The largest providers of Dark Web hosting services named Daniel’s Hosting was hacked last week and was taken offline. Daniel’s Hosting became the largest Dark Web hosting provider in 2017 when Anonymous hackers breached and took down Freedom Hosting II.
According to Daniel Winzen, the software developer behind the hosting service confirms that the hack took place on Thursday, November 15. He states that someone had accessed their database and deleted all accounts.
The server’s root account was also deleted and all 6,500+ Dark Web services hosted on the platform were gone. Unfortunately, all data was lost and according to the design there weren’t any backups. Winzen said that he would bring the hosting back up once the vulnerability has been identified and fixed.
They were not able to do complete analysis of the log files as of now and they needed further analyze of it. However, he believes that the hackers were only able to get administrative database rights and there is no evidence of having total system access. Some accounts and files that were not part of the hosting setup were left untouched.
Winzen has identified one flaw, a PHP zero-day vulnerability. Details about this unpatched vulnerability were known for about a month in Russian PHP programming circles and the vulnerability attained a lot of attention among the wider programming and infosec communities, on November 14, a day before the hack.
It is difficult to accredit the attack to specific threat actors as cybercrime syndicates, nation-state hackers, intelligence, and law enforcement agencies are all possible suspects with valid motivations.
The source code of Daniel’s Hosting platform has always been as open-source on GitHub, and this might have enabled the attackers to review the code and find zero-day flaws to exploit.