
The Bonehead Mistake That Brought Down an Online Drug-Dealing Empire - doh
http://www.slate.com/blogs/future_tense/2013/10/02/silk_road_s_dread_pirate_ross_ulbricht_asked_stack_overflow_question_under.html
======
itafroma
Funnily enough, I think it may have been Stack Exchange's (SE) somewhat
unintuitive registration procedure that did him in.

Stack Overflow requires an OpenID identity in order to ask questions: you
cannot sign up without one (though SE now provides their own you can sign up
for). You could easily set up your own (and it's surprising that Ulbricht did
not), but you could also use any number of providers (e.g., Facebook and
Google) that ostensibly know your real name.

When you link your OpenID to SE, SE automatically fills in your name with
whatever your OpenID provider has on file. I believe this is where Stack
Overflow got his real name from initially. He probably didn't realize this
would happen and when he saw that it did, he quickly changed his Stack
Overflow profile to the "frosty" moniker.

Though it was absolutely boneheaded (possibly with a fair amount of hubris
that he'd never get caught) to have an OpenID identity somewhere with his real
name and then use it on an untrusted (to him) third-party site, had the SE
login page indicated that it would pull information from his OpenID identity
to create his SE profile or emphasized creating an account with SE over
logging in with OpenID, he might not have had his name leak in this manner.

~~~
kmontrose
There would have been an interstitial page mentioning that his email was being
given to Stack Exchange by his OpenID provider.

Depending on when exactly when he registered, there may have been (and now
always is, when using a third party login iirc) another page on the Stack
Overflow side that confirms new account creation and again displays the
provided email.

Basically, he clicked through at least one "sending personally identifiable
information, are you sure?" page. Maybe more than one.

Disclaimer: Stack Exchange Inc. employee, I've done some work on our user
login stuff in the past.

~~~
fabian2k
As I understand the parent post it is not about the email that is shared, but
it asserts that the real name from the OpenID provider is used as the publicly
visible user name on SO. I don't think this is accurate, but I can't see the
internals.

The mail address is not problematic anyway in my opinion, as it is not
publicly shown on SO.

~~~
kmontrose
What I was pointing out was that there was a confirmation of some sort
presented to the user that indicating _something_ that personally identified
them was being shared.

Stack Overflow does take a "full name" (in OpenID attribute exchange terms) as
a user name if provided by an OpenID provider, though we explicitly don't
demand it (it is not "required" in AX terms). Exactly how a provider deals
with "optional" attribute requests is up to them, in practice I think most
everyone ignores it unless it's also public information on their service (ie.
full name == user name).

Offhand I want to say Facebook is the only login option used by > 5% of our
users that provides a name. I did not actually confirm that by testing, just
working from memory.

You are correct in that Stack Overflow never displays user emails during
normal operation, excepting employees and moderators (who are bound to an
agreement before accessing such information:
[http://stackoverflow.com/legal/moderator-
agreement](http://stackoverflow.com/legal/moderator-agreement) ).

Disclaimer: Stack Exchange Inc. employee

------
jrochkind1
I am really dubious that this is really what brought him down.

Do you think they really investigated everyone they could find that ever asked
a public question about Tor hidden services?

If not, what role do you think this evidence played in the investigation? They
suspected a few people, but then when they found that one of them had asked
this question, and then investigated him more deeply? That seems kinda
unlikely to me too.

And of course, the lone fact of asking such a question on StackOverflow is not
(yet) enough to indict or arrest someone in America.

They included this piece in their list of evidence, sure; they included it in
their press release, for sure, it makes good press (because it's more
understandable than most of their stuff, and because it makes them look good).

But I suspect it's really a case of "parallel construction"[1] -- they found
this piece of evidence long after they had identified him, in part due to NSA
information, but are just pretending it's what tipped them off.

[1] [https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-
intel...](https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-
laundering)

~~~
citricsquid
This is not what brought him down, it was just a nail in the coffin. The FBI
did the fairly straight forward thing:

1\. Look for the oldest mentions of SilkRoad 2. Investigate the people talking
about SilkRoad before it was established... that's all they had to do, he
publicly outed his identity on bitcointalk.org, This article isn't very
good...

------
ChrisAntaki
Sounds like parallel construction. [https://www.eff.org/deeplinks/2013/08/dea-
and-nsa-team-intel...](https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-
intelligence-laundering)

~~~
rayiner
What about it sounds like parallel construction?

~~~
axus
The part where they connected his new StackExchange username to information
they pulled from the machine image of Silk Road they'd already made in July.

Finding the machine and busting the VPN that connected to it were the real
ways they tracked him down. Oh, and of course the Customs and Border patrol
seizure of the forged documents he ordered, during a "routine inspection".

------
nostromo
I don't understand the arrest.

The FBI isn't dumb. They know that 10 SilkRoads will popup in the vacuum they
just created. And those new marketplaces won't make the same mistakes SilkRoad
just made.

Once they found the server, they had an all-access pass to the most popular
black market in modern history. They could just sit back and make bust after
bust after bust...

But instead, they exchanged their Palantir for a single arrest of a 20
something San Francisco nerd.

~~~
smacktoward
Nah. Cops and prosecutors want the big fish, not the little fishes. The little
fishes will always exist, but the harder and more expensive it is to build a
place for them to get together, the less likely it is that they'll find places
to make their illegal transactions. (Not to mention that big fish make for
splashier prosecutions and faster promotions. DAs build a platform from which
they can spring into a political career from by nailing big names, not
nobodies.)

It's the same reason why they offer plea bargains to low-level drug dealers if
they'll give up the people above them in the supply chain: it does more damage
to the overall network to take out the one person it all hinges on than to
take out lots of people out at the fringes. The network has to reconstitute
itself, which is slow and expensive.

~~~
jobu
_" Not to mention that big fish make for splashier prosecutions and faster
promotions."_

You hit the nail on the head there. Nabbing the "Dread Pirate Roberts" is
definitely a career making move for any moderately ambitious investigator or
district attorney.

------
MrBuddyCasino
Wait - he posted something about php, curl and tor on StackOverflow, using -
for less than one minute - his real name? And that is supposed to link to the
operator of Silk Road?

I don't know about you, but that seems very far fetched to me. Also, it
indicates that SO saves all changes made to a user profile, forever, which I
think is a bit unusual.

However, if thy caught the right guy, hats off to the prosecutors for making
the link.

~~~
ceejayoz
That's only one of many pieces of evidence they found, if you read the
original complaint. It helps _corroborate_ other pieces, too.

------
Sprint
> According to the criminal complaint, Ulbricht posted the question using his
> own real name. Less than one minute later, he changed his username to
> “frosty.”

How was it know then? Did they record the traffic and see it there? Did SO
tell them?

~~~
mmanfrin
I'd imaging they began with the 'frosty' name, which led to SO, which lead to
a subpoena, which got them logs and the name.

------
anonymous
This sounds a bit too dumb to be the actual dread pirate roberts. Could he be
the third owner of the site? IIRC the original DPR just set it up not with
some ideals in mind, but just to sell drugs. Then he left it to the next DPR,
the one they allegedly busted. Maybe the one they busted is actually the third
one?

~~~
atlanticus
Even someone with the name anonymous can make a mistake, right BH?

~~~
anonymous
_right BH?_

What? If you imply those are my initials, I'm sorry to say you're mistaken.

~~~
atlanticus
Dammit!

------
PaperclipTaken
Similar to the other comments, this seems virtually unrelated to the actual
arrest. This article makes it seem as though the single mistake is what
allowed DPR to get nabbed, and yet there is a lot more going on in the
investigation.

It was a boneheaded mistake but it's not what got him arrested.

------
scotch_drinker
"Okay! I must have put a decimal point in the wrong place or something. Shit!
I always do that. I always mess up some mundane detail."

Michael Bolton. No not that Michael Bolton.

------
JunkDNA
So does the guy who answered this get a "Aiding Criminal Masterminds" badge?

In all seriousness, I know that this feeling is irrational, but I would feel
pretty terrible if I helped someone on SO and then came to find out they were
running a billion dollar criminal enterprise.

------
iblaine
If it wasn't a post on stackexchange then it would have been something else.
SR going down was inevitable.

------
tghw
Doubly dumb since StackOverflow doesn't even require an actual account to post
questions.

~~~
itafroma
> StackOverflow doesn't even require an actual account to post questions

That hasn't been the case since mid-2011[1]: you must have an actual account
to ask questions on Stack Overflow.

[1]:
[http://meta.stackoverflow.com/questions/107152/encouraging-u...](http://meta.stackoverflow.com/questions/107152/encouraging-
users-to-create-an-account-and-keep-it/107163#107163)

~~~
tghw
You are correct. I hadn't noticed that change.

------
bhitov
I don't think this is what did him in. Posting advertisements for silk road
[1] and then posting his personal email address [2] from accounts with the
same name seems the more likely cause.

1)
[http://www.shroomery.org/forums/showflat.php/Number/13860995](http://www.shroomery.org/forums/showflat.php/Number/13860995)

2)
[https://bitcointalk.org/index.php?topic=47811.msg568744#msg5...](https://bitcointalk.org/index.php?topic=47811.msg568744#msg5.).

------
16s
I've posted questions about Tor on stackoverflow using my real name, but I'm
not a criminal nor do I have any desire to be a criminal.

It seems odd to me that questions like this on a technology site could somehow
be used to incriminate people. Maybe the goal is to prevent people from asking
questions.

What you ask can and will be used against you?

~~~
skwirl
If you think he was arrested for posting a question about Tor to Stack
Overflow, then you really have a lot of catching up to do on this story.

~~~
16s
I know he has been accused of doing very bad things. I just hate to see Tor
and its users vilified like this. Bad people use Tor for bad things, but good
people use it for good things too.

And making people feel that simply asking questions about Tor will put them in
the same category as hardcore criminals is just wrong. We're not all heartless
criminals. In fact, most just want a bit of privacy.

~~~
TheCapn
For the record, the reason why his slip up was significant is because:

1) They were able to find code identical to the SO question within the
SilkRoad source code

2) They already had circumstantial evidence linking him to the site, this just
strengthened it

3) "frosty" is the user/computer name used to generate the private ssh key on
SilkRoad's server, further linking him to the site

------
highwise
Messing with the law can _improve_ your reputation, after all.

[http://stackoverflow.com/users/1249338/frosty?tab=reputation...](http://stackoverflow.com/users/1249338/frosty?tab=reputation&sort=graph)

------
stevewillows
In a sense I almost feel for the guy.. Then again, I don't. The tinfoil hat in
me wants to believe that this is all one big FBI / CIA set up and they're
looking to see who will try and step up.

But again, that's just crazy.

~~~
wcfields
Well, don't do crazily illegal shit, and the tinfoil can stay in the kitchen
cabinet.

~~~
yk
Well, _THEIR_ orbital mind control lasers work even if you do not plan to do
crazily illegal shit.

------
larrik
Am I crazy, or was the question posted in March of 2013, and not 2012 like the
article states?

------
S_A_P
I can see the scumbag Stack Exchange memes on Reddit now :)

------
logn
If the NSA sniffed his bits, you must acquit.

------
bsullivan01
Many Feds made their bones on the war on drugs and the jobs and reputations of
many more still depend on the war on drugs. Then you have some guy that makes
tens of millions selling heroin, cocaine and everything illegal under the sun
--online.

Safe to say that unofficially he was FBI's top ten person to catch, he was
making a fool of them. And if they want they can tighten lots of screws and
even have satellites monitor over an area. As I said on another thread, I
suspect that NSA or DEA got his name illegally and then whispered it to
certain FBI agents.

Of course for the evidence to be admissible FBI has to make believe that they
got him by his mistakes (parallel construction.) Not to suggest that you can
hide forever, he should have retired after pocketing $10 million

------
AsymetricCom
Parallel construction requires PR support.

------
alecsmart1
This is just horrible journalism. Exactly what I'd expect from a motion
picture movie for a dumbed down audience. Definitely not HN top worthy.

------
ianstallings
Having trouble using curl in php? Because a environment variable wasn't
defined? And then ran to SO before trying to print the variable values?..

/facepalm

Edit: Everyday it's the same old shit. One post goes up in votes, another goes
down. Why? Who the hell knows. Must've pissed someone off that doesn't know
curl.. I swear I have to walk on egg shells in this place. Either way I'm
really starting to get tired of this shit. Pull those marshmallow pants up.

~~~
smcl
I'm not sure about the downvotes either, maybe HN dislikes things like
"/facepalm" (I don't care, btw). However I share your disbelief. The guy was
running a fairly advanced, high profile, illegal market online and a key piece
of evidence linking him to this crime was down him messing up something really
pretty simple in a PHP script and asking on a programming Q&A site - that's
pretty astonishing.

~~~
ianstallings
That really was my whole point. He got in over his head and he got smacked
down for it. Now he's going to prison. It's laughable.

