DarkNet HUMINT Guide
WARNING
Conducting DarkNet-related research will expose you to obscene and graphic material. Please proceed with caution.
TOPICS
- TOR
- SOC Puppets
- Conducting OSINT
- ClearNet Resources
- Reporting Content
TOR — THE ONION ROUTER
Tor, also known as The Onion Router, is a free, open-source software program designed to protect users’ privacy and security against traffic analysis. It was first developed by the U.S. Navy in an effort to secure government communications. The Tor protocol works by encapsulating data in layers of encryption, analogous to the layers of an onion, and sending it through a series of intermediary nodes known as “onion routers.” Each node peels away a single layer, revealing the data’s next destination until the final layer is decrypted and the message arrives at its destination. By doing this, the sender remains anonymous because each intermediary only knows the location of the immediately preceding and following nodes.
References:
[1] What is The Onion Router (Tor) — Definition from Techopedia
[2] Onion Router — an overview
[3] Onion routing — Wikipedia
The term “dark net” or “dark web” is often used to refer to websites that are hidden from search engines and the general public. These websites usually require a special tool, such as the Tor browser, to access them. However, the Tor network itself is not the dark web. The dark web is made up of websites that are hosted on the Tor network, but the network itself is merely a tool that allows users to access these websites.
DOWNLOADING TOR & SAFETY RESOURCES
I HIGHLY SUGGEST USING QUBES & WHONIX OVER TAILS OS
Qubes is a secure operating system that provides users with an extra layer of security when accessing the dark web. It is based on a security-by-isolation model, meaning that each virtual machine (VM) runs in its own virtual environment, isolated from the others. This ensures that an attacker won’t be able to breach into multiple VMs at once.
Qubes also offers strong encryption and authentication procedures, as well as a secure graphical user interface (GUI) with sandboxing capabilities. As a result, you can be sure that your data and private content will remain anonymous and secure as you explore the dark web. Furthermore, you won’t have to worry about leaving any traces behind, as Qubes’ GUI will delete any data left on the system after the VM is shut down.
Finally, Qubes offers a wide range of options for customizing its security settings, allowing you to choose the level of security that best fits your needs. This makes it a great choice for anyone looking to securely navigate the dark web.
COMMON SENSE TIPS
Be careful which links you click on. Many dark web sites are full of malware, viruses, and other types of cyber threats. Avoid clicking on suspicious links or downloading anything that you are not sure about.
Be wary of people you meet on the dark web. Just because someone claims to be a hacker or a whistleblower does not mean they are trustworthy. Do not reveal personal information or agree to meet anyone in person.
Finally, do not engage in illegal activities on the dark web. Not only is it morally wrong, but it can also lead to legal consequences.
SOC PUPPETS
SOC puppet accounts are identities created on social media or other online platforms for the purpose of remaining anonymous and obtaining information. The anonymity that SOC Puppets provide is a layer of operational security that gives users the freedom to express their opinions without fear of reprisal or judgment. It allows them to be more open and authentic in their conversations, conversations which can help create meaningful dialogue and foster mutual understanding.
ESTABLISHING A PERSONSA
- Determine the purpose of the account: Before creating a sock puppet account, it’s important to have a clear idea of what you want to achieve with the account. Are you trying to promote a particular product or service? Do you want to influence public opinion on a specific topic? Or are you just looking to have some fun and engage with people online? The answers to these questions will help you create a strategy for your account.
- Choose a persona: Once you have a clear idea of the purpose of your account, you can start thinking about the persona you want to create. This persona should be consistent with the purpose of the account and should reflect the values and characteristics that you want to convey. For example, if you’re promoting a health and wellness product, you might want to create a persona that is health-conscious and active.
- Create a backstory: To make your persona more believable, you should create a backstory that explains who they are, where they come from, and what they do. This can be as simple or as detailed as you like, but it should be consistent with the persona you have created. For example, if your persona is a health and wellness enthusiast, you might create a backstory that explains how they became interested in this topic and what their daily routine looks like.
- Develop a voice and tone: The voice and tone of your persona should be consistent with the purpose of the account and the persona you have created. For example, if your persona is serious and informative, the tone should be professional and authoritative. If your persona is more casual and humorous, the tone should be lighthearted and conversational.
- Engage with the audience: Once you have created your persona, it’s important to engage with the audience in a way that is consistent with the tone and voice of your persona. This can involve responding to comments and messages, posting content that is relevant to your purpose, and participating in online discussions.
- Maintain consistency: Finally, it’s important to maintain consistency in your persona over time. This means that the voice and tone of your persona should remain consistent, and you should avoid any actions or behaviors that are inconsistent with the purpose of the account or the persona you have created.
WHY YOU SHOULD NEVER REVEAL PERSONAL DETAILS
The darkweb is the hidden underbelly of the internet, and it contains many dangers. It is essential to remember that anything you share on the darkweb remains there forever and can be used against you in malicious ways. Therefore, it is of utmost importance that you never reveal personal details on the darkweb. Here are a few reasons why you should take this advice to heart:
PRIVACY & SECURITY
When you share personal details on the darkweb, you put your privacy and security at risk. Hackers, scam artists, and other criminals have access to the darkweb, and they are always looking for ways to exploit people’s personal information. If you share your name, address, credit card number, or other sensitive information, you could easily become a victim of identity theft or other financial crimes.
INCREASED RISK OF TARGETING
If you reveal personal details on the darkweb, you risk becoming a target for malicious attacks. Hackers and other criminals are always looking for new victims, and if they know your personal details, they’ll be able to find you easily. This can lead to your accounts being hacked, your identity stolen, or even physical harm.
POTENTIAL REPUTATIONAL DAMAGE
The darkweb is a haven for criminals and unsavoury characters. If your personal details are revealed on the darkweb, they can be used to spread false rumours and hurt your reputation. This can damage your career, relationships, and other aspects of your life.
LOSS OF CONTROL
Once your personal details have been shared on the darkweb, you have no control over where it goes or who sees it. It could be shared with malicious actors who use it to commit crimes or harass you. You could also be targeted for blackmail or extortion.
It is essential to remember that your personal details are yours and yours alone. Revealing them on the darkweb is not worth the risks. Protect yourself and your data by never revealing personal details on the darkweb.
YOU MUST BE ENGAGED IN ACTIVE SOCIAL ENGINEERING
It is important to actively social engineer on the dark web in order to obtain an advantage, Social engineering is the process of manipulating people into revealing confidential information that can benefit them. Social engineering on the darkweb allows users to gain information about malicious actors, their tactics, techniques, and, procedures, as well as giving them the ability to protect themselves from hostile individuals.
PRETEXTING
WHAT IS PRETEXTING?
Pretexting is a type of social engineering in which someone creates a false identity or pretends to be someone else in order to gather confidential or personal information. Pretexting on the dark net is done via social platforms, chatrooms, and anonymous email systems. Pretexters gain trust by using fake stories, false identities, and impersonation to get the person they’re targeting to provide them with the information they’re looking for.
RISKS OF PRETEXTING
Pretexting is a serious and potentially dangerous method of getting information and should be used with caution. You must make sure that the persona you’ve crafted for pretexting is realistic and believable enough for the target to accept it without suspicion. It should include as many details as possible so that it appears natural and genuine. Additionally, the persona you create should not appear too generic or too suspicious, as this may alter the target’s impression.
STEPS
- Research the Person: Research the person you are planning to pretext via a social platform or chatroom. Log their posts, interests, hobbies, and other relevant information.
- Craft a Plan: Based on your research, craft a plan that outlines what type of pretext you are going to use. Make sure to clearly identify the goal or objective that you are trying to achieve.
- Establish Presence: Establish a presence on the person’s darknet social platforms. This could include liking their posts, commenting on their posts, following them, or even sending them a direct message.
- Connect with the Person: Start connecting with the person and build a rapport. This could include engaging in conversations, asking about their interests, and engaging in activities that the person likes.
- Pretext: Once you have established a connection, you can begin to pretext the person. Make sure to provide the person with enough details and context so that they understand what you are asking them to do.
- Follow Up: Once the pretext is complete, follow up with the person to ensure that they understand the request and can follow through with it. If any part of the pretext needs clarification, make sure to provide it so that both parties can be on the same page.
A MAJOR OPSEC FAILURE THAT SHOULD NOT BE OVERLOOKED
The way you type in a chatroom can be used to identify you. It is known as telemetry and it involves studying the way you type, the frequency of your typing speed, the number of words you use, and the style of your writing.
For example, telemetry could be used to identify you by studying the length of your words, the number of pauses you take in between words, and the use of specific words or phrases. Additionally, telemetry could be used to detect if you are typing faster or slower than usual, which can indicate your current level of stress or excitement.
Telemetry is often used to filter out imposters who try to enter a chatroom, telemetry is a powerful tool in helping to identify if the individual behind an account is who they truly say they are. <- Consistency is key on the dark net
The books listed below educate in the art of social engineering for in-person contact.
CONDUCTING OSINT
OSINT on the darkweb should not be taken lightly, as it can reveal sensitive information that can be used maliciously and cause harm to individuals and organizations. Additionally, the process of collecting evidence can be complex and requires an experienced researcher to ensure accuracy. Thus, it is important to take precautionary measures when undertaking OSINT activities on the darkweb.
On the darkweb there are a ton of resources to utilize but I will mainly focus on link lists and search engines for safety reasons. Link lists and search engines can provide valuable information to help users collect information on the darkweb. They list materials for data breaches, chats, forums, and marketplaces, as well as other explicit resources which can be collected and analyzed for dissemination. Furthermore, link lists and search engines can help users navigate the darkweb easily and quickly, saving them time and effort.
REOSURCES
http://darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion/ -> Provides information regarding the status of a .onion site.
http://2fd6cemt4gmccflhm6imvdfvli3nf7zn6rfrwpsy7uhxrgbypvwf5fad.onion/ -> Non-JavaScript search engine that doesn’t track you and the one I use the most.
http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion/ -> One of the best search engines.
http://deepqelxz6iddqi5obzla2bbwh5ssyqqobxin27uzkr624wtubhto3ad.onion/ -> Deep Links Link List.
http://nexusxg6rr5e2ue6gdjo6oassw36lsx5cx6y3r5ojneo53kynv3rqgyd.onion/ -> Uncensored Onion Links Directory.
http://archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion/ -> a time capsule for web pages! It takes a ‘snapshot’ of a webpage that will always be online even if the original page disappears. It saves a text and a graphical copy of the page for better accuracy and provides a short and reliable link to an unalterable record of any web page.
CLEARNET RESOURCES
The clearnet is the publicly available internet, which includes the surface web.
REPORTING CONTENT
If you come across anything on an .onion that you feel should be reported. Here are some starting places and links to report material.
EXPLOITED OR MISISNG HUMANS
- https://report.cybertip.org/
- https://www.justice.gov/criminal-ceos/report-violations
- https://ecpat.org/report-child-exploitation
- http://www.missingkids.com/gethelpnow/cybertipline
- https://www.cybertip.ca/app/en/report
DRUGS & COMPUTER CRIME
- The Northern California Illicit Digital Economy (NCIDE) Task Force
- https://www.europol.europa.eu/report-a-crime/report-cybercrime-online
- https://www.justice.gov/actioncenter/report-crime
- https://www.deadiversion.usdoj.gov/tips_online.htm
- https://www.fbi.gov/tips
- https://www.police.uk/information-and-advice/reporting-crime/
- https://www.ic3.gov/complaint/splash.aspx?
- https://cyber.gc.ca/en/cyber-incidents
- https://www.dcypher.nl/en/nhtcu
- https://www.bka.de/EN/OurTasks/AreasOfCrime/Cybercrime/cybercrime_node.html
