Sophos Cloud Optix
It turns out that last week’s bust of Silk Road 2.0’s kingpin was just a hint at what was coming: namely, a multinational crackdown on dark-market sites hidden away on the Tor network.
As Europol and the FBI announced on Friday, the sting, dubbed “Operation Onymous,” involved 17 nations that coordinated efforts to take down more than 410 “hidden services” that market contraband – particularly drugs and weapons.
The operation led to 17 arrests and the seizure of $1 million (£629,465) in Bitcoin, along with €180,000 (£141,235, $224,688) in cash, drugs, gold and silver.
So far, law enforcement has only identified one of the people arrested: 26-year-old Blake Benthall, of San Francisco, head of Silk Road 2.0, whose Twitter profile describes him as a “rocket scientist” and “bitcoin dreamer”.
The California-based rocket development company SpaceX – founded by Elon Musk – confirmed to Business Insider that it had previously employed Benthall.
As Ars Technica reported from Benthall’s first court hearing on Thursday, federal prosecutor Kathryn Haun asked the court not to release Benthall, who, she said, has admitted “to everything”:
He was found with over $100,000 in cash at home. ... He has a passport. We're not aware of whether that was secured. In addition to all of the detail, Mr. Benthall did admit to everything after receiving his Miranda rights—that he was the administrator of Silk Road 2.0. Our principle basis is flight risk at this point.
While Operation Onymous is the largest attack on Tor-hidden black markets to date, the number of services taken down (410) does not equate to the same number of Silk Road-like markets going offline. Rather, it means that law enforcement found out where the markets were hosted.
Department of Justice Public Affairs Specialist Peter Carr told Forbes that a full list of seized Tor sites wasn’t publicly available as of Friday, but the number of actual sites seized appears to be just a fraction of that number.
FBI spokesperson David Berman mentioned a dozen sites, Forbes reports, but a complaint filed in the New York Southern District of New York on Friday detailed at least 27 sites having been seized during Operation Onymous, including Silk Road 2.0.
The complaint was issued by the United States “seeking the forfeiture of any and all assets of the following dark market websites operating on the Tor network”. The FBI has refused to comment on how many other sites were seized outside of the ones listed on the complaint.
Gizmodo published a full list of which sites have been shut down – sites that fell into sometimes overlapping categories, including those that sold illegal narcotics, stolen and counterfeit credit cards, counterfeit currency, and fake identity documents, including passports.
Some examples from the complaint: the marketplace “Cloud Nine” which listed “1G Pure Uncut Fishscale Cocaine” for sale by “Mrs. Blanco” for 0.2934 Bitcoin, and a site that advertised “Fake Real Plastic” and which promised cards “printed to look just like real VISA and Mastercards” and guaranteed “to have at least $2500 left on [the] credit card limit”.
It’s unclear how the law was able to infiltrate the Tor network – a question that security and privacy experts are keen to know, as noted by Electronic Frontier Foundation staff attorney Hanni Fakhoury:
Hanni Fakhoury @HanniFakhoury
Once again, the question is how did the feds "locate" the Silk Road 2.0 server?
By “once again”, he was referring to the ongoing battle over whether the Feds’ takedown of the first Silk Road was done by peeling apart the layers of the Tor anonymizing network without a warrant: a question that the government’s been battling in court, insisting that no, it didn’t hack Tor, but if it did, then that’s just Constitutionally fine and dandy.
In Benthall’s indictment, the FBI revealed that part of its investigation relied on good-old fashioned undercover police work, with a Homeland Security agent going undercover to infiltrate the staff at Silk Road 2.0.
But the indictment says little about how exactly the FBI got its hands on the supposedly hidden server Silk Road 2.0 was using, saying that the FBI simply “identified the server located in a foreign country,” and that law enforcement managed to image it sometime around 30 May 2014.
Image of spiderweb courtesy of Shutterstock.
At this point it must be assumed that using TOR is incredibly risky. And why not? It was developed by the State Department and the Navy, if I am not mistaken.
Oh, really? Gee whiz. According to the account I read TOR was developed by freedom loving hackers. I guess you can’t believe everything you read. Oh, well . . .
Indeed it was. And it was developed by them for use by intelligence agents in hostile territory, where obviously they can’t use the Internet without such usage being monitored by the enemy. Hence the need for a secure anonymity network.
Connecting to hidden services over Tor is generally pretty safe, provided you’re careful not to leak identifying information. Actually *running* hidden services, on the other hand, is incredibly risky, as they can easily be identified by traffic correlation. In fact, an ISP can trivially identify every hidden service that it’s hosting. Hosting illegal content on a hidden service based in a country that’s friendly to the U.S. is a Bad Idea.
TOR comes from “The Onion Router”, and it was indeed developed by the US Navy (in the 90s). A second TOR network was created a decade later, primarily funded (in the early days) by the Electronic Frontier Foundation (EFF).
The EFF claims to be a public advocacy group, but the creation of the newer TOR severely soiled that claim. The modern TOR is used primarily by criminals, although there’s nothing technically that prevents honest people from using it. It just makes more sense for people who have something to hide.
Blindly equating criminals with “people with something to hide” and inferring that “honest people” generally fall outside that group is thoroughly inaccurate.
Sorry, but it’s the most overused and under-thought-out argument, and it’s guaranteed to come up as soon as the whole honest privacy vs. criminality debate comes up.
The real debate is whether the general public have any right to keep their activities private at their own personal discretion. If that is not a right, Tor is clearly subversive and illegal. But if it is, Tor is just one example of a legitimate tool that anyone should be able to use without being immediately seen as criminally suspect.
The challenge to law enforcement then involves the processes of sorting out the bad guys from the good guys. But that’s what police work is, has always been, and should be. Police work being hard is not necessarily a bad thing, as long as disincentives and the rule of law underpinning it also has–in general terms–its desired effect.
The right to privacy and the rule of law are not mutually exclusive in a properly balanced society. To suggest they are is just tired, lazy thinking.
G
Well said!
I did make at least one big mistake. I implied that the opposite of criminal is honest. That isn’t true. I should have used “non-criminals” or “law-abiding”. I apologize for that.
But, I didn’t blindly equate them. I simply stated a fact. Do you deny that “TOR is used primarily by criminals”?
A “criminal” is someone who breaks the laws of the jurisdiction in which they are present. So, those Hong Kong demonstrators were criminals. Doesn’t mean they’re WRONG (a moral judgment), just that they’re criminals (a legal judgment).