San Francisco: It’s a Tuesday afternoon in early October and 29-year-old Ross Ulbricht decides to visit the local library in Glen Park, close to the neighbourhood where he shares an apartment with three friends. The Californian sun is partly covered by clouds, but it’s still 20 degrees, and for many on the streets around him, warm enough for t-shirts. Inside the library, Ulbricht finds a place to sit, opens his laptop, connects to the wireless internet, and activates ‘Tor’ – a computer program that sends internet traffic through several randomly chosen computers and thus makes it very difficult for authorities and anyone else to trace one’s digital activities. Next he logs on to the online marketplace Silk Road, and as the administrator he has access to a page with statistics of the trade. The numbers tell him that he’s a rich man – people all over the world have used his website to buy and sell narcotics, and as the facilitator of the trade he has taken an average of seven percent in commission. That’s more than enough to make him a millionaire.
A quarter past three on the same Tuesday afternoon, everything changes for the 29-year-old. FBI officers storm the library, keep Ulbricht away from his laptop, confiscate it while he’s still logged into the marketplace, and cuff him. In his nearby home they find computer servers loaded with additional information about his online activities, and the marketplace is shut down. Thousands of people lose their money – unlike markets like eBay and Amazon, users of the Silk Road had to upload money to their accounts before making a purchase, and the transactions between customers and dealers also travel through the marketplace – but no-one loses more than Ulbricht. FBI confiscates as much as 144,000 of his Bitcoins, a digital currency which prior to his arrest amounted to USD18.3 million.
Silk Road’s discussion forum remains open for several weeks after the FBI shutdown, and vendors and customers get together. The forum moderator Libertas, who claims to know Ulbricht in person, addresses the community: “Ladies and gentlemen, brothers and sisters in arms. It is with a heavy heart that I come before you today. A heart filled with sadness for the infringements of our freedoms by government oppressors, and a heart filled with sadness for the pain that all of you whom have lost everything are feeling. Silk Road has fallen.”
Six days following this statement, a team consisting of Libertas and a handful of other people introduce a new online forum, and more than 3000 individuals migrate there the same month. Vendors who operated at the closed marketplace are told they will be able to continue their business as soon as a new marketplace is ready, and on November 6, barely a month after the arrest of Ulbricht, Silk Road’s reincarnation opens. In the words of the new leader: “Dear Community. It is with great joy that I announce the next chapter of our journey. Silk Road has risen from the ashes, and is now ready and waiting for you all to return home.”
A Norway-based drug dealer who was active on the previous Silk Road and is back online with its reincarnation says that he supports the ideology, although not as strenuously as many others. “To be honest, the main reason I’m doing this is to make money.” He says that he’s selling drugs to finance medical treatment of a family member. “I can’t accept that the social safety net fails me like this; that’s why I find myown way of getting the money I need. I have no interest in discussing whether it’s the ‘right’ thing to do; it’s the right thing to do for me.”
A British dealer who also has vending experience from the previous marketplace and now is active at the new Silk Road says online marketplaces like these are here to stay. “This is not an idea or fad that will simply die with the fall of one man. What Ross Ulbricht created is an idea, a new way of operating in the drug market. He brought convenience, quality and security to a world that had none.” He says that Silk Road 2 was a contingency plan in the heads of many before Silk Road 1 fell, and that a third version of the marketplace will rise if the current one falls. He and his colleagues specialise in hash and opium, and he says he “ran a largish operation for quite a few years” before moving his business activities online. And it has transformed the job, he says. “Our goals are different. Here you can make structured plans,attainable goals; you can expand in a controlled manner. As for ‘in real life’ selling, that is a definite no, even to close friends, family. Even drug use in public, our security policy prohibits this strongly.” And although all business is done in full anonymity, the Silk Road community can be affectionate. “I love them; they are like family to me. It’s more than a business. I changed my life to be here fighting in this revolution, as did many. I value their opinions, and as a vendor we are heavily involved in the community, and I would say that around 40 per cent of all active buyers frequent the forums.” He explains that the community serves many functions for all involved parts, “to alert, to protect, to advise. It’s a wealth of information there. Many of us talk on a daily basis, and we are friends in the real sense of the word. An analogy would be that the community is my extended family and friends – they provide emotional support to what is a very hard job, they make me laugh, they help with problems. The spirit our community carries is stronger, more resilient and more beautiful than any I have come across in real life.”
The Norwegian drug dealer, like his British colleague, doesn’t sell anything offline. “I have no contact with any milieu where I can sell my products, outside of the internet. I have no desire to risk exposure in milieus the police might know of.” A person who states that he is an “international cocaine and MDMA vendor” tells us that he also keeps all business online, and that he, like the Norwegian, has zero experience with offline dealing. “Never before and no I don’t sell drugs offline,” he says. Besides the money, he says that being part of the Silk Road community is a motivation in itself. “Believe it or not, I just like being a part of the community in one way or another. This is my home.”
Back in 2011, Ross Ulbricht wrote a job advertisement in an open discussion forum for Bitcoin enthusiasts, and signed it with his personal email address. That was the key mistake that lead the FBI on to him – a human error, not faulty technology. The team behind Tor, which is entirely legal, said in the aftermath of theSilk Road shutdown: “We’ve been watching carefully to try to learn if there are any flaws with Tor that we need to correct. So far, nothing about this case makes us think that there are new ways to compromise Tor. The FBI says that their suspect made mistakes in operational security and was found through actual detective work.”
That FBI is now in possession of the servers of the old marketplace, and thus also millions of exchanges between customers and vendors, has led to increased security measures for the Silk Road team. Customers who order drugs will now have to encrypt their addresses, and communications about sensitive issues are also encrypted. When we contacted drug dealers with our questions, for example, the responses we got were encrypted with PGP, or Pretty Good Privacy, a data encryption and decryption program that has become the community standard. It’s a free and yet extremely powerful tool that turns a simple message in plain English into thousands of (seemingly) randomized letters and numbers. In practice, this means that if FBI or law enforcement in other parts of the world somehow gets access to the servers of the new Silk Road, just as they did with the old one after arresting Ulbricht, the messages will be unreadable. The only way encrypted messages can be turned back into readable text is if the sender or receiver reveals his or her decryption key and personal password.
One might think that cracking encryption technology that dates back to 1991 should be a cakewalk for the world’s most powerful intelligence agencies, considering their technical expertise and massive supercomputers. But it isn’t, says Håvard Raddum, cryptologist and postdoc at Simula Research Laboratory in Norway. “Cracking PGP is impossible,” he says. “The reason we’re so sure is that academics are trying to break this technology all the time, and I’m one of them. We’re not even close.” Raddum adds that you could probably get the content of an encrypted message if you somehow manage to plant spyware on the computer the message is being sent from or to, as people will in most cases store their passwords and decryption keys somewhere, “but if encrypted text is the only thing you have to work with, then not even the NSA will be able to crack the message.”
Besides increasing the use of encryption, Silk Road’s leadership have beefed up security by recruiting hackers. In a job advertisement posted last year, they looked for a person who could dedicate 4-8 hours a day to look for security holes in the marketplace’s structure, for a weekly salary of USD 1,000, plus bonus payments. There are also job ads for computer programmers who can assist in further developments and improvements of the services they offer, and persons who contribute to keeping a full overview of arrests that are related to the Silk Road will also be paid for their efforts.
Three weeks after Silk Road’s resurrection the police raids a home in the Irish town of Wicklow, south of Dublin.They arrest a 25-year-old who on the Silk Road goes by the name Libertas – the same man who was instrumental in the transition from the old marketplace to the new. Synchronised operations are executed in Virginia, USA, and Brisbane, Australia, and two more men are put behind bars. The news reach the Silk Road forum long before any media report, and disbelief is the initial reaction. As it becomes clear that this did indeed happen, the remaining moderators freeze the accounts of the three arrested men. A few days later, the leader of the marketplace disappears.
In the aftermath of all the bad news, several forum veterans are promoted to assist the drastically reduced staff. Meanwhile, the leadership reach out to the community and state that the arrests did not results from leaks, infiltration or exploited weaknesses in the technology – whatever information the law enforcement had to act upon, they say, must have come from the servers that were confiscated shortly after the arrest of Ulbricht. Or that Ulbricht himself has “ratted them out”.
Buying from cops is OK
Law enforcement might be, and probably is, working hard to infiltrate the new marketplace and its online community, if they haven’t done so already. But community members are often reminded that if they use the technology right, and don’t reveal any information that can prove that it was actually they who ordered or sold illegal substances, they will be safe. In the words of Defcon, the current leader of the Silk Road: ”Use all marketplaces with the assumption that they are compromised, and you’ll be safe no matter what.”
More than 34,000 people have joined the new Silk Road forum since the arrest of Ulbricht in October last year, and although there are no available figures on the member count of the actual marketplace, it is likely to be much higher. Many customers want to avoid having to buy drugs on the street, and despite the fact that the online dealers are all anonymous, buying from them might be perceived as safer when they have received positive feedback from hundreds of other customers, and an online community informs of do’s and don’ts. For those who wish to limit drug use in society, technologically sophisticated marketplaces like Silk Road represent an enormous challenge. Silk Road has so far shown that it will not be brought down by law enforcement – for every arrest, new leaders arise, driven by profit motives or ideology or both, and with the help of PGP encryption, sophisticated computer software, and unknowing mailmen, the show will go on.
Tor and China
The same technology that makes online drug dealing possible is also an essential tool in countries where freedom of speech is repressed and in countries where government control of internet is tight, such as Iran, China and Turkey, where the government recently introduced new internet laws. According to one estimate, China’s internet police has between 30,000 and 50,000 employees, and what’s often referred to as “the Great Firewall of China” is probably the world’s most sophisticated system for internet censorship. Persons who express strong opinions about political reform and human rights issues might be censored in the country’s search engines and could face arrest. According to Global Voices, a website dedicated to “protecting freedom of expression and free access to information online”, more than 5,000 Chinese citizens were arrested in 2012 due to their internet activities. Reports suggests that this is not going to change any time soon – according to the BBC, media and internet censorship has tightened dramatically since Xi Jinping became president last year.
Tor was one way to circumvent the Chinese firewall. “It used to work for a very long time since it was founded in 2004, but unfortunately not anymore,” says Philipp Winter. He is the lead author of a research paper on Tor as a tool for censorship circumvention in China. Over the phone from his office in Sweden, he explains how China managed to block the program. “The Great Firewall of China has several interesting strategies. They are basically able to scan foreign traffic and look for signatures that would indicate that Tor is being used, and if it is, they block those IP addresses and TCP ports.” By blocking the nodes Tor uses to reroute internet traffic, one by one, they have effectively made the program useless in the country, although there are thousands of such nodes. “They somehow manage to block most of them.”
Don’t trust VPNs
People have also relied on virtual private networks to get around the firewall, but such a VPN service is less safe. “To get privacy on a VPN you need to trust the VPN provider, because they see where you’re going, where you’re coming from, and what you’re doing,” Winter says. “That’s a problem, because you can’t trust them. And this is where Tor comes in.” He explains that Tor is designed to maximise privacy. Internet traffic is sent through three hubs that are randomly picked from geographically spread locations. “We can’t have 100 per cent protection, but we’re trying to give the control into the hands of as many diverse people as possible to basically minimise the probability of them colluding against you.” This means that even if the Chinese government controlled all Tor hubs in China, or the NSA controlled all Tor hubs in the US, it wouldn’t be enough to have a full overview of the traffic. This is essential, because “if you control the first hub, you see who connects, but you don’t see where they’re going. And if you control the last hub, you see where they’re going, but not where they’re coming from.” If you control the middle hub you see neither the website the user is trying to reach, nor the IP address of the user. “This is the good thing about Tor – it should be very hard to link these two things.”
Winter says there are ways to outsmart the Chinese internet police, at least temporarily. “There are different strategies for circumvention. One is to make a protocol like Tor look like something else. There was a research project in which people tried to make Tor look like Skype, so that if somebody spies on you and your internet connection, it looks like you’re having a Skype video call and not like you’re connected to Tor.” This would mean that if the authorities want to block all Tor traffic, it will also block Skype. “Blocking Skype would be a big step for China. Many would be affected, and ultimately it might be too costly.”
Winter argues that you could even try and make Tor look like regular HTTP traffic, so that if you block Tor you block the entire internet, which you couldn’t do. “Basically you can say that we give them fewer and fewer options. Every time they catch up with what we are doing, they upset their people more and more, and ultimately it’s an arms race.”
Funding from the US
Tor receives financial support from various sources, including Swedish International Development Cooperation Agency (SIDA), The Ford Foundation, Princeton University, and the U.S. Department of State. Michael Otto works for SIDA and says the government agency has contributed with around 5 million Swedish kronor (ca. € 550.000). “Our goal is to help men and women in countries where there are human rights violations and a deficit of democracy, so they can express themselves freely,” he says. “We give political dissidents the opportunity to use the internet anonymously, and thus they avoid reprisals.”
Robbery on the Silk Road
Avoiding ‘reprisals’ is also of pivotal concern for everyone involved in Silk Road’s activities, although they are breaking different laws. “I don’t trust anyone,” says the Norwegian drug dealer we spoke to. “But as long as one is just a small fish in the pond, the code cracking and search for IP addresses will demand so many resources that it just won’t be worth the effort for the law enforcement – hopefully.” He explains that he really does trust the technology, but as “it’s probably impossible to never leave any traces behind. I think that everyone can, in principle, be caught. It’s naive to think that you can do everything right, all the time.”
The marketplace’s current leader, Defcon, has stated that he himself takes security, or OPSEC as it is called in the community lingo, to extreme levels. “Any time you see me online it means I have completed a checklist which requires over an hour of preparation for me to reposition and reconfigure many things, to ensure I leave the most minimal trail possible and can ‘safely’ connect to this place. This job will never be safe, and it is impossible to be perfectly covert. I know what I am facing, both from law enforcement and from vendors who do not share my opinions of non-violence.”
It is due to meticulousness like this that Silk Road 2 has earned a reputation of being the fortress of the darknet, a reputation that was smashed on February 13th this year. “I am sweating as I write this,” Defcon begins in an announcement that was posted on the same day. “I held myself to a high standard as your leader, yet now I must utter words all too familiar to this scarred community: We have been hacked. Nobody is in danger, no information has been leaked, and server access was never obtained by the attacker. Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as ‘transaction malleability’ to repeatedly withdraw coins from our system until it was completely empty.” The hacker, Defcon claims, stole more than 2.7 million dollars worth of Bitcoins, and nearly half of Silk Roads customers and vendors lost at least some of their funds.
Mt. Gox also hacked
In the aftermath of this, the Silk Road staff is faced with a tremendous public relations challenge. The claim that the weakness was in the Bitcoin payment system itself, not the structure of the marketplace, is technical and hard to sell, but two of the world’s largest (and perfectly legal) Bitcoin exchanges were shut down earlier the same month to fix this particular error, and the largest of the two, Mt. Gox, recently filed for bankruptcy after it revealed that it had been robbed by hackers. Defcon’s message is a familiar tone in the young history of darknet markets, and in the case of this particular marketplace, such bad news is typically followed by despair, technological improvements, and promises of a safer future. The fall of Silk Road 1 introduced a new team that drastically beefed up security measures, and now a so-called “multiple signature” payment system will be implemented. With this, the customer sends his or her Bitcoins to the seller, while notifying a third party. The funds will not reach its destination until two out of the three parties involved in the transaction agree to it, and in practice this means that the third party, which in this case may be Silk Road, will not be able to run away with the money unless either the customer or the vendor permits it. And if Silk Road shuts down, or is shut down by law enforcement, customers and vendors can fulfil the transaction on their own.
But the biggest surprise after the theft is Silk Road’s pledge to undo the financial damage that was done to all vendors and customers. “This administration will not earn any commissions until everyone is completely paid back,” Defcon writes in another statement. “All items will be priced at a flat 5 per cent commission that will go directly into victims’ balances upon purchase. (…) I don’t care how long it takes or how expensive it is, we will fight to get this community repaid.”
The community responds positively: “I hope this happens. I think it will. It needs to,” comments Eddiebastard. “Hats off to you and the team. I have refrained on many aspects of this whole scenario and I knew it from the start it was not as it seemed. I am glad to be a part of this movement and always have been, as a very successful vendor,” adds The All Seeing EyE. Another member expresses a sentiment shared by many others: “SR2 has been a scam since its inception! Move on people. If you stay you will get burned again,” writes TinFoilHat053.
While members of the Silk Road community are licking their wounds, other markets in the darknet are growing, and two ‘yellow pages’, directories of trusted vendors and their contact information, are all of a sudden tremendously useful for customers and dealers who no-longer trust their money with any market, and an independent online forum with a strict ‘no trade’ policy is founded as well, as a digital hideout where people can meet if or when the Silk Road is shut down. The community will outlive this particular marketplace, and if the staff fulfils its pledge to pay back the 2.7 million dollars, then we are either talking about long-term thinking businessmen or a team that truly is revolutionary.
Image via Flickr