Long reads

Unravelling the dark web

Forget South American cartels and Russian arms dealers: the black market has moved online
Image may contain Electronics Pc Computer Laptop Human Person Computer Keyboard Computer Hardware and Hardware
Image may contain Electronics Pc Computer Laptop Human Person Computer Keyboard Computer Hardware and Hardware

*Update 2/10/13: As news breaks that Silk Road has been seized by the FBI, revisit GQ's feature from the February 2013 issue on the underground drug market and its mysterious founder. *

On a chilly April morning in 2011, in the Dutch city of Lelystad, Marc Willems was sitting at home on his computer, surfing the web, when the police burst in and seized him. At that moment, more than 5,000 miles away at El Dorado airport in Bogotá, Colombia, migration officials and agents from America's Drug Enforcement Administration were arresting another man, Michael Evron, as he was attempting to board a flight to Buenos Aires.

Within 24 hours, agents across America had rounded up six more men - in Iowa, Michigan, Georgia, New York, New Jersey and Florida.

By the end of the day, the US Department of Justice was hailing Operation "Adam Bomb" as the first of its kind. They released a 66-page court indictment, compiled over two years and listing numerous charges, but it boiled down to one thing: the men, they alleged, had been operating a website, the Farmer's Market, that acted as an online narcotics marketplace - an illicit eBay, if you like - where drug dealers could peddle their wares to customers in 34 countries. But the Farmer's Market wasn't your average website - for one, the address didn't work in a regular web browser. It belonged to the "dark web": a growing number of sites hidden from Google and the prying eyes of law-enforcement agencies, using anonymity technology. In a written statement, Briane M Grey, the acting special agent in charge of the operation, issued a warning: "Today's action should send a clear message to organisations that are using technology to conduct criminal activity, that the DEA and our law-enforcement partners will track them down and bring them to justice."

Want to buy an M4A3 assault rifle, a forged UK passport or a few grams of crystal meth and have it delivered to your door?

On the dark web you can

But on the dark web, the Farmer's Market wouldn't be missed.

Despite the dozens of agents involved in Operation Adam Bomb, the site was small-time. Its competitors had long outgrown it. Worse, in the eyes of dark- web users, the Farmer's Market had made mistakes that allowed law enforcers to seize e-mails and payment details. The site had been around for years, they said. It hadn't been careful enough. Meanwhile, business on the online black market was booming.

Image may contain Weapon Gun Weaponry and Rifle
Silk Road

Around the turn of the millennium, researchers at the US Naval Research Lab in Washington DC had a problem: how to protect military communications from eavesdroppers online. With help from researchers at the Massachusetts Institute of Technology, they developed a solution: a program known as Tor. This hides your identity online by encrypting transmissions and bouncing them between thousands of users around the world - from Birmingham to Beijing via Berlin and Baghdad, say. Anyone monitoring the communication would be incapable of discovering the location or identity of the sender.

In 2006, Tor became a nonprofit organisation and now attracts more than 500,000 users a day, from Arab Spring bloggers to Chinese dissidents. But Tor doesn't just hide individuals - it can also hide entire websites. Whereas a web page might be traced to a server farm or your office's IT department, a hidden site's location is buried in the network. The address operates only when accessed over Tor. You can set up a site from a hidden location, with an unlisted web address, and - so the theory goes - remain completely anonymous. Welcome to the dark web.

Image may contain Weapon Gun and Weaponry
Silk Road

Want to buy an M4A3 assault rifle, a forged UK passport or a few grams of crystal meth and have it delivered to your door? On the dark web you can find it, on sites such as BlackMarket Reloaded, where AK47s are on sale alongside Afghan heroin, or CC Paradise, selling stolen credit-card data. You can even find dubious listings for contract killers (yours for £12,500, half up front). But the biggest digital black market-place of all is called Silk Road.

Silk Road - named after the ancient trade route between Asia and Europe - opened in February 2011. The site is similar to eBay or Amazon: users can sign up and buy and sell almost whatever they please. It has a rudimentary green-and-white design, but all the functionality you'd expect from a legal online marketplace: individual seller pages, buyer feedback, even an escrow system to protect against fraudulent vendors.

Two American senators described it as "the most brazen attempt to peddle drugs online that we have ever seen"

Joining is simple and anonymous. The home page shows off the latest deals, with crude home-shot photos of the products, listed by category: drugs are broken up into classes like "prescription" and "opioids". All you need to do is place an order, send the delivery address to the seller (usually encrypted, so only the intended recipient can read it) and wait for your package to arrive. Silk Road takes a small percentage of the fee. The site quickly became a hit among drug dealers for selling everything from prescription painkillers to uncut cocaine. Soon word was circulating across the dark web. Then, on 1 June 2011, the gossip site Gawker published an article on Silk Road. The story went viral. Within days, two American senators had called for the site to be closed, describing it as "the most brazen attempt to peddle drugs online that we have ever seen". "It was wild," said Adrian Chen, the Gawker staff writer who broke the story. "People were shocked to know that it's actually happening."

The media frenzy had unintended, if inevitable, consequences: visitors to the Silk Road soared. "I got e-mails from people asking how to get on," recalls Chen. New customers poured in through Tor.

Soon you could buy an even wider variety of illicit goods, from credit-card skimmers to fire-arms. The growing presence of arms dealers on the site was a contentious issue. Those who were simply there to buy and sell drugs started complaining to Silk Road's anonymous administrators - some major dealers even threatened to quit the site. So Silk Road launched a dedicated version of the site for weaponry called the Armory, allowing gun sellers to advertise everything from Glock 19 handguns to plastic explosives. (A few months later, Silk Road closed the Armory - because it wasn't making enough profit. Clearly, it's harder to ship a shotgun in the mail than a few tabs of LSD.) Meanwhile, trade on Silk Road was roaring.

In spring 2012, Nicolas Christin, a researcher at Carnegie Mellon university's cyber-security research centre, monitored activity on Silk Road for six months and estimated sales on the marketplace of £14.2m a year. Not bad for an 18-month-old start-up. "The total volume of sales was increasing quite significantly," said Christin, on the phone from his office in Pittsburgh. "The number of active sellers almost doubled over six months. So it definitely was growing. The numbers are probably even higher now."

In his paper, Christin also calculated sales on the Silk Road were earning the site's creators £1m a year. Somebody was making a lot of money from Silk Road. But who?

The founder of Silk Road calls himself "the Dread Pirate Roberts", a pseudonym taken from William Goldman's fantasy novel

The Princess Bride. On the Silk Road forums, "DPR" is described as a "hero", "revolutionary" and "pro-viding a valuable public service". Soon after Gawker's exposé, the hunt for Roberts went global. In America, the DEA confirmed it was investigating the Silk Road. Last year the Australian Federal Police announced they were investigating the site, warning users that "anyone engaging in illegal activity through online marketplaces such as Silk Road... will not always remain anonymous". In Britain, the notoriously secretive Serious Organised Crime Agency told GQ that it is aware of the "so-called 'hidden' areas of the web" and that it has "the capability to investigate organised criminal groups seeking to exploit them". (Both SOCA and the Metropolitan Police have turned down Freedom of Information requests regarding any investigation into Silk Road, leading some to speculate that an investigation is ongoing.) "Federal law-enforcement agencies are all looking at this kind of activity," an American government official told GQ. "Silk Road is hardly a secret. The folks that are involved with that know that they are a high-profile target."

Image may contain Text
Silk Road

But, so far, the creator of the biggest black marketplace on the dark web remains elusive. Last autumn, GQ met Runa Sandvik, a London-based Tor developer who has studied the dark web.

A petite Norwegian blonde, Sandvik has advised law-enforcement agencies investigating hidden sites. "It's privacy by design," she explained. "The same functionality that protects users in China or Iran from oppressive governments protects people using Silk Road.

We work with the law-enforcement agencies to make sure they know how Tor works, what it can and cannot do, but we also make it very clear that we can't trace users ourselves. Configured correctly, there's nothing you can really do."

Asked if there was any way to shut down the site, Sandvik shrugged. "The Silk Road is a custom-built website, so you could hack it - but even if it were possible to take it down that way, legally you can't. In the UK, you'd be breaking the Computer Misuse Act."

Intrigued, GQ messaged Silk Road's administrator - the Dread Pirate Roberts himself - to ask whether he was worried about the law-enforcement agencies trying to track him down. Two days later, on returning to the site, there was a response on the glowing screen in dark letters: "No." Asked why, he simply wrote: "I have confidence in our security measures."

Silk Road is hardly a secret. The folks that are involved with that know that they are a high-profile target. (American government offical)

They say when you're trying to catch a criminal, follow the money - which led GQ to a blandly lit conference room at London's Royal National Hotel on a weekend last September, listening to cryptographers and laptop economists talk about a currency that doesn't really exist. Bitcoin is a digital currency established in 2009 by another pseudonymous founder, Satoshi Nakamoto. The currency exists only online and transactions are encrypted, so that users can be anonymous. Rather than using named bank accounts, amounts are transferred between web-like addresses called "wallets". Coins can be traded for real-world currency at online exchanges. While the exchange rate has fluctuated wildly, at the time of writing one coin is worth about £7.50, valuing the total number of Bitcoins in circulation at around £75m. "It's designed to provide people with privacy," Mike Hearn, a British-born Bitcoin developer, said between talks at the second annual Bitcoin Conference. "You don't have to provide an identity simply to use the system, you can just get started. But the underlying purpose behind this is not to allow people to buy drugs, or terrorist financing. I see it as a tremendous way to open up innovation in payments." Due to the anonymity it provides, Bitcoin has been embraced by the online black market. Transactions on the Silk Road are conducted exclusively in Bitcoin, and Roberts' association with the currency seems inescapable. "[Previously] you could get anonymity on the network, but there was still this issue with payment," explained Christin. "There wasn't a way of guaranteeing anonymity at all levels before. [With Bitcoin] there is, now. It's not perfect security - but people are confident they're not going to get caught. I think this was the piece of the puzzle that was missing."

In May 2012, an FBI report on the currency leaked online. "Since Bitcoin does not have a centralised authority, law enforcement faces difficulties detecting suspicious activity, identifying users and obtaining transaction records," it read. More damningly, it revealed the FBI had only "medium confidence" it could "in some cases" identify criminals using Bitcoin on the black market.

Despite this, some think Bitcoin could be the answer to finding the founders of Silk Road. Transactions between "wallets" are all visible in a public log called the block chain. Even if you can't know a user's name, you could watch the movement of money across the network - and whoever is running Silk Road must be receiving a lot of Bitcoins. This theory led to the growth of a small group of experts trying to trace the flow of money into Silk Road, to see if it leads to Roberts'. For months, there was nothing. Then, last summer, a user by the name "Arkanos" on BitcoinTalk - a forum for enthusiasts - stumbled across a wallet containing more than 500,000 Bitcoins. At the time, the exchange rate was around £5 per coin, valuing the contents at more than £2.5m. Someone was hoarding one of the largest sums of the digital currency ever discovered. Not only that, Arkanos claimed that he had traced money paid into the large account from Silk Road. Then he disappeared without a trace.

Image may contain Clothing Apparel Vest and Lifejacket

Soon, a handful of the Bitcoin community got to work: following money paid into Silk Road and analysing the block chain to see if it turned up in the wallet. Though not conclusive, the evidence pointed to one thing: whoever owned the wallet was almost certainly involved in Silk Road. Further evidence suggested a link between the account and Bitcoin Savings & Trust, an investment fund (and widely suspected ponzi scheme) promising users up to seven per cent weekly interest on deposits. But there was more: the founder of the fund called himself Pirateat40.

The link seemed too good to be true. Could the Dread Pirate Roberts and Pirateat40 be one and the same? What if Bitcoin Savings

& Trust was accepting "clean" deposits and paying back investors with Silk Road profits - paying seven per cent to launder digital drug money? But as users tried to gather more proof, the investigation hit a wall. Even if the account really belonged to Roberts, thanks to Bitcoin there was still no way of discovering his real identity unless he cashed out into a real-world currency at an exchange. Then, in August, without fanfare, the 500,000 Bitcoins disappeared. "Now that there is stronger evidence it was [related to Silk Road], the wallet is empty and funds that were in it have been laundered somewhere else," Christin told GQ in an e-mail. "Who knows... There is no absolute smoking gun."

Dread Pirate Roberts remains anonymous. "A year after an American senator came out and said Silk Road needs to be shut down, it's bigger than ever," said Gawker's Adrian Chen. "It's hard to believe technology could allow people to completely flaunt the law like that."

Image may contain Text
Silk Road

That does not mean the hunt is over. "Traditional law-enforcement methods still apply," said Sandvik. "Writing-style analysis, looking at how people behave - when they post, when the site is available." Such analysis has already shed some light on Roberts. For example, he's not working alone. Roberts' posts occasionally refer to "we" and "our" - as he did when I messaged him - and Silk Road has posted a job opening for a database expert.

His use of American spelling and the timing of his posts - rarely late at night on the East Coast - could suggest that Roberts is based in America. It's also unlikely that they're moving. "The Silk Road database is probably huge," Sandvik explained. "If he starts moving stuff, there will be a lot of red flags." As for whether they'll ever find him... "I imagine that maybe one day they'll pick up some guy for some other drug-related crime, search his house and just happen to stumble upon the server."

Meanwhile, the dark web is growing. Tools like Tor, combined with Bitcoin, have transformed the black market in the same way the web has for regular businesses: from traditional top-down supply chains to a vast peer-to-peer network of anonymous individuals. "It's not just one site - there's a whole hidden economy fuelling all sorts of illegal activity," said John Lyons, CEO of the International Cyber Security Protection Alliance and former co-ordinator of the UK's National Hi-Tech Crime Unit. "It's a huge issue and one I've raised many times at government level... There are measures we can take. The Government could work with regimes around the world who might be capable of taking these sites down without infringing their own laws. It could legislate against these alternative-payment mechanisms; kill the transactions and you kill the business. But, at the moment, there's no cohesive strategy."

At the time of writing, the Silk Road remains open for business.

As for the Dread Pirate Roberts, he recently posted a message to his customers. "I've never had so much fun. I know we've been at it for over a year now, but really, we are just getting started." He signed off with a yellow smiley face, grinning ear to ear.

Originally published in the February 2013 issue of British GQ