WHY THIS MATTERS IN BRIEF
The Dark Web is home to criminals and political activists, and a hacker who went after the former just showed how vulnerable it is.
Last weekend over 10,000 dark web sites were taken down in an attack that aimed to take down sites hosting child pornography, and the uncharacteristically large attack which seems to have been perpetrated by a lone hacker knocked over twenty percent of the dark web offline.
The anonymous vigilante managed to pull off the attack by targeting Freedom Hosting II, a hosting service that specializes in hosting dark web sites and which is regarded as one of the dark web’s largest providers.
The dark web is the name given to a collection of web sites and networks that use the infrastructure of the internet, but are not indexed by search engines. Typically, users can only connect to dark web sites through invitations, special network configurations or by using anonymizing software, such as the Tor browser – which recently announced it was issuing new software upgrades to make these kinds of take downs harder to achieve.
Thanks to their reputation for anonymity, most of the websites in this realm are often used for illegal purposes, but just to make things more complicated it’s also home to thousands of political activists who are living in repressive regimes who use the system to protect themselves from reprisals.
The provider that was targeted, Freedom Hosting II, is named after the original Freedom Hosting provider that had previously been hacked by the FBI last year when they were using it to track down the visitors to child pornography sites. The latest hack was first confirmed by security researcher Sarah Jamie Lewis.
The hacker claiming responsibility for the attack said they first gained access to the provider a week ago, but only managed to gain read access at first. That allowed them to see what files the service was hosting, but prevented them from adding or deleting any data.
According to the anonymous hacker, the original intention was not to take shut Freedom Hosting II down, but only to have a peek at the files being hosted but when they stumbled on at least 10 child pornography sites, hosting an estimated 30 GB of data, they decided to take it down.
“Initially, I didn’t want to take down FH2, just look through it,” the hacker told Motherboard in an E-Mail sent from the same address posted to the hacked Freedom Hosting II sites. The hack was initiated after the hacker discovered that the service was hosting child pornography websites.
“That’s when I decided to take it down instead,” they claimed. Each site hosted by the service had its content replaced by a message from the hacker:
“This is, in fact, my first hack ever,” the hacker said.,“I just had the right idea.”
All they needed was control over a new or already existing site. From there, it was just a matter of changing a configuration file, triggering a reset password, and getting root access. The hacker said that they were able to infiltrate the system with just read-only access as early as January 30th.
While the hacker published the hosting services’ system files, they declined to release the user data, apparently due to the large amount of child pornography that it contained. Instead, the hacker turned the files over to security researchers, who plan to transmit the information to law enforcement agencies.
This is not the first time vigilante hackers have taken the law into their own hands when it comes to sites hosting child pornography. The hacker collective known as Anonymous has mounted campaigns to track down abusers in the past, and other hackers have deleted links to such sites.