Major Darknet Host Hacked, Data Exfiltrated

 

Deep Hosting, a major darknet host on the Tor network, was hacked recently and data from some of the hidden sites and linked databases hosted on the server were exfiltrated. A hacker named Dhostpwned was able to take over the Deep Hosting servers by using a PHP shell and a Perl shell. The hacker registered for a shared hosting account on Deep Hosting and then uploaded the PHP shell and the Perl shell.

Deep Hosting has determined that the hacker was unsuccessful in executing the Perl shell, but was successful in executing the PHP shell. “A large part of the PHP shell is unusable since a certain number of functions are blocked on the shared servers but one function was not blocked. The attacker was able to access the server and execute a command with limited rights,” Deep Hosting announced on a page on their wiki. A day went by before the administrators of Deep Hosting realized the hack was occurring on their server. Once Deep Hosting realized they had been hacked and found the source of it, they changed passwords for all FTP and SQL services for all Deep Hosting user accounts.

Dhostpwned told Bleeping Computer that he had stolen 91 hidden sites from Deep Hosting’s servers. A majority of those 91 hidden sites are currently down, having gone offline when Deep Hosting changed passwords for all SQL services. Among the 91 hidden sites that were affected by, and knocked offline by, the hack included hacking forums, drug marketplaces, carding markets, and malware repos. Dhostpwned also told Bleeping Computer that Deep Hosting’s shared hosting services had appalling security.

One of the 91 hidden sites to go down from the hack was the MNG darknet market. The MNG market hosts listings for a variety of illicit products. MNG market used a Virtual Private Server (VPS) hosted by Deep Hosting. According to Dhostpwned, the administrators of MNG market had forgotten to change the default password for their VPS box. The hacker uploaded a text file named kek.txt, the contents of which said “gg -deephosting security is shit”. Not long after the hacker posted the text file taunting Deep Host and their poor security, that server also went down. Dhostpwned claimed that he “accidentally” wiped the master boot record for MNG market’s server.

Dhostpwned has not released a dump of any of Deep Hosting’s files, nor of the files of Deep Hosting’s users. The hacker claims he has no intentions of releasing a dump in the future either. This of course is not the first time a major darknet hidden services host has been hacked and taking down a large number of hidden sites. In 2011 hackers took down Freedom Hosting, and in 2013 a group of hackers associated with the hacker group Anonymous took down Freedom Hosting II. The hacking of Freedom Hosting II brought down what at the time was 15-20% of all of the hidden sites hosted on the Tor network.

The Anonymous hackers claimed that over half of the sites being hosted by Freedom Hosting II were serving child pornography, despite Freedom Hosting II proclaimed policy of having zero tolerance for child pornography. The hackers released a torrent of a database dump from Freedom Hosting II. The hackers believe that Freedom Hosting II was being run by one person. The hackers who took down Freedom Hosting II also believe that one person also was well aware of the child pornography being hosted on their servers, since many of the sites hosting child pornography exceeded the quota of disk space for free hosting, and would have been from paid hosting accounts.

Below is a list of the 91 hidden sites affected by the Deep Hosting hack:

23mg64vxd2t6kurv.onion

27msssu6jaqhuk6m.onion

33qvlt5je5kif3jq.onion

3kqpypputjn2dhpp.onion

5ehtvrvuf2ef5h4h.onion

5xwgogyjnfcvrmvj.onion

654krjf5q6iupjot.onion

66xflun3ot54h6re.onion

6ccxadxrr4g3qm7d.onion

acteamwneyw3ik2w.onion

alphaor4wguil6wo.onion

anpbcfvqjg2txyw4.onion

aom6u55durkqpwaz.onion

assassinuyy7h425.onion

azo3mftev62hfckw.onion

azvjv2ji2ucukemz.onion

b6kbmmeh5qivsr47.onion

bzp2k3z63s4js3mo.onion

c7wgwx7zlmqntrm5.onion

cardobgwrjlzzqfl.onion

cbossftu5bjk5nx6.onion

ccguruetr5jwye5g.onion

cd2bkzxjx7vq3gxc.onion

cerberxypcgoxiw5.onion

clonedxpjlq5764s.onion

dc5clejbfoaxcqbk.onion

dhostov5qbwwyhcw.onion

dhwikikgqceifior.onion

dpanely75rdnw7yv.onion

dxke6tzygtgqvb6a.onion

e5nocpxm3rccdjeq.onion

e6wdnr4mcrzzefkt.onion

eurx66uednuvulfh.onion

feap5rllvmqi7lka.onion

g3n3bnjwhwokjco7.onion

g6ipitbghd6qutma.onion

gadmai6ebvzji6v6.onion

gbpoundzv2ot73eh.onion

gdbvx3pywrphpd5a.onion

hwikikijkk5g6acr.onion

iacwsvpfd4q43oer.onion

icloud4ho7bmn662.onion

imlz5jkbdcgl2c7s.onion

ji4qnwqney7siu2r.onion

jqcpeb5d77npwgyi.onion

k6sblsjcsgqpeym7.onion

kshdh4ipnl62xu2i.onion

lxhbgl43362zhmoc.onion

lxtrcj4uf3kxdhth.onion

mngmt4bouza7mobn.onion

mpt374ndlhhaxcsd.onion

mxs3tmyprhbne25m.onion

mz252nufkj42unlf.onion

n7gaof3th7hbktct.onion

nddgne7tasavd65z.onion

nfi3plp7famvohxm.onion

openwikicra5e6y2.onion

pacho2llwjm3c7ko.onion

q7ozu2gu7xt74gxk.onion

qyhaps2d7mzwwund.onion

rampshqaygkfwphb.onion

rj3herig755gboy5.onion

rothminhoy6dq45c.onion

scant2tnmpah5uao.onion

sholq4wfbybbzvj7.onion

shops64lgjykjrkp.onion

sux4lbtmxux5ou4f.onion

teekvknyeypyzpst.onion

teranovif5tsxdb6.onion

terrafmx663yli7u.onion

tgfc3mn2c6m6zga5.onion

tnmarkyzsx7xfbdg.onion

torwikica2juwzcg.onion

trinixy73gm6z4fq.onion

twiljiy37asd3t24.onion

ucdanzi5vdstr2gl.onion

unoppqar7cy3zvux.onion

vkzw2vhqqt7vvirr.onion

vn4bhyvlquetya7e.onion

vzpqzsukomqmlocz.onion

warezj5fngb44vn5.onion

webde3vkni6mhr3v.onion

xigjkusfkt2zvcvn.onion

xosnp3buimehxvma.onion

xwl45tkgnd7dv5ta.onion

y4rxzpod66bxgr4q.onion

zaoklnavsgzaxhf4.onion

zerodwbjcejayq7v.onion

zhqwte56j3xbnzdu.onion

zi5ivi3ufa7ijqys.onion

zoyel6xobic62353.onion