Anonymous hackers have breached Freedom Hosting II, a popular Dark Web hosting provider, and have taken down 10,613 .onion sites.
Since all websites were interconnected by Freedom Hosting II's underlying infrastructure, all sites have been defaced with the same message, as portrayed below:
Sarah Jamie Lewis, an anonymity & privacy researcher for mascherari.press, was first to spot the mass defacement as part of her regular scans of the Onion space (term used to describe Dark Web portals running on the Tor network).
In the defacement message, the Anonymous hackers also left a list of all hacked websites. We've reproduced the full list here.
This is the latest version of the defacement message:
According to the above message, the hackers claim to have found massive troves of child pornography imagery hosted on the company's servers.
It appears that initially, the hackers featured a different defacement message, one that asked Freedom Hosting II to pay 0.1 Bitcoin (~$200) in order to recover their data, as per this The Verge article.
Despite the hackers receiving two payments in their Bitcoin wallet, they later decided to dump the data publicly, which is now available for download as torrent files. Since some of the files contain sensitive images, we removed the download links from the defacement message above.
The hackers claim to have downloaded 74GB of files and a database dump of 2.3GB.
In an interview with Vice, one of the Anonymous hackers said this was his first hack ever, and he never intended to take down all of the hosting provider customer sites.
He says he took this step after finding files related to child pornography. What angered the hackers was the fact that these child pornography portals had gone well over the standard Freedom Hosting II free quota, meaning the hosting company knew and profited off these sites.
The hacker told Vice that they found ten such sites, which had uploaded so much content that it accounted for nearly half of the total Freedom Hosting II files. Freedom Hosting II offers free web hosting for Dark Web sites for up to 256MB.
Security researcher Chris Monteiro has analyzed some of the dumped data. He says he discovered .onion URLs hosting botnets, fraud sites, sites peddling hacked data, weird fetish portals, more weird stuff, and child abuse websites targeting both English and Russian speaking buyers [NSFW links].
The group later also published a step-by-step explanation on how they hacked the Dark Web hosting provider.
According to a report from October 2016, Lewis said that Freedom Hosting II hosted a fifth of all Dark Web URLs.
The first and original Freedom Hosting was also hacked and DDoSed by Anonymous in 2011, as part of Operation Darknet, for the same reasons of hosting child pornography portals.
In 2013, the FBI used a misconfiguration in the Tor Browser setup to identify visitors to these sites. The FB later took down the service and arrested its employees. At that time, the first Freedom Hosting hosted around half of all Dark Web URLs.