Hacker takes out dark web hosting service using well-known exploit

Freedom Hosting II allegedly was hosting child pornography sites, according to hacker

A hacker is proving that sites on the dark web, shrouded in anonymity, can easily be compromised.

On Friday, the unnamed hacker began dumping a sizable database stolen from Freedom Hosting II onto the internet, potentially exposing its users.

The hosting service, Freedom Hosting II, was known for operating thousands of sites that were accessible through the Tor browser; the "dark web" is essentially the encrypted network comprising Tor servers and browsers. But on Friday, the service appeared to be down. Its main landing page was replaced with a message saying that it had been hacked.

Allegedly, Freedom Hosting II had been hosting child pornography sites, though its anonymous operator claimed to have a zero-tolerance policy toward such content, according to the hacker behind the breach.

“What we found while searching through your server is more than 50% child porn…” the hacker wrote in the message left on the site. “Moreover, you host many scam sites, some of which are evidently run by yourself to cover hosting expenses.”

In an email to the IDG News Service, the hacker explained how the breach came about. “I just recently read an article about a well-known exploit that some hosting providers fell victims of many years ago,” the person said.

Freedom Hosting II worked as a free service that allowed anyone to sign up and create a site on the dark web. However, starting on Jan. 30, the hacker gained access to its web server, using a 20-step method.

screen shot 2017 02 06 at 9.44.57 am Michael Kan

The method the hacker claims to have used.

The hack essentially involved starting a new site on Freedom Hosting II and creating a link to gain access to the service’s root directory. This allowed the hacker to browse the entire server.

“I was just curious at first,” the person said. “I had reading permissions to everything the web server could get access to just by creating a symlink to / (the root directory).”

After coming across child porn sites, the hacker decided to take over Freedom Hosting II by altering its configuration file to trigger a password reset.

“Once I found out what they were hosting, I just wanted to shut them down,” said the hacker, who’s also been circulating what he stole through a torrent file.

The dump includes 74GB of files and a 2.3GB database from the service, the hacker claims.

“The IP of the server has been leaked, which potentially could reveal the admin's identity,” the hacker added.

Chris Monteiro, a cybercrime researcher based in the U.K., has been looking through the data dump, which he said appears to be real. The information includes the sites that Freedom Hosting II had been operating, along with the admin credentials to access them.

The dump also appears to contain a client database, meaning that anyone who used Freedom Hosting II might be exposed, Monteiro said.

“We’re going to see emails, usernames, all of which can be used by law enforcement for prosecution of people,” he said.

In addition, the dump contains forum posts from users mentioning sex with minors, the sale of hacked internet accounts, and files that reference botnets and online scamming.

Freedom Hosting II was the largest shared hosting service on the dark web, Monteiro said. It was specifically designed for users who wanted anonymous hosting, but who lacked the know-how to set it up, he said.

However, many of the sites hosted by the service were probably small. “I doubt we’ll find any large sites operating child porn,” he said of the data dump.

According to the hacker’s message, Freedom Hosting II was responsible for 10,613 sites. However, the database dump indicates that a vast majority of those sites had only a few dozen or hundreds of user visits.

Troy Hunt, a data breach expert, said in a tweet that he noticed the database dump contained 381,000 email addresses.

“Law enforcement will absolutely have this data, it's very public. It also obviously has many real email addresses in it,” he tweeted.

Privacy researcher Sarah Jamie Lewis has also been researching Freedom Hosting II. In October, she wrote that the service had been hosting sites that sold counterfeit documents and stolen credit card numbers, in addition to those that operated as personal blogs and web forums.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags hackersTor

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?