
Did Stack Exchange staff members assist in the apprehension of Ross Ulbricht? - codezero
http://meta.stackoverflow.com/questions/199353/did-the-stack-exchange-staff-members-assist-in-the-apprehension-of-ross-ulbricht
======
kevinpet
Can we please not get distracted by police investigating criminal activity
acting within the bounds of individualize specific suspicion of a crime and
keep things concentrated on warrantless wiretapping and wholesale
surveillance?

~~~
IvyMike
The question (probably unanswerable) that fascinates me is: Did the
authorities find DPR by analyzing Tor network traffic, or by some other means?
The Tor network being ineffective has wide-reaching ramifications.

I know the evidence has presented to make us think they found him via a series
of mistakes, but the existence of parallel construction makes me question
everything.

------
sneak
This just in: absolutely no strangers (save statistically insignificant
outliers like Nacchio) will go to jail to protect your data during a police
investigation - nor should they.

Plan accordingly.

~~~
kylemaxwell
So on one hand, we have the execution of a warrant or subpoena that is
narrowly written, specific and reasonable, based on probable cause, and signed
by a judge.

On the other hand, we have recently seen much greater evidence about the
wholesale surveillance of society under secret law and apparently not
accountable in any practical sense to oversight.

The first is normal and appropriate and well within the bounds of civil
liberties guaranteed by Fourth Amendment. The second is highly problematic -
but one doesn't necessarily lead to the other. Our civil liberties and civil
rights have always been subject to appropriate exceptions. The problem is when
those exceptions become so broad as to render the freedoms ineffective, not
that they exist at all.

~~~
rodgerd
Unfortunately the Dunning-Krugerrand crowd seem determined to try to conflate
what seems to be a fairly legitimate piece of police work[1] with the
Orwellian surveillance state.

[1] Well, obviously one can disagree about the criminalisation of recreational
drugs, but they are, so the cops are working within their brief.

~~~
sneak
While that remains a particularly amazing insult, perhaps it is in fact you
who have conflated libertarians with minarchists?

Not all of us, gold/bitcoin stash or no, accept that police are a necessary
part of society.

Given that one part of society (the state) has historically demonstrated that
it will expand to fill any and all available opportunities to exert
destructive power over others, it doesn't make much sense to grant them a
monopoly on the opportunity to use violence to uphold the law.

Laws, we need. Cops, we don't. The NSA has nothing to do with it.

TL;DR: Fuck the police.

------
anfedorov
_Some press on this case implies that the FBI found this person from his
activity our site. I can 't disprove that, but it is much more likely that
they found him through other means, and then tracked his activity on various
sites to build enough evidence for an arrest, indictment, etc._

Anyone care to speculate how they found him?

~~~
logn
The NSA et al. know everything. It's just a matter of whether they can figure
it out again using legal investigative techniques. I imagine it like the
solutions in the back of a math textbook. I'm given the answer but I won't get
credit for answering them correctly unless I can actually list every step in
deriving the solution. See the recent news stories on NSA-DEA parallel
reconstruction.

Specifically to your question, I'd guess they run a large number of Tor exit
nodes and from there it was fairly simple to see exactly who was doing what.

Also it's come out recently in the Guardian, the NSA can backdoor machines
through special servers running man-in-the-middle attacks.

Basically, the Internet (and planet Earth too) is not secure, so trying to
pull off a large-scale crime is kind of foolish.

~~~
krapp
>The NSA et al. know everything.

Parallel construction doesn't actually imply that the NSA is omniscient and
that the entire rest of the American justice system is a charade meant to mask
its power from the muggles. The NSA doesn't know everything. They don't see
everything. They don't whisper words of power into the ears of every
prosecutor, and a dark man smoking a cigarette doesn't appear from out of the
shadows with fabricated evidence for the Department of Justice and a dossier
from ten minutes into the future every time a hacker opens their browser.

It gets mentioned every time a post comes up involving court case or arrest,
and it's quite honestly as useless a form of speculation as suggesting divine
intervention as a first cause in science. Assuming too much power on the part
of the NSA (and by extension, that _no other methods_ used by any other bureau
or department are effective except as a smokescreen) is as dangerous as
dismissing them entirely.

~~~
logn
My 'know everything' comment was a slight exaggeration for effect. I didn't
say they fabricate evidence (you said that) or that they divulge their secrets
to every prosecutor (those are your words, portrayed as mine).

You have a good point though that maybe my comment is not constructive. I
don't wish for this to become a cliche response on HN that it 'must have been
the NSA' but we must acknowledge that they posses powers of surveillance the
world has never before seen (except if you believe in God... however, we
actually have architecture diagrams and proof of the NSA technology... not
just 'The Book of Edward').

But yeah, it's dangerous to dismiss the NSA entirely and dangerous to make it
a given they're more powerful than they are. However, given their secrecy,
that's all a fairly expected situation for us.

~~~
krapp
Fair enough, I admit I was extrapolating from a number of comments i've seen,
and I shouldn't have implied things in your comment that, you're right,
weren't there.

------
mjmsmith
_This happens very, very rarely. I have more than enough fingers to count the
times this has occurred since I started working here a year and a half ago. I
wouldn 't need a single toe, and I'm pretty sure I wouldn't need both hands._

I'm not sure that I would call multiple times a year "very, very rarely".

~~~
benaiah
For a site that large and well-visited, with almost entirely user-generated
content, all of which are on technical problems many of which could involve
illegal activity?

I'd agree that that's very, very rarely.

------
turboroot
It's interesting to note from page 30 of the criminal complaint, StackOverflow
was able to record "Ulbricht [changing] his registration email [...] to
'frosty@frosty.com'".

Why do sites like StackOverflow keep audit logs of your account information?

~~~
baudehlo
More likely historical database backups

~~~
pstack
Actually, it's almost certainly as the other person stated - for
administrative moderation purposes. There is no other purpose to maintaining
historical backups of this sort of data. Especially not when that costs money.

When I built a site that existed for a very long time, was very popular, and
involved monetary transactions, I had to track nearly everything. IP
addresses, address changes, email changes. Everything I could think of. This
was then utilized when I suspected someone of fraudulent behavior. I could
pull up an administrative screen that compared data in an archive copy (where
I dumped the older information for just this purpose and to specifically keep
it inaccessible to the outside world for user security purposes). With that, I
could see whether several users were actually the SAME user. I even tracked
things like user-agent string and detected screen resolution.

A lot of pieces of data can come together to provide more than circumstantial
evidence that someone is shilling, trying to feedback-bomb another user, and
so on. Enough correlated points of data can confirm suspicions like this.
You'd be surprised how many people use an email address for one account,
change that address, then create a second account with the email address they
used to have on the first account and then use the second address to drive up
the value of their stuff by shill-bidding against another user on their own
item.

~~~
kmontrose
Don't forget user support. It's not all that uncommon for someone to forget
their account, lose a password, or an email address. Circumstantial evidence
can support ownership of the account, and let us fix things for them.

There are also errors on our end like account merge bugs, moderation mistakes,
dropped/flagged/whatever recovery emails, and so on. Keeping additional
historical data can help us recover in those cases.

If you're smart about what you track it's not that much data; we record most
changes to user records into a history table (likewise, and for the same
reasons on post records). Keeping traffic logs around and queryable forever
_would_ be really, really expensive though. We keep some around, but only
really recent stuff is easy to query (about 2 days) since that tends to be
what's needed when reproducing bugs. I don't even think we have _all_ traffic
history, and old stuff would require digging a tape out (if we even move those
to tape like we do with DB backups, I honestly don't know; it's never come
up).

Moderation is a good reason to keep lots of data around, you're right, but
it's not the only one.

Disclaimer: Stack Exchange, Inc. employee.

------
microcolonel
"This happens very, very rarely. I have more than enough fingers to count the
times this has occurred since I started working here a year and a half ago. I
wouldn't need a single toe, and I'm pretty sure I wouldn't need both hands."

Pfft, he's counting in ternary.

------
benologist
Almost as contrived as the crap all over Quora.

~~~
logn
Not sure I agree or get your point. Seems like he's doing the best he can to
explain what happened without being taken to a secret prison.

My guess is they've gotten one request from the NSA ('give us all your data
for everyone... otherwise we will just tap into your fiber lines at ISPs') and
one from the FBI ('we are doing some parallel re-construction and it says here
we have a warrant for a user by the name of Frosty').

I'm just surprised an admin on the site didn't close the Q&A as non-
constructive and speculative :)

~~~
nullc
> Seems like he's doing the best he can to explain what happened without being
> taken to a secret prison.

National security letters are only supposed to be used for national security,
not random drug busts. If they used an NSL it was unlawful.

If this was just a sealed request it should be open now that the indictment
has been handed down. If it was reasonable and lawful they should be asking
for it to be unsealed and the request should be granted.

