#1 2020-10-14 13:10

TormarketSupport
Verified Vendor
Registered: 2019-03-31
Posts: 716

DarknetLive and Dark.fail links to markets - a huge liablity

For the biggest payday, instead of hacking a market, take over the sites that host market links.

Stop trusting DarknetLive or Dark.fail every time you visit a DNM. You need to bookmark or keep your own copy of the URL. If someone manages to hack DarknetLive or Dark.fail or a rogue employee alters the site, then all the people that follow the fake links could lose money.

In the last week on Tormarket a lot of international vendors stopped visiting. I just found the reason was Dark.fail has been showing an old v2 onion address that was retired about six months ago. The old address was showing a redirect page explaining to use the new v3 address, then last week it was finally turned off completely. The vendors had been navigating to Dark.fail every time to log into TM, and ignoring the redirect warning page every time.

Dark.fail had been told before to change the link but never did anything.

With markets often changing URLs you may need to use DarknetLive or Dark.fail to find a current working link. If using a new link you haven't used before, use the markets PGP key to verify the URL before making any crypto transactions with the market. This only works if you have the PGP saved from when you first created the account, because if you didn't save the PGP key you now have the same problem of not knowing if the PGP key is real or fake.

#2 2020-10-14 13:20

l4weed
Member
Registered: 2020-10-13
Posts: 5

Re: DarknetLive and Dark.fail links to markets - a huge liablity

This definitely could of got me I used Dark.Fail for all my links. I actually tried to post about this last night but it said I had to wait like 3000 seconds. What is the best way to know its TorMarket and TorMarket forums could you possibly add a secret phrase it will display when you login or something? Cheers for the warning.

#3 2020-10-14 22:10

TormarketSupport
Verified Vendor
Registered: 2019-03-31
Posts: 716

Re: DarknetLive and Dark.fail links to markets - a huge liablity

The urls rarely ever change here. People got into the bad practise of using those sites too much because markets were creating new urls every hour trying to stop DOS attackers. Just save the URL and ensure you never use anything different to what you saved.
The attacker relays traffic to/from the real site and swaps out parts of the html so there's not really much that can be done.

#4 2020-10-14 22:10

epicscene
Member
Registered: 2020-04-17
Posts: 35

Re: DarknetLive and Dark.fail links to markets - a huge liablity

l4weed wrote:

This definitely could of got me I used Dark.Fail for all my links. I actually tried to post about this last night but it said I had to wait like 3000 seconds. What is the best way to know its TorMarket and TorMarket forums could you possibly add a secret phrase it will display when you login or something? Cheers for the warning.

The best way to know it's TM or NZ Darknet Market Forum's is to verify it using PGP. A secret phrase won't do much, Just verify using PGP then you won't have an issue, Or bookmark the V3 link.

#5 2020-10-15 12:10

TormarketSupport
Verified Vendor
Registered: 2019-03-31
Posts: 716

Re: DarknetLive and Dark.fail links to markets - a huge liablity

DarknetLive is a better site and more trustworthy. The main function of these sites is a directory service. If a DNM loses its hidden service secret key the directory service needs to alert people immediately to the new hostname/url. Dark.fail has failed to perform this simple task and can't be trusted as reliable.

#6 2020-10-18 05:30

544782637
Member
Registered: 2020-09-12
Posts: 7

Re: DarknetLive and Dark.fail links to markets - a huge liablity

Could the issue with non-updating of darkfail.io links be caused by the market not implementing the parts of the Onion Mirror Guidelines ("OMG") (documented at http://darkfailllnkf4vf.onion/spec/omg.txt)

<quote from spec>
Sites which do not implement these guidelines by Dec 1, 2019 will be
marked as "unverified" on darkfail.io and listed below all other sites.
</quote from spec>

For example:

/pgp.txt - Required - HTTP 200 text/plain
/mirrors.txt - Required - HTTP 200 text/plain
/canary.txt - Required - HTTP 200 text/plain
/related.txt - Optional - HTTP 200 text/plain

According to this we should expect to see resources accessible at these locations:

http://rrlm2f22lpqgfhyydqkxxzv6snwo5qvc2krjt2q557l7z4te7fsvhbid.onion/pgp.txt (404 not found)
http://rrlm2f22lpqgfhyydqkxxzv6snwo5qvc2krjt2q557l7z4te7fsvhbid.onion/mirrors.txt (404 not found)
http://rrlm2f22lpqgfhyydqkxxzv6snwo5qvc2krjt2q557l7z4te7fsvhbid.onion/canary.txt (gives 200 OK. looks well formed and up-to-date)

I wonder if darkfail.io refuses to respond due to the fact that the main "OMG" endpoint for PGP verification is not implemented - although, now that the old v2 site is offline, none of the endpoints known to darkfail.io are accessible so the hope would be they still have the market key on record somewhere.

#7 2020-10-18 13:10

TormarketSupport
Verified Vendor
Registered: 2019-03-31
Posts: 716

Re: DarknetLive and Dark.fail links to markets - a huge liablity

Tormarket has never contacted any directory site asking to be listed and there's never been any agreement to follow some spec or request to have services checking uptime etc. A canary system was needed (because Covid could have killed half the population) and since someone had already thought of a standard to format this file, the canary was based on that.
You have a point though, if they designed the spec, they might be annoyed some market isn't using their system.

Board footer