Deep Hosting Hacked, Several Dark Web Sites Affected

Posted on the 28 July 2017 by Darkwebnews @darkwebnews

Cyber attacks seem to have moved one level up now. After targeting individual websites with a variety of objectives, now a server hosting hundreds of dark web sites has been hacked leaving as many as 91 websites offline.

What's more interesting is that the hacker, bearing the name "Dhostpwned," spoke with a website explaining how the whole hack was executed.

The host service, Deep Hosting, also put out a version of the hack in a wiki post, all of which amount to useful reading for those keen to know how it all occurred.

Web Hosting of Darknet Sites

The significance of this latest cyber attack cannot be overlooked, since Deep Hosting is the web server for several darknet markets, dealing in everything illicit-drugs, stolen goods, and so on.

The hacker has even gone on to list the 91 sites that have been torn down in the process.

The sites, having been part of the dark web, will now have to reinvent themselves if they want to continue doing business.

For good measure, Dhostpwned has not dumped the data stolen and has not made any ransom demands either.

Hacking Process Explained

There are also details available on how the whole dark web attack was executed.

The hacker made a registration as a shared account and then bombed the web hosting site with two shells each bearing a different type; one was Perl and the other was PHP.

This might have been a long shot since one of them, Perl, failed while PHP managed to pierce through a security gap and execute the commands.

The curious part in this whole episode is that it took almost 24 hours for the engineers at Deep Hosting to understand what hit them. This was only after they started looking deeper into the damage inflicted on the dark web sites they hosted.

Security Features "Appalling"

The hacker had a freewheeling discussion with the website Bleeping Computer on what he did, also revealing the names of the 91 dark web sites that he has blocked. The technical word used is "exported."

The hosting site has since arranged to reclaim user accounts and change both the FTP and the SQL passwords. But the hacker has stolen a lot of data, which the site owners may never be able to get back since the intentions of the hacker appear to be different than what is seen in any run-of-the-mill hack or cyber attack.

Are Darknet Sites More Vulnerable to Hacking?

It is still unclear what motivated the dark web hacker to launch this attack. Dhostpwned's identity and purpose have yet to be established.

Analysts point to a previous dark web cyber attack that happened at the beginning of this year, targeting the Freedom Hosting II service.

It later surfaced that the motive fueling the attack was that the virtual platform was being used to host some child porn or child abuse forums. The web hosting firm probably knew of the violation but did not block it.

Other perspectives put forth state that some rival dark web sites might have instigated or initiated the hack, and this kind of jealousy is not uncommon within darknet markets.

In any case, these hacking operations are already illegal and the articles traded on dark web markets are not of any significance to ordinary folks.

The drug peddlers, art thieves and other dealers of stolen properties on these darknet markets are looked down upon in society and are definitely in the eyes of the law.

If they decide to harm each other's interest, those out in the real world may break no sweat over it.

Web Hosting Firms Need to be Careful

The dark web hack that occurred with Deep Hosting might prove to be a lesson learned for the web hosting community in one sense.

When admitting new websites to be hosted on their servers, they should run a thorough screening to ensure that no undesirable activity is being carried out on the site.

Once this is taken care of and security issues are addressed fair and square, there is no need to be concerned.

Disclaimer:

You need to enable JavaScript to vote