FBI allegedly used browser vulnerability to target child abuse ring

American intelligence agency operation reportedly leads to Irish extradition.

The FBI has allegedly used a security vulnerability in Mozilla's Firefox browser to bring down a child pornography ring operating on the dark net.

According to reports, the FBI used a JavaScript injection to compromise the most popular hosting service on the Tor network, Freedom Hosting, which - as well as hosting legitimate services such as TorMail - was allegedly a hub for what has been described as the largest child pornography ring in the world.

The Tor project has not worked with the FBI on this case

So far the only arrest associated with the reported sting has been that of  alleged Freedom Hosting founder, 28-year-old Eric Eoin Marques, who holds dual Irish and US citizenship.

Advertisement - Article continues below
Advertisement - Article continues below

Marques appeared before the Irish High Court on an extradition warrant issued by the FBI in Maryland. According to the Irish Independent, the FBI claims Marques is the "largest facilitator of child porn on the planet" and has accused him of distributing graphic images "depicting the rape and torture of pre-pubescent children".

The extradition hearing is ongoing and Marques is expected to appear in court again on Thursday 8 August.

According to reports from grey hat hacker SHG_Nackt and a pastebin posting, dark net sites hosted on Freedom Hosting were compromised using a JavaScript exploit. This allegedly caused a mass outage of hidden services those that can only be accessed using specific proxy services on the Tor network, primarily affecting those hosted on Freedom Hosting. 

Those who tried to access sites using Freedom Hosting would, according to numerous reports, see the message "Down for Maintenance. Sorry, this server is currently offline for maintenance. Please try again in a few hours."

According to SHG_Nackt, anyone who saw this message had arrived at a Tor site hosted by Freedom Hosting. If that person had JavaScript enabled and were using Firefox 17, a JavaScript exploit was injected into their browser.

According to SHG_Nackt,"the JavaScript zero-day exploit that creates a unique cookie and sends a request to a random server that basically fingerprints your browser in some way, which is probably then correlated somewhere else since the cookie doesn't get deleted. Presumably it reports the victim's IP back to the FBI."

Advertisement - Article continues below

The extradition hearing is ongoing and Marques is expected to appear in court again on Thursday 8 August.

Andrew Lewman, executive director of the Tor project told IT Pro "The Tor project has not worked with the FBI on this case. We know nothing about FBI involvement, nor who runs Freedom Hosting.

"The Tor project does not run the Tor Network. We do not run these hidden services. Our blog post clearly states we have no role in this situation."

An FBI spokesperson said: "An individual has been arrested as part of an ongoing criminal investigation in the United States.

"Because this matter is ongoing, longstanding Department of Justice Policy prohibits us from discussing the matter further."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

Most Popular

mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020