Backups are important, hackers will hack.

You have been hacked in the past, you are quite likely being hacked right now. Though the purpose is rarely destruction, are you ready for that scenario if it arises? Daniel’s Hosting was not ready. A cautionary tale follows, but first some background info.

There are 4 levels of internet:

  1. The normal web everyone uses and loves.

  2. The “Deep Web” which are all the locked down sites like your company's intranet. The deep web is only accessible to users with login info and is unknown to Google and Yahoo.

  3. The “Encrypted Web” doesn't require permission to access but it’s not readily accessible. For example, TOR (The Onion Router) or I2P (The Invisible Internet Project) are tools that help users access the encrypted web. Common uses of this level of internet are preventing or bypassing government censorship, law enforcement trying to catch savvy criminals, business executives trying to keep informational confidential, or IT professionals verifying external security.

  4. The “Dark Web” is a deep web of the encrypted web. It is the black market where criminal activity occurs. Law enforcement is usually pretty good at taking down these pages. Alphabay or Silk Road are former criminal websites that have been shut down.

Recently one of the largest hosting providers on the Dark Web was hacked and all their information was erased. This provider was called Daniel's Hosting (DH).

"As per my analysis it seems someone got access to the database and deleted all accounts," he said in a message posted on the DH portal, November 17th 2018.

"Unfortunately, all data is lost and per design, there are no backups, I will bring my hosting back up once the vulnerability has been identified and fixed."

Though it makes sense that a completely anonymous system would not keep backups, they will have a very painful time getting back online if they can even manage it.

Due to the nature of their business, they ran security hardened software and have very stringent security stance. From a security point of view, they were doing an amazing job, but you cannot protect against everything.

Overall this hack likely does a great service to the internet community and humanity as a whole. However, there are two important lessons that should be learned from this incident, regardless of the target or indirect benefits.

  1. You require excellent network security to prevent hackers from destroying everything you have.

  2. You must backup your data and, almost more importantly, you must test your backups by regularly restoring them. A backup is only as useful as your ability to use it to recover from catastrophe.

Please back up your data.

Please test your backups.

Don't be like Daniel's Hosting.