{"id":6522,"date":"2017-02-06T12:30:35","date_gmt":"2017-02-06T20:30:35","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/02\/06\/news-350\/"},"modified":"2017-02-06T12:30:35","modified_gmt":"2017-02-06T20:30:35","slug":"news-350","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/02\/06\/news-350\/","title":{"rendered":"Hacker takes out dark web hosting service using well-known exploit"},"content":{"rendered":"

<\/p>\n

Credit to Author: Michael Kan | Date: Mon, 06 Feb 2017 10:59:00 -0800<\/strong><\/p>\n

A hacker is proving that sites on the dark web, shrouded in anonymity, can easily be compromised. \u00a0\u00a0<\/p>\n

On Friday, the unnamed hacker began dumping a sizable database stolen from Freedom Hosting II onto the internet, potentially exposing its users.<\/p>\n

The hosting service, Freedom Hosting II, was known for operating thousands of sites that were accessible through the Tor browser; the “dark web” is essentially the encrypted network comprising Tor servers and browsers. But on Friday, the service appeared to be down. Its main landing page was replaced with a\u00a0message saying that it had been hacked.<\/p>\n

Allegedly, Freedom Hosting II had been hosting child pornography sites, though its anonymous operator claimed to have a zero-tolerance policy toward such content, according to the hacker behind the breach.<\/p>\n

\u201cWhat we found while searching through your server is more than 50% child porn\u2026\u201d the hacker wrote in the message left on the site. \u201cMoreover, you host many scam sites, some of which are evidently run by yourself to cover hosting expenses.\u201d<\/p>\n

\u00a0In an email to the IDG News Service, the hacker explained how the breach came about. \u201cI just recently read an article about a well-known exploit that some hosting providers fell victims of many years ago,\u201d the person said.<\/p>\n

Freedom Hosting II worked as a free service that allowed anyone to sign up and create a site on the dark web. However, starting on Jan. 30, the hacker gained access to its web server, using a 20-step method.<\/p>\n

The method the hacker claims to have used.\u00a0<\/p>\n

The hack essentially involved starting a new site on Freedom Hosting II and creating a link to gain access to the service\u2019s root directory. This allowed the hacker to browse the entire server.<\/p>\n

\u201cI was just curious at first,\u201d the person said. \u201cI had reading permissions to everything the web server could get access to just by creating a symlink<\/a> to \/ (the root directory).\u201d<\/p>\n

After coming across child porn sites, the hacker decided to take over Freedom Hosting II by altering its configuration file to trigger a password reset.<\/p>\n

\u201cOnce I found out what they were hosting, I just wanted to shut them down,\u201d said the hacker, who\u2019s also been circulating what he stole through a torrent file.<\/p>\n

The dump includes 74GB of files and a 2.3GB database from the service, the hacker claims.<\/p>\n

\u201cThe IP of the server has been leaked, which potentially could reveal the admin’s identity,\u201d the hacker added.<\/p>\n

Chris Monteiro<\/a>, a cybercrime researcher based in the U.K., has been looking through the data dump, which he said appears to be real. The information includes the sites that Freedom Hosting II had been operating, along with the admin credentials to access them.<\/p>\n

The dump also appears to contain a client database, meaning that anyone who used Freedom Hosting II might be exposed, Monteiro said.<\/p>\n

\u201cWe\u2019re going to see emails, usernames, all of which can be used by law enforcement for prosecution of people,\u201d he said.<\/p>\n

In addition, the dump contains forum posts from users mentioning sex with minors, the sale of hacked internet accounts, and files that reference\u00a0botnets<\/a>\u00a0and online scamming.<\/p>\n

Freedom Hosting II was the largest shared hosting service on the dark web, Monteiro said. It was specifically designed for users who wanted anonymous hosting, but who lacked the know-how to set it up, he said.<\/p>\n

However, many of the sites hosted by the service were probably small. \u201cI doubt we\u2019ll find any large sites operating child porn,\u201d he said of the data dump.<\/p>\n

According to the hacker\u2019s message, Freedom Hosting II was responsible for 10,613 sites. However, the database dump indicates that a vast majority of those sites had only a few dozen or hundreds of user visits.<\/p>\n

Troy Hunt, a data breach expert, said in a tweet<\/a> that he noticed the database dump contained 381,000 email addresses.<\/p>\n

\u201cLaw enforcement will absolutely have this data, it’s very public. It also obviously has many real email addresses in it,\u201d he tweeted.<\/p>\n

Privacy researcher Sarah Jamie Lewis has also been researching Freedom Hosting II. In October, she\u00a0wrote<\/a>\u00a0that the service had been hosting sites that sold counterfeit documents and stolen credit card numbers, in addition to those that operated as personal blogs and web forums.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

\n
\n

A hacker is proving that sites on the dark web, shrouded in anonymity, can easily be compromised. \u00a0\u00a0<\/p>\n

On Friday, the unnamed hacker began dumping a sizable database stolen from Freedom Hosting II onto the internet, potentially exposing its users.<\/p>\n

The hosting service, Freedom Hosting II, was known for operating thousands of sites that were accessible through the Tor browser; the “dark web” is essentially the encrypted network comprising Tor servers and browsers. But on Friday, the service appeared to be down. Its main landing page was replaced with a\u00a0message saying that it had been hacked.<\/p>\n