Plug on Thousands of Dark Net

This incident supposedly was the first hack carried out by the attacker, who claimed responsibility in an interview with Motherboard. In addition to taking Freedom II offline, the person stole 74 gigabytes in files and a 2.3-GB database.

The database stolen from Freedom II contains 381,000 email addresses — thousands of them with .gov extensions, Troy Hunt, who runs the Have I Been Pwned website, told Wired.

However, those .gov addresses may not be legitimate, he noted.

The hack of Freedom II was relatively rudimentary, said Tim Condello, technical account manager and security researcher at RedOwl.

“They identified a configuration issue and used it to identify the root user of the system and gain control of it that way,” he told TechNewsWorld. After gaining control of the system, “they overwrote the index file and redirected the landing page for all the websites to a landing page containing their message.”

 

Shared Vulnerabilities

This attack demonstrates that when it comes to resistance to vulnerabilities, the Dark Web doesn’t have an edge.

“The underlying technology of the Dark Web isn’t anything revolutionary. The way a content management system or a hosting service operates is identical to how it’s done on the open Web,” Condello said.

“The difference is how the content is communicated, so it’s accessible only through the Dark Web,” he continued.

“The code that’s used for a forum on the Dark Web is the same code that’s used on the clear Web,” Condello explained, “so if there’s a vulnerability identified for WordPress, that vulnerability can be exploited on a Dark Web website using WordPress just as it would on the open Web.”

 

Flaws in Dark Web

The attack on Freedom II also shows the danger of concentrating resources in a central location.

“The fact that so many sites used this single particular hosting provider meant that a breach of that provider meant a breach of thousands of sites,” noted Danny Rogers, CEO of Terbium Labs.

“The anonymity of the Dark Web relies on its distributed nature,” he told TechNewsWorld. “These sorts of centralizations create significant weaknesses.”

Although breaking into servers and stealing data on the open Web is illegal, it remains to be seen what the consequences may be for the hacker of Freedom II.

“I’m sure they angered a lot of people, but I’m not sure how much anyone can do about it,” Rogers said.

There may be legal ramifications from the attack, but they could be for the people identified in the dump of stolen data rather than for the hacker.

“The data release is going to be a major boon to law enforcement,” Rogers observed.