This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

FBI takeover of Tor server leads to arrest

Share this article:

The testimony of an FBI agent against 28-year-old Irishman Eric Marques – arrested and charged with distributing child pornography online via the anonymous Tor network – all but confirmed that the FBI was involved in exploiting a Firefox vulnerability that aided in the investigation.

With charges originating in the United States, Marques – said to be a dual citizen of Ireland and the United States, and the world's largest-ever distributor of child pornography via his Freedom Hosting service – is awaiting an extradition hearing after being denied bail in high court on Thursday, according to reports.

During the proceedings, FBI Supervisory Special Agent Brooke Donahue testified that the FBI seized control of Freedom Hosting sometime in July, according to reports.

Authorities were blocked shortly thereafter when Marques changed the Freedom Hosting access credentials, Donahue was reported as saying, but the FBI agent explained that control was regained in early August, around the time Marques was charged and arrested and Freedom Hosting services went down.

Donahue insisted bail be rejected for Marques because the 28-year-old is a flight risk and due to concerns he would compromise the FBI investigation by attempting to contact co-conspirators, according to reports.

“He was looking to engage in financial transactions with another hosting company in Russia,” Donahue said, according to the Irish Independent. “My suspicion is he was trying to look for a place to reside to make it the most difficult to be extradited to the US.”

An FBI spokesperson could not respond to a query from and an indictment has yet to be unsealed against Marques, so the methods used by the FBI to take over Freedom Hosting servers remains to be seen.

American authorities were already at the heart of the conjecture as soon as Freedom Hosting services were downed and an FBI extradition request went out for Marques in early August.

Those investigating and discussing the incident online via forums and social media noted that malware introduced into the Tor network via a Firefox vulnerability could gather locations of users and forward that information to an IP address belonging to a Verizon business in Virginia.

Shortly after, Baneki Privacy Labs, an activist project, traced the IP space used in the exploit back to the National Security Agency's (NSA) Autonomous Systems. The NSA's mass data collection apparatus Prism has been a controversial topic since Edward Snowden blew the whistle on it in May.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Password recovery made too easy

Password recovery made too easy

A senior malware analyst has slammed the availability of a `password recovery' utility from Freehostia, noting that the software actually uses network admin utilities to take credentials from the users' ...

Belgacom says alleged GCHQ APT attack cost firm £12 million

Belgacom says alleged GCHQ APT attack cost firm ...

One year on from a nation-state APT which infected 26,000 machines across 124 systems at telecom operator Belgacom and the firm has detailed the cost and manpower involved in the ...

CryptoWall compromises 40,000 UK citizens

CryptoWall compromises 40,000 UK citizens

Research just published claims to show that ransomware - in the shape of CryptoWall - is still generating healthy volumes of income for the cyber-criminals behind the code.