https://openwatch.net/i/200/anonymous-web-host-freedom-hosting-owner-arreste... Owner arrested in Ireland, FBI makes extradition request, malicious JavaScript discovered on a number of important hidden services. What happened?Eric Eoin Marques, the 28 year old owner and operator of the Tor-based internet host 'Freedom Hosting' has been arrested in Ireland and charged with distributing and promoting child pornography on the internet, reports<http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html> the Independent. Since the arrest, internet users have reported<http://www.reddit.com/r/onions/comments/1jmrta/founder_of_the_freedom_hosting_arrested_held/> noticing malicious JavaScript <http://pastebin.com/pmGEj9bV> designed to compromise their identities inserted into pages hosted by Freedom Hosting, including the 'Tormail' service, as well as a number of pedophile messageboards. Why?'Freedom Hosting' provides hosting for anonymous 'hidden services' on the Tor network. These services can range from everything from anonymous email and library services, to online marketplaces for drug distribution and the production and exchange of child pornography. As this is part of an ongoing FBI investigation, there is no conclusive evidence that the injection of this JavaScript is the result of a government operation, however, this does fall under a known pattern of FBI behavior<http://gizmodo.com/why-the-fbi-ran-a-child-porn-site-for-two-whole-weeks-510247728> related to child porn sting operations. It is possible that the attack, which delivers a weaponized exploit to Firefox users running Windows systems, is the work of non-government cyber criminals, although the timing of the arrest and the appearance of this code on a number of hidden services hosted by Freedom Hosting does seem to imply a government operation. The execution of malicious JavaScript inside the Tor Browser Bundle, perhaps the most commonly used Tor client, comes as a surprise to many users. Previously, the browser disabled JavaScript execution by default for security purposes, however this change was recently reverted by developers in order to make the product more useful for average internet users. As a result, however, the applications has become vastly more vulnerable to attacks such as this*. * What's going to happen next?Although it is difficult to gauge the size of the anonymous internet, Freedom Hosting did seem to be perhaps the largest anonymous web host, and its compromise will have serious implications for the future of Tor hidden services. We expect there will be a deeper technical analysis of the malware in the coming days as security researchers examine it in greater detail. Since the attack was designed at Firefox for Windows, which the Tor Browser Bundle is based upon, it seems likely that this is not a random occurance, and that the malware is designed specifically designed to compromise the identities of anonymous internet users. Although this would be a victory for the FBI against child pornographers who use the Tor network, it could also mean a serious security breach for international activists and internet users living in repressive states who use the services to practice online free speech. OpenWatch has been in the early stages of designing a new alternative to Freedom Hosting, calledOnionCloud <https://github.com/Miserlou/OnionCloud>, to allow anonymous Heroku-like application hosting. Developers interested in this idea and other OpenWatch technologies are invited to join the discussion by joining the openwatch-dev mailing list by sending an email to openwatch-dev+subscribe@googlegroups.com