Silk Road bust hints at FBI's new cybercrime powers
04 October 2013 | Hal Hodson | New Scientist
The biggest drug marketplace on the internet has been busted. The illicit empire of the Silk Road came crashing down on Wednesday after its founder Ross Ulbricht, aka Dread Pirate Roberts , was arrested and charged with narcotics trafficking, money laundering, computer-hacking and attempted murder. He was caught through ads and coding queries related to Silk Road, posted to the web in the early days of development, and tagged using his real email address.
The end of Silk Road means the FBI has now brought down two of the most famous services on Tor, the anonymising software that lets users access hidden parts of the internet, known as the darknet.
Earlier this year, it busted shady web-hosting company Freedom Hosting – known for turning a blind eye to child porn websites. Although Ulbricht was caught though a couple of small mistakes, the computers running Silk Road and Freedom Hosting were supposed to be impossible to find, running as hidden services within Tor, obscured from the rest of the internet by layers of routing computers. The FBI not only found the hidden servers, but managed to take complete control of them without their owners even noticing, logging the activity of the services' users and, in the case of Freedom Hosting, distributing malware to identify them.
Investigators at Baneki Privacy Labs, a non-profit internet research collective, say that's highly unusual. Despite reports in the Guardian newspaper today that the NSA has been attempting to unmask Tor users, such sophistication is unprecedented for the FBI. "Not many people in the world were taking heavier security measures than Freedom Host and the Silk Road," a Baneki investigator who did not want to be named told New Scientist.
He says that Ulbricht was meticulous in his administration of the Silk Road server, and that it's very unlikely that he shared it with any associates. The FBI usually access servers by putting pressure on someone with administrative access, but not this time.
The Baneki researcher says the FBI managed to get administrative access to the Silk Road servers and make a copy of the hard drives, then sit in the background watching all the traffic."We don't know how that was done, are aware of no routine techniques that would enable that kind of intrusion. If there's technology to do that, it's very advanced."
Many Silk Road buyers and sellers are panicking about the bust. One, called jayman62, wrote on Reddit: "all our money is gone. i just loaded mine 10 minutes before they seized it. im screwed. it wasnt all my money and its very dangerous people i now owe large sums too. im a dead man."
The Silk Road take-down also has implications for two important internet technologies – Tor and digital currency Bitcoin.
Bitcoin lost 40 per cent of its value as soon as news broke that the FBI had seized Silk Road servers, taking 27,000 Bitcoins with them, worth around £2.2m, as well as transaction records. "Silk Road was an important part of the Bitcoin economy, and probably the largest use of Bitcoin as a currency, as opposed to a speculative instrument," says Nicolas Christin of Carnegie Mellon University in Pittsburgh, who published a paper analysing Silk Road in 2012.
Tor may see a more chilling effect. Baneki researchers argue that FBI busts of the two highest-profile Tor services will destroy any trust the public had in the system, which has also been used by dissidents in repressive regimes to organise themselves. "The masses will never trust Tor again," the Baneki investigator says.
The Tor Project argues that Ulbricht's slip-ups do not mean that Tor itself has been compromised. But the FBI complaint against Ulbricht does not explain how the organisation tracked down the Silk Road server, which was supposed to be hidden by Tor. The FBI declined to comment, but there are a number of possibilities. A handful of recent and upcoming research papers have shown that the Tor network is no longer a safe place to run hidden services.
"In general, Tor architecture is not suited for protecting anonymity of long-term, popular web services," says Alex Biryukov of the University of Luxembourg. The Tor Project acknowledged as much earlier this year, and even laid out a roadmap to fix the issues, if and when it can find the resources. Its current insecurity isn't stopping other black markets from filling the void left by Silk Road's demise. Sheep Marketplace and Black Market Reloaded both offer drugs and weapons and are both still accessible via Tor – for now.
Biryukov and his co-authors examined Tor's hidden services in a research paper presented at the IEEE Symposium on Security and Privacy earlier this year. It took them $11,000 and eight months to get into a position where they could have revealed the real IP address of a hidden service (they avoided actually learning the IP address to preserve privacy). In a later paper, they found that the majority of hidden .onion sites, which require Tor to access, are either botnets – used to send spam or launch attacks on institutions – adult sites or black markets.
Another paper by researchers at Georgetown University and the US Naval Research Laboratory, both in Washington DC, shows that Tor users can be unmasked in as little as a day with a given amount of control over the network, control which, thanks to Edward Snowden, we know that the NSA does have. The paper will be presented in November at the Conference on Computer and Communications Security in Berlin, Germany.
For the Baneki investigator, there is no doubt that the NSA is behind the FBI's newfound powers. "The underlying firepower is all NSA, what your ten billion dollars a year buys you," he says.
In the "post-Snowden world", the NSA's capabilities have been revealed to be beyond what even the most paranoid had previously feared. "We're in a different world now. We now know there's an 800-pound gorilla in the corner," says the investigator. "The Silk Road came up, and the gorilla has smashed it."