeah government stuff. You of course have your corporate presence in the hidden services of Tor what will these Tor website show. Maybe it’s not just the bad guy using Tor, maybe.

There are currently only 9 directory servers in the Tor infrastructure that know all the sites on Tor and getting this list is kind of hard. Tor is design not to give out directory information to just anyone. We also want more than a URL of a live site, we will gather all meta-data so we can understand what these sites are all about. Google’s web crawlers do it every second of the day so we will send out crawlers into the Tor onion network to generate our directory of Tor.

The ToR Directory Scan Project (TDS) 

The uscyberlabs TDS Project- is to scan every address possibility and to generate a directory of every single live hidden service in the ToR-.onion network.

Figuring out the rendezvous for a hidden service is complicated, we attack the problem from the side —>> so the onion URL is 16 digits 2-7 a-z  plus the .onion after the url address. It’s easy to have a simple web crawler program count and a,b,c and generate a sequential-alphabetized URL list. Now due to the ToR network things work slow – old style modem speed that you young kids are not used to. Now we feed a URL wait up to 25-35 seconds then list a positive or no-go. Once we have a live hit list of possible live hidden services then we visit manually. And build a working verified w/login and password list of every hidden service on ToR.

with 100 VM we can scan Tor in weeks with 1000 machines we can scan the Tor network within days.

I tested the unix “curl command” in Tor with sock5 and it’s very good at extracting information from a website. So a simple script in will feed all the machines and they will start the scan. Once finish we take all the results and we will have a directory of every single hidden service in Tor land.

gAtO needs your help!


Fingerprint Tor or Government Anonymized Network

How To  Fingerprint Anonymized Network visiting your website

gAtO hAs - been learning about the Tor-.onion network and one thing I wanted to understand was how China, Iran and Syria block the Onion-Router (OR). / Fingerprint Profile – I have read in the Tor wiki about the Tor signal simulating a Skypes fingerprint to hide in the clutter of the web. So how do I figure this out? Ok with WireShark I can capture the packets and check out the signature and fingerprint of a Tor anoymized network. This is one way.

Another way – just check out your website statistics and look for anyone that visited your site that does not have a country code.  From  observation of my site uscyberlabs.com I have found a pattern lately most “no country flag” indicates a Tor OR or a private – Anonymized Network. Not all of them are Tor so some of the others are the most interesting because they are anonymized but not Tor, I2P maybe, government networks -mAyBe -sI -nO gAtO is a gAtO let’s check this out

I have a few SEO packages on my site to check out the back-end statistics of the site. This give you information about your web visitor like the referal of the site that you came from, The OS, the platform and the Country were you came from, your geo-Location. One of the things that Tor does for you is prevent people from knowing your IP / geo-location. So guess what??? people have been visiting my site using not just Tor-networks – c00l b3ans, but so what else can I find out about these other  non-Tor relay— so I started digging around and this is what I found about some of these exit-relays… gAtO wArNiNg - I have to hold back some information about governments anonymized networks due to privacy and vulnerabilities possibilities.

A fingerprint of NO COUNTRY FLAGS – on my logs show’s Tor Exit-Relay type anonymized network according to the Visitor statistics: Figure 1(below) a snapshot of my log from ExtremeTracking.com –//  You noticed the ip or names of referred site with no country flags. Example: for-exit0-readme.dfi.se – tor21.anonymizer.ccc.de - and a few more —


I decide to -Trust but Verifythe security Dude’s secret motto -mEoW

I went to the command line:

-curl tor21.anonymizer.ccc.de   – it came back with information that this exit-relay come’s from the Tor-Project personal relays- and it’s private-relay because I checked it against and guess what it’s hosted by there dear friends Chaos Computer Club – that brings back the “way-back machine” to the old day of real hacking but these are the guy’s from Germany and they are good friends of the Tor project, so this is a trusted Tor exit relay for the Tor project..// interesting // they were reading my “recon the deep web article

curl tor21.anonymizer.ccc.de


<li><a href=”https://www.torproject.org/overview.html“>Tor Overview</a></li>

<li><a href=”https://www.torproject.org/faq-abuse.html“>Tor Abuse FAQ</a></li>

<li><a href=”https://www.torproject.org/eff/tor-legal-faq.html“>Tor Legal FAQ</a></li>


IP – – All (Onion Router) OR from Chaos seem to be – OS window 7

27 Jun, Wed, 14:02:33 tor21.anonymizer.ccc.de uscyberlabs.com/blog/2012/02/05/recon-deep-web/


 I found out all 3 Tor OR-relays had this signature – No Flag Fingerprint = TOR/i2p = secure traffic/anoymized  traffic-

***  -Trust but Verify –/ What caught my attention in the log was is owned by nLayer Communication    — Who is nLayer they provides Internet connectivity solutions. The company provides IP transit, data transportation, and managed networking services to governments agencies. CIA, FBI, NSA any alphabet soup agency that you want from the .gov folks.

How did we get from to nLayer: a traceroute- command

[2] traceroute to (, 64 hops max, 52 byte packets

1 (  11.513 ms  10.851 ms  8.521 ms

2  wwcksysc01-gex0103000.ri.ri.cox.net (  10.120 ms  11.272 ms  7.912 ms

3  ip98-190-33-21.ri.ri.cox.net (  11.896 ms  9.496 ms  12.044 ms

4  provdsrj01-ae3.0.rd.ri.cox.net (  10.429 ms  13.194 ms  11.063 ms

5  nyrkbprj01-ae2.0.rd.ny.cox.net (  18.038 ms  15.177 ms  14.140 ms

6  ae0-50g.cr1.nyc3.us.nlayer.net (  16.279 ms  17.128 ms  17.859 ms

7  xe-7-3-0.cr1.lhr1.uk.nlayer.net (  87.076 ms  83.085 ms  82.096 ms

8  ae1-70g.ar1.lhr1.uk.nlayer.net (  83.856 ms  84.420 ms  85.732 ms

as13335.xe-4-0-6.ar1.lhr1.uk.nlayer.net (  82.774 ms  102.143 ms  82.082 ms

10 (  83.317 ms  83.772 ms  82.424 ms

And of course this all goes thru some dummy corporate stuff to fool anyone // if you dig a little // I guess Global Telecom & Technology, Inc. (“GTT”), (OTCBB: GTLT.OB - // – have you seen their stock almost double since the US government stepped up it’s cyber position- good cyber investment I guess–// ), a global network operator providing managed data services to large enterprise, government and carrier customers in over 80 countries worldwide, today announced the acquisition of privately-held, Chicago-based nLayer Communications, Inc. -government and carrier customers/ government and carrier customers / government and carrier customers…//


So gaTo what does all this mean / a simple website statistics can help you see your anonymized visitors – No Flag Fingerprint = TOR/i2p = secure traffic/anoymized  traffic- / or it could be from a government site -knock, knock, knocking at your website door- also or business spying your site, your information. gAtO think it’s a waste of time because gAtO is wasted most of the time when he writes this stuff- RI MMP program, life sucks big time.

Besides the Tor or I2P  traffic// the pattern in the fingerprint that show no country flag: — secure traffic/anoymized — this is open source software that governments have modified for their own skunk work… Governments have taken the 3rd level Tor-Onion routing (code) and has their own similar network, but under the hood is the same core code – “ no Flag” show’s root code flaw, So any webmaster that has a website can find Tor like Exit-Relays or govs, watching you watching them -

: As long as the visitor is visiting from inside the matrix of a anoymized network they must use and Exit-Node-no country flag - GOTCHA—gATO ouT

by the way Chaos Computer Club nice Tor- exit-node


gAtOmAlO lAb nOtEs –=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


traceroute to (, 64 hops max, 52 byte packets

1 (  46.027 ms  12.175 ms  9.976 ms

2  wwcksysc01-gex0103000.ri.ri.cox.net (  15.444 ms  11.472 ms  10.996 ms

3  ip98-190-33-21.ri.ri.cox.net (  10.043 ms  9.272 ms  10.127 ms

4  provdsrj01-ae3.0.rd.ri.cox.net (  9.597 ms  9.633 ms  16.782 ms

5 (  21.272 ms  22.538 ms  21.357 ms

6  ae-6.r21.asbnva02.us.bb.gin.ntt.net (  42.541 ms  50.629 ms  61.680 ms

7  ae-2.r23.amstnl02.nl.bb.gin.ntt.net (  133.403 ms  162.975 ms  137.493 ms

8  ae-2.r02.amstnl02.nl.bb.gin.ntt.net (  136.255 ms  128.778 ms  133.927 ms

9  xe-4-1.r02.dsdfge01.de.bb.gin.ntt.net (  142.335 ms  142.499 ms  141.396 ms

10  xe-3-4.r00.dsdfge02.de.bb.gin.ntt.net (  133.058 ms  128.793 ms *

11 (  132.148 ms  136.187 ms  132.329 ms

12  tor21.anonymizer.ccc.de (  123.563 ms  130.866 ms  121.906 ms —



traceroute to (, 64 hops max, 52 byte packets

1 (  1842.973 ms  9.712 ms  10.324 ms

2  wwcksysc01-gex0103000.ri.ri.cox.net (  9.961 ms  10.751 ms  10.437 ms

3  ip98-190-33-21.ri.ri.cox.net (  12.393 ms  10.226 ms  9.773 ms

4  provdsrj01-ae3.0.rd.ri.cox.net (  19.731 ms  9.270 ms  18.419 ms

5  nyrkbprj01-ae2.0.rd.ny.cox.net (  15.479 ms  15.045 ms  16.067 ms

6  ae0-50g.cr1.nyc3.us.nlayer.net (  15.114 ms  22.195 ms  16.909 ms

7  ae2-70g.cr1.ewr1.us.nlayer.net (  16.976 ms  28.552 ms  15.767 ms

8  xe-3-1-0.cr1.sjc1.us.nlayer.net (  90.901 ms  104.251 ms  90.386 ms

9  ae1-40g.ar2.sjc1.us.nlayer.net (  97.274 ms  91.747 ms  92.165 ms

10  as18779.xe-4-0-4.ar2.sjc1.us.nlayer.net (  91.277 ms  104.404 ms  100.544 ms

11  gw-ao.sjc01.appliedops.net (  98.566 ms  92.947 ms  91.660 ms

12  tor-exit-router35-readme.formlessnetworking.net (  93.154 ms  92.201 ms  92.769 ms



traceroute to (, 64 hops max, 52 byte packets

1 (  19.522 ms  35.384 ms  9.940 ms

2  wwcksysc01-gex0103000.ri.ri.cox.net (  12.016 ms  11.162 ms  9.829 ms

3  ip98-190-33-21.ri.ri.cox.net (  13.815 ms  8.970 ms  9.637 ms

4  provdsrj01-ae3.0.rd.ri.cox.net (  11.118 ms  11.123 ms  9.964 ms

5 (  20.776 ms  20.920 ms  61.446 ms

6  ttc.tenge11-1.br02.ldn01.pccwbtn.net (  95.216 ms  107.984 ms  94.783 ms

7 (  149.863 ms  149.865 ms  149.539 ms

8  vl554-gvrn-sr1.msk1.net.lancronix.ru (  158.159 ms  165.395 ms  157.553 ms (  157.467 ms  157.215 ms  166.376 ms



OSx -Tor Web Crawler Project

OSx Curl .onion sites -how 2 guide- Tor Web Crawler Project

gATO hAs - been looking into mapping the Tor -.onion network crawling it from aA to zZ , from 1-7 all 16 digits. I use OSx for most of my work and I wanted to curl an .onion site and check it out. As I dug around I found that if I just check my Vidalia.app it will show me were everything is located. Then the fun begins

find your /TorBrowser_en-US-6.app then click and look at the file Info  then go to: TorBrowser_en-US-6.app/Contents/MacOS/

cd - TorBrowser_en-US-6.app/Contents/MacOS/

once here :

- this will show you the files

ls -fGo 

total 5976

drwxr-xr-x  7 richardamores      238 Jun  8 07:11 .

drwxr-xr-x  7 richardamores      238 Feb 19 06:54 ..

drwxr-xr-x  3 richardamores      102 Feb 19 06:54 Firefox.app

-rwxr-xr-x  1 richardamores  3045488 Feb 19 06:54 tor

-rwxr-xr-x  1 richardamores     1362 Feb 19 06:54 TorBrowserBundle

drwxr-xr-x  4 richardamores      136 Feb 19 06:54 Vidalia.app

-rw-r–r–  1 richardamores     6435 Jun  8 07:11 VidaliaLog-06.08.2012.txt

Now I fire up the tor application ./tor

Next open up another Terminal box and check to see if Tor port is open and LISTENing on port 9050

netstat -ant | grep 9050 # verify Tor is running

Once you can see port 9050 LISTEN then your ready to use curl—

curl -ivr –socks4a http://utup22qsb6ebeejs.onion/

curl -ivr –socks4a http://nwycvryrozllb42g.onion  

curl -ivr –socks4a  http://2qd7fja6e772o7yc.onion/

curl -ivr –socks4a http://5onwnspjvuk7cwvk.onion/

curl -ivr –socks4a http://6sgjmi53igmg7fm7.onion/

curl -ivr –socks4a http://6vmgggba6rksjyim.onion/

Here are a few site that you can check out:../ curl is just one of those tools that keeps on giving and of course if I can get one APP to work thru Tor on OSx, then I can get other apps to use Tor as a proxy for all my line command –time to have some fun- gATO oUt

Lab -Notes

  1. sudo apt-get install tor
  2. sudo /etc/init.d/tor start
  3. netstat -ant | grep 9050 # verify Tor is running

here is a good crawler  to play with


$ch = curl_init(‘http://google.com’);

curl_setopt($ch, CURLOPT_HEADER, 1);

curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);

curl_setopt($ch, CURLOPT_PROXY, ‘https://127.0.01:9050/’);




$ch = curl_init(‘http://google.com’);

curl_setopt($ch, CURLOPT_HEADER, 1);

curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);

// Socks5

curl_setopt($ch, CURLOPT_PROXY, “localhost:9050″);




Tor Web Crawler


did not work – netstat shows it on socks4 not socks5

curl -s –socks5-local –user-agent “Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US;rv: \ Gecko/20100401 Firefox/3.6.3″ -I http://utup22qsb6ebeejs.onion/

turn on ToR

Run  /Users/gatomalo/Downloads/TorBrowser_en-US-6.app/Contents/MacOS/tor

cd /Users/gatomalo/Downloads/TorBrowser_en-US-6.app/Contents/MacOS


now check for 9050 running proxy

netstat -ant | grep 9050

Now run your network commands thru socks port 9050


ls -fGo

total 5976

drwxr-xr-x  7 richardamores      238 Jun  8 07:11 .

drwxr-xr-x  7 richardamores      238 Feb 19 06:54 ..

drwxr-xr-x  3 richardamores      102 Feb 19 06:54 Firefox.app

-rwxr-xr-x  1 richardamores  3045488 Feb 19 06:54 tor

-rwxr-xr-x  1 richardamores     1362 Feb 19 06:54 TorBrowserBundle

drwxr-xr-x  4 richardamores      136 Feb 19 06:54 Vidalia.app

-rw-r–r–  1 richardamores     6435 Jun  8 07:11 VidaliaLog-06.08.2012.txt


curl -S –socks5-hostname -I http://utup22qsb6ebeejs.onion/

HTTP/1.1 200 OK

Date: Thu, 12 Jul 2012 17:49:49 GMT

Server: Apache/2.2.22 (Ubuntu)

X-Powered-By: PHP/5.3.10-1ubuntu3.2

Set-Cookie: fpsess_fp-a350e65d=8hg0upuuhcpuf4pgvg45l9c2b2; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Vary: Accept-Encoding

Transfer-Encoding: chunked

Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”>

<html xmlns=”http://www.w3.org/1999/xhtml”>


<title>My Hidden Blog</title>

<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″ />

<!– start of jsUtils –>

<script type=”text/javascript” src=”http://utup22qsb6ebeejs.onion/fp-plugins/jquery/res/jquery-1.4.2.min.js”></script>

<script type=”text/javascript” src=”http://utup22qsb6ebeejs.onion/fp-plugins/jquery/res/jquery-ui-1.8.2.custom.min.js”></script>

<!– end of jsUtils –>


<meta name=”generator” content=”FlatPress fp-0.1010.1″ />

<link rel=”alternate” type=”application/rss+xml” title=”Get RSS 2.0 Feed” href=”http://utup22qsb6ebeejs.onion/?x=feed:rss2″ />

<link rel=”alternate” type=”application/atom+xml” title=”Get Atom 1.0 Feed” href=”http://utup22qsb6ebeejs.onion/?x=feed:atom” />



<link media=”screen,projection,handheld” href=”http://utup22qsb6ebeejs.onion/fp-interface/themes/leggero/leggero/res/style.css” type=”text/css” rel=”stylesheet” /><link media=”print” href=”http://utup22qsb6ebeejs.onion/fp-interface/themes/leggero/leggero/res/print.css” type=”text/css” rel=”stylesheet” />


Some other curl switches =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

–connect-timeout <seconds>

Maximum time in seconds that you allow the connection to the server to take.  This only limits the con-

nection  phase,  once  curl  has  connected  this  option is of no more use. See also the -m/–max-time



If this option is used several times, the last one will be used.


-D/–dump-header <file>

Write the protocol headers to the specified file.


This  option  is handy to use when you want to store the headers that a HTTP site sends to you. Cookies

from the headers could then be read in a second curl invocation by using the  -b/–cookie  option!  The

-c/–cookie-jar option is however a better way to store cookies.


When  used  in  FTP,  the  FTP  server response lines are considered being “headers” and thus are saved



If this option is used several times, the last one will be used.




(HTTP)  Fail silently (no output at all) on server errors. This is mostly done to better enable scripts

etc to better deal with failed attempts. In normal cases when a HTTP server fails to  deliver  a  docu-

ment,  it returns an HTML document stating so (which often also describes why and more). This flag will

prevent curl from outputting that and return error 22.


This method is not fail-safe and there are occasions where  non-successful  response  codes  will  slip

through, especially when authentication is involved (response codes 401 and 407).





(FTP,  POP3,  IMAP, SMTP) Try to use SSL/TLS for the connection.  Reverts to a non-secure connection if

the server doesn’t support SSL/TLS.  See also –ftp-ssl-control and –ssl-reqd for different levels  of

encryption required. (Added in 7.20.0)


This  option  was  formerly known as –ftp-ssl (Added in 7.11.0) and that can still be used but will be

removed in a future version.


-H/–header <header>

(HTTP)  Extra  header to use when getting a web page. You may specify any number of extra headers. Note

that if you should add a custom header that has the same name as one of the internal  ones  curl  would

use,  your externally set header will be used instead of the internal one. This allows you to make even

trickier stuff than curl would normally do. You should not replace internally set headers without know-

ing perfectly well what you’re doing. Remove an internal header by giving a replacement without content

on the right side of the colon, as in: -H “Host:”.


curl will make sure that each header you add/replace is sent with the proper  end-of-line  marker,  you

should thus not add that as a part of the header content: do not add newlines or carriage returns, they

will only mess things up for you.


See also the -A/–user-agent and -e/–referer options.


This option can be used multiple times to add/replace/remove multiple headers.


-o/–output <file>

Write output to <file> instead of stdout. If you are using {} or [] to fetch  multiple  documents,  you

can  use ‘#’ followed by a number in the <file> specifier. That variable will be replaced with the cur-

rent string for the URL being fetched. Like in:


curl http://{one,two}.site.com -o “file_#1.txt”


or use several variables like:


curl http://{site,host}.host[1-5].com -o “#1_#2″


You may use this option as many times as the number of URLs you have.


See also the –create-dirs option to create the local directories dynamically. Specifying the output as

‘-’ (a single dash) will force the output to be done to stdout.


-r/–range <range>

(HTTP/FTP/SFTP/FILE) Retrieve a byte range (i.e a partial document) from a HTTP/1.1, FTP or SFTP server

or a local FILE. Ranges can be specified in a number of ways.


0-499     specifies the first 500 bytes


500-999   specifies the second 500 bytes


-500      specifies the last 500 bytes

9500-     specifies the bytes from offset 9500 and forward


0-0,-1    specifies the first and last byte only(*)(H)



specifies 300 bytes from offset 500(H)



specifies two separate 100-byte ranges(*)(H)




Makes  the fetching more verbose/talkative. Mostly useful for debugging. A line starting with ‘>’ means

“header data” sent by curl, ‘<’ means “header data” received by curl that is hidden  in  normal  cases,

and a line starting with ‘*’ means additional info provided by curl.


Note  that if you only want HTTP headers in the output, -i/–include might be the option you’re looking



If you think this option still doesn’t give you enough details, consider using –trace or –trace-ascii



This option overrides previous uses of –trace-ascii or –trace.


Use -s/–silent to make curl quiet.


Online Security Basic -should I use encryption

gAto fOuNd - this -/ Basic Security Guide /- a while ago in the .onion and while I don’t agree with everything in this write-up I learned some new things. At the end of the day –/ they can’t take away what’s in your head -always be a critical thinker - gAtO oUt

Online Security Basic - link are .onionLand

Transcribed from http://g7pz322wcy6jnn4r.onion/opensource/generalguide.html on 2011-04-16.


Basic F.A.Q.

What is encryption?

Encryption is a method of encoding information in such a way that it is computationally difficult for eavesdroppers to decode, but computationally easy for the intended recipient to decode. In practical terms, encryption makes it almost impossible for you to be successfully wiretapped. Encryption can also make it essentially impossible for computer forensic teams to gather any data from your hard disk drive. Encryption is the process of making information difficult or impossible to recover with out a key. The key is either a passphrase or a huge random number protected by a passphrase. Encryption algorithms fall into two primary categories: communications and storage. If you use a program such as GPG to encrypt your E-mail messages, you are using encryption for communications. If you use a program such as Truecrypt to encrypt your hard disk drive, you are using encryption for storage.

Is there a big difference between storage and communication encryption?

Yes. Data storage encryption often uses only symmetric algorithms. Communication encryption typically uses a combination of asymmetric and symmetric algorithms. Asymmetric algorithms are generally far easier to break than symmetric algorithms. In practice this is not significant as the computing power required to break either strong asymmetric or strong symmetric algorithms is not likely in the grasp of any agency.

Should I use encryption?

Yes! If you participate in the Internet underground it is essential for your continued freedom that you learn how to use encryption programs. All communications should be encrypted as well as all stored data. For real time communication encryption we suggest either Pidgin or Adium instant messages with the OTR plug-in. For non-real time communication encryption we suggest GPG. Truecrypt does a great job of encrypting stored data and can also encrypt the OS partition if you use Windows. Various flavors of Linux and Unix also allow for the OS partition to be encrypted although the particular program used will vary. If an alternative installation CD is used Ubuntu allows for OS partition encryption during the installation process.

What is plausible deniability?

When discussing stored data encryption plausible deniability means that an encrypted container can decrypt into two different sets of data depending on the key used. Plausible deniability allows for you to pretend to cooperate with authorities with out them being able to tell you are not cooperating. For example, perhaps they demand you give up your password so they can decrypt some of your communications or stored data. If you used a system with plausible deniability you would be able to give them a password that would indeed decrypt the encrypted data. However, the decrypted data they can now see will be non-sensitive data you intentionally allowed for them to decrypt. They can not see your sensitive information and they can not prove that you didn’t cooperate.

Do I need plausible deniability?

Possibly. It really depends on where you live. In the U.K. it is a crime to refuse to give law enforcement your encryption keys on demand. Refusal to reveal encryption keys is punishable by several years in prison, but this is quite possibly a lot less time than you would get if you did reveal your encryption keys. In the U.S.A. the issue has not yet gone to the supreme court and lower judges have ruled in both directions. In general it is a good idea to use plausible deniable encryption when possible. Truecrypt supports plausible deniability for all functions under Windows. For Linux there is no current software supporting out-of-the-box plausible deniability of the OS partition. With Linux you may be able to achieve a type of plausible deniability by encrypting your entire drive and putting the bootloader on another device. Then you can argue the drive was freshly wiped with a PRNG and there is no key to decrypt.

Of course the police can break encryption, right?!

If you are using a strong encryption program (such as GPG, OTR, Truecrypt, etc) and a long and random password (or automatically generated session key, such as OTR) the police are not going to be able to directly break the encryption. This is not to say they can not get your key in other ways! For example they could install a keylogger onto your keyboard or use various transient signal attacks to capture your key while you type it. An emerging method of encryption key compromise uses application layer exploits to remotely grab keys from RAM. These ‘side channel’ attacks need to have active measures taken against them (the best of which are using a strong anonymity solution and hardened OS).

What about the NSA?

The NSA is not going to be able to break strong data storage encryption algorithms (symmetric). They are also probably not able to break strong communication encryption algorithms (asymmetric). Very powerful quantum computers can be used to greatly reduce the bit strength of an encryption algorithm. Symmetric algorithms have their bit strength cut in half. Asymmetric algorithms are easily broken by such powerful computers. If you are using AES-256 a powerful quantum computer will reduce its bit strength to the still unbreakable 128. If you are using even a 4,096 bit RSA key with GPG, a powerful quantum computer can break the encryption. However, keep two things in mind; It is not likely that the NSA or anyone else has such a computer, and anyone sane will assure you that unless you are a foreign military or major terrorist the NSA will not act on any intelligence they gather by by breaking your communication encryption.

But anything can be hacked, right? Why not encryption?

Encryption algorithms are not hacked, they are cryptanalyzed. Not every single thing done with a computer can really be considered hacking. Hackers may be able to exploit the implemented code of a program using an encryption algorithm, but even the best hackers tend to know little about encryption. Hacking and cryptography are not the same field and most hackers who think they know a lot about encryption actually know very little about it. Encryption is a field of pure mathematics and good encryption algorithms are based firmly on the laws of mathematics as they are currently understood. Unless there is some very unlikely discovery in the field of mathematics the security claims made about most encryption algorithms will stand firm even if the best hackers (or even more impressively cryptographers) in the world try and attack them.

Note: Some hackers are skilled enough to side channel your encryption with application layer exploits unless you take hardening counter measures. This is not hacking the encryption algorithm although it is using hacking to counter encryption. Following our general security guide (later on this page!) will make it much harder for hackers to do this. To hack you through Open Source the attacker will first have to compromise Open Source, we have taken many security measures to make this very difficult to do.

Using encryption programs myself is difficult, but Hushmail, Safe-Mail or (Insert name here) will manage it for me!

Fully web based services can not really offer you strong encryption. They manage your keys for you and for this reason they have access to your keys. It does not matter what the company is named or what they promise, all of them are liars and some are probably honeypots. These services will not offer you strong encryption and law enforcement will be able to gain access to your communications. If you play with fire you need to learn how to protect yourself or you will be burned. It is not overly difficult to manage your own encryption and it is the only possible way for you to maintain your security.

What exactly is anonymity?

Anonymity is the property of being indistinguishable from a given set size (number of others). In the way the term is commonly used anonymity is the inability to be traced. A trace could mean that an attacker follows your communication stream from you to the end destination you are communicating with. A trace could also mean that an attacker follows a trail of logs from the end destination you communicate with back to your location. Anonymity solutions make it difficult to trace your communications and by doing so also make it harder to map out the networks you participate in. Anonymity can also be used to prevent censorship. If a server is hosted as part of an anonymity network and its location can not be determined then an attacker is incapable of demanding the censorship of the services hosted by the server.

Why do I need anonymity?

If you are not using an anonymity solution your presence on the Internet can be trivially traced back to your presence in real life. If you are participating in activities on the Internet which you would not want to be traced to your real life identity, you need anonymity. If you are participating in a network you need anonymity to protect yourself from network analysis. If no one on your network is using anonymity solutions and the police bust one of them, they will be able to see who all they communicated with as well as who all those people communicated with etc. Very quickly and with high precision the police will be able to map out the entire network, going ‘outward’ to many degrees. This may be useful for evidence (for use in court) and it is certainly useful for intelligence (so they know where to look next).

I already use encryption so there is no need for me to be anonymous!

Although encryption and anonymity highly compliment each other they serve two different goals. Encryption is used to protect your privacy, anonymity is used to hide your location and protect you from network analysis. Strong anonymity requires encryption, and encryption is greatly benefited when combined with anonymity (after all, it is hard to install a keylogger if you don’t know where the target is located!). If you use strong encryption but no anonymity solution the feds may not be able to see what you say but they will know who you are and who you are talking with. Depending on the structure and purpose of your network, a single compromised node may very well remove all benefits of using encrypted communications. Many of the most realistic and devastating attacks on encryption systems require the attacker to gain a physical presence; if you are not using an anonymity solution this is trivial for them to do. If the feds do not know where you are, they can’t bug your keyboard with a keylogger. Anyone who says you do not need anonymity if you use encryption should be looked at with great suspicion.

Tor exit nodes can spy on my communication streams so I should not use it!

If you use Tor to connect to the open Internet (.com instead of .onion) it is true that the exit node can spy on your communications. You can reduce the risk of this by making sure you only connect to SSL websites (https:// instead of http://). You can further reduce the risk of this by always checking the fingerprint of the SSL certificate and making sure it does not change with out an adequate reason being presented by the site administrator. You can eliminate the risk of a spying exit node in some contexts. For example if you encrypt a message yourself with GPG before you send it, the exit node will not be able to break the encryption even if they are spying.

Tor is not meant for privacy (unless you only access .onions) it is meant for anonymity! If you want privacy while using Tor you will need to either only access .onions or you will need to layer it on yourself by using GPG, SSL, OTR or other encryption on top of it. Using Tor to connect to the open Internet with out using any privacy tools yourself can actually reduce your privacy from some attackers. Remember, Tor to the open Internet is for anonymity it is not for privacy. Anonymity is just as important as privacy. Also, networking tools with a larger focus on privacy than anonymity (such as VPNs), will not offer you privacy from law enforcement anymore than Tor will and they also tend to offer substantially worse anonymity!

If I use Tor can I be traced by the feds?

So far, probably not unless you get very unlucky or misconfigure something. The feds are getting better at tracing people faster than Tor is getting better at avoiding a trace. Tor is for low latency (fast) anonymity, and low latency solutions will never have the ability to be as anonymous as high latency (very slow) solutions. As recently as 2008 we have documented proof that FBI working with various other international federal agencies via Interpol could not trace high priority targets using the Tor network. There is a large amount of information indicating that this is still the case. This will not be the case forever and better solutions than Tor are going to be required at some point in the future. This does not mean you should stop using Tor! It is quite possible that no VPN solution offers better anonymity than Tor, and the only low latency network which can be compared to Tor in terms of anonymity is I2P. Freenet is an anonymous datastore which possibly offers better anonymity than Tor or I2P. In the end it is very difficult to say what the best solution is or who it will hold up to, but most people from the academic anonymity circles say Tor, I2P or Freenet are the best three options. JAP is considered worse than the three previously suggested solutions, but better than most VPN services. You should at the very least use an encrypted two hop solution if you want a chance at remaining anonymous from the feds.

Traced is a very particular term. It means that the attacker either can observe your exit traffic and follow it back to your entry point or that the attacker can see your traffic enter a network and follow it to its exit point. Tor does a good job of protecting from this sort of attack, especially if you have not pissed off any signals intelligence agencies. Tor does not protect from membership revealment attacks! It is vital that you understand this attack and take measures to counter it if you are a vendor. To learn more about how to counter this attack keep reading this document, we discuss more in the applied security advice section on this page.

If I use Tor can I be traced by the NSA?

Probably. If you want a chance of being anonymous from the NSA you should research the Mixmaster and Mixminion remailer networks. NSA usually traces people by hacking them and doing a side channel attack. They have dozens of zero day exploits for every major application. This is also how they compromise GPG and FDE. Your best bet to remain anonymous/secure from the NSA is to use ASLR with a 64 bit processor to protect from hacking + Tor + Random WiFi location.Using airgaps can protect from them stealing encryption keys. This would involve using one machine with access to the internet to receive data, transfer the encrypted data to another machine with a CD which you then destroy, and decrypt on a machine with no access to the internet. Don’t reuse transfer devices or else they can act as compromise vectors to communicate between the machine with no internet connection and the machine with internet connection. Mixminion is better than mixmaster.

If I use hacked cable modems am I untraceable?

No, the cable company can trace you and so can the police and feds. However, it will make it more difficult for them to do so. People have been busted using this technique by itself!

If I use hacked or open WiFi am I untraceable?

The degree of untraceability you get by using WiFi access points depends largely on how you are using them. If you always use your neighbors connection, the trace will go to your neighbor before it goes to you. However, if law enforcement make it to your neighbors house before you stop the pattern of behavior, they can use WiFi analysis equipment to trace the wireless signal from your neighbors router and back to you. Many people have been busted this way. Also, if you use many different WiFi access points but they fit into a modus operandi (such as always from a particular type of location, maybe coffee shop) , you can eventually be identified if law enforcement put enough effort into doing so. Some people have been busted using this technique. If you use a brand new random location (harder than it sounds) every time you make a connection your identity can still be compromised, but the amount of effort required increases tremendously (assuming you are protected from side channel attacks anyway, be they CCTV cameras or remote WPS infections). We have not heard of anyone being busted if they used a brand new randomly selected WiFi access point for every connection.

If I send a package domestic to the USA with USPS do they need a warrant to open the package?

Yes, if it is sent in such a way that it could contain communications. For example, a letter will require a warrant but perhaps a very large and heavy box will not. For the most part, they need a warrant. No other mailing company requires a warrant to open any sort of packages. International packages can be inspected by customs with no need for a warrant.

Should I use masking scents, such as perfumes etc?

No, masking scents will not prevent a dog from hitting on the package. Masking scents will however make the package seem more suspicious to humans. Vacuum seal the product and be very careful to not leave any residues.

Applied Security Guide

Step Zero: Encrypt your hosts HDD

If you use Windows this can be done with Truecrypt

If you use Linux there are various ways you can accomplish this, usually an install time option

Step One: Configure the base system, harden OS

Application layer attacks exploit programming or design flaws of the programs you use, in general the goal of such attacks is to take over your system. For a deeper look at application layer exploits please check out the this page. These attacks are very dangerous because they can circumvent a lot of the other security you use, like encryption and anonymity solutions. The good news is that Open Source acts as an application layer firewall between you and everyone you communicate with through Open Source. We have taken great care to harden our server from attack and even if you take no precautions yourself it should not be trivial for you to be hacked through our server. However it is still a good idea for you to harden your own system. You don’t know for sure if you can trust us and there is no reason to be a sitting duck if our server is indeed compromised.

The first step you should take is running the operating system you use to connect to Open Source in a Virtual Machine. We suggest that you use Virtualbox. Virtual machines like Virtualbox create virtual hardware and allow you to run an operating system on this virtual hardware. It sounds complex but you really don’t need to know a lot about the theory, Virtualbox does all the work for you. There are a few reasons why you should use a virtual machine. The primary reason is that if the browser in your virtual machine is hacked the attacker is stuck inside of the virtual machine. The only way they can get to your normal OS is if they find a vulnerability in the virtual machines hypervisor, this adds complexity to their attack. The second reason you should use a virtual machine is because it makes it easier to use Linux if you are used to Windows or Mac OSX. Linux is a lot easier to secure than those operating systems but it is also harder to use. By using a virtual machine you can use your normal OS and Linux at the same time, Linux runs as a guest OS in a window on your normal (host) OS.

It is very simple to set up a virtual machine. Download and install Virtualbox. After launching it you will need to create a new VM. It is pretty simple and the program will walk you through the steps. Make sure to create a large enough virtual drive to install an OS, I suggest around ten gigabytes. You will need an install image so you can put the OS of your choice on the VM. Download the most recent Ubuntu ISO and use this. Remember, it doesn’t really matter if you don’t know how to use Linux. All you are using this VM for is using Firefox to browse Open Source, security comes before ease of use! Now that your virtual machine has been created you need to point it to your Ubuntu install CD. You can do this by going to the machines storage tab in the Virtualbox manager and pointing the CD drive to your install ISO. You will possibly be required to configure your virtual machine to connect to the internet if the default settings do not work for you, but chances are high that they will. Now you need to boot the virtual machine and install Ubuntu. Installing Ubuntu takes a little over half an hour and is very easy, you can simply select to use the default options for almost all of the steps.

Now that Ubuntu has been installed in a virtual machine it is time to start hardening it. The first step is to make sure it is fully patched and up to date. You can do this by going to System -> Administration -> Update manager from the bar on the top of your screen. Make sure you install all new updates because the updates include important security patches. It will take a while to update your system.

Now it is time to do some more advanced hardening steps. These steps may seem to be difficult if you are not very advanced technically, but don’t worry it is all just following instructions and you only have to do it once. Go to Applications -> Accessories -> Terminal from the top bar on your screen. This will launch a command line interface. Now type in the following commands hitting enter after each:

sudo aa-enforce /etc/apparmor.d/*


This command enables every AppArmor profile that Ubuntu ships with, including one for Firefox. AppArmor is an application layer firewall and makes it a lot harder for a hacker to compromise an application configured with a profile.

sudo apt-get install bastille

This downloads a generic hardening script that will walk you through some automated steps to make your system more secure.

sudo bastille -c

This launches the bastille hardening script. It will walk you through every step, in general you should select the default option. Make sure you at least read every step, there might be some things you don’t want it to do but in general the default options are good.

Step Two: Configure Tor and GPG, harden Firefox

Follow these simply step by step guides in order

Install TorInstall GPGConfigure Firefox with Tor and Harden it

Although it is not required for customers to know how to use GPG they still should. Our system will protect your communications in some ways. Your messages are stored in encrypted containers set to dismount if an intrusion is detected. Our server is highly hardened and resistant to hackers infiltrating it and spying on your messages. We are also a Tor hidden service and therefor offer encryption from you to us and from us to the people you communicate with. Our server is still the weak point in this system, a particularly skilled hacker could compromise the server and manage to spy on your communications undetected. The server could be traced by an attacker who could then flash freeze the RAM and dump the encrypted container keys. As far as you know we could even be law enforcement, or law enforcement could compromise us at a later date (the first is not true and the second is not likely, but do you really know this?). Our system does not hide your communications from us if we are your adversary, the same is true for Hushmail and Safe-mail. You can protect your communications with high grade encryption algorithms simply by learning to use GPG and it isn’t hard so we highly suggest you do it. Vendors are required to accept GPG encrypted orders!

Step Three: Conceal your membership (VERY IMPORTANT FOR VENDORS)

Using Tor by itself is not enough to protect you, particularly if you are a vendor. Membership revealment attacks combined with rough geolocation intelligence can lead to a compromise! The gist of a membership revealment attack is easy to understand. The attacker merely determines everyone who is connecting to a particular network, even if they are incapable of determining where the traffic being sent through the network is destined for. Tor does a good job of preventing an attacker who can see exit traffic from following the stream back to your location. Unfortunately, if you ship product the attacker can determine your rough geolocation merely by determining where you ship product from. If the attacker already knows your rough geolocation and they are capable of doing a membership revealment attack to determine who all in your area is connected to Tor, they can likely narrow down your possible identity to a very small set size, possibly even a set size of one.

This is not likely to be useful for evidence but it will provide strong intelligence. Intelligence is the first step to gathering evidence. The attacker may put everyone in your area who they detect are connecting to the Tor network under meatspace surveillance looking for evidence of drug trafficking activity. For this reason it is highly important that you protect yourself from membership revealment attacks!

Membership revealment attacks are less a worry for customers (provided financiall intelligence is properly countered to avoid an attacker finding rough customer geolocations!) than they are for vendors. There are a few reasons why this is true. First of all a customer is likely to reveal more about their identity when they place an order than the attacker will be able to determine with a geolocation + membership revealment attack. Secondly, the vendors allowed to operate on Open Source have been highly screened to significantly reduce the probability that any of them are federal agents, but the customers on Open Source are not only anonymous but they are also not screened at all. Third of all, the organizational structure reduces the risk for customers; a customer may work with a few vendors but each vendor is likely to be working with hundreds or thousands of customers. Customers sourcing from Open Source are at minimal risk even if they have products delivered directly to there own residence, vendors working on Open Source at particularly vulnerable to membership revealment attacks due to the open nature of the site.

The primary concern for customers is that they load finances anonymously and the vendor decentralizes their financial network. If a vendor is using a star network (centralized) financial topology there is a risk that an attacker could map out the geographic locations where customers loaded funds. After determining where funding was loaded the attackers could do anonymizer membership revealment attacks in an area around the load point and filter out everyone who is not using an anonymizer. This will likely leave the customer and few others. The attacker may even be able to compare CCTV footage of the load to the users of anonymizers in the area and look for a facial recognition match. To counter this it is important for customers to make use of good financial counter intelligence techniques (E-currency layering being one). Customers may also choose to utilize transients by paying them a fee to load currency, this way the customer avoids being on CCTV at any point. If vendors decentralize funding points (ditch the star network topology) customers will be strongly protected from such attacks, however it is impossible for a customer to ensure that a vendor is using a 1:1 customer to account/pseudonym identification ratio.

There are several ways you can protect yourself from a membership revealment attack, if you are a vendor it would be foolish to not take one of these countermeasures. The primary way to protect from a membership revealment attack is to make sure you do not enter traffic through the same network you exit traffic through. As all traffic to Open Source ‘exits’ through the Tor network, entering your traffic through a VPN first will reduce your vulnerability to membership revealment attacks. The attacker will have to determine who all in your area uses any anonymizing technology and put all of them under meatspace surveillance, there are likely to be far more people in your area using some sort of proxy system than there are people using Tor in particular. This will substantially increase the cost of putting all ‘potential targets’ under surveillance.

Using a VPN is helpful but it is not the most ideal solution. Your crowd space against a membership revealment attack will increase but perhaps not by much depending on the particular area you work out of. Also, a particularly skilled attacker may be able to determine you are using a VPN to connect to Tor by fingerprinting traffic streams. Tor traffic is padded to 512 byte size packets, normal VPN traffic is not. By filtering for 512 byte streams, an attacker can determine who all is using Tor in a given area. VPN’s protect from IP routing based membership revealment attacks but not from traffic fingerprinting membership revealment attacks. However, it is less likely that an attacker will be able to do a traffic fingerprinting membership revealment attack. The Chinese intelligence services apparently are still using IP address based attacks to block access to the Tor network. This is not nearly as effective as traffic fingerprinting based attacks. This could be an indication that traffic fingerprinting membership revealment attacks are more difficult to carry out (likely), however it could also be due to a lack of skill on the part of Chinas intelligence services. It could also be that China is not particularly interested in blocking/detecting all Tor traffic and IP address based attacks meet their requirements.

A better option than using a VPN would be to set up a private VPS and then enter all of your Tor traffic through this. Doing this will make you much more resistant to IP address based membership revealment attacks because now the attacker will not even be able to narrow you down to all people in your area using any anonymity technology. This is still weak to traffic fingerprinting membership revealment attacks!

Perhaps the best option to avoid membership revealment attacks is to use open or cracked WiFi from a different location + Tor every single time you connect. You could even use open Wifi + VPN/VPS + Tor for very high security from membership revealment attacks. Using random (not your neighbors) open/cracked WiFi greatly increaces your resistance to a wide variety of identity revealing attacks. An attacker can still do membership revealment attacks on users of open WiFi but they can no longer gain useful intelligence from the attack. If they detect that an open WiFi connection unrelated to you is using Tor it can not be used to put you under meatspace surveillance unless they manage to identify you (facial recognition from CCTV cameras, etc).

If you are operating as part of a group you can avoid membership revealment attacks via smart organizational policy. The person responsible for communicating with customers should be different from the person shipping orders. Now the customers are incapable of determining where your actual rough geolocation is because product is sent from a different geographic area than you communicate from. Your shipper should be aware that they will potentially come under scrutiny via a geolocation + membership revealment attack, especially if they use Tor to enter traffic.

nother option is to configure Tor to use a bridge. Tor bridges are designed to allow people in nations such as China the ability to connect to the Tor network. China uses IP address based blocking to prevent users from connecting to known Tor nodes. Bridges are Tor entry guards that are not publicly listed and have a limited distribution mechanism. You can get some Tor bridge IP addresses from the Tor website. We do not suggest you use Tor bridges because they replace your entry guard and they are under crowded. This will lead to a lot less multiplexing on your Tor circuit and can hurt your anonymity in other ways, although it will indeed offer some level of protection from membership revealment attacks. China has managed to detect about 80% of Tor bridges, it is likely that NSA knows all of them. Police agencies in the West are probably not yet particularly worried about locating bridge nodes but they can probably do so with near the same accuracy as China. In our opinion it is not smart to rely on a Tor bridge to protect you from membership revealment attacks in most cases.

Step Four: Know how to do safe product transfer, handle finances safe

Note: Although customers sourcing from Open Source are encouraged to take the best security measures they can, it is not likely required for them to utilize advanced operational security regarding mail (such as fake ID boxes, tactical pick utechniques, etc). Because the vendors allowed to be listed here have been highly screened it is likely safe for customers to have product delivered directly to their homes. If you only work with highly trusted and trusted vendors your biggest concern will be a package being intercepted!



The Deep Dark Web -Book

gAtO sAy -mEoW you all- we have a new book coming out soon “The Deep Dark Web” and just wanted to write this as the foreword for the book, I thought it was interesting …//looking for peer review of book…write us

This book is to inform you about “The Deep Dark Web”. We hear that it’s a bad place full of crooks and hackers, but it is more a place were you have total anonymity as an online-user and yes there are ugly places in the dark web but it’s a small part of it. What it really is all about it’s freedom of expression, freedom of speech worldwide, supported by “us/we” the users of the network. It’s not controlled by any government, but blocked by a few like Syria, Iran, Ethiopia, China to name a few governments that want to deny their own people free access to information, to speak freely about their grievances and unite to tear down there walls of oppression.

Pierluigi and I (gAtO) share a passion for cyber security we write different blogs Pierluigi has http://securityaffairs.co/wordpress/ and my site is uscyberlabs.com . We also write at other blogs and print media. We did’nt know it at the time but, we were writing cyber history as the 2011- 2012 cyber explosion took off we were at ground zero writing about Stuxnet, HBGrays, the LulzPirates, Anonymous but the Arab Spring was an awaking :

The recent revolution in Egypt that ended the autocratic presidency of Hosni Mubarak was a modern example of successful nonviolent resistance. Social Media technologies provided a useful tool for the young activist to orchestrate this revolution. However the repressive Mubarak regime prosecuted many activists and censored a number of websites. This made their activities precarious, making it necessary for activists to hide their identity on the Internet. The anonymity software Tor was a tool used by some bloggers, journalists and online activists to protect their identity and to practice free speech.

Today we have lot’s of anonymity communication tools I2P, Freenet, Gnunet and Tor to name a few. Why did the TorProject.org Tor-.onion network become the facto application to get free, private, anonymized Internet access. My conclusion is it’s humble beginnings with “Naval Research Project & DARPA (Defense Advanced Research Project Agency) ” sponsored, maybe you heard of DARPA they kinda created the Internet a long time ago. The government wanted to have a communication secure media that would piggy-bak on the establish Internet. From my point of view when they saw how good this worked the government used it to allow it’s agents to quietly use the network for CIA covert operations (just to name a few alphabet soup government agencies that use it). For example a branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

Journalist got a hold of this tool and they too were able to file reports before governments agents censored their interviews and film footage. The EFF (Electronic Frontier Foundation) got a hold of the Tor-networks and promoted it to maintaining civil liberties online. When the common business executive visited a foreign country (like China know to monitor foreigners Internet access) they now had a way to securely connect to their corporate HQ data-center without being monitored and giving away IP (Intellectual Properties). The Tor-Network became to good and the bad guy’s moved in to keep their illegal business safer from the law. The Internet Cyber-criminal has used the claer-web since the start so of course they went over to the Tor-.onion network because it works if you use it right and keeps you anonymous online.

With all this happening and the “Year of the Hack 2011” you can see why security geeks like Pierluigi and I became intrigued with this subject and we teamed up to write this manuscript hoping to answer some of the questions our friends, and peers were asking us about this mysterious hidden world call the deep dark web. We outlined a table of content and started to write about it in our blogs and the story unfolds from here to you. We hope to educate you on how this network works without too much geek talk (ok just a little). We cover the cyber criminals and their ecosystem we cover the financial currency (bitCoins) that is replacing fiat currencies all over the world during this unstable financial times. We tried to cover all the good , the bad and the ugly of the .onion network. We hope it will answer some of your questions but I am sure that more question will come up so feel free to come to our websites and give us a shout and ask your questions about the deep dark web…. - gAtO oUT 


Hide SCADA in the ToR network – ..-hiding in plain site..

Hide SCADA in the ToR network – ..FREE-hiding in plain site..

any internet connection 2-ToR

gAtO cAn -now provide your company a FREE .onion network – reliable 24/7 secure / encrypted / untraceable communication between your SCADA systems talking to each other and the main office giving you real-time data from any remote SCADA  site. As an example from Scheider Electric white paper on – Video Surveillance Integrated with SCADA – White Paper  – we can now take that physical video security of all your remote video assets and transmit them securely, encrypted and untraceable to anyplace in the world to your datacenter. When going in and out of the invisible .onion network, you can control the entry and exit relays so picking safe verified relays to use is easy, or you can use your own relays, the more relays the better the system becomes at making you more invisible. The more people that use it the more untraceable and unmonitored it becomes. This kind of SCADA  communication in the ToR- onion network redefines geo-political digital boundaries. Since it rides on any Internet connection it can be used anywhere.

in the ToR-.onion network merchants can’t spy on you and they can’t steal your information

Not if but when —business take over the ToR- .onion network it will change the landscape and give it more order but it will still give the user anonymity thats the key to this network your signal, your voice cannot be found but you can still communicate. The ToR- .onion network rides not on top or the bottom of the digital super-highway but thru it.

Let’s keep in mind that access to the ToR-.onion network is FREE to anyone and your company’s use of the network makes it safer for everyone since the more people use it the more unreachable-undetectable you become. But in business you also have to deal with hostile governments and protecting your people and assets thru a ToR .onion network becomes even more critical. You can still operate but be safe and secure in your business communications.

The ToRProject.org is something that is making an impact on the very lives of people that want to have a free safe secure voice. Just look at Mr Chen a dissident from China he was jailed because he spoke up about the disable in China. The ToRProject.com helps people like Mr. Chen speak and to remain in anonymity. But by adding real business -reays into the ToR- .onion network we will give these people and the business more transparency, it makes you more invisible on the internet. You can donate to the ToR project and it’s a 501(c), so it’s deductible. Look at the donors list and see who support this invisible network. U.S Naval Research, National Science Foundation- DARPA – National Christian Foundation are some of the people supporting the ToR Project, it’s not so bad if they use it— see lab Notes below -

How you gonna hack what you can’t find, can’t see and can’t trace to you?

Just think mr. bankers a free secret untraceable encrypted-communication place were you can do your banking deals -in secret- and nobody but you and your closes friends know it even exist, not the government, not your spouse and harder for criminals to find your valuable data. It hides you in an Internet bubble of packets were nobody knows who you are or how to find you. Try can’t even tell it’s a ToR- .onion network it hides it’s signal to blend into the bit’s and bytes of the landscape in the digital noise.

Technically it pretty cheap get the free software as many copies as you need FREE!!! No volume pricing no updates FREE!!! Once your computer that talks to the internet hooks up to a ToR- Relays it’s in the matrix. If you add your own ToR-Relays you can use trusted Relays as entry and exit nodes into the ToR-.onion network so you can let the program use it randomness or choose a path into a FREE invisible communication media accessible from any Internet connection. -

The ToRProject.org is currently still fighting censorship and monitoring in China, Iran, Syria and others were people are being killed and sent home in small boxes to their relatives. Because that person could not use a ToR-network access to his gmail account that was monitored they showed him his emails and his guilt and killed him. That’s how brutal it can become if you cannot have a safe secure access to a basic email to communicate with the world. Government will kill you for what you say. Donate to the ToRProject.org

It’s easy -if all else fails call the gAtO I can help your business become invisible in/on the Internet- gATO oUt.

We use the ToR network for all communication in SCADA systems.  Here are a few SCADA White papers try them with ToR- .onion Networks.


lab Notes— gAtO 5/29/12

Tor: Sponsors

The Tor Project’s diversity of users means we have a diversity of funding sources too — and we’re eager to diversify even further! Our sponsorships are divided into levels based on total funding received:

Magnoliophyta (over $1 million)

Liliopsida (up to $750k)

Asparagales (up to $500k)

Alliaceae (up to $200k)

  • You or your organization?

Allium (up to $100k)

Allium cepa (up to $50k)

Past sponsors

We greatly appreciate the support provided by our past sponsors in keeping the pre-501(c)(3) Tor Project progressing through our ambitious goals:



SCADA (supervisory control and data acquisition) generally refers to industrial control systems (ICS): computer systems that monitor and control industrial, infrastructure, or facility-based processes, as described below:

  • Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.
  • Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems.
  • Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption.

A SCADA system usually consists of the following subsystems:

  • A human–machine interface or HMI is the apparatus or device which presents process data to a human operator, and through this, the human operator monitors and controls the process.
  • A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process.
  • Remote terminal units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.
  • Programmable logic controller (PLCs) used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.
  • Communication infrastructure connecting the supervisory system to the remote terminal units.
  • Various process and analytical instrumentation