The Dark Web is the encrypted network that exists between Tor servers and their clients aka cyber criminals, activists and many others who want encrypted communications. The Tor Network, the only network that protects the user’s identity and does not watch their Internet activities, helps Internet users retain their privacy online — especially when they are being watched by third parties.
Since most of the Dark Web is a haven for drug markets, pedophiles and sex traffickers who use Tor or set up anonymous .onion websites to hide their location and to ply their illegal trade, it becomes difficult for law enforcement to unmask the criminals seeking refuge in the shadows.
In their attempt to uncover the creators, possessors, and subscribers of child pornography, a group of anonymous hackers breached Freedom Hosting II — the largest host of Dark Web sites accessible only through Tor — downloaded gigabytes of data, and took down and defaced some 10,613 .onion websites.
The anonymous hacktivists claimed over 50% of the data stored on the Freedom Hosting II servers contained child pornography. International Business Times reported that the hackers stole 75 GB worth of files and 2.6 GB of databases, which they offered to return for 0.1 bitcoin, around $100.
According to Sarah Jamie Lewis, an independent anonymity & privacy researcher who spotted the mass hack as part of her regular scans of the Onion space (Dark Web sites running on the Tor network), Freedom Hosting II was hosting an estimated 15% to 20% of all websites on the Dark Web.
This means that the hack took down nearly a fifth of the Dark Web. Lewis told The Verge: “This is a major blow considering many were personal or political blogs and forums. In the short term, a lot of diversity has disappeared from the Dark Web.”
We were able to identify FHII-hosted sites through SSH fingerprints & Hostname hacking among others. Hosted sites now redirect to message. pic.twitter.com/DMhMb5ixtH
— Sarah Jamie Lewis (@SarahJamieLewis) February 3, 2017
Security researcher Chris Monteiro claimed the Freedom Hosting II hack may have disrupted a substantial number of botnets, which are increasingly used by cyber criminals to launch large-scale DDoS attacks.
Freedom Hosting II onion keys and an index of who they hosted wrapped it up in a 10 meg single torrent https://t.co/kGleN1Fn5a
— Deku_shrub (@Deku_shrub) February 3, 2017
Monteiro also discovered the .onion websites were not only hosting botnets, but also fraud sites, sites peddling hacked data, weird fetish portals, and child abuse sites targeting both English and Russian speaking buyers. Websites defaced in the Freedom Hosting II hack include:
In an interview with VICE, the hackers explained why and how they took down the Dark Web hosting provider:
“Initially we didn’t want to take down FHII. But then we found several large child pornography sites which were using more than Freedom Hosting II’s stated allowance. Usually, Freedom Hosting II has a quota of 256MB per site, but these illegal sites comprised of gigabytes of material. This suggests they paid for hosting and the admin knew of those sites. That’s when I decided to take it down instead.”
In 2011 also, as part of Operation Darknet, anonymous hacked and DDoSed the first Freedom Hosting for hosting child pornography websites. In 2013, when the first Freedom Hosting was hosting half of all Dark Web sites, the FBI used a misconfiguration in the Tor Browser setup to identify visitors to such websites, took down the service, and arrested its owner Eric Eoin Marques in Ireland. Charges laid against Marques were of facilitating the distribution of online child pornography.