4 important lessons learned from the Silk Road smackdown

The takedown of the Net's most notorious website has all the makings of a Hollywood movie

Law enforcement has finally caught up with the notorious Silk Road underground market, and reporters are having a field day writing about an incredible story as revealed by federal investigators.

Rife with drug trafficking, secretive Internet sites, and assassins for hire, Silk Road's tale is a crypto-crime story of epic proportions. But Silk Road is more than just a fascinating yarn: The site's demise also has a lot to teach us about our current digital environment, especially when it comes to online security.

Here are four key takeaways from the end of Silk Road and the Dread Pirate Roberts.

It's about the crimes, not the tech

An oft-cited fact about Silk Road is that it was part of the ominous-sounding "Darknet," a secretive, hidden part of the web that's unseen by search engines like Google and only reachable with the help of the anonymizing Tor software.

But Heisenberg-proportion criminal enterprises conducted in a crypto-laden back alley tell only half the story of the so-called Darknet.

"It's essential that the use of encryption, anonymization techniques, and other privacy practices is not deemed a suspicious activity," the Electronic Frontier Foundation said in a recent blog post. "Rather, it must be recognized as an essential element for practicing freedom of speech in a digital environment."

Beyond criminal enterprises, is also used by activists in parts of the world where speaking freely is impossible. Tor is even recommended by security experts as a good tool to use for anyone that objects to the U.S. National Security Agency's reported surveillance activities.

[Now read: Meet the Darknet, the hidden, anonymous underbelly of the Web]

Endpoint security will get you in the end

Assuming the case goes to trial, some of the data tying Ulbricht to the Silk Road will likely come from his own computer. FBI agents arrested Ulbricht and seized his laptop only after he had turned on his laptop and entered his passwords, according to a report by Ars Technica. Presumably, Ulbricht had encrypted data on his laptop, which the feds wanted to have in a decrypted state before arresting him.

"Endpoints" like PCs and mobile devices are some of the hardest things to secure, because this is where data ends up sitting unencrypted and thus are choice targets for attackers. Agencies such as the NSA reportedly have a variety of exploits at their disposal to break into everything from iPhones to laptops running Ubuntu.

"What I took away from reading the Snowden documents," security expert Bruce Schneier wrote in a recent Guardian column referring to information supplied by NSA whistleblower Edward Snowden, "Was that if the NSA wants in to your computer, it's in. Period."

In Ulbricht's case, law enforcement didn't need to rely on any technical tricks to attack his laptop: They just snuck up on him after his data was exposed. Nevertheless, it's a reminder that if you don't secure the devices where you read protected data as best you can, no amount of encryption will help you.

[Now read: Here's how to best secure your data now that the NSA can crack almost any encryption]

Your online past really can come back to haunt you

In the search for the Dread Pirate Roberts, one of the earliest breaks in the case came when investigators discovered posts by Ulbricht on coding Q&A site Stack Overflow. The posts were questions that related to technology problems faced by Silk Road--and Ulbricht originally posted them using his own name. Ulbricht later changed his posts to the username "Frosty." That name that shows up in the encryption code on a Silk Road server. Double d'oh.

Ulbricht was also tripped up by Silk Road-related posts under the online pseudonym Altoid, including a post where Altoid directs people to get in touch with him at "rossulbricht at gmail dot com." That Gmail address eventually allowed authorities to link Ulbricht to VPN service used by the Dread Pirate Roberts.

Be careful what you post online folks. Even if you don't fancy yourself the online equivalent of John Dillinger, oversharing on social networks can cost you friends and potential employment opportunities down the line.

[Now read:How (and why) to surf the Web in secret]

Bitcoin sure is volatile

Following Ulbricht's arrest, Bitcoin value plummeted by 8.6 percent, according to the Financial Times, ending trading on Wednesday at $128 per Bitcoin falling from $141. At this writing, Bitcoin was trading around $124.

It appears the Silk Road bust may have sunk Bitcoin due to the digital currency's association with the online black market. The indictment against Ulbricht revealed that Silk Road brought in over $1 billion in sales, all traded in Bitcoin.

That said, Bitcoin frequently has erratic price changes. In April, Bitcoin exchange Mt. Gox said it was fighting off a denial of service attack designed to affect the value of Bitcoin. In June, Bitcoin prices dropped over fears that another DDoS attack, when in reality Mt. Gox was hit with a surge of interest in Bitcoin from new users.

Bitcoin is a really neat idea, but with the currency subject to volatile price swings, it's a long way from becoming the magic crypto-anarchist currency that some Bitcoin advocates dream of. But as Reuters' Felix Salmon points out, losing the association with Silk Road may actually help Bitcoin gain more legitimacy.

[Now read:7 things you need to know about Bitcoin.]

Hollywood calling

Who knows what else we'll learn about the Silk Road case as Ulbricht's case weaves its way through the courts? No matter what else gets dragged into the light, one thing's for certain: With an incredible tale that includes drugs, weapons, hacking, a secret Internet, and murder for hire, The Ballad of the Dread Pirate Roberts is going to make an incredible movie one day.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityBitcoinprivacy

More about Electronic Frontier FoundationFacebookFBIGoogleNational Security AgencyNSAReuters AustraliaUbuntu

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place