Entries in follow-up (1)

Wednesday
Oct022013

The Silk Road Unraveled

Wow, what a story!

A while back, I wrote a bit about the technology behind the online pseudonymous black-market called Silk Road. I talked a bit about the site from the perspective of a security problem. Now, it seems that the site’s security was not so good. The FBI has arrested the site’s owner, the notorious black-marketeer known as Dread Pirate Roberts, in real life as Ross William Ulbricht. Further reading here, including the formal complaint. (Edited to add: Another great analysis here.)

In the previous post, I talked about the mechanism that minimized knowledge buyers have about sellers. I didn’t really talk about the site administrator. (Though I did mention the administrator could strengthen the site against attack by minimizing the data the site holds on to. Which Ulbricht doesn’t seem to have done.) To be secure, the site administrator would want to minimize their connections with the site. They would log in from an unpredictable place, via TOR. They would communicate only over encrypted channels. They would keep their private key somewhere separate from the servers for the site. Ditto for their bitcoin wallet. Above all, they would minimize their connection to the site, and they would minimize their visibility to law enforcement.

Ulbricht didn’t do any of that, and it proved his undoing. He wasn’t just the president of the Silk Road for Criminals Club, he was also a customer! Using a clearly labeled as administrator account, no less, to buy illegal goods and services directly related to the running of the site. Including packages of physical goods (fake IDs) that could be tracked to his house, and allegedly going so far as to pay hitmen to murder a turncoat former employee (there’s a separate indictment for that one) and a potential blackmailer.

In my last post, I suggested:

Acquiring new accounts to do individual stings is too high cost for too little gain, especially since the value of “flipping” a Silk Road buyer is very low (there’s little they can do to get information on Silk Road sellers).

But failed to note that this does not apply if the buyer in question happens to host the whole site out of his basement.

(Edited to add: That’s hyperbole, of course. The site was hosted outside of the US. It wasn’t being operated from Ulbricht’s house, either. But he was signing in through a VPN gateway at an internet cafe near his home. And not via TOR, either. He also advertised the site soon after it started, and looked for employees for a bitcoin-related startup soon before it started, both under pseudonyms that could be traced to his real identity.)

Now that Silk Road has been seized, any records of sales can be traced. Any buyers and sellers whose records were compromised will be very quickly screwed if they didn’t employ additional money-laundering techniques. Bitcoin may be pseudonymous, but every transaction is intensely public, every node in the network has the complete transaction record.

(Edited to add: The Silk Road itself included a coin tumbler that protected buyers and sellers from knowing one another’s bitcoin addresses. However, it’s not clear if this will protect either buyers or sellers from the authorities now that they have control over whatever data Silk Road retained.)

As far as the value of Bitcoin as a whole goes? Depends, I think, on how much of the price is based on future versus present or past utility. I still think Silk Road is an edge case in the set of things Bitcoin could be used for. But it’s a large portion of the set of things Bitcoin has been used for.