The Silk Road, the largest black market site on the Tor network, has been shut down by the United States’ Federal Bureau of Investigation, and its alleged owner, Ross William Ulbrecht, arrested in San Francisco and charged with narcotics trafficking conspiracy, computer hacking conspiracy and money laundering conspiracy. With the closure of the site, the FBI has also made the largest seizure of bitcoins, or indeed Bitcoin-related funds, to date: 26000 BTC, or $3.6 million.
Ross Ulbricht appears to have a public LinkedIn profile, where he describes himself as an “investment adviser and entrepreneur” who “love[s] learning and using theoretical constructs to better understand the world around me” and now wishes to “use economic theory as a means to abolish the use of coercion and agression amongst mankind.” “Just as slavery has been abolished most everywhere,” he writes, “I believe violence, coercion and all forms of force by one person over another can come to an end. The most widespread and systemic use of force is amongst institutions and governments, so this is my current point of effort. The best way to change a government is to change the minds of the governed, however. To that end, I am creating an economic simulation to give people a first-hand experience of what it would be like to live in a world without the systemic use of force.”
Unfortunately for Ulbricht, it seems like it is systemic force that is giving people a first-hand experience of what it is like to live in a world without him. However, the online drug community is unlikely to fall apart, in much the same way that the filesharing community only grew stronger once Napster disappeared. Black Market Reloaded, located at http://5onwnspjvuk7cwvk.onion (link works using the Tor browser only) is currently the main alternative, with Sheep Market at http://sheep5u64fi457aw.onion coming up as a close second. The loss of Silk Road will likely give rise to many more sites springing up in its wake, especially with the open source BitWasp project providing operators with a codebase to start from. Perhaps we may even see a decentralized alternative, which will survive without any central bottleneck that could be taken down. But the biggest problem in the short term will be trust. Over the past two and a half years, there have been many reputations formed on the site and recorded on Silk Road’s database, and much of this information is now gone. On the positive side, however, Silk Road has always supported sellers and buyers getting into contact with each other over email, and most reputable sellers have GPG public keys, meaning that they can still send messages that others can verify came from them, and thus maintain their reputations as the drug community moves to other sides.
For crypto-economy enthusiasts, there are two main questions. First, how did Ulbricht get caught? In a Forbes article on the subject, Alex Konrad writes: “The full complaint linked to above is worth a read, but it appears that agents found Ulbricht after Canadian border authorities routinely checked a package intended for his San Francisco home and discovered nine fake identification cards within, which Ulbricht allegedly was seeking to obtain to rent more servers to power Silk Road as it massively expanded.” From here, we can see two large mistakes. First, Dread Pirate Roberts did far too much himself. The number one rule of staying hidden is, well, being hidden. Purchasing a large number of servers with fake ID is exactly the wrong the thing to do. The correct solution would have been to do only the sensitive wallet and private information handling in-house and outsource as much as possible to third parties. Second, Dread Pirate Roberts actually stayed inside the United States, the single most hostile jurisdiction with regard to drug policy, the whole time.
But there is also another piece of evidence mentioned in the complaint. In early 2011, a forum user “altoid” made posts on shroomery.org and bitcointalk.org attempting to generate interest in the site; “Has anyone seen Silk Road yet?”, one post reads, “It’s kind of like an anonymous amazon.com. I don’t think they have heroin on there, but they are selling other stuff…” Later on, altoid on Bitcointalk made a post on the forum asking for an “IT pro in the Bitcoin community” to hire in connection with “a venture backed Bitcoin startup company”, asking interested users to reply to “rossulbricht at gmail dot com”. This pattern is a common one seen in cryptography: systems like public key cryptography, Tor and Bitcoin are proven time and time again to be robust, and even the criminal complaint points out that Tor makes it “practically impossible” to physically locate users or servers and mentions Silk Road’s internal Bitcoin “tumbler” used to further anonymize users; rather, it is always through some non-technical mistake that the information gets leaked. Being a crypto-entrepreneur is a full-time job; it is simply too risky to run any kind of substantial anonymous operation by night and be an ordinary businessman by day.
Second, are the users themselves safe? The answer here is, it depends. Most professional sellers use GPG public key encryption, so those buyers who know how to use GPG can send their private shipping data to sellers such that any intermediaries only see it in an encrypted format. Those who have not figured out how to use GPG, however, may be in trouble. In theory, Silk Road deletes the info as soon as possible. However, it is entirely possible that the major drug sites currently left standing, Black Market Reloaded and Sheep Market, has already been compromised by law enforcement, which is monitoring and recording any shipping information that buyers put in. Thus, what this case shows clearly is just how valuable easy-to-use client side encryption software can be; if the Tor browser had included some kind of GPG utility by default, this issue would be much less consequential (although full safety is impossible since law enforcement can always create their own fake seller accounts to harvest data even without compromising the site, and various kinds of man-in-the-middle attacks are possible if users are not careful about which key they encrypt with). Ultimately, the only truly secure Silk Road will likely come in the form of some kind of plugin to Bitmessage.
Not Such A Perfect Martyr
Unfortunately, those who see Dread Pirate Roberts as a martyr for the cause of personal freedoms with respect to psychoactive substances will be sorely disappointed. According to the complaint, Ulbrecht is not just a drug marketplace operator; he was also responsible for murder, or at least attempted murder, by proxy. The complaint begins:
Beginning on March 13, 2013, a Silk Road vendor known as “FriendlyChemist” began sending threats to DPR through Silk Road’s private message system. In these messages, FriendlyChemist states that he had a long list of real names and addresses of Silk Road vendors and customers that he had obtained from hacking into the computer of another, larger Silk Road vendor. FriendlyChemist threatened to publish the information on the internet unless DPR gave him $500,000, which FriendlyChemist indicated he needed to pay off his narcotics suppliers.
Over the next few days, FriendlyChemist leaked enough of the information to convince DPR that he was serious. On March 27, he wrote to Silk Road member redandwhite:
In my eyes, FriendlyChemist is a liability and I wouldn’t mind if he was executed … I’m not sure how much you already know about the guy, but I have the following info and am waiting on his address.
The victim was a resident of White Rock, British Columbia, Canada, and had a wife and three children. On March 29:
I would like to put a bounty on his head if it isn’t too much trouble for you. What would be an adequate amount to motivate you to find him?
A payment of 1670 BTC (~$150,000) was soon sent and soon after that redandwhite updated: “Your problem has been taken care of. Rest assured he won’t be blackmailing anyone ever again. Ever.” It appears that redandwhite sent a picture to confirm the kill, which DPR received, confirmed and deleted. However, Canadian law enforcement does not have evidence of any Canadian resident with the victim’s name, or of any death in White Rock around that time; we may need to wait a while longer before that particular mystery gets resolved.
However, there is also a second complaint, this time from the state of Maryland, that DPR also paid for another hit, this time for a crime much smaller than intending to release thousands of names and addresses to the public and law enforcement for potential arrest. The complaint reads:
> DPR communicated with the undercover cop via the Internet, and told the UC that the Employee had been arrested by law enforcement [earlier this employee had been the victim of an undercover sting operation] and that the Employee had stolen funds from other Silk Road users. DPR asked the undercover cop to arrange for the employee to be beaten and forced to return the money, stating specifically: “I’d like him beat up, then forced to return the bitcoins he stole back, like sit him down at his computer and make him do it.”
But then things got worse:
> Can you change the order to execute rather than torture? … [the Employee] was on the inside for a while, and now that he’s arrested I’m afraid he’ll give up info … [I have] never killed a man before, but it is the right move in this case.
After some negotiation before the “hit”, the undercover cop created and sent DPR several staged photos of the victim being “tortured” and “killed”. DPR’s words after the kill included:
> [I’m] a little disturbed, but I’m OK. I’m new to this kind of thing is all … I don’t think I’ve done the wrong thing … I’m sure I’ll call on you again at some point, though I hope I won’t have to.
> I’m pissed I had to kill him, but what’s done is done … I just can’t believe he was so stupid … I wish more people had some integrity
So what will the future be? In the near and mid-term future, we can certainly expect to see others opening up drug sites, taking Silk Road’s demise as an opportunity. Research into infrastructure like decentralized webs of trust is likely to increase; just like the successor to Napster was the decentralized BitTorrent, the true successor to Silk Road will likely need to be decentralized as well. Will it happen? The tools are out there. BitMessage exists, Namecoin, so all the ingredients for a web of trust are in place. The next level will be to set up a decentralized marketplace. That is simply a matter of creating a simple application-specific message protocol on top of BitMessage and then creating a graphical user interface for it. The web of trust, necessary to combat fraud, will also need to become a decentralized protocol. If someone wants to implement it all, they can.
As for Bitcoin itself, however, there will be another big question: will Bitcoin survive the loss of Silk Road? There are many who claim that the practical value of Bitcoin is essentially entirely that of buying drugs with it; if Silk Road goes down, and Bitcoin prospers, that will be the ultimate definitive proof that that is false. Indeed, the loss of Silk Road may even make Bitcoin more palatable to mainstream businesses and accelerate adoption, as the arrest may placate law enforcement agencies around the world and make them believe that Bitcoin’s anonymity is not as strong as they may have previously believed. Bitcoin’s public relations department is succeeding at sending the right message to law enforcement already; the complaint did not make any significant attempt to criticize Bitcoin and even specifically said: “Bitcoins are not illegal in and of themselves and have known legitimate uses”.
Furthermore, with the recent collapse of MtGox’s market share, the Bitcoin economy has lost one of its major centralized points of failure, and now that Silk Road too is gone it is difficult to see if Bitcoin has any truly centralized points left. Nearly every service now has replacements that are comparable to it in size – in the exchange market, MtGox and BitStamp, in the payment processor market BitPay, Coinbase and BIPS, and in the crypto-drug market Black Market Reloaded and Sheep Market, so once the shock of the loss of Silk Road passes the economy will actually be less vulnerable to individual shocks going forward.
It has long been said that crypto-anonymity is only something that functions well at small scales; the larger one gets, the harder it becomes to untraceably mix one’s bitcoins, the larger one’s real-world trace becomes, and the larger the incentive for law enforcement and blackmailers alike to look through the evidence and search for weaknesses. Today, it was fake IDs and an email address. Tomorrow, it may be one’s writing style. Later on, it might be a correllation between one’s home electricity and internet bandwidth usage and one’s forum login records. But then again, as the state of the current financial system reminds us all too well, maybe the impossibility of staying private and getting too big, and the traceability that Bitcoin offers at such scales as compared to centralized systems, is actually generally a good thing.