By Alexa Erickson, Collective Evolution
A group within the Anonymous movement has claimed responsibility for hacking Freedom Hosting II, a popular Dark Web hosting provider
Upon pulling up various websites hosted on the darknet, visitors were met with a shocking message that began: “Hello, Freedom Hosting II, you have been hacked.”
The statement continued on to say:
We are disappointed… This is an excerpt from your front page ‘We have a zero tolerance policy to child pornography.’?—?but what we found while searching through your server is more than 50% child porn…
Moreover you host many scam sites, some of which are evidently run by yourself to cover hosting expenses.
All your files have been copied and your database has been dumped. (74GB of files and 2.3GB of database)
We are selling all data (excluding cp) for 0.1 BTC. Send 0.1 BTC to 14iCDyeCSp12AmhVfJGxtrzXDabFop4QtU and send your transaction id to firstname.lastname@example.org or email@example.com and We’ll get back to you with a full dump.
Up to January 31st you were hosting 10613 sites. Private keys are included in the dump. Show full list
We are Anonymous. We do not forgive. We do not forget. You should have expected us.
According to the hackers, child pornography made up over half of the data found on the servers. But such news should only be expected at this point, considering the original Freedom Hosting hosted as many as half of the child porn sites on the darknet.
Though not all of Freedom Hosting’s sites have a connection to child porn, all of them were emblazoned with the error message and hidden code embedded in the page. Upon examining the code, security researchers discovered it took advantage of a weakness in Firefox to pinpoint users of the Tor Browser Bundle, which reported back to a home server in Northern Virginia.
But the latest attack isn’t the result of the FBI’s work. The hackers are though to be online vigilantes who call themselves “pedophile hunters.”
The data, which includes email addresses of almost 381,000 users, has since been dumped by the hackers. However, at least 21% of them have been added to the website haveibeenpwned.com, which tracks user data leaks.
Security Researcher Troy Hunt acknowledged that there were thousands of .gov email addresses, but asked “how many are real and what purposes they are being used for is another issue,” since not everything hosted on Freedom Hosting II was child pornography. Nevertheless, Hunt said “much of the data is highly explicit.” An ongoing analysis of the leak can be retrieved on Medium.