Silk Road bust demonstrates feds penetration of Deepnet

By shutting down the notorious Silk Road criminal marketplace, federal law enforcement is succeeding at infiltrating the most sinister areas of the hidden Internet, experts say.

[Espionage campaign targeting Asian supply chains uncovered]

On Tuesday, the Federal Bureau of Investigation arrested in San Francisco Ross William Ulbricht, 29, alleged owner and mastermind of the infamous site, according to a complaint filed by the U.S. Attorney’s Office in New York. Ulbricht, a.k.a. Dread Pirate Roberts, has been charged with conspiring to money launder, hack computers and traffic in narcotics.

Sellers on Silk Road primarily traded in illegal drugs with thousands of listings for marijuana, LSD, heroin, cocaine, methamphetamine and ecstasy. To a less extent, the site was also used in selling malware, exploit tools, stolen credit card numbers, fake driver’s licenses, passports and social security cards. It also distributed child pornography and even offered hitmen-for-hire services.

Like many other criminal enterprises, the site operated on the Tor anonymity network, which directs traffic through a volunteer network of more than 3,000 relays that make it extremely difficult to trace Internet activity. While used by political activists to avoid government surveillance, Tor has also become a hiding place, called the Deepnet, for the vilest criminal activity.

There are indicators that the FBI is becoming more adept at penetrating the Tor shield. News media reported last month that the agency may have been behind a malware attack against Freedom Hosting, an ultra-anonymous hosting service suspected of allowing child pornography on its servers, according to Wired.

Silk Road’s downfall appears to be linked to human error. Nicholas Weaver, a researcher at the International Computer Sciences Institute, told the security blog KrebsonSecurity, that court filings indicate Ulbricht failed to use encryption for all communications and administered Silk Road outside of Tor.

He also is alleged to have used his Gmail address in promoting Silk Road on an online forum. The contents of the email address were later subpoenaed by law enforcement.

In comparing the Silk Road and Freedom Hosting cases, the FBI appears to be making headway on two fronts when entering the darkest reaches of the Internet.

[Mac Trojan linked to Syrian Electronic Army shuttered]

“That particular case (Freedom Hosting) is the use of technology with the sole intent of identifying individuals behind crime,” Raj Samani, vice president and chief technology officer for McAfee in Europe, said.

“This particular case was less the technology, but more with regards to good police work and human error on the part of the individual.”

Nevertheless, the FBI’s ability to find Silk Road, make dozens of undercover purchases on the site and trace the site’s use of the virtual currency Bitcoin for trading in goods and services, was impressive, Bogdan Botezatu, security researcher for Bitdefender, said.

“They’re technologically capable of doing awesome things,” he said.

The recent FBI activity also indicates that the agency’s cybercrime focus is widening, Will Gragido, senior manager of Threat Research Intelligence at RSA, said. In the past, the agency investigated mostly operators of botnets or trading forums for stolen credit card numbers. Now, the agency is going much deeper and sending a new message to criminals.

“Based on the type of activity on Silk Road, they’re focused on a more sinister form of criminality, and I think that’s very important (for criminals) to be cognizant of and sends a very powerful message from a law enforcement perspective,” Gragido said.

In terms of the immediate impact on criminal activity on the Deepnet, experts believe sellers and buyers of goods and services will eventually move to new marketplaces that are sure to launch on Tor to fill the gap left by Silk Road’s demise.

“For the first couple of weeks, things may slow, as the trust model will not have been established yet,” Michael Callahan, vice president of global product marketing for Juniper Networks, said.

“However, word will start to spread as to which one of these new sites is trustworthy.”