Menu
Hacker takes out dark web hosting service using well-known exploit

Hacker takes out dark web hosting service using well-known exploit

Freedom Hosting II allegedly was hosting child pornography sites, according to hacker

A hacker is proving that sites on the dark web, shrouded in anonymity, can easily be compromised.

On Friday, the unnamed hacker began dumping a sizable database stolen from Freedom Hosting II onto the internet, potentially exposing its users.

The hosting service, Freedom Hosting II, was known for operating thousands of sites that were accessible through the Tor browser; the "dark web" is essentially the encrypted network comprising Tor servers and browsers. But on Friday, the service appeared to be down. Its main landing page was replaced with a message saying that it had been hacked.

Allegedly, Freedom Hosting II had been hosting child pornography sites, though its anonymous operator claimed to have a zero-tolerance policy toward such content, according to the hacker behind the breach.

“What we found while searching through your server is more than 50% child porn…” the hacker wrote in the message left on the site. “Moreover, you host many scam sites, some of which are evidently run by yourself to cover hosting expenses.”

In an email to the IDG News Service, the hacker explained how the breach came about. “I just recently read an article about a well-known exploit that some hosting providers fell victims of many years ago,” the person said.

Freedom Hosting II worked as a free service that allowed anyone to sign up and create a site on the dark web. However, starting on Jan. 30, the hacker gained access to its web server, using a 20-step method.

screen shot 2017 02 06 at 9.44.57 am Michael Kan

The method the hacker claims to have used.

The hack essentially involved starting a new site on Freedom Hosting II and creating a link to gain access to the service’s root directory. This allowed the hacker to browse the entire server.

“I was just curious at first,” the person said. “I had reading permissions to everything the web server could get access to just by creating a symlink to / (the root directory).”

After coming across child porn sites, the hacker decided to take over Freedom Hosting II by altering its configuration file to trigger a password reset.

“Once I found out what they were hosting, I just wanted to shut them down,” said the hacker, who’s also been circulating what he stole through a torrent file.

The dump includes 74GB of files and a 2.3GB database from the service, the hacker claims.

“The IP of the server has been leaked, which potentially could reveal the admin's identity,” the hacker added.

Chris Monteiro, a cybercrime researcher based in the U.K., has been looking through the data dump, which he said appears to be real. The information includes the sites that Freedom Hosting II had been operating, along with the admin credentials to access them.

The dump also appears to contain a client database, meaning that anyone who used Freedom Hosting II might be exposed, Monteiro said.

“We’re going to see emails, usernames, all of which can be used by law enforcement for prosecution of people,” he said.

In addition, the dump contains forum posts from users mentioning sex with minors, the sale of hacked internet accounts, and files that reference botnets and online scamming.

Freedom Hosting II was the largest shared hosting service on the dark web, Monteiro said. It was specifically designed for users who wanted anonymous hosting, but who lacked the know-how to set it up, he said.

However, many of the sites hosted by the service were probably small. “I doubt we’ll find any large sites operating child porn,” he said of the data dump.

According to the hacker’s message, Freedom Hosting II was responsible for 10,613 sites. However, the database dump indicates that a vast majority of those sites had only a few dozen or hundreds of user visits.

Troy Hunt, a data breach expert, said in a tweet that he noticed the database dump contained 381,000 email addresses.

“Law enforcement will absolutely have this data, it's very public. It also obviously has many real email addresses in it,” he tweeted.

Privacy researcher Sarah Jamie Lewis has also been researching Freedom Hosting II. In October, she wrote that the service had been hosting sites that sold counterfeit documents and stolen credit card numbers, in addition to those that operated as personal blogs and web forums.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags hackersTor

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments