Freedom Hosting operator Eric Eoin Marques, a 28-year-old Irishman, was arrested this weekend, dealing a major blow to users of the “darknet” Tor service.
According to reports, Marques is being held without bail in Ireland and he might be sent to the United States to face child pornography charges. He is due in court on Thursday and if extradited to the U.S., he could face 30 years in prison.
The Irish Independent quoted an FBI source as saying that Freedom Hosting is the “largest facilitator of child porn on the planet.”
Tor is a free service that allows users to mostly conceal their location and Internet use from entities that carry out network surveillance or analysis of traffic. It can be used by human rights proponents in some countries--like China or Iran--to communicate in a secure manner, but it has also been derided for providing illegal services--including the Silk Road drug trade website--and child pornography.
The network uses the .onion domain and can only be accessed via the Tor network.
Freedom Hosting is considered a staple inside the Tor network, and it is believed to be one of the largest hosters on the service. In 2011, the Anonymous hacker group threatened the purveyors of Freedom Hosting, saying it would carry out attacks on its websites and servers if it didn’t clean up its act.
His arrest coincides with a piece of malware that appeared on sites in the Tor network. The malware appeared Sunday morning on Freedom Hosting sites, according to Wired magazine. And security experts believe the FBI is the origin of the malware.
“It just sends identifying information to some IP in Reston, Virginia,” reverse-engineer Vlad Tsyrklevich told the publication. “It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based.”
The malware is a JavaScript exploit for older versions of the FireFox browser, according to Tor.
“From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users,” the company wrote in a blog posting.
The post continued: “This exploit is used to load a malware payload to infect user’s computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based. We’re investigating these bugs and will fix them if we can.”
