last week, when a hacker compromised a server hosting some 10,000
websites on the Tor network.
The Tor network, knowingly designed to hide the identities of its users while online, is widely used on
the Dark Web, which isn’t indexed by mainstream search engines and
serves as a hub for illegal online activities.
Visitors to the affected pages were greeted with the message, “Hello,
Freedom Hosting II, you’ve been hacked.” Freedom Hosting II is the
server that hosted the Tor pages been visited by the affected users.
The attacker, who has claimed to be part of the hacker collective
Anonymous, reportedly took Freedom Hosting II offline because 50 percent
of its sites contained child pornography and prosecutions.
The original Freedom Hosting sites hosted as much as 50 percent of
the Dark Web’s pages as of the year 2013, when it was taken down by the law
enforcement. A number of child porn prosecutions also followed that action.
This incident supposedly was the first hack carried out by the attacker, who claimed responsibility in an interview with Motherboard. In addition to taking Freedom II offline, the person stole 74 gigabytes in files and a 2.3-GB database.
The database stolen from Freedom II contains 381,000 email addresses
— thousands of them with .gov extensions, Troy Hunt, who runs the Have I
Been Pwned website, told Wired.
However, those .gov addresses may not be legitimate, he noted.
The hack of Freedom II was relatively rudimentary, said Tim Condello, technical account manager and security researcher at
“They identified a configuration issue and used it to identify the
root user of the system and gain control of it that way,” he told
TechNewsWorld. After gaining control of the system, “they overwrote the
index file and redirected the landing page for all the websites to a
landing page containing their message.”
This attack demonstrates that when it comes to resistance to vulnerabilities, the Dark Web doesn’t have an edge.
“The underlying technology of the Dark Web isn’t anything
revolutionary. The way a content management system or a hosting service
operates is identical to how it’s done on the open Web,” Condello said.
“The difference is how the content is communicated, so it’s accessible only through the Dark Web,” he continued.
“The code that’s used for a forum on the Dark Web is the same code
that’s used on the clear Web,” Condello explained, “so if there’s a
vulnerability identified for WordPress, that vulnerability can be
exploited on a Dark Web website using WordPress just as it would on the
Flaws in Dark Web
The attack on Freedom II also shows the danger of concentrating resources in a central location.
“The fact that so many sites used this single particular hosting
provider meant that a breach of that provider meant a breach of
thousands of sites,” noted Danny Rogers, CEO of
“The anonymity of the Dark Web relies on its distributed nature,” he
told TechNewsWorld. “These sorts of centralizations create significant
Although breaking into servers and stealing data on the open Web is
illegal, it remains to be seen what the consequences may be for the
hacker of Freedom II.
“I’m sure they angered a lot of people, but I’m not sure how much anyone can do about it,” Rogers said.
There may be legal ramifications from the attack, but they could be
for the people identified in the dump of stolen data rather than for the
“The data release is going to be a major boon to law enforcement,” Rogers observed.
More Attacks to Come
Attacks on the Dark Web are commonplace, but they don’t often get the visibility of the assault on Freedom II.
“These attacks will continue on a pace with what we see on the clear Web,” Condello maintained.
“I think the new pattern is going to be [that] as vulnerabilities are
revealed on the open Web, people are going to go to the Dark Web and
see if there are any sites with those same vulnerabilities,” he
suggested. “Getting access to sites built around anonymity and pulling
the curtain back on that can give you power and money.”