Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

4 important lessons learned from the Silk Road smackdown

Ian Paul | Oct. 4, 2013
Law enforcement has finally caught up with the notorious Silk Road underground market, and reporters are having a field day writing about an incredible story as revealed by federal investigators.

Law enforcement has finally caught up with the notorious Silk Road underground market, and reporters are having a field day writing about an incredible story as revealed by federal investigators.

Rife with drug trafficking, secretive Internet sites, and assassins for hire, Silk Road's tale is a crypto-crime story of epic proportions. But Silk Road is more than just a fascinating yarn: The site's demise also has a lot to teach us about our current digital environment, especially when it comes to online security.

Here are four key takeaways from the end of Silk Road and the Dread Pirate Roberts.

It's about the crimes, not the tech
An oft-cited fact about Silk Road is that it was part of the ominous-sounding "Darknet," a secretive, hidden part of the web that's unseen by search engines like Google and only reachable with the help of the anonymizing Tor software.

But Heisenberg-proportion criminal enterprises conducted in a crypto-laden back alley tell only half the story of the so-called Darknet.

"It's essential that the use of encryption, anonymization techniques, and other privacy practices is not deemed a suspicious activity," the Electronic Frontier Foundation said in a recent blog post. "Rather, it must be recognized as an essential element for practicing freedom of speech in a digital environment."

Beyond criminal enterprises, is also used by activists in parts of the world where speaking freely is impossible. Tor is even recommended by security experts as a good tool to use for anyone that objects to the U.S. National Security Agency's reported surveillance activities.

Endpoint security will get you in the end
Assuming the case goes to trial, some of the data tying Ulbricht to the Silk Road will likely come from his own computer. FBI agents arrested Ulbricht and seized his laptop only after he had turned on his laptop and entered his passwords, according to a report by Ars Technica. Presumably, Ulbricht had encrypted data on his laptop, which the feds wanted to have in a decrypted state before arresting him.

"Endpoints" like PCs and mobile devices are some of the hardest things to secure, because this is where data ends up sitting unencrypted and thus are choice targets for attackers. Agencies such as the NSA reportedly have a variety of exploits at their disposal to break into everything from iPhones to laptops running Ubuntu.

"What I took away from reading the Snowden documents," security expert Bruce Schneier wrote in a recent Guardian column referring to information supplied by NSA whistleblower Edward Snowden, "Was that if the NSA wants in to your computer, it's in. Period."

In Ulbricht's case, law enforcement didn't need to rely on any technical tricks to attack his laptop: They just snuck up on him after his data was exposed. Nevertheless, it's a reminder that if you don't secure the devices where you read protected data as best you can, no amount of encryption will help you.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.