In this article, we will analyze practical examples, go through the functionality and working principles of the Maltego tool.
395 
Imagine the ocean. All that can be seen from the air is the so-called surface web, the part of the Internet that is visible to search engines and where most users travel. The deep web can be thought of as the part below the surface. Part of the Deep Web is encrypted and inaccessible to any browser. This is the Darknet. The most convenient way to access the Darknet is the Tor browser. It is based on Firefox and connects to the Tor network, a huge anonymization network. Tor Browser provides anonymous access to “regular” websites as well as so-called “onion” sites. The latter are not available without Tor. The Darknet emerged after law enforcement agencies around the world began to scrutinize file-sharing networks and prosecute their members. File sharers looked for ways to continue their activities without interference and developed a hidden counterpart to public peer-to-peer (P2P) platforms such as Napster, eDonkey or BitTorrent.
In file-sharing networks, central servers basically make sure that all users can share MP3 files, videos or photos – without worrying about copyright and other legal details. If you want to use the Darknet, you need to ensure maximum computer security. It’s important to remember that your IP address is displayed when you log into Tor. Therefore, we recommend using an additional VPN service that does not log data. Darknet relies on the same technology as other Internet services, websites, e-mail, file sharing and, in principle, will be available to everyone. Provided he uses the right software and knows what and who to look for.
Sometimes an employer, especially a large one, has reasonable questions: “Are my employees trading insider information?”. or “Is everything clear with our new candidate for position X?”. A reliable method is to check both the biography of the employee and his behavior in social networks. But sometimes, to answer the above and many other questions, you need to dig even deeper. And this is where Maltego can come to our aid.
We will check a certain Tina Tomson (Tina Tomson) from Berlin regarding illegal cases. To begin with, we take the known information about the employee and fill in the graph. We know the location (Berlin), first and last name (Tina Thomson) and e-mail ([email protected]).
Using Entity: Search Person, we run Transform: [Facebook] Search Users. We get Tina’s Facebook account.. For Entitie: Email Address we start Transform: [Facebook] Lookup By Email. Maltego faithfully finds the same account, which confirms that this is the person we need.
We continue to advance and request the graph for all data from the Facebook page via Transform: [Facebook] Get User Details. We receive additional information about the place of work, study, residence (if this information is filled in the Facebook profile). As a bonus, we get a linked Instagram account. Now there will be a trick that I showed earlier in article #3 about Facebook. We need to perform a Transform: [Convert] To Entities From Profile for both accounts to get the person’s expected Alias (well, or simply put, likely nicknames).
Now we have the first 2 starting points through which we can search the Dark Net forums – these are users with the nickname tina.tomson.927 and tinka87. Run Transform: [Darknet] Search User on both Alias and see the result. And here is the user. On some Skynet Forum at the address 5jloХХХХХwk3.onion (it has been changed because it is not good to throw links to darknet forums here) there is a user with the nickname tinkati87. This is already suspicious information!
Let’s check what this user writes. To do this, run Transform: [Darknet] User Posts. And here is the evidence. A user under the nickname tinkati87 on the Skynet Forum is selling answers to exam tests at the University of Berlin. And as you and I have already established earlier, that is where it works. And it is under the same nickname that she is registered on Instagram.
Also, if necessary, we can upload the forum topic to the graph and from it download the user accounts participating in the discussion, in order to later try to identify students who may have bought test answers from her. Another interesting option is the ability to download the entire forum web page directly from Maltego. And note, we were able to conduct all this investigation without even once visiting this forum and *.onion sites.
A common DarkNet practice is to use PGP keys to protect correspondence. However, these keys can play a cruel joke on the owner if they fall into the wrong hands. – As? – Will you ask? Very easy! A PGP key often contains information about which e-mail it belongs to. Hear what it smells like about DarkNet? I generated such a key especially for this occasion. After uploading it to Entity: PGP Open Key, we run the magic through Transform: [Convert] PGP To Email.
Voila! We have an email address. What to do with her next? Let’s look for such an account on Facebook. Let’s launch Transform: [Facebook] Lookup By Email.
And, as a result, we get a Facebook account.
Now let’s move on to something more interesting — searching for information based on specified key phrases. Here everything is like with Google. We take Entity: Phrase and assign it the meaning of the searched word/sentence. We apply Transform: [Darknet] Search Posts and get a selection of posts on various forums that contain the phrase we specified.
In addition to simply searching on forums, there is also an opportunity to search for “products” on thematic sites. The same Entitie will help us in this, only now we will launch Transform: [Darknet] Search Products. In the release, we will receive a link to the “lots” of products.
You can also search for products from Entity:Location. Here we have available Transforms for searching for shipping to and from the location: [Darknet] Search Products (shipping from) and [Darknet] Search Products (shipping to). As always with the Darknet, there are goods for every taste. From a firearm to a bank account. Joke. Well, almost.
That’s all for today. Don’t forget, the darknet can be just as great a source of information as Google. The main thing is to be able to search. Do not miss the following articles!
395 
280 
303 
298 
252 
255