A joint sting operation by the U.S. and Europol shut down websites being used for illegal drugs and weapons sales. The massive operation shut down more than 400 sites, including Silk Road 2.0. Assistant Professor of Information Technology Doug Twitchell says the bust shows anonymous websites are not foolproof, and even technology cannot fix stupid.

Twitchell:

The new technologies that allow users to keep a computer’s address anonymous are advanced, but certainly not a panacea. They are not foolproof. And no matter how advanced the technology, this really just proves that the guys behind Silk Road are not all that good.

The routers they were using – known as The Onion Router or TOR – were based on ones developed by the U.S. Navy that would make it difficult to track a computer down by hiding its IP address. This can be used for good or bad. It can help dissents in oppressive countries get out messages without being arrested, or it can help drug dealers make their connections. It depends on how it is used.

In reality, it is really difficult to keep yourself entirely anonymous on the Internet. Even drug dealers need bank accounts and ways to transport their products. All these things can be tracked. And people in intelligence agencies understand what to look for.

Of course, like the people who were involved in the first Silk Road, it doesn’t help if you make mistakes, like posting to your named Facebook account from your anonymous computer, or using your real name to register online, or talking on online forums. In the case of Silk Road 2.0, intelligence agencies traced leads like these and sent in an undercover agent to gather evidence.

There is one thing that is true across the board: You can have really cool tools. You can have really secure tools. But alone, they are not going to solve your security problems.

Think about the recent Home Depot security breach that stole 53 million credit card numbers. To prevent a theft like this from self-check out registers it is not technologically difficult, but from an organizational standpoint, it is difficult to implement it the right way.

It’s not the technology that makes or breaks anonymity. It’s the day-to-day difficulty to ensure all goes right. That is the real challenge in cyber security.