Cyber Attacks

Dark Web hosting provider got hacked, 6,500 sites down

0

The largest providers of Dark Web hosting services named Daniel’s Hosting was hacked last week and was taken offline. Daniel’s Hosting became the largest Dark Web hosting provider in 2017 when Anonymous hackers breached and took down Freedom Hosting II.

According to Daniel Winzen, the software developer behind the hosting service confirms that the hack took place on Thursday, November 15. He states that someone had accessed their database and deleted all accounts.

The server’s root account was also deleted and all 6,500+ Dark Web services hosted on the platform were gone. Unfortunately, all data was lost and according to the design there weren’t any backups. Winzen said that he would bring the hosting back up once the vulnerability has been identified and fixed.

They were not able to do complete analysis of the log files as of now and they needed further analyze of it. However, he believes that the hackers were only able to get administrative database rights and there is no evidence of having total system access. Some accounts and files that were not part of the hosting setup were left untouched.

Winzen has identified one flaw, a PHP zero-day vulnerability. Details about this unpatched vulnerability were known for about a month in Russian PHP programming circles and the vulnerability attained a lot of attention among the wider programming and infosec communities, on November 14, a day before the hack.

It is difficult to accredit the attack to specific threat actors as cybercrime syndicates, nation-state hackers, intelligence, and law enforcement agencies are all possible suspects with valid motivations.

The source code of Daniel’s Hosting platform has always been as open-source on GitHub, and this might have enabled the attackers to review the code and find zero-day flaws to exploit.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    3 New Code Execution Vulnerabilities Found in Atlantis Word Processor

    Previous article

    USPS Site Exposed 60 Million Users’ Data

    Next article

    You may also like

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *