On Saturday morning, a shock wave hit the Dark Web, a collection of sites hide behind walls of encryption and anonymity on the Tor network.
Someone or some group, most likely a U.S. law enforcement agency, had compromised and essentially destroyed Freedom Hosting, the Dark Web’s most popular anonymous hosting company. At the time of the attack, the company hosted dozens of forums that trafficked in illegal content, from money laundering to child porn.
It began with the arrest in Ireland last week of 28-year-old Eric Eoin Marques. The FBI has called Marques the “largest facilitator of child porn on the planet,” and is asking the Irish government to extradite him to the U.S.
A U.S. Department of Justice representative, which handles extradition cases, declined to comment on the case Tuesday. But a mountain of circumstantial evidence all points to Marques as the man behind Freedom Hosting. That would make the FBI’s accusations about his role in facilitating child porn more than just hyperbole. Freedom Hosting’s no-questions-asked policy saw the rise of numerous forums devoted to the distribution of graphic child abuse photographs and advice on how to get away with raping children.
The arrest has terrified this formerly thriving pedophile community.
Shortly after Marques went into custody, someone inserted malicious Javascript exploits into multiple Freedom Hosting websites—both those that specialized in illegal content and those that didn’t. The code attempted to track users, collecting information from their browsing history that might be used to identify them. It’s not clear who created the exploit, but an IP address in the code tracked back to Science Applications Internation Corp., an intelligence contractor with ties to the National Security Agency. Many pedophile forums whose administrators were initially pleading for a calm and level-headed response to the news have since disappeared from the Dark Web.
Early Saturday morning, an administrator on the 4Pedo forum typed a hurried, all-caps farewell to his community after detecting the exploits.
ALL BOARDS HAVE BEEN DELETED TO PROTECT YOU! IF THE BOARDS COME BACK UP, IT IS NOT ME RUNNING THE SITE ANYMORE! ALL ADMIN/MOD ACCOUNTS HAVE BEEN DELETED!”
Several other forums, even numerous pedophile communities not hosted by Freedom Hosting, have taken their websites offline or created new sites with prominent security warnings. (“Turn off all scripts in your browser!”)
Among users of onions, which is what Tor websites are called due to the multiple layers of anonymizing protection they provide, the debate over Freedom Hosting’s role in distributing child pornography is as lively as ever.
Critics are saying that Freedom Hosting was well aware of the child pornography on its servers—after all, it made headlines in 2011—and should be held responsible. Others argue that the anonymizing software that benefits pedophiles also helps dissidents living under oppressive regimes. The good, they say, outweighs the bad.
“He is not a ‘[child porn] host’ like the media tells you but a host without rules on which people from around the world hosted all kinds of websites,” wrote one user in an emblematic discussion at Reddit’s r/onions forum. ”I hate [child porn] but true freedom is also for things you hate the most. FBI exploit is bad because it will catch lots of innocent people.”
“I think this line of reasoning will never gain traction among the masses, and they are the ones who elect officials,” replied another. “Any and every action against the purveyors of CP is seen as excusable, collateral damage be damned.”
The response? “Then you’re next.”
. . .
Indeed, it’s important to remember that Freedom Hosting was home to more than just pedophile forums. Hacking and fraud marketplaces, money launderers, an anonymous banking system, and more resided on its servers.
Until last week, Tor Mail was the de-facto king of anonymous email. It was used by hackers at credit fraud markets like HackBB and drug dealers at websites such as Silk Road because the service was hidden and promised to be warrant-proof, unlike mainstream services such as Gmail which are subject to American law.
Some users are wondering if this attack was aimed at least partially at Tor Mail, whose servers may hold a potential gold mine of information on, for instance, some of Silk Road’s most successful vendors. It’s unclear what, if anything, enforcement has been able to recover and read from Tor Mail.
“Wow. If they can do this to an onion like Tor Mail, what’s stopping them from getting to us?” wondered a user of drug marketplace Silk Road. “Child porn. That would be their first big attack on Tor. Stepping stones.”
That was just one of chorus of voices on Silk Road wondering if the popular narcotics marketplace is next.
In a post worthy of an underworld Braveheart, prominent vendor and money launderer StExo encouraged customers and vendors alike to defend the marketplace.
So long as we keep fighting, the heart and soul of this community will never perish and I hope that in many years, people will look back and remember us. Remember those people who done something different, who stood up for their beliefs and despite having enemies glaring them in the face, they were steadfast. Whatever the future may hold for us all, it has been a pleasure to stand beside you all in this new age and I hope that as we face tomorrow, every challenge given to us is just another hurdle we will overcome because whilst our enemies may continue their agenda of imprisoning innocent people for simply expressing their freedom, they will never be able to silence the idea those people stand for and that we all still stand for – together, as one.”
Dread Pirate Roberts, the founder and figurehead of Silk Road, called StExo’s missive “very inspiring.” Roberts has called Silk Road a “revolution,” and users see the community a place to do business they believe shouldn’t be illegal in the first place.
“Silk Road is about something much bigger than thumbing your nose at the man and getting your drugs anyway. It’s about taking back our liberty and our dignity and demanding justice.”
To calm the mild panic, Roberts posted a message on the forums verified by a PGP, software with a unique password and signature designed to prove a person is who he says he is. The post confirmed Roberts remained in control of Silk Road and that the marketplace was presumably as safe as ever. He also spoke about Tor Mail, the email provider of choice for thousands of Silk Road users.
“I know that MANY people, vendors included, used Tor Mail. You must think back through your Tor Mail usage and assume everything you wrote there and didn’t encrypt can be read by law enforcement at this point and take action accordingly. I personally did not use the service for anything important, and hopefully neither did any of you.”
Meanwhile, the Dark Web’s second largest black market, Black Market Reloaded, has deleted all connections to Tor Mail on its site and warned users against returning to the previously ubiquitous email service.
. . .
It’s difficult to survey the full extent of the damage done to Tor’s hidden services. Long before this attack, onions were slow and unreliable, often going down for extended periods without explanation. Although many forums and communities appear gone, it will take time to parse the information and find out even an estimate of how many services were truly knocked offline by the fall of Freedom Hosting.
If there’s one consensus, however, it’s that law enforcement’s attempt to disrupt and destroy Dark Web communities is only just beginning.