Tor Network

All posts tagged Tor Network

Tor’s most visited hidden sites host child abuse images

Published December 30, 2014 by misty534

Screen Shot 2014-12-30 at 19.52.05

Most traffic to sites hidden on the Tor network go to those dealing in images of child sexual abuse a study suggests.

The six-month study sought to catalogue hidden services on the so-called “dark net” and work out which were the most popular.

It found lots of sites peddling illegal drugs but the most popular were those involved with abuse.

However, the researcher behind the study said it was hard to conclude that people were behind all the visits.

Drug traffic

Tor, or The Onion Router, is an anonymising system that lets people use the web without revealing who they are or which country they are in. The anonymity offered by the network has encouraged many people to set up hidden .onion sites that offer content, services and goods that it is illegal to sell openly.

Carried out by Dr Gareth Owen from the University of Portsmouth, the study set up servers to join the Tor network and catalogued hidden services found on it. The system was also able to visit the sites to download HTML content so they could be categorised and to track how many visits each one received.

Traffic to hidden services on Tor represents about 1.5% of all the data passing across the network on any given day.

Over the six months of the study, Dr Owen and his colleagues saw about 80,000 hidden sites on Tor.

“Most of the hidden services we only saw once. They do not tend to exist for a very long time,” he said during a speech at the 31st Chaos Communications Congress in Hanover, where he presented his findings.

The top 40 hidden services were involved with controlling botnets – networks of home computers compromised by malicious programs. Many of these botnets have been shut down which has left their client computers fruitlessly polling Tor seeking the now dormant command systems.

The study found that the biggest number of hidden services were dedicated to selling illegal drugs. Also in the top five were underground markets, fraud sites, mail services and those dealing in the virtual currency Bitcoin.

Hidden sites peddling illegal drugs are also popular on Tor

Although the number of sites dealing in images of abuse on Tor is small, traffic to them dwarfs that going to other sites, said Dr Owen.

About 75% of the traffic observed in the study ended up at abuse sites, said Dr Owen.

“When we found this out we were stunned,” he said. “This is not what we expected at all.”

Despite the findings, Dr Owen cautioned against drawing too many conclusions since he did not know which visits were done by people and which by machines.

“It’s not as quite as straightforward as it looks,” he said. “It might look like there are lots of people visiting these sites but it is difficult to conclude that from this information.”

“What proportion are people and which are something else? We simply don’t know.” he said, adding that “crawlers” run by law enforcement and other agencies that police abuse sites could be responsible for the steady stream of traffic.

Roger Dingledine, one of the original developers of Tor, also said the methodology of the study – which only scanned long-lived sites to see what content they offered – made it hard to draw conclusions about what people did on the network.

“Without knowing how many sites disappeared before he got around to looking at them, it’s impossible to know what percentage of fetches went to abuse sites,” he said.

“There are important uses for hidden services, such as when human rights activists use them to access Facebook or to blog anonymously,” he added.

“These uses for hidden services are new and have great potential.”

BBC News

Apparent U.S. crackdown cripples Dark Web’s pedophile communities

Published August 9, 2013 by misty534


On Saturday morning, a shock wave hit the Dark Web, a collection of sites hide behind walls of encryption and anonymity on the Tor network.

Someone or some group, most likely a U.S. law enforcement agency, had compromised and essentially destroyed Freedom Hosting, the Dark Web’s most popular anonymous hosting company. At the time of the attack, the company hosted dozens of forums that trafficked in illegal content, from money laundering to child porn.

It began with the arrest in Ireland last week of 28-year-old Eric Eoin Marques. The FBI has called Marques the “largest facilitator of child porn on the planet,” and is asking the Irish government to extradite him to the U.S.

A U.S. Department of Justice representative, which handles extradition cases, declined to comment on the case Tuesday. But a mountain of circumstantial evidence all points to Marques as the man behindFreedom Hosting. That would make the FBI’s accusations about his role in facilitating child porn more than just hyperbole. Freedom Hosting’s no-questions-asked policy saw the rise of numerous forums devoted to the distribution of graphic child abuse photographs and advice on how to get away with raping children.

The arrest has terrified this formerly thriving pedophile community.

Shortly after Marques went into custody, someone inserted malicious Javascript exploits into multiple Freedom Hosting websites—both those that specialized in illegal content and those that didn’t. The code attempted to track users, collecting information from their browsing history that might be used to identify them. It’s not clear who created the exploit, but an IP address in the code tracked back to Science Applications Internation Corp., an intelligence contractor with ties to the National Security Agency. Many pedophile forums whose administrators were initially pleading for a calm and level-headed response to the news have since disappeared from the Dark Web.

Early Saturday morning, an administrator on the 4Pedo forum typed a hurried, all-caps farewell to his community after detecting the exploits.


Several other forums, even numerous pedophile communities not hosted by Freedom Hosting, have taken their websites offline or created new sites with prominent security warnings. (“Turn off all scripts in your browser!”)

Among users of onions, which is what Tor websites are called due to the multiple layers of anonymizing protection they provide, the debate over Freedom Hosting’s role in distributing child pornography is as lively as ever.

Critics are saying that Freedom Hosting was well aware of the child pornography on its servers—after all, it made headlines in 2011—and should be held responsible. Others argue that the anonymizing software that benefits pedophiles also helps dissidents living under oppressive regimes. The good, they say, outweighs the bad.

“He is not a ‘[child porn] host’ like the media tells you but a host without rules on which people from around the world hosted all kinds of websites,” wrote one user in an emblematic discussion at Reddit’s r/onions forum. ”I hate [child porn] but true freedom is also for things you hate the most. FBI exploit is bad because it will catch lots of innocent people.”

“I think this line of reasoning will never gain traction among the masses, and they are the ones who elect officials,” replied another. “Any and every action against the purveyors of CP is seen as excusable, collateral damage be damned.”

The response? “Then you’re next.”

. . .

Indeed, it’s important to remember that Freedom Hosting was home to more than just pedophile forums. Hacking and fraud marketplaces, money launderers, an anonymous banking system, and more resided on its servers.

Until last week, Tor Mail was the de-facto king of anonymous email. It was used by hackers at credit fraud markets like HackBB and drug dealers at websites such as Silk Road because the service was hidden and promised to be warrant-proof, unlike mainstream services such as Gmail which are subject to American law.

Some users are wondering if this attack was aimed at least partially at Tor Mail, whose servers may hold a potential gold mine of information on, for instance, some of Silk Road’s most successful vendors. It’s unclear what, if anything, enforcement has been able to recover and read from Tor Mail.

“Wow. If they can do this to an onion like Tor Mail, what’s stopping them from getting to us?” wondered a user of drug marketplace Silk Road. “Child porn. That would be their first big attack on Tor. Stepping stones.”

That was just one of chorus of voices on Silk Road wondering if the popular narcotics marketplace is next.

In a post worthy of an underworld Braveheart, prominent vendor and money launderer StExo encouraged customers and vendors alike to defend the marketplace.

So long as we keep fighting, the heart and soul of this community will never perish and I hope that in many years, people will look back and remember us. Remember those people who done something different, who stood up for their beliefs and despite having enemies glaring them in the face, they were steadfast. Whatever the future may hold for us all, it has been a pleasure to stand beside you all in this new age and I hope that as we face tomorrow, every challenge given to us is just another hurdle we will overcome because whilst our enemies may continue their agenda of imprisoning innocent people for simply expressing their freedom, they will never be able to silence the idea those people stand for and that we all still stand for – together, as one.”

Dread Pirate Roberts, the founder and figurehead of Silk Road, called StExo’s missive “very inspiring.” Roberts has called Silk Road a “revolution,” and users see the community a place to do business they believe shouldn’t be illegal in the first place.

“Silk Road is about something much bigger than thumbing your nose at the man and getting your drugs anyway. It’s about taking back our liberty and our dignity and demanding justice.”

To calm the mild panic, Roberts posted a message on the forums verified by a PGP, software with a unique password and signature designed to prove a person is who he says he is. The post confirmed Roberts remained in control of Silk Road and that the marketplace was presumably as safe as ever. He also spoke about Tor Mail, the email provider of choice for thousands of Silk Road users.

“I know that MANY people, vendors included, used Tor Mail. You must think back through your Tor Mail usage and assume everything you wrote there and didn’t encrypt can be read by law enforcement at this point and take action accordingly. I personally did not use the service for anything important, and hopefully neither did any of you.”

Meanwhile, the Dark Web’s second largest black market, Black Market Reloaded, has deleted all connections to Tor Mail on its site and warned users against returning to the previously ubiquitous email service.

. . .

It’s difficult to survey the full extent of the damage done to Tor’s hidden services. Long before this attack, onions were slow and unreliable, often going down for extended periods without explanation. Although many forums and communities appear gone, it will take time to parse the information and find out even an estimate of how many services were truly knocked offline by the fall of Freedom Hosting.

If there’s one consensus, however, it’s that law enforcement’s attempt to disrupt and destroy Dark Web communities is only just beginning.

The Daily Dot

Sections of online ‘DarkNet’ close following child porn suspect’s arrest

Published August 7, 2013 by misty534


A section of the internet’s “DarkNet” — believed to have huge levels of child pornography and other illegal activity among its content — has shut down just days after the FBI requested an alleged child pornographer be extradited from Ireland.

The sites run by Freedom Hosting on the Tor network routed users’ web-browsing queries through a series of servers that meant they were untraceable.

Freedom Hosting has been accused of being a major hub, not just for one of the largest collections of child pornography on the network, but also for a drugs distribution network.

The ‘hacktivist’ group Anonymous once claimed that 95% of the child pornography hidden on the Tor network was put there by Freedom Hosting.

The closure of the site is being linked to the request by US authorities for the extradition of Eoin Eric Marques, who is described by an FBI special agent as “the largest facilitator of child porn on the planet”.

A Maryland state warrant records charges of distributing and promoting child pornography online. The charges relate to images on a large number of websites described as being extremely violent and graphic and depicting the rape and torture of prepubescent children.

The 28-year-old is in custody and is due to appear in court again tomorrow.

It is suspected that his arrest on Thursday was one of the major triggers for the closure of the Freedom Hosting sites.

Another major trigger was the detection of malicious software on parts of the Tor network, which experts suspect was put there by the FBI to track users of any sites which are engaged in illegal activity.

The operators of the Tor network — while stressing that those operating the Freedom Network are not affiliated to them — acknowledged in a statement that the design of its network means “the user can not know where the server is located and the server cannot find the IP address of the user except by intentional malicious means like hidden tracking code embedded in the web pages delivered by the server”.


Irish Times


Published August 6, 2013 by misty534

images (3)



Service accused of aiding child abuse image distribution has been hacked.


A service accused of helping to distribute pictures of child abuse on the ‘hidden Internet’ has been compromised.

Websites using service provider Freedom Hosting to post material up have had code added to their pages, which could help reveal the identities of people visiting them.

Freedom Hosting delivers sites via Tor, which is designed to keep web activity anonymous.

It does this by sending web traffic through numerous encrypted layers to hide the traces of activity which prove useful in a police investigation.

There are also websites which use Tor’s .onion suffix. But over the weekend Tor users complained that sites using the network had gone offline simultaneously.

The breach is believed to have reconfigured the software behind Freedom Hosting to insert a Javascript-like exploit in the web pages, which is then able to load malware onto the computers of the sites’ visitors.

There are claims that the design of the code used to bug the Tor network suggests a US law enforcement agency is behind it.

Freedom Hosting’s terms and conditions state that illegal activities are not allowed on the sites it supports, but that it is notresponsible for users’ actions.

Analysis of the breach suggests it takes advantage of a vulnerability in Firefox 17, it is reported, which means people using that browser could be identified.



FBI bids to extradite Irishman, 28, on suspicion of being ‘largest child-porn dealer on planet’

Published August 5, 2013 by misty534

images 22


An Irishman accused of being the ‘largest facilitator of child porn on the planet’ by the FBI could face extradition to America.

U.S. authorities want to extradite Eric Eoin Marques who they allege is involved in distributing graphic and violent images of child pornography, a court heard.

The 28-year-old appeared before the High Court in Ireland, after he was arrested on a Maryland warrant for four charges of distributing and promoting child pornography on the internet.

Mr Marques, from Dublin, appeared before Mr Justice Paul Gilligan yesterday due to an extradition request by the FBI, the Independent reported.

He was denied bail until the extradition request has been determined.

The images he is accused of distributing and promoting relate to distressing depictions of youngsters being raped or tortured.

Mr Marques, who has no previous convictions, has been identified as a ‘flight risk’ by gardai and the FBI.

The High Court heard that large payments had been trasnferred to accounts in Romania, and his computer’s brwsing history revealed that he had inquired about Russian visas.

Refusing bail, Mr Justice Paul Gilligan said he accepted the evidence that Mr Marques was a flight risk.

Mr Justice Gilligan remanded Mr Marques in custody, to a sitting of the High Court on next Thursday.

His arrest coincides with the disappearance of a vast number of ‘hidden services’ hosted on anonymizing encrypted network Tor.

The website is accessed via a programme called Tor which enables all members to remain anonymous online and uses an ‘onion’ system to make sure their IP address is always hidden from police.

Tor is free software and an open network that makes identifying the physical location of the computers operating the marketplace – or anyone visiting it – all but impossible.

It protects internet users against a form of network surveillance and state security known as traffic analysis.

They can be used for good – such as activists trapped in oppressive regimes – or bad, with drug dealers selling illegal substances without risk of getting caught.

Marques is alleged to be behind Freedom Hosting, a major hidden services hosting provider, Arstechnica reported.

Freedom Hosting was one of a number of hosting providers specializing in hidden services.

The business — which is in no way connected to the Tor Project — allegedly hosts child pornography sites, as well as sites that allowed pornography traffickers to post their links for distribution, Arstechnica reported.

Freedom Hosting was brought to the public’s attention in October 2011 after the hacking collective Anonymous shut down the largest host of such illegal material on the Web.

In a statement issued on the internet, Anonymous said that it had warned Freedom Hosting to take the sites down but the company failed to do so.

Anonymous hackers then disabled its servers and would continue to do so until the material was removed.

Its operation began on October 14 and targeted child porn on the ‘darknet’ – anonymised sites designed to protect users’ identities, which are invisible to normal web users.

Anonymous hackers detected the links to the pornography and removed them but they were up again within five minutes.

They then discovered that 95 per cent of the links were being hosted by Freedom Hosting and so shut down the firm’s servers.

Freedom Hosting switched to their backups but Anonymous closed them down again.



Tor is a popular internet anonymising tool which can be downloaded for free from the web.

It enables all members to remain anonymous online and uses an ‘onion’ system to make sure IP addresses – each computer has its own one – are always hidden from police.

It makes identifying the physical location of the computers using the software all but impossible.

Tor only protects users from being monitored on applications that are properly configured to send their Internet traffic through the programme unless individuals also use it as a browser instead of Google or Internet Explorer.

As well as protecting users from being tracked by police, it also means they are protected from network surveillance and state security known as traffic analysis.

This makes interference with the website difficult on morality grounds as it is used by activists trapped in countries with oppressive regimes to communicate without being tracked by governments.

Prime examples are human rights groups in China and Iran which would otherwise be censored or even persecuted for expressing their views.

A large proportion of Tor’s funding comes indirectly from the U.S. state department’s internet freedom budget.

Anna Edwards

Feds bring down Tor-hosted child porn site using suspected vulnerability in Firefox browser

Published August 5, 2013 by misty534

images (18)


The US government has successfully taken down one of the Internet’s largest child porn sites, following a program that cracked security on a service that enables anonymous Internet browsing and site hosting.

Security expert Brian Krebs reports that US authorities were able to explore software behind a site hosted by Tor, a service that lets users browse the Web anonymously by rerouting traffic requests across its network. Access was supposedly made possible via a security vulnerability within Mozilla’s Firefox 17 browser– released in November 2012 – which Mozilla is investigating.

In particular, Ireland-based Eric Eoin Marques, who the FBI calls ”the largest facilitator of child porn on the planet,” was the among the targets. Marques is facing extradition to the US and the company he runs on the Tor Network, Freedom Hosting, disappeared following a take down by US authorities using the Firefox vulnerability. (It’s important to note that the Tor Network is not affiliated with Freedom Hosting, or other sites that run on it, it simply provides a free space online.)

A post on the Tor Project blog explains that “around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the Tor Network”. The post further explains that “multiple hidden service hosting companies appears to be down”.

While bringing down child porn sites is undoubtedly good for the Internet, there are concerns. The fact that the FBI managed to infiltrate a Tor Network site is a big deal, since it is commonly used by whistleblowers, media and activists that all seek online anonymity away from the gaze or reach of authorities.

That need has been particularly heightened with the many revelations of the US Prism program and other cyber spying initiatives.

The Tor Project post speculates that the site was accessed and rigged to identify visitors to Freedom Hosting:

The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user’s computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based.

According to Krebs, the hole is likely not a problem for users of the latest version of the browser – Firefox 22 was launched in June — but it could affect organizations that use Mozilla. Version version 17 is currently in Extended Support Release (ESR), a system favored by business because it brings new features to the browser without needing an update to the latest build. Since Mozilla releases new versions at six-week intervals, ESR prevents a less time-intense option.

Microsoft provided the US government with a “an early start” on its security vulnerabilities, which was reportedly used to aid its cyber espionage programs. Microsoft claims the information was provided to help shore up US systems.

There’s no suggestion, at this point, that Mozilla worked with the government on this — for one thing because the company is investigating an issue brought to its attention by others.

Tor says its team “don’t have any insider information” about the issue. We’ve reached out to Mozilla to request more information.


by Jon Russell

Tor network at heart of Northern Kentucky child porn case

Published April 27, 2013 by misty534



BURLINGTON, Ky. – A government network created to keep secrets on the Internet is now at the heart of a Northern Kentucky child porn case.

A preliminary hearing in Joe Eggers’ case in a Boone County courtroom Friday was routine – until the detective on the case started talking about the CIA.

Eggers faces 35 child pornography counts. He is accused of distributing 15 child porn images and possession of at least 20 other pictures. The investigation began when detectives say they caught Eggers uploading one of those images. But it’s the images that he downloaded that are opening the door to a little known corner of the Internet called the Tor network.

“It was created by the CIA to send information back and forth that would be untraceable because it bounced through several computers around the world to your house,” Kentucky State Trooper Josh Lawson testified.

The Tor network is free and financed 80 percent by the U.S. government. But you need a special browser and router to gain access to it.

According to Wikipedia,Tor has positive applications as well as negative ones.

“In March 2011 The Tor Project was awarded the Free Software Foundation’s 2010 Award for Projects of Social Benefit on the following grounds: ‘Using free software, Tor has enabled roughly 36 million people around the world to experience freedom of access and expression on the Internet while keeping them in control of their privacy and anonymity. Its network has proved pivotal in dissident movements in both Iran and more recently Egypt.’

“Foreign Policy named (the three Tor founders) among its 2012 Top 100 Global Thinkers ‘for making the web safe for whistleblowers.’ “

Police say Eggers originally told them he found the hard drive with the pictures on a computer he found in the trash. Investigators say Eggers later confessed to downloading and sending the pictures.

Eggers is under house arrest with an electronic monitor. His case now goes to the grand jury.