15-01-2013, 12:37 PM
Traveling the Silk Road: A measurement analysis of a large anonymous online marketplace
Traveling the Silk.pdf (Size: 423.42 KB / Downloads: 26)
Abstract
We perform a comprehensive measurement analysis of Silk Road, an anonymous, international online
marketplace that operates as a Tor hidden service and uses Bitcoin as its exchange currency. We
gather and analyze data over eight months between the end of 2011 and 2012, including daily crawls
of the marketplace for nearly six months in 2012. We obtain a detailed picture of the type of goods
being sold on Silk Road, and of the revenues made both by sellers and Silk Road operators. Through
examining over 24,400 separate items sold on the site, we show that Silk Road is overwhelmingly used
as a market for controlled substances and narcotics. A relatively small “core” of about 60 sellers has
been present throughout our measurement interval, while the majority of sellers leaves (or goes “underground”)
within a couple of weeks of their first appearance. We evaluate the total revenue made by all
sellers to approximately USD 1.9 million per month; this corresponds to about USD 143,000 per month
in commissions perceived by the Silk Road operators. We further show that the marketplace has been
operating steadily, with daily sales and number of sellers overall increasing over the past fewmonths. We
discuss economic and policy implications of our analysis and results, including ethical considerations for
future research in this area.
Introduction
“More brazen than anything else by light-years” is how U.S. Senator Charles Schumer characterized Silk
Road [5], an online anonymous marketplace. While perhaps a bit of a hyperbole, this sentiment is characteristic
of a certain nervousness among political leaders when it comes to anonymous networks. The relatively
recent development of usable interfaces to anonymous networks, such as the “Tor browser bundle,” has indeed
made it extremely easy for anybody to browse the Internet anonymously, regardless of their technical
background. In turn, anonymous online markets have emerged, making it quite difficult for law enforcement
to identify buyers and sellers. As a result, these anonymous online markets very often specialize in “black
market” goods, such as pornography, weapons or narcotics.
Silk Road is one such anonymous online market. It is not the only one – others, such as Black Market
Reloaded [3], the Armory [1], or the General Store [7] are offering similar services – but it gained fame
after an article posted on Gawker [10], which resulted in it being noticed by congressional leaders, who
demanded prompt action be taken. It is also reportedly very large, with estimates mentioned in the Silk
Road online forum [6] ranging between 30,000 and 150,000 customers.
Figure 1 shows the Silk Road front page. The site has a professional, if minimalist, look, and appears
to offer a variety of goods (e.g., books, digital goods, digital currency...), but seems to have a clear focus on
drugs. Not only do most items listed appear to be controlled substances, but the screenshot also shows the
site advertising a sale campaign for April 20 – also known as “Pot day” due to the North American slang for
cannabis (four-twenty).
Silk Road overview
Silk Road is an online anonymous marketplace that started its operations in February 2011 [6]. Silk Road
is not, itself, a shop. Instead, it provides infrastructure for sellers and buyers to conduct transactions in an
online environment. In this respect, Silk Road ismore similar to Craigslist, eBay or the AmazonMarketplace
than to Amazon.com. The major difference between Silk Road and these other marketplaces is that Silk
Road focuses on ensuring, as much as possible, anonymity of both sellers and buyers. In this section,
we summarize the major features of Silk Road through a description of the steps involved in a typical
transaction: accessing Silk Road, making a purchase, and getting the goods delivered.
Accessing Silk Road. Suppose that Bob (B), a prospective buyer, wants to access the Silk Road marketplace
(M). Bob will first need to install a Tor client on his machine, or use a web proxy to the Tor network (e.g.
http://tor2web.org) as Silk Road runs only as a Tor hidden service [11]. That is, instead of having
a DNS name mapping to a known IP address, Silk Road uses a URL based on the pseudo-top level domain
.onion, that can only be resolved through Tor. At a high level, when Bob’s client attempts to contact the
Silk Road server URL (http://silkroadvb5piz3r.onion at the time of this writing), Tor nodes
set up a rendez-vous point inside the Tor network so that the client and server can communicate with each
other while maintaining their IP addresses unknown from observers and from each other.
Once connected to the Silk Road website, Bob will need to create an account. The process is simple and
merely involves registering a user name, password, withdrawal PIN, and answering a CAPTCHA. After this
registration, Bob is presented with the Silk Road front page (see Figure 1) from where he can access all of
Silk Road’s public listings.
Crawling mechanism
We registered an account on Silk Road in November 2011, and started with a few test crawls. We immediately
noticed that Silk Road relies on authentication cookies that can be reused for up to a week without
having to re-authenticate through the login prompt of the website. Provided we can manually refresh the authentication
cookie at least once per week, this allows us to bypass the CAPTCHAmechanism and automate
our crawls.
We conducted a near-comprehensive crawl of the site on November 29, 2011,1 using HTTrack [32].
Specifically, we crawled all “item,” “user” (i.e., seller) and “category” webpages. The complete crawl
completed in about 48 hours and corresponded to approximately 244 MB of data, including 124MB of
images.
Starting on February 3, 2012, and until July 24, 2012, we attempted to perform daily crawls of the
website. We noticed that early in 2012, Silk Road had moved to inlining images as base64 tags in each
webpage. This considerably slowed down crawls. Using an incremental mode, that is, ignoring pages that
had not changed from one crawl to the next, each of these crawls ran, on average, for about 14 hours. The
fastest crawl completed in slightly over 3 hours; the slowest took almost 30 hours, which resulted in the
following daily crawl to be canceled. To avoid confusion between the time a crawl started, and the time a
specific page was visited, we recorded separate timestamps upon each visit to a given page.
Challenges
Kanich et al. [15] emphasize the importance of ensuring that the target of a measurement experiment is not
aware of the measurement being conducted. Otherwise, the measurement target could modify their behavior,
which would taint the measurements. We thus waited for a few days after the November crawl to see if the
full crawl had been noticed. Perusing the Silk Road forums [6], we found no mention of the operators
noticing us; our account was still valid and no one contacted us to inquire about our browsing activities.
We concluded that we either had not been detected, or that the operators did not view our activities as
threatening.
We spent some additional effort making our measurements as difficult to detect as possible. Since all
Silk Road traffic is anonymized over Tor, there is no risk that our IP address could be blacklisted. However,
an identical Tor circuit could be repeatedly used for crawling if the application (HTTrack in this case) keeps
the same socket open; this in turn could reveal that we are crawling the entire site. We addressed this
potential issue by ensuring that all circuits (including active circuits) are periodically discarded and new
circuits are built. To further (slightly) obfuscate our activities, instead of always starting at the same time,
we started each crawl at a random time between 10pm and 1am UTC.
Marketplace characteristics
In this section we describe the Silk Road as a marketplace. That is, we provide an overview of the types of
goods being sold in Silk Road, before discussing seller characteristics.
What is being sold?
Items offered on Silk Road are grouped by categories. There are approximately 220 distinct categories,
ranging from digital goods to pornographic materials, to various kinds of narcotics or prescription medicine.
In Figure 3, we plot, on the left-hand side, for each category, the number of items sold in that category,
over the data collected from February 3, 2012 through July 24, 2012. For readability we ordered categories
by decreasing popularity. In total, we found 24,422 unique items being sold over that period. While a
few categories seem to hold the most items, Silk Road, like other online marketplaces, exhibits a long-tail
behavior, where a large number of items appear to be unique.
Who is selling?
Due to the anonymous nature of Silk Road, it is impossible to discern whether certain sellers use multiple
seller pages. Likewise, several sellers in the physical world may offer their goods through a unique seller
page on Silk Road, although this would certainly be a clear indication of a business partnership. In this
discussion we will equate “sellers” with distinct seller pages.
Evolution over time. In Figure 5, we plot the evolution of the number of sellers on Silk Road over time,
between February 3, 2012 until our last daily crawl (July 24, 2012).
On July 24, 2012, we found 564 distinct sellers with at least one item listed for sale on Silk Road. This
is a marked increased compared to the 220 sellers we had observed during our initial crawl on November
29, 2011 (not shown on the figure). The gaps in the figure correspond to data collection gaps. An interesting
spike occurs around April 20, 2012. April 20 featured a large promotional sale on Silk Road to mark “Pot
Day.” It appears that a number of sellers entered the marketplace in the week or two prior to this operation;
and a non-negligible number left immediately afterwards. Finally, the Silk Road forums indicate that one
of the top sellers went on hiatus on March 12, 2012. It is unclear whether this played a role in the marked
increase of the number of sellers since that time – i.e., whether newcomers attempted to fill the void. The
main lesson from this data is that the number of active sellers has been continuously increasing, at least
since early March. A linear regression fit in Figure 5 gives y = 1.68x − 68514 (R2 = 0.96887), where x is
in days, y the number of active sellers. In other words, the increase in the number of sellers appears linear,
with about 50 new active sellers each month.
Related work
From a technical standpoint, this work is closely related to rapidly growing literature on measuring cybercrime
(e.g., [13, 16, 17, 19, 20, 22, 23, 24, 25, 33]). The techniques used in this paper (periodic crawls, use
of anonymous networks) to collect measurements indeed are relatively common to most work in this field.
However, the main difference between this work and the related cybercrime literature is the object of the
measurements. Instead of trying to characterize a security attack or the behavior of an attacker, we are instead
trying to describe as precisely as possible an online marketplace. In that respect, our work shares some
similarities with works that have tried to model transactions on eBay [14, 31] or Amazon [26]. However,
we do not focus much on customer reviews to assess seller reputation but instead primarily use feedback as
proxy for sales volume.
At first glance quite similar to our work, McCoy et al. provided a characterization of traffic using the
Tor network by monitoring a Tor exit node [19]. Different from this research, we do not actually monitor
Tor traffic and instead analyze data posted to an online marketplace. Motoyama et al. [25] performed
related measurements to evidence the existence of online “mule” recruitment schemes in crowdsourcing
marketplaces.
Conclusion
We have performed what we believe is the first comprehensive measurement analysis of one of the largest
anonymous online marketplaces, Silk Road. We performed pilot crawls, and subsequently collected daily
measurements for six months (February 3, 2012–July 24, 2012). We analyzed over 24,000 items, and
parsed over 180,000 feedback messages. We were able to determine that Silk Road indeed mostly caters to
drug users (although other items are also available), that it consists of a relatively international community,
and that a large number of sellers do not stay active on the site for very long. We further discovered that
sales volume is increasing; currently corresponding to approximately USD 1.9 million/month for the entire
marketplace, corresponding to USD 143,000/month in commissions for Silk Road operators. Informed by
these measurements, we discussed some of the possible policy remedies. A surprising result is the tight
coupling between Silk Road and the Bitcoin market – the daily sales on Silk Road correspond to almost
20% of the average daily volume of USD-BTC exchanges on Mt.Gox, the largest exchange forum. As
a result, it seems like a potentially effective intervention policy would be to destabilize the value of the
Bitcoin, to create instability in the marketplace.