Another Sloppy Security Blunder Takes Down Another Dark Web Drug Emporium

A blog about murder, theft, and other wickedness.
Oct. 17 2013 1:57 PM

Another Sloppy Security Blunder Takes Down Another Dark Web Drug Emporium

162913476
Yes, but are you ever *really* anonymous online?

Photo by Mohammed Al-Shaikh/AFP/Getty Images

It’s been a bad month for people who like to buy illegal drugs online. Just a few weeks after the illicit marketplace Silk Road got shut down by the feds, one of that site’s main Dark Web competitors is closing down as well. The proprietor of Black Market Reloaded—which Bitcoin Magazine has described as a Silk Road for people with "no moral restrictions at all”—announced Thursday that he was shutting the site. The reason: He’d made a sloppy decision that may have compromised his real-world identity—which is pretty much exactly what the FBI says happened to Ross William Ulbricht, the guy who allegedly ran Silk Road.

Here’s what seems to have happened. As you might imagine, Black Market Reloaded was deluged with new users in the wake of the Silk Road seizure, and the site’s owner, “backopy,” apparently had to acquire new servers to keep the site up and running under this increased demand. In a forum post published today under the title “The end of the road,” backopy wrote that he decided to use a virtual private server, or VPS, in order to meet demand. While you can get a VPS up and running faster than a dedicated physical server, the VPS will be less secure, in part because it is not wholly controlled by the site owner. Sure enough, as backopy wrote, the VPS administrator allegedly leaked the Black Market Reloaded source code. From that code, a careful investigator could have theoretically determined backopy’s identity, and possibly more. With the site compromised, backopy apparently decided to shut it down.

Advertisement

As a frequent evaluator of dumbness, I feel confident in my assessment that this was even dumber than the mistakes that allegedly sank Silk Road. Ross William Ulbricht’s alleged slip-ups came in the site’s early days, before Silk Road became a billion-dollar business. They were novice mistakes made by a novice manager. But Black Market Reloaded has been around awhile, and the site’s administrator should have known the risks of using a VPS. In this case, he actively chose to ignore safety in favor of expedience.

Sites like these promise safety in anonymity—that it’s a security feature when nobody really knows who they’re dealing with. But, as we’re learning, “you don’t know who you’re dealing with” can also be a huge negative when you don’t really know whether that person is taking the appropriate security precautions. And I guess you could argue that total security is always an illusion in cases like these—that as a site scales in size and popularity, it becomes harder to manage, and leads to more opportunities for a breach. Creating a digital trail is always fraught, no matter how well that trail is supposedly concealed or encrypted. That, to me, seems more convincing than the idea that these sites could’ve gone on forever if the creators weren’t big dummies.

Anyway, there are still several Dark Web marketplaces out there, and backopy himself has already promised that he will "come back in the future" with a new, safer version of the site. (Hooray?) I’m eager to see whether he and the other remaining proprietors have learned any lessons from Silk Road and Black Market Reloaded, or whether they, too, will fall in the wake of some digital blunder.

Justin Peters is a writer for Slate. He is working on a book about Aaron Swartz, copyright, and the rise of “free culture.” Email him at justintrevett@fastmail.fm.

TODAY IN SLATE

History

The Self-Made Man

The story of America’s most pliable, pernicious, irrepressible myth.

Does Your Child Have Sluggish Cognitive Tempo? Or Is That Just a Disorder Made Up to Scare You?

Mitt Romney May Be Weighing a 2016 Run. That Would Be a Big Mistake.

Amazing Photos From Hong Kong’s Umbrella Revolution

Rehtaeh Parsons Was the Most Famous Victim in Canada. Now, Journalists Can’t Even Say Her Name.

Television

See Me

Transparent is the fall’s only great new show.

Doublex

Lena Dunham, the Book

More shtick than honesty in Not That Kind of Girl.

What a Juicy New Book About Diane Sawyer and Katie Couric Fails to Tell Us About the TV News Business

Rehtaeh Parsons Was the Most Famous Victim in Canada. Now, Journalists Can’t Even Say Her Name.

  News & Politics
Politics
Sept. 30 2014 11:57 AM Iowa Radical The GOP’s Senate candidate doesn’t want voters to know just how conservative she really is.
  Business
Moneybox
Sept. 30 2014 11:25 AM Naomi Klein Is Wrong Multinational corporations are doing more than governments to halt climate change.
  Life
The Vault
Sept. 30 2014 11:51 AM Thomas Jefferson's 1769 Newspaper Ad Seeking a Fugitive Slave 
  Double X
Doublex
Sept. 29 2014 11:43 PM Lena Dunham, the Book More shtick than honesty in Not That Kind of Girl.
  Slate Plus
Slate Picks
Sept. 30 2014 11:42 AM Listen to Our September Music Roundup Hot tracks from a cooler month, exclusively for Slate Plus members.
  Arts
Behold
Sept. 30 2014 12:10 PM Violence, Love, and Hope: Growing Up in the Bronx in the 1980s
  Technology
Future Tense
Sept. 30 2014 11:55 AM The Justice Department Is Cracking Down on Sales of Spyware Used in Stalking
  Health & Science
Bad Astronomy
Sept. 30 2014 7:30 AM What Lurks Beneath the Methane Lakes of Titan?
  Sports
Sports Nut
Sept. 28 2014 8:30 PM NFL Players Die Young. Or Maybe They Live Long Lives. Why it’s so hard to pin down the effects of football on players’ lives.