Vigilantism is alive and well on the internet.
A few days ago, a hacker went onto the underground “dark web” and took down at least 2,000 sites hosting scam offers, political commentary and forums for child pornography.
“We have zero tolerance policy to child pornography,” said a hacker statement left on websites hosted by Freedom Hosting II, which specializes in servicing the dark web.
The dark web is a part of the World Wide Web that’s accessible only to people using specialized software, often the Tor browser, which allows exploring the web anonymously. The dark web is not accessible by search engines and is favored by a gamut of users ranging from libertarians and political dissidents to gunrunners, drug traffickers, counterfeiters, hit men and pornographers.
In an email to McClatchy, the hacker said he was European and part of the Anonymous collective of “hacktivists,” or hacker activists.
“We all work on setting things right, giving back freedom and power to people and taking it from governments abusing their power etc.,” he said, responding to an email sent to the address on the hacker statement.
An internet security engineer, Sarah Jamie Lewis, who is based in Vancouver, British Columbia, said she had studied the hack, which occurred last Friday, and determined that it had taken down about 20 percent of the dark web’s content.
Those sites are irrevocably compromised now.
Sarah Jamie Lewis, researcher of the dark web
“Those 2,000 sites disappeared, and they are still down,” Lewis said. “Those sites are irrevocably compromised now.”
Among the largest compromised sites were those frequented by consumers of child pornography, hosting child exploitation activity, said Lewis, who said she previously worked in cybersecurity for Amazon and for the British equivalent of the National Security Agency, the General Communications Headquarters.
“They were forums where people gathered to trade that kind of content,” she added.
Other sites contained discussions of cryptocurrency, such as bitcoin, or about libertarian values and anonymity, she said.
“There was also a lot of scam content, sites of people trying to trick others to give them money, say, for passports,” Lewis said, noting that one appeal called for investors to send bitcoins and receive double their investment in a short time.
Lewis said she presumed the child pornography traders would find other places on the dark web to set up shop.
A privacy legal expert voiced qualms about the vigilante action.
“Nobody has any sympathy, obviously, for somebody hosting child pornography,” said Gabe Rottman, an attorney at the Center for Democracy & Technology, a civil liberties and privacy group with offices in Washington.
But Rottman said vigilantism tended to escalate, and could cause collateral damage.
It’s going to be dissidents in China and also criminals.
Gabe Rottman of the Center for Democracy & Technology
The dark web, he said, “is going to be used by good guys and bad guys. It’s going to be dissidents in China and also criminals.”
Just as criminals once grabbed human shields to thwart attack, online criminals may raise the ante on possible vigilante takedowns, slipping their online activities onto the networks of crucial facilities, like electrical grids, Rottman said.
“There’s a potential for an arms race,” he said.
Hacker takedowns on the dark web also can interrupt FBI monitoring of crime.
“With the sites shut down, the FBI won’t be able to infiltrate them and gather intelligence on members by deploying their own crafted spyware,” David Bisson, an editor with Tripwire, a software and cybersecurity company based in Portland, Oregon, wrote in a blog posting.
“This means that users whose credentials aren’t included among the list of 381,000 login details could flock to another dark web site hosting equally harmful content,” Bisson wrote.
The FBI did not respond to a request for comment.
The hacker said he didn’t trust the FBI to target only criminals and pornographers.
“They don’t only target visitors of child pornography sites, but also of any other site hosted. That could especially be risky for journalists, whistleblowers and many other users of (T)or. I do not agree with this method of investigation and firmly believe that it should be illegal, even for law enforcement,” he wrote.