- Instagram and Facebook are reportedly blocking queer ads Friday 8:58 PM
- Review: Tyler Perry’s ‘A Fall From Grace’ is both nonsensical and utterly predictable Friday 6:48 PM
- Is Hulu censoring the Iran episode of Anthony Bourdain’s ‘Parts Unknown’? Friday 6:05 PM
- Trump admin celebrates Michelle Obama’s birthday by proposing rollback of her signature initiative Friday 4:01 PM
- TSA apologizes after agent grabs indigenous woman’s braids, says ‘giddyup’ Friday 3:28 PM
- Blue Bell ice cream licker pleads guilty Friday 2:54 PM
- 7 fortune-telling sites for when you’re bored Friday 2:21 PM
- Governor bans sex puns on free condom wrappers Friday 2:16 PM
- Is Justin Bieber’s ‘Yummy’ video secretly about Pizzagate? Friday 1:01 PM
- Woah Vicky rips out her hair in botched cultural appropriation attempt Friday 12:30 PM
- Here’s an exclusive look at ‘Weathering With You’ Friday 11:57 AM
- TikTok dudes are dipping their balls in soy sauce for ‘science’ Friday 11:49 AM
- Pete Buttigieg’s denial of fixing bread prices becomes its own meme Friday 11:10 AM
- Houston Astros get torched with buzzer memes after new revelation Friday 10:41 AM
- Teens are eating cereal out of each other’s mouths for clout Friday 10:34 AM
Silk Road 2.0 is battling a major cyberattack
Money is missing, no one knows how much. Sound familiar?
See update below.
Cyberwar has hit the Deep Web yet again.
Silk Road 2.0, the successor to the original anonymous black market, is facing “a very sophisticated DDoS [distributed denial of service] attack,” the black market’s owner said in a statement Thursday, adding that it is “the most advanced methods we have faced yet.”
The market has been down for closing in on two days now as staffers work “around the clock” to restore service and adapt their defenses. The community forums have suffered sporadic outages as well.
Since Tuesday, numerous vendors have privately discussed, and then publicly reported, Bitcoin withdrawals worth thousands of dollars each disappearing from from Silk Road accounts.
It took roughly 24 hours of a blacked out market for Defcon, the head administrator of Silk Road 2.0, to publicly address the downtime.
“Finally a word!,” Meerkvo, a prominent vendor, wrote in the first response to Defcon’s statement. “Our coins I assume are safe?”
It’s unclear exactly how much money is unaccounted for at this point. A Feb. 2014 DDoS attack led to the theft of $2.7 million (or 474.27 bitcoins) from Silk Road vendors and customers. Perhaps ironically, Silk Road staff was on the verge of completely paying back that money before this week’s attacks.
“I called this right when it went down,” wrote Trust In Us, a large MDMA vendor on Silk Road. “I am praying the coins are safe. I just had a large sum go into my account.”
Following his or her original statement, Defcon hasn’t made a public comment since the complaints about missing money have ramped up. Another Silk Road moderator, Cirrus, has asked for “some time” and “a little faith” as the site’s developers fight off attacks and continue work on upgrading the site.
In response to further questions and criticism, another moderator, ChemCat, told critics, “If ya don’t like it here …Then Fucking LEAVE. Our home is going to be the best [dark net market]. Period :)”
“We Haven’t let anyone down as of yet, and we Don’t intend to,” he said later.
In the three years since Deep Web black markets have taken off, there have been no shortage of aggressive attacks. The original Silk Road went down regularly due to denial of service attacks.
The new Silk Road engaged in an blatant cyberwar with a rival market late last year, when Dread Pirate Roberts—named after the original DPR, the leader of Silk Road 2.0 who has long since departed the scene—claimed to have stolen everything from private messages to detailed buying statistics from TorMarket, a rival market that soon disappeared.
The source of the this week’s attack remains unclear. It could be a rival market, opportunistic criminals, or law enforcement on a mission. Over the past several years, there has been extensive research into how to use denial of service attacks to identify Tor hidden services and users. It’s not clear whether those specific attacks have been seen in the wild yet.
“Much of the downtime you have seen is intentional on our part,” Defcon, the head administrator on Silk Road 2.0, wrote. “If this is an attempt to locate our servers through packet analysis, we do not want to make it easy for our adversary and would rather be offline while we adapt our defenses.”
Then there are the more cynical theories. The most common Deep Web scam used to be an anonymous black market vendor taking money from customers. Now, in the last year since the original Silk Road went down, the biggest scams have involved entire markets stealing millions of dollars from everyone it touches.
With so much money unaccounted for during the choas of the latest Silk road attacks, more than a few worried vendors have wondered if this isn’t another major scam and if the hack isn’t a convienient excuse.
However, having paid back much of the $2.7 million stolen earlier this year, the Silk Road 2.0 team has earned significant trust from many users over the past few days.
The next few days, however, will show whether or not that faith was smartly placed.
Update: Shortly after publication of this story, Silk Road 2.0 began processing Bitcoin withdrawals once again. The market remains down due to attack. Here is the statement by Defcon, the head administrator:
While we continue testing different approaches to blocking the inbound DDoS, we are also processing withdrawals which were delayed by the traffic flood.
We understand how important cashflow is and are prioritizing transmitting all delayed withdrawals to the network over the next four hours.
Please confirm here when you receive your withdrawal.
To our adversaries: You cannot stop us. We will overcome every attack.
Photo via David Precious (CC BY 2.0)
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.