Hackers extorted thousands of dollars out of the Silk Road marketplace through threats of hitting the site with denial of service attacks or exposing severe security vulnerabilities.
Hackers and security specialists come in many different guises -- from white-hat teams who pinpoint vulnerabilities and conduct penetration testing with the overall aim of improving network security to black-hats using their skills for personal gain -- and the occasional hacktivist and script kiddie who take down websites for political means, or just because they can.
It doesn't take much for one to realize that illegal marketplaces, such as Silk Road, are vulnerable to the same hackers that corporations attempt to protect themselves against. The only difference is that one is on the side of the law which grants the right to call in law enforcement as they wish. Naturally, when a website offers illegal services, operators cannot call the police to assist in cases of blackmail and extortion.
This scenario is one in which the Silk Road marketplace found itself in between 2012 and 2013, as reported by Computer World. On Wednesday, reporters attending an evidence hearing in federal court in Manhattan discovered that the underground website was forced to pay thousands of dollars to cybercriminals threatening to tear down Silk Road by exposing security vulnerabilities or launching denial of service salvos.
On at least two occasions, Silk Road operators paid hackers a ransom to keep the website running and secure.
The extortions were documented during testimony from US Internal Revenue Service special agent Gary Alford, who according to the publication subpoenaed the emails of defendant Ross Ulbricht as part of US law enforcement's investigation into Silk Road.
During Alford's testimony, one hacker allegedly emailed Silk Road, revealing the existence of a serious security vulnerability. The hacker asked for $5000 to keep quiet, or $15,000 to forward details on the flaw and how it could be exploited. A spreadsheet documenting financial transactions appears to show $15,000 being paid out shortly after. In addition, $10,000 was paid to try and prevent a distributed denial of service attack from taking place.
The Silk Road marketplace, which operated within the Tor network, was closed down in 2013 by federal agents.
Ulbricht, allegedly the Silk Road admin 'Dread Pirate Roberts,' is on trial for criminal enterprise charges related to the website. Charges against the 30-year-old Texan include conspiracy to commit computer hacking and money laundering and the sale of narcotics. US prosecutors say that drugs worth $200 million were sold through the website internationally, where goods including weaponry and hacking tools were also available for purchase through the use of digital currency Bitcoin.
The defendant has pled not guilty to all charges. Ulbricht, who claims he left the site a few months after its launched and was only lured back in order to be framed by the 'real' Dread Pirate Robers, potentially faces life imprisonment.
The case is being overseen by US District Judge Katherine Forrest, and is expected to take between four and six weeks.
Read on: In the world of security
- Most US businesses vulnerable to insider threats
- Over 90 percent of data breaches in first half of 2014 were preventable
- Bluster, bravado and breaches: Today's 'terrorist' players in cybersecurity
- Mobile malware on the rise worldwide, ransomware hits the spotlight
- Verizon rushes fix for email account open season security flaw
- Microsoft Outlook hacked following Gmail block in China
- High volume DDoS attacks rise in Q3 2014
- Hackers for hire: Anonymous, quick, and not necessarily illegal
- UK hires hackers, convicts to defend corporate networks
- ZeuS variant strikes 150 banks worldwide
Read on: Fixes and Flaws