Vulnerabilities / Threats
10/2/2013
02:44 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Silk Road Founder Arrested

Infamous online black market alleged to have generated $1.2 billion in sales of illegal products and services since 2011.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
The FBI has arrested the founder of Silk Road, perhaps the most notorious online marketplace for illegal products and services.

Ross William Ulbricht, 29, was arrested in San Francisco, Calif., on Tuesday. Also known as Dread Pirate Roberts, Ulbricht is charged with conspiracy to distribute narcotics, computer hacking and money laundering, according to court documents posted by security writer Brian Krebs.

During the more than two years that the online black market is said to have operated, authorities estimate that Silk Road generated over $1.2 billion in sales and $80 million in commissions, paid in the cryptographic currency of Bitcoins.

Silk Road, according to the complaint, offered a variety of illicit goods, including a wide variety of narcotics, hacking tools, forged documents, services for hacking accounts at social networking sites such as Facebook and Twitter, and resources for obtaining stolen account data and for getting in touch with arms dealers and assassins.

[ Google continues to face legal headaches over its email scanning and Wi-Fi data collection practices. Read Google Wiretapping Lawsuits Can Proceed, Judges Say. ]

Ulbricht is also alleged to have solicited the murder of a Silk Road user, "FriendlyChemist," who hacked the service, obtained information about customers and then threatened to publish the data unless paid $500,000, according to the complaint filed in a New York court. "FriendlyChemist" ostensibly wanted this money to pay off a narcotics debt.

Based on email messages described in the complaint, Ulbricht asked "FriendlyChemist" to have the people who were owed money get in touch. When someone identified as "readandwhite" did so, Ulbricht allegedly offered a bounty for the execution of "FriendlyChemist," though he has not been charged with soliciting murder.

Faced with a hit estimate of $150,000 to $300,000, depending upon the level of professionalism employed, Ulbricht is said to have tried to bargain the price down, noting, "Not long ago I had a clean hit done for $80K." The negotiation for a lower fee appears to have been unsuccessful: The complaint indicates that Ulbricht dispensed 1,670 bitcoins, about $150,000, for the job.

But Ulbricht might not have gotten what he supposedly paid for: Despite "redandwhite's" assurance that the job was done, with a picture sent as proof, FBI special agent Christopher Tarbell says in the complaint that he spoke with authorities in Canada where "FriendlyChemist" was said to live and that there's no record of a resident of the town of White Rock, British Columbia, who went by the name provided to "readandwhite" and there is no record of a murder in the town during the period in question.

Ulbricht's arrest appears to have been made possible by "a routine border search" conducted in July by U.S. Customs and Border Production of a package containing fake identity documents sent from Canada to Ulbricht's address in San Francisco.

Robert Graham, founder of Errata Security, notes in a blog post that recent revelations about government data collection, particularly the activities of the DEA's Special Operations Division and the NSA, underscore the difficulty of challenging the constitutionality of government evidence gathering.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
10/2/2013 | 7:58:05 PM
re: Silk Road Founder Arrested
Wow ... the back roads of the Internet can be pretty scary, can't they?
sharongr
50%
50%
sharongr,
User Rank: Apprentice
10/2/2013 | 8:19:33 PM
re: Silk Road Founder Arrested
I find it fascinating that "authorities estimate that Silk Road generated over $1.2 billion (that's with a "B" folks) in sales and $80 million in commissions" and our government, the so-called "authorities" can't seem to generate enough to pay their own bills and resort to shutting down the government over egos and nonsense! What a world we live in!
LuJ787
50%
50%
LuJ787,
User Rank: Apprentice
10/2/2013 | 8:27:25 PM
re: Silk Road Founder Arrested
I find it hilarious that this black market 'KingPin' was stupid enough to have Illegal identification sent FROM a foreign country TO his home address. Did he not realize the level of scrutiny packages going cross border undergo? Lol.

Not so bright after all!!
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
10/2/2013 | 10:10:16 PM
re: Silk Road Founder Arrested
I'm curious about whether Graham's speculation is correct. What if CBP was tipped off to the package by an intelligence gathering scheme of dubious legality?
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3587
Published: 2014-08-22
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists bec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.