Marques is the owner of Freedom Hosting, a web hosting service that can only be accessed via the Tor anonymizing service. It is believed to host a number of child pornography sites, such as Lolita City, which has been a prime target of the Anonymous #OpDarknet (an operation to "rid the darknet of trash such as destroying the major source of child pornography").
Over the weekend, following Marques' arrest, it became apparent that Freedom Hosting had been compromised. "The current news indicates that someone has exploited the software behind Freedom Hosting", explains the Tor project in a blog posting yesterday. "From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users."
The javascript code has been posted to Pastebin, and analysts are trying to work out exactly what it does. It only affects users of Firefox 17 ESR, "on which," says the Tor blog, "our Tor Browser is based. We're investigating these bugs and will fix them if we can."
The javascript exploit seems designed to download further malware. Chatter on Reddit suggests that a primary motive might be to find the real IP address of visitors to Freedom Hosting sites.
In theory, this could be part of the Anonymous #OpDarknet project, which has long sought to 'dox' users of child porn sites. But there is no apparent current claim from Anonymous – and the proximity of the arrest of Marques suggests that the FBI might be behind the malware. There are suggestions that the malware reports to an IP address in Virginia.
Tor itself has tried to make it clear that there is no connection between Tor and Freedom Hosting. "The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The Tor Project, Inc., the organization coordinating the development of the Tor software and research," it said yesterday.
Freedom Hosting was a Tor 'hidden service'. While Tor is best known for providing anonymous surfing capabilities, it also allows anonymous hosting – and the physical location of the Freedom Hosting servers remains unknown (some suggest Romania or Russia). However, while the Tor service can be and is used for illegal purposes, it also serves a valuable purpose in protecting dissidents. "The New Yorker, for example," explains Ars Technica, "uses a hidden service to host its Strongbox communications setup, which allows anonymous communication with editors."
Meanwhile, Marques is contesting extradition. "The US authorities are seeking his extradition on four charges," reports independent.ie. "The court heard that if convicted he faces sentences of up to 30 years in prison. The charges relate to images on a large number of websites described as being extremely violent, graphic and depicting the rape and torture of pre-pubescent children."