Posted on July 11, 2017 at 3:07 PM
Another hacking attack has occurred, and this time, the target was Deep Hosting – a Dark Web hosting service. Yesterday, Deep Hosting admitted that a security breach has occurred and that some sites were exported.
The party responsible for the hack that happened on Saturday afternoon is a hacker by the name of Dhostpwned.
Deep Hosting team has published a report about the attack on a wiki page. In it, they say that the hacker has registered a shared hosting account, which he used for uploading two shells on the shared hosting service’s servers. One of them was written in Perl, while the other one was in PHP.
Further investigation has uncovered that the Perl shell was not executed, while the PHP one worked as it was expected. Deep Hosting’s report claims that PHP shell’s large part is now unusable, because of a large number of blocked functions. However, one of them was not blocked, and the attacker managed to execute several commands after accessing the server.
Despite this, the attack was not simple, and Deep Hosting needed almost an entire day before they properly understood what actually happened. This includes detecting the point of intrusion, as well as changing FTP and SQL password for the users.
Dhostpwned has also established contact and shared a list of websites that he reached from the server that he attacked. There are 91 websites in total, and most of them are currently down.
Many different Dark Web services are included here. Some are connected to drugs marketplace, while others include malware repositories, carding shops, or even hacking forums.
The hacker admitted the hack and commented that the security was appalling. He also stated that the majority of files from the site are now in his possession. He even mentioned an assassination network that he detected during the breach but did not manage to break into it, since it used VPS, which he wasn’t prepared for.
He also got access to several other servers, including one that was hosting the M.N.G. Market. This is a marketplace used for buying and selling different illegal products. Once he got control over it, he uploaded a message, once again commented on the bad security.
M.N.G Market went down only moments after the upload of the message since the hacker accidentally wiped out their hard drive. Dhostpwned also stated that M.N.G Market used a VPS server as well, but they did not change VPS box’s default password, which is how he got access.
This is not the first time that one of Dark Web’s hosting providers was hacked. It is not even a first hack this year since, in February, one of the Anonymous hackers breached and duped the entire database of Dark Web’s Freedom Hosting II service.
That attack was motivated by the discovery of child abuse forums on the service. Freedom Hosting II was aware of it, and yet did nothing to stop it, which is why Anonymous decided to act. The exact same reason is why Freedom Hosting I went down in 2011.
As for the stolen data, Dhostpwned has not dumped any of it, and he also said that he doesn’t plan to do so anyway.