FBI admitted publicly that the Bureau had compromised the Freedom Hosting, probably the most popular Tor hidden service operator company.
The news confirms the suspects raised after that a group of Security researchers found a malicious script that takes advantage of a Firefox Zero-day to identify some users of the Tor anonymity network.
Mozilla confirmed the presence of the security vulnerability in Firefox 17 (MFSA 2013-53) , which is currently the extended support release (ESR) version of Firefox.
“Security researcher Nils reported that specially crafted web content using the
onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable.”
Eric Eoin Marques, the 28-year-old Irishman owner and operator of Freedom Hosting, is now awaiting extradition to the US where he could face 100 years in prison on child pornography charges. The new details emerged in press reports from a Thursday bail hearing in Dublin, where Marques, 28, is fighting extradition to America on the above charges. He was denied bail for the second time since his arrest in July. According law enforcement Marques might reestablish contact with co-conspirators, and further complicate the FBI probe.
reedom Hosting with a series of DDoS attacks after allegedly finding the firm hosted more that 90% of the child porn hidden services on the Tor network.
Court documents and FBI files released under the FOIA have described the CIPAV (Computer and Internet Protocol Address Verifier) as software the FBI can deliver through a browser exploit to gather information from the suspect’s machine and send it to on the server of the Bureau in Virginia.
The event is the confirmation that Tor network provides an extra layer of obfuscation but it must be clear it does not provide bulletproof online anonymity, various researches already that evidenced it.