Security Lessons From The Silk Road

Silk Road

Ross Ulbricht, the founder of the infamous and highly illicit Silk Road online marketplace, was sentenced on May 29th, 2015 to life in prison without parole. In what has become one of the most profound case studies of crime, technology, and anonymity in our time, the world has learned firsthand the implications of information security.

The digital realm isn’t Las Vegas – what happens there, stays there forever.

Had Ulbricht avoided some simple mistakes, he’d likely still be a free man today. While the vast majority of people aren’t planning to become the next international cyber-criminal mastermind, the lessons of Silk Road’s demise and Ulbricht’s ultimate downfall should still be understood by anyone with a smartphone. Since becoming an off-the-grid luddite isn’t an option for most people, there are measures that can be taken to secure sensitive data and information.

Knowing about these techniques is critical to being secure in the always vulnerable digital landscape, and a general overview of the Silk Road case can provide some valuable lessons.

Anonymity

One of the most significant elements of the success of Silk Road was the anonymity it afforded users. This wasn’t actually done through Silk Road however, but through an anonymizing TOR software that allowed access to the darknet platform.

While TOR software has received somewhat of a negative stigma throughout the history of Silk Road, it’s important to note that anonymizing software like TOR isn’t inherently illegal or considered suspicious simply by its download or use. In fact, encryption technologies are actually recommended for use by most security experts for those who object to any form of known or unknown surveillance by outside entities. It’s incorrect to demonize these tools for their use in criminal activities. For example, anonymizing software promotes freedom of speech and access to the greater global web in countries where such rights aren’t permitted.

Beyond anonymizing software like TOR, it’s important to secure devices as best as possible, including computers, smartphones, and tablets. These devices are known as ‘endpoints’, and are inherently vulnerable simply because of the data or information they contain. If your devices aren’t secured, or the data on your devices isn’t secured, you’ll be more susceptible to attackers or surveillance. Because the FBI captured Ross Ulbricht’s laptop after he had entered his password, they were able to secure the most compelling form of evidence possible against him. Once again, you probably aren’t going to be hunted down by the FBI, but securing your devices and local data is still imperative to prevent attacks from outsiders. This is something that all businesses need to keep in mind. Digital security these days is just as important if not more important than physical security. Nowadays all you usually need for physical security is a good set of security cameras from a place like Pro-Vigil. Digital security however has many different software solutions available, and depending on your situation you may need to look around quite a bit.

Finally, similar to the Miranda Rights read to suspects or criminals before arrest, anything you say online can and will be used against you. Everything you do online is logged in an eternal archive, barring a global apocalypse or doomsday scenario. Consider it this way – if you wouldn’t be comfortable with your children seeing a certain piece of information someday, then don’t put it out into the ether. This includes conversations on forums, comments on popular sites like Reddit, emails, text messages, and especially anything to do with social media. If you’re doing anything criminal or controversial on these platforms or domains, it’s very likely to catch up with you at some point in time.

There’s always a trail

In relation to the Silk Road, before even creating the darknet marketplace, Ulbricht had posted on multiple forums for illicit drugs and bitcoin to ask other users various questions. Simply by browsing through these forums around the time of Silk Road’s appearance online, the FBI was able to name Ulbricht as one of their suspects. Beyond his posting history and his use of the same username on multiple sites, he had even posted his personal email address containing his name.

Posting on forums won’t likely land you in prison for life, but you should still be wary of anything and everything you put out there. Personal information can be acquired by identity thieves, employers can use damaging pictures against you, and anything criminal is certainly admissible as evidence against you should you get in trouble with the law. Be discrete and be smart –develop different usernames for different websites, and use secondary emails for websites as well.

While the original Silk Road marketplace no longer exists, the lessons from its rise and fall can provide valuable teaching moments for anyone online today. It’s important to understand how to keep yourself secure through anonymizing software, securing devices, and what information you choose to spread digitally. Take heed, and stay secure.

About the Author:

Lee Ying has over 10 years experience in the tech and security industry. He currently writes for various websites, if you would like to contact him you can find him on LinkedIn: https://www.linkedin.com/pub/lee-ying/9a/18b/238. Follow me on Twitter @LeeYing101

Advertisement

Wrike Project Management App

Featured FREE Resource: