The FBI yesterday admitted that it secretly took hold of Freedom Hosting last July, days earlier, the servers of the largest provider of ultra-anonymous hosting were discovered to be serving custom malware configured to identify visitors.
Freedom Hosting’s operator, Eric Eoin Marques rented the servers from an unidentified commercial hosting provider in France, and paid for them from a bank account in Las Vegas.
It’s not clear how the FBI took over the servers in late July, but Marques somehow recovered the servers and changed the passwords, briefly locking out the FBI until it acquired control yet again.
Freedom Hosting was a provider of turnkey “Tor hidden service” sites. These sites had addresses ending in .onion, which that conceal their geographic position behind layers of routing, and can be reached only over the Tor anonymity network.
The apparent FBI-malware attack was first noticed on August 4, when all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included at least some lawful websites, such as the secure email provider TorMail.
Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address.
By midday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploited a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser.