One of the largest providers of Dark Web hosting services has been hacked, security researchers reported.
Apparently, the service known as Daniel’s Hosting was hacked and taken offline. Daniel Winzen, the hosting’s developer, says that the incident occurred on November 15. He believes that someone got access to the database and deleted all the accounts, including the server’s root account.
All 6,500 Accounts Hosted on Daniel’s Hosting Are Lost for Good
The impact of the hack is quite serious, as all of the Dark Web services hosted there are now gone. The number of lost services is bigger than 6,500, and because of the design, there are no available backups. The hosting will be brought back once Daniel Winzen discovers the vulnerability that caused the hack.
In a conversation with ZDNet, the developer revealed the following:
As of now I haven’t been able to do a full analysis of the log files and need to further analyze them, but based on my findings so far I believe that the hacker has only been able to gain administrative database rights. There is no indication of having had full system access and some accounts and files that were not part of the hosting setup were left untouched.
Daniel has been searching for the core of the issue, and so far he has identified one vulnerability – a PHP zero-day that has been known for about a month by Russian programmers. It is curious to mention that more attention was drawn to the vulnerability the day before the hack on Daniel’s Hosting happened. However, Daniel feels that the zero-day is not the root cause and point-of-entry of the hack that took down his platform:
It is a vulnerability reported as a possible point of entry by a user and my setup was, in fact, vulnerable. However I would deem it as unlikely to have been the actual point of entry as the configuration files with database access details were read-only for the appropriate users and commands run by this vulnerability shouldn’t have had the necessary permissions.
The reason Daniel’s Hosting got hacked may be because the platform’s source code has always been available on GitHub. As to who might have been interested in hacking it, the list of suspects is quite large. The hosting has been used to host a range of dubious content, including malware operations and political blogs.