FBI accused of infiltrating Tor network to close child abuse host

FBI accused of infiltrating Tor network to close child abuse host

Summary: As the FBI seeks the extradition of a man believed to be hosting child abuse material, Tor network sites owned by the accused have been subject to an exploit, leading many to believe that the agency has been infiltrating it for some time.

TOPICS: Security

An exploit targeting users of anonymous browsing network Tor is believed to be linked to the FBI's request for extradition of Eric Eoin Marques for child abuse material.

According to Independent.ie, the FBI is seeking the extradition of Marques — dubbed the "largest facilitator of child porn on the planet" — to charge him with four offences that could see him serve 30 years in prison if convicted.

Marques' tie-in back to the Tor network is that he allegedly owns and operates an organisation on Tor called Freedom Hosting, which in turn provides consumers with the ability to run "hidden services" designed to protect their administrators from being tracked or identified. They are often used for legitimate reasons, such as for whistleblowers or securing communications, but they can also be used to serve child abuse material.

Tor notes on its own blog that: "The design of the Tor network ensures that the user cannot know where the server is located, and the server cannot find out the IP address of the user, except by intentional malicious means like hidden tracking code embedded in the web pages delivered by the server."

However, that is exactly what appears to have happened in the latest discovery of an exploit that targets Firefox 17 ESR, the same version that was included in the Tor Browser Bundle.

Freedom Hosting noted on its wiki page that it has been taken down, and while it isn't clear who was responsible, a number of sites hosted by it had been modified to include JavaScript that attempts to steal information from users.

The JavaScript code's payload (the actual code of which has been uploaded to Mozilla's Pastebin), has been subsequently analysed by reverse engineer and exploit developer Vlad Tsyrklevich, who reveals that it briefly connects to a server and sends the hostname and MAC address of the victim.

The server it connects to appears to fall under the responsibility of Verizon Business, and in the US Washington DC-Virginia area.

Speculation at this point is that the FBI is behind the exploit, indicating that the agency has been able to infiltrate the Tor network and shut down Marques' network. Regarded by many as a positive step against child abuse material, it also highlights that other users could potentially be less secure than they believe.

Topic: Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Hard times for patriots

    It’s not easy being a flag-waving American nationalist. In addition to having to deal with the usual disillusion, anger, and scorn from around the world incited by Washington’s endless bombings and endless wars, the nationalist is assaulted by whistle blowers like Bradley Manning and Edward Snowden, who have disclosed a steady stream of human-rights and civil-liberties scandals, atrocities, embarrassing lies, and embarrassing truths. Believers in “American exceptionalism” and “noble intentions” have been hard pressed to keep the rhetorical flag waving by the dawn’s early light and the twilight’s last gleaming.
  • How Empire co-operated with Redmond?

    In September 1999 it was revealed that NSA had arranged with Microsoft to insert special “keys” into Windows software, in all versions from 95-OSR2 onwards. An American computer scientist, Andrew Fernandez of Cryptonym in North Carolina, had disassembled parts of the Windows instruction code and found the smoking gun – Microsoft’s developers had failed to remove the debugging symbols used to test this software before they released it. Inside the code were the labels for two keys. One was called “KEY”. The other was called “NSAKEY”. Fernandez presented his finding at a conference at which some Windows developers were also in attendance. The developers did not deny that the NSA key was built into their software, but they refused to talk about what the key did, or why it had been put there without users’ knowledge. Fernandez says that NSA’s “back door” in the world’s most commonly used operating system makes it “orders of magnitude easier for the US government to access your computer.”
  • How Empire co-operated with Redmond? (part2)

    In February 2000, it was disclosed that the Strategic Affairs Delegation (DAS), the intelligence arm of the French Defense Ministry, had prepared a report in 1999 which also asserted that NSA had helped to install secret programs in Microsoft software. According to the DAS report, “it would seem that the creation of Microsoft was largely supported, not least financially, by the NSA, and that IBM was made to accept the [Microsoft] MS-DOS operating system by the same administration.” The report stated that there had been a “strong suspicion of a lack of security fed by insistent rumors about the existence of spy programs on Microsoft, and by the presence of NSA personnel in Bill Gates’ development teams.” The Pentagon, said the report, was Microsoft’s biggest client in the world.
  • Aww, those poor torrorists...

    So immature they can't go get consenting adults, so they've got to ruin children's lives...