Threat Management, Incident Response, TDR

FBI brings down Silk Road underground market

The Federal Bureau of Investigation's (FBI) shutdown this week of Silk Road – a black market existing on the Deep Web and accessible through the Tor network – also led to the arrest of its 29-year-old operator, Ross Ulbricht, also known as Dread Pirate Roberts, DPR, or Silk Road.

Ulbricht was picked up on Tuesday by feds in San Francisco and is being charged with narcotics trafficking conspiracy, computer hacking conspiracy, and money laundering conspiracy, according to a complaint (PDF) unsealed against Ulbricht in the Southern District of New York.

The charges are linked to the various drugs distributed on the illicit marketplace, including heroin, cocaine, crystal meth, LSD and ecstasy, and the computer hacking offenses relate to the intentional accessing and obtaining of information from protected computers for purposes of financial gain. Money laundering charges stem from the transactions involving the proceeds from the unlawful activities.

Some of the computer-hacking services offered on Silk Road include everything from hacking social media  and online retailer accounts to hacking automated teller machines (ATM). The underground website also offered tools and goods, including keyloggers, banking trojans and other malware.

Additionally, hitmen from more than 10 countries were observed to have offered services. In the complaint, Ulbricht is said to have solicited services from one or more of them – particularly with regard to a Silk Road user who attempted to extort money from him.

To build a case against Ulbricht, a special agent for the cyber crime squad within FBI's New York field office worked cooperatively with agents from the Drug Enforcement Agency (DEA), Internal Revenue Service (IRS), Homeland Security Investigations, and other law enforcement.

The FBI special agent went undercover to access Silk Road via Tor, an anonymous network that directs traffic through thousands of relays to make internet tracking nearly impossible. Users can access these portions of the internet – known as Deep Web because they are not indexed by traditional search engines – by downloading the Tor Browser Bundle, which contains a modified version of Firefox.

Throughout the investigation, the special agent learned that the only currency traded on Silk Road is bitcoins.

From its first known inception around January 2011 and until July 2013, “the total revenue generated from sales was 9,519,664 bitcoins, and the total commissions collected by Silk Road from the sales amounted to 614,305 bitcoins,” according to court documents. “These figures are equivalent to roughly $1.2 billion in revenue and $79.8 million in commissions, at current bitcoin exchange rates.”

“The Silk Road takedown might increase bitcoin value if a massive amount of seized assets remain out of the bitcoin pool, simply by supply and demand laws,” Steve Santorelli, a spokesperson with Flordia-based internet security group Team Cymru, told SCMagazine.com on Thursday. "Other copycat sites might start to convert their bitcoins out of the system into real currencies, but it's hard to say. No one really knows much about the market dynamics of bitcoin and whether one entity could have an impact on the entire system."

Following the case intently, Jerry Brito, a senior research fellow at the Mercatus Center at George Mason University, questioned in a blog post what exactly led to the arrest of Ulbricht.

With regard to locating the server that hosted Silk Road, Brito said his first thought was that the FBI took advantage of a Firefox vulnerability that allowed Tor network users to be located – similar to the one that led to the arrest of child porn distributor Eric Marques.

According to the complaint, it seems law enforcement may have caught a break in July when as part of a routine search U.S. Customs and Border Protection (CBP) intercepted a package inbound from Canada. The package contained nine counterfeit identification documents, all with different names, and was addressed to a San Francisco address where Ulbricht had taken up residence.

“As I think about this some more, it's clear that the FBI was able to identify Ross Ulbricht because he posted his Gmail address to the Bitcoin Talk forum using the same username that first mentioned Silk Road ever,” said Brito. “So, what are the chances that the CBP search that turned up the package of fake IDs bound for Ulbricht was routine? If it was routine, it was routine in the sense that packages to people on a watch list might be routinely searched. I'm still not clear how the FBI got from identifying a possible suspect to locating the server for the Silk Road Tor hidden service.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.