Major Darknet Hosting Provider Hit by Attack, 6,500 Sites Deleted

By Riley ThompsonTechnology News

One of the Largest Darknet Hosting Providers Suffers Attack, 6,500 Sites Deleted

According to a report by ZDNet, Daniel’s Hosting (DH), one of the largest darknet hosting providers after last year’s hack of Freedom Hosting II, has suffered a major security breach. DH’s developer, Daniel Winzen, told reporters that the attack occurred at the end of last week, on November 15, 2018. Apparently, unknown attackers managed to gain access to the database and simply deleted all accounts, including the server’s root account. As a result, more than 6,500 darknet sites hosted on DH were wiped out.

Winzen regretfully stated that all information was lost permanently, as no backups were kept for obvious reasons.

Plans for Recovery and Investigation

Despite the setback, the developer plans to bring the platform back online as soon as he identifies and fixes the vulnerabilities exploited by the attackers. “At this time, I haven’t been able to fully analyze the logs, but based on the facts I’ve already discovered, I believe the attacker only gained access to the database’s administrative privileges. There’s no evidence that they had access to the entire system, and some accounts and files not part of the hosting infrastructure remain untouched,” Winzen explained.

So far, the DH operator and developer have only found a zero-day vulnerability in PHP, information about which had been circulating online for some time but only became widely known at the end of last week—just a day before the hosting provider was hacked.

Winzen believes it’s unlikely that the unknown attackers used this bug as their entry point, since it wouldn’t have given them the necessary privileges. The situation is further complicated by the fact that DH’s source code has long been available on GitHub, allowing hackers to study the service’s structure in detail.

Who Is Behind the Attack?

It’s still unclear who is responsible for the attack on DH. The service may have had many adversaries. After the aforementioned hack of Freedom Hosting II in 2017, DH became the largest hosting platform of its kind. The service was used for a wide range of purposes, from malware operations to hosting political blogs. As a result, DH could have been targeted by competing hackers or “government” groups seeking to bury certain information.

It’s worth noting that after the attack on Freedom Hosting II, the number of darknet sites was estimated by researchers to have dropped by 85%.

Leave a Reply