secretsofthedark

What Was the Nth Room? (Disturbing Content, NSFW)

Those of you who read here regularly know that red rooms have been an occasional topic of discussion, and also know that horror/mystery YouTubers are much appreciated. YouTuber ReignBot, who covers subjects like this, recently made a video entitled The Nth Room Chatrooms (embedded below), which deals with something very similar.

The title refers to a series of Telegram channels hosted in South Korea, known as the Nth Room(s), that basically fit the red room definition and were every bit as horrible (with the one exception that the victims weren’t being killed on camera, but tortured).

According to articles about the chatrooms, the victims were blackmailed into performing forced sex acts of all kinds, from putting their underwear on their heads, to full-on rape, as quoted in an article on Koreaboo.com. You may wonder why the victims participated in the first place; initially, the operators of the site lured them via dubious job offers on places like Twitter. They were asked to send pictures of themselves, soon followed by sexual abuse videos. If the victims decided they wanted to quit, their pictures and personal information were used against them as collateral.

Two reporters from the newspaper Kookmin Ilbo eventually infiltrated the chatrooms and witnessed some of the horrific crimes, which was how they came to be known to the general public. As one reporter described:

Most of the victims seemed to be in middle school. The girls are barking like dogs. I saw the girls naked and lying on the floor of the men’s washroom with my own eyes.

The article also mentions that there was a photo of one of the administrators of the site, “Baksa,” commanding one of the victims, who had the words “Baksa” and “slave” carved into their body. The (non-consensual) scarification was a method of telling viewers that the “slaves” were under his control.

A Wikipedia article about the Nth room case explains some of its complexities. A Telegram user going by the name of “God God” created the original groups, named after their ordinal numerals (1st, 2nd, etc.), and thus the “Nth room” nickname. A second user, by the nickname of “Watchman,” advertised links to these groups in another Telegram group called “Gotham room.”

In July of 2019, a Telegram user nicknamed “Doctor” created another Telegram room on which he distributed sexually exploitive pornography, which was accessible to users via a cryptocurrency payment (likely bitcoin). Doctor threatened women by discovering their personal information, followed by uploading their pictures and videos. When news reports first came out about the story, Doctor even figured out the personal information of the reporter and made it public. Eventually, it came to light that Doctor’s real identity was a 24-year-old named Cho Joo-bin, according to the South China Morning Post.

In a second Koreaboo article, one of the victims of the Nth room case spoke out about what happened. She explained that the perpetrators lured victims, like herself, with the promise of money. They targeted young girls who were in desperate financial situations, which seems common in cases like this.

As it relates to the red room phenomenon, the concept is very similar: torture victims on video for a paying audience. The main difference in this case is that the abuse did not take place over Tor. This is not to say that everything that happens on Telegram is nefarious (just as on Tor), but like Tor, due to the app’s encryption and anonymity capabilities, it sometimes lends itself to criminal activity.

It makes one wonder, however, if there are other such cases taking place on Telegram, or on other such apps like Signal or Tox. No verified stories have come out about such things as of yet, but the possibility exists.

I2P: Personal Experiences

Following Tor, at some point, I became interested in other anonymity networks as well. One of the first ones that I’d heard of at this time was I2P, although from a technical standpoint, it’s one of the most complex. Unlike Tor, it didn’t have its own dedicated browser, although any browser can be configured to use I2P. You can download the software at geti2p.net.

At that time, I was still using Windows shudder, and though I2P has a Windows version, it seems like it’s oriented toward more advanced users. What I know now (and this seems awfully simple) is that you just have to adjust your proxy settings to be able to access it from most browsers. For instance, in Firefox, it’s under about:preferences#general, and then “Connection Settings.” You then click “Manual proxy configuration” and set HTTP Proxy to 127.0.0.1, Port 4444.

In any case, once I had had this set correctly, the “I2P Router Console” popped up, which looked similar to this:

Besides the proxy settings part, this is where it became somewhat confusing as well, because as opposed to Tor, it felt as though there were many directions in which you could go. There was the “Addressbook,” in which you could add different hidden services (“eepsites”), “Configure Bandwidth,” “Configure UI,” etc. At the very least, the Router Console does feature “Hidden Services of Interest,” which are some general eepsites that are suggested for newcomers, like the I2P Wiki and anoncoin.i2p (which has a clearnet mirror at anoncoin.net).

Eventually, I started to get the hang of all this and just started looking around, as on Tor. I looked at most of the hidden services that were listed on the router console above, and also started to familiarize myself with some of the settings. There’s actually an excellent subreddit for I2P at /r/i2p as well, for those of you who want to join a community of others involved with this. One of the places in which I found some other eepsites, at the time anyway, was Nekhbet.com: I2P Links, but I have no idea if most of these are still online, because the site is from several years ago. The list features eepsites in a number of different categories, including multimedia, filehosting, and forums.

Confession: I was a bit late to the world of torrenting, but it’s something I’m into now, and I2P is one of the best anonymity networks for torrenting. On my current machine, I have a Bittorrent client called Transmission, which does the job as well, but on I2P, one of the most popular clients is called I2PSnark. I2PSnark is a fork of a Bittorrent client called Snark, so they work similarly. As a matter of fact, I2P comes with this service built in, so you don’t even have to install it separately. I’ve only used it a few times to download music and such, but it seems to work just fine.

I learned to use I2PSnark via several other tutorials that I found, so you may find these helpful too: Untraceable: How to Seed Torrents Anonymously Using I2PSnark and Bittorrent over I2P (from the official documentation). I’m aware that new DMCA laws now make it possible to serve prison time for filesharing, but realistically, there are people who have done it quite a bit more than I have.

After becoming more experienced with I2P, I eventually started using the Android version as well. Like the PC, Mac, and Linux bundles, it has a router console, but on the Android version, to stop and start your connection, you long press a button, as below:

This is an older screenshot; on the version that I’m using right now, it says “Network: IPv4: Firewalled; IPv6: OK.” As you can see in the screenshot, it also tells you how many active peers are known on the network. Under the menu that says “Addresses,” you can find other I2P eepsites; in fact, this is one way that I found quite a few more than on any other search.

At present, on Linux, I’m using the Debian version, so read more about it on the official page. For a time, I had also used an unofficial I2P Browser, which was a Firefox fork tweaked for I2P. In appearance, it looked similar to the Tor Browser, but didn’t have an outproxy to the clearnet (this can be set up if you wish). Anyhow, there are a lot more features on I2P, which I might discuss in future posts. What didn’t I cover here that you would like to see more of?

Deleted by WordPress!

Well, it finally happened. WordPress suspended the original Secrets of the Dark blog in violation of their terms of service, which is odd, because I had been writing about the dark web and related things for around five years.

I suspect that someone complained about a specific post, which may have been the impetus for them suspending it, but I'm not sure. They didn't specify in the notification what the cause was for them shutting it down.

Fortunately, many of the older posts are at least on the Wayback Machine, so I may repost some of them here or just write new ones. In addition, I may move here permanently, or I've also been writing on Substack, which is an option as well. Substack seems to be a platform for more formal articles, of course.

In any case, there are lots of options! I plan on building everything back up from scratch, and will not be defeated.

Dos and Don'ts of the Tor Browser

A friend of mine asked recently about dos and don’ts of using the Tor Browser, and there are quite a few; in fact, I may not know all of them offhand, which is why it’s good to read the official Tor Browser manual and other documentation made by the Tor Project.

That being said, there are some definite things that you should and shouldn’t do with the Tor Browser:

Do use the official Tor Browser from the Tor Project: The only Tor Browsers you should use are ones made by the official Tor Project, including ones for different platforms. Currently, the official ones work with Windows, OS X, Linux, and Android.

Do use .onion services if they’re available: Some clearnet sites also have Tor hidden services (.onion sites) as mirrors. If you have the option to use either, the onion service, if configured correctly, is likely to have better anonymity.

Do use different passwords and usernames on Tor: Depending on what your threat model is, on Tor, it’s better to use different passwords and/or usernames than what you’d use on the clearnet. Use your password manager or something like Diceware to generate new passwords for Tor sites.

Don’t install plugins or add-ons: Tempting as it might be to install plugins like password managers and other plugins that you’re accustomed to on other browsers, with Tor, these can be harmful rather than helpful. Because Tor’s purpose is anonymity and security, installing add-ons differentiates you from other Tor users. Using the example of password managers, you can use a manager like KeePass, which can store your passwords offline, and copy the passwords into the sites on Tor.

As user SuperSluether put it on StackExchange:

Look, using plug-ins in the Tor Browser is the same as using your default browser. Any protection from Tor is lost because the plugins COMPLETELY IGNORE THE PROXY SETTINGS.

In fact, it’d be easier to set up a local Tor proxy, and tell your default browser to use that. Since plugins ignore the proxy, you’ll get the exact same effect as on the Tor Browser.

Don’t torrent over Tor: Tor notoriously is bad for torrenting, for two reasons: breaking your anonymity and also slowing down the network for everyone else. In fact, Tor addresses this directly in their FAQ:

Torrent file-sharing applications have been observed to ignore proxy settings and make direct connections even when they are told to use Tor. Even if your torrent application connects only through Tor, you will often send out your real IP address in the tracker GET request, because that’s how torrents work. Not only do you deanonymize your torrent traffic and your other simultaneous Tor web traffic this way, you also slow down the entire Tor network for everyone else.

Other anonymity networks, like I2P, Freenet, and ZeroNet, are better suited to things like torrenting. For instance, I2P can be used with I2P-Snark.

Don’t use “unofficial” Tor browsers: There are a number of “imitation” Tor browsers on places like the Google Play store (which, if you’re already anti-Google, you probably don’t use anyway). For instance, there’s an app called Onion Search Browser, which, in theory, allows you to access onion sites, but contains ads and is terrible with anonymity. Any of these other “Tor browsers” are likely to be awful, even if they are able to access onion sites.

Be careful about enabling JavaScript and other site features: While some sites won’t function without JavaScript and other features, be aware that allowing them on some sites and not others can enabling tracking as well. The current version of the Tor Browser has three security levels: standard, safer, and safest. Under “standard,” all Tor Browser and website features are enabled. Under “safer,” some website features that can be dangerous are disabled: JavaScript is disabled on all non-HTTPS sites; some fonts and math symbols are disabled; audio and video (HTML5 media) are click-to-play. On “safest,” only website features required for static sites and basic services are enabled, so images, media, and scripts are blocked. Also, JavaScript is disabled on all sites, while some fonts, icons, and math symbols are disabled as well. Audio and video (i.e. HTML5 media) are set as click-to-play.

Don’t use a VPN provider with Tor: There are still a lot of articles and videos that claim you need to use a VPN provider with Tor, which is essentially a myth started by VPN providers. Doing so can actually compromise your anonymity, because you’re then relying on the VPN provider for privacy. If the VPN company is compromised in any way, then so is your data. This isn’t to say that VPNs don’t have other uses, but using the two together is pointless. If you’re concerned about hiding your Tor usage from your ISP, then using a Tor bridge can get around this problem: Relay Search.

.Onion sites: As on the clearnet, there are some .onion sites with malicious intent. Sites listed on directories like the Hidden Wiki, especially financially-related ones, tend to be scams. Use your good judgment. While this doesn’t correlate with the browser itself, these types of sites are aimed at those who are new to Tor and hope to take your money. Such sites have stolen people’s bitcoins, PGP keys, passwords, and other personal information.

Internet Mysteries: Padma G McCord

As I’ve mentioned several times here before, I’m a fan of certain horror YouTubers, including Nexpo. Nexpo’s latest video (done in conjunction with SomeOrdinaryGamers) concerns a woman named Padma G McCord, who seems to have thousands (or perhaps even millions) of websites all across the internet with little to no obvious purpose. [EDIT: The Nexpo video was removed, but Top5s covered the topic as well.]

In a way, this struck me as reminiscent of the “South32” and “Captain Kutchie” mysteries, as both of those involved someone having thousands of different websites as well. Maybe there’s a connection there, if only a loose one. In other words, in the case of South32, the culprit is an infamous domain squatter, and it makes sense that he would have a multitude of websites pertaining to his cause (however strange).

If you Google “Padma G McCord,” or some variation of that, you get some interesting (if not creepy) results. I searched for her name on various search engines, including Google, DuckDuckGo, and searx, and these were a few of the sites that came up:

https://padmagmccord.org https://padmamccord.com https://filmsmoviedirectorpadmamccord.blogspot.com/ https://padmamccordnewhomes.blogspot.com/ https://godjesuschristpadmagmccord.blogspot.com/2014/12/padma-g-surya-queen-esther.html https://padmamccordhomes.blogspot.com/ https://about.me/padma_mccord https://padmamccord.wordpress.com/ https://www.pinterest.com/Padmagmccord/ http://www.digitaljournal.com/pr/2469343

Not creeped out yet? Take a look at these screenshots:

These are only a few of the many examples (again, not unlike the Captain Kutchie phenomenon). Correct me if I’m wrong, but it looks as though her face has been Photoshopped onto someone else’s in many of these photos. Plus, most of the websites have a lot of obvious “keyword stuffing,” using words like “Padma g mccord,” “wedding,” “marriage,” “real estate,” “investments,” and “business.”

She also has a plethora of YouTube videos, revolving around similar content. A Reddit user by the name of u/ostel, who says he works in SEO, had an interesting perspective on this:

She has at least 40 unique domains to her name. These include padmamccord.wordpress.com, padmagmccordbrianmccordjeevanmccord.blogspot.com, and of course padmamccord.com. Some of these are registered with GoDaddy and other domain owners indicating that she pays considerable amounts of money for these domains to remain active.

Across her websites, she has millions (yes, MILLIONS) of backlinks – if you’re not familiar, that means another website is linking to her various websites. Some of these are scam sites with links she likely bought (a faux-BBC news site has an article that either she wrote or she paid for: http://www.bbcnews.svise.com/padma-mccord-president-of-padma-mccord-enterprises-llc-has-been-named-as-one-of-the-most-exciting-business-woman-in-houston/), but you can also see that she comments and links to her own website on various unrelated articles e.g. https://blog.scopelist.com/six-best-rangefinders-keep-hooked/. This indicates to me that either she or someone she is employing is undertaking a massive effort to create a metric ton of backlinks, obfuscating some previous links.

You can find the full post here: Padma McCord: A perspective from someone who works in SEO – it’s on Nexpo’s subreddit. u/ostel points out that one of the pages that ranks very high for McCord’s name is a book on Google Books entitled The Handbook of Sexuality in Close Relationships. While the book is unrelated to her, some of the people listed in the “references” section have both the names “Padma” and “McCord,” which would explain why it tends to rank high in the search results.

At his suggestion, I looked at the site https://semrush.com, which is for analytics and SEO stats, and saw that the Google Books link indeed ranks very high in search results for her name.

Following the release of Nexpo’s and SomeOrdinaryGamers’ videos on this topic, it’s worth noting that McCord started taking down some of her numerous websites. Perhaps being featured on some prominent YouTube channels wasn’t her intention with all this.

While I don’t have a definitive answer as to what’s going on here, it seems as though the SEO answer is pretty accurate. McCord probably wants to bury search results that associate her with something that is, in her mind, negative, like sexuality, and instead play up her business accomplishments, marriage, and family. Ironically, the fact that she’s made a plethora of websites about herself, complete with creepy images and little to no substance, it seems that she’s done the exact opposite.

What are your thoughts on this, readers? Do you have any theories of your own? As always, I’m happy to hear them.

Is the Shadow Web a Reality? (Updated)

Short answer?  Yes, I believe that something like it exists, but I don't think you can get there from the so-called “Shadow Web” site.

There was a site, at one point, that called itself “The Hidden Gateway to the Shadow Web,” and it looked exactly like this:

I had never actually paid my way through to the supposed sites, but as the story goes, there was some extremely sick content on there.  Oddly enough, this very same site had a link to a creepypasta entitled A warning to those thinking of accessing the shadow web has increased its “urban legend” status.

My gut feeling is that the creepypasta was made up, but having seen some very sick and disgusting pages on the dark web myself, I was willing to believe that there were worse things in existence.

Photo courtesy of darknoise.co.za

Currently, there's yet another series of sites up on the Tor network that also refer to themselves as “The Gateway to the Shadow Web,” but I'm starting to become even more skeptical of these.

The new ones look like this:

I'm still suspicious, because the site above appears at least seven different URLs on Tor, which leads me to believe that it's some kind of trap by law enforcement, or merely a scam.  Anything where they want you to download special software, or something like that, is something I would not want to get involved in.

It would be extremely difficult to do something like this over the Tor network, because its speed is akin to that of dialup networks (like the old internet of the '90s).  On the other hand, if you were accessing the dark web through some other method, it would, in theory, be possible.

So What's the Answer, Damn It?!

Here's one of the reasons I'm not completely discrediting the “shadow web” idea.  I did talk to one reputable Quora author (whom I won't named here) who said that not only does something like it exist, it was the sickest thing she had ever seen.  Actually, she didn't specifically call it “the shadow web”; she just said it was another part of the deep web that was harder to access.

She said that she “invested in a non-American SSH Tunnel that I trusted and started digging even deeper.  I had read stories on the surface web relating to these things, and I do not care what absolutely anybody has to say about it.  I know that these sites are not a joke and for somebody to minimize the very real existence of these sites and their victims is not only abhorrently disrespectful but flat out ignorant.”   On top of that, she said that it was her reason for getting off of the dark web completely.

Here's my take on it:

I think something like this could exist (though I have no proof).  It may be technologically difficult, but if you were to have enough security protocols in place, I think it could be accomplished.

There are IRC chat rooms that you can access through the Tor network, where people are into some very sick and disturbing things (IMHO, at least).  So, if you contacted someone in one of these chat rooms who had knowledge of such things, they could probably point you in the direction of a site like this.

The caveat, of course, is that if it were the real thing, not only would it be illegal, but it would probably cost you a very high amount of money.  If a group was organizing such a thing, it wouldn't make sense to offer it for free.

I did come across a similar site on the Tor network, which supposedly offered films of women getting raped, as well as videos of real deaths (they just weren't live streams).  It was more along the lines of something like Faces of Death, which was a shock film, but the filmmakers hadn't actually killed the victims.  Not that I spent very long on this site, but they basically offered samples of the videos for free, and then you had to pay quite a bit of money to subscribe.  (I've talked about the site in another post).

I imagine the same would be true of the so-called “shadow web,” that is, if something like it existed.  I'm trying to be rational about this, believe me!!

So there's my two cents.  Take it or leave it.