Vulnerabilities / Threats
10/2/2013
02:44 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Silk Road Founder Arrested

Infamous online black market alleged to have generated $1.2 billion in sales of illegal products and services since 2011.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
The FBI has arrested the founder of Silk Road, perhaps the most notorious online marketplace for illegal products and services.

Ross William Ulbricht, 29, was arrested in San Francisco, Calif., on Tuesday. Also known as Dread Pirate Roberts, Ulbricht is charged with conspiracy to distribute narcotics, computer hacking and money laundering, according to court documents posted by security writer Brian Krebs.

During the more than two years that the online black market is said to have operated, authorities estimate that Silk Road generated over $1.2 billion in sales and $80 million in commissions, paid in the cryptographic currency of Bitcoins.

Silk Road, according to the complaint, offered a variety of illicit goods, including a wide variety of narcotics, hacking tools, forged documents, services for hacking accounts at social networking sites such as Facebook and Twitter, and resources for obtaining stolen account data and for getting in touch with arms dealers and assassins.

[ Google continues to face legal headaches over its email scanning and Wi-Fi data collection practices. Read Google Wiretapping Lawsuits Can Proceed, Judges Say. ]

Ulbricht is also alleged to have solicited the murder of a Silk Road user, "FriendlyChemist," who hacked the service, obtained information about customers and then threatened to publish the data unless paid $500,000, according to the complaint filed in a New York court. "FriendlyChemist" ostensibly wanted this money to pay off a narcotics debt.

Based on email messages described in the complaint, Ulbricht asked "FriendlyChemist" to have the people who were owed money get in touch. When someone identified as "readandwhite" did so, Ulbricht allegedly offered a bounty for the execution of "FriendlyChemist," though he has not been charged with soliciting murder.

Faced with a hit estimate of $150,000 to $300,000, depending upon the level of professionalism employed, Ulbricht is said to have tried to bargain the price down, noting, "Not long ago I had a clean hit done for $80K." The negotiation for a lower fee appears to have been unsuccessful: The complaint indicates that Ulbricht dispensed 1,670 bitcoins, about $150,000, for the job.

But Ulbricht might not have gotten what he supposedly paid for: Despite "redandwhite's" assurance that the job was done, with a picture sent as proof, FBI special agent Christopher Tarbell says in the complaint that he spoke with authorities in Canada where "FriendlyChemist" was said to live and that there's no record of a resident of the town of White Rock, British Columbia, who went by the name provided to "readandwhite" and there is no record of a murder in the town during the period in question.

Ulbricht's arrest appears to have been made possible by "a routine border search" conducted in July by U.S. Customs and Border Production of a package containing fake identity documents sent from Canada to Ulbricht's address in San Francisco.

Robert Graham, founder of Errata Security, notes in a blog post that recent revelations about government data collection, particularly the activities of the DEA's Special Operations Division and the NSA, underscore the difficulty of challenging the constitutionality of government evidence gathering.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
10/2/2013 | 10:10:16 PM
re: Silk Road Founder Arrested
I'm curious about whether Graham's speculation is correct. What if CBP was tipped off to the package by an intelligence gathering scheme of dubious legality?
LuJ787
50%
50%
LuJ787,
User Rank: Apprentice
10/2/2013 | 8:27:25 PM
re: Silk Road Founder Arrested
I find it hilarious that this black market 'KingPin' was stupid enough to have Illegal identification sent FROM a foreign country TO his home address. Did he not realize the level of scrutiny packages going cross border undergo? Lol.

Not so bright after all!!
sharongr
50%
50%
sharongr,
User Rank: Apprentice
10/2/2013 | 8:19:33 PM
re: Silk Road Founder Arrested
I find it fascinating that "authorities estimate that Silk Road generated over $1.2 billion (that's with a "B" folks) in sales and $80 million in commissions" and our government, the so-called "authorities" can't seem to generate enough to pay their own bills and resort to shutting down the government over egos and nonsense! What a world we live in!
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
10/2/2013 | 7:58:05 PM
re: Silk Road Founder Arrested
Wow ... the back roads of the Internet can be pretty scary, can't they?
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2009-5142
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.

CVE-2010-5302
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.

CVE-2010-5303
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString.

CVE-2014-0965
Published: 2014-08-21
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.

CVE-2014-3022
Published: 2014-08-21
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.