Posts Tagged ‘Usenet’

So you thought Tor was bad enough. Check out Tor’s Hidden Web Services.

Monday, July 25th, 2011

Recently and article appeared at NPR titled “Senators Target Internet Narcotics Trafficking Website Silk Road”. I only bothered to hit the link because I saw it mentioned on the website The short article complained of drugs blatantly sold on the Internet and something needed to be done about it and Congress is going to solve that one for us. Although selling drugs on the Internet is nothing new, the place on the Internet “openly” selling drugs was on the Tor network through the use of Tor’s “Hidden Services” function.  The “Silk Road” is an online market open for the sale of goods and named after the ancient road used to bring goods from the orient to the west.

For the power user of the Tor network Hidden Services is probably nothing new. For the average online investigator though you may have heard of Tor and may have even tried to use it (especially of you read my last article on using Tor in your investigations). But were you aware that webpages can be hidden within the Tor network? Have you ever seen a .onion domain name? if you haven’t then read on.

Hidden services were introduced to the Tor network in 2004. Tor’s Hidden Services are run on a Tor client using special server software. This “Hidden Service” uses a pseudo top-level-domain of “.onion”. Using this domain, the Tor network routes traffic through its network without the use of IP addresses.

To get to these hidden services you must be using the Tor Network and have your browser enable to use Tor.  How do you find sites using the hidden services? Start at the core…


Welcome to .onion Welcome to .onion

Core.onion according to its hidden services site has been in the network since 2007.

Once in the Core.onion you find a simple directory to start exploring Hidden Services on the Tor network.

TorDir TorDir

TorDir is a directory of Hidden Services. It gives you access to a variety of sites that offer instant messaging services, email, items for sale, social media type sites and marketplaces.

Black Market Black Market


In the markets a variety of things are for sale, most look to be illegal though. File sharing also looks to be popular and can be found in several .onion sites.

File Sharing File Sharing


To make purchases bitcoin seems to be the most popular virtual currency and is regularly mentioned throughout the .onion sites.

Bitcoin Bitcoin


Another good location to start finding out about what Tor’s Hidden Services have to offer is a wiki located at:



Also, if you are an IRC fan Tor hidden services can be used there also. The Freenode website gives the instructions on how to access Freenode IRC servers on Tor’s Hidden Services.

If you are interested in learning more about Tor’s Hidden Services here are a few sites that can get you on your way:


Not to make it any worse but if you have not heard Ip2 (another anonymizing network that is becoming increasingly popular) also has its own “eeepsites” similar to the Hidden Services offered in Tor that a user can post content to like a website.

Hidden Services are going to increasingly become a location that will be misused by many. It will also become a place on the Internet that investigators will need to become increasingly familiar with if they are to further their online investigations.

8 Google Tools that can assist you with your investigation

Monday, November 22nd, 2010

Google as a search engine has always been the investigator’s first choice in searching for people or businesses on the Internet. There are, however, several additional Google tools that can be of great investigative interest:

Google Maps

Maps lets you plot any number of locations, directions to and from, and how these look from a satellite. However, another important aspect of Google Maps is Street View, which despite its recent troubles in the media over privacy issues, provides important location intelligence. You can get virtually a 360 degree view of any location, including nearby buildings, landscaping and traffic patterns. Recently the NYPD even used Street View images in a prosecution of a drug case. Seven people were indicted for selling heroin in Brooklyn.

Google Picasa

Picasa is an image-sharing service, enabling easy photo upload to albums, social sharing – and geotagging. Not only can investigators can search Picasa for “tags,” or labels including names or descriptions; they can also see geotags providing the image’s location.

Picasa adds the latitude and longitude into the EXIF data of the image file if the user selects a location through Picasa. Other embedded EXIF can still be present and not stripped from the photo. You can also find the latitude and longitude data listed under the “more info” link in the sidebar on the image page.

Always remember that if the photo is geotagged through Picasa, this information is user input and could be incorrect.

Google Realtime

Realtime is a service that lets you “see up-to-the-second social updates, news articles and blog posts about hot topics around the world.” This is a new feature that has a lot of potential. As investigations require more information from the Internet contemporaneous to the crime, investigators can gain better situational awareness of their investigations from a wide variety of sources.

Google Reader

If the website or blog you are interested in has an RSS feed, use Google Reader to save time. Reader automates site/blog updates, pulling them in so that you don’t have to remember to visit the website. This can be especially useful if you are working on a long-term investigation or gathering intelligence over a period of weeks or months.

Another Google Reader feature is the ability to arrange blog subscriptions into folders. This can make them easier to parse, especially if you subscribe to many blogs.

Third: the ability to follow people to see what content they share from their blog subscriptions. This can be an important source of intelligence, as it can uncover other blogs via other users.

Google Alerts

An investigator favorite should be Google Alerts. Google Alerts emails daily updates to you of the latest Google news and blog results based on topics, names or search terms you add.

Some examples of using Google alerts for the investigator can include:

  • the name of a suspect or subject of an investigation
  • a company product name (assists you in product protection)
  • company principals’ names (useful for identity theft protection)
  • competitors’ names
  • your favorite topic

A caveat: search terms don’t always turn up the results you want, so you may need to tweak the keywords you search on. Refine them using the same rules as for other search engines: enclose specific phrases (like names) in quotation marks, and add plus or minus signs to make sure that Google only returns items with two terms mentioned in the same article (for instance, esi + “social networking”) or eliminates items with a particular term (such as esi – email).

Google Translate

With the international flavor of Internet investigations today, investigators will invariably encounter foreign languages during their investigations. Google Translate aids the investigator in the examination of websites in almost any foreign language.

Not long ago you had to copy and paste content into the Google Translate box. No more – now, when you have the Google toolbar installed, a pop-up header will notify you when you are on a foreign-language site and asks if you want to translate into one of 50+ languages. The translator isn’t perfect; some words have no English equivalent. But it’s certainly more than enough to get the site’s gist.

Google Patent Search

Investigating theft of intellectual property? Find out more about patents and their holders with Google Patent Search; enter the relevant keywords (again, this may take tweaking) and find the relevant information. (Google also has a Product Search, but this returns results that are not all that dissimilar from an ordinary Google search.)

Google Groups

General Google searches do not search the Usenet. However, Google has cataloged 20 years of the Usenet and and has made it available via Google Groups. Investigators can search the cataloged files for potential leads or intelligence on their cases.

Other Google tools

Orkut, not unlike Twitter or Facebook, is a social network popular in Brazil and India.
Google Voice, which allows you to pick a number in your own or your undercover identity’s area code, can be useful for undercover investigations.
Google Images and Google Videos allow searches for those two respective media. Useful for many different kinds of criminal cases including gangs, intellectual property theft, property crimes, and so on.
Google Trends show keyword topics that have trended through search recently.

Want more? Check out for a full list of Google tools, both beta and not.

Podcast: Todd talks social media, online investigations

Monday, November 30th, 2009

Canada-based podcasting service provider The Daily Splice recently started its own podcast: Law Enforcement 2.0, in which marketer Mike Waraich interviews individuals who are involved with encouraging police departments to “join the conversation” online.

Social media is, of course, beginning to figure into much more than conversation: it’s playing a role in everything from online crime to police recruiting to intelligence. Because all of this information must be verifiable, police need a standard methodology to collect it.

Which is why Mike invited Todd on the show a few weeks ago. For just about half an hour, the two discussed the following:

Defining online investigation in terms of standard methodology.

Would online investigation be less “scary” if the people conducting it knew they could do it without their veracity being called into question? Standardized process counts for a lot, so being able to date/time stamp, “digitally fingerprint” (hash), and log Internet evidence in the same way other forms of evidence are authenticated can make investigators’ jobs a lot easier.

Social media as a “neighborhood.”

Most everyone under 30 (and many over 30) are, in some ways, members of this online space. Just as in a real-world neighborhood, the number of “residents” = number of potential victims. And crimes are being committed, not just on the Web, but in other areas of the Internet which are their own communities. (Think chat rooms, instant messaging and Usenet.)

Whether law enforcement can coexist with community relations.

As long as law enforcement is an active participant in the online community, it cannot be misconstrued as “Big Brother” watching. Instead, it brings community policing concepts to the Web: like a park in a bad section of town, it will stay “bad” unless law officers go there, partner with people who live there to clean it up.

Reputation management.

What people post on the Web is there forever. Some law enforcement officers need to be made cognizant of this fact. Employers look at people’s social media profiles not just to make hiring decisions, but also to ensure their employees are maintaining the standard expected of them.

Part of maintaining that standard is not to avoid parts of the neighborhood which are not well understood or liked. Investigators who do need to understand that the “conversation” goes on without them. Not to be there for it risks missing valuable intelligence and other information.

In other words, as Todd put it, “You may not want to go into a bad neighborhood because you know bad things can happen, but you still need to be there.”

Understanding the neighborhood.

Just as a good cop takes time to learn the landscape and culture of the neighborhood s/he is responsible for, a good Internet investigator takes time to understand where people are online–and where they are moving, what they are talking about, what they are doing.

With hundreds of social sites, this can be hard to figure out much less monitor. But the more investigators learn, the more they can make online investigation part of their everyday work lives, the more efficient they will become.

The conversation wrapped up, of course, with a short discussion about WebCase and where it fits in all this. Thanks again to Mike for the interest. We hope to be able to participate in future podcasts!

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and public safety and can be reached at christa at christammiller dot com.