On Friday, a hacktivist group affiliated with Anonymous took down all the sites hosted on Freedom Hosting II. The free service provider hosted 10,613 websites, approximately 20% of all pages on the dark web.
The hackers reportedly knocked the sites offline after finding several child pornography repositories that hosted more content than Freedom Hosting II allows as a standard.
Motherboard and IDG News Service got in touch with hacker group and managed to learn their motives and methods to compromise these dark web servers.
Apparently, it was easier than it should have been and cyber security experts say the data dump contains legitimate information that agencies could use in the future.
How did hackers take down the dark websites?
The hacker told IDG News Service that all he did was try a “well-known exploit” that worked on some hosting service providers years ago. It is a 21 step process that does not involve any sophisticated software or knowledge.
In simple terms, the method involved creating a new site or accessing an existing one on Freedom Hosting II and then playing with private settings to prompt a “password reset” on the background.
At this stage, the hacker could turn on root access and see the full directory of the server with their newly gained system privileges.
Why did they hack these dark websites?
“I WAS JUST CURIOUS AT FIRST,” said the perpetrator. “ONCE I FOUND OUT WHAT THEY WERE HOSTING, I JUST WANTED TO SHUT THEM DOWN,” he added.
He went on to explain that Freedom Hosting II has a storage cap of 256 MB per site and that this network of child pornography pages had gigabytes of data online.
The group claims that ten of these illegal sites contained as much as 30 GB of data between pictures, video and other types of files. The hackers collected information from the servers and released a dump of almost 80 GB via torrent and other internet platforms.
Things might get ugly for the dark web users
Hackers not only knocked an extensive network of pornography offline and other illegal dark websites but also managed to gather compromising user data that law enforcement could and most likely will use to find and persecute these individuals.
Finally, law enforcement will absolutely have this data, it's *very* public. It also obviously has many real email addresses in it… 8/8
— Troy Hunt (@troyhunt) February 5, 2017
Cybersecurity expert Troy Hunt took to Twitter to talk about the data dump and the significance of the leak, confirming there were as much as 381,000 email addresses that could be linked to dark web surfers in real life.
While the information is already circulating online, the group had an honor gesture with Freedom Hosting II and offered to sell them back the sensitive data for 0.1 bitcoin or roughly $100.