Popular Dark Web Hosting Provider Got Hacked, 6,500 Sites Down (zdnet.com) 104
Daniel's Hosting, one of the largest providers of Dark Web hosting services, was hacked this week and taken offline, ZDNet reports. From a report: The hack took place on Thursday, November 15, according to Daniel Winzen, the software developer behind the hosting service. "As per my analysis it seems someone got access to the database and deleted all accounts," he said in a message posted on the DH portal today. Winzen said the server's root account was also deleted, and that all 6,500+ Dark Web services hosted on the platform are now gone. "Unfortunately, all data is lost and per design, there are no backups," Winzen told ZDNet in an email today. "I will bring my hosting back up once the vulnerability has been identified and fixed."
Re: (Score:1)
Wow you really just can't stop yourself can you.
What none of us can understand is why you don't just fuck off and never look at this website again. Then all of our problems would be solved. Surely you would be happier on reddit?
No backups?! (Score:4, Informative)
Re:No backups?! (Score:5, Insightful)
By design.
I find it quite surprising, as well. It's easier to secure backups than it is to secure an Internet facing server... as the host learned, incidentally.
I can't trust someone to make backups and store them safely, I probably would not I trust him host my server.
Re: (Score:3, Insightful)
Pretty sure that they are trying to prevent a government from getting a court order to access their backup tapes, which would allow them access to all historical communications, etc... Much more information than they would keep on a running server.
That said, they should plan on running the old hardware through a chipper-shredder and re-building on a completely different hardware and OS than they were running on before.
Re: (Score:1)
This is to prevent a government or criminal agency requesting the backup password from Mr. Daniel with his body strapped to a restraining table in a non-descrip basement.
Re:No backups?! (Score:5, Insightful)
I find it quite surprising, as well
You should not be surprised. This is the dark web. If backups are made, they can be subpoenaed.
I can't trust someone to make backups and store them safely, I probably would not I trust him host my server.
You are missing the point. His customers are looking for someone they can trust to NOT make backups.
Anyway, good luck to Daniel and his customers. As long as we have overreaching governments grasping for power, we need the anonymity and secrecy of the dark web. Hopefully someday their activities can be done openly.
Re: (Score:2, Insightful)
Or being gay. Or as a woman being in public without a hijab. Or smoking pot. Or all the illegal activities by all sorts of governments, sanctioned or not, in other countries that they don't want others to know about. Perhaps if the governments weren't going around doing horrible things to people your argument would hold up. As it stands, there has to be some force to try to counterbalance the excesses and abuses of government.
Re: (Score:2, Insightful)
Because the government has no business knowing if children are being sold for child porn, or women (mainly women) are being sold into forced prostitution, or if murders are being set up.
Considering governments are guilty of doing all of those things and more, I don't see the point of them knowing. They won't stop themselves or others from doing those things, which is about the only business one would expect the government to perform, so what difference does it make?
If the government that has been caught with indisputable evidence of selling people into slavery, murder, breaking the very laws they set for themselves, and peddling in and production of child porn - what do you honestly expec
Re:No backups?! (Score:5, Interesting)
Because the government has no business knowing if children are being sold for child porn
Pedophilia is a medical condition as well as a crime. By over-criminalizing it, we push it into the shadows, make it harder to treat and increase the number of victims. In Japan, pedophiles can buy childlike sex dolls. There is strong evidence that these dolls provide a satisfactory outlet for many pedophiles, and reduces their desire to prey on real children. These dolls are illegal in America, and can only be ordered on the dark web. Do you think that makes sense?
... or if murders are being set up.
Most of the murders arranged on the dark web are between drug gangs. This is a direct result of their activities being illegal, and thus very profitable but with no access to legal processes of dispute resolution.
Alcohol prohibition in the 1920s also led to plenty of murders. The solution was fewer restrictions on what citizens could do, not more.
I'm sure people would love to see children or women being raped in the open.
Because that is what always happens when governments reduce censorship?
Reductio ad absurdum [wikipedia.org]
Re: (Score:1)
Yep. Kill all the kids so they can't be harmed by any of those creepy fuckers. It's the only way to keep them safe as there's no way to determine ahead of time when someone will become a pedophilia.
Groping genitals, forced sex? (Score:2, Flamebait)
I'm sure people would love to vote for a candidate, boasting about groping womens genitals and doing such a bad job as being recorded with that statement?
And actually they did, what will this now tell about if these people would live to see children or women being raped in the open?
Re: (Score:2)
I can't comment on child porn or organised hits, but I actually do know something about the sex industry in Australia in particular, which should be relevant given you're a wombat. Ironically, the sex slavery for the most parts is happening in licensed brothels. The unlicensed brothels or "massage parlours" are mostly students trying to save some money in the face of the ludicrous cost of living, or women funding an extended holiday. They don't want to attract any unnecessary attention. However there ar
Re: (Score:2)
Licensed brothels in Europe and Latin America require ID cards, have regular health inspections, and the working women are interviewed periodically by both health professionals and law enforcement without a manager present. I have a hard time seeing how the abuses you describe could happen there. Why is Australia's system so dysfunctional?
Re: (Score:3)
Same's true in Australia in theory, but enforcement is lax. There are various ways to side-step inspections or make them ineffective anyway. If you've got contacts in the police force, you can get advance notice of when an inspection is going to happen and temporarily move your sex workers who are on the wrong kind of visa off the premises. The ones who actually have permission to work in Australia but aren't being paid properly or are being forced to work excessive hours can be coerced into giving conve
Re: (Score:2)
One of the selling points is that he did not take backups, so the data never left the root account.
However, what he should have done, assuming he was using AWS, was at least pop snapshots on a daily/weekly/monthly level, with a guarantee that they would be deleted, perhaps with code that deletes the snapshot of a client VM when the client deletes the snapshot, using crypto keys to ensure the data is not readable.
Re: (Score:3)
Dark Web hosting is by definition of the kind you don't want any backups of. This is about securing backups against a government entity with court backup. Not against "random hackers".
And it's much harder to secure backups against such entity, requiring a completely different approach. You're thinking securing against hackers. That's a completely different game compared to one they're playing.
Re: (Score:1, Insightful)
It's dark web you nutsack, they deliberately do not make backups.
"Wow"
Re:No backups?! (Score:5, Funny)
Re: (Score:1)
It's a dark net hosting site, the policy makes perfect sense.
Re: (Score:2)
Who would be dumb enough to back up the content of thousands of kiddy porn sites?
Re: (Score:2)
no backups Wow
Just one phrase: Bookie Flash Paper.
"The days of guys writing bets on flash paper so they could burn everything when the cops busted in are long gone," [nytimes.com] But I guess that was before most of y'alls time.
Believe it or not, there's are times where you WANT to lose your data.
Oh, and speaking of old phrases, does anyone remember: "If anyone says they're from the government and here to help you, run"? Now-days it seems more like a demand rather than a joke.
Now we know ... (Score:5, Funny)
Re: (Score:1)
A pox on you for not linking to the relevant XKCD!
Re: (Score:2)
Dumb move. (Score:2)
If they had merely created a backdoor account and given the FBI access, I'm certain that the server would have been seized and a shitload of arrests would have happened. There is no way he was hosting 6500 darkweb sites without lots of them being highly illegal.
Re: (Score:1)
Empirical proof > Circumstantial evidence > Implicating factors > Psychic intuition > steaming pile of dogshit > Your as-yet unfounded opine
Re: (Score:2)
Since they don't do backups, it would seem logical that their customers keep their own to re-upload.
I think his problem is that now he doesn't know who his customers are......or how much they owe.
Re: (Score:1)
Customers don't have receipts either, eh?
Re: (Score:2)
Dark web host (Score:4, Insightful)
Big Red Button next to the front door. 'In the event of a search warrant, press"
Re: (Score:2)
probably the same people that use Experian, ATT, Verizon, Comcast, Blueshield....
Well who would still use Cisco Powny Phones? (Score:2)
And switches and firewalls and VOIP-Gateways and .. and .. and ..
Yeah I know the hoster still looses because he hosts true to himself like a real darkweb hoster.
Is this related to the cryptocurrency crash? (Score:2)
The dark web (Score:5, Funny)
went dark. Oh the irony.
Re: (Score:1)
Hacker Unkown (Score:2)
Has nobody yet thought about one-way backups? (Score:2)
Perhaps one-way is the wrong term, perhaps "Postbox"-Backups are a better term?
I mean, we have the tools to create a public & private key used for asymetric encryption.
With my public-key I can encrypt data and without the private key this data can't be decrypted?
How to use these keys in backup and restoration?
So when I would generate such a key-pair and put the public key into the backup service of this hosting provider, the data could be backed up and gets encrypted with the public-key. But nobody exce
Re: (Score:2)
It protects the hoster against a subpeona, because he will surrender all data, but at least the backup is still encrypted.
To decrypt it you would need to get to the person, who has the private key, in his/her possession and use violence or just force him to surrender the private key.
And a darkweb hoster tries not to know who the customer is :)
Web servers at home? (Score:3)
Re: (Score:3)
Most ISPs require a business class contract to have a server. Here that is a min of $350/mo for 50/5.
Re: (Score:2)
Most ISPs require a business class contract to have a server. Here that is a min of $350/mo for 50/5.
Wow!. I agree with your first sentence. I had to switch to a business class contract to get a public facing IP address. I had the choice of paying 59EUR for a 250/10 consumer connection or ... 62EUR for a 250/40 connection with 2 IP addresses with each additional IP a few eur per month.
You're being fleeced. But then you knew that already.
Because there aren't enough IPv4 addresses (Score:2)
Why do so few people set up web servers at home?
Last I checked there were 7 billion people in the world and roughly half that many IPv4 addresses. This means each IPv4 address will, on average,* correspond to more than one home subscriber. Thus ISPs in many countries put each neighborhood behind a carrier-grade network address translation (CGNAT) device [wikipedia.org], which allows a hundred or so to make outgoing connections on the same IP address. But a device behind CGNAT cannot receive incoming connections because the CGNAT does not know to whom to forward the conn
Re: (Score:2)
I had this problem, so I pay my ISP 3eur / month more to get a business connection. I also get an additional 30mbit upload bandwidth for that.
Re: (Score:2)
The United States and whatever EU member state you live in have a larger-than-average allocation of IPv4 addresses per thousand people. In some places, an IPv4 address costs a lot more than 3 euros per month. It's much more expensive to get your own IP in somewhere like Myanmar, as Bert64 reported [slashdot.org]: First you have to buy a business license, as none of the ISPs in a given city will sell a business connection to an individual. Then your business is placed behind CGNAT unless you lease individual IPv4 addresses
Re: (Score:2)
Being a registered business is also a hurdle that is different in different countries.
I have a registered business in Australia. It cost me the time it took to fill out a form, and that gave me an assigned name an business number from the tax department. Just like in Australia you need to be a registered business to get a domain name, it's a hurdle that has stopped no one.
Funny side anecdote: every other person is their own registered business due to the tax benefits you can get from it. A classic case was
Re: (Score:3)
It's100% free, and if you're doing something sketchy, you've got 100% control of your own files and your own backups.
People with technical knowledge who are doing sketchy things like to host their stuff on other people's home servers, often on their router (which has firmware that hasn't been updated in years).
Re: (Score:1)
As someone who's done home email servers, webhosting, phones, the lot
The age of running web services from your home connection has passed.
If you try to run emails out of a home connection, either your ISP will block by default port 25 used for sending emails, or your ip address will be blacklisted by any and every spam filter system out there.
Even if you're ISP is good and unblocks you, you'll still likely hit some spam filters.
As for security, do you really want to go to the hassle of applying security upd
Backups? are you kidding me (Score:2)
aha! (Score:2)
now i know what to tell my boss the next time there are no backups.
it's by design!