Takedown of Silk Road's Dread Pirate Roberts Not About Internet Privacy

 
 
By Sean Michael Kerner  |  Posted 2013-10-03
 
 
 

The Dread Pirate Roberts isn't just the fictional name of a movie character from the classic 1987 film The Princess Bride; it's also the alias for an alleged criminal mastermind who has now been arrested for operating the illegal goods Silk Road Website.

While the Silk Road site was hidden in the bowels of the Internet under the cloak of anonymity provided by the Tor onion router project, the shutdown spearheaded by the U.S Federal Bureau of Investigation (FBI) did not involve a technology breach of Tor.

According to the FBI's criminal complaint, Silk Road operated from January 2011 until September 2013, with Ross Ulbricht, also known as "Dread Pirate Roberts," allegedly violating U.S narcotics laws selling drugs and other banned substances. The FBI also alleges that Silk Road provided a platform for selling "illicit goods and services, including malicious software designed for computer hacking, such as password stealers, keyloggers and remote access tools."

Tor

The way that "Dread Pirate Roberts" was able to stay hidden from the law with Silk Road was by way of what the FBI complaint calls an "online criminal marketplace outside the reach of law enforcement or governmental regulation." The way Silk Road did that was by operating on the Tor onion router network. Tor provides a system by which traffic can be anonymized by going through multiple "onion" routers, with each layer providing an additional layer of abstraction. According the FBI complaint, the use of Tor made it "practically impossible" to physically identify where Silk Road actually was located.

Going a step further, Silk Road uses bitcoins as its currency for transactions. Bitcoins are a form of peer-to-peer currency that is generated online and is difficult to trace.

"In order to access the Silk Road website, a user need only download Tor browser software onto his computer and then type in Silk Road's .onion address in the user's Tor browser," the FBI complaint stated.

Kevin O'Brien, enterprise solution architect at CloudLock, told eWEEK that the FBI's description of the Tor piece of Silk Road isn't quite accurate.

"The .onion address is a descriptor, which allows a Tor client to connect to a service such as the Silk Road Website indirectly via the Tor network, without ever knowing the actual IP address of the service itself," O'Brien said. "There are some additional components involved, but in essence, Tor is about indirection, and .onion addresses are the mechanisms of indirect routing used to provide this functionality."

The takedown of Silk Road is also not a reflection of any particular flaws in the privacy that Tor aims to provide.

"While we've seen no evidence that this case involved breaking into the webserver behind the hidden service, we should take this opportunity to emphasize that Tor's hidden service feature (a way to publish and access content anonymously) won't keep someone anonymous when paired with unsafe software or unsafe behavior," the Tor Project wrote in a blog post. "It is up to the publisher to choose and configure server software that is resistant to attacks."

O'Brien noted that the mechanism through which the FBI traced the Silk Road network back to its maintainer is fairly prosaic: It ordered illegal goods, gathered a chain of information about both the physical vendors shipping those goods as well as the systems that were involved in the payment processing, and then obtained access to those systems for further forensics.

"The weakest link was in the physical goods being transmitted," O'Brien noted. "By tracing shipments from those vendors, a particular shipment to Ulbricht was tagged and traced, and the forged identification papers being used to obtain more servers allowed the rest of the activity to be unraveled."

Ulbricht ("Dread Pirate Roberts") also had posted various pieces of information publicly that led investigators to his front door. In O'Brien's view, simply using Tor for connectivity appears to still be fairly "safe" from the perspective of avoiding tracing.

"However, merging real-world activities, like having goods sent to a physical address with Tor activity, allows an interested authority or third-party to, over time, triangulate a pattern of behavior and a specific user," O'Brien said. "What cracked the Silk Road case for the FBI was essentially traditional detective work, rather than a fundamental security flaw in Tor."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Rocket Fuel