Robbery on the Silk Road

1-10-14_FE0302_SilkRoad1
Users may have been fleeced and vendors arrested, but the online illegal drug bazaar is hard to kill REUTERS/Jessica Rinaldi

A few weeks before Christmas, the web’s biggest illegal-drug market announced it was taking a holiday, along with a substantial sum of other people’s money.

“Dread Pirate Roberts,” the self-appointed successor to the original (and now incarcerated) Dread Pirate Roberts wrote in the Silk Road’s forum section that all of the funds held in escrow – the safety mechanism that allows drug buyers to make sure they receive their shipments before releasing even a tenth of an encrypted bitcoin toward that gram of hash or LSD or MDMA – would be frozen, beginning December 22.

Then, six days after Santa had made his magical trip around the globe, he vowed that Silk Road would reboot, with better security measures, and everyone would get their money back.

It was an alarming move, even for the “dark web,” that collection of underground Internet sites trafficking in illegal online businesses via encrypted browsers. But some users of the Silk Road found the Pirate’s actions prudent.

Three months after the FBI shut down the original Silk Road, seizing 174,000 bitcoins and snatching up the original Dread Pirate Roberts – whom the government contends is a 29-year-old San Franciscan named Ross Ulbricht – the heat was still on. Agents have continued to make arrests, sweeping up both vendors and buyers of illegal drugs across the U.S., possibly with some help from the original “DPR” (as he’s known in the community), hoping to cut a deal.

Other dark-web drug sites have tried to fill the void left behind by Silk Road, a global Internet black marketplace that served nearly a million buyers and sellers of illegal drugs and did more than $1 billion of business – all in the encrypted online currency that is bitcoins – during its two-and-a-half-year run. One by one, dozens of those upstarts have gone poof – they were either scams or, as the law came sniffing, their admins absconded with millions of coke-tinged virtual greenbacks on the way out the virtual back door.

Silk Road 2.0, which looks exactly like the old Silk Road, was supposed to be better, safer, more secure. An undisclosed number of “staff” had supposedly implemented new security protocols designed to prevent anyone from stealing another’s bitcoins and make sure DEA agents didn’t come banging on their actual doors in the dead of night.

“They may have sunk one ship, but now they have awoken the kraken,” wrote the new “captain” at the site’s launch in early November, invoking the mythical sea monster from that classic stoner fantasy flick Clash of the Titans. In an interview last month with Forbes, Roberts 2.0 boasted that the site’s heavily guarded source code had been sprinkled across 500 locations in 17 countries around the world to ward off a government shutdown or, at worst, allow for a rapid reboot. Silk Road 2.0, he insisted, was “out of the range of even entire groups of nations to properly contain... Whack-a-mole will not work.”

Buyers and sellers quickly returned to the site, and Silk Road was once again the world’s biggest online illegal drug bazaar, offering more than 3,000 illicit vices, including drugs, weapons, forgeries and hookers.

The concept is a pretty enticing one for people without reliable brick-and-mortar drug dealers: Vendors are rated, just like on eBay, and buyers leave comments about the quality of the drugs they bought from “Half Baked” or “Technohippy,” how fast the shipping was, how “stealth” the packaging. It’s fairly easy to enter, too, requiring gumption but not many tech chops: Download Tor, the only browser that can access Silk Road, choose a member name and password, buy some bitcoins, shift them into your Silk Road wallet and a smorgasbord of contraband awaits.

But vendors kept winding up in handcuffs for charges stemming from the investigation into the original Silk Road but also from surveillance of the new one: Last month, the FBI told Mashable that agents arrested a suspected moderator of Silk Road 2, and TechCrunch reported that another top moderator was behind bars as well. It was in the wake of those arrests that the new DPR announced a hiatus.

For the troglodytes still buying weed from their college dorm dealer, all these developments may have gone unnoticed. But on the dark web, many have been anxiously watching all this for months. Then came another dramatic announcement: Halfway through the planned Christmas holiday, another Silk Road admin, who called himself Defcon, posted a bulletin that said DPR II was AWOL, and that escrow money – potentially tens of thousands of dollars’ worth of bitcoins – had evaporated. The only person who could retrieve the cash was Dread Pirate Roberts, also missing. “Three of our crew were lost,” Defcon wrote, “and our captain was forced into exile.”

The announcement plunged the site’s community into a panic. Escrow is what makes these online drug deals “safe.” If somebody can just pilfer the escrow, the whole system is doomed. And if Silk Road is broken, who can be trusted? Is the budding empire of online drugs on the verge of collapse?

These topics are among a fascinating series of threads on a Reddit board devoted to all things Silk Road, where irate drug buyers and sellers float one conspiracy after the next about what happened to that escrow money, where Dread Pirate Roberts went and who stands behind the curtain now.

One theory held that Dread Pirate Roberts never left the site, that the whole Christmas holiday thing was a heist, allowing DPR to siphon off as much as $100,000 from the escrow fund and assure everyone this’ll never happen again. Another, more ominous notion: Law enforcement, with Ulbricht’s help, has been running the new Silk Road all along. We already know Ulbricht is discussing a plea deal with the feds. Why wouldn’t he turn over the programming to further weasel his way out of trouble and then maybe even help the feds relaunch it, so they could keep gathering evidence on drug dealers and keep making arrests?

Robert, a 20-year-old student in West Virginia who sold Xanax and Adderall on the old Silk Road and has been watching the rebirth closely, told Newsweek he’s suspicious about how much faster Silk Road 2.0 is, which would make sense if it were a law enforcement honeypot. “I don’t know any .onions [the domain host suffix used by Silk Road that’s harder for governments to shut down] that are fast unless they’ve been linked to government agencies,” he said. “Ulbricht may be helping them as well. Or, when they raided his house, they took copies of the code for the site. It’s all pretty suspicious.”

DEA spokesman Rusty Payne tells Newsweek he has “no idea” whether the feds are inside the new Silk Road, but he says the agency has “a lot of investigative tools in the toolbox,” and that sites trafficking in drugs remain very much on the government’s radar.

“Remember what the narrative was a few months ago,” Payne said. “ ‘Law enforcement will never get its hands on this.’ It’s too good, too state of the art. Remember those stories? I’m not going to make any bold predictions, but don’t count us out.”

On the other hand, the DEA admits that online drug sales isn’t a top priority. “We go after large-scale drug trafficking networks; the biggest and the baddest,” Payne said. “Command and control. Financial networks. The big guys. These Silk Road–type websites are mostly facilitating small amounts of trafficking. Nobody’s trafficking 10 keys of heroin coming out of Colombia or Mexico with bitcoin. Cash is the currency of the cartel, and it always has been. Until that changes, it’s going to be our number-one focus. I don’t want to downplay it, but at the end of the day [online transactions] are not large amounts of drugs.”

1-10-14_FE0302_SilkRoad3 An artist rendering showing Ross William Ulbricht during an appearance at Federal Court in San Francisco. AP Photo/Vicki Behringer, File The twisted Silk Road story got even more complicated on January 4, when Defcon announced that DPR was alive and well, and would be returning 70 percent of the escrow funds in the next 12 hours. The “captain” had sailed back in to save the day.

Or maybe he never left?

This community of drug dealers and users may never really know the truth about Christmas 2013, Silk Road 2.0 and why Dread Pirate Roberts disappeared. They just have to decide how much risk is acceptable, how best they can protect themselves and wait, nervously, until the site either goes back down or again becomes a drug mecca.

“Long-running operations are paramount for trust, and none of the currently existing English-language marketplaces (including Silk Road 2.0) have been around for more than two months,” wrote Nicolas Christin, a researcher at Carnegie Mellon University who has studied the online drug trade extensively, in an email to Newsweek.

Vendors nervous about arrest or losing their escrow are frequently requesting what’s known as “finalized escrow” on the site now – as soon as a buyer makes a purchase, or as soon as the vendor confirms a package has shipped, the buyer must agree to release the funds, even before there’s confirmation that the drugs are in the mail. That transfers risk back to the purchaser. The site is also implementing “multi-signature bitcoin cold storage,” a voting system wherein multiple admins hold the encryption keys to bitcoin wallets, Defcon wrote when announcing the escrow problem.

The four purchasers interviewed by Newsweek all insist they are protected, if not by the site’s new protocols than by the measures they take as individuals – they “launder” bitcoins by keeping them in multiple wallets, and encrypt not only their address but also all messages to and from vendors when buying drugs, using PGP (Pretty Good Privacy) encryption – which keeps that information off of Silk Road’s servers and safe, supposedly, from a law enforcement raid.

But there’s no way to buy illegal drugs risk-free. At some point, a vendor has to have an address to send those ‘shrooms or weed or heroin to, and there’s nothing to stop a vendor from gathering a list of buyers’ addresses and bitcoin transaction records and handing them over to the feds in case they ever get busted.

The bottom line is Silk Road is built on trust and will likely continue to exist for the foreseeable future, even if it means constant exposure to risk of scams and prosecution for both buyers and sellers. To some observers, the good old days of Silk Road are gone, the cops are too plugged in now and any new iteration of a black marketplace is doomed.

But Robert and others see a way for online drug sales to avoid detection, prosecution and rip-offs. Leading the way are pioneers from a different realm of illegal Internet activity: the heisted content hosted by the operator of Pirate Bay.

Tor may be more secure than Firefox or Chrome, since it bounces users from IP address to IP address across the globe. But at the “exit nodes,” any agent worth his credentials can park himself and bust people, like a cop at a speed trap.

That’s why Pirate Bay’s idea could make things crazy hard for the DEA and FBI. The network has developed “PirateBrowser,” a version of Firefox designed to subvert Internet service providers’ attempts to block downloading illegal content – provided users get online using Virtual Private Networks (VPNs) for secure browsing.

“Hide your connection behind a few VPNs and snooping governments wouldn’t know where the hell anything is coming from,” Robert said. “Whoever comes up with a way to make Tor and bitcoin 100 percent anonymous is going to be a rich (wo)man.”

There are other utopian visions of complete online drug-buying security, too. Several Reddit users have called for a new site that is completely decentralized, so that no data are stored on a seizable server; where communication only happens between buyer and vendor over encrypted messaging; and any escrow is placed into a new bitcoin wallet that another neutral buyer – a “judge” – has access to, so that no one site admin can loot all the money in all the escrow accounts at once.

A site called The Marketplace can be reached only via an anonymizing network called I2P that adds a complex layer of stealth for users of Tor. It also requires PGP encryption to register, bans anyone with the vulnerable-to-attack software Javascript enabled and relies on an escrow system that can only be released after repeated signoffs from the buyer, seller and the site’s admins. In other words, moderators can’t just skip off with the cash if they decide to go on “holiday.”

Until somebody builds Silk Road 3.0, though, people who hope their identity and illegal transactions are sufficiently cloaked on the web are doing just that: hoping.

Join the Discussion