(NBC News) — Someone claiming to be affiliated with Anonymous compromised a private web hosting service last week, taking down more than 10,000 sites on the highly encrypted “dark web,” security researchers said.
The hacker or hackers broke into the hidden web hosting service Freedom Hosting II, claiming to have harvested all of the sites’ files and its database, totaling almost 80 gigabytes of material, they said in a message appearing on the screens of users trying to access the sites.
They said more than half of the information they obtained was child pornography, even though the service promotes itself as having a “zero tolerance policy” to such material.
Other materials in the exposed data include numerous references to botnets — automated computer networks used to launch distributed denial of service (or DDoS) attacks, spew out spam or steal data — email addresses, usernames and passwords from dark web sites.
In the message to users trying to access a Freedom Hosting II site, titled “Hello Freedom Hosting II, you have been hacked,” the hackers included a link to how they allegedly carried out the operation, which NBC News isn’t detailing or linking to. There was no response to an email sent to an address listed as a contact point in the hackers’ message.
In October, security researcher Sarah Jamie Lewis found that Freedom Hosting II was connected to as many as 20 percent of the sites represented on the part of the dark web accessed through the anonymized Tor network.
It’s impossible to determine whether the hackers are actually affiliated with Anonymous, a decentralized collective of web sites and advocacy operations that coalesce ad hoc around a wide variety of issues. But the hackers initially demanded a small payment for the return of the materials, a tactic that isn’t characteristic of confirmed Anonymous operations, said Chris Monteiro, another respected cybersecurity researcher.
The breach itself, however, “appears to be genuine,” Monteiro wrote in an analysis of the operation. The same “Hello Freedom Hosting II” message appeared on the company’s main customer portal, he wrote.
“Dark web” is the term used to describe the networks of private sites that exist on the same public internet you use at home and at work but that are accessible only through special software or access configurations.
Sites on the dark web are often used for legitimate, even laudable, purposes, such as protecting political and social activists’ communications from opponents and repressive governments. The original builders of Tor, in fact, included the U.S. Naval Research Laboratory.
But such sites are also often used — in back-alley locations that make up what is sometimes called “darknet” — to shield illegal activities from law enforcement, particularly black markets in weapons, drugs and child pornography.
In research published last year in the journal Global Politics and Strategy, King’s College London, professors Daniel Moore and Thomas Rid reported that about 57 percent of darknet sites they were able to access and classify hosted what they called “illicit material.”
The largest categories were related to drugs, financial crimes, “extremism” and “illegitimate pornography,” they found.
In a followup analysis after the compromised Freedom Hosting II material was released publicly, Monteiro said the haul included child abuse-related forums in both English and Russian, fraud sites, botnets and “weird fetish sites, which might not even be illegal.”