Article Lead Image

FBI claims responsibility for malware attack that crippled the Dark Web

The FBI admitted in court it was behind the malware attack that led to the compromise of Freedom Hosting, the anonymous Tor hosting service.


Patrick Howell O'Neill

Internet Culture

Posted on Sep 13, 2013   Updated on Jun 1, 2021, 6:32 am CDT

The FBI admitted in court that it was behind the malware attack that led to the compromise and fall of Freedom Hosting, the anonymous Tor hosting service allegedly behind over 100 child pornography websites.

The attack brought down Lolita City, thought to be the largest child pornography site on the so-called Dark Web, with tens of thousands of member accounts, well over 1 million images, and hundreds of videos on the site. Combined, the FBI alleges that every Freedom Hosting-related child pornography website had “‘millions of images’ child abuse material,” according to RTE News.

Eric Eoin Marques, the man accused of being Freedom Hosting’s owner, faces up to 100 years in prison if extradited to the U.S. He was denied bail for a second time earlier today. The date of extradition hearings has not yet been announced.

Special Agent Brooke Donahue of the FBI appeared in Irish court once again, shedding more detail on the case at Marques’s second bail hearing. Agent Donahue alleged that Marques rented servers from a French company through a bank in Las Vegas, RTE News reported. The FBI was able to take control of the service in July. Marques changed his passwords and temporarily regained control, but it was only a brief repose from FBI control.

Every Freedom Hosting website went down simultaneously at around 6:40am ET on Aug. 4, about the same time news of Marques’s arrest hit the Internet. When the sites returned, they were infected with Javascript exploits that helped identify the user. The exploit was detected by visitors later on Aug. 4.

The previously unknown exploit affected only Firefox version 17, exactly the version Tor’s Browser Bundle uses.  A patch was available as early as June 26, Wired reported, but it required a manual update, meaning that many users remained vulnerable long after the fix was made.

The FBI and Irish police claim that $1.5 million passed through Marques’s bank accounts last year, making him able to conduct business from any country in the world and therefore a serious flight risk. According to Irish Independent, Donahue said Marques had been found to be in possession of “high quality” scans of a fake U.S. passport under the name Edward Thomas Brown and that he was seeking to gain entry and citizenship in Russia in a bid to avoid U.S. prosecution.

Marques, who’s been described as a “quiet” Dubliner with no criminal record, denies the charges.

H/T Wired | Photo via Andy Dean/Flickr

Share this article
*First Published: Sep 13, 2013, 7:35 pm CDT