FBI Says It Controlled Tor Servers Behind Malware Attack
WASHINGTON — The FBI acknowledges it was behind malware that infiltrated the servers of Freedom Hosting, one of the largest providers of online anonymity online, and identified the service's users.
While some users signed up with Freedom Hosting to encrypt their files, the FBI alleges that the Tor anonymity service became “the largest facilitator of child porn on the planet.”
On Friday, Eric Eoin Marques, a U.S.-born 28-year-old living in Dublin was refused bail for a second time by high court justices in Ireland. Marques is accused of being the chief architect behind Freedom Hosting, responsible for hosting child porn on 550 servers throughout Europe between the years 2008-2013.
Freedom Hosting also is accused of providing services for money-laundering operations and child-abuse discussion boards with names like Lolita City and PedoEmpire, according to news reports.
The FBI’s involvement was acknowledged for the first time during a bail hearing in Dublin, where Marques is fighting extradition to the U.S. on four charges in connection with images on website. He was denied bail for the second time since his arrest in July.
It is unclear when the FBI initially gained access to Freedom Hosting, but Wired reports that the key piece of malware used in the government's hack is known as the Magneto code variable, which does not download anything but accesses the “victim’s MAC address – a unique hardware identifier for the computer’s network or Wi-Fi card – and the victim’s Windows hostname."
Wired says that information then bypassed Tor and was sent back to servers housed in Northern Virginia, fueling speculation that the FBI or National Security Agency were the culprits.
The software, Wired says, also is consistent with the FBI’s computer and Internet protocol address verifier (CIPAV), which law enforcement has used to subvert anonymity software belonging to hackers, extortionists, sexual predators, and others since 2002.
Wired says Marques is facing federal charges in Maryland, where his indictment is under seal, and that the gravity of the charges could mean Marques will “spend the rest of his life in prison.”
Anonymous, which handed down a DDoS attack against Freedom Hosting in 2011, said at the time that Freedom Hosting hosted 95 percent of child porn web pages on the Tor network.