Photo via Flickr
The heat is on the anonymous web. In case you missed all the fun, the FBI busted the infamous online black market Silk Road yesterday, and revealed the mysterious "Dread Pirate Roberts" as Ross William Ulbricht—a 29-year-old San Franciscan who has now been charged with hacking, money laundering, and narcotics trafficking conspiracies.
Silk Road's drug sales and other nefarious transactions were made using Bitcoin, and the website's location was supposedly safely hidden behind Tor's encrypted network. But now that the site's been seized, worried patrons of the darknet are wondering if the deep web isn't as safe as they thought.
The folks at The Tor Project are attempting to quell those fears, assuring users that the FBI didn't get to Ulbricht by infiltrating the anonymous network. "In this case we've been watching carefully to try to learn if there are any flaws with Tor that we need to correct. So far, nothing about this case makes us think that there are new ways to compromise Tor," they wrote in a blog post yesterday.
Rather, it looks like the FBI cracked this one old-school style—or as Tor put it, with "actual detective work."
That's how the FBI tells it too. According to the agency, the criminal mastermind behind Silk Road made a handful of sloppy mistakes that ultimately led to his arrest. For instance, at one point he connected to the Silk Road web server through a Virtual Private Network but without running Tor, and then using an email address with his real name in it. “Tor does not anonymize individuals when they use their legal name on a public forum [or] use a VPN with logs that are subject to a subpoena,” wrote Tor.
Silk Road was run using Tor's hidden services, which allows people to publish and visit webpages anonymously, and host sites without revealing their location. Here again, Tor pointed the finger at the user, writing that it's each publisher’s responsibility to keep their web server secure. "Mistakes in configuring or maintaining a hidden service website can compromise the publisher's anonymity independent of Tor,” the blog post stated. "We've seen no evidence that this case involved breaking into the web server behind the hidden service."
And to top it off, it claimed that even the people running the Tor Project can't see through the onion network's protective layers, and thus it has no more information about Silk Road or Ulbricht than anyone else.
It's a pretty convincing defense, and not the first time Tor's had to use it. When the FBI caught the owner and operator of Freedom Hosting—one of the biggest web hosts in Tor's hidden services and home to the largest child porn ring on the internet—users worried that the cops had found a way to crack Tor's anonymity. And in that case, too, Tor explained it was Freedom Hosting's servers that were compromised, not the Tor network itself.
At the end of the day nothing's 100 percent secure or anonymous, though for now, it look like Tor has a clean record getting as close as it gets.