Feeds

Anonymous shuts down hidden child abuse hub

Tor paedos torpedoed, names outed

Next gen security for virtualised datacentres

Members of hacktivist collective Anonymous are claiming credit for shutting down a deep underground child abuse site and outing its membership list.

Account details of 1,589 members of Lolita City were posted as part of Anonymous’ Operation Darknet, a wider effort aimed against abuse of the Tor network by paedophiles. Lolita City, said to be hosted by Freedom Hosting, alone housed more than 100GB of child pornography, according to a statement by Anonymous.

As well as providing anonymisation, the Tor network supports a private “dark” top-level domain, .onion. Sites on the "hidden" domain were only visible to Tor users or through Tor gateways, such as tor2web.org. Although some services, such as anything that uses UDP, are blocked, .onion sites are by no means immune to hacking - as the attack by Anonymous illustrates.

Anonymous members discovered links to child abuse images in a section called Hard Candy on a .onion site called The Hidden Wiki. Anonymous removed the links, which were reposted by a site administrator. After noticing that "95 per cent of the child pornography listed on the Hidden Wiki shared a digital fingerprint with the shared hosting server at Freedom Hosting", the hacktivists issued a series of ultimatums, which were ignored.

Anonymous then began a series of denial-of-service attacks aimed at Freedom Hosting, and most particularly Lolita City. The user database of the site was extracted using a SQL injection attack, ars technica reports.

The Tor network is widely used by human rights activists and often used as a means to get around government-applied censorship controls, such as the Great Firewall of China. The service is also used to exchange pirated content or by paedophiles.

Tor activist Jacob Applebaum welcomed Anonymous' action: "Anonymous pwned a bunch of pedos; huzzah," he said via his ioerror Twitter account.

Security experts were more cautious: Sophos, for example, argues against such vigilante actions. "Their intentions may have been good, but take-downs of illegal websites and sharing networks should be done by the authorities, not internet vigilantes," writes Graham Cluley of Sophos.

"When 'amateurs' attack there is always the risk that they are compromising an existing investigation, preventing the police from gathering the necessary evidence they require for a successful prosecution, or making it difficult to argue that evidence has not been corrupted by hackers." ®

Next gen security for virtualised datacentres

More from The Register

next story
Déjà vu: Virgin Media jacks up broadband prices
Screw copper phone lines, we're UNIQUE, bleats telco
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
EE: STILL Blighty's best mobe network, says 'Frappucino' Moore
Fresh round of network stats fisticuffs possibly on the cards here
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
US TV stations bowl sueball directly at FCC's spectrum mega-sale
Broadcasters upset about coverage and cost as they shift up and down the dials
Canadian ISP Shaw falls over with 'routing' sickness
How sure are you of cloud computing now?
UK mobile coverage is BETTER than EVER, networks tell Ofcom
Regulator swallows this line and parrots it back out at us. What are they playing at?
What's the nature of your emergency, Vodafone?
Oh, you've dialled the wrong number for ad fibs, rules ASA
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.