General security

The Internet Underground: Tor Hidden Services

November 2, 2012 by Jeremy Martin

Some people think onion routing or the Tor network is for criminals and people with something to hide. Well, they are half right. The Tor network was designed to give a masked, “semi-safe”, passage to those who needed to get information out.

According to its website, “Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others.”

People use Tor as a way to bypass traffic filters or monitors throughout the Internet. If using a minimum of SSL encryption, this medium has been recognized as being a “safer” way to communicate over the Internet. What most people do not realize is that there is an entire subnet underground out there called “Darknet” or “Deepweb”. Others just call the underground Internet Tor network hidden servers. These hidden servers usually have a “.onion” extension and can only be seen using a Tor proxy or TorVPN. The easiest way to get onto the Tor network is with the Tor Browser Bundle (TBB). It is free and very easy to install and then use. All you have to do is go to the torproject.org and download TBB and within minutes you will be connected.

There are legitimate reasons to use Tor, especially for those who are trying to hide their identities from oppressive governmental regimes or reporters trying to minimize leaking the identity of informants. Some will even stay on the proxy network and use services like Tor mail, a web based email service. There are still some anonymity challenges. If you are on the same network, you may still leak the originating IP address and there is a risk of someone capturing your traffic. Some will even go as far as only using HTTPS (SSL encryption) or reverting back to the good old VPN.

There are darker usages of the hidden servers. There are E-Black Markets all over this network that sell anything from meth to machine guns and services that range from assembling credit card data to assassinations (“you give us a picture; we’ll give you an autopsy report!”). Most of the sites trade their goods with an e-currency called Bitcoins, an anonymous electronic commodity that can purchase almost anything.

One of the most popular “secret” sites called “The Silk Road” or SR has almost anything you can think of. SR has evolved over the years and has recently dropped its weapon sales section and created a new site called the Armory. Shortly after, the Armory closed due to the lack of traffic and interest. They have also banned assassination services to minimize attention from showing up on Law Enforcement’s radar. They still have plenty of drugs, counterfeit items, and stolen goods though.

There are still plenty of other sites that focus on arms dealing or unfiltered auction site. Once you are on Tor, the next thing you would have to do to communicate with some of these sites is to get an anonymous Tor based email. This is a web based email that you log into that acts just like a regular email except it only exists in the Tor world. Another popular communications mechanism is TorPM.

Tor Communications

E-Black Market sites

Social Network

Informational

Search

So let’s take this step by step.

  1. Download “Tor Browser Bundle” from torproject.org.
  2. Double left click on “Start Tor Browser”.
  3. You should then see Vidalia connecting to Tor.
  4. The Tor Browser should automatically open.

You are now on the “Deepweb.”

You can now access “.onion” domains.

  • Create a TorMail account on jhiwjjlqpyawmpjx.onion.
  • Create a TorPM account on 4eiruntyxxbgfv7o.onion/pm/
  • Enjoy a little more anonymity for research.

Disclaimer: do NOT break the law. This was written to explain what the (Darkweb / Deepnet / Tor hidden service) is and what kind of things you may find. It is not an invitation to break the law with no recourse. Just like any network, this one has both good and bad guys. If you break the law, you will get caught. Bad guys have to be lucky EVERY time. Good guys only have to be lucky once.

Posted: November 2, 2012
Articles Author
Jeremy Martin
View Profile

Jeremy Martin is a Senior Security Researcher that has focused his work on Red Team penetration testing, Computer Forensics, and Cyber Warfare. Starting his career in 1995, Mr. Martin has worked with Fortune 200 companies and Federal Government agencies. He has received numerous of awards for service. He has been teaching Advanced Ethical Hacking, Computer Forensics, Data Recovery, SCADA/ICS security, Security Management (CISSP/CISM), and more since 2003. As a published author he has spoken at security conferences around the world. Current research projects include SCADA security, vulnerability analysis, threat profiling, exploitation automation, anti-forensics, and reverse engineering malware. You can find more of Jeremy's writings & services at http://www.informationwarfarecenter.com

4 responses to “The Internet Underground: Tor Hidden Services”

  1. gAtOmAlO says:

    Tor and is pretty cool – I just published – The Deep Dark Web – New eBook -The Deep Dark Web – http://www.amazon.com/dp/B009VN40DU  
    Print Book –
    http://www.amazon.com/The-Deep-Dark-Web-hidden/dp/1480177598

    We explain the Who, WHat, Where of the Dark Web – for Privacy it’s the best

  2. I would like to know if the black -market sites you have listed above are accessed internationally. Also, are the 4 or five sites you listed the only Tor black market sites or are there other ways to access equally relevant information with action potential. Should an expert in this area come across my message, I would be really stoked if you could provide me with as much info as possible. Anyone who knows a thing or two. I need peopl that posess access to Russian and middle eastern sites or servers. I haven’t explored the application yet and am new so would you please send me a message if you can or would like to help me out, and have the time. Thanks alot, Katiee

    • This is Jeremy, I wrote the article. Yes. once you are in the Darknet, there are no boarders.

      For updated sites, http://youtu.be/6ov1aTPoEaY

      Here is a summary:
      Surfing the Underground Darknet .onion Black Markets in 2014
      Good morning.  Welcome to another episode of Cyber Secrets.  In this episode, we will cover the basics of Tor underground black markets using .onion domains over the onion routing network.

      Resource links:
      The Tor Project: http://torproject.org
      Grams Search Engine: http://grams7enufi7jmdl.onion
      1776: http://n6tzonxy7sod7eqt.onion
      Agora: http://agorahooawayyfoe.onion
      The Andromeda Market: http://agorahooawayyfoe.onion
      Black Bank: http://wztyb7vlfcw6l4xd.onion
      Bungee54: http://bungee54uqchxfny.onion
      Cloud Nine (C9): http://bviaqyj6obc54vhn.onion
      Pandora: http://pandorajodqp5zrr.onion
      Pigeon: http://pigeonkcmw5h44lq.onion
      The Silk Road: http://silkroad6ownowfk.onion
      The Pirate Market: http://yjhzeedl5osagmmr.onion
      DarkBay: http://darkbay4rwgvdkqn.onion
      Hydra: http://hydrampvvnunildl.onion
      The Pirate Bay: http://uj3wazyk5u4hnvtk.onion/
      Hidden Service Search http://ahmai.fi/address

      Good Morning.  Welcome to another episode of Cyber Secrets.  In this episode we will discuss what a Darknet is, cover Grams Darknet market search engine, and Darknet black markets
      The Internet can be a dark place.  The deeper you go, the darker it can get.  In the far corners of the digital expanse you may even stumble across networks so far removed from the Internet that they themselves are called by a different name.  A Darknet. 

      Realistically though, a Darknet is nothing more than a network that requires a special path to get to.  Like the realm in Alice in Wonderland, Alice was in her own Darknet of sorts after traveling through the rabbit hole.  It could not be seen by those in the world she left behind.  In geek terms, it is a private network where connections are made by a select number of systems.  Think of a Darknet as a P2P network.  For example; Freenet, GNUnet, private VPNs, I2P, and Tor are examples of this type of network.  Some are easier to get to than others. 

      One of the most popular Darknets as of this broadcast is still the Tor onion network.  This is the network we will discuss in this video.

      I want to bring up a relatively new Darknet site called Grams.  It is a Darknet market search engine.  At this point it searches 10 unique black market websites.

      When we search for the keyword drugs, you can see contraband results from all ten sites has been added to the results queue.  An interesting feature that Grams added was the ability to filter out exactly what black markets you want to work with as you can see when searching for keyword passports
      Now I will do a quick search for social security number or SSN.  As you can see on the top of the list are counterfeit identities.

      One of the markets that Grams works with called 1776 has a commercial that I have included in this video to give you an idea of how serious these markets are and how they are thriving.

      Truth is, there is a lot of bad content on the Internet. It naturally gets worse when there is no accountability due to anonymity. There are little to no rules when there is little to no risk of getting caught. This Lord of the Fly’s mentality sometimes takes over. This happens in sites like 4chan and is happening in the Darknets. Tor is in a sense, a fledgling Internet following in the footsteps of it’s big brother. If you turn the wrong corner and open the wrong door, you may come across extreme evil.

      As you have seen, there are drugs, fake IDs, and other contraband in these market places. There is also much worse floating out there outside those market sites such as assassination services and child pornography. Law enforcement is in a constant battle to catch these type of criminals and have even been successful by using computer exploits or malware to identify the suspects. The Darknet is not all evil though. There are many useful sites in this space and almost all of them are supporting freedom of speech and allowing the voices of citizens to be heard even out of the most oppressive of regimes. Tor is still an extremely useful tool to exercise your freedom from governmental censorship.

      If you haven’t heard of this next site by now, you should get off the Internet right now…  The Pirate Bay or thepiratebay.se is the “galaxy’s most resilient bittorent site.  the Founders found themselves in a bit of hot water since most of the people that use the Pirate Bay are sharing content that they do not own and it is considered Intellectual Copyright theft.  Now The Pirate Bay has a new .onion address

      You just received a small glimpse of what can be found in Darknet black markets.  You can even find botnets to rent and bulk credit cards to purchase.  Keep in mind, not everything in this space is illegal or shady.  With that said, it does seem easier to find in the fringes of digital deep space.

Leave a Reply

Your email address will not be published. Required fields are marked *