C. Aliens 
The story of Eric Eoin Marques, which shows how the FBI is able to overcome the anonymity guaranteed by Tor, even if we do not know how.
It was August 2, 2013 when some users of Tor, the most popular software to surf the dark web, realized that something is wrong. In the websites they used that were hosted on the servers of the anonymous company Freedom Hosting – an “unknown Javascript” has been spotted. Any anomaly in the code is considered a warning signal when talking about dark web, because it could indicate an intrusion into a world where secrecy is everything.
The panic was justified: Javascript exploited a Firefox vulnerability (which can be used to navigate with Tor) to identify and locate dark web users. While still trying to run for cover by updating the software as quickly as possible, all the sites hosted on Freedom Hosting went down simultaneously.
Among the services that used Freedom Hosting’s servers were some perfectly legal ones (like Tor Mail or the Hidden Wiki encyclopedia), others range from HackBB hacker forums to money laundering services (including Onion Bank). But especially on those servers were hosted some sites used for the exchange of child pornography. And this is what that had aroused the attention of the FBI, to the point of giving its IT resources to be able to succeed in piercing what should be the impenetrable Tor network.
As the MIT Tech researcher explains, “Tor is free software that allows anyone to use the Internet anonymously, encrypting traffic and bouncing it between various nodes, so as to hide users’ original connections. But who are the users of the dark web? Though over time it has become synonymous with illegal trafficking, most people who use the dark web are citizens who want to escape online tracking, inhabitants of poorly democratic nations trying to circumvent censorship, or Chinese dissidents trying to evade surveillance.
Obviously, however, there are also those who hide behind the anonymity to conduct illegal trafficking. And among these there were also the real target of the FBI investigation: Eric Eoin Marques, the head of Freedom Hosting, arrested in Ireland after the identification by the police of one of the servers used by him in France. A few days ago, Marques admitted his guilt in court after a legal battle that lasted almost seven years and now faces the possibility of a sentence of up to thirty years in prison.
Marques was not the FBI’s only big target identified in 2013. “Two months after his capture, the iconic black market Silk Road was also shut down in another FBI-led operation. After making possible sales amounting to hundreds of millions of dollars, Silk Road had became a symbol of the apparent invulnerability of criminals living in the dark web world. reads the Tech Review always . “Although it had lasted less than three years, it was clear that its founder felt invincible. Towards the end, this anonymous personality gave interviews to magazines like Forbes and wrote political essays about his cause and the ideology that he supported it.
Ross Ulbricht, the then 29-year-old who ran Silk Road, was also captured in 2013 and sentenced to life imprisonment. Since then, the operations conducted by the FBI against Tor and the dark web have multiplied, also leading to the closure and arrest of a network of pedophiles who acted under the cover of anonymity.
All right, then? Not entirely. Because while it’s true that US law enforcement is becoming increasingly sophisticated in terms of technology and now able to crack any service, it’s also true that in most cases they have no intention of letting people know how they did what they did. What code in short, they used to successfully infiltrate the dark web.
Marques’ lawyers (and judges) have received only vague details from the government: “The reason they do this kind of darkening is because the techniques used are legally questionable or can raise questions among the public,” explained Mark Rumold of Electronic Frontier Foundation, an ngo working in the defense of online privacy. “As common as this type of action is, I don’t think anyone benefits from it.
Lawyers, of course, need to know how their protege has been identified and whether or not the means used are legal (and therefore not a “fruit of the poisoned tree,” as they are defined in Anglo-Saxon jurisprudence). In the case of the arrest of Marques, for example, some associations in defense of civil liberties, starting from the ACLU, criticized the FBI for having used that code as a grenade, capable of bombarding the computers of thousands of perfectly innocent people.
“U.S. government agencies regularly find vulnerabilities in software,” writes Patrick Howell O’Neill. “Sometimes they reveal them to manufacturers, in other cases they decide to keep them for them to use as weapons or during investigations. But there is a formal process that is used to decide whether a problem should be shared or not (…)”. A process in which disclosure is the default choice, “in the belief that any bug that can hit the ‘bad guys’ can also potentially be used against everyone’s interests. When an agency wants to use a bug during an investigation it must receive approval, otherwise it will be publicly disclosed”.
To give an idea of how important it is for government agencies to keep the secret on the techniques used, suffice to say that in 2017 they preferred to drop all charges in a case of child exploitation on the dark web rather than detect how they were able to identify suspects. “We can’t live in a world where the government is allowed to use black box technology from which important criminal prosecutions are coming out,” explains Rumold of the EFF. “Defenders must have the opportunity to test and verify the methods used in the investigation.”
