FBI takeover of Tor server leads to arrest

Share this article:

The testimony of an FBI agent against 28-year-old Irishman Eric Marques – arrested and charged with distributing child pornography online via the anonymous Tor network – all but confirmed that the FBI was involved in exploiting a Firefox vulnerability that aided in the investigation.

With charges originating in the United States, Marques – said to be a dual citizen of Ireland and the United States, and the world's largest-ever distributor of child pornography via his Freedom Hosting service – is awaiting an extradition hearing after being denied bail in high court on Thursday, according to reports.

During the proceedings, FBI Supervisory Special Agent Brooke Donahue testified that the FBI seized control of Freedom Hosting sometime in July, according to reports.

Authorities were blocked shortly thereafter when Marques changed the Freedom Hosting access credentials, Donahue was reported as saying, but the FBI agent explained that control was regained in early August, around the time Marques was charged and arrested and Freedom Hosting services went down.

Donahue insisted bail be rejected for Marques because the 28-year-old is a flight risk and due to concerns he would compromise the FBI investigation by attempting to contact co-conspirators, according to reports.

“He was looking to engage in financial transactions with another hosting company in Russia,” Donahue said, according to the Irish Independent. “My suspicion is he was trying to look for a place to reside to make it the most difficult to be extradited to the US.”

An FBI spokesperson could not respond to a query from SCMagazine.com and an indictment has yet to be unsealed against Marques, so the methods used by the FBI to take over Freedom Hosting servers remains to be seen.

American authorities were already at the heart of the conjecture as soon as Freedom Hosting services were downed and an FBI extradition request went out for Marques in early August.

Those investigating and discussing the incident online via forums and social media noted that malware introduced into the Tor network via a Firefox vulnerability could gather locations of users and forward that information to an IP address belonging to a Verizon business in Virginia.

Shortly after, Baneki Privacy Labs, an activist project, traced the IP space used in the exploit back to the National Security Agency's (NSA) Autonomous Systems. The NSA's mass data collection apparatus Prism has been a controversial topic since Edward Snowden blew the whistle on it in May.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more