Silk Road 2.0 ‘hacked’ for millions, community tearing itself apart

Hackers like to play the cynical, world-weary intellectuals, but an awful lot of them still seem to go down with knives in their backs. More to the point, they often spend brief periods defending those who did the stabbing, refusing to be taken in by “government lies” about divisions in their precious community. The stubborn, almost sentimental refusal to quarantine friends is what felled many important members of Anonymous, and what brought down prominent international criminal organizations like Carders Market. The Deep Web provides a fog of war that can be exploited by anyone — by criminals to operate markets and discussion forums, by police to attack them, and by anyone at all to rob them blind.
Yesterday, one of the operators of the Silk Road posted a long and emotional comment to the dark market’s official forums which laid out the situation: “We have been hacked.” Somewhere between $2.4 and $2.7 million in Bitcoins has disappeared from the Silk Road’s custody thanks to — well, it depends who you believe. Earlier this month, the largest Bitcoin trader Mt. Gox made waves by refusing to continue direct Bitcoin withdrawals due to an alleged “bug” in Bitcoin’s fundamental design. The bug, called transactional malleability, could theoretically allow canny attackers to trick a wallet into thinking that a transaction has been denied, causing the wallet to resend the payment. Using this bug, someone was able to completely empty the Silk Road’s escrow account.

The Silk Road’s startlingly up-front interface puts the drugs front and center.

Maybe. Official mods are taking to the encrypted Silk Road forums to warn users not to trust the newest Dread Pirate Roberts, or perhaps just the account, or perhaps such fears are just what they want us to think! That sound you hear is the shuffle of shut-ins grabbing bug-out bags the world over. This is just another straw atop the camel of cyber crime, but its back is looking mighty weak, regardless. The Silk Road subreddit, which reflects the real community’s thoughts with around a 48-hour delay, has about five recently proposed Silk Road replacements, and every one of them is a joke.
While the mechanics of the alleged hack are interesting, it’s important to note that this summary of the situation is in no way the widely accepted narrative. In fact, there is no widely accepted narrative, with roughly equal portions of the community seeming to believe that this was an outside criminal hack, or an inside job, or an inside job involving only some members of the Silk Road team but not others, or something else entirely. At this point, there is widespread skepticism about the details of the “official” story, with critics claiming that the so-called bug was easily fixable, that the attack implies inside knowledge of the Silk Road’s systems, and that the concurrent disappearance of several Silk Road big-wigs ought to terrify any member with the slightest impulse toward self-preservation.

Ross Ulbricht, the alleged architect of the original Silk Road.

As of this writing, the Dread Pirate Roberts (the active one, not the one currently awaiting trial), has been incommunicado for several days. Some say this is because whoever has assumed the role is afraid and lying low, in case there has been a larger security breach than we currently know. Others say the cops have DPR, or that the self-proclaimed freedom fighter is currently relaxing with around $2.5 million in credit at a tiki bar in Thailand. The point here is: if the answer is anything but an outright bust, we’ll likely never know for sure. The inevitable next wave of dark market solutions will be built on the same cautious exchanges and uncertain alliances that built the Silk Road 2.0, and will suffer the same long-running problems as a result.
Then there is the chatter, so constant that it almost gets tuned out these days, which says that maybe this was all the feds! Consider the utility of such a theft, from the government’s perspective. In terms of pure effectiveness, a cannibalistic theft from within will put the lie to Braveheart-like ranting about unity and social justice, devastating these communities more effectively than any public bust. The irony of the Deep Web is that, for all the posturing that goes on about security and anonymity, a life of cyber-crime is built and maintained almost exclusively on trust. This trust, which encompasses your livelihood and your very freedom, hangs on twelve-character usernames of hyperlinked sans-serif.

The FBI’s raids can often go unreported for days or weeks, while agents use confiscated online accounts to infiltrate these networks.

This is what made DPR2′s level of enthusiasm so embarrassing — assuming, of course, that it wasn’t all a calculated prelude to this heist. The Deep Web’s anonymity makes it great for organizing secret real-world groups, or facilitating a specific action not possible in the real world, but simultaneously makes it terrible at building real communities. Even an honest friend can be detained, their persona hijacked by police, sometimes for weeks before anyone’s the wiser. Some veterans of the dark market scene are now crowing loudly and linking back to posts made around the fall of the original Silk Road about how anyone stupid enough to embrace such an obvious scam (or FBI honeypot, or plain doomed endeavor) as a new Silk Road deserved whatever they got.
In related but separate news, the Iranian dark market Black Market Reloaded, which was shut down late last year, lost its forums, the market’s final remaining component, in a raid yesterday by Iranian police. If you think the FBI can make an example out of people, just imagine the terror now consuming any BMR staffers still caught within the borders of the Persian autocracy. Amazingly, there was actually a third major dark market problem during this same period, with the smaller market Pandora having major (but temporary) problems with its Bitcoin exchange rates. If the FBI is not involved in this mess, it would be foolish not to invest some time in spreading rumors that it might be; confusion is, in this case, their most effective weapon.
Taking down the Deep Web markets will be a long and multi-step process for law enforcement. It will involve hitting these communities over and over, knocking down any possibility of hope that next time, just maybe, things will be different. Prominent internal problems like this theft, whether staged by corrupt Silk Road staffers or pulled off by intrepid rival hackers, make that process much, much easier.