Another Sloppy Security Blunder Takes Down Another Dark Web Drug Emporium

Crime
A blog about murder, theft, and other wickedness.
Oct. 17 2013 1:57 PM

Another Sloppy Security Blunder Takes Down Another Dark Web Drug Emporium

162913476
Yes, but are you ever *really* anonymous online?

Photo by Mohammed Al-Shaikh/AFP/Getty Images

It’s been a bad month for people who like to buy illegal drugs online. Just a few weeks after the illicit marketplace Silk Road got shut down by the feds, one of that site’s main Dark Web competitors is closing down as well. The proprietor of Black Market Reloaded—which Bitcoin Magazine has described as a Silk Road for people with "no moral restrictions at all”—announced Thursday that he was shutting the site. The reason: He’d made a sloppy decision that may have compromised his real-world identity—which is pretty much exactly what the FBI says happened to Ross William Ulbricht, the guy who allegedly ran Silk Road.

Here’s what seems to have happened. As you might imagine, Black Market Reloaded was deluged with new users in the wake of the Silk Road seizure, and the site’s owner, “backopy,” apparently had to acquire new servers to keep the site up and running under this increased demand. In a forum post published today under the title “The end of the road,” backopy wrote that he decided to use a virtual private server, or VPS, in order to meet demand. While you can get a VPS up and running faster than a dedicated physical server, the VPS will be less secure, in part because it is not wholly controlled by the site owner. Sure enough, as backopy wrote, the VPS administrator allegedly leaked the Black Market Reloaded source code. From that code, a careful investigator could have theoretically determined backopy’s identity, and possibly more. With the site compromised, backopy apparently decided to shut it down.

Advertisement

As a frequent evaluator of dumbness, I feel confident in my assessment that this was even dumber than the mistakes that allegedly sank Silk Road. Ross William Ulbricht’s alleged slip-ups came in the site’s early days, before Silk Road became a billion-dollar business. They were novice mistakes made by a novice manager. But Black Market Reloaded has been around awhile, and the site’s administrator should have known the risks of using a VPS. In this case, he actively chose to ignore safety in favor of expedience.

Sites like these promise safety in anonymity—that it’s a security feature when nobody really knows who they’re dealing with. But, as we’re learning, “you don’t know who you’re dealing with” can also be a huge negative when you don’t really know whether that person is taking the appropriate security precautions. And I guess you could argue that total security is always an illusion in cases like these—that as a site scales in size and popularity, it becomes harder to manage, and leads to more opportunities for a breach. Creating a digital trail is always fraught, no matter how well that trail is supposedly concealed or encrypted. That, to me, seems more convincing than the idea that these sites could’ve gone on forever if the creators weren’t big dummies.

Anyway, there are still several Dark Web marketplaces out there, and backopy himself has already promised that he will "come back in the future" with a new, safer version of the site. (Hooray?) I’m eager to see whether he and the other remaining proprietors have learned any lessons from Silk Road and Black Market Reloaded, or whether they, too, will fall in the wake of some digital blunder.

Justin Peters is a writer for Slate. He is working on a book about Aaron Swartz, copyright, and the rise of “free culture.” Email him at justintrevett@fastmail.fm.

  Slate Plus
Slate Archives
Nov. 26 2014 12:36 PM Slate Voice: “If It Happened There,” Thanksgiving Edition Josh Keating reads his piece on America’s annual festival pilgrimage.