Another Sloppy Security Blunder Takes Down Another Dark Web Drug Emporium

A blog about murder, theft, and other wickedness.
Oct. 17 2013 1:57 PM

Another Sloppy Security Blunder Takes Down Another Dark Web Drug Emporium

162913476
Yes, but are you ever *really* anonymous online?

Photo by Mohammed Al-Shaikh/AFP/Getty Images

It’s been a bad month for people who like to buy illegal drugs online. Just a few weeks after the illicit marketplace Silk Road got shut down by the feds, one of that site’s main Dark Web competitors is closing down as well. The proprietor of Black Market Reloaded—which Bitcoin Magazine has described as a Silk Road for people with "no moral restrictions at all”—announced Thursday that he was shutting the site. The reason: He’d made a sloppy decision that may have compromised his real-world identity—which is pretty much exactly what the FBI says happened to Ross William Ulbricht, the guy who allegedly ran Silk Road.

Here’s what seems to have happened. As you might imagine, Black Market Reloaded was deluged with new users in the wake of the Silk Road seizure, and the site’s owner, “backopy,” apparently had to acquire new servers to keep the site up and running under this increased demand. In a forum post published today under the title “The end of the road,” backopy wrote that he decided to use a virtual private server, or VPS, in order to meet demand. While you can get a VPS up and running faster than a dedicated physical server, the VPS will be less secure, in part because it is not wholly controlled by the site owner. Sure enough, as backopy wrote, the VPS administrator allegedly leaked the Black Market Reloaded source code. From that code, a careful investigator could have theoretically determined backopy’s identity, and possibly more. With the site compromised, backopy apparently decided to shut it down.

Advertisement

As a frequent evaluator of dumbness, I feel confident in my assessment that this was even dumber than the mistakes that allegedly sank Silk Road. Ross William Ulbricht’s alleged slip-ups came in the site’s early days, before Silk Road became a billion-dollar business. They were novice mistakes made by a novice manager. But Black Market Reloaded has been around awhile, and the site’s administrator should have known the risks of using a VPS. In this case, he actively chose to ignore safety in favor of expedience.

Sites like these promise safety in anonymity—that it’s a security feature when nobody really knows who they’re dealing with. But, as we’re learning, “you don’t know who you’re dealing with” can also be a huge negative when you don’t really know whether that person is taking the appropriate security precautions. And I guess you could argue that total security is always an illusion in cases like these—that as a site scales in size and popularity, it becomes harder to manage, and leads to more opportunities for a breach. Creating a digital trail is always fraught, no matter how well that trail is supposedly concealed or encrypted. That, to me, seems more convincing than the idea that these sites could’ve gone on forever if the creators weren’t big dummies.

Anyway, there are still several Dark Web marketplaces out there, and backopy himself has already promised that he will "come back in the future" with a new, safer version of the site. (Hooray?) I’m eager to see whether he and the other remaining proprietors have learned any lessons from Silk Road and Black Market Reloaded, or whether they, too, will fall in the wake of some digital blunder.

Justin Peters is a writer for Slate. He is working on a book about Aaron Swartz, copyright, and the rise of “free culture.” Email him at justintrevett@fastmail.fm.

TODAY IN SLATE

Jurisprudence

Don’t Expect Adrian Peterson to Go to Prison

In much of America, beating your children is perfectly legal. 

Ken Burns on Why Teddy Roosevelt Would Never Get Elected in 2014

Cops Briefly Detain Django Unchained Actress Because They Thought She Was a Prostitute

Minimalist Cocktail Posters Make Mixing Drinks a Cinch

How the Apple Watch Will Annoy Us

A glowing screen attached to someone else’s wrist is shinier than all but the blingiest of jewels.

Books

Rainbow Parties and Sex Bracelets

Where teenage sex rumors come from—and why they’re bad for parents and kids.

Books

You Had to Be There

What we can learn from things that used to be funny.

Legendary Critic Greil Marcus Measures and Maps Rock History Through 10 Unlikely Songs

Catfish Creator Nev Schulman’s Book Is Just Like Him: Self-Deluded and Completely Infectious

Behold
Sept. 12 2014 5:54 PM An Up-Close Look at the U.S.–Mexico Border
  News & Politics
Jurisprudence
Sept. 14 2014 2:37 PM When Abuse Is Not Abuse Don’t expect Adrian Peterson to go to prison. In much of America, beating your kids is perfectly legal. 
  Business
Moneybox
Sept. 12 2014 5:54 PM Olive Garden Has Been Committing a Culinary Crime Against Humanity
  Life
Inside Higher Ed
Sept. 13 2014 8:38 AM “You’re More Than Just a Number” Goucher College goes transcript-free in admissions.
  Double X
The XX Factor
Sept. 12 2014 4:05 PM Life as an NFL Wife: “He's the Star. Keep Him Happy.”
  Slate Plus
Behind the Scenes
Sept. 12 2014 5:55 PM “Do You Know What Porn Is?” Conversations with Dahlia Lithwick’s 11-year-old son.
  Arts
Brow Beat
Sept. 14 2014 7:10 PM Watch Michael Winslow Perform Every Part of “Whole Lotta Love” With Just His Voice
  Technology
Future Tense
Sept. 12 2014 3:53 PM We Need to Pass Legislation on Artificial Intelligence Early and Often
  Health & Science
New Scientist
Sept. 14 2014 8:38 AM Scientific Misconduct Should Be a Crime It’s as bad as fraud or theft, only potentially more dangerous.
  Sports
Sports Nut
Sept. 12 2014 4:36 PM “There’s No Tolerance for That” Pete Carroll and Jim Harbaugh say they don’t abide domestic abuse. So why do the Seahawks and 49ers have a combined six players accused of violence against women?