It’s a case that’s captured everyone’s attention — pirates, drug trafficking, hit men, government intrigue. By now, few people haven’t heard about Silk Road, run by the now notorious Dread Pirate Roberts, a pseudonym from the film “The Princess Bride.” It’s an interesting next chapter to perhaps the biggest news story of 2013 — Edward Snowden’s revelations about NSA cyber snooping. Although there is new speculation about whether the FBI had help from the agency, it certainly showed the NSA that it too can flex its technology muscles, as it shut down purportedly a billion dollar illegal drugs website and nabbed its operator last week.
On Wednesday, Ross William Ulbricht, the alleged Silicon Valley-based mastermind, was ordered to New York City to face federal charges for running Silk Road. The site itself used sophisticated technology to keep ahead of the law. With the help of modern anonymizing software, it was able to operate under the radar and out of sight from law enforcement — or was it?
Silk Road was a secretive drug-dealing site as well as the home of other nefarious criminal activities. It operated in the underbelly of the Internet, the “dark web” that leverages Tor (The Onion Router) technology to obfuscate the website’s users and its operator. Until last week, many believed that Tor was unbreakable, or at least there were no known breaks.
As information comes to light about the NSA’s spying techniques, it is clear that the Feds have the ability to decipher most, if not all, of the encryption technology available today. Amazingly, this time last year, even most of us uber IT guys thought it was unbreakable. The furor over the NSA surveillance program has stirred a national debate, if not a global one. Knowing that governments can spy on us at will has implications for the bad guys — and the good guys.
It’s early in the prosecution of the Silk Road accused, so we know few technical details about how the FBI was able to track him down. And because of “national security interests,” we may never know. But according to the criminal complaint, the suspect made many “operational security mistakes” which led to his capture. The Tor project team was quick to say, “Tor can not protect you if you use your legal name on a public forum.” Apparently, Mr. Dread Pirate Roberts fell into the trap that many of us innocently do, namely, thinking that social networks are even remotely private. While much of the Dreads’ site was hardened via Tor, his postings on sites like LinkedIn and Google+ were inherent breaches in security.
Presumably, the cry to upgrade our workforces’ technical skills is being taken to heart by criminals too. The alleged operator of Silk Road was not your run-of-the-mill criminal but rather a degreed engineer and physicist who apparently has some IT skills as well. And like many technology companies, this billion dollar business operated in the preferred location of many high-tech companies, San Francisco, California.
Silk Road was designed using the popular anonymizing technology, Tor, which covers the tracks of its users, including their browsing history, identity and physical location. Tor, an open-sourced project, is at the core of Silk Road and is readily available to anyone as a free download. The Tor network passes web requests through a series of participating servers and uses randomly generated, non-readable URL addresses that ultimately hide client and server communications from unintended eyes. In fact, as the number of Tor users increases, the odds that someone could breach Tor-based communications becomes even lower.
With a plethora of technologies available to help criminals mask their online activities, it’s not surprising that more are going high-tech. Another technology ingredient that makes it difficult to uncover illegal marketplaces like Silk Road is Bitcoin — an internet monetary system that is not controlled by a central bank. When used in conjunction with Tor, there is no money trail, which has historically been an effective crime-solving technique. At the same time, Bitcoins can be converted to conventional offline currencies like the dollar or euros quite easily.
The Silk Road affair will no doubt reignite questions about online surveillance and spying. The government will say that without these abilities, they could not stop criminals like the Dread Pirate Roberts from hiding in the vast Internet. The rest of us will claim that government spying infringes on our civil liberties.
Ideally, there should be a happy medium to balance the government’s need to use technology for fighting crime and law abiding citizens’ right to privacy (personally, I’m less concerned about the rights of known criminals and criminal enterprises).
Score one for the Feds this week. It will be very interesting to see whether any collaboration between the two agencies comes to light. But you have to wonder what else they’ve got in their online spying arsenal, which they may very well already be using on the rest of us non-pirate Silicon Valley folk. Until we know, be smart about what you do and say online. And if you’re tempted to take a walk on the dark side, here’s the link to the Tor software.