
He Got Greedy: How the U.S. Government Hunted Encryption Programmer Paul Le Roux - katiabachko
https://mastermind.atavist.com/he-got-greedy
======
nickpsecurity
Another great, fun write-up by Ratliff. I'm surprised by by a number of things
which I'll comment on in a disorganized way. :) One is how often Israeli
commandos turn up in these organizations. In parallel, there's their well-
known effectiveness plus the risk of Mossad connections that can burn you.
Mexican cartels, Colombian, Paul Le Roux... they all buy them up. Cheap, too.
I'd like to hear their logic on that.

That he was still producing 200kilos out of thin air was interesting.
Operations are still going somewhere with possibly millions moving. Either his
that are still running autonomously or others with him just having 3rd parties
that can pull a huge transaction at once.

His OPSEC sucks. I mean, I'm amazed that he didn't get caught earlier in some
unrelated investigation using his real name and emails on all kinds of shady
stuff. Many I know are too paranoid to do that thinking someone would connect
dots. He did it and nobody connected dots until piles of high risk crimes
added up with benefit of easy tracing. Even police said a little more
obfuscation would've thrown them. This means we've overestimated the police's
ability to connect dots on suspicious items. Just don't know how much.

Spamhaus says a quarter of stuff came from this company. I read much in
INFOSEC but never heard them connect it to something like this. Another "under
the radar" aspect that's amazing. Plus, owning a registrar for spam cover is
excellent example of subversion at protocol level.

$200-400 million a year could buy tons of INFOSEC and OPSEC. He could've
rebranded under a new company to move his name further from the transactions.
He could've potentially paid his Israelis to straight up break in and
steal/alter records. He could've dropped a few mil strategically in Brazil on
key people to spot legal and financial risks along with strats people use to
dodge or buy cops. Before he went there. Far as Liberian deal, he should've
sent one of his well-paid, experienced people to negotiate that. At his level,
he should never leave protection or associate himself with something that's
tainted. And when busted, getting immunity to flip is a rational option in his
situation but admitting to murders was just stupid.

How about "An arrogant way of living?" Haha.

~~~
ben_jones
I dunno. My personal opinion is that humans to some extent are innately good,
and that it's the broken ones who turn to crime. Furthermore it's the
EXTREMELY broken ones that become the crime lords etc. and those people often
have massive flaws in their character such as the arrogance you described.

Basically I don't think he could've ever accomplished what he did if he wasn't
arrogant and wreckless to his core.

~~~
tetrep
> ...it's the broken ones who turn to crime.

If law were derived from universal morals (heh...) then that might be
accurate. But due to the relatively arbitrariness of whether or not someone is
a criminal, especially with respect to the great variety of countries in which
virtually all of HN would be criminals for freely speaking about various
topics, I think it's a bit presumption and mean to call those who "turn to"
crime as broken.

Additionally, I would posit that many criminals are not "turning to" crime so
much as not "turning away." By that, I mean that crime is not sought out, but
rather the criminality of their actions is ignored, much like I presume the
mindset is of the majority of jaywalkers.

> Furthermore it's the EXTREMELY broken ones that become the crime lords etc.
> and those people often have massive flaws in their character such as the
> arrogance you described.

Once again, I take issue with the use of broken to describe someone's actions
simply on the basis that a group of people disagree with them. "Extremely
broken" implies some serious psychological issues, which are not at all
requisite for running an illegal enterprise. I would posit that many of the
people involved in controlling bootleg DVD sales or knockoff brand name goods
are in fact very normal and psychologically uninteresting.

I do agree with the assumption of arrogance, as much like politicians, the
drive to control on a grand scale typically requires a decent amount of ego,
it's incredibly difficult for an individual to exert control of an empire with
humility, although I think it's possible, it's just _very_ unlikely outside of
a very peaceful organization, which his was most certainly not. Violent groups
of people are difficult to control in a non-Machiavellian manner (I would
think impossible, but I haven't given it much thought) and I sincerely
disbelieve one could rule in such a manner without a decent ego.

~~~
drzaiusapelord
>If law were derived from universal morals (heh...) then that might be
accurate.

Well, there's a pretty big difference between "I shouldn't get arrested for
smoking pot" and "I shouldn't get arrested for murdering rival pot dealers."

Maybe western law is mostly derived from a sensible universal moralism with
certain exceptions. That doesn't mean that all criminality is rational or that
the OP's opinion that most criminals are irrational is wrong. For every Robin
Hood there's hundreds of thousands of street thugs. I think you're
overpleading the edge cases here. Many studies have shown your average
criminal to be a fairly messed up individual: mental illness, strong
personality faults, poor reasoning skills, poor executive control, poor
discipline, etc.

~~~
nickpsecurity
Alternatively, the law makes a distinction between types of harmful activity
that are legal and types that are illegal with interesting results. The kind
of very damaging activity smart, disciplined people do that ruins lives is
often legal. These are [Wall] street thugs. Then, there's other types of harm
the lesser people can pull off that are illegal. There's also stuff they do
that doesn't harm other people but is severely illegal.

So, I don't think there's an average criminal given the variety of crimes,
levels of harm, and criminals themselves. However, the average criminal on
drugs in my area is a working class person who poses no threat to society but
smokes weed on occasion. There's also a number of addicts who are similarly
not a threat but will receive long sentences. There's also thugs who range
from your description to well-educated people who say "screw being someone's b
__ __for minimum wage when I can be my own boss for $50k slinging this stuff!
" On thugs, similar predatory behavior as many business owners except their
type of harm is allowed and affects more people. Even when it's indirect
murder.

What's law and what's ethical isn't the same. The law can enforce evil, stop
good, and do arbitrary things hard to judge.

------
aws_ls
_" In the early days of RX Limited, employees purchased individual web domains
at public sellers like GoDaddy. Later, RX Limited spawned its own domain-
selling company, ABSystems—the equivalent of opening a printing press for web
addresses. But instead of selling those addresses to others, ABSystems
generated them by the thousands, virtually for free, exclusively for RX
Limited."_

This guy knew how to scale! Started/bought a domain registrar to generate the
so many spammy sites needed to sell all those drugs.

Another unrelated point. He found himself in a career crisis in 2002, and also
discovered he was adopted, which according to this series (and some Australian
media articles) disturbed him. And there are two distinct career paths before
and after it.

Although, I am filled with disgust at his actions, esp. he got people killed.
But it also stuns me the amount of "progress" he did in a span of less than a
decade from 2002 (assuming by 2011 he was done with it, sort of).

~~~
nickbauman
I real-life _Breaking Bad_ story.

~~~
noir_lord
Would make a hell of a film, they'd inevitably screw up the technical accuracy
on the computer side unless we could get the Mr Robot director on-board.

------
hackuser
_Halfway to the airport, however, Le Roux switched tactics, said Stouch. “He
just essentially said he was no longer going to resist and that he would
cooperate with our commands.” According to the DEA, Le Roux waived his Miranda
rights somewhere over the Atlantic and agreed to tell them everything he
knew._

What miraculous luck that such a thing would happen, purely of his own free
will.

~~~
TazeTSchnitzel
Sure, but I would imagine that in such a situation it would be quite rational
to choose to coöperate.

~~~
nxzero
Please explain.

~~~
TazeTSchnitzel
If they know what you're up to and you don't coöperate you still end up behind
bars or executed. If you do coöperate, they might let you off the hook
somewhat.

~~~
nxzero
Understand, but no, even law enforcement, military, etc. are trained to never
say anything; this isn't just to protect the greater good either, don't do it.

------
allenbrunson
hacker news is not cool with link shorteners. most link shorteners (bit.ly, et
al) are banned here. chances are good that the only reason this particular
shortener isn't banned yet is because dang is not aware of it. should be
replaced with this article's true url:

[https://mastermind.atavist.com/he-got-
greedy](https://mastermind.atavist.com/he-got-greedy)

~~~
Afforess
Is it really a link-shortener or just atavist providing a short perma-link?
'atav.st' == atavist.com?

~~~
allenbrunson
it doesn't make any difference, if you think about why hacker news bans link
shorteners: there should be one, and ONLY one, canonical URL for every
article. if you allow two or more, then there is essentially no way to detect
duplicate submissions. so i can pretty much guarantee that it is just a matter
of time until atav.st is banned here.

~~~
witty_username
> essentially no way to detect duplicate submissions

No, the shortened URL can be followed.

~~~
allenbrunson
... and once it is followed, it is the true URL that should be displayed,
because it contains more useful information for the end user, like the true
domain where the article resides, instead of the alphabet soup you get with
link shorteners. which, again, is why link shorteners are banned here.

i probably shouldn't engage in arguing pointless minutiae like this. i will
refrain after this one.

~~~
carboncopy
I think it's good to discuss HN social norms when it's appropriate. Your
comment added to the discussion.

------
c6bb950be
This is a very interesting story

~~~
karambahh
Edited to protect parent's privacy

~~~
brotherjerky
I assume the original comment you wrote was edited, because this reply makes
no sense otherwise.

------
fweespee_ch
> “He got greedy,” Jody continued. “He probably could have closed up shop in
> 2006 or 2007, been a rich millionaire, and never have been investigated at
> all.”

This does seem to be a common thread with highly skilled and intelligent
criminals. Their pride convinces them they can keep going when the truth is it
is time to pull the ripcord years before they got caught and walk away with
all the wealth a person would ever need to live happily ever after.

~~~
roel_v
It's the common thread _among those that get caught_. What's to say how many
there are that do retire as millionaires before getting caught?

~~~
alexandrerond
And those who don't retire and don't get caught too. Tbh, looking at the how
long he lasted heading a global organization and his exploits, it seems not
too unlikely that others can just pull it off.

------
SEJeff
Another absolutely fantastic article on this same guy:

[https://mastermind.atavist.com/he-always-had-a-dark-
side](https://mastermind.atavist.com/he-always-had-a-dark-side)

~~~
lpbonenfant
they're all part of the same series of articles.

------
nxzero
Weight of 342 bars of gold would be 4255-kg (9381-lb)...

...find it hard to believe the carrying capacity of an average taxi would
support this.

~~~
21
In Hong Kong 1 kilo bars are very popular.

From the article:

acquired $30 million in one-kilogram gold bars from Metalor Technologies

~~~
nxzero
I have one-kilo as being 35.27-ounces - and an ounce of gold costing roughly
$1000 USD. If true, 30 million worth of gold in one-kilo bars would be 850
bars; meaning a lot appear to be missing.

Also, 342 one-kilo bars at $1000 USD an once appears to be worth $1.2 million,
not $2 million.

Possible math/logic is flawed, or I'm missing something, but often found
people say numbers that if hashed out don't add up.

~~~
awqrre
Could be 342 bars of different weights... you can buy a 1 gram bar for
example... possibly can buy bars of >1kg too. I know I would do it this way to
make later trading easier.

~~~
nxzero
It "could" be a sign of factually conflicts, a lack of fact checking, etc.

Just pointing it out, maybe the author will add some clarification; since I
assume the did fact checking based on their mentioning that the did on
sources, evidence, etc.

------
altotrees
So excited to red this installment. So far, this series has been fantastic. I
had no idea who Le Roux was three weeks ago, let alone his shadowy background
and connection to tools I have used in the past.

Thank you for the great work.

------
DyslexicAtheist
"... Then the arms ship MV Captain Ufuk was intercepted off the coast, Sol
told me, the DEA “knew that Le Roux was behind that shipment right away.
Because La Plata Trading and Red White and Blue Arms”—companies tied to the
shipment—“connected back to ABSystems, and the websites were registered to
him. ...”*

quite poor opsec skills obviously not as tech savy as they painted him

------
dates
YES my lunch break is going to rule, reading this. i love this series so far!

------
Swinx43
This has been a fantastic series of articles! I absolutely love this. Evan
Ratliff is simply a superb writer in long form journalism.

------
danso
I'm assuming that this submission's headline differs from the original ("He
Got Greedy") to make it more useful for HN readers...but I wish it were how
other reputable news sites, such as The Washington Post, constructed their
linkbaity headlines: `the-short-answer: the linkbait phrase`

As a reader, it makes me no-less interested in the content.

~~~
dredmorbius
If your story's so weak that disclosing basic who / what / where information
in the headline kills its value, you don't have a story.

Drives me nuts.

[https://plus.google.com/104092656004159577193/posts/7juQbQ5B...](https://plus.google.com/104092656004159577193/posts/7juQbQ5B45X)

------
ericjang
Among the most closely-guarded troves of knowledge in the world are those
pertaining to organized crime. This stuff is so dramatic and interesting
because it is sort of "forbidden knowledge".

I have high hopes for Quora (one of the YC portfolio companies) because they
are trying to make accessible this sort of locked-up knowledge.

~~~
th0ma5
Well, to continue reading, you'll have to log in, however.

~~~
ericjang
I can understand how some are uncomfortable with that, but it's not a big
deterrent for me (and I suspect most users). There's really some good stuff
there.

------
smellf
Is this the same Paul Le Roux who wrote the original software that TrueCrypt
was based on?

[https://en.wikipedia.org/wiki/E4M](https://en.wikipedia.org/wiki/E4M)

~~~
cbHXBY1D
Yes. This is the fifth installment of the series investigating his life. The
other episodes mention how his code inspired TrueCrypt.

The title for this submission should really have done a better job at
explaining this is a series.

~~~
katiabachko
The final episode here: [https://mastermind.atavist.com/the-next-big-
deal](https://mastermind.atavist.com/the-next-big-deal)

------
rpgmaker
Does anyone know if this is the last installment or how many there will be?

~~~
katiabachko
There'll be seven in total. So, two more.

------
unixhero
Yesssss i have been waiting hard for the next part of the story. Ut's totally
riveting.

I would pay for more of this!!! [And or for future investigative journalism of
this incredible scope]

------
bronz
I am fascinated by TruCrypt and Bitcoin -- they had a very big impact on the
world but their authors are completely unknown. Are there any other instances
of things like that?

~~~
undefined0
Did you read the previous articles? Allegedly Paul Le Roux created TrueCrypt
(because a domain name is linked to him or something like that). Even if he
didn't create TrueCrypt, he definitely created the pre-forked version of it
(which he was open about).

It's got me curious as to whether Satoshi was really motivated by being anti-
bailout or whether he created it for his own operations just as Paul allegedly
created TrueCrypt for his.

------
arprocter
Something which confuses me about the pharma sites is that most of the pills
being sold seem pretty obscure, yet they clearly managed to earn a fortune

~~~
55555
[https://www.usenix.org/system/files/conference/usenixsecurit...](https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final204.pdf)

~~~
arprocter
"Approximately 100 pharmacies across the country were using that same account
number. All of them were predominantly shipping the same three drugs:
Fioricet, Ultram, and Soma"

Your article says the Russian sites mostly sold ED pills, which makes more
sense to me, but it seems like Le Roux wasn't in that racket.

Maybe I'm just not up to speed on prescription meds, but I would've guessed
people would go for recognized things like Vicodin etc. over random muscle
relaxers

------
viral_krieger
I wonder why he was so willing to talk.

~~~
ljf
So that he couldn't be prosecuted for the other crimes he committed. Once he
admitted to this main crime they knew about, they said they wouldn't charge
him with further crimes.

------
Taylor_OD
I love this series thus far. So interesting.

------
johnmoore
That story would make a class movie.

------
johnmoore
When is the movie lol

------
cornchips
Altgeld Garden Drug Co was in the middle of an interesting location... One of
two registered... Altgeld Gardens is one of "Chicago Housing Authority’s
largest housing development."

\---

Altgeld Garden Drug Co., Chicago – pharmacy license (054-003512) revoked and
Erskine A. Cartwright III, Chicago – pharmacist license (051-033091) suspended
for 30 days followed by probation for two years after information came to the
Department's attention that from on or about the Fall of 2006 continuing to on
or about the summer of 2007, the pharmacy dispensed a substantial quantity of
prescription drugs, including controlled substances, pursuant to orders
received electronically issued by physicians for patients who are alleged to
have ordered the drugs via the internet. Additionally, the Department was not
notified 30 days in advance of the pharmacy's closing. [1]

\----

Street Address: 912 e 131st st, EVERGREEN PARK, Il 60805, US Website Address:
RXINFODEPOT.COM^^VIAGRACHEAP.COM Company Email: gamble8@msn.com [2]

Now a thrift store: st vincent de paul... Le Roux :-P

\---

email above is associated with C-21 Dabbs & Associates [3]

maps:
[https://www.google.com/maps/@41.607956,-87.8476405,3a,50.4y,...](https://www.google.com/maps/@41.607956,-87.8476405,3a,50.4y,88.19h,77.68t/data=!3m6!1e1!3m4!1s55dlJbV4C59beOXaBWsY7g!2e0!7i13312!8i6656!6m1!1e1)

\----

"Mr. Erskine A. Cartwright entered into rest on Sunday, February 23, 2014" [4]

\---

The other registered location is 974 East 133rd St [5]

\---

re c21 dabbs president - Karen Capriotti, Richton Park – real estate managing
broker license (471-015345) automatically revoked for violating the terms of a
non-disciplinary order issued by the Department on April 8, 2013. [6]

\---

Erskine A. Cartwright, contributor of excellence to the Xavier University [7]

\---

disciplined in 2011

Probation 01/01/2012 12/31/2013 after information came to Department's
attention indicating that from on or about the Fall of 2006 and continuing
until on or about the Summer of 2007, the pharmacy dispensed a substantial
quantity of prescription drugs, including controlled substances, p ursuant to
orders received electronically issued by physiicans for patients who are
alleged to have ordered the drugs via the internet; the Department was not
notified 30 days in advance of the pharmacy's closing.

Suspension 12/01/2011 12/31/2011 after information came to Department's
attention indicating that from on or about the Fall of 2006 and continuing
until on or about the Summer of 2007, the pharmacy dispensed a substantial
quantity of prescription drugs, including controlled substances, p ursuant to
orders received electronically issued by physiicans for patients who are
alleged to have ordered the drugs via the internet; the Department was not
notified 30 days in advance of the pharmacy's closing. [8]

\---

This just keeps on going.. He was married to Maggie Bell Cheatham Cartwright,
mayor of the city of Keysville: [http://augustafuneralnotices.com/wp-
content/uploads/2014/03/...](http://augustafuneralnotices.com/wp-
content/uploads/2014/03/Erskine-Cartwright-.pdf)

\---

1
[https://www.idfpr.com/Forms/DISCPLN/1112_dis.pdf](https://www.idfpr.com/Forms/DISCPLN/1112_dis.pdf)

2 [http://www.subiz.us/biz-il-58953.html](http://www.subiz.us/biz-
il-58953.html)

3 [http://illinois.cevo.us/company/c-21-dabbs-s-
associates.html](http://illinois.cevo.us/company/c-21-dabbs-s-associates.html)

4
[http://www.legacy.com/obituaries/augustachronicle/obituary.a...](http://www.legacy.com/obituaries/augustachronicle/obituary.aspx?pid=169870252)

5 [http://www.manta.com/c/mm7dlxl/altgeld-gardens-drug-
co](http://www.manta.com/c/mm7dlxl/altgeld-gardens-drug-co)

6
[https://www.idfpr.com/forms/discpln/2013_09dis.pdf](https://www.idfpr.com/forms/discpln/2013_09dis.pdf)

7
[http://www.xula.edu/mediarelations/XUGold_Summer2011.pdf](http://www.xula.edu/mediarelations/XUGold_Summer2011.pdf)

8 [https://www.idfpr.com](https://www.idfpr.com)

------
venomsnake
One of the things that annoys me about the series is we read only anout his
botched stuff. None of the successes. He does not look like that big of a
fish.

