Skip to content ↓ | Skip to navigation ↓


Recently, Tripwire reported on the launch of ‘Silk Road Reloaded,’ the newest iteration of the Silk Road underground market where users can purchase drugs and fake IDs.

The fact that Silk Road has returned is a testament to users’ ongoing ability to purchase illegal goods online, not to mention merchants’ ability to sell these products. After all, as noted in a recent CNBC news article by Ken Westin, Senior Technical Marketing Manager and Security Analyst at Tripwire, online illegal markets increasingly serve as a convenient means for criminal networks to communicate, move around monies, and advertise products and services.

Given the prevalence of these underground exchanges, it is worthwhile to investigate just how customers go about to purchase illegal goods online. Tripwire will use the Silk Road model as an example, all the while acknowledging that hundreds if not thousands of other illegal markets thrive online today.

Tor: The Gateway to Silk Road

Silk Road is one of many websites, legal and not, that uses the “.onion” domain. As such, web users cannot access the site without the use of the anonymizing service Tor.

Tor is a form of onion routing, a flexible communications infrastructure that was initially developed by the U.S. Naval Research Laboratory. Its initial purpose was to protect online government communications from traffic analysis and eavesdropping, but its functions, along with the diversity of its user base, have expanded since then.

Onion routing encrypts users’ data that is sent through the web in multiple layers and transmits user traffic through several different computers. It does this via a network comprised of middle relays, bridges and end relays. Together, these relays work to send user information along a random path. However, each relay knows only the relay that sent it data and to which relay it will pass the data. This process, along with a different set of encryption keys per each inter-relay hop, anonymizes a user’s web activities.

Many different kinds of users employ the anonymizing service for the benefit of society at large, as some privacy and anonymity advocates would argue. For example, some parents use Tor to protect their children online. Citizen journalists in oppressive regimes also conceal their activities via Tor in order to continue reporting on corruption and political reform, whereas business executives use the service to hide their traffic patterns from competitors.

These legitimate uses notwithstanding, many online illegal markets, including the Silk Road, use Tor’s “.onion” domain in an effort to shield their customers and merchants from law enforcement agencies. In other words, unless they download Tor’s web browser, users have no way of accessing these black web markets.

Illegal Goods Galore

After users have entered the URL for Silk Road into their Tor browser, they will be asked to create an account. Upon completing their registration, users may then search among a number of illegal goods according to category, which includes drugs, fireworks, jewelry, and computer equipment.

A step-by-step guide provided by Business Insider that details how to complete a purchase on Silk Road shows to what extent these underground markets mimic more mundane online exchanges like Amazon and eBay. For instance, when searching for a particular product, buyers may select sellers based on their customer ratings, which take into consideration shipping times and whether or not they honored each of their transactions.

The main differences with legal online markets become most readily apparent when it’s time to check out. Silk Road and Silk Road 2.0 processed purchases only in Bitcoins, a popular cryptocurrency which to a certain extent anonymizes web payments. Additionally, upon entering one’s shipment address, customers’ information is automatically protected with PGP encryption—another measure designed to protect buyers’ true identities.

Operation Onymous and ‘Silk Road Reloaded’

2014 was a rocky year for Silk Road and illegal underground markets more generally. In November, it was announced that the FBI, Europol, and the Department of Homeland Security had succeeded in arresting 17 people and seizing 400 websites with the “.onion” domain. Codenmaned “Operation Onymous,” the international sting succeeded in shutting down a number of online drug markets, including Cloud 9, Topix, and Silk Road 2.0.

With the knowledge that sellers could have their merchandise seized, their markets shut down, and their customers (or themselves) arrested by law enforcement at any time, the illegal underground has taken some extra precautions in creating the latest version of Silk Road, ‘Silk Road Reloaded.’

First, the new underground market has abandoned Tor for the use of I2P, another anonymizing service that unlike Tor’s directory-based approach uses distributed network database and peer selection, features which are designed to help “screen” other routers based upon their performance.

Additionally, Silk Road Reloaded has moved away from the Bitcoin due to privacy concerns. Anyone can use the public ledger of Bitcoin transactions, known as the blockchain, to trace a transaction to a particular pseudonym. If those pseudonymns are not properly secured, law enforcement authorities could easily identify who is selling what to whom on the underground market.

For that reason, the admins of Silk Road Reloaded have shifted the site’s currency to Darkcoins, which scramble attempts at blockchain tracking. The cryptocurrency also provides an added layer of protection via a process called CoinJoin in which users can exchange their Darkcoins with two other users as part of a series of encrypted transactions. CoinJoin makes tracing a transaction back to a Darkcoin user much more difficult if not nearly impossible.

Tit for Tat in the Illegal Underground

Clearly, Silk Road is a sufficiently resilient model to the extent that the underground market has survived two takedowns and implemented a host of new anonymizing measures. However, we as information security professionals would be remiss to not credit the persistence of law enforcement agencies who continue to put pressure on these black markets.

As we all know, takedowns like Operation Onymous do not put an end to cyber criminal markets. But they do disrupt business and force them to adopt more stringent security protocols, the costs and effects of which place strict limitations on who can participate in their communities, thereby lowering profits.

Customers may always be able to purchase illegal goods online. But as we learn more about the digital underground, information security experts and law enforcement agencies can increase the operational costs of their doing so.