The Cyber Effect
Page 31
Standing before the CSI team, as I prepared to describe the Deep Web, I told them to picture (as I do) the entire Internet as a giant ball of colored twine. “Only certain strands can be followed, but some cannot,” I said. “The strands of twine that cannot be followed are in the Deep Web.”
Looking around, I saw a room of perplexed faces. The visual metaphor that worked for me wasn’t working for anybody else.
Strands of twine?
What is she talking about?
Trying another approach, I walked to a whiteboard on the wall and drew a long horizontal line. “Here’s the horizon of the ocean,” I said. Then I drew the tip of an iceberg rising up from the ocean’s surface.
“The tip is the Internet you know—the one that you regularly access and browse,” I said. “It seems unimaginably big—doesn’t it?—like an entire universe of information.”
Heads nodded.
“But content-wise, it’s actually pretty small. What lies beneath is the Deep Web. It’s almost one hundred times bigger.”
The room grew quiet. Trying to fathom the size of the Deep Web is kind of mind-blowing and takes a while to process. When I was a kid, I used to spend hours thinking about the universe—struggling to comprehend the concept of infinity. I used to think about it until my brain hurt, hoping that eventually, if I thought long and hard enough, I would understand how to quantify it. But sometimes the best path to understanding is to grapple not with size but with characteristics. The universe is truly limitless, but that doesn’t keep us from being able to imagine a solar system or even a galaxy. What helps is creating a visual analogy, like twine, an iceberg—or the endless blue waters of the Caribbean in 1699.
So let’s discuss the characteristics of only one aspect of the Deep Web, where a lot of cybercrime operations are run, where the pirates sail and loot and bury treasure. It is called, somewhat romantically, the Darknet or Darknets. It is only a fraction of the Deep Web, and a tiny fraction of total Internet content. In network science, the word dark is used to describe anything that is hidden, untraceable, and unfindable. When a spy goes dark, he can’t be located; when you go dark online the same thing happens. Darknets refer to what is deliberately hidden. Quite a lot of what happens there is illegal.
How did illegal operations wind up there? The Deep Web was first used by the U.S. government, and the protocols for the browser Tor were developed with federal funds so that any individuals whose identity needed to be protected—from counterintelligence agents to journalists to political dissenters in other countries—could communicate anonymously with the government in a safe and secure way. But since 2002, when the software for Tor became available as a free download, a digital black market has grown there, a criminal netherworld populated by terrorist networks, criminal gangs, drug dealers, assassins for hire, and sexual predators looking for new images of children and new victims.
As explained in one Darknet tutorial:
There are things like blogs, forums (from normal to revolutionary to blatantly illegal), Tor-enabled instant messaging and chat, anonymous file hosting, anonymous financing, anonymous tipping and information exchanges, information on computer security/anonymity, info on warez/cracks/hacking, all the books, music, movies you can possibly imagine, even links to sports betting and trade information, links to international drug markets, prostitution rings, assassin markets, black market products, [child abuse material]. Some of societies [sic] most deviant people use this network. Not just those that browse the sites on there but also those who create and manage them.
Some call the entry point or portal to Darknets “the gates of Hell,” because once you pass through, there’s no telling what you’ll encounter.
No exaggeration: Almost anything you can imagine or have seen in a Quentin Tarantino movie that’s illegal, illicit, and contraband can be purchased on Darknets. This has led to flights of fantasy and myth about what exactly goes on there, because the whole thing seems so impossibly lawless and surreal. One of these Darknet rumors is the existence of fighting tournaments, Roman gladiator–style, where brutally violent matches are live-streamed for high-paying customers. The matches are said to be skillfully produced and pit two professionally trained fighters against each other.
As Thebot.net explains:
It may seem surreal but they are guys that train with the best and want no part of UFC or any fight league. Dudes who really enjoy fighting to the death…it’s not some barroom brawl. These things happen and a lot of millionaires pay big money to see them. Modern Gladiator battles. I heard there are some with humans vs. animals.
To the death? Can that really be true? In my work, I’ve had to become familiar with some dark corners of the Deep Web. The scope of human depravity there is unfathomable and deeply disturbing. But to visit for fun, for entertainment, on a dare—or even out of curiosity—is a serious mistake with potentially lasting repercussions. This isn’t HBO. It’s real. And can be dangerous.
This brings me to the next question I’m always asked: How can illegal operations thrive in the Deep Web? Isn’t there a way to effectively monitor and police the space?
Size and scope is a problem. There is an almost infinite number of hiding places, and most illegal sites are in a constant state of relocation to new domains with yet another provisional address. Another matter that confounds law enforcement is that many of these sites do not use traceable credit cards or PayPal accounts. Instead, virtual currencies such as Bitcoin are traded.
Bitcoin is the solid-gold doubloon of the digital realm—only better—it’s untraceable, anonymous currency, or what law enforcement calls a cryptocurrency. Secret money, in other words. The cyber equivalent of unmarked bills. While it is traded by reputable entities for totally legal purposes, so far the existence of cryptocurrencies in general has not been a particularly positive thing for law enforcement. The effects of anonymous money on human behavior are similar to the effects of anonymity online in general. It can amplify and facilitate certain behavior—in this case, covert behavior. The ramifications are enormous.
Historically, the biggest problem with crime was its potential to disrupt social order and encourage more disruption. Violence begets more violence, theft negates toil, and victims take time to recover—even in prehistoric societies. In the twenty-first century, in a Western and liberal democratic context, notwithstanding centuries of legal code and a technologically advanced law enforcement, society appears to be in the midst of a wholly new forensic experience.
Crime as a Service
Just as real-world crime has been impacted and facilitated by the cyber environment, the society of criminals online has been influenced by the Surface Web marketplace and its services—from Uber to Tinder to Amazon. There is recognition that consumers now expect instant gratification as well as bargains. The Darknet sites selling illicit drugs, weapons, and hidden services offer discount days, coupon codes, two-for-one specials, money-back guarantees, and loyalty points. Promotional campaigns are common, and some drug-trading sites offer escrow services; they will hold your money until your package arrives safely. When there’s a technical glitch, they are quick to apologize.
There’s even after-sales follow-up. In Europol reports, we describe it as “Crime as a Service Online” (CaaS). Customers are asked about their level of satisfaction and given opportunities to offer suggestions for improvement. Of course, it’s one thing if your local car salesman knows your address and can swing by if you have a problem with your latest purchase. But it’s an entirely different matter if organized cybercriminals try the same thing.
Anonymity works both ways. The same mechanism that provides anonymity to users provides a cloak of invisibility to the hosts of criminal sites. This has given rise to what law enforcement calls “hidden services,” the most prevalent of which is the selling of stolen credit information, or dumps. The competition is so stiff that these sites have their own service-minded rules to keep customers happy, frequently offering refunds for stolen
cards that are declined at a retailer. No risk to you!
McDumpals, one of the leading sites marketing stolen data, has a clever company logo featuring familiar golden arches and the motto “i’m swipin’ it.” And the McDumpals mascot, a gangster-cool Ronald McDonald, points a handgun at the viewer. So cute.
Customer-friendly interfaces and glib ads can even be found on sites where assassination-for-hire is offered. One site boasts, “I always give my best to make it look like an accident or suicide.” Another says, “The best place to put your problems is in a grave.” These services sometimes offer horrific bonuses, such as a chance to win a little money back with a fun wager: Followers can gamble on the actual time of execution. No doubt, this takes the science of digital marketing to a whole new level, and it’s a disturbing one.
Which brings me to the story of Ross William Ulbricht. You may have already read about this young man from Texas who had so much going for him. Nobody doing business in the Darknet knew him by his real-world name, though.
He had an alias: Dread Pirate Roberts.
The Silk Road Story
Ross Ulbricht was born outside Austin, Texas, in 1984. He was a smart, conscientious Boy Scout who loved comic books, skateboarding, and math. According to his father, Ross was “a healthy, happy, unflappable Buddha of a kid.” Spending summers in Costa Rica, where his parents, both entrepreneurs, built and rented bamboo solar-powered houses, Ross ran barefoot, learned to surf, and proved to be “a little too fearless,” according to his mother. He loved nature and being outdoors.
“We didn’t want our kids on the computer,” his father told Rolling Stone in a long and fascinating profile. “We wanted them outside playing.”
In high school, Ross devoted much of his free time to drug experimentation and parties, but managed to do well enough in school to receive a scholarship to the University of Texas at Dallas. There, he published papers on solar-cell technology at the NanoTech Institute, and was remembered for not wearing shoes or a shirt on campus and for his love of psychedelics and Eastern philosophy.
“My whole philosophy at the time,” Ulbricht recalled later, was “of being super-open and loving and connected to everything.” One college friend described him as a “physics hippie.”
At Penn State, he studied for a master’s degree in materials science and engineering on another full scholarship, and got into yoga, conga drumming, and the writings of Austrian economist Ludwig von Mises, who espoused the virtues of the free market. On Facebook at the time, he enthused in a post, “overwhelmed with the glory of being alive.”
Becoming disillusioned with academia and science by the time he finished his master’s in 2009, he changed his life plans. “He wanted to be an entrepreneur,” his mom told Rolling Stone.
Bitcoin had just become available by free download. For Ulbricht, a true believer in free markets, cryptocurrency must have felt like a gift from the tech gods. In a journal that was later found by the FBI, he wrote: “Every action you take outside the scope of government control strengthens the market and weakens the state.” He described wanting “to create a website where people could buy anything anonymously, with no trail whatsoever that could lead back to them.”
Silk Road was an online black market, the first of its kind—offering drugs, drug paraphernalia, computer hacking and forgery services, as well as other illegal merchandise—all carefully organized for the shopper. And like Amazon and other slick Surface Web sites, customers were asked to rate Silk Road sellers and post feedback about mundane matters of shipping and packaging. And similar to the way Amazon offers the opportunity to leave long reviews of goods purchased on the site, Silk Road buyers posted descriptive comments of their drug highs and lows—and gave lots of friendly drug-loving advice.
Like any good buccaneer, Dread Pirate Roberts had a code: No stolen items or child abuse material could be sold on Silk Road. This added to the impression that the site was actually a force for moral good. “Silk Road is about something much bigger than thumbing your nose at the man and getting your drugs anyway,” Ulbricht wrote. “It’s about taking back our liberty and our dignity and demanding justice.”
For the two and a half years that Ulbricht worked anonymously at the controls, Silk Road attracted a base of several thousand sellers and more than one hundred thousand buyers and was said to have generated more than $1.2 billion in sales revenue. According to a study published in Addiction, 18 percent of drug consumers in the United States between 2011 and 2013 used narcotics bought on the site.
Court records show that federal agents used traditional, time-honored investigatory tricks to pursue Ulbricht, along with some cutting-edge, classified, high-tech cyber-sleuthing, and were eventually able to dismantle Silk Road. For any black marketer, staying “dark” all the time is extremely difficult. All it can take is one small mistake to expose your real identity. Due to some missteps online, or weak computer code, Ulbricht didn’t sufficiently cover his own tracks—which led agents to locate him and link him to the website. This famous case shows that with enough resources, law enforcement can unmask those on Darknets. By the time the cyber-moralist was arrested in the science-fiction section of a San Francisco public library—his fingers on the keyboard and logged on to the Silk Road site using the free Wi-Fi—the FBI estimated that his digital black market had brought him $420 million in commissions, making him, as Rolling Stone put it, “one of the most successful entrepreneurs of the dot-com age.”
What helped Dread Pirate Roberts become rich beyond his wildest hippie dreams? Cyber effects and the cyber environment itself. As any big retailer knows, the best way to make a killing is to out-psych the shopper—and manipulating the shopping environment and shopping experience is key. This is why the air temperature inside large grocery store chains is often uncomfortably chilly and why distractingly loud music plays in clothing stores: Being cold, overstimulated, or confused can provoke impulsive shopping.
Now imagine how the cyber environment facilitates the online shopper of illegal merchandise. Anonymity and invisibility online would certainly encourage shopping, particularly for people who previously had to hide from authorities. If you add online disinhibition to this mix, you find an emboldened consumer who is even more undeterred by risk. Next, let’s factor in what I described as the cyber-risky-shift phenomenon in the chapter about teens online. If a large number of people online are doing something, this can make risky or extreme behavior seem normal.
The final ingredient is greed. Think about how opportunism factors into this equation, and how tax-free financial gains facilitated by the amassing of anonymous and untraceable wealth would encourage more vendors to participate and offer a greater selection of illegal goods. Having more vendors creates more opportunities for drug buying. More sales means a greater demand for supplies, whether it is cannabis or poppies or pharmaceuticals. The result?
A booming cybercriminal economy. It’s a virtual bubble. Silk Road’s “off the grid” computer servers were hidden around the world, in places like Latvia and Romania, but after these were uncovered by a team of agents from the FBI, the DEA, the IRS, and U.S. Customs, and the illegal transactions monitored, law enforcement was led to suspected drug dealers and buyers in the United States, Britain, Ireland, Australia, and Sweden who were using Silk Road. “These arrests send a clear message to criminals,” said Keith Bristow, director of Britain’s National Crime Agency, after the arrest of four men for alleged drug offenses. “The hidden Internet isn’t hidden, and your anonymous activity isn’t anonymous. We know where you are, what you are doing, and we will catch you.” Then Bristow nicely added the good news: Criminals, he said, “always make mistakes.”
According to U.S. District Judge Katherine B. Forrest, who sentenced Ulbricht at his 2014 trial, Silk Road created drug users and expanded the market, increasing demands in places where poppies are grown for heroin manufacture. The black market site had impacted the global market. The prosecutors alleged that, in addition to becoming th
e Jeff Bezos of drugs and guns, Ulbricht had ordered up and paid for the executions of five Silk Road sellers who had threatened to blackmail him or reveal his identity. (Nobody was actually killed; it was part of the sting operation.)
He was found guilty of seven drug and conspiracy charges and was given two life sentences, another for twenty years, another for fifteen years, and another for five years, without the chance of parole. The Bitcoins he left behind on Silk Road’s servers—worth an estimated $180 million—were forfeited, and auctioned off by federal marshals starting with an installment of fifty thousand Bitcoins.
Ulbricht pleaded for leniency. His parents did too, testifying that their son was not a hardened pathological criminal and, if freed, presented no more potential harm to society than any other former lawbreaker. He was just a conscientious barefooted free spirit whose ideals of personal and economic freedom spiraled out of control.
The judge did not show leniency, however. In her sentencing, Forrest told Ulbricht that what he did “was terribly destructive to our social fabric.” Prosecutors traced the deaths of six people who overdosed on drugs back to Silk Road, and two parents who lost sons spoke in court. One victim, an athletic young man identified only as “Bryan,” was an employee of a small money-management firm in Boston. He had struggled to resist drugs, and seemed to be winning the battle. He died of an overdose from heroin purchased on Silk Road just days prior to Ulbricht’s arrest.
Bryan’s grieving father’s statement in court conceded that his son had made bad choices in life, but felt that the operation of Silk Road had made his struggle against drugs even harder, as it had “eliminated every obstacle that would keep serious drugs away from anyone who was tempted.”
Lawlessness in a lawless environment required that an example be made. But in the case of Dread Pirate Roberts, at the age of thirty-one, he wasn’t forced to walk the plank. He was given life.