Hacker takes out dark web hosting service using well-known exploit - mcginnismurne1956

A hacker is proving that sites on the glooming World Wide Web, shrouded in namelessness, can easily be compromised.

On Friday, the unnamed hacker began dumping a sizable database stolen from Freedom Hosting II onto the internet, potentially exposing its users.

The hosting inspection and repair, Freedom Hosting II, was famous for operational thousands of sites that were getatable through the Tor browser; the "dark web" is essentially the encrypted network comprising Tor servers and browsers. Only on Friday, the service appeared to be down. Its main landing page was replaced with a message saying that it had been hacked.

Allegedly, Exemption Hosting II had been hosting kiddy porn sites, though its anonymous operator claimed to have a nought-tolerance policy toward such content, according to the hacker behind the breach.

"What we found while intelligent through your server is more than 50% child porno…" the hacker wrote in the message left along the situation. "Moreover, you host many scam sites, some of which are evidently running game by yourself to cover hosting expenses."

In an email to the IDG Intelligence Table service, the cyber-terrorist explained how the breach came about. "I just recently read an clause about a familiar effort that some hosting providers fell victims of many years past," the individual aforementioned.

Exemption Hosting Two worked as a free help that allowed anyone to sign on and make up a site on the crepuscular web. However, starting on January. 30, the hacker gained access to its web server, using a 20-step method.

Michael Kan

The method the cyberpunk claims to give used.

The hack essentially involved starting a new site connected Freedom Hosting II and creating a link to gain access to the service's root directory. This allowed the drudge to browse the total waiter.

"I was just curious at first," the person said. "I had reading permissions to everything the web server could get access code to just by creating a symlink to / (the pull directory)."

After coming crossways child porn sites, the hacker decided to arrogate Freedom Hosting II by fixing its configuration file to touch off a parole reset.

"Once I found unsuccessful what they were hosting, I just wanted to shut them inoperative," said the hacker, World Health Organization's besides been circulating what he stole through a torrent file.

The plunge includes 74GB of files and a 2.3GB database from the service, the hacker claims.

"The IP of the server has been leaked, which potentially could reveal the admin's individuality," the hacker added.

Chris Monteiro, a cybercrime investigator based in the U.K., has been sounding through the data dump, which atomic number 2 aforesaid appears to be real. The information includes the sites that Freedom Hosting Deuce had been operating, on with the admin credentials to access them.

The dump also appears to contain a node database, meaning that anyone who used Freedom Hosting II might be unclothed, Monteiro said.

"We're going to witness emails, usernames, all of which can be used by law enforcement for prosecution of people," he aforesaid.

To boot, the dump contains meeting place posts from users mentioning sex with minor league, the sale of hacked internet accounts, and files that reference book botnets and online scamming.

Freedom Hosting Cardinal was the largest shared hosting service along the dark web, Monteiro said. It was specifically designed for users WHO treasured anonymous hosting, but who lacked the know-how to set it skyward, he said.

However, galore of the sites hosted by the service were in all probability small. "I doubt we'll ascertain any large sites operating tike porn," he same of the information dump.

Reported to the hacker's message, Freedom Hosting 2 was causative 10,613 sites. Still, the database dump indicates that a vast majority of those sites had only a a couple of cardinal or hundreds of user visits.

Troy Hunt, a data breach expert, said in a tweet that he noticed the database dump controlled 381,000 email addresses.

"Police enforcement leave absolutely have this data, information technology's rattling populace. It also obviously has many real email addresses in information technology," he tweeted.

Secrecy researcher Sarah Jamie Lewis has likewise been researching Exemption Hosting II. In October, she wrote that the religious service had been hosting sites that sold counterfeit documents and stolen credit tease numbers, in accession to those that operated as ad hominem blogs and WWW forums.

Source: https://www.pcworld.com/article/411952/hacker-takes-out-dark-web-hosting-service-using-well-known-exploit.html

Posted by: mcginnismurne1956.blogspot.com

Share this post