A large number of websites shielded by an anonymizing service vanished from the Internet on Saturday, an action that may be linked with an arrest of a man in Ireland.
The websites, which appeared to have been supplied connectivity by Freedom Hosting, were only reachable with a web browser configured to use the TOR (The Onion Router) network. The TOR network randomly routes Internet traffic through a worldwide network of servers that help mask identifying information such as IP addresses.
Freedom Hosting specialized in supplying connectivity for TOR-configured websites and was widely believed to be connected to a man named Eric Eoin Marques. According to the Independent, an Irish publication, Marques appeared in court on Friday in connection with a U.S. extradition request based on four charges filed in Maryland that he allegedly distributed and promoted child pornography.
The newspaper reported that an FBI agent who testified on Friday described the 28-year-old as “the largest facilitator of child porn on the planet.” Marques was denied bail and is due to appear in court again on Thursday, the Independent reported. The newspaper did not, however, make a reference to Freedom Hosting.
FBI officials could not be immediately reached on Sunday. Marques’ name did not turn up in a search of online U.S. federal criminal court records, although it can take several days for some documents to be filed.
Not associated with TOR
The TOR Project, which oversees TOR’s software development, wrote on Sunday that Freedom Hosting is no way connected to The TOR Project itself. Anyone can use TOR to create hidden websites, it said.
“Other organizations run hidden services to protect dissidents, activists, and protect the anonymity of users trying to find help for suicide prevention, domestic violence and abuse-recovery,” The TOR Project wrote.
The TOR Project also wrote that it was aware that Freedom Hosting’s software may have been exploited, possibly through the Firefox browser.
The project has its own web browser that can be used to visit hidden sites which is based on Firefox 17 ESR (Extended Support Release). The browser supports hidden TOR web addresses, which take a form that look like “http://idnxcnkne4qt76tg.onion/.”
“From what is known so far, the breach was used to configure the server in a way that it injects some sort of JavaScript exploit in the webpages delivered to users,” The TOR Project wrote. “This exploit is used to load a malware payload to infect users’ computers.”
Mozilla, the organization behind Firefox, is “actively investigating this information and we will provide additional information when it becomes available,” wrote Michael Coates, director of security assurance, in a blog post.
It isn’t clear yet how the vulnerability in the browser may be linked to the reported issues at Freedom Hosting and the involvement of law enforcement.
“There are lots of rumors and speculation as to what’s happened,” The TOR Project wrote. “We’re reading the same news and threads you are and don’t have any insider information.”