Entries in law enforcement (5)

Wednesday
Oct022013

The Silk Road Unraveled

Wow, what a story!

A while back, I wrote a bit about the technology behind the online pseudonymous black-market called Silk Road. I talked a bit about the site from the perspective of a security problem. Now, it seems that the site’s security was not so good. The FBI has arrested the site’s owner, the notorious black-marketeer known as Dread Pirate Roberts, in real life as Ross William Ulbricht. Further reading here, including the formal complaint. (Edited to add: Another great analysis here.)

In the previous post, I talked about the mechanism that minimized knowledge buyers have about sellers. I didn’t really talk about the site administrator. (Though I did mention the administrator could strengthen the site against attack by minimizing the data the site holds on to. Which Ulbricht doesn’t seem to have done.) To be secure, the site administrator would want to minimize their connections with the site. They would log in from an unpredictable place, via TOR. They would communicate only over encrypted channels. They would keep their private key somewhere separate from the servers for the site. Ditto for their bitcoin wallet. Above all, they would minimize their connection to the site, and they would minimize their visibility to law enforcement.

Ulbricht didn’t do any of that, and it proved his undoing. He wasn’t just the president of the Silk Road for Criminals Club, he was also a customer! Using a clearly labeled as administrator account, no less, to buy illegal goods and services directly related to the running of the site. Including packages of physical goods (fake IDs) that could be tracked to his house, and allegedly going so far as to pay hitmen to murder a turncoat former employee (there’s a separate indictment for that one) and a potential blackmailer.

In my last post, I suggested:

Acquiring new accounts to do individual stings is too high cost for too little gain, especially since the value of “flipping” a Silk Road buyer is very low (there’s little they can do to get information on Silk Road sellers).

But failed to note that this does not apply if the buyer in question happens to host the whole site out of his basement.

(Edited to add: That’s hyperbole, of course. The site was hosted outside of the US. It wasn’t being operated from Ulbricht’s house, either. But he was signing in through a VPN gateway at an internet cafe near his home. And not via TOR, either. He also advertised the site soon after it started, and looked for employees for a bitcoin-related startup soon before it started, both under pseudonyms that could be traced to his real identity.)

Now that Silk Road has been seized, any records of sales can be traced. Any buyers and sellers whose records were compromised will be very quickly screwed if they didn’t employ additional money-laundering techniques. Bitcoin may be pseudonymous, but every transaction is intensely public, every node in the network has the complete transaction record.

(Edited to add: The Silk Road itself included a coin tumbler that protected buyers and sellers from knowing one another’s bitcoin addresses. However, it’s not clear if this will protect either buyers or sellers from the authorities now that they have control over whatever data Silk Road retained.)

As far as the value of Bitcoin as a whole goes? Depends, I think, on how much of the price is based on future versus present or past utility. I still think Silk Road is an edge case in the set of things Bitcoin could be used for. But it’s a large portion of the set of things Bitcoin has been used for.

Tuesday
Jun112013

Predicting the Present

Idea #7: The best way to accurately predict the future is to accurately predict the present.

I was listening to Democracy Now! this morning about the NSA scandal (ongoing) and the (now long-established) use of private contractors to analyze digital records, the sort of activity that would be obviously illegal if physical documents were involved instead of digital ones, when I was suddenly struck by the memory of Cory Doctorow’s comment about science fiction writers predicting the present. Because, in fact, Cory Doctorow wrote this one before, a short story called “The Things That Make Me Weak and Strange Get Engineered Away” (after the Jonathan Coulton song), published in 2008.

The story hits all the key points: Private contractors analyzing vast quantities of metadata for the surveillance state, and the sort of conflict between hired geeks and their authoritarian masters that results. Of course, in that story the private contractors are a cloistered society of lifehacking monks, but obviously a good science fiction has to push those predictions of the present a little in a future-weird direction. Doctorow’s story is a bit of a warning, too. The story at least raises the question of whether the withdrawal of the nerds into their own sousveilence society removed their effectiveness as an obstacle to the security state (in more way than one).

Well worth a read. And worth pointing out, especially since I’m not the only one thinking about fiction as warning in light of recent revelations.

Friday
Apr262013

Extremist Terrorism's False Flag

As a resident of the Boston area in the aftermath of the marathon bombings, I have to say the conspiracy theories have already gotten really annoying.  In this case, the simple hypothesis is actually very well supported, and conspiracy theorists tend to support their hypotheses with observations that are just as likely or almost as likely if they were completely incorrect.

But I do want to say a little bit about this concept of a false flag operation in the context of terrorists like the Tsarnaevs.  One of the things that’s odd about such a terrorist attack is it’s extremely unclear what sort of goals it might hope to achieve.  At least, it seems unlikely to frighten the US towards an isolationist policy, or achieve any end that directly supports the goals of (the violent extremist flavor du jour) militant Islamists.

The proliferation of this sort of tactic might be best understood under the concept of a false flag.  In a false flag operation, an attack is disguised so as to provoke a misdirected response.  In the archetypal case, this involves a government falsifying an enemy attack (or secretly facilitating a real enemy attack) to bolster public support for military action against that enemy.  But there’s an alternative scenario, in which an enemy seeks to have one of their potential allies blamed for the attack.  Even if the ally is not fooled by this ploy, the provoked counter-attack could provide the need to unite against a common enemy.

The best counter-attack against terrorism, therefore, is as restrained as it is effective.  I don’t mind that the police and military told people to stay home on April 19.  I don’t mind that they searched Watertown house by house.  Yes, it’s costly and disruptive, but having a bomber on the loose is also costly and disruptive.  Yes, the guy wasn’t found in the initial search, but there’s only so much you can do with limited information.

Ultimately, though, the town is getting back to normal.  We feel no need to buy the extremist’s implicit declaration that there’s a war on.  We can treat them as ordinary criminals.  Boston has dealt with those before.

Tuesday
Feb262013

Real Life Cypherpunk

No, the hurricane didn’t blow this blog away, but I’ve been hosed nonetheless.  Still, I want to get back to writing, so will maybe stick to something a bit shorter-form.

Lately, I’ve been fascinated with the rise in value of Bitcoin (BTC), a distributed, anonymous, cryptographic token transaction system intended for use as a currency.  My original thought on the technology was “nifty idea”, but never would have thought it would have much in the way of real value (not that virtual goods can’t have real value, but BTC isn’t, by itself, much of a game).  I certainly didn’t see it rising again after the initial bubble and crash, but if you look at the charts, you’ll see that the value is now above the June 2011 bubble and crash.  That crash was precipitated by a security breach and subsequent flash-crash at Mt. Gox (the largest Bitcoin exchange). Subsequent high-profile security breaches in the immediate months following surely didn’t help, but it’s worth noting that such incidents didn’t cease in November 2011, BTC was able to regain its value despite the occasional digital bank-robbery.

So given my interest, and my surprise, I was fascinated by this essay by Gwern on anonymous black-market website Silk Road (the site itself can be found here, I link to this for educational/informative purposes only and not to encourage you to do anything illegal).  The essay is a very detailed, down-to-brass-tacks look at how Silk Road works and what its weaknesses might be.

Silk Road is designed to conduct business with only the minimum amount of information possible.  A normal e-commerce website ends up with the following information:

  1. Payment information for the buyer
  2. Payment information for the seller
  3. Reviews left by the buyer for the seller
  4. Information sent by buyer to seller (including at least a shipping address)
  5. Information sent by seller to buyer (if sent via site)
  6. The seller’s name / pseudonym
  7. Users IP addresses
  8. Metadata about users connections

Making the process anonymous involves several technologies:

So Silk Road actually ends up with:

  1. Bitcoin addresses the buyer used to transfer bitcoins to Silk Road
  2. Bitcoin addresses the seller used to transfer bitcoins from Silk Road
  3. The reviews left by the buyer for the seller
  4. Encrypted gibberish sent by the buyer to the seller (including at least the buyer’s address), plus a public key for the seller (which everyone can see)
  5. Encrypted gibberish sent by the seller to the buyer, if any (the buyer has no need to post a public key, they can send it to the seller in their message if they need a reply)
  6. The seller’s pseudonym
  7. The last hop of the connection path users take to access the site

Silk Road can also strengthen their resilience against outside attack by only keeping recent data for items 1, 2, 4, and 5, and no data for item 7 (there is, however, no way for users to verify that they are in fact doing so).

Silk Road also employs several technologies / methods to mitigate the effects of anonymity:

  • Pseudonymous escrow
  • Reputation economy (presumably the reason they allow for pronounceable seller pseudonyms (6), while keeping information to an absolute minimum in so many other ways), plus methods for quantitative and qualitative analysis of buyer feedback data
  • Seller account auctions (SR admins say the primary reason for this is to make the sort of attacks (note that includes scams or stings) that can be done with new accounts at least very costly to do repeatedly; of course, this also makes money for whoever’s running Silk Road)

So Silk Road not just a straightforward application of Bitcoin.  Bitcoin is just a main ingredient in the whole cypherpunk stew!

Also, this is not to imply that the system doesn’t have weaknesses.  It still falls short of the goal of full cryptographic anonymity.  For one thing, the seller ends up with a physical post address for the buyer.  Postal addresses are a lot harder to generate and anonymize than Bitcoin addresses or private keys, and the movement of physical packages is a lot easier to inspect and trace than TOR connections.

Gwern suggests that Silk Road could be brought down through DDoS or acquiring a large number of accounts for some coordinated scam.  Acquiring new accounts to do individual stings is too high cost for too little gain, especially since the value of “flipping” a Silk Road buyer is very low (there’s little they can do to get information on Silk Road sellers).  Perhaps law enforcement will decide to do some stings anyways to make an example of a few cypherpunk drug-purchasers; the ineffectiveness of that tactic as a deterrent doesn’t stop people from trying.

Gwern doesn’t mention the demise of Bitcoin scenario described by Moldbug in this post, where the value of Bitcoins is brought down by a broad-scale legal attack on the Bitcoin exchanges, indicting them all for money laundering (Bitcoin tumblers might be more deserving of this attack, but targeting the exchanges will be easier and more effective).  That wouldn’t prevent people from trading Bitcoins for goods.  But Silk Road’s selection still isn’t as good as Amazon’s, and Bitcoins are still not sufficiently liquid when it comes to things like rent and groceries, so the value of a Bitcoin in rent and groceries still depends on the exchange rate with less science-fictiony currencies.  Not that it would be impossible to find someone on Silk Road to ship you food, but you really don’t want to buy your necessities at black market prices if you can help it.  Being able to spend money earned at a black market premium on things not sold at a black market premium is a big advantage of illicit trafficking.

Friday
Dec162011

Thoughts on Occupy Versus Police

(This post is way delayed and fairly disorganized, but I’m putting aside further editing in the interest of getting it out the digital door.)

Occupy is interesting, but it’s also interesting to consider the variety of tactics police have used in opposing the movement.  On the one hand, there’s the UC Davis incident, where the message of “if you are in the way, we will hose you down with military grade pepper spray at point-blank range” was communicated by actually doing just that.  That might be legal, even in the liberal 9th circuit, but doesn’t exactly defuse the situation, and it’s unclear whether it will prevent the protesters from achieving (some of) their goals.

On the other hand, there’s the aikido tactics of the St. Louis Police.  As related in this post by Brad Hicks, after a series of fake-out maneuvers, the police acted with a combination of power and restraint:

[…] [The police] didn’t show up in riot gear and helmets, they showed up in shirt sleeves with their faces showing. They not only didn’t show up with SWAT gear, they showed up with no unusual weapons at all, and what weapons they had all securely holstered. They politely woke everybody up. They politely helped everybody who was willing to remove their property from the park to do so. They then asked, out of the 75 to 100 people down there, how many people were volunteering for being-arrested duty? Given 33 hours to think about it, and 10 hours to sweat it over, only 27 volunteered. As the police already knew, those people’s legal advisers had advised them not to even passively resist, so those 27 people lined up to be peacefully arrested, and were escorted away by a handful of cops. The rest were advised to please continue to protest, over there on the sidewalk … and what happened next was the most absolutely brilliant piece of crowd control policing I have heard of in my entire lifetime.

All of the cops who weren’t busy transporting and processing the voluntary arrestees lined up, blocking the stairs down into the plaza. They stood shoulder to shoulder. They kept calm and silent. They positioned the weapons on their belts out of sight. They crossed their hands low in front of them, in exactly the least provocative posture known to man. And they peacefully, silently, respectfully occupied the plaza, using exactly the same non-violent resistance techniques that the protesters themselves had been trained in. […]

By dawn, the protesters were licked.

(Again, read the whole thing.)

The clearing of Occupy Boston used some of the St. Louis tactics, so maybe those are catching on.  More brutal tactics may or may not be self-defeating, but I suppose that depends on exactly how far police are willing to go, as Brad points out, addressed towards police:

In case you haven’t noticed, you are not the only police officers who have been asked to use as much force as necessary, in order to crack down on trivial ordinance violations, as an excuse to shut those citizens up. Your fellow police have been asked to shut down those protests in every country in Latin America, in every country in the Middle East, in every country in North Africa, and in almost every country in Europe. In country after country, one of three things has happened: the cops obeyed orders and the kleptocrats are getting away with imposing austerity, or else the cops obeyed orders but foreign governments stepped in, citing actual or impending police atrocities, and overthrew the kleptocrats, or else they did something that you chose not to do, this last week or two.

In a few countries, the cops saw that they didn’t have the choice of defending the perfectly law abiding, saw that they were being asked to defend criminals, concluded that they could not morally justify obeying the order to shut down the protests, and went home. Few if any of the protesters even asked the police to switch sides and join the protests against kleptocracy. Most of us know that that’s an unreasonable request, we know that most of you feel that you owe it to the uniform you wear, and to the oath you took, and to your fellow officers, not to join the protesters. But in the countries where the police, asked to use force to shut down peaceful protests against kleptocracy, took off their uniforms and went home until it was all over? Not just in the Arab (Spring) world, but in places like Iceland? Freedom is on the march. Nor have those countries slid into poverty because they refused to cover the debts that the thieves owed to the dishonest bankers; those countries are recovering from the global recession faster than we are.

Charles Stross has some interesting thoughts on how the police crackdown fits into the larger economic/political situation:

Public austerity is a great cover for the expropriation of wealth by the rich (by using their accumulated capital to go on acquisition sprees for assets being sold off for cents on the dollar by the near-bankrupt state). But public austerity is a huge brake on economic growth because it undermines demand by impoverishing consumers. Consequently, we’re in for another long depression. […]

Starving poor people with guns and nothing to lose scare the rich; their presence in large numbers is one major component of a pre-revolutionary situation. […] Worse, the poor have smartphones. […]

The oligarchs are therefore pre-empting the pre-revolutionary situation by militarizing the police (as guard labour).

The rest is interesting, too, including the comments.