VIRGINIA FUSION CENTER VIRGINIA STATE POLICE Phone 804 674-2196 Fax 804 674-2983 Terrorism Hotline 877 4VA-TIPS VFC@vsp virginia gov This is LAW ENFORCEMENT SENSITIVE information and is protected by Code of Virginia Title 52-48 and 52-49 unless otherwise noted Further distribution of this document outside your organization is prohibited prior written approval shall be obtained from VFC for dissemination to other agencies Persons or organizations violating distribution restrictions may be prosecuted and will be prohibited from receiving future documents NO REPORT OR SEGMENT THEREOF MAY BE RELEASED TO ANY MEDIA SOURCES Please contact the Virginia Fusion Center at 804 674-2196 if you have any questions or need additional information April 19 2013 VFC Intelligence Bulletin 13-02 TOR Bitcoins Silk Road and the Hidden Internet Purpose The purpose of this bulletin is to provide awareness and a basic understanding of the Hidden Internet to investigators in the field as well as provide some examples of how the Hidden Internet can be exploited by criminal elements While the term Hidden Internet can be used in a broader context and refer to other internet terms such as the Deep Web or Deepnet for the purpose of this bulletin the term Hidden Internet will refer to the hidden services provided by the TOR project to internet users specifically relating to the Silk road website and use of Bitcoins TOR Project The TOR project was initially designed and implemented as a third generation onion routing project by the United States Naval Research Laboratory While the inception and design was for the purpose of protecting sensitive communications for the United States Navy today it is utilized by over 500 000 users every day for both legal and illegal activities 1 The TOR project's primary goal is to increase privacy and security for internet users as stated in their own 2012 Annual Report This is accomplished through the onion routing system that utilizes TOR volunteers which are used as relays As users connect through TOR their data is routed through a series of relays is encrypted and as a result does not provide the users location other identifying information or original IP address The following diagrams can be seen on the TOR project's website and provide an explanation of how TOR works 1 OS TOR Project Annual Report 2012 LAW ENFORCEMENT SENSITIVE- No Further Distribution Without Permission 1 VIRGINIA FUSION CENTER VIRGINIA STATE POLICE Phone 804 674-2196 Fax 804 674-2983 Terrorism Hotline 877 4VA-TIPS VFC@vsp virginia gov LAW ENFORCEMENT SENSITIVE- No Further Distribution Without Permission 2 VIRGINIA FUSION CENTER VIRGINIA STATE POLICE Phone 804 674-2196 Fax 804 674-2983 Terrorism Hotline 877 4VA-TIPS VFC@vsp virginia gov It is important to note that the use of TOR is not illegal in and of itself Further the use of TOR provides a service that can be a useful tool both to individuals personally for governments and law enforcement personnel For example TOR can provide an investigator a level of anonymity while conducting investigations covertly on the internet such as attempting to monitor a suspect's Facebook or Myspace account without the risk of identifying the investigators location or IP address If electronic evidence is seized and subsequently searched for digital evidence during an investigation the discovery of the TOR software on a computer may be an indicator that not all of the individual's internet browsing history will be obtainable through traditional means i e subpoena to the individual's internet service provider Bitcoins While TOR provides individuals the ability to remain anonymous on the internet it would not be possible to establish a cyber black market without the ability to exchange currency Bitcoins are a virtual currency traded online over peer-to-peer networks allowing both the providing and receiving parties to remain anonymous to one another LAW ENFORCEMENT SENSITIVE- No Further Distribution Without Permission 3 VIRGINIA FUSION CENTER VIRGINIA STATE POLICE Phone 804 674-2196 Fax 804 674-2983 Terrorism Hotline 877 4VA-TIPS VFC@vsp virginia gov A Bitcoin is a digital currency a protocol and a software that enables Instant peer to peer transactions and Worldwide payments2 which allows users to conduct online transactions without the use of standard regulated world currencies For law enforcement the use of Bitcoins in conjunction with the Hidden Internet poses a great challenge Bitcoins can be purchased several ways including online exchanges Mt Gox being the most common private companies or individuals who have Bitcoin holdings already To begin trading in Bitcoins all a user needs to do is choose a wallet and install it on a computer or smartphone tablet Once the user has the wallet they are able to send and receive Bitcoins Bitcoins are not regulated or insured by any government or banking system As such the use of Bitcoins the terminology and execution are extremely technical and will not be covered in this bulletin but the explanations and descriptions are widely available on the Internet Since the inception of Bitcoins in 2009 there has been a continuous rise in the usage and total value of Bitcoins in circulation There are over 50 000 Bitcoin transactions daily equaling millions of U S dollars The total value of all Bitcoins in circulation is over 1 3 billion3 As is the case with the use of TOR the purchase receipt and use of Bitcoins is not illegal in and of itself and perfectly legitimate transactions are made such as paying for clothing hotels restaurants and allowing individuals or groups to make anonymous donations4 However with the limited exposure to detection and high potential for profit the use of TOR and Bitcoins has laid the foundation for the exploitation of these services by criminal elements Silk Road The Silk Road is a hidden website that can only be accessed using TOR or other services such as Onion to that will route through TOR The hidden net address for The Silk Road Anonymous Marketplace is http silkroadv5p5cbl6 onion The Silk Road is the largest most utilized and most well-known website dealing in illegal items on the Hidden Internet The Silk Road is known for the sale and distribution of illegal drugs and substances The Silk Road's founder owner is known as The Dread 2 OS Bitcoin org An open source P2P digital currency April 2013 OS Bitcoin org About Bitcoin April 2013 4 OS Scottish Police College Interview April 3 2013 3 LAW ENFORCEMENT SENSITIVE- No Further Distribution Without Permission 4 VIRGINIA FUSION CENTER VIRGINIA STATE POLICE Phone 804 674-2196 Fax 804 674-2983 Terrorism Hotline 877 4VA-TIPS VFC@vsp virginia gov Pirate Roberts and once into the site he provides an overview of the Silk Road its history and its purpose as laid out below For the purposes of this bulletin the Virginia Fusion Center VFC established through the use of TOR a Silk Road account The following are screen shots of the site from initial logon to browsing For any individual who is comfortable with the internet the entire process can take only minutes The following screenshots show the initial account set up screen login screen as well as browsing screen shots of items that could be purchased from the site For the purposes of this bulletin a covert screen name was utilized The screenshots are simply samples of the items listed on the site and in no way are all inclusive LAW ENFORCEMENT SENSITIVE- No Further Distribution Without Permission 5 VIRGINIA FUSION CENTER VIRGINIA STATE POLICE Phone 804 674-2196 Fax 804 674-2983 Terrorism Hotline 877 4VA-TIPS VFC@vsp virginia gov Screenshot 1 Registration Account set up LAW ENFORCEMENT SENSITIVE- No Further Distribution Without Permission 6 VIRGINIA FUSION CENTER VIRGINIA STATE POLICE Phone 804 674-2196 Fax 804 674-2983 Terrorism Hotline 877 4VA-TIPS VFC@vsp virginia gov Screenshot 2 Initial login user password LAW ENFORCEMENT SENSITIVE- No Further Distribution Without Permission 7 VIRGINIA FUSION CENTER VIRGINIA STATE POLICE Phone 804 674-2196 Fax 804 674-2983 Terrorism Hotline 877 4VA-TIPS VFC@vsp virginia gov Screenshot 3 Marijuana Cannabis Listings LAW ENFORCEMENT SENSITIVE- No Further Distribution Without Permission 8 VIRGINIA FUSION CENTER VIRGINIA STATE POLICE Phone 804 674-2196 Fax 804 674-2983 Terrorism Hotline 877 4VA-TIPS VFC@vsp virginia gov Screenshot 4 Stimulants Cocaine Listings Note All listings are in Bitcoins only With the launch of the Silk Road website in 2011 use has increased By some accounts it is believed that the Silk Road conducts approximately $2 000 000 per month in transactions believed to net The Dread Pirate Roberts approximately $140 000 per month all in Bitcoins While the Silk Road is believed to be the largest and most well-known of the hidden sites there are others such as Black Market Reloaded Deep Web Weapons Gun Guys Den and Behind Bloodshot Eyes amongst others LAW ENFORCEMENT SENSITIVE- No Further Distribution Without Permission 9 VIRGINIA FUSION CENTER VIRGINIA STATE POLICE Phone 804 674-2196 Fax 804 674-2983 Terrorism Hotline 877 4VA-TIPS VFC@vsp virginia gov Conclusion The VFC believes this will be an escalating challenge for law enforcement as awareness in the general public increases about these services The VFC will continue to analyze and attempt to identify the impact of the hidden internet and its services in Virginia It is requested that any information related to the TOR use of Bitcoins and the Silk Road or other hidden internet sites that are seen as a result of investigations or official duties be forwarded to the Virginia Fusion Center at vfc@vsp virginia gov LAW ENFORCEMENT SENSITIVE- No Further Distribution Without Permission 10                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu