
Undercover Agent Reveals How He Helped the FBI Trap Silk Road’s Ross Ulbricht - MichaelAO
http://www.wired.com/2015/01/silk-road-trial-undercover-dhs-fbi-trap-ross-ulbricht
======
chippy
What really interests me is how they located him. The article says they had
very many compromised seller/vendor accounts, and it says that crucially they
had an IRS agents help also.

So, to me, this implies that they were able to get all the customer
information from the compromised vendors about their transactions over the
years, their names and addresses and goods sold... and via the IRS, access to
customers bank accounts, money in an out.

That might well be enough to get a list of potential targets. I wonder if they
might be able to use bitcoin data also?

~~~
wavefunction
Pretty sure the financial information would have come from the NSA's
surveillance of financial institutions.[1] They are tracking global bank
transactions and the IRS doesn't necessarily have the juice to get info from
other countries.

[1][http://motherboard.vice.com/blog/the-nsa-spied-on-credit-
car...](http://motherboard.vice.com/blog/the-nsa-spied-on-credit-cards-and-
bank-transactions)

------
tlrobinson
_“[The Dread Pirate Roberts] is someone who studiously avoided revealing his
identity to anyone on the site…This same person goes to a public library and
uses a public Wifi connection?” Dratel asked the jury. “That Ross is DPR is a
contradiction so fundamental that it defies common sense.”_

I guess they're hoping the jury and prosecutors don't know what a VPN is, or,
you know, Tor...

~~~
brohee
I'm almost sorry for him if that's the best lawyer he could get...

~~~
coldcode
Dread Lawyer Roberts.

~~~
jayess
Lawyers have to deal with the client they're handed. If the client doesn't
want to plea, you have to do your best.

------
AndrewKemendo
Based on this account it sounds like pretty standard LE work. It doesn't look
like they did anything all that funky or had to go find an obscure agent. That
tells me that Ulbricht wasn't that security conscious.

I would have expected that someone in a high position in the most well known
deep web marketplace would have had better defense in depth.

~~~
halviti
This differs from stories that I've heard, like how they used a plainclothes
female agent yelling at him to throw him off so they could grab his laptop.

[http://www.rollingstone.com/culture/news/dead-end-on-silk-
ro...](http://www.rollingstone.com/culture/news/dead-end-on-silk-road-
internet-crime-kingpin-ross-ulbrichts-big-fall-20140204)

Why leave out these details, I wonder? It makes for a much better story.

Also, this article leaves out all of the details on how they found him.
Presumably the FBI found the server from the unsecured captcha page... but
these claims have been shown to be false

[http://krebsonsecurity.com/2014/10/silk-road-lawyers-poke-
ho...](http://krebsonsecurity.com/2014/10/silk-road-lawyers-poke-holes-in-
fbis-story/)

Which still leaves everyone wondering how the FBI legally found the server in
the first place.

This is the part of the story that I would like to see more about.

~~~
drzaiusapelord
I guess its in the FBI's interest to not reveal their novel tactics. I imagine
a lot of LE "hacking" is social engineering tricks like stealing laptops. Why
try to crack crypto and deal with overseas servers when you can just
physically grab data.

I've also read about a lot of these dotcom criminals suddenly getting an
entourage of female admirers. Seems like a perfect way to place a female agent
to flirt out his secrets. The INTJ male is impressive in his technical ability
but is a complete nightmare socially. LE knows this and exploits it.

> IP the government visited wasn’t providing the CAPTCHA, but instead a
> PHPMyAdmin interface

Ulbricht from a technical perspective seems pretty unimpressive as well. Looks
like he had some basic sysadmin and business skills but may not have really
understood netsec on a high enough level to protect SR from LE. phpmyadmin
open to the world? Even using phpmyadmin on a secure server is a very poor
practice. Those are major amateur moves. Who knows how many other amateur
moves he made.

------
PhantomGremlin
Really important hint for those young sociopaths that aspire to be the next
DPR. It's something I read in a book about 40 years ago:

    
    
       Don't fuck with the Eagle
    

What this means is you should maintain a low profile. Silk Road was anything
but low profile. It was more like waving a red flag at a bull. E.g. from the
Wiki article on Silk Road:

    
    
       Once the site was known publicly, U.S. Senator
       Charles Schumer asked federal law enforcement
       authorities such as the DEA and Department of
       Justice to shut down the website.
    

"The Eagle" aka the US Federal government has almost unlimited resources. Even
if you don't attract the ire of a grandstanding Senator, you might happen to
attract the attention of a bureaucrat who wants a promotion. You will be
vastly outnumbered. E.g. from the article:

    
    
       Deryeghiayan and a half dozen
       FBI agents surveilled Ulbricht
    

That's just a small glimpse of the resources deployed against him. There were
doubtlessly other FBI agents, supervisors, prosecutors, the DEA, definitely
the IRS, probably the NSA.

I know that when you're young and naive, it's easy to think you're the
smartest guy in the room. And you may well be. But you probably won't be
smarter than the collective intelligence of a national government.

------
driverdan
One of the important privacy implications this highlights is online status.
Anything that shows your current status (online, offline, on phone, etc) is a
privacy issue. Someone can easily track when you log into IRC, when you're
marked as online / offline on various messaging platforms (Gtalk, AIM, FB
Messages, etc) and use it against you.

~~~
schoen
Particularly if they can observe your physical whereabouts or your Internet
traffic to correlate it against the presence indication.

There is a privacy-preserving presence protocol from the creators of OTR:

[http://cacr.uwaterloo.ca/techreports/2014/cacr2014-10.pdf](http://cacr.uwaterloo.ca/techreports/2014/cacr2014-10.pdf)

The main limitations are that it adds a delay to presence updates, it requires
users to store their own buddy lists (basically in the same way as and for the
same reasons as they store their own private cryptographic keys), and it
doesn't help if one of your contacts is using their access to your presence
information to attack you.

------
julianj
They snatched the PC first. Sounds like there's a need for a kind of 'dead
man's switch' to protect PCs from being snatched like this by anyone.

------
prospiracy
Title should read: FBI reveals latest fabricated parallel construction story

~~~
nemo
I feel like you didn't actually read the article. They were describing some
pretty standard LE work where there's no meaningful sense of they phrase
"parallel construction" that could really apply.

~~~
tptacek
I agree in spirit that allegations about NSA involvement are conspiracy-
theoretic, but the idea behind parallel construction is to create a "hint
book" to start standard LE techniques off in the right place. You wouldn't see
any indications of parallel construction in a competently run investigation.

Of course: the claim is non-falsifiable; in the airless vacuum of a message
board, you could just as productively argue that the Grey Aliens tipped the
FBI off.

~~~
nemo
The allegations of NSA involvement were regarding things that the article
didn't discuss so far as I can tell.

They weren't talking about how the server's IP/location was found, they were
talking about physically following the guy to the library and nailing him with
his laptop open while he was chatting with an informant in an SR admin panel.
There's no meaningful role I could see the NSA playing in that particular
scene even if there's a question about how the Feds. reached the point of
identifying him. They appear to have had a number of angles that they used to
nail him physically, rather than the single point of revelation through the
server, where some of those angles don't look like parallel constructions on
their face (Post Office finding fake ids, IRS investigation, etc.).

