Friday, May 3, 2013

Update On DDos Attack on Silk Road; May Consider Going Further Into the Shadows


The "dark web" marketplace Silk Road has been targeted by a DDoS (Distributed Denial of Service)  attack that left the site inaccessible on 30 April and 1 May.

Infamous as a place to buy drugs and accessible only using the anonymising browser Tor, £1m worth of illegal goods is thought to pass through the Silk Road every month.

The attack is believed to be the work of a single hacker, who may have previously brought down the site for 36 hours between 24 and 26 April.

"As soon as the attacker finds out [Silk Road is open again], he will likely change his tactics and try to take the site down again," wrote the site's administrator, who goes by the name Dread Pirate Roberts, on 1 May.

Rumours regarding the motives of the attacker ranged from an attempt to engineer a Bitcoin price drop, to it being the work of the police or other government-backed actors. In February, an Australian drug dealer became the first to be convicted for Silk Road-related crimes.

The finger has also been pointed at rival marketplaces, like Atlantis and Black Market Reloaded, but there's no evidence that this is case.

Bitcoin is the only accepted currency on the Silk Road -- a drop in activity there could lead to a decrease in demand for Bitcoins and therefore a drop in price.

Reports that the attacker had demanded a $5,000 ransom on 27 April appear to have been debunked, with Bitcoin magazine pointing out that no record of the demands exist online.

"We have come a long way in the battle, but still do not have the upper hand," wrote Roberts during the attack on 30 April, before adding that the attack had raised questions about whether the Tor browser software or network would need to be altered to help prevent similar attacks in future.

He also mulled the possibility that the marketplace would need to move even further into the shadows by allowing access to the site only through private URLs."If [a faster solution can't be found], then we will move to a semi private scheme where users will be given access through many private URLs."

No comments:

Post a Comment