TOR is the dark side of the Internet, the so-called dark web, which provides a safe haven to privacy advocates but is also where drugs, child pornography, assassins for hire and other weird and illegal activities can allegedly be traded.
Eric Eoin Marques, 28 year-old man in Ireland believed to be behind Freedom Hosting, the biggest service provider for sites on the encrypted Tor network, is awaiting extradition on child pornography charges. It is understood the FBI had spent a year trying to locate Mr Marques.
Marques was arrested on a Maryland warrant that includes charges of distributing and promoting child porn online. He faced four charges relating to alleged child pornography offenses with a total of 30 years jail, reportedly dubbed by the FBI as “the largest facilitator of child porn on the planet.” That need has been particularly heightened with the many revelations of the US Prism program and other cyber spying initiatives.
Mr Marques told the court he was born in the US but has lived in Ireland since he was five. He said he was last in Romania a few weeks ago when he withdrew €6,000 from his credit card to help a friend start a business.
The Tor Network is a robust tool for journalists, whistleblowers, dissidents and others looking to publish information in a way that is not easily traced back to them. His arrest coincides with mass outages across the Darknet affecting popular services like Tor Mail, HackBB and the Hidden Wiki which were run on Freedom Hosting. Worse, there are reports of many well known TOR hidden services may be compromised using a browser exploit.
Mozilla says it has been notified of a potential security vulnerability in Firefox 17 (MFSA 2013-53) , which is currently the extended support release (ESR) version of Firefox. The Exploit code posted by Mozilla and Deobfuscated JS used by the Tor Browser exploit posted on Google Code.
Microsoft used to provide the US government with a an early start on its security vulnerabilities, which was reportedly used to aid its cyber espionage programs. But here no idea at this point, that Mozilla worked with the government in this case.
Of course, this shows how complacency can be a very bad thing, especially when it comes to security. In its attempts to bring down child abuse images, but it could also mean a serious security breach for international activists and internet users living in repressive states who use the services to practice online free speech.
Update: According to Baneki Privacy Labs research, the IP address _18.104.22.168 _hardcoded into the exploit belongs to Virginia is actually owned by Science Applications International Corporation (SAIC), a major intelligence, military, aerospace, engineering and systems contractor involved with the Federal Bureau of Investigation (FBI), Defense Advanced Research Projects Agency (DARPA) , Central Intelligence Agency (CIA) and National Security Agency (NSA).
They believe that the hardcoded IP address is directly allocated to the NSA's Autonomous Systems (AS), so its probably not the FBI, its NSA who used Firefox Zero-Day exploit to compromise Freedom Hosting and TOR network.