We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road doesn’t qualify as a “must read” for all cybersecurity professionals, but it is a very interesting and entertaining book. American Kingpin is about the rise and fall of the Dread Pirate Roberts (DPR), the criminal head of the notorious, illicit online marketplace, the Silk Road, where drugs, guns, and even human body parts were available for sale anonymously. At a deeper level, however, American Kingpinfollows two stories. First, it tracks Ross Ulbricht, a twenty-something libertarian who created the Silk Road, grew it from a cottage website to a multi-million-dollar illegal marketplace and transformed himself from naïve grad school dropout to criminal overlord DPR.
Additionally, American Kingpin follows the federal investigation, arrest, and conviction of DPR, weaving this thread throughout the entire book. Far from a highly organized federal investigation, the hunt for DPR begins by resembling a keystone cop’s episode as various individuals from different federal law enforcement agencies (DEA, DHS, FBI, IRS, etc.) jump on the case, buy drugs, arrest low-level dealers and drug buyers, and follow leads in pursuit of the Silk Road kingpin. Eventually, these individuals discover each other and cooperate on finding the Dread Pirate Roberts. While their collaboration leads to several dead ends, they eventually put their heads together, piece together all their individual breadcrumbs, and takedown DPR.
American Kingpin is well-researched and written in an easy-to-read style that grabs and holds on to the reader from start to finish. This book is highly entertaining as it exposes the cybercriminal underground and links it to an individual whom no one suspected of being anything other than a misguided young man. Despite not being a Canon candidate, I do highly recommend this book for those cybersecurity professionals interested in cybercrime, law enforcement, and an old-fashioned cops-and-robbers story.
Like the last book I reviewed for the Cybersecurity Canon (The Dark Net), American Kingpin, doesn’t really qualify as a “must read” book for all cybersecurity professionals. Admittedly, you won’t enhance your skills or advance your career by reading this book. That said, cybersecurity isn’t about network packets, malicious code, and software vulnerabilities alone. No, cybersecurity also includes some basic philosophical and human issues around the use of technology as good versus evil. There is a fundamental question in what we do: Why do some people use their technical skills to breaking the law while others dedicate their lives to countering these threats?
American Kingpin explores this question by following Ross Ulbricht, a seemingly normal person who came up with the idea to create a website for selling illicit drugs online. Ross could have never imagined that this initial, misguided decision would lead to a multi-million-dollar organized criminal enterprise and an international manhunt. Ross’s relatively innocent website became the infamous Silk Road while Ross himself turned from happy-go-lucky twenty-something to the criminal Dread Pirate Roberts.
One of the things I really liked about American Kingpin is it is a book with two interwoven stories:
- The picaresque story of Ross Ulbricht before, during, and after his fateful decision to develop and operate the Silk Road.
- The story of a loosely coupled law enforcement posse that discovers and investigates the Silk Road website and the criminals behind it.
These two stories coalesce at the book’s conclusion as Ulbricht is discovered, arrested, tried, and sentenced.
Story #1 opens with young Ross with his family in his hometown of Austin, Texas. Ross seems like an average American kid – good home, boy scout, college graduate, etc. Ross is considered an exceptionally bright kid, albeit a bit quirky and disorganized.
As this story develops, we also learn a bit more about Ross when he enters graduate school. Ulbricht is a free spirit who participates in drum circles, lives a pauper’s existence, and wears the same clothes for days on end. Ross is also somewhat of a partier, drinking and smoking marijuana with close friends. Despite his outward Bohemian appearance, however, Ross is also highly intelligent and passionate in his opinions. He is especially committed to his politics, maintaining a strong libertarian belief system. At Penn State, he participates in political debates, always arguing that the government has no business getting involved in citizens’ private and personal life choices.
Soon, Ross leaves graduate school and moves back to Austin with his girlfriend. It is during this time frame that Ross rents a low-rent apartment for the express purpose of growing magic mushrooms. When Ross takes his girlfriend to see his mushroom farm, he tells her that he plans to create a website to sell these illicit goodies online. His timing is not accidental; it coincides with the right technology underpinnings for this type of endeavor: the emergence of Bitcoin, an anonymous crypto-currency and TOR (aka: the onion router), an internet browser and global network infrastructure that anonymizes user and source IP identities.
As a demonstration of Ross’s intelligence and perseverance, Ross teaches himself software coding and launches his new website. He names his website after an ancient network of trade routes that connected the East and West from the Korean peninsula and Japan to the Mediterranean Sea: the Silk Road.
Of course, Ross has no idea whether anyone will even notice the Silk Road, so he takes the time to find related chat sites and post marketing references to the Silk Road to get the word out. Much to his surprise, the site’s popularity grows, and Ross is contacted by others who also want to sell illegal drugs via Silk Road. Over a short time frame, the Silk Road grows exponentially as hundreds of vendors join and use the website as a dark web drug bazaar. Revenue also escalates. Ross can’t believe it when site sales climb into the thousands of dollars per month, but it doesn’t take long before these numbers rise to millions of dollars per month.
Ross realizes that he can’t possibly maintain the Silk Road by himself, so he recruits a group of like-minded participants to help with software development, enhance security, and perform various administrative tasks. As the Silk Road transformed from a mom-and-pop website to an online drug superstore, Ross Ulbricht decided he needed a criminal alias. One of his criminal co-conspirators suggested that he call himself the Dread Pirate Roberts (DPR), a fictional character from the movie, The Princess Bride. In this film, many different people assume the identity of DPR, adding to the intrigue and power of the character. Ross immediately realizes that this model could apply to his role in the Silk Road as well. He could become DPR himself and then pass the identity to others when he decided to move on and return to the real world.
Thus, the Dread Pirate Roberts was born and just like in the movie, the character assumes mythical and sinister reputation – a ruthless pirate who heads an international drug market and rules his kingdom with an iron fist. Henceforth, Ross behaves like a syndicated crime boss, punishing those who get in his way while plotting his eventual getaway when the law catches up with him.
The success of the Silk Road remained hidden until June 2011, when the site was featured in a Gawker blog, labeling the Silk Road as an underground version of Amazon.com. This article effectively put a bull’s-eye on the Silk Road, first with U.S. Senator Chuck Schumer, D-N.Y., and then with the federal law enforcement community.
This brings me to the second thread throughout American Kingpin: the federal investigation that leads authorities to capture and convict DPR. It’s well-known that Ross Ulbricht was arrested in October 2013 and was convicted in 2015, but the details of the federal investigation beyond this were relatively obscure. Nick Belton does a great job researching and describing how the actual investigation played out. Far from the well-organized endgame, in this case, the investigations began when various law enforcement officers in the DEA, DHS, FBI, and IRS learned about the Silk Road and pursued their own separate investigations. This wide-ranging cast of characters used their own methods, followed their own leads, and had no idea that anyone else in federal law enforcement was pursuing a parallel inquiry.
Eventually, these unaffiliated individuals come together as an interdepartmental unit, and each group brings its own puzzle pieces to the overall case. This collaboration eventually leads to a breakthrough, and, while federal law enforcement eventually gets its man, some within the law enforcement community are exposed as profiteers who used the investigation to pad their own pockets. Human triumph and tragedy coalesce.
It is worth noting that, aside from telling two exciting stories, the style of this book is also compelling. Many cybersecurity books require a reader with patience and perseverance, willing to peruse long chapters chock full of cryptic acronyms and technical details – not American Kingpin. I estimate that the longest chapter in this book is no more than seven pages. This writing style makes the book easy to read and hard to put down. I spent hours on this book and read the whole thing in just over four days.
Like the last book I reviewed (The Dark Net), American Kingpin does not meet the Cybersecurity Canon definition of a “must read” book for all cybersecurity professionals. Notwithstanding the Cybersecurity Canon definition, I highly recommend American Kingpin to cybersecurity professionals looking to better understand the culture and tactics of the cybercrime underground, and how law enforcement investigates, pursues, and eventually finds cybercriminals at large. American Kingpin was an extremely entertaining book and a true “page turner.” For those reasons, curious cybersecurity professionals should put this book high on their reading list.
[Palo Alto Networks Research Center]