English Thread

Сообщения
2.085
Реакции
1.588
The section is created for English-speaking users of darknet. Welcome to the best russian darknet forum and marketplace named RuTOR. Here you can find and buy drugs, weapons, counterfeit money, a lot of guides and manuals, and security focused sofware as well.

Our project "WarTech" is a co-working of two enthusiasts who develop unique debian based operation system for illegal activities in the darknet. Its name is the "WarTech CR1ME Linux". The "CR1ME's" armor protects mostly against the network- (deanonymization etc.) and forensic attacks.

We have created also a Line Age based custom ROM-firmware for the cell-phone "Xiaomi Redmi Note 5a 16gb" its name is the "WarTech DRUG0N", and it's designed for the drug-sellers who work with a stuff on streets. The "DRUG0N's" armor protects mostly against the physical attacks, like a hit in your back, and then your smartphone will be taken from your enemies for an inspection - against such things.

We are not enough skilled in English but we will try to answer each question, and to translate step by step all of our guides into English as well. So dont be shy and ask us, its free for you and costs nothing. Be finally our guests, for fuck's sake ))
 
Последнее редактирование:
Сообщения
2.085
Реакции
1.588

WarTech CR1ME - the unique Linux and Android operating systems for solving of risky tasks.

WarTech CR1ME is a joint project of two enthusiasts, which target was a develop of niche complex of tools for solutions of tactical tasks like an anonymous business on the Internet/Darknet.

After a year of intense daily work, we are proud to present you our masterpiece - complex WarTech CR1ME. The complex is based on a custom distribution (OS Linux), built on a stable core Debian 4.9.0-6-amd64.

Our services aren’t confined only by distribution because of impossibility of anonymity and security without a comprehensive and complex approach, but we’ll tell it to some detail only during negotiations. And now we’re going to tell you only about main advantages of our OS.

Use cases.

WarTech CR1ME can successfully complete assigned tasks, working in two modes of operations. The first one is installing of encrypted OS on the USB Flash Drive or Micro SD card. Using system this way, you have a system of emergency destruction of encryption keys both at system startup and during using of system, which makes all data unrecoverable. However, I have to remind you that this variant of protection is useful until the data storage gets into the crime laboratory, so mechanical damage is most desirable.

The second one is loading of system in the RAM. After that OS doesn’t need HDD or USB Flash Drive. For data destruction you only need to deenergize your PC because RAM is volatile. This option of installation neutralizes any risks of outdoor arrest a cause of instructions of uniformed services: during the search they have to turn off any devices exactly by deenergizing and disconnecting power cords and batteries.

Architecture

Anonymization

Anonymity is realized by redirecting all traffic through TOR using iptables, including all system requests such as synchronisation of time, DNS requests etc. Traffic is obfuscated by transport protocol obfs4 and nontransparent for the outsider.

In order to completely change the network IDs, all network applications (messengers and browsers) are closed in parallel with the change of the exit nodes, after which their caches are irretrievably deleted. It eliminates the leakage of any identifiers between sessions. The "raw" IPv6 protocol is completely cut off.

In addition to the TOR router, the I2P router is installed and overclocked. This is the most anonymous network from the existing at the moment. In the system, it solves two important tasks. Firstly, it doesn’t allow analyzing timings because launched through TOR it generates monotonous background traffic, mixing with the main one, and it becomes unobvious when you work and when the machine is just turned on.

Besides, with its help communication with your team can be absolutely inaccessible for interception or analysis of traffic/timings, but you shouldn’t not communicate with clients using this tool because Tor is more suitable for this.

TOR-router already configured with tactical tasks in mind: traffic is obfuscated, in addition to the rotation of middle and exit nodes, we realized rotation of bridge relay when it’s reconnecting using the correct pooling. Exit nodes of your country of residence and its allies in the war against cybercriminals will be excluded as well as the sites whose domain cannot be identified. Herewith TOR is configured with the prohibition of violation of this policy - even if other nodes do not available at the moment, it doesn’t use the excluded ones. In addition, we cut off the retransmission of someone else's traffic and prohibited the recording of logs on the data carrier.

The complex includes tools for anonymizing of .jpeg graphic files, in which, as we know, metadata (EXIF) is prescribed. Similar packages are available in the T.A.I.L.S. system.

Aside from anonymization of traffic, WarTech CR1ME provides you a unique level of security - working without using GSM standard and switching to work via WiFi networks. It gives you a complete absence of such identifiers as IP-address, IMEI, IMSI, serial numbers of radio modules and SIM-cards, firmware versions and absence of logs, timings and so on. At the same time the complex was assembled with the guess that the level of operators will be null - the entire procedure is automated and only a couple of days are required for acquisition. The only thing that will need to be purchased individually is a set of equipment (adapters and antennas). Of course, we always consult on the choice of models.

Security.

Our complex has automated systems of viral detection, “trojan horse” programmes, backdoors and rootkits (programmes that hides attacks and traces of the work of attacking programs). Start-up of systems is carried out from the menu by a push of a button.

Also there are tools for guaranteed deleting of files and information on data carriers. In addition, we added tools from arsenal of the criminalists - you can control the quality of deleting of data by them.

Along with that Lynis, auditor of sensibilities, are installed in the OS. It shows the index of “strength”, our is 89-92 (it depends on the speed of your Internet connection). As a comparison, all stock distributions, including T.A.I.L.S., have an index of not more than 60.

Manager of secure storage of passwords and tool for creation of encrypted folders and partitions are installed too. Access to both of applications is possible by the password + file key.

In the browser is present the selection of sites for individual analysis of your network security.

Programmes.

In spite of the “war” appearance, WarTech CR1ME is quite comfortable in case of the longtime work. The interface made in dark colours, which do not tire the eyes. For the evening work there is a screen “dimmer”, which changes the color temperature and makes the image less bright with the course of time.

Any programme can be placed as an icon on the status bar, on the upper right corner, even if that function is not provided by developer. This greatly increases free space on the desktop.

The complex has two browsers, one for TOR, second for the I2P; two clients of Telegram, equal and independent one from another (number of clients can be increased by the request); Pidgin with OTR for the xmpp protocol (jabber); Ricochet, decentralized messenger with no servers, so nobody can intercept your messages, timings, contact lists or identify your ID.

Tools for working with RDP (Remote Desktop Protocol) and OpenVPN (Virtual Private Network) are installed. We don’t want to force you to use something, because we believe that client should choose by himself who to trust and nobody should know which services does he use.

Finances

Electronic wallets of BitCoin (Electrum) and ZeroCash (the one and only totally anonymous crypto currency) are installed.

To enter the payment systems, which do not really welcome the TOR exit nodes, there is a possibility to hide the fourth node - ssh server. That scheme gives you a pure IP-address for a communication session and additionally encrypts traffic on the exit node (end site).

I think it makes no sense even to mention about all other small things. System has absolute majority of what you need to work and about 40% additionally, about what you didn’t even guess.

Terms of transaction.

The delivery of the system is totally anonymous, excluding transport companies, snitching of the messengers and payment systems. We deliver it by uploading the digital copy of the digital memory chip. You can find out all the details by messaging us in jabber (see: contacts) using a one time account.

Contacts.

Everybody is strongly requested to ask us all the questions in the private messages or jabber and do not flood with posting messages like “good luck with your work” in that topic. It will be easy to you to write us in the PM if you’re so happy for us, we'll surely answer you.
Thank you for your understanding.
Our Jabber: [email protected]
 
Последнее редактирование:
Сообщения
2.085
Реакции
1.588
Why VPN is bullshit but not an anonymity.

From the author.

On every “dark” forum exist at least ten topics with discussions about VPN (Virtual Private Network) services. And what is fucking indicative no one discuss a question: «Does VPN gives anonymity at all?» Everyone discuss «What kind of VPN is better?»

And these discussions are going from that VPN benefits in terms of anonymity is not a theory or hypotheses, but axiom.

WHO TOLD YOU THAT VPN GIVES AN ANONYMITY?

Where is an opinion of expert in anonymity who thinks that VPN is useful for that? Show me at least one link. All the arguments I’ve ever seen is:

1. VPN services wrote this on their webpages;

2. Everyone use VPN services;
3. X told «it’s okei» on his webinar (but X is an expert only in his dreams and did not commit any crimes but thinks that he can give advices for people committing crimes every day).

I didn’t see nothing more sensible than that crap. And I’m 101% sure that I will not. In that article, I will explain why.

“A” is for “Alphabet”

Let’s start with identifying of terms because as my practice shows not many people understand what anonymity is (which do not prevent them from discussing that theme from the “expert” position). I’ll try to explain maximally simple and understandably, with using all the examples we need.

“A” is for “Anonymity”

Anonymity is when everyone can watch your actions but no one knows that YOU are doing it. For example, you’re wearing a black balaclava, black jeans and black jacket and going to an unfamiliar courtyard where you urinated on residents eyes. In that case you are anonymous because everyone saw that you were urinating but no one knows it was you.

“P” is for “Privacy”

Privacy is when everyone see that you’re doing something but no one can sees what exactly you’re doing. For example, you closed your smartphone screen with your hairy heel of hand hiding something you’re watching right now. Everyone know that you’re watching something bad, but it’s just on a suspicion level. In that case, you having a private watching of porn because everyone see that you’re hiding something but they can’t prove that you're watching porn or something else.

“S” is for “Safety”.

Safety is a set of measures aimed at prediction of damage from probable vectors of attacks. It means you’re at a guess where you can trip a mine and in advance thinking about

A: How can you evade it;

B: How to be if it happened.

If you have a solutions for each kind of vectors of attack (deanonymization in network by identifier, deanonymization in network by crossposting, checking by financial schemes, checking by agent data, special op aimed at your capture) then I can only praise you and be happy because of that. If you haven’t, then it’s your top priority because habit of thinking that no one will jail you because you’re a drop in the ocean someday will knocks the hell out of you, I guarantee that.

Opinions of real experts.

VPN services can be for money or for free. In my opinion, it’s stupid to write like that but there are newbies who don’t understand even this.

Service needs money, it’s an axiom. Well, if commercial services take money for their VPN, it’s normal. I haven’t any questions like «Where they find money to pay wages, taxes, rent, equipment etc». But where non-commercial services find money for that?

It’s simple. They sell logs of their abonents. Yes, it is. They will send logs of where you’d walked, what had watched, what had searched to every one who’ll pay. Usually it's bought for analyze of direct-advertising but in my view even this is a scumbaggery. I also think that it’s business, so there are nothing personal.

Thus, in that article I will contemplate exactly VPN, not that “gratuitous” piece of shit for newbies.

Let’s see what Wikipedia will tell us (https://en.wikipedia.org/wiki/Virtual_private_network#Security_mechanisms)

«VPNs CANNOT make online connections completely anonymous, but they can USUALLY increase privacy and security» which means VPN have problems even with privacy and security, not just with anonymity.

Private networks wasn’t developed for solution of tactical task like total anonymity. They just encrypt data in order to prevent facile interception of confidential traffic. For example, we have to transfer a commercial classified information from office A to office B. Attacker knows that information is transmitted between two nodes and even guess what information it is. But interception of that information is senseless because of technical issues: decrypting of these logs is technically hard to do, logs will lose their value and stop being commercial classified when decrypting will be done.

And there are thoughts of T.A.I.L.S. developers about VPN (https://tails.boum.org/blueprint/vpn_support/)

«Some users have requested support for VPNs in Tails to "improve" Tor's anonymity. You know, more hops must be better, right?. That's just incorrect -- if anything VPNs make the situation worse since they basically introduce either a permanent entry guard (if the VPN is set up before Tor) or a permanent exit node (if the VPN is accessed through Tor).

Similarly, we don't want to support VPNs as a replacement for Tor since that provides TERRIBLE anonymity and hence isn't compatible with Tails' goal».

I remind you that T.A.I.L.S. is non-commercial and distributed for free, so developers have no reasons to lie. And with the sellers of “anonymity” all is quite opposite because they have reasons to infix in minds of people that TOR is “insecure” or “useless”. That’s the way they’ll have more money from dupable newbies.

Probably you’ll have a question: «Why number of servers does not “increases” anonymity?» I’ll answer it.

For the solution of this tactical task three “hops” from server to server is enough.

[user] --hop1--> [node] --hop2--> [node] --hop3-->[internet]

The meaning of that daisy chain is it to be without such a node that is simultaneously known for user and the site (point of destination), to be without a weak point that “knows too much”. Upon condition of constant change of nodes and chains (in TOR and I2P nodes/chains “lives” just 10 minutes) it’s enough. In that case we have only two intermediate nodes where we can left information which is interesting for a foe.

If we’ll increase a number of nodes in our chain, it will not gives us any increase of anonymity because user and point of destination are separated with no weak point where user or site data can left. But the number of nodes where we’ll show ourselves will be increased, and so the chances that some of them are under enemy control will be increased too.

So the increasing of number of nodes will reduce our security, not increase. Especially if they're permanent (not changing). And especially if they have data about our online wallets. And ESPECIALLY if their IP-addresses are known for everyone interested in it (addresses of VPN servers are in open access on sites of other services).

VPN zealot.

Why do you think that services will not disclose you, will not put you in the police? Excuse «I didn’t know that» can exists only until official notification will be received. But when official document of every uniformed service will come, like this one

VPN service staff will be in a situation where they know your IP-address, know your online wallets, which you used, and know that you, undercovered by their honest name, were committing crimes. And for sure they provided for situations like this and wrote something about disclosing of you in their Privacy Policy (which one, I'm certain of it, you didn’t read).

Rejecting from disclosure of your data will be classified at least like concealment of crime and as maximum as abetment. Why do you think that someone will escalate situation between them and uniformed service because of one from tenner or even hundreds of thousands clients, because of one who INFRINGED A RULES OF SERVICE and who COMMITTING CRIMES? And don't tell me that VPN service based in Italy. Exchanging of information now is an often occurrence, so the specialists of your country will send an inquiry to an office of VPN service AND to Italy specialists.

In conclusion I would like to tell that there are “darkside” VPN services which invented how to refuse disclosures of information and inquiries of “take down” (to stop serve client). Their solution is:

1. Registration of a legal body in countries with loopholes in the law or with laws which is loyal to such activity;

2. Server building on volatile mediums.

But I will not mention them because they’re not much better than usual VPN services. Basis of anonymity it is lack of your own identifiers (you have to work with another’s WiFi access point + TOR with obfuscation (disguise) of traffic. That’s why in T.A.I.L.S. all traffic are going through TOR with Aircrack-ng tool. So the WarTech CR1ME Linux - is an evolved T.A.I.L.S. that allows you to install software you need, gives you inbuilt flexibility for customization and much larger arsenal to live in web.

P.S. Well, which VPN is better?
 
Сообщения
2.085
Реакции
1.588
Comparison of the risks of working through your 3G modem and through someone else's WiFi.

This article has been for a long time in my plans and now, when firmware and Linux is practically brought to the perfect (except some routine questions), I can get to be a graphomaniac. In this article I’ll answer you why you should use someone else’s WiFi and what tactical advantages it gives.

For kitchen theorists and mum’s hackers.

I’ll start with busting a myth that it’s impossible. There are usually 2 main arguments in favor of this bullshit:

1. Adapters can connect only to your neighbor behind the wall;
2. It’s really hard to hack someone else’s WiFi so you have to have a big head, like horses have, to place such a brain.

Let’s take to the pieces both of them.

The first one is based on that kitchen theorists never worked with a normal equipment. Yes, adapter of the laptop can see a little of WAP (Wireless Access Point) and can connect only to the neighbor’s one, but there are no any difficulties in buying of equipment which “shooting” for a bit longer distance than a one wall.


^ adapter on ar9271 chipset with antenna with gain power of 5dBi - it can find WAP for a distance of tens of metres.

The second one is based on the lack of practical experience (except the error «WiFi is unhackable» there is another one: «i vvill install kali linuks and destroi u easy-peasy» - both of them speaks of the complete lack of practical experience of mum's hackers). I won’t lie, you’ll not learn how to hack a WiFi in 5 minutes. There is no magic pill, so you have to go into details. But also there is really nothing to study there for five weeks either. If you are taught by a practitioner, then it's enough for you to study 3-5 lessons with him for a couple of hours each, after which you’ll be able to hack WAPs for your work by yourself.

Absence of geolocation

The first tactical advantage is absence of the exact geolocation. The basis of a modem or a cellular phone is a radio module, it’s where you placing your sim-card. Firmware of the radio module is configured such a way that every 15 seconds, the ether is scanned and the signal strength of all available base stations is compared, so the radio module reconnects to the station with more powerful signal or continues to work through the current station, if its signal overlaps the others. The movement of the subscriber can be find out by the history of these requests.

In the cell phone there are GPS module too, and its accuracy is about 1 metre (military GPSs have accuracy about 15sm). That’s why you shouldn’t use your cell phone as a mobile Wi-Fi hotspot and that’s why you should use modems if working through someone else’s WiFi is impossible.

If you work through someone else’s WiFi, there are no any talks about «1 metre accuracy» of determining your location. You’re on the distance of tens and, maybe, even hundreds metres from WAP (yes, it’s not as cool as sellers convince you when saying about 4, 12 and sometimes 54 kilometres. In the city there are dissected landscape, lots of interferences and WAP is low-powered). But this is still tens or hundreds of times less accurate geolocation than when working through a modem.


^Adapter on ar9271 chipset with antenna with gain power of 5dBi and adapter on rt3070 chipset with antenna with gain power of 8dBi - the second one can find WAPs for a distance of hundred meters.

Absence of logs.

Logs are disabled on many routers. People are so careless that often it just amazes me. There are no passwords on admin-panels or there are default admin-admin/admin-1234.

But even if logging is enabled, it’s not a big problem because there are no volatile mediums on the routers, so you just have to reboot it using control console and logs becomes lost for ever.

Absence of payments.

You don’t have to pay for someone else’s WiFi. And the main advantage here is not saving your money but paying for the SIM-card using personal or working wallet instead of using terminals. It gives another one weighty criminating evidence for your probable enemy.

Complexity of the direction finding.

Undefined SIM-card and undefined modem don’t give you security. Because your real phone, phone of your wife or your neighbor can be known by analyzing of timings. Their phones can be analyzed and that’s the way how someone can get data about you.

Die hard.

Your enemy can get tactical advantage by disabling your SIM-card: you’ll lose your connection with your team. But it’s difficult to stay without Internet working through someone else’s access points. Even if your pool is minimal (5 WAPs), one of the WAPs will work and you can fastly send or get critically important information.

Furthermore disabling of the SIM-card doesn’t unmask your enemy - you’ll think that it’s blocked by MNO (mobile network operator) because your SIM-card is undefined. But if someone start jamming the range of 2.4 or even 5 GHz, it immediately unmasks him. When I am fooling with mdk3, I can hear screams all around me :D


^Adapter on rt3070 chipset with antenna of "wave channel" type (also known as "Yagi–Uda" or "Yagi" antenna) with gain power of 16dBi. That antenna gives stable signal even on extremely long range distances but needs a tripod to accurately pointing at the signal source.

Absence of identifiers.


Adapter leaves only hostname and MAC address in the logs of the router. Both of them can be falsified even by a child. Firstly, it gives you an opportunity to change your IDs on the IDs of the owner of WAP, for example MAC and hostname of his laptop. Secondly, it’s not a weighty criminating evidence because «MAC can be easily falsified, I can “draw” you MAC you need».

And with the modem IDs, everything is sad. Firstly, there are about 15 of them. And by changing your IMEI you just don’t get a fucking anything, except an unnecessary attention («don’t you fool us with the tariffs, making your traffic unlimited, huh?»). Secondly, modem IDs is a REALLY HARD evidence because nobody can spoof all 15 IDs at once.

Noncriticality of leakage of someone else’s identifiers.

Finally, the great virtue of working through someone else’s WAPs is a noncriticality of the leakage of his identifiers. Even if you unmask IP-address of the WAP, it doesn’t matter. Firstly, uniformed services will start their searches from the owner of the access point. For sure, he’ll scream about he was hacked, but who’ll believe him? Uniformed services will pick for long his WAP, so you’ll find out when it happens by a long absence of this WAP. And while the owner will be "worked over", you’ll have some time to change your residence.
 
Последнее редактирование:

K152WfLim2

Местный
Сообщения
575
Реакции
190
Hi! It's a great article, bro. But, as usual: you should improve your English continually ;)
 

darkers

Пассажир
Сообщения
2
Реакции
0
Hello everyone I just wanna ask her, this site its available for carding?
 

El_CAP

Пассажир
Сообщения
3
Реакции
1
This is a really interesting thread, and its the first one I've come across in English. Thanks for sharing!

A quick question, I notice you mention Zerocash as "the one and only totally anonymous crypto currency". What do you think of Monero?
 
Сообщения
2.085
Реакции
1.588
This is a really interesting thread, and its the first one I've come across in English. Thanks for sharing!

A quick question, I notice you mention Zerocash as "the one and only totally anonymous crypto currency". What do you think of Monero?
Hi! Thx for the question. Monero good as well, i use them instead zcash.
 

vikingmethods

Пассажир
Сообщения
1
Реакции
1
Hi Wartech ,
I am new here and just consumed thiscontent and i must tell you itssuper intresting and helpful. You have such intense knowledge of what you are doing and all i can say is BIG THANK YOU forknwledge sheared.
You stated everything perfectly and this is highly appreciated .
I am very new here and new to the game and this is by far the best i have read . Can you kindly guide me about security etc.
 
Сообщения
2.085
Реакции
1.588
Hi Wartech ,
I am new here and just consumed thiscontent and i must tell you itssuper intresting and helpful. You have such intense knowledge of what you are doing and all i can say is BIG THANK YOU forknwledge sheared.
You stated everything perfectly and this is highly appreciated .
I am very new here and new to the game and this is by far the best i have read . Can you kindly guide me about security etc.
Hi. What kind of guide you need?
 
Сверху Снизу