Singapore Expats Forum

Deep Web Dark Web etc..

Discuss about computers & Internet. Including mobile phones, home appliances & other gadgets. Read about Windows security risks or virus updates.
User avatar
rajagainstthemachine
Manager
Manager
Posts: 2824
Joined: Sat, 24 Nov 2012
Location: Singapore

Deep Web Dark Web etc..

Postby rajagainstthemachine » Fri, 07 Aug 2015 8:32 pm

Has anyone been there and come back safely? you tube seems to filled with nothing but horror stories.

I'm slightly curious about the definitions and the differences... I do know one of them is filled with illegal stuff and the other is beyond the scope of indexing of an ordinary search engine, how much of it is true and how much is hogwash?
To get there early is on time and showing up on time is late

Sporkin
Chatter
Chatter
Posts: 181
Joined: Fri, 20 Jun 2014

Re: RE: Deep Web Dark Web etc..

Postby Sporkin » Fri, 07 Aug 2015 9:06 pm

rajagainstthemachine wrote:Has anyone been there and come back safely? you tube seems to filled with nothing but horror stories.

I'm slightly curious about the definitions and the differences... I do know one of them is filled with illegal stuff and the other is beyond the scope of indexing of an ordinary search engine, how much of it is true and how much is hogwash?

It's like the bbs days, you have to know the number to get in.....secret membership....

Sent from my C6903 using Tapatalk

User avatar
rajagainstthemachine
Manager
Manager
Posts: 2824
Joined: Sat, 24 Nov 2012
Location: Singapore

Re: Deep Web Dark Web etc..

Postby rajagainstthemachine » Sat, 08 Aug 2015 12:22 pm

and where does one get a number ?
To get there early is on time and showing up on time is late

User avatar
x9200
Moderator
Moderator
Posts: 9314
Joined: Mon, 07 Sep 2009
Location: Singapore

Re: Deep Web Dark Web etc..

Postby x9200 » Sat, 08 Aug 2015 10:03 pm

rajagainstthemachine wrote:Has anyone been there and come back safely? you tube seems to filled with nothing but horror stories.

I'm slightly curious about the definitions and the differences... I do know one of them is filled with illegal stuff and the other is beyond the scope of indexing of an ordinary search engine, how much of it is true and how much is hogwash?

Why? I think you mysticize it a bit. For example, I don't allow indexing of some of my websites. They are private and this is the only reason.

Darknet (nothing to do with the indexing), I believe this is not like a single authorisation requiring interface to some illegal world, but various services with some common points (i.e. anonymization, authorization, running over non-standard protocols etc). It could be for example based on TOR, or something different.

User avatar
Strong Eagle
Moderator
Moderator
Posts: 11061
Joined: Sat, 10 Jul 2004
Location: Off The Red Dot
Contact:

Re: Deep Web Dark Web etc..

Postby Strong Eagle » Sat, 08 Aug 2015 11:10 pm

rajagainstthemachine wrote:and where does one get a number ?


You have to know the secret handshake.

Seriously, there are millions of IP addresses that are not associated with any domain. You must know the IP address to access, and typically the first thing is a firewall or VPN appliance of some sort that you must get past in order further access content at the IP address.

This is how a variety of covert activities, legal and illegal, are conducted. Let's say you're into kiddie porn. You scour the internet and you finally find a public site that is ostensibly about discussing the dangers of kiddie porn. In reality, though, and after you have been vetted, someone might send you an instant message with an IP address and a password that takes you to another level of forums. And again, once you have been found to be 'trustworthy', you'll be handed the keys to the next level.

As x9200 noted, you would actually access the clandestine sites through anonymizing services so that in the event that the site were compromised, it would be difficult to trace you back to your own ISP assigned IP address.

On the legal side of things, lots of companies have IP addresses set up so that their employees can remotely access company data, email, and files. No web crawling bot will ever find them because they are not indexed, and if they were to be accessed on the basis of IP address only, authentication keeps unwanted people out.

And, this is why the NSA and the like hate encryption and want to have a direct connection into the internet pipeline. You're running a small terrorist organization. You set up an internet connection with a static IP, install a VPN appliance and a computer behind it. As you recruit, you hand out the IP address and your minions now have a secure communication tool as long as no one turns in the IP address. The only way the NSA can be aware of this hidden terrorist computer is to monitor all the traffic coming over the pipe.

User avatar
rajagainstthemachine
Manager
Manager
Posts: 2824
Joined: Sat, 24 Nov 2012
Location: Singapore

Re: Deep Web Dark Web etc..

Postby rajagainstthemachine » Sun, 09 Aug 2015 11:28 am

x9200 wrote:
rajagainstthemachine wrote:Has anyone been there and come back safely? you tube seems to filled with nothing but horror stories.

I'm slightly curious about the definitions and the differences... I do know one of them is filled with illegal stuff and the other is beyond the scope of indexing of an ordinary search engine, how much of it is true and how much is hogwash?

Why? I think you mysticize it a bit. For example, I don't allow indexing of some of my websites. They are private and this is the only reason.

Darknet (nothing to do with the indexing), I believe this is not like a single authorisation requiring interface to some illegal world, but various services with some common points (i.e. anonymization, authorization, running over non-standard protocols etc). It could be for example based on TOR, or something different.



@X9 - I mysticized it a bit to stir up some discussion on it. more like a technical discussion based on say facts and protocols than based on hearsay. I also watched a few you tube videos where lots of people claim to have entered into a wrong realm where they were subject to robbery/harassment/intimidation or fear.

I've been an Internet user since the early 90's right from the dial up days and what I noticed in most of the videos showing the dark/deep web pages were all entirely html with no css or Jsp with a large number of animated gifs that were so reminiscent of that era.
I'm just speculating here and I could be wrong, but at some point many search engines had to have a look at all they junk they had indexed and said ok we're now going to focus solely on whats popular and ignore the rest, the legacy stuff stayed and I think a lot of underground websites which wanted to keep a low profile for various purposes not necessarily illegal aspects still stuck to basic html.. eg a website a company maintains for medical claims or payslips.

TOR is really interesting from a technical viewpoint, perhaps its use in internal private networks for max end to end security could be explored.
To get there early is on time and showing up on time is late

User avatar
rajagainstthemachine
Manager
Manager
Posts: 2824
Joined: Sat, 24 Nov 2012
Location: Singapore

Re: Deep Web Dark Web etc..

Postby rajagainstthemachine » Sun, 09 Aug 2015 11:38 am

Strong Eagle wrote:
rajagainstthemachine wrote:and where does one get a number ?


You have to know the secret handshake.

Seriously, there are millions of IP addresses that are not associated with any domain. You must know the IP address to access, and typically the first thing is a firewall or VPN appliance of some sort that you must get past in order further access content at the IP address.

This is how a variety of covert activities, legal and illegal, are conducted. Let's say you're into kiddie porn. You scour the internet and you finally find a public site that is ostensibly about discussing the dangers of kiddie porn. In reality, though, and after you have been vetted, someone might send you an instant message with an IP address and a password that takes you to another level of forums. And again, once you have been found to be 'trustworthy', you'll be handed the keys to the next level.

As x9200 noted, you would actually access the clandestine sites through anonymizing services so that in the event that the site were compromised, it would be difficult to trace you back to your own ISP assigned IP address.

On the legal side of things, lots of companies have IP addresses set up so that their employees can remotely access company data, email, and files. No web crawling bot will ever find them because they are not indexed, and if they were to be accessed on the basis of IP address only, authentication keeps unwanted people out.

And, this is why the NSA and the like hate encryption and want to have a direct connection into the internet pipeline. You're running a small terrorist organization. You set up an internet connection with a static IP, install a VPN appliance and a computer behind it. As you recruit, you hand out the IP address and your minions now have a secure communication tool as long as no one turns in the IP address. The only way the NSA can be aware of this hidden terrorist computer is to monitor all the traffic coming over the pipe.


concur with you here, most of these websites may work solely on an IP address ( or possibly NAT) and with the advent of IPv6 the number of websites is only going to increase.
To get there early is on time and showing up on time is late

User avatar
x9200
Moderator
Moderator
Posts: 9314
Joined: Mon, 07 Sep 2009
Location: Singapore

Re: Deep Web Dark Web etc..

Postby x9200 » Sun, 09 Aug 2015 4:08 pm

rajagainstthemachine wrote:@X9 - I mysticized it a bit to stir up some discussion on it. more like a technical discussion based on say facts and protocols than based on hearsay. I also watched a few you tube videos where lots of people claim to have entered into a wrong realm where they were subject to robbery/harassment/intimidation or fear.


I will look for it. Never was tempted so far. My incidental knowledge is based on what sometimes emerges when a specific background is given on some net security issues.

rajagainstthemachine wrote:I've been an Internet user since the early 90's right from the dial up days and what I noticed in most of the videos showing the dark/deep web pages were all entirely html with no css or Jsp with a large number of animated gifs that were so reminiscent of that era.
I'm just speculating here and I could be wrong, but at some point many search engines had to have a look at all they junk they had indexed and said ok we're now going to focus solely on whats popular and ignore the rest, the legacy stuff stayed and I think a lot of underground websites which wanted to keep a low profile for various purposes not necessarily illegal aspects still stuck to basic html.. eg a website a company maintains for medical claims or payslips.

I think there could be a different reason. I expect the society behind the "dark net" just don't care about css and such. It does not add a iota to functionality. I am not a hacker nor an IT professional of any related sort, I just have some experience in administrating unix-like servers, and 90% stuff I do related to the administration is terminal, text based. If I need to use the web for some reason it will also be very basic, no java, nothing like this. Functionally it is just not needed and basic html (together with php/perl and such) is IMHO more than enough.

Another even more likely reason could be: less "gadgets" (extensions, libraries, unnecessary software) it uses, lower chance it may get hacked.

User avatar
zzm9980
Governor
Governor
Posts: 6841
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Re: Deep Web Dark Web etc..

Postby zzm9980 » Wed, 12 Aug 2015 10:26 am

"Deep dark web" or whatever is a non technical gibberish made up by the media. Although non-indexed sites and even sites with just IP (no domain) exist, that's not what this generally refers to.

What they're talking about are TOR hidden services. These are sites you can't just hit by IP unless you're coming over the TOR network and using a specific TOR-only address (.onion). Access to TOR hidden services are generally anonymous if the appropriate safeguards are taken, and not traceable. That said, US FBI, NSA, etc are getting really good at de-anonymizing the traffic. If you're doing something illegal enough that you'd be in their crosshairs, I wouldn't rely solely on it. (and if you are, google for the grugq's "opsec for hackers" paper to get some practical advice).

User avatar
zzm9980
Governor
Governor
Posts: 6841
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Re: Deep Web Dark Web etc..

Postby zzm9980 » Wed, 12 Aug 2015 10:28 am

Read this: https://www.torproject.org/docs/hidden-services.html.en

If you really want to learn more, buy me a coffee (sorry, it'll be a fancy hipster latte, not a kopi C) sometime and we can chat.

User avatar
rajagainstthemachine
Manager
Manager
Posts: 2824
Joined: Sat, 24 Nov 2012
Location: Singapore

Re: Deep Web Dark Web etc..

Postby rajagainstthemachine » Wed, 12 Aug 2015 10:35 am

zzm9980 wrote:Read this: https://www.torproject.org/docs/hidden-services.html.en

If you really want to learn more, buy me a coffee (sorry, it'll be a fancy hipster latte, not a kopi C) sometime and we can chat.


I'll be upto it.. when are we meeting..? time for an eagles gathering of sorts..
To get there early is on time and showing up on time is late

User avatar
x9200
Moderator
Moderator
Posts: 9314
Joined: Mon, 07 Sep 2009
Location: Singapore

Re: Deep Web Dark Web etc..

Postby x9200 » Wed, 12 Aug 2015 10:50 am

zzm9980 wrote:"Deep dark web" or whatever is a non technical gibberish made up by the media. Although non-indexed sites and even sites with just IP (no domain) exist, that's not what this generally refers to.

What they're talking about are TOR hidden services. These are sites you can't just hit by IP unless you're coming over the TOR network and using a specific TOR-only address (.onion). Access to TOR hidden services are generally anonymous if the appropriate safeguards are taken, and not traceable. That said, US FBI, NSA, etc are getting really good at de-anonymizing the traffic. If you're doing something illegal enough that you'd be in their crosshairs, I wouldn't rely solely on it. (and if you are, google for the grugq's "opsec for hackers" paper to get some practical advice).

I believe it requires a lot of more effort to stay anonymous than just by using TOR. People don't even think about it. The authorities have access to the whole infrastructure so it may be enough to monitoring in/out from the TOR nodes to find somebody if sufficiently determined.

I think I read recently the way one types on the keyboard (timing-wise, or other) is also being used. Interesting stuff.

User avatar
rajagainstthemachine
Manager
Manager
Posts: 2824
Joined: Sat, 24 Nov 2012
Location: Singapore

Re: Deep Web Dark Web etc..

Postby rajagainstthemachine » Wed, 12 Aug 2015 11:06 am

zzm9980 wrote:"Deep dark web" or whatever is a non technical gibberish made up by the media. Although non-indexed sites and even sites with just IP (no domain) exist, that's not what this generally refers to.

What they're talking about are TOR hidden services. These are sites you can't just hit by IP unless you're coming over the TOR network and using a specific TOR-only address (.onion). Access to TOR hidden services are generally anonymous if the appropriate safeguards are taken, and not traceable. That said, US FBI, NSA, etc are getting really good at de-anonymizing the traffic. If you're doing something illegal enough that you'd be in their crosshairs, I wouldn't rely solely on it. (and if you are, google for the grugq's "opsec for hackers" paper to get some practical advice).



Yep i know about the encapsulated hidden services of TOR using a onion url. I was setting up this SBC at work, while SBC's are meant more for implementing security or admission/rejection rules for voice calls between a service provider and a private enterprise voice network. I was surprised to know that there is voice over TOR as well -> https://guardianproject.info/2012/12/10/voice-over-tor/ pretty cool but it appears to be still at nascent stages.. i happened to chance upon it while reading about security threats that could impact a SBC.
To get there early is on time and showing up on time is late

User avatar
zzm9980
Governor
Governor
Posts: 6841
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Re: Deep Web Dark Web etc..

Postby zzm9980 » Wed, 12 Aug 2015 1:25 pm

rajagainstthemachine wrote:. I was surprised to know that there is voice over TOR as well -> https://guardianproject.info/2012/12/10/voice-over-tor/ pretty cool but it appears to be still at nascent stages.. i happened to chance upon it while reading about security threats that could impact a SBC.



I can't ever imagine that working too well, unless it is more of a 'walkie talkie' mode like voice memos in WeChat or Whatsapp.

User avatar
zzm9980
Governor
Governor
Posts: 6841
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Re: Deep Web Dark Web etc..

Postby zzm9980 » Wed, 12 Aug 2015 1:28 pm

x9200 wrote:I believe it requires a lot of more effort to stay anonymous than just by using TOR. People don't even think about it. The authorities have access to the whole infrastructure so it may be enough to monitoring in/out from the TOR nodes to find somebody if sufficiently determined.

I think I read recently the way one types on the keyboard (timing-wise, or other) is also being used. Interesting stuff.


Yes, if both entry and exit nodes are owned, TOR traffic can easily be anonimized. You should assume the NSA and other orgs are trying their hardest to add as many nodes as possible (since anyone can do it).

The point of the hidden service is that the traffic never leaves the network, so even if the entry node is owned it shouldn't know what hidden service you're accessing.

A lot of the FBI's efforts have been to find flaws in the hidden service which expose its real IP, or try client side exploits. Easy since so many people using TOR are using known application stacks that aren't (or weren't previously) updated as frequently.


  • Similar Topics
    Replies
    Views
    Last post

Return to “Computer, Internet, Phone & Electronics”

Who is online

Users browsing this forum: No registered users and 1 guest