An in-depth look at the FBI’s fundamental blow to child pornography and the Deep Web – and its potential repercussions

On Saturday last week, something momentous occurred: The FBI and Irish police collaborated to arrest the alleged owner of Freedom Hosting, one of the largest Deep Web hosts in the world. We’ll get to precisely what that means in a moment, but the practical upshot is this: By some estimates, taking down Freedom Host has removed the majority of all child pornography online.

Actually, it seems to have downed the majority of the Tor Network as a whole, which has far-reaching consequences that extend well beyond illegal pornography. This is a fundamental blow to a section of the online world which is at least several times larger than the web itself. But let’s begin by explaining some of the history and terminology involved.

Onion routing is, like the Internet itself, the brainchild of the US military’s advanced research arm. Originally patented by the US Navy in 1998, the technology is designed to make online communication untraceable and perfectly anonymous. Named for the layered structure it creates, onion routing passes every transmission through a series of intermediary computers between source and destination. This means that it is both very slow and theoretically secure for both server and user. The technology was initially useless to civilians since its very premise requires access to computers all over the world, but in 2002 a free, open solution appeared: The Tor Network.

Originally (but no longer) an acronym for The Onion Router, Tor is a combination of infrastructure and software. On the infrastructure side it connects and coordinates upwards of three thousand nodes across the globe, providing more than enough variety in routing to fully realise the security made possible by onion routing. To access this network, the developers of the Tor Network created the Tor Browser, a Mozilla-based web browser that encrypts every piece of outgoing information and which is required to decrypt any data incoming over the Tor Network. To ensure security, the Tor Network can only be accessed through the Tor Browser.

In conversation, the Tor Network is often referred to interchangeably with the Deep Web, but this isn’t technically true. The Deep Web (aka the Dark Web, Invisible Web, Darknet, and more) is actually defined as the entirety of all online information that cannot be indexed by conventional search engines. Often, this is simply the result of particularly old or arcane database programming – probably the most stark example is the deep recesses of the US Library of Congress.

In the beginning, the Deep Web was mostly comprised of such unintentional content, but the ability to host sites that were both public and invisible eventually became an end unto itself. By 2001, the Deep Web was estimated to be several orders of magnitude larger than the Surface Web (the normal web), despite the fact that its randomly generated .onion website addresses are impossible to find without a direct link.

Probably the most successful illegal onion site is the Silk Road, a sort of anonymous eBay for illegal materials. Though it once even allowed the sale of firearms, the Silk Road is primarily a seller of substances – at present, the most popular single substance is LSD, which is offered by hundreds of sellers around the world. Buyers pay with the anonymous BitCoin crypto-currency and access the storefront exclusively though the Tor Browser and its network of onion-routing computers. The site has spent years thumbing its nose at US national security.

As with all onion sites, the servers are hosted anonymously, the users access it through the onion protocol, and any money involved is functionally laundered the instant BitCoins change digital hands. Every day, hundreds of packages full of illicit drugs are sent through national and international postal systems and there doesn’t seem to be anything governments can do to stop it. This gubernatorial helplessness may excite the web’s many and enthusiastic libertarians, but such power is often put to far more nefarious purposes. As noted, there are a smattering of (questionably legitimate) hitmen on the Tor Network, but by far the biggest problem is the Deep Web’s expansive databases of illegal pornography.

Virtually all child pornography and otherwise illegal images and videos are distributed on the Deep Web. The powerful anonymity offered by the Tor Network empowers the consumers of this content such that they are shockingly open about their activities: Tor-protected chat rooms have names like PedoBoard and Lolita Network, and database sites voluntarily flag themselves with warnings of “pedo content” or “loli porn.”

When reporters refer to child porn rings that operate online, they are speaking about these places. Government intervention and corporate self-regulation have driven child pornography (as distinct from the worrying trend of underage selfies) off the conventional Internet and onto the Deep Web. Like the Silk Road, they operate with utter impunity and flaunt their actions with little worry of legal retribution. The hacktivist group Anonymous has maintained a campaign of electronic attacks on these sites under the name Operation Darknet, but all this can achieve is the occasional and very temporary shutdown.

However, onion sites must be hosted just the same as those on the regular old World Wide Web. Though there have been several propositions to develop distributed hosting, a cloud based solution that would use BitTorrent-like code to eliminate the need for any single, centralised server, that has yet to materialise. So, those who ran onion sites were forced to seek out a hosting service which would both accept payment in anonymous currency and wilfully turn a blind eye to their activities. Up until this week, the largest such service was Freedom Hosting.

The alleged founder and operator of Freedom Hosting is one Eric Eoin Marques, who was arrested in Ireland this week and is awaiting extradition to the United States. Marques also owns the company Host Ultra Unlimited – and if you’re really interested, check out his forum profile on the website WebHostingTalk.com. Tor itself has already released a statement clarifying the nature of its service and its (lack of) relationship with Marques or Freedom Hosting.

The FBI has described Marques as the “largest facilitator of child porn on the planet,” which (if he is guilty) is certainly true – the word “facilitator” is key, though. Marques will doubtless defend himself on the basis that all he did was offer anonymous, no-questions-asked web hosting. The defence will state that it was not his responsibility to filter the content that was hosted, nor was he obliged to be concerned about reaping the financial benefits of being the go-to host for the creators and distributors of illegal pornography.

That argument is, of course, unlikely to get him very far with either the courts or the public. In all likelihood, Marques will be spending the next several decades of his life in an American federal correctional facility, and could very plausibly remain there until he dies.

The secondary story here, and potentially the one which will be paying dividends for years to come, is what happened directly after the raid. Before the arrest had even been announced, observant users began noticing some odd new code running on certain sites – in particular, sites that were hosted by Freedom Hosting. The code seems to exploit a loophole in JavaScript to do… something. At present nobody is quite sure what the exploit is designed to achieve, nor has the FBI confessed to being its source, but its appearance in conjunction with the raid cannot be a coincidence. The FBI has a track record of using viruses to fight online crime, and the assumption at present is that the JavaScript code is intended to at least try to identify Freedom Hosting’s customers, or even the users of its hosted content.

Remember that since even payment is anonymous, mostly via Bitcoin, seizing the servers won’t reveal any direct information about those who have purchased its services. Though the Tor Network should theoretically make it impossible for the exploit to provide specific information about users, the assumed virus is still creating widespread panic – and that might even be the point. According to one Reddit user, the following message was recently posted on the chat room 4pedo:

"UNKNOWN JAVASCRIPT IN THE BOARD PAGES POINTING TO IFRAME TO A VERIZON SERVER ON THE OPEN WEB!!!!!!! THEY ARE INSERTED BY FH [Freedom Hosting]! I WOULD CONSIDER FH COMPROMISED!!!! THEY ARE ALSO IN TLZ AND OTHER SITES PAGES!! STAY AWAY FROM ALL FH HOSTED SITES, including TLZ [The Love Zone], LC [Lolita City], TORMAIL, ALL OF THESE ARE HOSTED ON FH!!!!!!!!!!!!!! ALL BOARDS HAVE BEEN DELETED TO PROTECT YOU!! IF THE BOARDS COME BACK UP, IT IS NOT ME RUNNING THE SITE ANYMORE, ALL ADMIN/MOD ACCOUNTS HAVE BEEN DELETED!!"

One thing to remember in all of this is that child pornography is not the only use for the Tor Network, nor for the Deep Web. Some people have expressed fears about what this event might mean for the legitimate users of the anonymity service, such as government whistleblowers or journalists working to maintain the privacy of sources. The most worrying aspect from this perspective is that the anonymous communications service Tor Mail seems to have been compromised, which truly is relied upon by non-criminal users of all stripes.

And, in case you were wondering: The Silk Road does not seem to have been hosted on Freedom Network, and appears unaffected by this whole event.

Whatever your views on government oversight or the right of citizens to privacy, one thing cannot be denied: This week the FBI made the world a vastly better place. They have struck a significant blow to the world’s purveyors of child porn, and made a truly powerful example of one of its greatest alleged facilitators. Though the paedophile “community” is notoriously committed and will doubtless rebuild, their networks have been largely destroyed in the short term. If the FBI’s presumed Trojan returns private information about those who use these sites, we may be about to see an unprecedented rash of arrests. At the very least, their sense of invincibility has been irreparably damaged.

The only possible way to spoil this achievement would be if it turned out that, however far down the line, some information gleaned in this operation was used improperly. Whether a journalist’s source is persecuted or an activist outed to a foreign government, such a revelation would turn arguably the greatest ever win against cyber-crime into just another anecdote driving moral citizens into the arms of anonymity.

While you’re here, you might also want to read our article on XKeyscore.