There was a massive disruption on the Dark Web this week. The cause: Freedom Hosting II, the single largest host of sites on the Dark Web, had been compromised. Hackers breached their systems, downloaded gigabytes of data, and then replaced web pages with a notification about the hack… along with a rather curious ransom demand.
Just how big is Freedom Hosting II? Anonymity and privacy researcher Sarah Jamie Lewis estimates that it was hosting somewhere between 15 and 20% of all sites on the Dark Web. The impact of this attack could be quite far-reaching, and while you might think that would mean that the ransom demand would be sky high that’s definitely not the case.
Whoever was behind the attack was asking for a paltry .1 Bitcoin. That’s about $100 at today’s exchange rate. That seems insanely cheap given that they were offering to safely return a whopping 75GB of files and another 2.6GB of databases.
Why would a hacker ask for such a small ransom for so much data? The answers might be that the attacker(s) planned to dump the data online from the moment they extracted it. At around noon Eastern, the Freedom Hosting II database was posted to a site on the Tor network. At the time of publishing this post, their site was still inaccessible.
Upside For The Average Internet User
Security researcher Chris Monteiro has been investigating the situation, and one discovery he posted to his Twitter feed is good news for all of us. Monteiro notes that the attack on Freedom Hosting II will likely have disrupted a number of botnets. Given the number of times the word “botnet” appears in the data, that seems like a strong possibility. A reduction in the number of active botnets or a reduction in their capabilities would be a very good thing.
And Now For The Bad News
Lewis has been analyzing the data, too, and she’s found a few things that will be highly unsettling to some Dark Web users. The database contains numerous plain text emails, usernames, and hashed passwords from forum sites hosted by Freedom Hosting II. That’s bad news for anyone who joined one of those forums using genuine personal details, especially considering one of the main reasons they would have headed to a Dark Web site in the first place was the added layer of privacy the Tor network provides.