Alter-net

So. I just want to point out some things you guys are missing completely.

True "Dark" nets are not nets at all. TOR and protocols like it are an anonymity and "plausible deniability" source. Actual "dark" nets are kept well and truly hidden, and can not be found by any means available to the average channer. Trust me.

Just one example, out of maybe 4 or 5 I have personal experience with, to illustrate what it takes. Do take special note that this involves a great deal of luck.

Friend of mine works at a small car insurance broker's office and asks me to fix a problem with his computer not recognizing the office scanner on the network. This is not related, just how I ended up there.

I brought my laptop, and notice a WEP wireless net with high signal strength. Out of curiosity I turn on a sniffer to pick out the password while I work on the scanner. Few hours later I'm leaving when I remember the sniffer. Got the pass, connected, poked around.

So, it's a basic home network, one system online, with internet access. No firewall. Apparently no antivirus. For the hell of it, I drop in a backdoor before I leave. You never know what goodies you can run across.

Well, I get home and really start digging through this computer. Just your average home computer, most interesting stuff are some tax returns. There's a couple of text files that have what appear to be passwords, random characters and a couple of names. Not much interesting so I put my worm on it and leave it be for future use maybe.

Weeks later I'm arranging some proxies for a few of my bots when I realize that there are 4 new bots I hadn't set up myself. What I figured later is that the owner of that WEP machine(my friend's boss) had taken a file from it on a floppy, which my worm happily infected, which then spread to a few more machines he used. This is where the interesting stuff begins.

Two of those machines had internet access, of course, but the had apparently NEVER been used to actually ACCESS the internet. They both ran windows 98, completely unpatched. They apparently had internet access only because they were physically networked with other machines that were used for internet access.

Each of these machines had about 3 TB of storage, mostly appeared empty, but was actually packed near full of encrypted bytes. The stuff that was easily viewable included huge amounts of personal information including SSNs and Tax IDs, names, addresses, lists of family and friends, sometimes pets, sometimes a lot of detail such as vehicle, clothing, height, weight, recent medical issues. Huge amounts of information, not every listing had all of it, some were just a name. What they all had were dates.

Couldn't make much sense of that, what I COULD make sense of were the bank accounts. Thousands, probably hundreds of thousands of account numbers, institutions, safety deposit boxes. All over the world. South Africa, Russia, Brazil. Everywhere. Nothing but the basic identifying information and another date, no note of what they might be.

As I was picking through one of these two machines, I noticed a file being written. I figured someone was using the computer at that moment, but the only command events were coming from my worm. Nobody was using a mouse or keyboard. So then I figured it was an automated system process. Watched what it was doing for a minute. Then I realized the computer was communicating on ANOTHER network that wasn't a protocol I recognized.

Because I knew when it started writing and when it stopped, I was able to transcribe the entire file, which was about 78megs. I assumed it was one file and not a chunk of something else, and I was right. It was still encrypted, but it turned out to be fairly simple. Since it was one file, I had a few educated guesses about what a file that size was, and my first was right, it was a movie, MPEG format.

The title was just a random string, the video itself was an overhead view of three men sitting at a table. In the entire 15 minutes of the video, only one spoke. Sounded like gibberish, I figured it was a code or he was nuts. He said things like "broken banana stung red boot", he would pause then say another strange sentence, kept going for about ten minutes. The other two just watched him, one was drinking what I assume was coffee.

Finally he leaned back and asked if they would leave his daughter alone. The guy drinking the coffee just shook his head quickly. The talker started crying. Really crying. Hard. He leaned forward again and said another nonsense sentence and the video ended. Timestamp was about 20 minutes before the video was uploaded to the machine I got it from.

I had a really weird feeling about it, but my best guess at the time was it was some kind of clip from a movie I hadn't seen, and what I saw was a streaming broadcast, the timestamp on the file just being the time it was being sent.

<p style="margin-top: 4.8pt; margin-right: 0in; margin-bottom: 6pt; margin-left: 0in; line-height: 14.25pt;">A couple weeks later I went poking through those two computers again and came across another recognizeable file, this time because it had the same header as the one I had already decrypted. It had actually been stored four hours after the first one.

<p style="margin-top: 4.8pt; margin-right: 0in; margin-bottom: 6pt; margin-left: 0in; line-height: 14.25pt;">In it, the man that had spoken in the first one was crying like a baby as he fucked what appeared to be the corpse of a young girl, with her throat cut and blood all over the table that the three men had been sitting at in the first video. The other two men were still in the room, standing on either side of the room watching, smoking cigarettes.

<p style="margin-top: 4.8pt; margin-right: 0in; margin-bottom: 6pt; margin-left: 0in; line-height: 14.25pt;">I didn't finish watching it, only got about a minute or so in before it sank in what I was seeing. I've seen a lot in my time. This was not a movie.

<p style="margin-top: 4.8pt; margin-right: 0in; margin-bottom: 6pt; margin-left: 0in; line-height: 14.25pt;">I cleaned my traces from those systems and haven't looked back.

<p style="margin-top: 4.8pt; margin-right: 0in; margin-bottom: 6pt; margin-left: 0in; line-height: 14.25pt;">What I'm still finding hard to believe is that, from the computer I'd originally hacked, these other systems got infected by a floppy. As near as I can tell the two storage computers were on opposite sides of the globe, one in LA, one in Beijing, the WEP computer I'd found was in Dallas, and two of the other infected computers were in Winnipeg. As far as I know, my friend's boss had not left the country. His brother in law had been visiting at the time though.