The Silk Road 2 trial was made possible by a six-month long attack on Tor, according to recently published court documents. Prosecutors are still making their case against the alleged Silk Road 2 kingpin, Blake Benthall (not to be confused with the Silk Road’s Ross Ulbricht, who is also currently on trial), but Benthall’s trial is already shedding new light on how law enforcement circumvented Benthall’s anonymity tools. A search warrant made out for the arrest of one of the Silk Road 2’s vendors describes a six-month long infiltration campaign aimed at Tor’s hidden services, the same system that kept Silk Road 2 users anonymous. Eventually, that trail led investigators back to the Silk Road 2’s servers, resulting in the raid that took down the site in November.
Established after the first Silk Road was taken down, the Silk Road 2 relied on the same basic technology as the first site and attracted many of the same users. But Silk Road 2 wasn’t vulnerable to the same CAPTCHA attack that gave away location of the first Silk Road’s servers, so law enforcement needed more sophisticated tools to take it down. The Silk Road 2 was set up as a hidden service on Tor, so it was only accessible by routing through a network of complex and shifting relays. The court documents refer to a source that provided “reliable IP addresses” for Tor hidden services between January and July of 2014, leading them back to both the servers and 78 different people doing business on the site.
According to a Tor blog post, someone during that period was infiltrating the network by offering new relays, then altering the traffic subtly so as to weaken Tor’s anonymity protections. By attacking the system from within, they were able to trace traffic across the network, effectively following the server traffic back to their home IP. In July, Tor noticed the bug and published an update to fix it — but for six months, certain hidden services were badly exposed, and the Silk Road 2 appears to have been one of them.