FBI allegedly used browser vulnerability to target child abuse ring

American intelligence agency operation reportedly leads to Irish extradition.

The FBI has allegedly used a security vulnerability in Mozilla's Firefox browser to bring down a child pornography ring operating on the dark net.

According to reports, the FBI used a JavaScript injection to compromise the most popular hosting service on the Tor network, Freedom Hosting, which - as well as hosting legitimate services such as TorMail - was allegedly a hub for what has been described as the largest child pornography ring in the world.

The Tor project has not worked with the FBI on this case

So far the only arrest associated with the reported sting has been that of  alleged Freedom Hosting founder, 28-year-old Eric Eoin Marques, who holds dual Irish and US citizenship.

Marques appeared before the Irish High Court on an extradition warrant issued by the FBI in Maryland. According to the Irish Independent, the FBI claims Marques is the "largest facilitator of child porn on the planet" and has accused him of distributing graphic images "depicting the rape and torture of pre-pubescent children".

The extradition hearing is ongoing and Marques is expected to appear in court again on Thursday 8 August.

According to reports from grey hat hacker SHG_Nackt and a pastebin posting, dark net sites hosted on Freedom Hosting were compromised using a JavaScript exploit. This allegedly caused a mass outage of hidden services those that can only be accessed using specific proxy services on the Tor network, primarily affecting those hosted on Freedom Hosting. 

Those who tried to access sites using Freedom Hosting would, according to numerous reports, see the message "Down for Maintenance. Sorry, this server is currently offline for maintenance. Please try again in a few hours."

According to SHG_Nackt, anyone who saw this message had arrived at a Tor site hosted by Freedom Hosting. If that person had JavaScript enabled and were using Firefox 17, a JavaScript exploit was injected into their browser.

According to SHG_Nackt,"the JavaScript zero-day exploit that creates a unique cookie and sends a request to a random server that basically fingerprints your browser in some way, which is probably then correlated somewhere else since the cookie doesn't get deleted. Presumably it reports the victim's IP back to the FBI."

The extradition hearing is ongoing and Marques is expected to appear in court again on Thursday 8 August.

Andrew Lewman, executive director of the Tor project told IT Pro "The Tor project has not worked with the FBI on this case. We know nothing about FBI involvement, nor who runs Freedom Hosting.

"The Tor project does not run the Tor Network. We do not run these hidden services. Our blog post clearly states we have no role in this situation."

An FBI spokesperson said: "An individual has been arrested as part of an ongoing criminal investigation in the United States.

"Because this matter is ongoing, longstanding Department of Justice Policy prohibits us from discussing the matter further."

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

What is fileless malware?
malware

What is fileless malware?

10 Sep 2020
China to launch global data security initiative
Policy & legislation

China to launch global data security initiative

8 Sep 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google removes 17 apps infected with evasive ‘Joker’ malware
malware

Google removes 17 apps infected with evasive ‘Joker’ malware

28 Sep 2020