Cybersecurity

Anonymous Hacker Pulls Plug on Thousands of Dark Net Sites

Twenty percent of the Dark Net was taken offline last week, when a hacker compromised a server hosting some 10,000 websites on the Tor network.

Tor, designed to hide the identities of its users, is widely used on the Dark Web, which isn’t indexed by mainstream search engines and serves as a hub for illegal online activities.

Visitors to the affected pages were greeted with the message, “Hello, Freedom Hosting II, you’ve been hacked.” Freedom Hosting II is the server that hosted the Tor pages.

The attacker, who has claimed to be part of the hacker collective Anonymous, reportedly took Freedom Hosting II offline because 50 percent of its sites contained child pornography.

The original Freedom Hosting sites hosted as much as 50 percent of the Dark Web’s pages as of 2013, when it was taken down by law enforcement. A number of child porn prosecutions followed that action.

Rudimentary Hack

This incident supposedly was the first hack carried out by the attacker, who claimed responsibility in an interview with Motherboard. In addition to taking Freedom II offline, the person stole 74 gigabytes in files and a 2.3-GB database.

The database stolen from Freedom II contains 381,000 email addresses — thousands of them with .gov extensions, Troy Hunt, who runs the Have I Been Pwned website, told Wired.

However, those .gov addresses may not be legitimate, he noted.

The hack of Freedom II was relatively rudimentary, said Tim Condello, technical account manager and security researcher at RedOwl.

“They identified a configuration issue and used it to identify the root user of the system and gain control of it that way,” he told TechNewsWorld. After gaining control of the system, “they overwrote the index file and redirected the landing page for all the websites to a landing page containing their message.”

Shared Vulnerabilities

This attack demonstrates that when it comes to resistance to vulnerabilities, the Dark Web doesn’t have an edge.

“The underlying technology of the Dark Web isn’t anything revolutionary. The way a content management system or a hosting service operates is identical to how it’s done on the open Web,” Condello said.

“The difference is how the content is communicated, so it’s accessible only through the Dark Web,” he continued.

“The code that’s used for a forum on the Dark Web is the same code that’s used on the clear Web,” Condello explained, “so if there’s a vulnerability identified for WordPress, that vulnerability can be exploited on a Dark Web website using WordPress just as it would on the open Web.”

Flaws in Dark Web

The attack on Freedom II also shows the danger of concentrating resources in a central location.

“The fact that so many sites used this single particular hosting provider meant that a breach of that provider meant a breach of thousands of sites,” noted Danny Rogers, CEO of Terbium Labs.

“The anonymity of the Dark Web relies on its distributed nature,” he told TechNewsWorld. “These sorts of centralizations create significant weaknesses.”

Although breaking into servers and stealing data on the open Web is illegal, it remains to be seen what the consequences may be for the hacker of Freedom II.

“I’m sure they angered a lot of people, but I’m not sure how much anyone can do about it,” Rogers said.

There may be legal ramifications from the attack, but they could be for the people identified in the dump of stolen data rather than for the hacker.

“The data release is going to be a major boon to law enforcement,” Rogers observed.

More Attacks to Come

Attacks on the Dark Web are commonplace, but they don’t often get the visibility of the assault on Freedom II.

“These attacks will continue on a pace with what we see on the clear Web,” Condello maintained.

“I think the new pattern is going to be [that] as vulnerabilities are revealed on the open Web, people are going to go to the Dark Web and see if there are any sites with those same vulnerabilities,” he suggested. “Getting access to sites built around anonymity and pulling the curtain back on that can give you power and money.”

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

1 Comment

  • The problem is that this is terribly bias. Do you know who else accesses the deepnet? College professors and students. Do you know WHY?? Because our country has taken internet censorship to such an extreme, that we can barely access any history more than three years back ESPECIALLY if it has to do with political affairs. There is a RAMPANT control over information access in this country by our government and so in order to access real or relevant history/data not accessible by our internet, we have to resort to these measures. It isn’t just crooks who use it. Law abiding police officers, teachers, students, doctors, lawyers, and many many honorable professions utilize the access of the deep Web. Articles like this DO attempt to put a stop to the nasty and inhumane activity that goes on in the world and this is desperately needed to bring awareness for those who are victimized by these criminals, however you are forgetting to mention how valuable access to real information is to many people and increasing the demonization of the deep net is not helpful. Talk about the crooks and pedophiles, eliminate them and their websites PLEASE, but don’t forget to mention how valuable it is to law abiding citizens who want free information. Thank you for your time.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Cybersecurity

Technewsworld Channels