Entries in crime (4)

Wednesday
Oct022013

The Silk Road Unraveled

Wow, what a story!

A while back, I wrote a bit about the technology behind the online pseudonymous black-market called Silk Road. I talked a bit about the site from the perspective of a security problem. Now, it seems that the site’s security was not so good. The FBI has arrested the site’s owner, the notorious black-marketeer known as Dread Pirate Roberts, in real life as Ross William Ulbricht. Further reading here, including the formal complaint. (Edited to add: Another great analysis here.)

In the previous post, I talked about the mechanism that minimized knowledge buyers have about sellers. I didn’t really talk about the site administrator. (Though I did mention the administrator could strengthen the site against attack by minimizing the data the site holds on to. Which Ulbricht doesn’t seem to have done.) To be secure, the site administrator would want to minimize their connections with the site. They would log in from an unpredictable place, via TOR. They would communicate only over encrypted channels. They would keep their private key somewhere separate from the servers for the site. Ditto for their bitcoin wallet. Above all, they would minimize their connection to the site, and they would minimize their visibility to law enforcement.

Ulbricht didn’t do any of that, and it proved his undoing. He wasn’t just the president of the Silk Road for Criminals Club, he was also a customer! Using a clearly labeled as administrator account, no less, to buy illegal goods and services directly related to the running of the site. Including packages of physical goods (fake IDs) that could be tracked to his house, and allegedly going so far as to pay hitmen to murder a turncoat former employee (there’s a separate indictment for that one) and a potential blackmailer.

In my last post, I suggested:

Acquiring new accounts to do individual stings is too high cost for too little gain, especially since the value of “flipping” a Silk Road buyer is very low (there’s little they can do to get information on Silk Road sellers).

But failed to note that this does not apply if the buyer in question happens to host the whole site out of his basement.

(Edited to add: That’s hyperbole, of course. The site was hosted outside of the US. It wasn’t being operated from Ulbricht’s house, either. But he was signing in through a VPN gateway at an internet cafe near his home. And not via TOR, either. He also advertised the site soon after it started, and looked for employees for a bitcoin-related startup soon before it started, both under pseudonyms that could be traced to his real identity.)

Now that Silk Road has been seized, any records of sales can be traced. Any buyers and sellers whose records were compromised will be very quickly screwed if they didn’t employ additional money-laundering techniques. Bitcoin may be pseudonymous, but every transaction is intensely public, every node in the network has the complete transaction record.

(Edited to add: The Silk Road itself included a coin tumbler that protected buyers and sellers from knowing one another’s bitcoin addresses. However, it’s not clear if this will protect either buyers or sellers from the authorities now that they have control over whatever data Silk Road retained.)

As far as the value of Bitcoin as a whole goes? Depends, I think, on how much of the price is based on future versus present or past utility. I still think Silk Road is an edge case in the set of things Bitcoin could be used for. But it’s a large portion of the set of things Bitcoin has been used for.

Friday
Apr262013

Extremist Terrorism's False Flag

As a resident of the Boston area in the aftermath of the marathon bombings, I have to say the conspiracy theories have already gotten really annoying.  In this case, the simple hypothesis is actually very well supported, and conspiracy theorists tend to support their hypotheses with observations that are just as likely or almost as likely if they were completely incorrect.

But I do want to say a little bit about this concept of a false flag operation in the context of terrorists like the Tsarnaevs.  One of the things that’s odd about such a terrorist attack is it’s extremely unclear what sort of goals it might hope to achieve.  At least, it seems unlikely to frighten the US towards an isolationist policy, or achieve any end that directly supports the goals of (the violent extremist flavor du jour) militant Islamists.

The proliferation of this sort of tactic might be best understood under the concept of a false flag.  In a false flag operation, an attack is disguised so as to provoke a misdirected response.  In the archetypal case, this involves a government falsifying an enemy attack (or secretly facilitating a real enemy attack) to bolster public support for military action against that enemy.  But there’s an alternative scenario, in which an enemy seeks to have one of their potential allies blamed for the attack.  Even if the ally is not fooled by this ploy, the provoked counter-attack could provide the need to unite against a common enemy.

The best counter-attack against terrorism, therefore, is as restrained as it is effective.  I don’t mind that the police and military told people to stay home on April 19.  I don’t mind that they searched Watertown house by house.  Yes, it’s costly and disruptive, but having a bomber on the loose is also costly and disruptive.  Yes, the guy wasn’t found in the initial search, but there’s only so much you can do with limited information.

Ultimately, though, the town is getting back to normal.  We feel no need to buy the extremist’s implicit declaration that there’s a war on.  We can treat them as ordinary criminals.  Boston has dealt with those before.

Tuesday
Feb262013

Real Life Cypherpunk

No, the hurricane didn’t blow this blog away, but I’ve been hosed nonetheless.  Still, I want to get back to writing, so will maybe stick to something a bit shorter-form.

Lately, I’ve been fascinated with the rise in value of Bitcoin (BTC), a distributed, anonymous, cryptographic token transaction system intended for use as a currency.  My original thought on the technology was “nifty idea”, but never would have thought it would have much in the way of real value (not that virtual goods can’t have real value, but BTC isn’t, by itself, much of a game).  I certainly didn’t see it rising again after the initial bubble and crash, but if you look at the charts, you’ll see that the value is now above the June 2011 bubble and crash.  That crash was precipitated by a security breach and subsequent flash-crash at Mt. Gox (the largest Bitcoin exchange). Subsequent high-profile security breaches in the immediate months following surely didn’t help, but it’s worth noting that such incidents didn’t cease in November 2011, BTC was able to regain its value despite the occasional digital bank-robbery.

So given my interest, and my surprise, I was fascinated by this essay by Gwern on anonymous black-market website Silk Road (the site itself can be found here, I link to this for educational/informative purposes only and not to encourage you to do anything illegal).  The essay is a very detailed, down-to-brass-tacks look at how Silk Road works and what its weaknesses might be.

Silk Road is designed to conduct business with only the minimum amount of information possible.  A normal e-commerce website ends up with the following information:

  1. Payment information for the buyer
  2. Payment information for the seller
  3. Reviews left by the buyer for the seller
  4. Information sent by buyer to seller (including at least a shipping address)
  5. Information sent by seller to buyer (if sent via site)
  6. The seller’s name / pseudonym
  7. Users IP addresses
  8. Metadata about users connections

Making the process anonymous involves several technologies:

So Silk Road actually ends up with:

  1. Bitcoin addresses the buyer used to transfer bitcoins to Silk Road
  2. Bitcoin addresses the seller used to transfer bitcoins from Silk Road
  3. The reviews left by the buyer for the seller
  4. Encrypted gibberish sent by the buyer to the seller (including at least the buyer’s address), plus a public key for the seller (which everyone can see)
  5. Encrypted gibberish sent by the seller to the buyer, if any (the buyer has no need to post a public key, they can send it to the seller in their message if they need a reply)
  6. The seller’s pseudonym
  7. The last hop of the connection path users take to access the site

Silk Road can also strengthen their resilience against outside attack by only keeping recent data for items 1, 2, 4, and 5, and no data for item 7 (there is, however, no way for users to verify that they are in fact doing so).

Silk Road also employs several technologies / methods to mitigate the effects of anonymity:

  • Pseudonymous escrow
  • Reputation economy (presumably the reason they allow for pronounceable seller pseudonyms (6), while keeping information to an absolute minimum in so many other ways), plus methods for quantitative and qualitative analysis of buyer feedback data
  • Seller account auctions (SR admins say the primary reason for this is to make the sort of attacks (note that includes scams or stings) that can be done with new accounts at least very costly to do repeatedly; of course, this also makes money for whoever’s running Silk Road)

So Silk Road not just a straightforward application of Bitcoin.  Bitcoin is just a main ingredient in the whole cypherpunk stew!

Also, this is not to imply that the system doesn’t have weaknesses.  It still falls short of the goal of full cryptographic anonymity.  For one thing, the seller ends up with a physical post address for the buyer.  Postal addresses are a lot harder to generate and anonymize than Bitcoin addresses or private keys, and the movement of physical packages is a lot easier to inspect and trace than TOR connections.

Gwern suggests that Silk Road could be brought down through DDoS or acquiring a large number of accounts for some coordinated scam.  Acquiring new accounts to do individual stings is too high cost for too little gain, especially since the value of “flipping” a Silk Road buyer is very low (there’s little they can do to get information on Silk Road sellers).  Perhaps law enforcement will decide to do some stings anyways to make an example of a few cypherpunk drug-purchasers; the ineffectiveness of that tactic as a deterrent doesn’t stop people from trying.

Gwern doesn’t mention the demise of Bitcoin scenario described by Moldbug in this post, where the value of Bitcoins is brought down by a broad-scale legal attack on the Bitcoin exchanges, indicting them all for money laundering (Bitcoin tumblers might be more deserving of this attack, but targeting the exchanges will be easier and more effective).  That wouldn’t prevent people from trading Bitcoins for goods.  But Silk Road’s selection still isn’t as good as Amazon’s, and Bitcoins are still not sufficiently liquid when it comes to things like rent and groceries, so the value of a Bitcoin in rent and groceries still depends on the exchange rate with less science-fictiony currencies.  Not that it would be impossible to find someone on Silk Road to ship you food, but you really don’t want to buy your necessities at black market prices if you can help it.  Being able to spend money earned at a black market premium on things not sold at a black market premium is a big advantage of illicit trafficking.

Monday
Sep192011

Second City Epidemiologist

I watched The Interrupters this weekend, and I second this review, it’s well worth seeing.  The documentary chronicles the front-line agents of the organization CeaseFire, the Violence Interrupters.  CeaseFire’s founder, Gary Slutkin, is an epidemiologist who formerly worked for the World Health Organization, and he takes very seriously the analogy of the “violence epidemic”.  The approach is similar:

  1. Identify outbreaks (violent incidents)
  2. Respond at the center with a focus on limiting transmission (discouraging new retaliation by those not already involved)
  3. Build long-term resilience with vaccinations, sanitation, and so on (change norms)

A more comprehensive approach also fits into this analogy:  Infected are quarantined (criminals captured) and treated (rehabilitated) or institutionalized.  CeaseFire’s efforts, though, are mostly focused on the above, particularly step two.

On the non-metaphorical health front, similar efforts have been similarly sucessful.  An example from The Checklist Manifesto was particularly vivid in my mind while watching the movie, a study in which soap was distributed, along with simple instruction on handwashing methods and habits, to impoverished communities.  The results were dramatic.  But those results relied on the cooperation of those participating in the program, and it would be a mistake to assume that their behavior was influenced primarily by the mere availability of soap.  The instruction was also a factor.  But one factor found in follow-up study as to why that program had been more successful than some similar efforts was that the soap used was particularly high quality.  Smelled good, felt good on the hands.  Washing with it was pleasant.

One question for CeaseFire is not just how best to educate about nonviolence, or how to bring social pressure to bear in favor of nonviolence, but how to make nonviolent conflict resolution “smell good”.  (The movie contains some interesting ideas in relation to this question, I think, though it doesn’t address that directly.)

For further reading, see this post on CeaseFire as applied anthropology.  Also related to the topic of violence in Chicago and the source of the title of this post, this blog.