Saturday, October 13, 2012

Bits and Pieces: Bitcoin, Silk Road, and a discussion of associated security implications

There was an interesting article in the September 29th- October 5th issue of the Economist called “Monetarists Anonymous” about which a classmate tipped me off.  The article concerned the first (and only) online currency known as Bitcoin. Bitcoin, for those of us as ignorant as I was until a few weeks ago, is a peer-to-peer digital currency with no issuing authority or central bank. It was devised in 2009 by an individual known as Satoshi Nakomoto (a pseudonym) without paper, silver, gold, or a central government. Instead he used, according to the New Yorker, “thirty-one thousand lines of code and an announcement on the Internet.” To prevent the money supply from growing too rapidly (and keep in mind that this is painfully simplified) Bitcoins are apparently minted by computers solving extremely difficult math problems. The difficulty of these problems automatically rises to control the supply, allowing them to be issued by any savvy individual with a powerful personal computer. The result is a currency that is exchanged exclusively online, floats freely and often violently against the dollar, and is a strange cross between a commodity and a fiat currency.

The economic and technical “hows” are rather beyond me, I admit, but the security implications of such a cryptocurrency are fascinating. A key point concerns the difficulty of tracing Bitcoin transactions to points of origin. Though it is not impossible to connect a Bitcoin exchange with real people, the currency has a significant amount of anonymity built in—especially if the user knows a thing or two about shielding their identity online. This, predictably, makes Bitcoin extremely popular in dodgy cyber markets and endeavors.  The organization Lulzsec, associated with the hactivist group Anonymous and whose leaders were arrested after Sabu turned out to be an informant, accepted donations in Bitcoin.   Wikileaks began accepting Bitcoin donations in 2011 after Visa, Mastercard, Paypal, etc. instituted a banking blockade against the website. Most notably: on the website known as Silk Road, Bitcoins are the only means of transaction.

The Economist describes the Silk Road as a sort of eBay for drugs and other unsavory forms of contraband hidden in the secreted, dark corners of the Internet known as Tor. NPR has called the website an “ for illegal drugs.” Silk Road is a dark, futuristic bazaar worthy of Huxley or Orwell that sits just below the reach of most Internet users and presents, as one can well imagine, numerous and nefarious possibilities.

Getting to the site, however, is a little more complicated than just typing “Silk Road” in the Google search bar. It won’t show up that way, and the URL for Silk Road has apparently been forgotten. In any case it is long, convoluted, and nearly impossible to memorize. Visitors are required to use special software. This special software, Tor, is Google-able and is used to facilitate online anonymity via something known as “onion routing.” “Onion routing” utilizes a layered system of encryption services that bounces around proxies while decrypting its data bit by bit—as its onion logo so artfully depicts.  It’s handy, and was actually partially pioneered by the U.S. Government. That’s not as ironic as you may think. The uses of a tool such as Tor are unlimited, but it truly is a double-edged sword; online anonymity facilitated by Tor was vital in dissident movements in Iran and Egypt and can evade internet censorship, but in America it is often utilized for criminal endeavors.  Tor is, of course, free to download—at your own discretion.

Silk Road sells drugs, and a lot of them (the site was estimated in August by Forbes to annually rake in somewhere in the ballpark of a cool $22 million), but allegedly does eventually draw the line.  The terms of service ban the sale of “anything whose purpose is to harm or defraud, such as stolen credit cards, assassinations, and weapons of mass destruction.” I suppose it could be considered a small mercy that weapons-grade plutonium and biological weapons are off-limits on the online black market.  The idea remains, though, as does the potential for the sale of materials more sensitive and much more dangerous than illegal drugs.

This has, of course, happened. The Armory, another online black market, emerged as an offshoot of the Silk Road and specializes in exactly what its name suggests: weapons. These commodities were a little too hot for Silk Road administrators, so the operators of the Armory pulled away from the market defined by American meth and weed and decided to fly solo. It operates under the same idea—with a little digital money, some anonymity software, a pinch of computer savvy, and a glaring lack of respect for laws, just about anyone can get their hands on just about anything. In the case of the Armory: Glocks, AK-47s, even grenades— largely shipped to buyers in pieces to be assembled on delivery.

Now, with the combined anonymity of the software provided by the Tor Project and the cash-in-a paper-bag aspect of Bitcoin, tracing buyers and sellers on sites like Silk Road or the Armory seems is nigh impossible—to the chagrin of the FBI and the ATF, I’m sure. Nevertheless, Forbes reports that users on Silk Road “worry that its operators may have been infiltrated by law enforcement” and a significant number of the site’s highest profile sellers have disappeared.

For discussion: what are the security implications of the anonymity promised by the combined forces of tools like Tor and Bitcoins? How can the United States and other governments deal with these implications? Or are we just wringing our hands for no reason? After all, you may argue, the bad guys will eventually get their hands on whatever drugs or arms they seek to possess—avenues like Silk Road and The Armory are no different than any physical black market. Additionally, the identity concealing aspects of tools like Bitcoin and Tor could be viewed as a boon to people seeking freedom of information and self-determination the world over. 

No comments: