How the End of the Silk Road Online Marketplace Affected Cybercrime (Or Didn’t)
In November 2013, media outlets were filled with stories about the dramatic takedown of Silk Road, an underground marketplace where illegal goods such as drugs, stolen credit cards and fake IDs were openly traded. (Did you know your stolen credit card only costs $10?) The site was hosted on the famous anonymous network TOR, which made it incredibly difficult to track down the man behind it (a man who used the moniker “Dread Pirate Roberts”) and take it down. But collaborative law enforcement efforts finally succeeded with the arrest of Ross Ulbricht in San Francisco.
Last week, Ulbricht returned to the news, receiving a life sentence, and his site will now be part of the ever growing cybercriminal legacy. But, legacy or not—and despite what various media channels are reporting about the effect of this outcome on the underground as a whole—the takedown of Silk Road had very little effect on global cybercrime. This isn’t because of an error on the part of law enforcement, but rather because of how the underground economy operates.
Screenshot from the Silk Road Online Marketplace (Credit: Wikipedia)
How The Silk Road Takedown Equals More Opportunities for Fraudsters
Many fraudsters in the underground economy crave the spotlight. They want to become leaders of shady circles much the way “real-world” criminals might crave going up the ranks of the organization they’re in. (Of course, cybercriminals are “real” criminals…) Unlike “real-world” criminals, though, cybercriminals are not part of an organization with ranks. Their way of “moving up” is through their social status, which comes with becoming a known vendor, a long-standing and contributing member of a major forum, or being the owner and administrator of their own forum. As a result, there’s quite a lot of competing forums and marketplaces in the underground. If one shuts down, the site’s members always have somewhere else to take their business. Silk Road was no different than any of these sites.
You could say that when Silk Road was shut down, the situation in the underground worsened as some fraudsters thought they’d found an opportunity to quickly enter the newly created vacuum and fill it with alternatives. Silk Road 2 (which was taken down in November 2014) was rapidly established by former administrators of the original Silk Road. Other sites that popped up include Evolution Market (which disappeared in March 2015), Agora and AlphaBay, to name a few examples. Today, there is a staggering number of underground marketplace websites to choose from, not to mention that there is an entire underground economy dedicated to financial fraud that exists outside the anonymous TOR network.
As a result of all this competition, the takedown of a single site or even a group of sites doesn’t tend to have a great effect on the overall cybercrime economy. And this issue isn’t new by any means; all the way back in 2007, Carders Market, one of the largest English-language underground forums, was taken down. Its biggest competitor, DarkMarket, turned out to be a sting operation by the FBI. While these takedowns resulted in an international operation to apprehend many of the sites’ members, those arrested were only a drop in the bucket, and those who survived simply moved to new sites such as CardingZone.
What Does A Successful Takedown Look Like?
In order for the “good guys” to make a dent in the vast cybercrime economy, they need to hit cybercriminal infrastructure, such as a major botnet that’s sending out spam. For example, the takedown of the Rustock botnet—the huge botnet that was responsible for sending out a major chunk of the overall spam sent out over Internet. When Rustock was taken offline, spam volumes actually plummeted. Admittedly, though, even this type of success story is rare. There are plenty of similar takedowns—such as those of the Cutwail botnet and the Grum botnet—that didn’t quite manage to effect spam levels.
The resilience of cybercrime in spite of periodic website and infrastructure takedowns by law enforcement suggests why fraudsters are still, after a decade of operation, trading stolen credentials and illegal goods in the relative open. Taking them down hardly makes a difference, and with all the effort fraudsters pour into making sure their servers are resilient to takedown attempts, sometimes law enforcement’s efforts are just not worth the results. The Silk Road takedown did not affect cybercrime, nor will the next takedown. Even if security researchers and law enforcement officials are able to make a dent in cybercrime, the dent would be very specific to a certain element of cybercrime (e.g., spam, credit card trade, etc.), and will only be temporary.
Did you enjoy this post? If so, subscribe to get a weekly roundup from BlogDOG.
The LogDog anti-hacking and privacy tool protects the most popular online account types including Gmail, Facebook, and Dropbox by detecting unusual access activity and alerting users so they can take control of their accounts before hackers do.
The service can be used across all devices and OS’s, so you’re always being protected. Here’s the Android and iOS links for you to check out.