Cyberwar in the Deep Web as Silk Road clones vie for supremacy
By Patrick Howell O’Neill on December 16, 2013
In the months since the fall of the original Silk Road, chaos has regularly visited the Deep Web. Today, more than a dozen black markets are vying for supremacy in an industry so lucrative that few will give up without a fight.
If you bought drugs on the Deep Web this month, your identity may have been exposed as part of a growing cyberwar between the biggest black markets in existence.
It’s been two months since the Silk Road black market was seized by the FBI. Many other markets have risen and fallen since, fighting for a cut of what authorities tantalizingly said was a billion-dollar business.
Silk Road 2.0 and TorMarket, the two most successful surviving black markets using the powerful anonymizing technology known as Tor, have exchanged blows that may include a database breach and unauthorized access to data as sensitive as customers’ names and home addresses.
Dread Pirate Roberts, the pseudonymous name adopted by the leader of Silk Road 2.0 in homage to the original website’s leader, claims that his team obtained everything from private messages to detailed buying statistics that could destroy the market and many of its users.
Worst of all, DPR says, it was all extremely easy to do.
“All of the above was gathered without us resorting to fancy tricky or advanced Web hacks or 0-day exploits,” he wrote on Saturday. “It is so simple I could actually teach the masses very easily. This kind of attack shouldn’t even work against the most primitive database driven systems, let alone an online black market and absolutely anyone can do it.
If law enforcement are watching I would have no doubt they found this long before us.
The latest attacks came after weeks of heavy distributed-denial-of-service (DDoS) attacks repeatedly brought both markets to their knees, interrupting service for days at a time and costing tens or hundreds of thousands of dollars in lost revenue.
Filling a void
One month after the much-discussed fall of the original Silk Road, version 2.0 was launched to great fanfare.
The new website, run by vendors from the original market, took pains to visually mimic its predecessor in every way. As 2.0 received numerous endorsements from high profile Deep Web community members, its inventory grew from hundreds to thousands of items. Within weeks, the new site began to resemble the old.
Two of the most profitable black markets have fallen in just the past month. Black Market Reloaded, which was launched in early 2011, was hacked and forced to close down. The owners of Sheep Marketplace, created earlier this year, may have stolen as much as $100 million from their customers in what could be the biggest Deep Web scam of all time.
In the chaos of the post–Silk Road Deep Web, one man’s disaster is another’s opportunity. Silk Road 2.0 and TorMarket rushed to fill void and accept a massive wave of users determined to buy and sell drugs online despite the inherent dangers.
TorMarket was the subject of scorn from the start. As Sheep Marketplace went down in flames, they openly directed their users to TorMarket. Although the TorMarket team has flatly denied any association with the massive scam at Sheep Marketplace, calls from around the Deep Web have repeatedly accused the sites of being intimately linked.
Competition between the two sites was uneventful until approximately one week ago when Silk Road 2.0’s ten thousand users suddenly couldn’t access the site. Vendors itching for a product and junkies itching for a fix felt the pain of the outage that, for a time, went unexplained.
There is plenty of precedent for such an attack on the Deep Web. The original Silk Road suffered harsh DDoS attacks numerous times through its life. What happened next, however, had never taken place on the original website.
Dread Pirate Roberts, the new leader of Silk Road 2.0, spoke privately with his vendors, accusing TorMarket of orchestrating a week-long attack against the website. Word leaked to the public that DPR had evidence of TorMarket’s involvement but it was never released.
Silk Road 2.0 wasn’t the only black market being denied service. Pandora, a fledgling market attempting to carve out a niche, experienced outages as well at the beginning of December.
A few days after Silk Road was knocked out of service, TorMarket went down, and would continue to go down for days at a time—courtesy of yet another DDoS attack. This attack was fundamentally different from the one that had taken down Silk Road. Whereas Silk Road’s entire server came under fire, it appears that only TorMarket’s entry nodes were affected during the attack, allowing some users to access the site even as the denial persisted.
Due to the anonymous nature of the Deep Web, it’s impossible to tell how the DDoS may have affected each site’s security. A few theories being floated suggest that any aggressive actor—be it law enforcement or a skilled hacker—could use the attack to gain unauthorized access to black market databases.
The only thing we know for sure is that the outages have cost the Deep Web’s biggest drug dealers a lot of money.
Back and forth
On Saturday, Dread Pirate Roberts bombastically announced that his team had struck back.
In what began as an investigation into TorMarket’s presumed involvement in the attacks on Silk Road 2.0, DPR claims his team found critical security holes in TorMarket that exposed all of its users to hackers and, worse, law enforcement. In fact, DPR claimed, Silk Road had secured a copy of TorMarket’s entire database.
Without leaking most of the data itself, DPR laid out examples of what he’d found: Private messages, orders, addresses, vendor and buyer statistics, purchasing histories, and the entire user list. DPR urged TorMarket’s users to leave the site for their own safety.
The immediate reaction has been mixed.
Many praised DPR’s restrained approach. After all, Roberts hadn’t leaked nearly as much data as he claimed he could. What he did leak, he ostensibly did to show that security has to be held to a high standard on the Deep Web. If the picture DPR has painted is accurate, then he’s acting with noble intentions.
But not everyone is on Silk Road 2.0’s side.
“This latest episode is not only childish but dangerous for the users and vendors on there,” the user DirectConnects wrote.
“There has always been a general attitude of rebellion, arrogance, almost taunting law enforcement with their supposed resilience,” wrote an anonymous user. “Now, this recent announcement by DPR, which basically amounts to a ‘diss’ of a rival market’s security features, even going so far as to publicly release the names of its users, (scaring the shit out of the those users, by the way)—this is the final straw.”
Since it’s not possible to technically prove who was behind the DDoS attacks on the various black markets, some wonder if it wasn’t a third party posing as TorMarket in order to start a war between the markets and sow uncertainty among their users.
Others called out what they saw as a DPR bluff. Skeptics accused DPR of pulling a marketing stunt to spread fear and distrust of his competitor, thus securing his own market’s success.
TorMarket’s administrators have denied involvement in the original DDoS. They sought to assure customers that DPR was not in possession of their database. However, they did admit that a German hacker called “Zulu33” may have accessed their database and charged DPR a price well over $3,000 in Bitcoins for all of the stolen information.
At this point, it’s impossible to tell who was behind the original attacks that cost the markets so much money. That may be a moot point by now.
As Dread Pirate Roberts publicly antagonizes and chastises his top competitor, many Deep Web veterans are suffering from cyberwar fatigue.
“I wish for the old days when Ross [Ulbricht] still ran Silk Road,” sharpshooter789 recently wrote. “There were a few interruptions and the site used to be SLOW as fuck, but it was civil. I’m so tired of the e-penis-measuring bullshit.”