I don't think running Silk Road would be very useful for that purpose, any more than running Kickstarter would be useful for mapping the traditional investing world, or running reddit would be useful for mapping print distribution networks.
It would be useful for busting buyers, but no more so than traditional cop-on-the-street sting operations.
"How can you plug yourself into the tax eating, life sucking, violent, sadistic, war mongering, oppressive machine ever again? How can you kneel when you’ve felt the power of your own legs? Felt them stretch and flex as you learn to walk and think as a free person? I would rather live my life in rags now than in golden chains. And now we can have both! Now it is profitable to throw off one’s chains, with amazing crypto technology reducing the risk of doing so dramatically. How many niches have yet to be filled in the world of anonymous online markets? The opportunity to prosper and take part in a revolution of epic proportions is at our fingertips!
I have no one to share my thoughts with in physical space. Security does not permit it, so thanks for listening. I hope my words can be an inspiration just as I am given so much by everyone here."
He's definitely not a cop in the sense of a Hollywood movie (eg Miami Vice).
He and his team are specialists. They are to cops what the Navy Seals or Rangers are to an Army E1.
The primary goal is information. They could care less about busting any given small time vendor. They want a mapping of the network of trade, origination, distribution, communication, transactions and financing. Particularly to draw currently unknown or difficult to track network nodes out into the open.
It's the same thing that has been done with paedophilia online. It's a honey trap. There isn't much value in busting single nodes. They want to see how much of the network they can map out, and the leads it provides to larger players. If this concept didn't exist, they'd desperately want to create it. Given their history of creative honey pots and how long they've been leveraging technology heavily, I think it tilts Silk Road toward being a likely sponsored program.
> Given their history of creative honey pots and how long they've been leveraging technology heavily, I think it tilts Silk Road toward being a likely sponsored program.
Any other examples? Sounds like fascinating reading.
according to the article, the trade volume on silk road is around 22 million $ per year. I would hazard a guess that this is a teeny-tiny fraction of the global drug trade... and at least at this point, I wouldn't imagine it attracts any of the big players...
I would also speculate that any of the big drug traders are very clever business people. They are used to switching their modes of operation, diversifying and building different routes and layers into their operation.
Why would it not be able to go through the chain of command? The military and intelligence services for example engage in all kinds of covert and clandestine operations whilst still being government employees.
There are also techniques which may allow tor users to be deanonymized to vary degrees. Browser/OS fingerprinting , flash cookies etc. These will be easier if you control one of the end points.
I've never used silk road, but presumably if you want people to ship stuff to you , then you have to enter an address at some point?
Many Tor users use the Tor Browser Bundle, which blocks flash by default, includes noscript (I forget if it by default activates noscript...), and doesn't retain any information between sessions other than what is manually stored like bookmarks or saved passwords. On SR, buyers communicate their address via PGP. Sellers only communicate an address (which may be fake) on the package they send a buyer. SR is thus blinded to physical addresses.
I guess law enforcement would simply gather as much data as they can. Only need a few guys screwing up their browser settings one day, or maybe you get more sophisticated and start looking at response times, timing jitter etc.
If you control the mechanism for key exchange would this not make MITM possible? Display different keys to different people for the same person.
I'd be interested to see if any more sophisticated techniques have ever been successfully used to uncover a Tor user.
From the webpage I linked, "Security-wise, Silk Road seems to be receiving passing grades from law enforcement agencies internally; a leaked FBI report mentioned no attacks against SR, anonymous anecdotes claim the DEA is stymied4, while a May 2012 Australian document reportedly praised the security of vendor packaging and general site security."
Right now a buyer's address is vulnerable if they don't use PGP when giving it to a seller, or if SR is indeed trying to do a MitM attack by replacing a seller's published public key with their own. But the latter case is easy for a seller to check against simply by creating a second buyer account and verifying the buyer sees the correct key. The buyer and seller can also arrange to exchange keys off of SR. A better plan (also mentioned on Gwern's page) would be to have law enforcement create their own buyer and seller accounts and act like normal users until it was time to start a crackdown -- the problem seems to be that law enforcement, or at least the FBI, either doesn't have permission to engage in mass entrapment and fraud, or it's just not interested in buyers.
Just like in the real world, it wouldn't be hard to pretend to be a seller to catch a few buyers - not hard, but also not worth doing - whereas by pretending to be a buyer you aren't going to find out the address of a seller.
>There are also techniques which may allow tor users to be deanonymized to vary degrees. Browser/OS fingerprinting , flash cookies etc. These will be easier if you control one of the end points.
In addition to TBB foiling all of those tactics, the only one that can done without being traced is fingerprinting. So if any of the others were being used, someone would probably have noticed.
