The following report was released to law enforcement around the country by the Virginia Fusion Center in April 2013. It describes law enforcement concerns related to the use of Tor, Bitcoins and other services allowing greater anonymity online.
TOR, Bitcoins, Silk Road, and the Hidden Internet
10 pages
Law Enforcement Sensitive
April 19, 2013
Download
The purpose of this bulletin is to provide awareness and a basic understanding of the “Hidden Internet” to investigators in the field, as well as provide some examples of how the Hidden Internet can be exploited by criminal elements.
While the term “Hidden Internet” can be used in a broader context and refer to other internet terms such as the “Deep Web” or “Deepnet,” for the purpose of this bulletin the term “Hidden Internet” will refer to the hidden services provided by the TOR project to internet users, specifically relating to the Silk road website and use of Bitcoins.
TOR Project
The TOR project was initially designed and implemented as a third generation onion routing project by the United States Naval Research Laboratory. While the inception and design was for the purpose of protecting sensitive communications for the United States Navy, today it is utilized by over 500,000 users every day for both legal and illegal activities.
The TOR project’s primary goal is to increase privacy and security for internet users, as stated in their own 2012 Annual Report. This is accomplished through the onion routing system that utilizes TOR volunteers which are used as relays. As users connect through TOR, their data is routed through a series of relays, is encrypted, and as a result does not provide the users location, other identifying information, or original IP address.
…
It is important to note that the use of TOR is not illegal in and of itself. Further, the use of TOR provides a service that can be a useful tool both to individuals personally, for governments, and law enforcement personnel. For example, TOR can provide an investigator a level of anonymity while conducting investigations covertly on the internet, such as attempting to monitor a suspect’s Facebook or Myspace account without the risk of identifying the investigators location or IP address.
If electronic evidence is seized and subsequently searched for digital evidence during an investigation, the discovery of the TOR software on a computer may be an indicator that not all of the individual’s internet browsing history will be obtainable through traditional means, i.e. subpoena, to the individual’s internet service provider.
Bitcoins
While TOR provides individuals the ability to remain anonymous on the internet, it would not be possible to establish a cyber black market without the ability to exchange currency. Bitcoins are a virtual currency traded online over peer-to-peer networks allowing both the providing and receiving parties to remain anonymous to one another.
A Bitcoin is “a digital currency, a protocol, and a software that enables; Instant peer to peer transactions, and Worldwide payments” which allows users to conduct online transactions without the use of standard regulated world currencies. For law enforcement, the use of Bitcoins in conjunction with the Hidden Internet, poses a great challenge.
Bitcoins can be purchased several ways, including online exchanges (Mt. Gox being the most common), private companies, or individuals who have Bitcoin holdings already. To begin trading in Bitcoins all a user needs to do is choose a wallet and install it on a computer or smartphone/tablet. Once the user has the wallet they are able to send and receive Bitcoins.
Bitcoins are not regulated or insured by any government or banking system. As such, the use of Bitcoins, the terminology, and execution are extremely technical and will not be covered in this bulletin but the explanations and descriptions are widely available on the Internet.
Since the inception of Bitcoins in 2009 there has been a continuous rise in the usage and total value of Bitcoins in circulation. There are over 50,000 Bitcoin transactions daily equaling millions of U.S. dollars. The total value of all Bitcoins in circulation is over 1.3 billion.
As is the case with the use of TOR, the purchase, receipt, and use of Bitcoins is not illegal in and of itself and perfectly legitimate transactions are made such as paying for clothing, hotels, restaurants, and allowing individuals or groups to make anonymous donations4. However, with the limited exposure to detection and high potential for profit, the use of TOR and Bitcoins has laid the foundation for the exploitation of these services by criminal elements.
Silk Road
The Silk Road is a hidden website that can only be accessed using TOR or other services (such as Onion.to) that will route through TOR. The hidden net address for The Silk Road Anonymous Marketplace is: http://silkroadv5p5cbl6.onion/.
…
For the purposes of this bulletin, the Virginia Fusion Center (VFC) established, through the use of TOR, a Silk Road account. The following are screen shots of the site from initial logon, to browsing. For any individual who is comfortable with the internet the entire process can take only minutes.
The following screenshots show the initial account set up screen, login screen, as well as browsing screen shots of items that could be purchased from the site. For the purposes of this bulletin, a covert screen name was utilized. The screenshots are simply samples of the items listed on the site, and in no way are all inclusive.
With the launch of the Silk Road website in 2011, use has increased. By some accounts, it is believed that the Silk Road conducts approximately $2,000,000 per month in transactions believed to net “The Dread Pirate Roberts” approximately $140,000 per month, all in Bitcoins.
While the Silk Road is believed to be the largest and most well-known of the hidden sites, there are others such as “Black Market Reloaded”, “Deep Web Weapons”, “Gun Guys Den”, and “Behind Bloodshot Eyes”, amongst others.
