
Police crack down on Silk Road following first drug dealer conviction - iProject
http://arstechnica.com/tech-policy/2013/02/police-crack-down-on-silk-road-following-first-drug-dealer-conviction/
======
squidsoup
Pause for a moment and consider that one can purchase narcotics from an
anonymised network using virtual money. There's no need to read speculative
science fiction these days, you can just read the news.

~~~
betterunix
Those drugs still have to be shipped via a real postal system. Speculative
scifi suggests that I will have a machine in my house that will produce drugs
on the fly, with chemical reactions that are controlled by software.

~~~
michaelbuckbee
No need to wait for 3D printing, last night I was reading a short story [1] in
which the players in an ARG earned experience points via the hand delivery of
items from one player to another in the real world forming an alternative
delivery system from the postal carriers.

Similarly, in Daniel Suarez's Daemon [2] he describes how a series of net
connected people pass around individual parts that they have no idea the
purpose of until they all get delivered to one guy who assembles them into a
gun.

1 - <http://www.amazon.com/Metatropolis-John-Scalzi/dp/B0058M5ZJ6> \- "The Red
in the Sky is Our Blood"

2 - <http://www.amazon.com/Daemon-ebook/dp/B003QP4NPE/>

~~~
dobbsbob
On the orig bitcointalk thread when SR first advertised there somebody
suggested this kind of a network and there's 20 pages of replies why this wont
work for narcotics the biggest reason being theft downline the second being
arrested with a ton of drugs and authorities wont care you were in an
anonymous network you are getting a major trafficking charge

------
ahi
Sounds like the police got lucky at customs. Apparently, "buy local" is a must
when it comes to drugs.

~~~
Cushman
Well, buy domestic. USPS only, to be precise.

~~~
RobertHoudin
Can you explain what you mean, please?

~~~
Cushman
One of the reasons the Silk Road operates in the relative open with such
impunity is because of the absurdly low probability that a small quantity of
well-packaged drugs will be detected unless they pass through customs. The
USPS is especially good since it extends Fourth Amendment protections to
parcels, which the commercial carriers don't need to do.

------
anonymous
I'd like some clarification on Tor, please. Namely, how can the silkroad's
site operate without the owners being detected? AFAIK Tor has its own DNS with
<hash>.onion, but don't those resolve to regular IPs? And if police have a
normal everyday IP, can't they just imprison the site's owners directly?

~~~
throwaway125
<https://www.torproject.org/docs/hidden-services.html.en>

tl;dr hidden services are anonymous

~~~
Natsu
If they're smart, they'll just focus on compromising the site itself or using
fake buyers/sellers. There are tons of ways to attack a site like that which
do not rely on attacking tor.

~~~
Devilboy
Like what?

~~~
Natsu
Compromise the site itself & gather information. Catch & turn real sellers.
Crapflood it with fake buyers/sellers making it less useful. Order drugs &
gather forensic info from the packages. Try to trace the money trail via the
bitcoin block chain. While bitcoin is nominally anonymous, I believe there was
an article a while back about how easy it is to accidentally deanonymize your
bitcoins (see <https://en.bitcoin.it/wiki/Weaknesses> for example). Heck,
agree to sell someone drugs and actually send them flour + a GPS/camera if you
want to go that route.

For the most part, just go after the weak human links in the chain and use
standard anti-network tactics like turning people into informants and
isolating everyone via mistrust.

Heck, they could just start scamming folks on the site. Create lots of new
sellers, never deliver the promised drugs. BTC aren't revokable, so you can
just rob them blind. The marketplace requires trust and there are lots of ways
to break that. Yes, they could start building escrow services and the like,
but those just create new avenues for attack.

With a little imagination, this could be used by the police as a giant
honeypot.

~~~
lwat
> Compromise the site itself & gather information.

Yea good luck with that!

> Catch & turn real sellers.

How would you do that? This seller got caught because he was a buyer too.
People only selling on silk road can't be caught unless they do something
really really stupid. And even if you do catch a seller what does that get
you? Nothing! You're no closer to closing down Silk Road itself.

> Crapflood it with fake buyers/sellers making it less useful.

You can't be a fake buyer. Buyers must pony up the bitcoin up front and so
that only helps sellers. Who cares where the actual drugs went, the seller got
his money. Fake sellers are quickly caught out because of the reputation
system. Buyers already know which sellers are reputable, they'll just keep
buying from them. You can't do anything about that.

> Order drugs & gather forensic info from the packages.

This just targets individual sellers and won't do anything to stop Silk Road.
Especially if the sellers are overseas.

> Heck, agree to sell someone drugs and actually send them flour + a
> GPS/camera if you want to go that route.

Yes buyers are vulnerable and always will be on Silk Road. That doesn't stop
anyone and you'll usually only bust small time users which is a waste of
resources.

>For the most part, just go after the weak human links in the chain and use
standard anti-network tactics like turning people into informants and
isolating everyone via mistrust.

Informants are useless. No seller can help you take down Silk Road because no
seller knows where it's hosted or who is running it.

> Heck, they could just start scamming folks on the site.

Reputation systems stop this. Buyers only buy from reputable sellers.

> With a little imagination, this could be used by the police as a giant
> honeypot.

I don't see it.

~~~
Natsu
Well, for one, you can get forensics from the packages. They may be good, but
I wonder if they're perfect. It's likely that they use similar methods most of
the time.

If you're flooding them with fake sellers, it's going to be hard for new
sellers to gain rep. Especially if you're leaving fake feedback, too.

By 'informants' I mean that you take over their Silk Road account and sell
with their reputation. Turning people one at a time isn't useless if you make
people afraid to use the site or to trust new sellers, then each seller you
bust leaves them one less trusted place to turn to.

Reputation systems only work if there's a trusted authority to decide them or
if there's more legit feedback than fake. It's not as though there are no ways
to create fake accounts en masse. And it's not like a TOR hidden service can
tell where the accounts are being spam registered from.

Overall, it's a cat-and-mouse game, but I don't see why it's fundamentally
intractable.

------
DanBC
I never know from stories like this if law enforcement are hopelessly clueless
or if they do know what they're doing but just not releasing details.

While the tech is probably secure it's easy for people to make mistakes that
leak information; and while NSA or GCHQ probably find it easy to get that
information they have no interest in doing so. So, do police agencies have
people who know enough about the mistakes people make with Tor and Bitcoin?

~~~
betterunix
"So, do police agencies have people who know enough about the mistakes people
make with Tor and Bitcoin?"

I met a researcher who did some work on attacking Tor, the results of which
were given to law enforcement agencies. He was a bit light on details, but the
basic idea of his approach was this:

1\. You narrow down the geographic location of your target. Not hard in the
case of the Silk Road, since there is a physical package being shipped.

2\. You connect to your target's system, and modulate the latency of packets
that you send. This is a covert channel.

3\. You have a van rolling around the geographic region you believe the target
to be in, and listen on wifi frequencies. When the covert channel is detected,
you home in until you have located the target computer.

Obviously you can defend against this sort of attack by just not using wifi,
although similar attacks at the ISP level are possible. Cover traffic helps
with this, assuming the covert channel has low tolerance to noise (this may
not be true; again, few details were given). It is also wise to avoid
connecting from your house, if possible, and to use a public location where
you can quickly shut down your laptop when you see the cops.

Or, you know, you could not sell large quantities of illegal drugs over the
Internet, since it is basically asking for trouble.

~~~
Cushman
Does this really work in the case of the Silk Road? Communication is
completely asynchronous, the people sending and receiving packages never make
a direct connection. You would need to find a geographic area for the server
itself, which is presumably a closely guarded secret.

~~~
betterunix
The researcher's original work was meant to crack down on child pornography
distribution, where the covert channel would be embedded in the download of a
video or large file of some sort.

In the case of the Silk road, the police would probably need to direct the
target to another website, and somehow convince the target to leave that
website open. Harder, yes, although probably not impossible -- one might, for
example, claim to be directing the target to a website where a PGP key is
being distributed, and then use Javascript to open a window in the background
(one of the many reasons why one should disable Javascript whenever they use
Tor). It is generally considered to be good advice not to follow off-site
links for something like Silk Road, but the reality is that most people who go
there are not experts on computer security and do not understand how Tor might
be attacked (consider, for example, this case:
<http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/> ). The police may
not be world-class cryptanalysts, but they are pretty good at tricking people.

~~~
Cushman
The challenge isn't locating or identifying average users, though, since
they'll gladly send you their name and address. The challenge is finding the
distributors, who are (presumably) more careful to follow the rules. It sounds
like this technique can't really do that in the general case.

~~~
betterunix
Even distributors probably do not know all the ways that Tor can be attacked.
Look at the Hushmail/DEA case: you had a reasonably big steroids distributor
using Hushmail, sending mountains of incriminating evidence through that
system apparently unaware that there was a major security problem. Is it
really so hard to believe that the police might be able to get a Silk Road
distributor to follow an off-site link?

~~~
Cushman
_A_ distributor, sure. Some people are that dumb. But enough to make a dent? I
doubt it.

There are site rules and best practices and distributors are ranked (among
other factors) on how well they keep to those. The rules say (among other
things) to only communicate through the site, to PGP encrypt any sensitive
information, and never to store any information longer than necessary to
complete the transaction. I'm not saying there are no possible attacks against
that surface, but I don't think the one you've described gets there.

Anyone who breaks those rules puts themselves and their customers at risk. If
a distributor got busted because they clicked an off-site link, I imagine the
community would say good riddance. And keep trading drugs.

------
dobbsbob
this was already posted here a few days ago and everybody agreed this guy was
a moron, and that no magic police tor tracing was used. He told them
everything when customs found a bunch of drugs in a box from the netherlands
with his name on it.

This definitely is not the first silk rd conviction plenty of ppl have been
nabbed by customs around the world if you read the forums just they were smart
enough not to say anything without a lawyer

------
jerguismi
Apparently SR forums gained almost 5000 new users last month.

<http://imgur.com/a/asNew>

The numbers from the store are unknown, and also I'm pretty sure it is very
difficult to get a realistic volume from the sales.

~~~
wmf
"We perform a comprehensive measurement analysis of Silk Road... We gather and
analyze data over eight months between the end of 2011 and 2012... We evaluate
the total revenue made by all sellers, from public listings, to slightly over
USD 1.2 million per month..." <http://arxiv.org/abs/1207.7139>

~~~
jerguismi
Yeah, I know about that study. I'm still very sceptical that their estimates
are realistic at all.

------
duaneb
There appears to be a lot of interest in the SR and not a lot of actual
success in cracking down. One guy is a tiny drop in the bucket of that site.

------
sliverstorm
Talk about bad press for Bitcoin. Silk Road is probably the number one reason
regular Joe's would ever hear them mentioned.

~~~
Cushman
Somebody help me out here: Isn't Silk Road also the number one reason Regular
Joe would _use_ bitcoin?

~~~
abrkn
Silk Road is a burden. Most serious Boitcoin discussion forums and chat
channels will ban you for mentioning it. We're trying to change how cash
transactions work, not help teens go to rave parties.

~~~
Cushman
That doesn't mean it's not true though, right?

I mean, help me along with this. Bitcoin is like cash, but you need to use a
computer. If I'm already using a computer, there are many reasons I might
prefer to use another payment system: Traceability, reversibility,
confirmability, et cetera. These are generally very useful features that
translate directly into me paying less for stuff.

It seems to me like for most people, the only real advantage to cash is that
it is anonymous, and the only reason most people need anonymity is if what
they're buying is actually illegal, and for most people that means drugs.

So if I'm an average guy with a job, a mortgage, and a credit card, if I pay
my taxes, and stop for pedestrians, and I like to drop acid occasionally, what
am I going to use bitcoin for?

~~~
analog
Some people don't like having everything they do tracked, just on principle.

Also, drugs aren't the only black market trade.

~~~
Cushman
Sure, but when there's an economic incentive to having things tracked most
people put up with it. I'm not saying drugs are the only thing _anyone_ would
use bitcoin for, just the most likely thing for the average person to.

~~~
analog
I think the cash economy is much larger than people just buying drugs.

Estimates of the size of shadow economies are between 14% and 22% of GDP in
the developed world. [1] I'm just guessing that's significantly larger than
the drug trade.

I disagree about the privacy issues as well, in some countries in Europe
people still remember governments using records to round people up.

[1] [http://www.voxeu.org/article/shadow-economies-around-
world-m...](http://www.voxeu.org/article/shadow-economies-around-world-model-
based-estimates)

------
umbrella
So he was caught importing drugs, told the police he ordered them from the
Silk Road and therefor the police are cracking down on the Silk Road.

