See update below.
Cyberwar has hit the Deep Web yet again.
Silk Road 2.0, the successor to the original anonymous black market, is facing “a very sophisticated DDoS [distributed denial of service] attack,” the black market’s owner said in a statement Thursday, adding that it is “the most advanced methods we have faced yet.”
The market has been down for closing in on two days now as staffers work “around the clock” to restore service and adapt their defenses. The community forums have suffered sporadic outages as well.
Since Tuesday, numerous vendors have privately discussed, and then publicly reported, Bitcoin withdrawals worth thousands of dollars each disappearing from from Silk Road accounts.
It took roughly 24 hours of a blacked out market for Defcon, the head administrator of Silk Road 2.0, to publicly address the downtime.
“Finally a word!,” Meerkvo, a prominent vendor, wrote in the first response to Defcon’s statement. “Our coins I assume are safe?”
It’s unclear exactly how much money is unaccounted for at this point. A Feb. 2014 DDoS attack led to the theft of $2.7 million (or 474.27 bitcoins) from Silk Road vendors and customers. Perhaps ironically, Silk Road staff was on the verge of completely paying back that money before this week’s attacks.
“I called this right when it went down,” wrote Trust In Us, a large MDMA vendor on Silk Road. “I am praying the coins are safe. I just had a large sum go into my account.”
Following his or her original statement, Defcon hasn’t made a public comment since the complaints about missing money have ramped up. Another Silk Road moderator, Cirrus, has asked for “some time” and “a little faith” as the site’s developers fight off attacks and continue work on upgrading the site.
In response to further questions and criticism, another moderator, ChemCat, told critics, “If ya don’t like it here …Then Fucking LEAVE. Our home is going to be the best [dark net market]. Period :)”
“We Haven’t let anyone down as of yet, and we Don’t intend to,” he said later.
In the three years since Deep Web black markets have taken off, there have been no shortage of aggressive attacks. The original Silk Road went down regularly due to denial of service attacks.
The new Silk Road engaged in an blatant cyberwar with a rival market late last year, when Dread Pirate Roberts—named after the original DPR, the leader of Silk Road 2.0 who has long since departed the scene—claimed to have stolen everything from private messages to detailed buying statistics from TorMarket, a rival market that soon disappeared.
The source of the this week’s attack remains unclear. It could be a rival market, opportunistic criminals, or law enforcement on a mission. Over the past several years, there has been extensive research into how to use denial of service attacks to identify Tor hidden services and users. It’s not clear whether those specific attacks have been seen in the wild yet.
“Much of the downtime you have seen is intentional on our part,” Defcon, the head administrator on Silk Road 2.0, wrote. “If this is an attempt to locate our servers through packet analysis, we do not want to make it easy for our adversary and would rather be offline while we adapt our defenses.”
Then there are the more cynical theories. The most common Deep Web scam used to be an anonymous black market vendor taking money from customers. Now, in the last year since the original Silk Road went down, the biggest scams have involved entire markets stealing millions of dollars from everyone it touches.
With so much money unaccounted for during the choas of the latest Silk road attacks, more than a few worried vendors have wondered if this isn’t another major scam and if the hack isn’t a convienient excuse.
However, having paid back much of the $2.7 million stolen earlier this year, the Silk Road 2.0 team has earned significant trust from many users over the past few days.
The next few days, however, will show whether or not that faith was smartly placed.
Update: Shortly after publication of this story, Silk Road 2.0 began processing Bitcoin withdrawals once again. The market remains down due to attack. Here is the statement by Defcon, the head administrator:
Community,
While we continue testing different approaches to blocking the inbound DDoS, we are also processing withdrawals which were delayed by the traffic flood.
We understand how important cashflow is and are prioritizing transmitting all delayed withdrawals to the network over the next four hours.
Please confirm here when you receive your withdrawal.
To our adversaries: You cannot stop us. We will overcome every attack.
Defcon
Photo via David Precious (CC BY 2.0)