To help us provide you with free impartial advice, we may earn a commission if you buy through links on our site. Learn more

Silk Road hauled down by leaky Captcha, Feds reveal

The Silk Road

Notorious narcotics marketplace Silk Road was hauled offline when FBI spotted non-Tor IP address

The FBI was able to locate and shut down the infamous online drugs marketplace Silk Road by exploiting a hole in the Captcha prompt on its login page. Silk Road, the best known website on the Tor anonymity network, was temporarily hauled offline in October last year, much to the surprise of users who thought it was impossible for authorities to attack.

Now the FBI has revealed that it targeted the Captcha system in order to locate the hidden Silk Road servers and pull the website offline. It was thought near-impossible to take down Tor websites as the anonymity network hides the location of their servers making them hard to trace.

Former FBI agent Christoper Tarbell, who at the time worked as a computer forensic examiner, explained how Feds closed in on Silk Road.

“The IP address leak we discovered came from the Silk Road user login interface. Upon examining the individual packets of data being sent back from the website, we noticed that the headers of some of the packets reflected a certain IP address not associated with any known Tor node as the source of the packets,” Tarbell explained in a declaration (PDF)  given at the trial of Silk Road’s alleged owner Ross Ulbricht, known online as The Dread Pirate Roberts.

“The Subject IP Address caught our attention because, if a hidden service is properly configured to work on Tor, the source IP address of traffic sent from the hidden service should appear as the IP address of a Tor node, as opposed to the true IP address of the hidden service, which Tor is designed to conceal.”

When the IP address was typed into an ordinary web browser the Captcha login prompt appeared, revealing that this was the IP address of the server running Silk Road. Tarbell said that the underlying computer code used for the login interface had not been “properly configured” to work on Tor.

Security expert Brian Krebs defended the slip-up that allowed the Feds to locate and shut down Tor, saying it was very hard for anyone to stay truly anonymous online, even when using expert tools.

“For many Tor fans and advocates, The Dread Pirate Roberts’ goof will no doubt be labeled a noob mistake — and perhaps it was.

“But as I’ve said time and again, staying anonymous online is hard work, even for those of us who are relatively experienced at it. It’s so difficult, in fact, that even hardened cybercrooks eventually slip up in important and often fateful way.”

Read more