Thousands of Tor-based websites became inaccessible last week after hackers breached the systems of Freedom Hosting II, a service provider that is believed to host roughly 20 percent of the sites on the dark web.
While Freedom Hosting II has hosted nearly 11,000 websites, an analysis conducted by privacy and anonymity researcher Sarah Jamie Lewis has shown that only 1,500 – 2,500 of them had any content.
Hackers affiliated with the Anonymous hacktivist movement said more than half of the websites hosted by Freedom Hosting II contained child pornography, despite the provider’s claims that it does not tolerate this type of content.
As a result, the hackers defaced all the sites hosted by Freedom Hosting and leaked data taken from its systems. The hackers also provided information on how they managed to breach the organization’s systems.
Users who attempted to access the websites were shown a message that started with, “Hello Freedom Hosting II, you have been hacked.” The Verge reported that the hackers initially offered to sell the stolen data for 0.1 bitcoin (roughly $100), but later apparently decided to make it available for free. The address provided by the attackers has received a total of 0.12 bitcoins.
First off, as I commented on Friday, this is a huge event. I think this will likely be seen as a milestone in the history of anonymity tech.
— Sarah Jamie Lewis (@SarahJamieLewis) February 6, 2017
FHII made it easy for people to start playing with anonymous publishing – and in doing so created a huge vulnerability.
— Sarah Jamie Lewis (@SarahJamieLewis) February 6, 2017
Australian security expert Troy Hunt, the owner of the Have I Been Pwned breach notification service, analyzed the leaked data and discovered a 2.2 Gb database containing more than 380,000 user records, including email addresses, usernames and passwords.
Hunt believes law enforcement agencies will find the leaked data very useful, especially since it includes real email addresses. He also pointed out that many of the addresses are on .gov domains, but it’s unclear how many of them are real and what they have been used for.
The leaked data was also analyzed by Chris Monteiro, who confirmed that Freedom Hosting II hosted some large English and Russian-language forums related to child abuse. The researcher also identified fraud, account hacking, fetish and botnet websites.
The original Freedom Hosting was taken down by the FBI back in 2013. Before shutting it down, the agency exploited a vulnerability to identify darknet users.
Related Reading: Darknet Marketplace Hansa Launches Bug Bounty Program
Related Reading: Behind the Buzz – What Intel Can You Gather from Dark Web Markets?
Related Reading: Top Reasons to Pay Attention to the Dark Web

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
