For the past two and a half years, the underground online marketplace Silk Road has been described as the eBay of illicit goods and services—an anonymous, electronic black market where one could find and easily purchase everything from black-tar heroin and cocaine to illegal firearms and contract killers. But yesterday, the site was shuttered in what could be the biggest Internet drug bust in history.
According to the F.B.I., Silk Road’s enigmatic alleged owner, twenty-nine-year-old Ross William Ulbricht, who until now was known only by the handle Dread Pirate Roberts, was arrested on Tuesday at a public library in San Francisco. The Silk Road Web site has since been effectively seized by the Department of Justice, along with up to four million dollars in bitcoins, the digital currency that powers the site’s transactions.
At the time of its closing, Silk Road users had nearly thirteen thousand drug listings for substances ranging from methamphetamines to LSD and marijuana; they also offered other, more dubious goods and services, like forged documents, malicious computer software, hackers for hire, and stolen bank-account credentials. (Guns and explosives were also once sold on the site, but had been removed by its owner, who limited offerings to what he considered “harmless contraband.”)
The crackdown took place just a few weeks after Forbes published a rare public interview with Ulbricht. In light of new competition from a rival drug site called Atlantis, he used the opportunity to openly promote his site for the first time, espousing radical libertarian views and claiming to have “won the State’s War on Drugs because of Bitcoin.” Some users of Silk Road’s forums, which remain operational, suspected the publicity stunt marked the beginning of the end for the site, which first appeared in 2011 and attracted more than nine hundred thousand users mainly by word of mouth.
Bitcoins, a quasi-anonymous, math-based currency whose rise in popularity closely mirrored that of Silk Road’s, were essential to the site’s secure, anonymous operation. The site made the currency virtually untraceable using a built-in laundry and escrow, which concealed the coins’ origins within Bitcoin’s public ledger, known as the “block chain.” Past estimates by Forbes placed the site’s annual revenue between thirty million and forty-five million dollars’ worth of bitcoins. The F.B.I.’s criminal complaint alleges that the site has handled approximately 1.2 billion dollars in sales, producing eighty million dollars in commissions, during its lifetime. (The figures are hard to pin down, however, due to the erratic fluctuations in the value of a single bitcoin, particularly after the shuttering of Silk Road, which caused the currency’s value to fall by twenty per cent before recovering.)
The site had been an F.B.I. target since at least the end of 2011, when undercover officers began buying drugs. But the site is designed to prevent users and transactions from being easily tracked. It doesn’t exist on the regular World Wide Web; it can be accessed only via a special browser connected to the Tor network, which provides anonymous Web browsing. Once connected, the Tor software obfuscates the origin of users and hidden services by bouncing traffic off of a series of relays located around the world.
Originally developed by the U.S. Navy, Tor is known as a tool of liberation among journalists and human-rights organizations, as well as activists living under authoritarian regimes that punish online dissent and censor large portions of the Internet. Of course, that means it also allows drug lords, child pornographers, and other cybercriminals to conduct their business in relative obscurity, a fact frequently used by governments to justify harsh crackdowns on anonymous online speech.
In August, the F.B.I. scored its first major victory against the Tor network when it executed a large-scale cyber-attack that shut down Freedom Hosting, a provider of Tor hidden services, whose owner had been accused of hosting child pornography. The Bureau gained control of Freedom Hosting by exploiting a secret vulnerability in Firefox, which the Tor browser software is based on, allowing it to spread malicious code onto the hidden sites. The browser was quickly patched by its stewards at the Tor Project, a nonprofit that keeps all of its code open to the public, so that any flaws can be quickly identified and removed.
“So far, nothing about this case makes us think that there are new ways to compromise Tor,” reads a statement posted to the Tor Project’s blog late Wednesday night. It’s not certain how the F.B.I. managed to track down Silk Road’s hidden server, or identify its mysterious proprietor. (Although it appears that there may be revelations about Tor’s security and the National Security Agency yet to be published by the Guardian.) But details from the report suggest that the F.B.I.’s case was simply the result of good detective work, not technological breakthroughs.
Ulbricht’s criminal charges reveal a number of “operational security” mistakes that likely led to his arrest. For one, he had a significant presence on social media, including a YouTube channel, a Google+ page, and a profile on the career site LinkedIn. In 2011, a few days after Silk Road went online, Ulbricht, using the alias “altoid,” posted about the site on Shroomery, a drug discussion board, as well as on the
<href=”#msg42670″>bitcointalk.org forum. Months later, he
<href=”#msg568744″>posted again using the same account, including an email address containing his full name, in hopes of attracting “the best and brightest IT pro in the bitcoin community to be the lead developer in a venture backed bitcoin startup company.” Using another alias, “frosty,” he also posted to the developer site Stack Overflow, asking for programming help related to Tor hidden services.
As Dread Pirate Roberts, Ulbricht also allegedly paid an undercover F.B.I. agent eighty-thousand dollars to torture and murder a former employee. He believed the employee had been compromised after the same undercover agent allegedly contacted Ulbricht posing as a drug dealer, and Ulbricht arranged for the trade of a kilogram of cocaine between the two. The employee had stolen a large sum of bitcoins, and Ulbricht allegedly instructed the undercover agent to “let him use his computer to send the coins back, and then kill him.” The F.B.I. sent back staged photographs of the “murder,” to which Ulbricht allegedly responded that he was “a little disturbed, but I’m OK.”
Later, the F.B.I. alleges that Ulbricht ordered another contract killing, this time to murder a Canadian man who had threatened to release the identities of thousands of Silk Road users. He attempted to haggle, arguing that “not long ago, I had a clean hit done for $80K.” The deal was agreed to for the sum of a hundred and fifty thousand dollars in bitcoins, but Canadian authorities said there is no evidence that the murder took place, nor is there any record of a citizen with the name of Ulbricht’s target. Ulbricht also faces conspiracy charges related to money laundering, drug trafficking, and computer hacking.
Despite the report’s depiction of Ulbricht as a ruthless criminal mastermind, his family and friends were mostly caught off-guard by the allegations. “I don’t know how they messed it up and I don’t know how they got Ross wrapped into this, but I’m sure it’s not him,” Ulbricht’s friend and former roommate, René Pinnell, told Adrianne Jeffries of The Verge. His half-brother, Travis, described him as an “exceptionally bright and smart kid” who has “always been upstanding and never had any trouble with the law that I knew of.”
A man claiming to be Ulbricht’s current roommate, calling himself Jef Costello, was less surprised at first. “Dude was kinda vague about what he did for a living, so this isn’t too surprising, I guess,” he wrote on the Web site Hipinion, in a post titled “My housemate got arrested for hacking,” which has since been relegated to members-only access. When the site’s users mentioned Ulbricht’s name and linked him to the news articles, Costello’s reaction changed. “Fuuuuuccccck,” he wrote. “I have nothing to hide regarding all this, but I am still extremely shaken/anxious.”
Ulbricht’s staunch libertarian political stance, however, was well known. In 2010, his LinkedIn page was updated to state that his “goals have shifted” away from his background in chemical engineering, explaining that he was “creating an economic simulation to give people a first-hand experience of what it would be like to live in a world without the systemic use of force.”
As time went on, Ulbricht became more and more careless. The F.B.I. report suggests that in June of 2013, he began remotely administering the Silk Road server from an Internet café near his residence in San Francisco, without connecting to the anonymous Tor network. Then, on July 10, 2013, the F.B.I. claims that U.S. Customs and Border Protection intercepted a package addressed to Ulbricht’s apartment, which contained counterfeit identification documents with his picture on them. When agents from the Department of Homeland Security visited him, Ulbricht “refused to answer any questions” about the documents, but “volunteered that ‘hypothetically’ anyone could go to a website named ‘Silk Road’ on ‘Tor’ and purchase any drugs or fake identity documents the person wanted,” according to the criminal complaint.
If the F.B.I.’s allegations are true, they suggest that Silk Road was ultimately undone by its owner’s promotional zeal and professional carelessness. But there’s little reason to believe another site with a more cautious steward couldn’t become the next digital drug bazaar; competitors like Black Market Reloaded already have customer bases of their own, and the drug site Atlantis seemed to pose a direct threat to Silk Road, before mysteriously closing down for “security reasons.” Luckily, for those who use anonymity for legitimate purposes, the Silk Road’s bust probably isn’t a blow to the integrity of anonymous networks—it’s a testament to the fallibility of the humans who operate within them.