Arrest of Internet drug lord highlights challenge of online anonymity

Tools

Online anonymity may be more difficult to attain than you have imagined--if one were to consider the arrest of 29 year old Ross William Ulbricht. Ulbricht is the alleged mastermind behind the Silk Road, an online website that prosecutors say facilitated in drug deals of over $1 billion to buyers numbering in the hundreds of thousands. Because he took a cut from each transaction, Ulbricht reportedly netted $80 million in commission over two and a half years.

Ulbricht certainly went to great lengths to avoid detection, though. The website itself was configured to operate as a hidden Tor service designed specifically to render online anonymity. As reported on Ars Technica, Ulbricht eventually took to only using the anonymous Bitcoin currency to make payments hard to trace, and even ran transactions through a program designed to further obfuscate individual transactions.

And though it wasn't reported as such, the circumstances under which Ulbricht was arrested--while using his laptop at a public library where librarians didn't recognize him--also suggest that Ulbricht administers his website from different free Internet services as a further precaution.

So how did the feds manage to track down the kingpin of an anonymous online service, given the many layers of anonymity in place?  The short version: Ulbricht was identified as a possible suspect from a handful of online and social network posting made before the creation of the Silk Road. A blog that gave instructions on accessing the Silk Route site was linked to twice--just days after it was setup. You can read the blow-by-blow account from Ars Technica.

The Fierce Take: Beyond being an interesting read, the lesson drawn from the arrest of Ross William Ulbricht is clear: Information posted online and on social networks can easily become weapons in the hands of online criminals and black hat hackers. With enough time and effort, even innocuous or disparate pieces of data may be assembled to either offer a deeper insight into a targeted organization or as useful tidbits for a social engineering attack.

For more:
- check out this article at Ars Technica

Related Articles:
The WiFi Pineapple makes it easy to hack wireless devices
Gang arrested for planting rogue hardware as part of cyber bank heist