Freedom Hosting II was taken down on February 3rd by a sole hacker pledging allegiance to the Anonymous hacking group, causing a surprise shutdown of 20 percent of all dark web sites.
The hacker is said to have targeted Freedom Hosting II – a prominent company dedicated to hosting websites that can only be accessed through the dark web – predominantly due to the thousands of child pornography files in numerous websites it hosts as well as thousands of “scam” sites.
Reports say that the affected websites’ owners and users woke up to a short message with a cheeky introduction: “Hello Freedom Hosting II, you have been hacked,” and couldn’t log on to the websites’ pages.
Security experts have since come out to verify the reports adding that truly a fifth of the dark web’s websites have been taken down.
Troy Hunt – a well-known online security researcher and owner of Have I Been Pwned – took to Twitter to outline the incident’s seriousness and the extent of its impact.
In a series of tweets, he termed the hack as a huge exposure that will breach not only the provider and the websites it hosts, but also thousands of dark web users and their emails and websites, some of which are WordPress-based.
He estimated the number of leaked emails at 381,000.
The hacker, who has chosen to remain anonymous, claims to have seized all of the company’s databases and initially held it at ransom for only 0.1 bitcoin (an equivalent of around $100).
He later changed his stance and decided to publicize the databases after going through the websites and finding out that “almost 50 percent” of their content was child pornography.
“All your files have been copied and the database has been dumped,” he wrote on a message appearing on the homepage of affected dark web sites.
During an interview with Motherboard, the hacker said this was his first ever hack and that the initial intention wasn’t actually to take the entire hosting provider offline, but rather to go through its content.
The fact that they had contradicted their “zero tolerance to child pornography” policy posted on their front page seems to have prompted the hack and change his intent.
Most of the illicit websites, the hacker added, were allowed tens of gigabytes of storage, which is more than the 256MB that the provider restricts its dark web sites to – a clear suggestion, according to him, that the company was fully aware of what was going on.
This is not the first time owners of Freedom Hosting II have found themselves on the receiving end of a hacker’s heroics.
In 2013, the dark web hosting provider’s initial service went to the wall after being busted by the authorities with the help of Anonymous hacktivists.
Several child porn prosecutions were made and a great deal of illegal activities on the dark web were brought to a standstill as a result.
The authorities may not be so happy about this uncovering, though, as the tactic of slyly taking odaver hosting providers and tracking down individual users by use of malware may not work now that the various sites have been shut down.
The dump, which has been shared hundreds of thousands of times, is certain to have reached law enforcement by now, who will likely be looking to make investigations and arrests in the near future using the numerous real email addresses exposed.
Regarding how he hacked into the database of the palpably highly-encrypted hosting provider, the hacker gave a 21-step tutorial, which superficially entailed creating a new hosting site, changing some configuration files, prompting a password reset, logging out and logging back in using new system privileges.
Of course this action will take a toll on dark web non-targets too, who include political dissents, whistleblowers and bitcoin escrow sites, but the hacker insists taking all websites under the provider offline was the only sure way to disable the child-abuse-espousing company.