Eric Eoin Marques appeared Friday in court in Dublin, Ireland, on an extradition request by U.S. authorities. The 28-year-old, with dual Irish-U.S. citizenship, was described to the court by an FBI special agent as “the largest facilitator of child porn on the planet,” according to the Irish Independent newspaper.
Mr. Marques, who was arrested on a Maryland warrant for four charges relating to the distribution of child pornography on the Internet, was deemed a flight risk and remanded in custody, the paper reported.
The court heard that the charges stem from a large number of websites described as being extremely violent and graphic, and depicting the rape and torture of prepubescent children.
“It is understood the FBI had spent a year trying to locate Mr. Marques,” the Independent reported.
Over the weekend, administrators of the Tor Network, a system of volunteer Internet relays that facilitates anonymous Web browsing and hosting, noted that a large number of secret sites on its network were down.
“Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the Tor Network,” the administrators stated in a blog posting.
The services were operated by Freedom Hosting, which allegedly was run by Mr. Marques, according to security blogger Brian Krebs.
A hidden service can be a website, chat room or email service that can be accessed only by people using Tor, according to the network’s administrators.
“Anyone can run hidden services, and many do,” states the Tor posting, saying its services are used “to protect dissidents, activists, and protect the anonymity of users trying to find help for suicide prevention, domestic violence, and abuse-recovery.”
Reporters have used the services “to exchange information in a secure and anonymous way” with confidential sources, say Tor administrators. “The New Yorker’s Strongbox is one public example.”
Hidden services must be viewed or used through a conventional Internet browser — in the case of Tor, a version of Firefox.
A series of weaknesses amounting to a security hole in Firefox was exploited by malicious software, or malware, to help unmask Mr. Marques and potentially anyone who used his hidden services, according to Tor administrators.
Hackers and cyber-criminals use such security holes to plant “exploits” on a victim’s computer. These programs typically steal passwords, bank details and email accounts, and can even use a computer’s camera or microphone to spy on the infected computer’s user.
But the exploit used against Freedom Hosting does nothing except identify the true computer address of the person using the hidden services, Mr. Krebs said.
“Because this payload does not download or execute any secondary back door or commands, it’s very likely that this is being operated by [law enforcement] and not by black hats,” he quoted computer engineer Vlad Tsrklevich as saying.
A posting by the owner of a bulletin board called “4pedo” warned that unknown malware on his system was beaconing his location to “a Verizon server on the open Web,” according to a copy on the Internet discussion site Reddit.
The malware had been “inserted by FH [Freedom Hosting],” the administrator wrote, “I would consider [Freedom Hosting] compromised.”
No one at the FBI was immediately available for comment, and the press office at the Department of Justice, which would have filed any extradition request with Irish authorities, declined to answer questions.
“That matter is still under seal,” said department spokesman Peter Carr.
• Shaun Waterman can be reached at swaterman@washingtontimes.com.
Please read our comment policy before commenting.