FBI behind Tor malware attack to bust child porn activity

After serious speculation, the FBI finally admitted that it covertly took control of Freedom Hosting in July in order to identify the ultra-anonymous hosting provider’s users. Days after the FBI’s then-secret commandeering of the host, it was found that servers had custom malware to identify visitors.

The FBI made the effort in order to arrest a suspect behind the largest organizer of child pornography worldwide.

When the FBI took over the servers of the leading provider of ultra-anonymous hosting, Eric Eoin Marques, Freedom Hosting owner and operator, was able to temporarily break back in and change passwords, hindering the bureau’s investigation until it regained control.

Marques, a 28-year-old Irishman, is now fighting extradition to America, according to Irish press. He faces charges that his anonymous hosting provider significantly facilitated child pornography—enough to deem Marques responsible.

Based on the charges, Marques, could serve up to 100 years in prison. Friday, Sept. 13, he was denied bail for the second time since his arrest in July.

Freedom Hosting and other web hosts for Tor network have hidden some of the Internet’s darkest secrets, including criminal hacking, money laundering and child pornography.

But the Tor network is also used for plenty of other activity. Tor hidden service sites hide users’ physical location behind layers, hence the .onion addresses, of routing. Groups that rely heavily on privacy and secrecy, such as journalists and human rights activists, look to Tor hidden services to protect their privacy and avoid surveillance.

An internet privacy advocate who wished to remain anonymous wrote to Tiro Security in an email, “While pedophiles use the Tor network, they are still the minority of Tor traffic. Way more people [like journalists and human rights activists] use it to bypass government filters.”

He continued, “Like all things on the Internet, Tor is used for good and bad. The good that it provides still outweighs the bad, though—or at least in my opinion.”

It was Aug. 4 that the FBI became the main suspect in the Freedom Hosting overhaul when all sites hosted by the provider served an error with code embedded in the message. Security researchers found the code exploited a vulnerability in Firefox to identify visitors then report back to an unidentified server in Northern Virginia.

Although the FBI has not given public comment on the matter, Special Agent Brooke Donahue appeared in Irish court last week in support of the locking up of Marques. Amidst allegations that Marques was trying to get a visa to enter Russia, Donahue claimed, “My suspicion is he was trying to look for a place to reside to make it the most difficult to be extradited to the U.S.,” as reported by the Irish Independent. He also said Freedom Hosting hosted a minimum of 100 child pornography sites, some of with Marques even visited.