Twenty percent of the Dark Net was taken offline last week, when a hacker compromised a server hosting some 10,000 websites on the Tor network.
Tor, designed to hide the identities of its users, is widely used on the Dark Web, which isn’t indexed by mainstream search engines and serves as a hub for illegal online activities.
Visitors to the affected pages were greeted with the message, “Hello, Freedom Hosting II, you’ve been hacked.” Freedom Hosting II is the server that hosted the Tor pages.
The attacker, who has claimed to be part of the hacker collective Anonymous, reportedly took Freedom Hosting II offline because 50 percent of its sites contained child pornography.
The original Freedom Hosting sites hosted as much as 50 percent of the Dark Web’s pages as of 2013, when it was taken down by law enforcement. A number of child porn prosecutions followed that action.
This incident supposedly was the first hack carried out by the attacker, who claimed responsibility in an interview with Motherboard. In addition to taking Freedom II offline, the person stole 74 gigabytes in files and a 2.3-GB database.
The database stolen from Freedom II contains 381,000 email addresses — thousands of them with .gov extensions, Troy Hunt, who runs the Have I Been Pwned website, told Wired.
However, those .gov addresses may not be legitimate, he noted.
The hack of Freedom II was relatively rudimentary, said Tim Condello, technical account manager and security researcher at RedOwl.
“They identified a configuration issue and used it to identify the root user of the system and gain control of it that way,” he told TechNewsWorld. After gaining control of the system, “they overwrote the index file and redirected the landing page for all the websites to a landing page containing their message.”
This attack demonstrates that when it comes to resistance to vulnerabilities, the Dark Web doesn’t have an edge.
“The underlying technology of the Dark Web isn’t anything revolutionary. The way a content management system or a hosting service operates is identical to how it’s done on the open Web,” Condello said.
“The difference is how the content is communicated, so it’s accessible only through the Dark Web,” he continued.
“The code that’s used for a forum on the Dark Web is the same code that’s used on the clear Web,” Condello explained, “so if there’s a vulnerability identified for WordPress, that vulnerability can be exploited on a Dark Web website using WordPress just as it would on the open Web.”
Flaws in Dark Web
The attack on Freedom II also shows the danger of concentrating resources in a central location.
“The fact that so many sites used this single particular hosting provider meant that a breach of that provider meant a breach of thousands of sites,” noted Danny Rogers, CEO of Terbium Labs.
“The anonymity of the Dark Web relies on its distributed nature,” he told TechNewsWorld. “These sorts of centralizations create significant weaknesses.”
Although breaking into servers and stealing data on the open Web is illegal, it remains to be seen what the consequences may be for the hacker of Freedom II.
“I’m sure they angered a lot of people, but I’m not sure how much anyone can do about it,” Rogers said.
There may be legal ramifications from the attack, but they could be for the people identified in the dump of stolen data rather than for the hacker.
“The data release is going to be a major boon to law enforcement,” Rogers observed.
More Attacks to Come
Attacks on the Dark Web are commonplace, but they don’t often get the visibility of the assault on Freedom II.
“These attacks will continue on a pace with what we see on the clear Web,” Condello maintained.
“I think the new pattern is going to be [that] as vulnerabilities are revealed on the open Web, people are going to go to the Dark Web and see if there are any sites with those same vulnerabilities,” he suggested. “Getting access to sites built around anonymity and pulling the curtain back on that can give you power and money.”