Deep Web guy confirms and accounts for "Cheese Pizza" on dark web with details... ( pizzagate )

submitted by Psychanaut

A: https://www.quora.com/What-are-the-most-disturbing-sites-on-the-dark-web Samuel Chua, Deep Web Explorer, Internet Historian, Journalist Written Jul 24, 2016

What I didn’t realize was that the pizza jokes were explicitly Cheese Pizza posts. There were hundreds upon hundreds of posts of people asking for cheese pizza, cooked for 4–16 minutes, or however long they wanted. What made it so disturbing for me was the slow realization - it took me about half an hour to fully realize - that cheese pizza was not an in joke, but child porn. Links to anonymous email accounts were often provided under a post/request, and the number of minutes cooked was a reference to the age of their victim bracket.>

quantokitty

Interesting. Thanks.

target_blank

Ive heard the saying cheese pizza, never heard of the cooked for 4-15 min thing for ages. These pedos have their own fucking language. We need to write a pedo code book.

Lobotomy

This guy must not be used to the internet.

Vindicator

@Psychanaut ; I am flairing this "New Evidence" since I don't think we've had link posted of a mainstream source that clearly describes the pedo food code in detail. Also, a potential lead turned up in your comments, as well.

Psychanaut

Awesome!!!

Criticalthinker615

I'm just going to leave this here (as well) in case any one finds anything encrypted that any of these in this database might be useful for considering how relevant PGP keys from the MIT database is to this subject! Good find OP!

https://pgp.mit.edu/pks/lookup?search=pizza&op=index

Criticalthinker615

these are literally the keys to the cheese pizza kingdom and this whole sub ignores them and downvoats?! why would someone downvoat a link to a database of pgp keys that could possible decrypt anything these wierdos have tried to hide?!

heres an explanation of my thinking with these: with these keys, you can send an encrypted message to these people. this is like the yellow pages of child porn

example listing pub 1024D/2FFC854C 1999-02-27 Carsten J. Maiwald carjoma@web.de Carsten J. Maiwald cjm@maiwald-oconnell.de Carsten J. Maiwald cjm@gmx.li Pizza carjoma@web.de Pizza Pizza@nikocity.de Carsten J. Maiwald cjm@tsamedien.com Carsten J. Maiwald cjm@adsl-bergs.rz.rwth-aachen.de Carsten J. Maiwald Carsten.Maiwald@post.rwth-aachen.de

here is the users linked in. its real person. https://de.linkedin.com/in/carsten-maiwald-4a756712a

example 2

pub 1024D/1449212D 1999-10-29 Tony Piccione pizza@blazenet.net

https://www.linkedin.com/in/tony-piccione-27592311

AndPodestaWasMoLesta

Pgp public keys, like in your link; are USELESS for decryption. You have good intentions but a poor understanding of cryptography. Either that or you are intentionally trying to lead people away from other things by sending them down a trail to nowhere. Before getting all butt hurt about no one responding to your post, why don't you reinvest that energy into learning how pgp works first of all.

YOU NEED SOMEONES PRIVATE KEY TO DECEYPT EMAILS SENT TO THEM WHIH ARE ENCRYPTED WITH THEIR PUBLIC KEY. Likewise you need the other party's private key to view the content in the other direction, unless of course the person has quoting enabled in their mail client and then you might be able to see the full history that way. Learn the darn workings of this valuable technology because THEY do - and if they don't then they have people that do. Learn before you throw a fit that no one cares about your posts. Perhaps no one responds because they, like me, understand how pgp really works and don't want to waste their breath debunking you OR they don't understand anything about it at all - and as such are going to further perpetuate misunderstandings about it.

It's like my frustration with the clowns at Abel Danger. They have no idea what a certificate authority is and what it does and does not do. So when they try to say that there's all these companies plugged into the federal bridge certification authority. People hear that and think it's some kind of super secret private alternative intranet/internet network system. In reality, it's just a root server that delegates permission for companies to start their own CA to issue certs for ibnternal employees and systems so that they're all part of a "web of trust". Sounds fancy huh? Well not really. It's a standard, like metric system vs. imperial. It can be used for authentication and authorization as well as encryption however it is NOT an entitlement system in and of itself! The entitlements are managed by the agencies. The only thing the very authority does is ensure a common standard so that says admins don't have to contact every government agency they do business with to get them to important their local certificate for trust. Instead there is a root one that all systems de facto trust. It was easier and cheaper to have the federal government build and maintain their own (although now I think they pay entrust to manage it if i recall correctly but I could be wrong) - regardless the point is it is NOT an ISP, its not a secret network, its not a bridge and it isn't a system of entitlements nor does it facilitate the transfer of data itself and it's definitely not a "keys to the kingdom" concept.

And the reason I point this out is because believe and perpetuating that PUBLIC pgp let's that are published in a database can be used to decrypt things is the same level of ignorance and foolishness as the "federal cert auth bridge used to transmit snuff films in Zulu time" horse crap. If public keys could do this then why are people publishing them online for the world to see? I will tell you why. It's because instead of having to email people and begin a conversation in plaintext you can look up their key first so that your first message to them is encrypted with their public key, which only their private key (known only to them of course) can be used to decrypt.

GlobalGuardian2001

United Kingdom Ministry of Defence i.e. Serco -- the serpent company owns Public Key Infrastructure Root Key on the Federal Bridge Certification Authority.

AndPodestaWasMoLesta

That doesn't mean anything. Anyone can request to have their root CA signed by the FBCA. Most govt agencies and many concrractors do this. It's not hard just a lot of paperwork. I have not done it but have two industry friends that have, in past jobs.

What you're describing is likely a subordinate cert which is signed by the 2013 or 2016 CA which in turn is signed by the US government common policy CA. It's not administered by Serco it's administered by a US govt organization.

I have the chain installed on my PC as a matter of fact. You can look at it or install it from various sites. I found it most easily on the US Treasury's site but there are others. CA is just to establish a chain of trust. Windows pushes out all the most common CA's including Commodo, Thawte, DigiCert, etc. you have to download the US govt root cert and Federal sub very manually though because windows doesn't distribute it by default. But if you're on a government machine it's likely pushed out by the group policy of whatever agency it is- their AD domain.

Certs and Authorities are no big deal, even the federal one which aimed to simplify things but in reality it can kind of be its own bureaucratic mess at times. With certs and authorities, all websites would be running self-signed certificates and you'd need to accept every certs upon hitting an organization's https default page on their site. Instead we have a framework for certs, and the fact that the US government has their own infrastructure for this makes sense given that you don't necessarily want it in the hands of third party companies contracting with every govt department or agency. And if that is the case, then it needs to be governed. You can read the policy framework documentation online if you just google for it.

Criticalthinker615

You seem to know alot about this but, you couldn't explain that without acting like a know it all little cunt? Actually, seems some of those are ads for child porn themselves hosted within the database. when you have an email address (cheesepizza@gmail), and a pgp key im going to assume someone is trying to facilitate communication there. You actually seem a bit pissed that I even brought it up. How close are you to MIT? why are you trying to keep people from seeing whats being shared on an MIT server?

edit: and let me guess, the keys labeled pizza and hotdogs arent anything nefarious either right? maybe Im not a cia hacker but, I can recognize hotdogspeak

AndPodestaWasMoLesta

I do in fact, and I am trying to share it by explaining. I didn't call you any nasty names so why are you calling me a cunt?

I do network security for a living and know much about this and it is frustrating when misinfo gets posted so that's why I correct it. I could have not explained anything and told you to look it up for yourself. Alice and Bob. This is computer science sophomore year stuff.

To be fair, I think those examples ARE suspicious the problem is you won't get anything from this unless you try to bait the individuals themselves. But you will need a key pair of your own and you'll need to email them from an anonymous email because you are taking more of a risk emailing them than they are by posting their keys.

I explained why people post them on LinkedIn and MIT site; it's so people can email them in encrypted pgp form without you having to first engage them to ask for it. It's like a directory for pgp email users. There is nothing nefarious about posting your public key online, whether LinkedIn or MIT. I post mine on my old college sever. In this case I don't believe one even needs to have gone to MIT to post their key. They just operate the server hosting the keys so if i recall correctly anyone can post their key, including CP traders.

And I am not encouraging people not to look at anything. In fact I encourage EVERYONE here to use pgp in their communications and to not only encrypt their emails with the recipients public key but also to sign yours with your key as well to guarantee that you are in fact the sending, guaranteeing message authentication and integrity. And when you do use it, please upload your public key on to a public server that people can send you a first email encrypted right off the bat without having to introduce the unnecessary step of asking for your public key first.

Again I confirm that I believe those emails to be suspicious but like I said before you won't be able to do anything with their public key because it's already public for a reason - by nature of how pgp is design to work. Even to decrypt the messages you'd not only need their private key but also direct access to their mailbox via imap, pop3, Mapi or some kind of webmail access - so it's like having two separate barriers to get past.

My point is that I would hate to see people spin their tires trying to apply public keys to a scenario where it is impossible to gain anything of value from, unless you bait the individuals which I don't recommend because they have more to hide than you do and they have a higher chance of being able to find out who you are vs you finding out about them, especially if they have a solid understanding about security protocols and best practices and you don't. For instance if I asked if you are experienced in analyzing smtp headers, can explain what MX and TXT:SPF records do and what DNSSEC is? If not then please don't even try to attempt to email these people because you have a very high chance of giving your self away including your IP address or employers IP address(es).

One has to be careful out there. So please folks devote an hour or two a week to learning. Security knowledge isn't supposed to be hoarded it is supposed to be shared and fostered. Using security is not a mark of guilt but rather a crucial step in persec and opsec.

Does this clarify my prior post?

My recommendation is not to try digging into pgp angle but rather compile the list of all suspicious addresses and begin scouring the web for them. You might even find databases with the email addresses in them. I won't say what kind because doing so crosses a line of potentially encouraging illicit activities but after searching for around 10 email addresses online it's only a matter of time before it leads to a dump of email addresses along with the other important thing associated with them -- and the data is usually the result of a hack or leak. That would give better leads than trying to aggregate information about the pgp keys.

Criticalthinker615

I already knew that the real meat of this database is the identifying information not the pgp. I understand that the key only facilitates private communication on conjunction with the owners key. You are doing alot of work writing to make yourself seem more "god mode" than this matter really requires. If you dont want to look dont. You don't have to...and im going to still assume that the users who have gone out of their way to lable their keys with email addresses and pizza, hotdogs and pasta are all pedophiles and funny that you admit now that there is a lead to follow here, however its too "illicit " for you. I guess some lines cant be crossed for any reason.

AndPodestaWasMoLesta

Look dude I'm not denying that there are leads here I am just hoping people follow the right path to get there and trying to decrypt anything just isn't possible. I am going to take a look myself. I just can't encourage people to break the law by accessing stolen materials. In the same way that people aren't allowed to harass judges and other folks whose info I've seen posted here. You can continue to try to lock a fight over this but my message was to explain WHY from my perspective no one was answering your post. Has anyone else chimed in with anything valuable? I didn't think so. So you can learn a little from what I posted and I can learn a little from what you posted and we can drop this and just work together, or you can keep dicking around and play games with my words. It's your choice.