Silk Road, the Internet’s most notorious drug marketplace, exists in what’s known as the “deep web,” invisible to search engines. Transactions there are conducted using the digital currency Bitcoin—thus avoiding traditional, easy-to-trace banking systems—and even getting into Silk Road requires hiding one’s identity behind an anonymous browser.
But on Monday night, this infamous part of the deep web may have been dredged up to the surface.
Reddit user Paid Government Shill claimed to have discovered Silk Road’s real IP address, the one law enforcement could potentially use to figure out where the site is hosted, identify its mysterious owner, and shut it down.
He broke the news on r/Silk Road, Reddit’s Silk Road discussion forum.
“Last night, while SR was down for maintenance,” he wrote in a Reddit thread titled The Silk Road Revealed it’s Public IP Last Night, “a brief few moments allowed a certain set of circumstances that caused me to be able to view the public IP of the httpd server of Silk Road. This isn’t an obvious flaw, but it is extremely simple if you know where to look—the server basically will publish a page containing all of the configuration data of the httpd server including the public IP address.”
He clarified deeper in the thread that the address he found wasn’t just one of many in the chain of IP addresses Silk Road connections are routed through to disguise the site’s real location.
“The server is publishing it’s primary NIC address,” he wrote.
As one Reddit commentator pointed out, “Basically, if someone got the public IP of [Silk Road]. They’d be able to track down where its hosted and then have a pretty easy way to have the site taken down as well as potentially finding out who DPR (Dread Pirate Roberts, the administrator of the site) really is. Hopefully DPR has thought about this already and that’s a spoofed public IP.”
There has been very little law enforcement interdiction of Silk Road thus far. The only person to be convicted in connection with the site was an Australian dealer who allegedly advertised his wares on insecure parts of the web.
It’s not clear whether the IP address found by Paid Government Shill is the real one—some redditors doubted that the people behind the web’s premier drug marketplace would botch their security that badly— but if it is, law enforcement could use it to seize the hardware running the site.