The Tor Network is a vibrant shadow web used by people who want to hide their tracks online. But even this so-called "dark net" has vulnerabilities. This weekend, the dark net was rocked when its biggest hosting company was shut down, the alleged founder arrested on child porn charges, and the identities of many users who believed they were anonymous apparently harvested by authorities.
The drama started on Saturday, when the Irish Independent reported that Eric Eoin Marques, a 28-year-old dual Irish-American citizen was arrested after a year-long manhunt by the FBI. The FBI is seeking his extradition, calling him "the largest facilitator of child porn on the planet." Marques is widely speculated to be the operator of Freedom Hosting, the largest web hosting company on the dark net. The arrest coincided with the appearance of malware on a number of sites hosted by Freedom Hosting which broadcast the ip addresses of site visitors to an unknown server in Virginia, essentially outing their identities. A number of computer security experts suspect the FBI had engineered the virus as part of its child porn investigation. By Sunday evening, a "large number" of sites hosted by Freedom Hosting had gone dark, according to the Tor Project's official blog.
Though many questions remain, it appears that law enforcement has caried out a brazen, two-pronged sting on child porn trafficking on the dark net: The arrest of Marques followed by the mass-harvesting of dark net kiddie porn viewers' identities. The Tor Network is a haven for privacy-obsessed geeks, activists, journalists, and not a small number of criminals. The infamous Silk Road drug market is one of the dark net's better-known locales, and huge communities of pedophiles have long used Tor to trade images and videos.
Tor offers a high level of anonymity for both website owners and surfers by shuffling web traffic through a network of Tor "nodes," run by volunteers around the world. The network is maintained by the non-profit Tor Project, whose popular Tor Browser makes accessing the Tor Network almost as easy as the regular Web. The bust has sparked an enormous amount of interest and speculation among techies, as it appears to show the feds have the power to spy on the dark net indirectly, hacking specific websites on Tor instead of breaking the network itself.(The Tor Project, which is funded in large part by the U.S. government, emphasized in a blog post that the person or people who run Freedom Hosting "are in no way affiliated or connected to The Tor Project, Inc.")
But the Tor Project doesn't host sites—it just lets people access the network. Privacy-sensitive website operators can set up their own anonymous "hidden services" through Tor but for this they need a host. Freedom Hosting was the dark net's most popular hosts. The Daily Dot has a good run down of the importance of Freedom Hosting to the Dark Net: For a one-time $5 fee, webmasters could get an account with unlimited space and bandwidth, and a randomly generated .onion domain, the top-level-domain of Tor. Likely thousands of sites were hosted on Freedom Hosting. Freedom Hosting promised not to monitor or censor its customers' content, and thus became a favorite choice for child porn traffickers, including the infamous Lolita City forum.
If this was a fed takedown, they're following in the footsteps of vigilante Anonymous hacktivists, who attacked Freedom Hosting and the child porn sites it hosted back in 2011 in a campaign called OpDarkNet. In OpDarkNet Anonymous hackers used a similar piece of malware to collect the IP addresses of 190 people it claimed had visited child porn sites on the Dark Net.
Sunlight is coming to the dark net. The obvious question is the one we've been asking for months: Is The Silk Road next?
[Art by Jim Cooke.]