FBI allegedly used browser vulnerability to target child abuse ring

The FBI has allegedly used a security vulnerability in Mozilla's Firefox browser to bring down a child pornography ring operating on the dark net.

According to reports, the FBI used a JavaScript injection to compromise the most popular hosting service on the Tor network, Freedom Hosting, which - as well as hosting legitimate services such as TorMail - was allegedly a hub for what has been described as the largest child pornography ring in the world.

The Tor project has not worked with the FBI on this case

So far the only arrest associated with the reported sting has been that of alleged Freedom Hosting founder, 28-year-old Eric Eoin Marques, who holds dual Irish and US citizenship.

Marques appeared before the Irish High Court on an extradition warrant issued by the FBI in Maryland. According to the Irish Independent, the FBI claims Marques is the "largest facilitator of child porn on the planet" and has accused him of distributing graphic images "depicting the rape and torture of pre-pubescent children".

The extradition hearing is ongoing and Marques is expected to appear in court again on Thursday 8 August.

According to reports from grey hat hacker SHG_Nackt and a pastebin posting, dark net sites hosted on Freedom Hosting were compromised using a JavaScript exploit. This allegedly caused a mass outage of hidden services those that can only be accessed using specific proxy services on the Tor network, primarily affecting those hosted on Freedom Hosting.

Those who tried to access sites using Freedom Hosting would, according to numerous reports, see the message "Down for Maintenance. Sorry, this server is currently offline for maintenance. Please try again in a few hours."

According to SHG_Nackt, anyone who saw this message had arrived at a Tor site hosted by Freedom Hosting. If that person had JavaScript enabled and were using Firefox 17, a JavaScript exploit was injected into their browser.

According to SHG_Nackt,"the JavaScript zero-day exploit that creates a unique cookie and sends a request to a random server that basically fingerprints your browser in some way, which is probably then correlated somewhere else since the cookie doesn't get deleted. Presumably it reports the victim's IP back to the FBI."

The extradition hearing is ongoing and Marques is expected to appear in court again on Thursday 8 August.

Andrew Lewman, executive director of the Tor project told IT Pro "The Tor project has not worked with the FBI on this case. We know nothing about FBI involvement, nor who runs Freedom Hosting.

"The Tor project does not run the Tor Network. We do not run these hidden services. Our blog post clearly states we have no role in this situation."

An FBI spokesperson said: "An individual has been arrested as part of an ongoing criminal investigation in the United States.

"Because this matter is ongoing, longstanding Department of Justice Policy prohibits us from discussing the matter further."

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.