The End of Silk Road 2.0 Means the Return of an Old War Between Coders and Cops

Operation Onymous, the global law enforcement effort launched last week that shut down at least 27 Tor marketplaces and illegal services, including most notably Silk Road 2.0, wasn't just a watershed moment in the history of the dark net. It was part of a continuing battle in the second Crypto Wars, pitting criminals, activists, and cops against each other.

Twice over the past month I've been told the "Crypto Wars 2.0" are coming—first by CEO of web security firm CloudFlare Matthew Prince, and then by a co-founder of the encryption software provider PGP Corporation, Phil Dunkelberger. For a second time, pro-privacy activists will be forced to fight for powerful encryption that government forces will try to break down in the name of maintaining access to data that might help them ensnare a terrorist or two.

That's if the war hasn't already begun, just a decade after the original Crypto Wars were declared over. From the 1970s onwards, those who believed in the freedoms of electronic communications sought to defend their data from prying government bodies, who tried to backdoor or otherwise disrupt cryptographic systems. The major difference this time round is that Tor and encrypted services in general are used by millions more people.

Just look at the Onymous narrative to date. Onlookers would be forgiven for first thinking it was an episode in the War on Drugs, not on cryptography, such was the rhetoric coming from official bodies. Silk Road 2.0 was the big name on the hit list, alongside other drug bazaars including Cloud Nine, Alpaca, Black Market, Cannabis UK, and Hydra.

But a handful of services not disseminating illegal substances also went down on Friday, ostensibly as part of the same operation, to be replaced with a seizure notice. These included Doxbin, a site for posting personal information such as people's addresses and phone numbers, and PinkMeth, a revenge porn site. Operation Onymous showed global police forces are willing to go after any Tor service they deem unacceptable.

Then there was the propaganda, more triumphant than the histrionics of the 1990s, when governments tried and failed to convince people of the need to give up the keys to their information. The police seemed content to send out mixed messages, as if they didn't really want people to understand exactly what went on. The first claim was that more than 400 services were seized. But Europol's cyber chief Troels Oerting later told me over email that not all of the .onion addresses seized contained an individual "illegal webshop."

"Some were reserve, others empty, others used as re-direct," he said. Overall, it appears less than 50 actual sites were taken down and neither Oerting nor the UK's National Crime Agency revealed any further details. Regardless, the police clearly want to send a message to criminal Tor users: you can't hide using encrypted networks.

Yet no one knows how the cops are infiltrating those networks. Professor Ross Anderson, head of cryptography at the University of Cambridge, isn't convinced they are doing it at all with Tor. "They have been trying to give the impression that they can break Tor, or at least Tor hidden services, at will, but this is clearly not the case," he said. "There are still large drug markets and child sex abuse services up there … Presumably the police are just trying to deter other bad guys from relying on Tor hidden services."

But the Tor Project is concerned about how hidden services were uncloaked, noting that no law enforcement agency had been in contact. "In liberal democracies, we should expect that when the time comes to prosecute some of the seventeen people who have been arrested, the police would have to explain to the judge how the suspects came to be suspects and that as a side benefit of the operation of justice, Tor could learn if there are security flaws in hidden services or other critical internet-facing services," read a blog posted at the Tor Project this week.

It suggested a number of possibilities, including the exploitation of common web bugs, tracking of Bitcoin addresses, operational security failures by dark market admins or, most worryingly for privacy-conscious people, a direct attack on the Tor network.

The Tor Project admins noted the creator of Doxbin, known as "nachash," had published log reports and some details of what happened to his site over the last week, in the hope that someone will find out how to stop future de-anonymisation efforts.

There was some indication Doxbin was targeted by a subtle Denial of Service attack, but in an email nachash told me that was a red herring, as the anomalous data on his network turned out to be requests of a crawler bot run by a friend.

"Since it's come to light that over 100 onions were hosted on the same provider in Bulgaria, there's actually a chance that my provider had a drug market operator who got swept up and that I was simply caught in the crossfire. If that's the case, then the reams of data [I released] aren't going to help."

Though everyone apart from investigators remains clueless about how police are waging their war on crypto, some suggest law enforcement could be interfering with university research just as they did in the last Crypto Wars, possibly even preventing them from publicly disclosing their findings into Tor weaknesses.

Daniel Cuthbert, founder of whitehat hacker firm Sensepost, told me his gut feeling was that non-public research was used to "map out" the Tor network linked to the seized sites. He then thinks investigators used research into Tor de-anonymisation, in particular a study that was supposed to have been presented by Carnegie Mellon's Alexander Volynkin and Michael McCord at the BlackHat 2014 security conference but was mysteriously cancelled, to acquire the IP addresses of suspects.

Anderson said there's no doubt running a Tor hidden service is hard, "especially if a capable adversary such as the NSA comes after you." And together, global police forces make a particularly formidable enemy. They've already been calling for tech companies—Apple and Google in particular—to stop constructing high-grade, end-to-end encryption, claiming it benefits terrorists. And they'll continue to bash away at Tor, regardless of the ramifications for legitimate users' privacy.

The dark markets are biting back. Cloud Nine has already announced its return on Reddit, whilst a new Doxbin is also apparently in the works. It appears many were forward-thinking enough to back up data for a future relaunch. Expect many others to bounce back soon, such is the power and reach of the techno-libertarian dream.

The first Crypto Wars lasted for decades. It's hoped by both sides that their respective ideas of "common sense" prevail much sooner than the last time around.