Stories
Slash Boxes
Comments

SoylentNews is people

Ichidan Is a Shodan-Like Search Engine for the Dark Web

posted by martyb on Monday September 25 2017, @05:56AM   Printer-friendly
from the not-as-hidden-as-you-may-have-thought dept.
Security

MrPlow writes:

Submitted via IRC for SoyCow5743

[On September 12], Bleeping Computer came across a new Dark Web portal that allows users to search Tor Onion sites in the same way users utilize Shodan to discover Internet-exposed services [1, 2].

Named Ichidan — the Japanese word for "first stage/step" — the service is located at ichidanv34wrx7m7.onion, and, in the long run, can prove a useful tool for anyone investigating Dark Web services.

"This search engine is gold," said Victor Gevers, after Bleeping Computer asked the researcher for an opinion. "There is so much we didn't know about many .onion addresses. I am just amazed at things I see."

[...] Under normal circumstances, Tor sites should not be exposing such wealth of information, as they could reveal the whereabouts and identity of the website's owner.

While this much data is good news when tracking down cyber-criminals and other crooks, this might not be good news if you're running a secret news portal in a country with an oppressive regime.

Source: https://www.bleepingcomputer.com/news/security/ichidan-is-a-shodan-like-search-engine-for-the-dark-web/

Original Submission

This discussion has been archived. No new comments can be posted.
Ichidan Is a Shodan-Like Search Engine for the Dark Web | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 1, Interesting) by Anonymous Coward on Monday September 25 2017, @06:09AM (4 children)

    by Anonymous Coward on Monday September 25 2017, @06:09AM (#572555)

    I pointed my Tor browser to the given onion address, and got a pretty worthless website that could return no results of value, regardless of my inquiry.

    Whatever it is, it ain't gold; this makes me think it's a trick.

    By the way, when I first tried to post this comment, SoylentNews responded with the following error message:

    Due to excessive bad posting from this IP or Subnet, anonymous comment posting has temporarily been disabled. You can still login to post. However, if bad posting continues from your IP or Subnet that privilege could be revoked as well. If it's you, consider this a chance to sit in the timeout corner or login and improve your posting. If it's someone else, this is a chance to hunt them down.

    Then, I got this:

    Invalid form key: BnDk00txgH

    Chances are, you're behind a firewall or proxy, or clicked the Back button to accidentally reuse a form. Please try again. If the problem persists, and all other options have been tried, contact the site administrator.

    Do not open shrink-wrap until you have read and agreed to the conditions contained within.

    Then I got this twice:

    Invalid form key: zZZKAgnqZe

    Chances are, you're behind a firewall or proxy, or clicked the Back button to accidentally reuse a form. Please try again. If the problem persists, and all other options have been tried, contact the site administrator.

    • (Score: 2, Informative) by Anonymous Coward on Monday September 25 2017, @07:17AM (1 child)

      by Anonymous Coward on Monday September 25 2017, @07:17AM (#572574)

      For the first problem, use the "New Tor Circuit for This Site" option in your browser. The admins have decided to block anonymous posting from certain IP addresses, including some Tor exit nodes. When you post a comment, it can be moderated up or down and the IP address you used is assigned "Karma." When the "Karma" goes negative enough, anonymous posting from that IP address is blocked.

      For the second problem, try copying the text you meant to post, using the reply link again, then pasting your comment and submitting it quickly. Logged-in users get much more time.

      • (Score: 2, Informative) by Anonymous Coward on Monday September 25 2017, @07:50PM

        by Anonymous Coward on Monday September 25 2017, @07:50PM (#572767)

        that your Tor circuit has changed between when you started to reply and when you actually manage to post.

        Tor circuits normally only have a 10 minute lifetime, unless an intervening node disconnects you first, and if the circuit is inactive at the end of that time you have to create a new one which almost always results in a new endpoint IP address and thus the message about the wrong key above.

        I just got in the habit both here and on the green site of just typing up my post, copying it, then going back and starting a new circuit and THEN posting a comment. Less than a half a page comment you might get in under the deadline, but anything longer you almost definitely won't.

    • (Score: 2, Informative) by Anonymous Coward on Monday September 25 2017, @08:25AM

      by Anonymous Coward on Monday September 25 2017, @08:25AM (#572586)

      Try entering an OS or distribution name for search, e.g. freebsd, raspbian, ubuntu. Those seem to produce results.

    • (Score: 0) by Anonymous Coward on Monday September 25 2017, @07:52PM

      by Anonymous Coward on Monday September 25 2017, @07:52PM (#572769)

      if you're concerned about "infections" you could also get a grown up's OS instead of being a scared slave.

  • (Score: 0) by Anonymous Coward on Monday September 25 2017, @07:34AM (2 children)

    by Anonymous Coward on Monday September 25 2017, @07:34AM (#572579)

    That's ... fascinating. Or something.

    • (Score: 2, Informative) by Anonymous Coward on Monday September 25 2017, @08:25AM

      by Anonymous Coward on Monday September 25 2017, @08:25AM (#572585)

      What they mean is that it's like shodan.io which polls various services running on hosts around the Internet, and saves the banners into a searchable index.

    • (Score: 1, Informative) by Anonymous Coward on Monday September 25 2017, @08:34PM

      by Anonymous Coward on Monday September 25 2017, @08:34PM (#572783)

      The other site has had multiple mentions of this.
      In particular, I remember the first one, from 2013.

      The Search Engine More Dangerous Than Google [slashdot.org]

      a search engine that is designed to look for devices on the net that are not really intended to be viewed and used by the general public
      [...]
      Countless traffic lights, security cameras, home automation devices, and heating systems are connected to the Internet and easy to spot. Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler, and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.

      -- OriginalOwner_ [soylentnews.org]

  • (Score: 4, Insightful) by Anonymous Coward on Monday September 25 2017, @12:26PM

    by Anonymous Coward on Monday September 25 2017, @12:26PM (#572626)

    Exposing the security issues of onion site servers is better than letting the NSA and FBI exploit them for years while continuing to pretend Tor is an unstoppable force for evil.

  • (Score: 0) by Anonymous Coward on Monday September 25 2017, @01:27PM (1 child)

    by Anonymous Coward on Monday September 25 2017, @01:27PM (#572647)

    Maybe some peopld just dont want to go thru trouble of dyndns ir pony up a domain name?
    Not caring too mych about the speed hit via tor they can get a "domain" for free ... even if its a dynamic assigned ip from isp.
    Other then that ... the sky is falling : ]

    • (Score: 0) by Anonymous Coward on Tuesday September 26 2017, @12:16AM

      by Anonymous Coward on Tuesday September 26 2017, @12:16AM (#572857)

      It's cheap (free if you're not fussy about getting a memorable name) but it only works for visitors who have Tor.

(1)