Cross-posted from The Conversation.
You’ll have seen the owner of notorious online marketplace Silk Road, Ross William Ulbricht, was arrested in a San Fransisco public library on Wednesday, California time. But how does the administrator of such a strongly encrypted site get identified – let alone arrested?
Only a few hours beforehand I ran a class in Melbourne on the use of computer networks in political revolutions, and inevitably discussions led to anonymity networks.
In the class I warned the students not to be stupid enough to use Silk Road, as I believed it was close to being busted. Overnight Silk Road was taken down by the FBI.
While merely a coincidence that I made the call, the event itself carries a degree of public significance for both individual privacy and drug distribution.
Online trade
Silk Road was an online marketplace for the buying and selling of illegal goods and services. Mainly known for drug supply, an FBI report indicates it has certainly been popular in Australia.
Drawing its name from the trade routes through Asia that existed in antiquity, the site was founded on libertarian economic principles that sought out alternatives to government-backed currencies and regulated markets – at least according to Ulbricht’s LinkedIn account.
Ulbricht, also known as “Dread Pirate Roberts”, an apparent reference to a character from the novel and film The Princess Bride, made a mistake in March 2012 that possibly cost him his anonymity.
Asking how to securely automate the process of copying URL-linked files from one location to another on tech forum Stack Exchangesupposedly caught the attention of the FBI.
Using his real name when posting the question led to an easy match between a Darknet server (which allows users to connect with a reasonable level of anonymity) and Ulbricht himself – and from there, the FBI kept tabs on him until they had enough evidence for arrest.
That said, there is a great deal of suspicion in some tech forums that the US government has the ability to crack online anonymity, and that the Stack Exchange exposure is simply an attempt to hide this fact.
Textbook business model
The whole affair has produced a wide range of revelations regarding the operations of the site, ranging from torture and murder payments, blackmail and double-crossing. The concern for many is: could this happen again?
Well, it has already.
In a tech sense, what Silk Road did was not particularly remarkable. It was simply one of many Darknet servers.
It ran a checkout service not substantially different from sites like eBay or Amazon. It utilised BitCoin in exchange – a highly volatile, but also highly fungible non-fiat currency, which is both encrypted and anonymous.
Silk Road financed itself through a commission system, and profited from the sales made by other users. Silk Road didn’t even need to possess any drugs in order to draw a profit.
In fact, the only reason anyone cared about Silk Road over the wide range of other Darknet servers is that it had cornered the online market for illegal drugs. Drugs have an extremely stable consumer base, considering that they are illegal.
To think that Silk Road will be replaced is incorrect – Silk Road was simply the best known among the many global drug markets.
Tor networks
Online drug markets operate through an anonymisation system called the Tor network. Developed under the guidance of agencies such as the US military and the Electronic Frontier Foundation (EFF), the Tor network is a publicly available system for internet anonymity.
You can access the internet through the Tor network, slowly, but it is extremely difficult for an outsider to determine which websites you’re looking at, and which computers you’re connecting to.
Within the Tor network are computer servers that are not accessible directly through the World Wide Web – servers such as Silk Road.
Tor bounces encrypted signals around within the network in a random manner, and utilises methods for making it more difficult to trace the origins of the signals. That’s all. These methods of security simply protect data packets from easy surveillance, but do nothing to stop its users from outing themselves.
Even then, the Tor network isn’t foolproof. There’ssome indication that WikiLeaks obtained a lot of its early data straight off an exit node.
To put it simply, while you may have some technological anonymity, there’s nothing stopping you from suffering a malware attack that compromises your anonymity in other ways – or giving out your own name.
The FBI court filings suggest that this was exactly the way in which Ulbricht was caught.
The Tor network is wonderful news for people living under repressive regimes. For instance, the creation of new Tor accounts spiked by 500% during the anti-Mubarak riots in Egypt in 2011.
This system is also open to other camps who may want to hide their internet activity – the Tor net is equally home to child pornography, hit squads, snuff films and a thousand other operations.
Silk Road had no computer systems of their own that were any more complex than what many small businesses already operate. There will be another Silk Road, and there are already dozens waiting to fill the gap.
