Silk Road 2.0 Takedown Indicates Law Enforcement May Have Developed a Method to Trace Hidden Tor Websites

Privacy Anonymity Cyberlaw
  [caption id="attachment_4363" align="alignleft" width="150"] Photo By: archie4oz - CC BY 2.0[/caption] By Steven Wilfong — Edited by Travis West Benthall Complaint, U.S. v. Benthal (S.D.N.Y. October 29, 2014).  Complaint hosted by the Department of Justice. Blake Benthall, the alleged operator of the popular drug market website Silk Road 2.0, was arrested last week as part of a law enforcement operation that successfully shut down Silk Road 2.0, as well as several other online dark markets. The complaint filed in the case alleged that Benthall ran the site under the alias “Defcon,” and charges him with narcotics trafficking, conspiracy to aid and abet computer hacking, conspiracy to transfer fraudulent identification documents, and money laundering. Benthall Compl. 1–4. Benthall’s arrest and the seizure of Silk Road 2.0 were part of “Operation Onymous,” a coordinated action involving multiple agencies, including Europol, the FBI, and US Immigration and Customs Enforcement.  Over 27 websites were shut down as part of the operation. The complaint describes several methods used to gain information about Silk Road 2.0 and ascertain the identity of “Defcon.” Law enforcement officials used the site to buy illegal drugs anonymously, Benthall Compl. at 12, and an undercover Homeland Security Investigations agent successfully infiltrated the website’s support staff, id. at 6. However, the most surprising aspect of the investigation is that the FBI was able to identify a foreign server hosting the Silk Road 2.0 website. Id. at 21. Because the site was hidden with Tor anonymity software, identifying the website’s location should have been very difficult. Officials involved in the investigation have been reluctant to reveal how the server was located, leading to speculation about how Tor was compromised. Although law enforcement agencies are optimistic about the ability to shut down other black market websites in the future, the possibility that Tor users’ anonymity may be compromised has also led to concerns about the potential impact on legitimate users. Wired and Ars Technica provide further discussion of the issue. While law enforcement agencies are reluctant to divulge the method that was used to locate Silk Road 2.0, the Tor blog advances several possible explanations, including the use of SQL injections (a common web bug), Bitcoin deanonymization, or Denial of Service attacks against the Tor network itself. Regardless of how law enforcement agencies identified the server hosting Silk Road 2.0, the Benthall Complaint indicates that identification was a critical step in the investigation, as it allowed officials to access the server, at which point it was determined to be controlled and maintained by a person using the email address “blake@benthall.net.” Benthall Compl. at 23. Subsequent surveillance activities confirmed that Benthall used this address. Id. at 28. The possibility that government agencies may be able to identify Tor users has significant implications for online privacy and anonymity. The Tor software is widely used as a method of protecting anonymity, and prior to Operation Onymous, was considered to be very secure. While Tor software is used to conduct illegal activities, it also has a number of legitimate uses. “[W]histle-blowers, political activists and dissidents, [and] journalists” use anonymized sites to communicate securely and in private. The Tor Blog raises concerns that governments could use weaknesses in the Tor software to identify and silence political dissidents.