Silk Road paid off hackers to keep site running

According to testimony in US federal court, more than a few hackers tried to blackmail the illegal marketplace before it was shut down in 2013 -- and at least two were paid off.

Charlie Osborne Contributing Writer
Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B.
Charlie Osborne
3 min read


Hackers extorted thousands of dollars out of the Silk Road marketplace through threats of hitting the site with denial-of-service attacks or exposing severe security vulnerabilities, according to testimony in US District Court.

Hackers and security specialists come in many different guises -- from white-hat teams that pinpoint vulnerabilities and conduct penetration testing with the overall aim of improving network security, to black-hats using their skills for personal gain, and to the occasional "hacktivist" and script kiddie who take down websites for political means, or just because they can.

It doesn't take much for one to realize that illegal marketplaces, such as Silk Road, are vulnerable to the same hackers against which corporations attempt to protect themselves. The only difference is that one is on the side of the law that grants the right to call in law enforcement as they wish. Naturally, when a website offers illegal services, operators cannot call the police to assist in cases of blackmail and extortion.

This scenario is one in which the Silk Road marketplace found itself in between 2012 and 2013, as reported by Computerworld. On Wednesday, reporters attending an evidence hearing in federal court in Manhattan discovered that the underground website was forced to pay thousands of dollars to cybercriminals threatening to tear down Silk Road by exposing security vulnerabilities or launching "denial of service" salvos.

On at least two occasions, Silk Road operators paid hackers a ransom to keep the website running and secure.

The extortions were documented during testimony from Internal Revenue Service special agent Gary Alford, who, according to the publication, subpoenaed the emails of defendant Ross Ulbricht as part of US law enforcement's investigation into Silk Road.

During Alford's testimony, one hacker allegedly emailed Silk Road, revealing the existence of a serious security vulnerability. The hacker asked for $5,000 to keep quiet or $15,000 to forward details on the flaw and how it could be exploited. A spreadsheet documenting financial transactions appears to show $15,000 being paid out shortly after. In addition, $10,000 was paid to try and prevent a distributed "denial of service" attack from taking place.

The Silk Road marketplace, which operated within the Tor network, was closed down in 2013 by federal agents.

Ulbricht, allegedly the Silk Road admin "Dread Pirate Roberts," is on trial for criminal enterprise charges related to the website. Charges against the 30-year-old Texan include conspiracy to commit computer hacking and money laundering and the sale of narcotics. US prosecutors say that drugs worth $200 million were sold through the website internationally, where goods -- including weaponry and hacking tools -- were also available for purchase through the use of digital currency Bitcoin.

The defendant has pleaded not guilty to all charges. Ulbricht, who claims he left the site a few months after it launched and was only lured back to be framed by the "real" Dread Pirate Robers, potentially faces life imprisonment.

US District Judge Katherine Forrest is overseeing the trial, which is expected to take between four and six weeks.

This story originally posted as " Hackers blackmailed Silk Road underground" on ZDNet.