An Anonymous hacker claims they took down 10,000+ dark web sites because they many of them were hosting child abuse material and other harmful content.
On 3 February, visitors to 10,613 dark web sites running on Freedom Hosting II came across a message indicating someone had hacked the hosting provider. The message explains that hackers associated with Anonymous copied and downloaded 74 GB worth of files as well as a database dump of 2.3 GB. Anonymous then created torrents to the files (excluding user data) and to the database dump.
It all started when a single hacker acquired read access to Freedom Hosting II, which is believed to host as much as a fifth of all dark web sites, on 30 January.
It was their “first hack ever,” and they only intended to see what Freedom Hosting II was powering. But the hacker’s motivation changed when they saw numerous websites not only hosting child abuse material but also consuming more than the 256 MB of space freely allotted by Freedom Hosting II. (They were using gigabytes of material.)
The hackers also found that some of the sites were hosting scams, botnets, fraud, and/or hacked data.
As the hacker told Vice:
“This suggests they paid for hosting and the admin knew of those sites. That’s when I decided to take it down instead.”
The hacker used a 21-step process to pull off the attack. It involved messing with the configuration settings of a new or already existing Freedom Hosting II site and then triggering a password reset. The hacker then turned on root access before logging back in.
Anonymous, which for years has been opposed to dark web sites hosting child abuse material, provided the leaked files to Troy Hunt of Have I Been Pwned.
Hunt found that the files contain 381,000 users’ email details. Some of those credentials he has already documented in his data breach search service.
— Have I been pwned? (@haveibeenpwned) February 5, 2017
All of this information will no doubt end up in the hands of the FBI at some point.
To be sure, the Bureau will be glad to hear the sites are no longer functioning. However, with the sites shut down, the FBI won’t be able to infiltrate them and gather intelligence on members by deploying their own crafted spyware. This means that users whose credentials aren’t included among the list of 381,000 login details could flock to another dark web site hosting equally harmful content.
Originally, the hacker demanded approximately US $200 from Freedom Hosting II for the return of their data. The hosting provider made two Bitcoin payments to the extortionist’s wallet. Even so, the hacker decided to release the information anyway.
This takedown no doubt advances the fight against child abuse material hosted online. Let’s hope it leads to some arrests, too.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.