Who’s got it in for the Silk Road?

Posted: January 23, 2013 in Dark Web, Silk Road
Tags: , , , , , , , , ,

Ever since the suspected DDoS attack in November, the admins at Silk Road have been combating a number of different scams and attacks on the site.

The Quickbuy Scam (see below) - this vendor's image has been hacked with a fake bitcoin address

The Quickbuy Scam (see below) – this vendor’s image has been hacked with a fake bitcoin address

It’s hard to tell whether this is a concerted attack by one group determined to piss the website off or each one is separate. The most pervasive ones have been:

Forum Spam
The Silk Road forums have been under attack from a scammer spammer for months. Hundreds of posts per day fill the forums with repetitive, too-good-to-be-true offers of Bitcoin exchange.

Late last year a number of ‘spam busters’ were appointed – forum moderators with the limited power of deleting useless posts. But when the strange happenings of November occurred, all mods and admins were unexpectedly stripped of their powers, causing one of the original and most respected Silk Road team members to leave permanently. No explanation was given other than the spam was under control so their services were no longer required. Only this wasn’t exactly true as the spam kept ramping up.

Although a couple of people fell for the con, it seems unlikely anyone is being caught by it now. Stickies have been placed at the top of the main forums warning people and Silk Road has implemented a ‘Newbies Forum’. Members with under 50 posts are restricted to posting in that forum, much to their chagrin. But the spammer persists. You have to wonder if it’s malicious rather than a money-making scheme.

Wiki phishing

A more successful scam has involved someone changing the URL for Silk Road in the Wikipedia entry. It looked enough like the real URL to fool many people. Entering that URL into the
Tor browser brought the user to a login page that looked just like Silk Road’s page, except it requested the user’s PIN (which the legitimate site does not require) as well as their password.

Users who fell for the scam had their passwords changed and their accounts cleared out. Several members claimed to have lost thousands of dollars worth of coin.

One vendor also had his forum account hacked, with the scammer posting as the vendor, stating he had been busted. The trusted vendor requested help from the community to fund his defence. Several members transferred a total of $600 worth of Bitcoin to the scammer before the vendor was able to regain control of his forum account and reveal what happened.

Wikipedia no longer provides the URL to the website.

Quickbuy Image hack

Perhaps the most concerning attack for members has been an image hack by way of SQL injection. On 18 December 2012 hackers placed an image (see above) on vendors’ product listings claiming it was a ‘Silk Road Quickbuy’ button with a fake Bitcoin address for payment. They also disabled shipping options so that buyers could no longer make purchases in the usual way and so were forced the copy and paste the fake ‘quickbuy’ address.

Apparently only a few members were caught by the scam as it was a poorly-executed image and the fake BTC address needed to be manually cut and pasted.  The vulnerability was patched within 24 hours. However, the admins of the site were unable to fix the hacked images.

On 19 December, Dread Pirate Roberts wrote:

The issue has been resolved. The hole that lead to the hacker gaining access to other vendor’s images and postage options has been plugged. I’ve sent a message to all vendors asking them to update their images and postage options if their listings were affected, so hopefully the listings will be back to normal soon. I’ve turned off incognito mode on all accounts, so if you were using incognito browsing before, you’ll need to re-enable it on your setting page.

The message that was sent to vendors was:

Dear xxxxxxxxxx,
This is an automated message to all sellers at Silk Road :
Many of your listings were recently altered without your consent. Postage options were deleted, and images were changed. We’ve corrected the problem that allowed this to happen, but we cannot restore your listings to their former state. Please take a look at your current listings and be sure to add back in any missing postage options, and update any altered images.
Best regards,
Silk Road Vendor Support

Neither vendors nor buyers were very happy, one vendor saying:

You’ve been hacked, really hacked for the first time ever and I’m sorry but you just don’t seem concerned enough for me. Apart from Leo [law enforcement] closing you down this is as bad as things can get.

But as with everything that has been going on at Silk Road lately, angry members demand answers, no answers are given and eventually everything just goes back to business as usual.

Comments
  1. Fun dude says:

    I have an idea for how law enforcement could set up a sting operation on Silk Road. It goes like this. A cop creates a vendor account as well as a dozen buyer accounts. All if course using different names. The cop list drugs to sell and then uses his false buyer accounts to make purchases and post wonderful feedback. Yes. The cop would have to pay some fee to the Silk Road for all the false sales, buts that’s a small cost law enforcement could afford. Now after a short time and glowing feedback from the false buyers, real buyers attempt to make purchases. Law enforcement now has the real address and real intent to buy. When the package is delivered the recipient is busted. This seems to easy to do. What am I missing here? Yes. Real vendors can not be busted this way. But many many real buyers could easily be caught in my sting. Comments anyone?

    • Hi Fun Dude,

      This is known as the honeypot theory.

      The main reason is that it would be far too much time, effort and expense for only being able to nab a few personal users, who law enforcement are really not interested in prosecuting anyway. Also, it would take very little time for bad feedback to come flowing in when people either don’t receive their drugs or get nabbed. They wouldn’t be able to catch too many before the scam was uncovered.

      Further, most people don’t order to their own name/address, so the police would spend even more time chasing down dead ends.

      Then there is the question of jurisdiction – what do they do with orders from outside their jurisdiction?

      So basically, yes, it’s possible, but it would not be a sensible use of scarce law enforcement resources.

      Thanks for your comment :)
      Eiley

    • Bob says:

      Yeah, that really isn’t taking any drugs off the streets is it? Going after users and putting them through the legal system for intent to purchase personal use quantities is a waste of time, it drains the resources of both law enforcement and the courts. Its a really ineffective way to combat the problem, its a waste of tax payers money pursuing things in this manner and public outrage would be around the corner if this strategy was deployed at their expense…

  2. Not so fun dude says:

    They want to bust the drug lords, not the smalltime personal user.

    In many countries, there is a minimum amount of drugs you have to carry to be classified as a pusher and not a user. And if you are classified as a user, the punishment can be as light as a slap on the wrist… in some places, it is just a misdemeanor, and I know a place where jaywalking has a higher fine.

    And in many places, “intent to buy” is not illegal, and they will have no case in court if there is no actual contraband in the transaction (stuff the police brought would not count, that’s almost as bad as planting evidence).

    Nobody cares about busting the drug user, sorry, try again.

    Here’s a list of who/what they REALLY want to bust:
    - the drug factory (weed plantation, meth lab, etc)
    - the druglord (i.e. the factory owner)
    - and probably the Silk Road admins/server

  3. […] Silk Road URL being a .onion and thus rather hard to remember, makes it ripe for phishing.  Indeed, many Silk Road users had their accounts cleared out when navigating to the site via […]

  4. […] Who’s got it in for the Silk Road? […]

  5. Mark Dunlop says:

    Full silk road guide and tips found here. http://silkroaddrugs.org/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s