Vulnerabilities / Threats
10/2/2013
02:44 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Silk Road Founder Arrested

Infamous online black market alleged to have generated $1.2 billion in sales of illegal products and services since 2011.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
The FBI has arrested the founder of Silk Road, perhaps the most notorious online marketplace for illegal products and services.

Ross William Ulbricht, 29, was arrested in San Francisco, Calif., on Tuesday. Also known as Dread Pirate Roberts, Ulbricht is charged with conspiracy to distribute narcotics, computer hacking and money laundering, according to court documents posted by security writer Brian Krebs.

During the more than two years that the online black market is said to have operated, authorities estimate that Silk Road generated over $1.2 billion in sales and $80 million in commissions, paid in the cryptographic currency of Bitcoins.

Silk Road, according to the complaint, offered a variety of illicit goods, including a wide variety of narcotics, hacking tools, forged documents, services for hacking accounts at social networking sites such as Facebook and Twitter, and resources for obtaining stolen account data and for getting in touch with arms dealers and assassins.

[ Google continues to face legal headaches over its email scanning and Wi-Fi data collection practices. Read Google Wiretapping Lawsuits Can Proceed, Judges Say. ]

Ulbricht is also alleged to have solicited the murder of a Silk Road user, "FriendlyChemist," who hacked the service, obtained information about customers and then threatened to publish the data unless paid $500,000, according to the complaint filed in a New York court. "FriendlyChemist" ostensibly wanted this money to pay off a narcotics debt.

Based on email messages described in the complaint, Ulbricht asked "FriendlyChemist" to have the people who were owed money get in touch. When someone identified as "readandwhite" did so, Ulbricht allegedly offered a bounty for the execution of "FriendlyChemist," though he has not been charged with soliciting murder.

Faced with a hit estimate of $150,000 to $300,000, depending upon the level of professionalism employed, Ulbricht is said to have tried to bargain the price down, noting, "Not long ago I had a clean hit done for $80K." The negotiation for a lower fee appears to have been unsuccessful: The complaint indicates that Ulbricht dispensed 1,670 bitcoins, about $150,000, for the job.

But Ulbricht might not have gotten what he supposedly paid for: Despite "redandwhite's" assurance that the job was done, with a picture sent as proof, FBI special agent Christopher Tarbell says in the complaint that he spoke with authorities in Canada where "FriendlyChemist" was said to live and that there's no record of a resident of the town of White Rock, British Columbia, who went by the name provided to "readandwhite" and there is no record of a murder in the town during the period in question.

Ulbricht's arrest appears to have been made possible by "a routine border search" conducted in July by U.S. Customs and Border Production of a package containing fake identity documents sent from Canada to Ulbricht's address in San Francisco.

Robert Graham, founder of Errata Security, notes in a blog post that recent revelations about government data collection, particularly the activities of the DEA's Special Operations Division and the NSA, underscore the difficulty of challenging the constitutionality of government evidence gathering.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
10/2/2013 | 10:10:16 PM
re: Silk Road Founder Arrested
I'm curious about whether Graham's speculation is correct. What if CBP was tipped off to the package by an intelligence gathering scheme of dubious legality?
LuJ787
50%
50%
LuJ787,
User Rank: Apprentice
10/2/2013 | 8:27:25 PM
re: Silk Road Founder Arrested
I find it hilarious that this black market 'KingPin' was stupid enough to have Illegal identification sent FROM a foreign country TO his home address. Did he not realize the level of scrutiny packages going cross border undergo? Lol.

Not so bright after all!!
sharongr
50%
50%
sharongr,
User Rank: Apprentice
10/2/2013 | 8:19:33 PM
re: Silk Road Founder Arrested
I find it fascinating that "authorities estimate that Silk Road generated over $1.2 billion (that's with a "B" folks) in sales and $80 million in commissions" and our government, the so-called "authorities" can't seem to generate enough to pay their own bills and resort to shutting down the government over egos and nonsense! What a world we live in!
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
10/2/2013 | 7:58:05 PM
re: Silk Road Founder Arrested
Wow ... the back roads of the Internet can be pretty scary, can't they?
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9728
Published: 2015-08-31
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.

CVE-2014-9729
Published: 2015-08-31
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

CVE-2014-9730
Published: 2015-08-31
The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

CVE-2014-9731
Published: 2015-08-31
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and...

CVE-2015-1333
Published: 2015-08-31
Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.