Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/2/2013
02:44 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Silk Road Founder Arrested

Infamous online black market alleged to have generated $1.2 billion in sales of illegal products and services since 2011.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
The FBI has arrested the founder of Silk Road, perhaps the most notorious online marketplace for illegal products and services.

Ross William Ulbricht, 29, was arrested in San Francisco, Calif., on Tuesday. Also known as Dread Pirate Roberts, Ulbricht is charged with conspiracy to distribute narcotics, computer hacking and money laundering, according to court documents posted by security writer Brian Krebs.

During the more than two years that the online black market is said to have operated, authorities estimate that Silk Road generated over $1.2 billion in sales and $80 million in commissions, paid in the cryptographic currency of Bitcoins.

Silk Road, according to the complaint, offered a variety of illicit goods, including a wide variety of narcotics, hacking tools, forged documents, services for hacking accounts at social networking sites such as Facebook and Twitter, and resources for obtaining stolen account data and for getting in touch with arms dealers and assassins.

[ Google continues to face legal headaches over its email scanning and Wi-Fi data collection practices. Read Google Wiretapping Lawsuits Can Proceed, Judges Say. ]

Ulbricht is also alleged to have solicited the murder of a Silk Road user, "FriendlyChemist," who hacked the service, obtained information about customers and then threatened to publish the data unless paid $500,000, according to the complaint filed in a New York court. "FriendlyChemist" ostensibly wanted this money to pay off a narcotics debt.

Based on email messages described in the complaint, Ulbricht asked "FriendlyChemist" to have the people who were owed money get in touch. When someone identified as "readandwhite" did so, Ulbricht allegedly offered a bounty for the execution of "FriendlyChemist," though he has not been charged with soliciting murder.

Faced with a hit estimate of $150,000 to $300,000, depending upon the level of professionalism employed, Ulbricht is said to have tried to bargain the price down, noting, "Not long ago I had a clean hit done for $80K." The negotiation for a lower fee appears to have been unsuccessful: The complaint indicates that Ulbricht dispensed 1,670 bitcoins, about $150,000, for the job.

But Ulbricht might not have gotten what he supposedly paid for: Despite "redandwhite's" assurance that the job was done, with a picture sent as proof, FBI special agent Christopher Tarbell says in the complaint that he spoke with authorities in Canada where "FriendlyChemist" was said to live and that there's no record of a resident of the town of White Rock, British Columbia, who went by the name provided to "readandwhite" and there is no record of a murder in the town during the period in question.

Ulbricht's arrest appears to have been made possible by "a routine border search" conducted in July by U.S. Customs and Border Production of a package containing fake identity documents sent from Canada to Ulbricht's address in San Francisco.

Robert Graham, founder of Errata Security, notes in a blog post that recent revelations about government data collection, particularly the activities of the DEA's Special Operations Division and the NSA, underscore the difficulty of challenging the constitutionality of government evidence gathering.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
10/2/2013 | 10:10:16 PM
re: Silk Road Founder Arrested
I'm curious about whether Graham's speculation is correct. What if CBP was tipped off to the package by an intelligence gathering scheme of dubious legality?
LuJ787
50%
50%
LuJ787,
User Rank: Apprentice
10/2/2013 | 8:27:25 PM
re: Silk Road Founder Arrested
I find it hilarious that this black market 'KingPin' was stupid enough to have Illegal identification sent FROM a foreign country TO his home address. Did he not realize the level of scrutiny packages going cross border undergo? Lol.

Not so bright after all!!
sharongr
50%
50%
sharongr,
User Rank: Apprentice
10/2/2013 | 8:19:33 PM
re: Silk Road Founder Arrested
I find it fascinating that "authorities estimate that Silk Road generated over $1.2 billion (that's with a "B" folks) in sales and $80 million in commissions" and our government, the so-called "authorities" can't seem to generate enough to pay their own bills and resort to shutting down the government over egos and nonsense! What a world we live in!
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
10/2/2013 | 7:58:05 PM
re: Silk Road Founder Arrested
Wow ... the back roads of the Internet can be pretty scary, can't they?
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...