Cybercrime: Private criminals, public questions

Can governments keep up with online criminals? (AFP)

Can governments keep up with online criminals? (AFP)

It's a familiar story: a young computer nerd creates a new online service that attracts nearly a million customers in a couple of years and has earned tens of millions of dollars. Except that the service in this case – Silk Road – was not only secret, it was also illegal.

Started in early 2011, Silk Road was designed as a marketplace completely free of any legal or governmental oversight. The entire idea rested on two relatively new technologies: Tor, a powerful encryption and anonymisation system, and Bitcoin, a completely electronic currency that is not backed or regulated by any central bank or government.

Tor allowed Silk Road to conceal not only the identities of its users and their communications, but even the location of the servers on which the service was running.
By transacting only in Bitcoins, all money changing hands was effectively insulated from the formal banking system and its regulators.

This promise of untraceable anonymity made the service an immediate hit with drug dealers and illegal gun sellers, as well as hackers trafficking in everything from passwords to stolen credit card numbers.

In the two and a half years it was active, Silk Road is estimated to have processed over a billion dollars of transactions. The site's founder, until recently known only by his online pseudonym Dread Pirate Roberts, is alleged to have made $80-million for facilitating these transactions.

Of course we only know many of these details because said Dread Pirate Roberts has been arrested and his marketplace shut down. In October this year, after more than two years of hunting, the FBI closed in on Ross William Ulbricht, a 29-year-old Texan. They nabbed him and his incriminating laptop at – pause for dramatic effect – the San Francisco Public Library.

How did the authorities manage to crack this untraceable system? They didn't have to. Instead they relied on the weakest links in the system – the human beings using it. By logging on to the system posing as drug dealers and buyers, investigators were able to slowly but surely track top sellers to their physical locations using the physical delivery networks through which all parcels must travel. Once these suspects were covertly arrested, their computers were mined for yet more leads.

But Ulbricht himself was eventually brought low by a rookie error. In January 2011, he allegedly posted information about Silk Road on two public websites using the username "altoid". Since these are two of the earliest mentions of the service on the internet, federal investigators zeroed in on them. Later he posted a suspicious question on a popular developer forum, foolishly using his own name (he quickly changed it, but the traces remained). Investigators were able to use these crumbs of information to track down and apprehend him.

Ulbricht naturally denies all the allegations, including that he tried to hire other Silk Road users to murder one of his employees when he feared he was about to be exposed. But whether Ulbricht is indeed the Dread Pirate Roberts or just a convenient scapegoat is largely irrelevant in the long run.

Several alternatives to Silk Road have already sprung up. One of them, named "Project Black Flag" has closed after mere weeks in operation, but Silk Road itself has been reopened by another Dread Pirate Roberts. Speaking in a recent online interview he/she openly taunted the authorities.

"You will hunt me – but first ask yourselves, is it worth it? Taking me down will not affect Silk Road – back-ups have already been distributed and this entire infrastructure can be redeployed elsewhere in under 15 minutes, and you will gain nothing from our database."

Governments will have to accept that the anonymity genie is out of its bottle. The only way to effectively curtail the Silk Roads of the future would be to regulate the internet in ways that are fundamentally at odds with the principles of democracy. A China-style "great firewall" for each country might work – but would also cripple the internet as we know it.

What's particularly ironic is that the whole world is currently in uproar about unreasonably broad and intrusive electronic snooping by the US National Security Agency (NSA). Most people are horrified by evidence of large scale violations of privacy by the NSA, but few would openly defend Silk Road or Dread Pirate Roberts.

And yet, these are two sides of the same coin. The morality of the war on drugs is increasingly cloudy, as is the social science behind it. That fact that millions of people are resorting to untraceable online marketplaces protected by military grade encryption to buy some marijuana for personal use suggests that the law itself might be the problem, not the behaviour.

Whatever your views on the morality of Silk Road, you have to wonder at the alacrity with which US authorities moved to shut it down. No less than seven federal law enforcement agencies threw their weight behind the investigation, including the Internal Revenue Service and – bizarrely – the Secret Service. Yet there are drug cartels that do as much business in a month that Silk Road did in its entire existence, and they are still operating with impunity.

Perhaps what governments (democratic or otherwise) fear is a system over which they have no control. Crushing Silk Road will give them a feeling of victory, but that feeling is illusory. 

The internet cannot be controlled without turning the whole world into North Korea. Governments and their law enforcement agencies should focus their energies on new ideas for this new world, and stop wasting their time chasing ghosts.

Alistair Fairweather

Client Media Releases

Property mogul honoured at NWU graduation
Intelligence is central to digital businesses
One of SA's biggest education providers has a new name: Meet PSG's Optimi
A million requests, a million problems solved