Wednesday, October 2, 2013

Complaint Summary and How Silk Road Operator Got Caught

From a summary ob Silk Road chat board:
  • This has been a joint operation run the cybercrime squad within the FBI's New York field office. It involved the FBI, DEA, IRS and Homeland Security's investigative unit.
  • ---
  • It's unstated from when the investigation started, but they received a complete copy of the Silk Road web server on the 23rd of July 2013. This was all done under the Mutual Legal Assistance Treaty, which implies that they had access to current site information up until the point they shut the site down.
  • This included user account and transaction information. It's unclear whether or not this covers addresses and other sensitive transaction information.
  • **This also apparently covers at least 60 days worth of messages from the period where the site was copied.
  • From February 6, 2011 to July 23 2013, 9,519,664BTC was generated in sales, 614,305BTC going directly to DPR in the way of "commissions". This comes to a total of 1,229,465 transactions.
  • Based on the copy of the site which the FBI received, they believe DPR to have been the sole operator and owner of SR, handling all aspects of the site himself and delegating only user affairs to appointed moderators.
  • ---
  • In March of this year, a SR user/vendor called "FriendlyChemist" attempted to extort DPR via SR's private message system, providing proof that he had the names/addresses of thousands of vendors/users after having allegedly hacked a bigger vendor. He demanded $500,000USD, saying that he needed the money to pay off his supplier. DPR then stated that he wished to speak to FriendlyChemist's supplier.
  • A user called "redandwhite" then proceeded to contact DPR, stating that he was FriendlyChemist's supplier and also the owner of his debt. DPR then solicited redandwhite to "execute" FriendlyChemist, supplying redandwhite his full name and address. After having agreed on terms, DPR sent redandwhite approximately $150,000USD (1,670BTC) to have FriendlyChemist killed. redandwhite later provided photographic proof of the alleged murder.
  • Investigators could not find any record of somebody in that region being killed around that date or matching that description. This possibly implies that DPR was duped/scammed, but, DPR is also quoted as having told redandwhite the following: "Not long ago, I had a clean hit done for 80k."
  • ---
  • DPR has been identified as Ross William Ulbricht.
  • > "He is 29 years old, graduated from the University of Texas with a Bachelor of Science degree in Physics in 2006. From 2006 to 2010, he attended graduate school at the University of Pennsylvania School of Materials Science and Engineering."

Now, onto how he got caught...

  • An agent involved in the investigation ("Agent-1"), found the first few references to SR on the internet from somebody only identified as "altoid", attempting to promote the site in its beginning days, in January of 2011.
  • In October of the same year, a user also going by the name of "altoid" made a posting on Bitcoin Talk titled "a venture backed Bitcoin startup company", which directed interested users to "rossulbricht at gmail dot com".
  • That email address is what led to DPR's downfall.
  • ---
  • After identifying "altoid", they started connecting the "DPR" identity to Ulbricht pretty quickly.
  • Server logs show that someone logged onto the SR administration panel from San Fransisco around the same time that Ulbricht was staying in San Fransisco.
  • Multiple fake IDs were intercepted by U.S. Customs & Border Patrol while on their way to an address which Ulbricht was living at the time. These IDs all carried photos of Ulbricht but had false names and details. This was around the same time that DPR stated in a message that he was acquiring some fake IDs to buy new servers.
  • When questioned by Homeland Security about the fake IDs, he refused to answer any questions but then stated that anyone could purchase such things using "Silk Road" and "Tor".
  • The address which Ulbricht was staying at was being rented in cash and he was living with housemates who knew him under a name which corresponded with one of the fake IDs.
  • He posted on StackOverflow using his real name, inquiring about how to use curl/PHP to grab things off Tor, before quickly changing the name to "frosty" (with a fake email: frosty@frosty.com)

4 comments:

  1. This sounds bizarro to me. Assuming this guy is as he seems, it doesn't make sense that he would violate such a basic libertarian principle.

    Sounds like a setup to me. It is well known that .gov is well infiltrated into the domain.

    ReplyDelete
    Replies
    1. What libertarian principle is it that you think he violated? It seems to me that all he did was try to run an honest business in a totalitarian socialist country.

      Delete
    2. If he attempted to hire someone to hurt another person, such would appear to be a clear violation of the libertarian non-aggression principle.

      Delete
    3. Let's take the allegations at face value just for the sake of discussing theory. I'm fairly sure murdering people isn't very libertarian. Granted he was being blackmailed, but even the blackmailer is a libertarian hero according to Walter Block

      Delete