Silk Road bust demonstrates feds penetration of Deepnet

By shutting down the notorious Silk Road criminal marketplace, federal law enforcement is succeeding at infiltrating the most sinister areas of the hidden Internet, experts say.

[Espionage campaign targeting Asian supply chains uncovered]

On Tuesday, the Federal Bureau of Investigation arrested in San Francisco Ross William Ulbricht, 29, alleged owner and mastermind of the infamous site, according to a complaint filed by the U.S. Attorney's Office in New York. Ulbricht, a.k.a. Dread Pirate Roberts, has been charged with conspiring to money launder, hack computers and traffic in narcotics.

Sellers on Silk Road primarily traded in illegal drugs with thousands of listings for marijuana, LSD, heroin, cocaine, methamphetamine and ecstasy. To a less extent, the site was also used in selling malware, exploit tools, stolen credit card numbers, fake driver's licenses, passports and social security cards. It also distributed child pornography and even offered hitmen-for-hire services.

Like many other criminal enterprises, the site operated on the Tor anonymity network, which directs traffic through a volunteer network of more than 3,000 relays that make it extremely difficult to trace Internet activity. While used by political activists to avoid government surveillance, Tor has also become a hiding place, called the Deepnet, for the vilest criminal activity.

There are indicators that the FBI is becoming more adept at penetrating the Tor shield. News media reported last month that the agency may have been behind a malware attack against Freedom Hosting, an ultra-anonymous hosting service suspected of allowing child pornography on its servers, according to Wired.

Silk Road's downfall appears to be linked to human error. Nicholas Weaver, a researcher at the International Computer Sciences Institute, told the security blog KrebsonSecurity, that court filings indicate Ulbricht failed to use encryption for all communications and administered Silk Road outside of Tor.

He also is alleged to have used his Gmail address in promoting Silk Road on an online forum. The contents of the email address were later subpoenaed by law enforcement.

In comparing the Silk Road and Freedom Hosting cases, the FBI appears to be making headway on two fronts when entering the darkest reaches of the Internet.

[Mac Trojan linked to Syrian Electronic Army shuttered]

"That particular case (Freedom Hosting) is the use of technology with the sole intent of identifying individuals behind crime," Raj Samani, vice president and chief technology officer for McAfee in Europe, said.

"This particular case was less the technology, but more with regards to good police work and human error on the part of the individual."

Nevertheless, the FBI's ability to find Silk Road, make dozens of undercover purchases on the site and trace the site's use of the virtual currency Bitcoin for trading in goods and services, was impressive, Bogdan Botezatu, security researcher for Bitdefender, said.

"They're technologically capable of doing awesome things," he said.

The recent FBI activity also indicates that the agency's cybercrime focus is widening, Will Gragido, senior manager of Threat Research Intelligence at RSA, said. In the past, the agency investigated mostly operators of botnets or trading forums for stolen credit card numbers. Now, the agency is going much deeper and sending a new message to criminals.

"Based on the type of activity on Silk Road, they're focused on a more sinister form of criminality, and I think that's very important (for criminals) to be cognizant of and sends a very powerful message from a law enforcement perspective," Gragido said.

In terms of the immediate impact on criminal activity on the Deepnet, experts believe sellers and buyers of goods and services will eventually move to new marketplaces that are sure to launch on Tor to fill the gap left by Silk Road's demise.

"For the first couple of weeks, things may slow, as the trust model will not have been established yet," Michael Callahan, vice president of global product marketing for Juniper Networks, said.

"However, word will start to spread as to which one of these new sites is trustworthy."

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about FBIFederal Bureau of InvestigationJuniperJuniperMcAfee AustraliaRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place