Feeds

Anonymous shuts down hidden child abuse hub

Tor paedos torpedoed, names outed

Internet Security Threat Report 2014

Members of hacktivist collective Anonymous are claiming credit for shutting down a deep underground child abuse site and outing its membership list.

Account details of 1,589 members of Lolita City were posted as part of Anonymous’ Operation Darknet, a wider effort aimed against abuse of the Tor network by paedophiles. Lolita City, said to be hosted by Freedom Hosting, alone housed more than 100GB of child pornography, according to a statement by Anonymous.

As well as providing anonymisation, the Tor network supports a private “dark” top-level domain, .onion. Sites on the "hidden" domain were only visible to Tor users or through Tor gateways, such as tor2web.org. Although some services, such as anything that uses UDP, are blocked, .onion sites are by no means immune to hacking - as the attack by Anonymous illustrates.

Anonymous members discovered links to child abuse images in a section called Hard Candy on a .onion site called The Hidden Wiki. Anonymous removed the links, which were reposted by a site administrator. After noticing that "95 per cent of the child pornography listed on the Hidden Wiki shared a digital fingerprint with the shared hosting server at Freedom Hosting", the hacktivists issued a series of ultimatums, which were ignored.

Anonymous then began a series of denial-of-service attacks aimed at Freedom Hosting, and most particularly Lolita City. The user database of the site was extracted using a SQL injection attack, ars technica reports.

The Tor network is widely used by human rights activists and often used as a means to get around government-applied censorship controls, such as the Great Firewall of China. The service is also used to exchange pirated content or by paedophiles.

Tor activist Jacob Applebaum welcomed Anonymous' action: "Anonymous pwned a bunch of pedos; huzzah," he said via his ioerror Twitter account.

Security experts were more cautious: Sophos, for example, argues against such vigilante actions. "Their intentions may have been good, but take-downs of illegal websites and sharing networks should be done by the authorities, not internet vigilantes," writes Graham Cluley of Sophos.

"When 'amateurs' attack there is always the risk that they are compromising an existing investigation, preventing the police from gathering the necessary evidence they require for a successful prosecution, or making it difficult to argue that evidence has not been corrupted by hackers." ®

Intelligent flash storage arrays

More from The Register

next story
Mighty Blighty broadbanders beg: Let us lay cable in BT's, er, ducts
Complain to Ofcom that telco has 'effective monopoly'
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?