Freedom Hosting arrest and takedown linked to Tor privacy compromise

Filed Under: Featured, Firefox, Law & order, Privacy

Tor logoThe anonymising service Tor and the secretive web underworld operating under its shadowy cloak were rocked over the weekend by the arrest of a major hosting provider, and suggestions that malicious JavaScript may have been planted on a number of sites, aimed at revealing the identities of those using Tor.

Eric Eoin Marques, a 28-year-old Irish citizen, is being held without bail in Ireland after a preliminary extradition hearing on Saturday aimed at sending him to the US, where he would face charges of distributing child pornography online.

Marques owned and operated the "Freedom Hosting" service inside the Tor network, thought to be one of the largest operators within Tor having provided a number of popular privacy tools including TorMail.

The service has a history of issues with child pornography, with Anonymous collective apparently warning the service to clean up its act in 2011.

Coinciding with his arrest, reports began to emerge of suspect JavaScript being spotted on sites served by Freedom Hosting. The code is believed to be designed to reveal the identity of those visiting the sites, reporting back to a site hosted on the open web in the Washington DC area.

The script exploits a known vulnerability in Firefox, in a way which should only compromise older, unpatched versions of the browser.

Given the timing, of course most people have speculated that the script was inserted by investigators with the FBI, aiming to round up users of illegal child abuse sites believed to be hosted by Freedom Hosting.

This seems to be something of a trend for FBI investigations lately, leaving known paedophile sites up and running for a while after discovering them so the feds can track down their users.

The revelations will prove worrying for many legitimate Tor users, who rely on the service to protect them from snooping by government agencies. While it may sometimes be used for criminal purposes, Tor also often allows access to freedom of speech which might otherwise be denied to people in certain parts of the world.

The operators of the Tor Project have publicly distanced themselves from Freedom Hosting, in a blog post which also describes how the private networks they facilitate work.

The 'deep web' operating inside the Tor cloud has been hit by internal issues of late too, with a major criminal message board being hijacked and defrauded by one of its own trusted admins.

We've also seen that merely using Tor can flag you as a person of interest to government snoops, as one might well expect.

It seems that there's no such thing as 100% reliable privacy and anonymity on the web.

, ,

You might like

8 Responses to Freedom Hosting arrest and takedown linked to Tor privacy compromise

  1. why do i have a strong feeling this wasnt done by the average hacker

  2. Richard · 759 days ago

    This is terrible news. While they may have successfully identified people involved in child pornography, they've also impacted the people who are in oppressed countries and trying to use Tor for legitimate purposes. In a way, they're no better than the communist dictators trying to silence their citizens.

  3. Thomas · 749 days ago

    Porn is an estimated 25% of the Internet as I have read, the ones that pray on children and inflict this kind of harm should be strung up by their private parts and lobotomized.

    However, if there were not so many prying and spying eyes on the Internet gathering all manner of information such as the NSA or CIA and I am sure their people use secure Communications and emails as well as Internet just like the FBI agents do there would not be such a need for Proxies and Tor, average people would not feel as insecure.
    This activity seems to have been a multi pronged attack with child porn being used as a reason.
    Odd that the Government and the agencies like to invade our privacy but do not like people trying to keep them out of the picture.
    Freedom and democracy are just misty imagined concepts that have been used to make the average western citizen believe that they were in a better free and democratic environment that the oppressed Communist countries. Strange that those oppressed countries have in some ways more freedom than we do?
    The portrayal of the bad was slightly exaggerated for a reason.

    We have been lied to for years. Nothing is as it seems.

  4. The USDOJ/FBI lied to the Irish Courts. They've been after TorMail since Wikileaks started, and they accelerated their efforts after Edward Snowden popped up. TorMail is also hosted by Freedom Hosting. They've been networking with the usual anonymous vigilante cowards for years/months to upload the illegal material to the servers so it looks good on paper and they could file false charges for extradition. Mr. Marques had little if any control over the material uploaded to the servers - that's how most Hosting systems work.

  5. Annonymous Tip · 743 days ago

    Apparently if you, the end user, have used Tor to view any sites hosted by Freedom Hosting, child pornography or not, you are on the FBI's list to possibly be searched. This means they come in, take all of your online capable electronics; laptops, computers, smart phones, etc.. and search them for anything incriminating. A fellow colleague was using Tor to view the site known as hidden wiki out of mere curiosity; and has had all of their devices seized by the FBI until further notice. This happened just earlier this morning in Florida.

  6. anon · 12 days ago

    Freenet sites have blocked JS from early on... More paranoid users probably block images as well.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.