According to a recently published OnionScan report, the number of Dark web services has gone down significantly following the Freedom Hosting II hack that took place at the start of February.
There are only 30,000 services on Dark Web, according to research published by threat intelligence firm Deep Light. Of the 30,000 queried just over 4,400 were online. This shows a decrease of almost 85% in the overall size of Dark Web in the last year alone.
Downfall of Freedom Hosting II
According to Sarah Jamie Lewis, the main researcher behind the OnionScan report, at the heart of this dramatic drop in numbers is the downfall of Freedom Hosting II, a Dark Web hosting service.
A previous report, also by Lewis, estimated that Freedom Hosting II hosted around a fifth of the entire Dark Web.
At least 3 of the largest databased in the dump were related to sharing and discussing child sexual exploitation. Hacktivists decided to destroy the hosting provider and leak the database.
A zoomed out image of the dark web connection graph produced by OnionScan. Multiple clusters of hidden services can be seen connected by a large number of identifiers and misconfigurations.
The Dark Web is laughably small
According to the recent OnionScan statistics, the Dark Web is laughably small. The Dark Web is left with around 4,000 HTTP websites, 250 TLS (HTTPS) endpoints, 100 SMTP services, and only 10 FTP nodes.
♠ HTTP Detected – ~4000
♠ TLS Detected – ~250 (In line with previous counts – unaffected by FHII)
♠ SSH Detected – ~270 (much lower, mostly due to the FHII hack)
♠ FTP Detected – < 10 (much lower, again expected to be related to FHII)
♠ SMTP Detected – < 100
♠ VNC Detected – < 10
♠ Bitcoin Nodes Detected – ~220 (much higher, likely because of better bitcoin capability in OnionScan)
SSH endpoints are down substantially mostly linked to the downfall of Freedom Hosting II.
Otherwise not much as changed. Even in terms of security the state remains much the same as it was a year ago.
OnionScan scans included Apache mod_status exposures (7-10% of sites), open directories, EXIF metadata left intact in image headers, and host header co-hosting leaks.
Overall, despite its allure, the Dark Web has shrunk tremendously riddled with misconfigured servers. Sigaint, a very popular email provider operating from the Dark Web, went down ten days after the Freedom Hosting II hack, and has yet to return.