For those of you using Tormail on your cell phone for privacy you may want to read this.
In a win for law enforcement, the FBI arrested a man it called the "largest child porn facilitator on the planet” on Thursday. Eric Eoin Marques, a 28-year-old Irishman, is now awaiting extradition to the US where he could face 30 years in prison on child pornography charges, the Irish Times first reported.
Though the feds have been patrolling the deep web for years to identify sex offenders and criminals, last week’s bust is raising questions about whether law enforcement found a way to crack the anonymous Tor network.
Marques is the owner and operator of Freedom Hosting, one of the largest web hosts for the Tor network. It reportedly hosted many of the darkest hidden services on the darknet, including criminal hacking site HackBB, money laundering services, and a vast portion of the web's child porn.
Shortly after Marques's arrest, around half of Freedom Hosting's hidden services reportedly experienced malware attacks, and some went down.
At this point there's no confirmation that the FBI is behind the attacks, but there's good reason to suspect the two events aren't mere coincidence. For one, there's the timing. The Freedom Hosting services were comprised days after Marques was arrested. Two, engineers who analyzed the malicious code found the spyware's sole purpose is to reveal the identity of would-be anonymous users, by sending host names and IP addresses back to the home server, which they found was located near Washington DC.
The javascript code exploited a security vulnerability in the open-source version of Firefox that the Tor network is based on. Tor is an encrypted network that hides users’ identity through multiple layers of security, and its hidden services also obscure a website's geographic location. The sites end in .onion and can only be reached using Tor software.
The network is famously hard to crack, which is why it's a perfect lair for criminals. But it's also important for a range of secret but noble activities. The Tor technology has helped protect activists, dissidents, journalists, and whistleblowers from online surveillance and censorship. Some of these services, such as the secure email provider Tormail, were also hacked this weekend.
According to the Tor Project, which oversees the network, the recent attack appears to have been done by compromising Freedom Hosting's servers, not the Tor network itself.
"In the past, adversarial organizations have skipped trying to break Tor hidden services and instead attacked the software running at the server behind the dot onion address," the Tor Project wrote on its blog yesterday. "Exploits for PHP, Apache, MySQL, and other software are far more common than exploits for Tor. The current news indicates that someone has exploited the software behind Freedom Hosting."
Both Tor and Mozilla wrote that they're investigating the security vulnerability that led to the attacks. In truth, even if law enforcement was responsible for the malware, it doesn't mean it's cracked the Tor technology. For one, now that the code used in the malware attacks has been revealed, it can be fought by anti-virus software and deleted. The FBI would have to find another way in, and there's little to stop the nefarious sites from springing up again somewhere else.
Regardless, the FBI’s spyware may have revealed one of the most wanted criminals on the darknet, and some suspect the founder of Silk Road, "Dread Pirate Roberts," is next on the list.
According to authorities, Marques is not simply being arrested for owning the servers that hold child porn, but is suspected of being part of a child pornography ring. The ring includes "a large number of websites described as being extremely violent, graphic and depicting the rape and torture of pre-pubescent children," the Independent reported.
It's not the first time Freedom Hosting has been attacked for suspected child porn distribution. The gruesome activities inspired an Anonymous attack on the Freedom Hosting service in 2011, called Operation Darknet. A series of attacks revealed account details for over a thousand users, but the sites were restored quickly, and have only grown larger since then.
Still, Anonymous's attack showed that the secure network could be breached. As Ars Technica wrote at the time:
The anonymity offered by Tor isn’t foolproof. While the IP addresses of sites on the Tor network are concealed, they have a digital fingerprint that can be used to identify services hosted from a single location, and track visits to that site. And while it blocks some services that are typically used for denial of service attacks and other hacks within the Tor networks, such as UDP, .onion sites remain just as vulnerable to hacking as sites on the open Internet.
This weekend's security breach has netizens worried that attempts to reveal the identity of the darknet's criminals could put the anonymity of hundreds of well-meaning Tor users at risk, too.
In a win for law enforcement, the FBI arrested a man it called the "largest child porn facilitator on the planet” on Thursday. Eric Eoin Marques, a 28-year-old Irishman, is now awaiting extradition to the US where he could face 30 years in prison on child pornography charges, the Irish Times first reported.
Though the feds have been patrolling the deep web for years to identify sex offenders and criminals, last week’s bust is raising questions about whether law enforcement found a way to crack the anonymous Tor network.
Marques is the owner and operator of Freedom Hosting, one of the largest web hosts for the Tor network. It reportedly hosted many of the darkest hidden services on the darknet, including criminal hacking site HackBB, money laundering services, and a vast portion of the web's child porn.
Shortly after Marques's arrest, around half of Freedom Hosting's hidden services reportedly experienced malware attacks, and some went down.
At this point there's no confirmation that the FBI is behind the attacks, but there's good reason to suspect the two events aren't mere coincidence. For one, there's the timing. The Freedom Hosting services were comprised days after Marques was arrested. Two, engineers who analyzed the malicious code found the spyware's sole purpose is to reveal the identity of would-be anonymous users, by sending host names and IP addresses back to the home server, which they found was located near Washington DC.
The javascript code exploited a security vulnerability in the open-source version of Firefox that the Tor network is based on. Tor is an encrypted network that hides users’ identity through multiple layers of security, and its hidden services also obscure a website's geographic location. The sites end in .onion and can only be reached using Tor software.
The network is famously hard to crack, which is why it's a perfect lair for criminals. But it's also important for a range of secret but noble activities. The Tor technology has helped protect activists, dissidents, journalists, and whistleblowers from online surveillance and censorship. Some of these services, such as the secure email provider Tormail, were also hacked this weekend.
According to the Tor Project, which oversees the network, the recent attack appears to have been done by compromising Freedom Hosting's servers, not the Tor network itself.
"In the past, adversarial organizations have skipped trying to break Tor hidden services and instead attacked the software running at the server behind the dot onion address," the Tor Project wrote on its blog yesterday. "Exploits for PHP, Apache, MySQL, and other software are far more common than exploits for Tor. The current news indicates that someone has exploited the software behind Freedom Hosting."
Both Tor and Mozilla wrote that they're investigating the security vulnerability that led to the attacks. In truth, even if law enforcement was responsible for the malware, it doesn't mean it's cracked the Tor technology. For one, now that the code used in the malware attacks has been revealed, it can be fought by anti-virus software and deleted. The FBI would have to find another way in, and there's little to stop the nefarious sites from springing up again somewhere else.
Regardless, the FBI’s spyware may have revealed one of the most wanted criminals on the darknet, and some suspect the founder of Silk Road, "Dread Pirate Roberts," is next on the list.
According to authorities, Marques is not simply being arrested for owning the servers that hold child porn, but is suspected of being part of a child pornography ring. The ring includes "a large number of websites described as being extremely violent, graphic and depicting the rape and torture of pre-pubescent children," the Independent reported.
It's not the first time Freedom Hosting has been attacked for suspected child porn distribution. The gruesome activities inspired an Anonymous attack on the Freedom Hosting service in 2011, called Operation Darknet. A series of attacks revealed account details for over a thousand users, but the sites were restored quickly, and have only grown larger since then.
Still, Anonymous's attack showed that the secure network could be breached. As Ars Technica wrote at the time:
The anonymity offered by Tor isn’t foolproof. While the IP addresses of sites on the Tor network are concealed, they have a digital fingerprint that can be used to identify services hosted from a single location, and track visits to that site. And while it blocks some services that are typically used for denial of service attacks and other hacks within the Tor networks, such as UDP, .onion sites remain just as vulnerable to hacking as sites on the open Internet.
This weekend's security breach has netizens worried that attempts to reveal the identity of the darknet's criminals could put the anonymity of hundreds of well-meaning Tor users at risk, too.
Last edited:
