DPR sent a message to "redandwhite" stating that "FriendlyChemist"
is "Causing me problems" and adding: "I would like to put a bounty on
his head if it's not too much trouble for you. What would be an
adequate amount to motivate you to find him?"
Later that same day, redandwhite sent DPR a message quoting him a
price of $150,000 or $300,000 "depending on how you want it done" -
"clean" or "non-clean"
DPR responded: "Don't want to be a pain here, but the price seems high.
Not long ago, I had a clean hit done for $80k. Are the prices you
quoted the best you can do? I would like this done ASAP as he is
talking about releasing the info on Monday.
DPR and redandwhite agreed upon a price of 1,670 Bitcoins - approximately
$150k - for the job. In DPR's message confirming the deal, DPR included
a transacation record reflecting the transfer of 1,670 Bitcoins to a
certain Bitcoin address.
Here's the part I don't understand:
* A user friendlychemist threatens DPR.
* DPR asks friendlychemist to refer his "supplier" to DPR.
* redandwhite says he was "asked to contatct" DPR by friendlychemist and friendlychemist owes redandwhite money
* DPR asks for a hit from redandwhite on friendlychemist
That makes zero sense to me. Why would you assume those two users are not the same person or aren't at least allies?
* DPR was ready to pay friendlychemist upto $150K
* BUT DPR was also afraid it'd lead to more extortion
* DPR knew redandwhite was same as friendlychemist or an associate of his
Based on these assumptions, DPR's move to pay redandwhite was really DPR paying friendlychemist while also communicating the length to which he is willing to go to deal with extortionists. So by going the path he went, he paid off friendlychemist and scared him at the same time.
The guy he tried to have killed could show up and testify on his behalf and a reasonable jury might still find him guilty.
I think we can all see at this point that Ulbricht got played. But that doesn't exculpate him. (Not that it matters yet; he hasn't been charged with the attempted murder).
Toy version of the conversation.
FC: Give me money so I can pay my debts.
DP: Lemme talk to your creditor.
RW: I'm FC's creditor, whats up.
DP: I don't owe FC money. Rather I want him dead. Can you do this.
RW: Sure. $250k.
DP: I normally pay 80k to kill people. Split the difference?
... uh. wtf? The whole exchange really makes no sense, unless you assume that DPR knew he was talking to the same guy all along and was working on terms that would make the guy not bother him by scaring him off.
Edit: Nevermind! Apparently the 80k "hit" wasn't just a negotiation technique: http://www.baltimoresun.com/news/maryland/crime/blog/bal-sil...
Sounds like the guy was a petty criminal who wasn't as smart as he should have been if he wanted to run an underground market for criminal activity.
And anybody else who thought they would try and blackmail money out him. It seems completely plausible scenario and kills two birds with one stone. No pun intended.
Along with five other countries.
Although I believe the foregoing exchange demonstrates DPR's intention to solicit
a murder-for-hire, I have spoken with Canadian law enforcement authorities, who
have no record of there being any Canadian resident with the name DPR passed to
redandwhite as the target of the solicited murder-for-hire. Nor do they have any
record of a homicide occurring in White Rock, British Columbia on or about
March 31, 2013.
32. Although I believe foregoing exchange demonstrates DPR's
intention to solicit a murder-for-hire, I have spoken with
Canadian law enforcement authorities, who have no record of
there being any Canadian resident with the name DPR passed to
redandwhite as the target of the solicited murder-for-hire.
Nor do they have any record of a homicide occurring in White
Rock, British Columbia on or about March 31, 2013"
EDIT: Or he was watching too much breaking bad and beginning to assume Heisenberg's characteristics after feeling invincible for earning $80MM
However, he went too far into his fantasy, and not too smartly, and he'll pay for it.
I just put in two spaces like the formatting guide said. But the whole thing ended being one line.
So a paragraph that would run off the page and break mobile devices in normal circumstances should be broken in several places by a hard 'return' plus more spaces.
Is really just a collection of sentence fragments
that all fit the same formatting. There might be
a better way, but I don't know it!
So a paragraph that would run off the page and break mobile
devices in normal circumstances should be broken in several
places by a hard 'return' plus more spaces.
Is really just a collection of sentence fragments that all
fit the same formatting. There might be a better way, but I
don't know it!
Shift-v starts line-by-line visual mode.
Ctrl-v starts visual column mode(which is both very cool and very useful)
Or startline,endline command: 10,20d
> 32. Although I believe foregoing exchange demonstrates DPR's intention to solicit a murder-for-hire, I have spoken with Canadian law enforcement authorities, who have no record of there being any Canadian resident with the name DPR passed to redandwhite as the target of the solicited murder-for-hire. Nor do they have any record of a homicide occurring in White Rock, British Columbia on or about March 31, 2013"
Or an angle bracket, with an opening and closing asterisk.
This means you don't need to include any line breaks.
Almost an analog for "Walter White," who also made $80mm on his calamitous journey from "honest" meth-cooker to kingpin.
Payed off anyways but at the same time negotiated a discount and scared the guy into not trying it again.
This is corroborated by the fact that the FBI knew the name, date and city yet couldn't match it up to a real body.
After going to Penn St for a grad degree in materials science,
"Ulbrecht states that his 'goals' subsequently 'shifted'. Ulbricht
elaborates, obliquely, that he has since focused on "creating an
"economic simulation" designed to "give people a first-hand experience
of what it would be like to live in a world without the systemic use of
force" by "institutions and governments."
Edit: but I'm waiting and reading with an open mind.
The way this works is that they take their own favorite definition of personal property, and then re-define the word "aggression" as: "anything that violates my definition of personal property, and nothing else".
So, when a land owner shoots somebody who mis-stepped onto his land without warning, that is not aggression according to libertarians - if you really take them seriously.
Obviously, when you point that out to a libertarian, an endless game of shifting definition starts, much like how many discussions about the existence of god go with theists.
If you're interested in a well-argued and entertainingly written outsiders' perspective on this, I recommend Matt Bruenig. Here's a starting point: http://www.demos.org/blog/8/21/13/fun-times-libertarianism
I do think it nonetheless ends up pretty entangled in the ideas invented by the modern centralized state, especially the ideas of "property ownership" and "a contract", which are supposed to exist in a sort of ethereal global-variable state separate from any facts in the physical world or local interactions. The modern state enables that fiction by maintaining a central property register backed by a cadastral survey, and a set of courts that enforce the abstract idea of a contract. Minarchists are perhaps more open about this dependence than anarcho-capitalists are, by just directly asserting that the state should exist solely to operate and enforce a property register and contract law.
I agree that it's a baffling world view though.
And it's not as if libertarians are entirely crazy. It's healthy to have some baseline skepticism towards authority. But it's also healthy to have some baseline skepticism towards market solutions. As usual, the best answer(s) are somewhere in compromise and in the middle.
I guess that ideas like the "non-aggression principle" are so alluring to some because they have a sort of superficial "intellectual purity" which that kind of compromising answer lacks.
And I thought the journalist that got his laptop seized at an airport was harshly treated...
I'm not sure of the details of this situation but just following libertarian legal reasoning there may be another way to justify it. The logically consistent libertarian position on abortion is neither pro-choice nor pro-life. Block's theory of evictionism is basically that a mother's right to remove a fetus is stronger than the fetus' right to be in the womb, yet the mother is not permitted to kill the fetus straight off exactly.
If there was developed some technology such as a pig fetus used to carry the child to term then that technology would have to be employed. Would there be some other reliably effective means to stop this snitch besides killing him?
If you are simply arguing the most utilitarian point of view for the sum of the actors involved, surely paying him off is the most moral thing to do. $300K to prevent 10,000+ years of jail and shankings versus killing someone. $300k is much less than the life of one person.
Isn't the real threat the 3rd party that would be doing the jailing? Why is freely communicating what some people did a grounds for murder? He's not the one that is doing the locking people up -- it just so happens to be more convenient to murder him then to take on the justice system. Convenience does not make it the moral course of action.
I adore libertarians, I really do, for all the energy and earnestness they bring to their theory of government. But I can't take them very seriously, and this sort of thing is exactly why.
Oct 2 (Reuters) - U.S. law enforcement authorities raided
an Internet site that served as a marketplace for illegal
drugs, including heroin and cocaine, and arrested its
owner, the Federal Bureau of Investigation said on Wednesday.
The FBI arrested Ross William Ulbricht, known as "Dread
Pirate Roberts," in San Francisco on Tuesday, according to
court filings. Federal prosecutors charged Ulbricht with
one count each of narcotics trafficking conspiracy,
computer hacking conspiracy and money laundering
conspiracy, according to a court filing.
There's some interesting stuff in there, page 21 is the murder for hire scenario and 24 is where the agent explains how they identified DPR.
1. Canadian spies set up "FriendlyChemist", hack into another vendor and get extortion material on DPR
2. "FriendlyChemist" tells "RedandWhite" (obviously the same person/agency) to contact DPR
3. "RedAndWhite" extorts American based DPR to pay for a murder that mysteriously does not happen in Canada
4. DPR then (stupidly?) pays "RedAndWhite" for fake ID documents from Canada, which mysteriously get stopped at the border
5. US agency arrests DPR on delivery of Fake ID's
6. There is no chance of entrapment since:
- Based on the Nature of TOR, we can never prove that "FriendlyChemist/RedAndWhite" are a police force (karma)
- They are most likely not a domestic force, but were working covertly with US agencies (cannot be subpoenaed).
Certain government authorities know you're acquainted with someone who's previously been fingered for murder-for-hire but never convicted.
The "authorities" call you and threaten to murder your family; you naturally seek back-up from your erstwhile acquaintance. The police ensure they give you just enough information to track their threat back to a "person" of their construction.
Boom. You're up on a rap of "conspiracy to commit first degree murder" (or whatever it's actually called in your jurisdiction).
Doesn't seem so impossibly far-fetched does it?
They'll stack the charges so high you a helicopter to see over 'em. He'll either plead it out and get fifty or fight it and get life. His choice.
If the federales have all of his assets, he ain't fighting nothing.
The police couldn't find a record of the alleged murder victim, so I'm guessing that "redandwhite" and "friendlychemist" were the same person, just playing a con on DPR to get some cash.
I took it to mean fast and relatively painless versus protracted suffering, i.e. "non-clean", messy.
Without the 'respectively', it's ambiguous whether the clean or non-clean were the cheaper of the two alternatives.
Clean: Traffic accident, apparent suicide, etc.
You'd probably create more evidence trying to make it look like an accident than you'd clear up just by doing it some easier way.
That would be hazardous in my opinion. Now you have two places where you can place the preparator.
However, what I am surprised by is the fact that there wasn't really any focus on his facilitation of arms trafficking. I would imagine that those activities are more likely to cause actual harm to society that we should be worried about.
He paid someone to kill an extortionist that had threatened to release incriminating info on a lot of users. As far as the law goes it's the same as him killing his child's first grade teacher over a bad grade but when you extort someone operating a drug dealing network, what do you expect?
During the course of this investigation, the FBI has located a
number of computer servers, both in the United States and in
multiple foreign countries, associated with the operation of Silk
Road. In particular, the FBI has located in a certain foreign
country the server used to host Silk Road's website (the "Silk
Road Web Server"). Pursuant to a Mutual Legal Assistance Treaty
Request, an image of the Silk Road Web Server was made on or
about July 23, 2013 and produced thereafter to the FBI.
What the complaint doesn't specify is how the FBI managed to locate the Silk Road server. It's possible that they already had some suspicion of DPR's identity, and managed to bug his computers or otherwise track his activity well enough to figure out what systems he was logging into. But given how coy the complaint is about this, I wonder if in fact this is the result of a sophisticated analysis of Tor network traffic (possibly in collaboration with the NSA?). If that's the case, it betrays a level of capability that ought to be frightening for the operators of other anonymous Tor services. Anyone with more Tor expertise want to comment on how likely this is?
Edit: the excerpt quoted is from the (now unsealed) FBI complaint, first linked elsewhere in this thread: http://krebsonsecurity.com/wp-content/uploads/2013/10/Ulbric.... The whole thing is pretty interesting reading.
Further, based on forensic analysis of the Silk Road
Web Server, I know that the server includes computer
code that was once used to restrict administrative
access to the server, so that only a user logging
into the server from a particular IP address,
specified in the code, could access it.
It looks like they first started suspecting Ulbricht when one of the forum account usernames he used to market Silk Road, "altoid", posted the GMail address "firstname.lastname@example.org" when looking for technical help. From page 26 of the complaint:
From further reviewing the Bitcoin Talk forum,
Agent-1 located another posting on the forum by
"altoid," made on October 11, 2011, approximately
eight months after his posting about Silk Road.
In this later posting, made in a separate and
unrelated discussion thread, "altoid" stated that
he was looking for an "IT pro in the Bitcoin
community" to hire in connection with "a venture
backed Bitcoin startup company." The posting
directed interested users to send their responses
to "rossulbricht at gmail dot com" - indicating
that "altoid" uses the e-mail address
"email@example.com" (the "Ulbricht Gmail
Super interesting read!
That said, a security vulnerability in the website does seem like a really plausible conjecture: it's hard to write that much PHP code and not screw up somewhere, especially given that he was probably doing most of it himself, without anyone to do independent QA. And even if the site code itself was fine, the Silk Road is a high-enough value target that the FBI might have thought it worth using a PHP 0-day. Once they're into the site, it's probably not hard to get it to dump an IP address or other externally identifying information.
That may be; or maybe they just Parallel Constructed a proper looking investigative trail.
... I know that, on May 24, 2013, a Silk Road user sent
him a private message warning him that "some sort of
external IP address" was "leaking" from the site, and
listed the IP address of the VPN Server.
edit and off-topic rant: I really hate searching government PDFs.
I remember reading an article in 2600 where someone figured out that quite a few websites took a PHP filename as a query arg to be eval'd... and some subset of those had no mechanism in place to restrict it to local files. Needless to say, they could point that arg to example.com/malicious.php and have it run on the vulnerable box.
The best part was that they constructed a Google query to find sites that would eval remote PHP code. It was something else!
I'm reading through it now, but it's still not 100% clarified how they originally determined the true IP and provider of the server. There are a myriad of different ways, though.
Linking to ancient bugs that were fixed a long time ago is pointless, every popular piece of server software would have bugs.
So, care to name five?
I’m not one hundred percent on this, but I don’t think it’s possible to do a DDoS over Tor, or at least it is much harder than doing it over the clear net. The effect of the attack was to block access to Silk Road. No data was leaked, in fact we’ve never had a data leak.
Posted after the feds imaged the server. OOOPS. Hubris is dangerous.
People slip, it's inevitable. How fast that happens probably got accelerated by SR's owner appearances and the dent it was making in the agencies' reputation.
It is a widely reported fact that the NSA will hand tips to the FBI/DEA/etc, which will then use "parallel construction" to reverse engineer legally admissible evidence once they have been tipped off to the guilty parties.
The silk road flew too close to the sun. As soon as they started getting in the news, and DPR started his libertarian manifesto-ing, it was just a matter of time. There are no old, bold crooks.
Honestly, there might be even more exploits that I'm unaware of (still not an expert), given that the silk road server is probably doing a lot of tor traffic, which makes them an outlier, and it's tough for an outlier to blend into the background. Maybe tor can mitigate that though, don't know.
Can you please explain in detail how one would do this to a hidden service?
I'm trying to determine if you just don't understand how hidden services work, or have found an actual vulnerability that needs to be addressed.
The same goes for end users: http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf
This also explains why the other market place shut down quickly, unlike DRP they apparently deduced it was only a matter of time before their location and identity was disclosed.
They did not compromise the network, they compromised an out of date version of firefox.
They might well be able to de-annonimize TOR, by monitoring traffic between a large enough proportion of TOR nodes. Given recent NSA/GCHQ long distance cable intercept stories, this is no longer unrealistic. But there is no direct evidence yet. It is also worth mentioning that the US has spent a lot of effort developing an attack capability, and probably hit enemies like Silk Road with attacks as sophisticated as Aurora or Stuxnet. Maybe we just don't hear about that, because of the beauty of parallel construction.
I think we said the same thing, or at least if I interpret your statement correctly I meant the same thing. I said "browser tricks" and you said "vulnerability specific to firefox (a browser)" and I said "de-anonymized" (which was the analysis that most people pointed to as to why the FBI was collecting data from various hosts) and you described the same scenario " ... monitoring traffic between a large enough proportion of TOR nodes ..."
My interpretation of the events was, they got to Freedom hosting, they used that to exploit browsers into giving them correlating information about Tor endpoints, and using that traffic and resources in the already documented 'meta data snooping' programs that other parts of the government have and have made available, they figured out which servers were serving up the Silk Road web site, and by that (and a copy of the servers hard drives aka a server image) figured out who the guy was who was using the Dread Pirate Roberts moniker.
So is your understanding of how this went down different than that? And was that explanation different (other than detail) than my original comment which you assert was incorrect? Happy to be shown where I am wrong here, so I'm trying to figure out what what part you disagreed with.
1) Compromise a web server on Tor
2) Buy a zero day browser exploit, create payload to expose
data about endpoints and exits.
It appears he was caught because he slipped up opsec confusing real and fake identities, he was being watched by homeland security because he stupidly tried to import 9 fake IDs to his residence, and he was logging into the server with a VPN, not SSH tunneled through Tor.
This may not even require large-scale traffic analysis; I wonder if you configure your client to use a chain of 2 or 3 "known good" nodes, teach the nodes to block other potential users, and capture the traffic, if an effective timing attack could be done that way (request SilkRoad at 0:00, get back a page with the relevant contents at 0:01, and trace those lines through the nodes). It sounds like it'd be feasible to me, but I'm another amateur.
Also I wonder how they got a server image without him noticing since it is typically something you'd need to shut down the machine for. Was the whole thing running off a hosting service?
It would be pretty impressive if he physically had servers in multiple countries. Just setting them up without involving other people seems difficult.
Edit: He did use hosting services which probably used virtualization so it is easy to clone drives for. The complaint has him buying fake ids (which were confiscated in transit!) in order to rent more servers.
Professional forensic investigators have what are called 'write blockers' that prevent all writes when drives are plugged in to be imaged.
Otherwise I could shred say some paper evidence, and the course would reject a taped-up copy that shows my original document. Which they wouldn't, of course.
How often does one of your servers crash? I mean, it happens. I estimate maybe once a year/server, on average, assuming a 5 year lifecycle. (well, usually it's more like 'no crashes for the first three years, several crashes a year after' - hardware ages.)
Hell, whole racks lose power at times. Doesn't happen all that often, but it happens often enough that if your provider says "We blew breaker X" well, more often than not, it's a honest problem, and not the FBI yanking power to image a drive.
Or hell... what if it's a server with a mirrored drive? It'd be easy enough to pull half the mirror (the drive 'failed' right? Hell, you can say you let the salesguy into the co-lo and he bumped the hard drive release catch, or you sent in the new kid to swap a drive and they pulled the wrong one. These things aren't common, but they are way more common than the FBI.)
Hell, a drive could have legitimately failed and been sent back to seagate/wd by the provider (assuming he was renting servers) for warranty repair. The FBI could have intercepted the drive (or gotten it from the manufacturer) and run their own analysis.
So yeah. I totally believe that the FBI could get a reasonable image without DPR or anyone being the wiser.
Now you've got me wondering whether the apparent disparity between manufacturers claimed MTBF and what we see in failure rates in the real world, might plausibly be attributed to mysterious government agencies coercing data center owners into unexpected-but-plausible downtime. (four or five nines of power uptime might just mean the FBI/NSA need to batch server imaging and grab a whole bunch in a particular data center at once)
It's far more likely that people are idiots. How many hardware techs do you know who even own an ESD wrist strap? I get actively ridiculed when I pull mine out.
Next, the SLAs claimed by datacenters are usually bullshit on multiple levels.
First, the penalty is usually "we will refund you for the time you were down, if you ask." - which is fine, but a 5 minute power outage can be brutal to clean up after, while 5 minutes of your monthly bill is hardly worth asking for. I'd be happy to give people a 100% sla on those terms. I mean, obviously, the service isn't going to be up 100%, but the penalties are so low that who cares?
Then, well, even if the facility doesn't lose power, there are a hundred different ways a server or a rack can lose power.
Hell, even I let a guy into my co-lo who plugged in one of those ancient computers with a manual 110-240v switch. (everything made in the last decade auto-switches.) He plugged it into my 208v power, with the switch on 110, causing the fuses on my PDU to blow (and taking out the whole rack)
And power cords. Especially if you don't have dual power supplies, power cords get bumped. The mark of a honest sysadmin is that s/he admits it when they bump the cord
So yeah, while it /could/ be the FBI, the vast majority of the time, well, someone fucked up.
And yeah, you're right about hosting SLAs - I've got a hosting account which proudly advertises "100% uptime guarantee", which in the fineprint/t&cs offers "pro rata refunds for _twice_ your costs of any downtime!" – on a $48/year invoice - so if they go down for an entire _week_, they'll owe me not quite two whole dollars. Thanks...
Even the much more expensive/professional hosting I arrange for other clients always includes something like:
Limitation of Damages
Recovery of damages from $hostingCompany may not exceed
the amount of fees it has collected on the account.
The interesting thing is that I haven't ever been served with a warrant. Which is weird, as I know much smaller competitors who have.
Of course, there's no reason why you should believe that statement.
I imagine the DPR was logging in via VPN just to get some kind of consistent access to the site, even with I'm sure there were many times where the servers were unresponsive even to him.
If it's colocated, you only have one type of payment to do, and I'm fairly sure it's easier to be anonymous. You have less control over this location, and have to worry about their logging of access and the like.
Perhaps a coincidence, but that's ~10 days before the guy who ran the Freedom Hosting gig was busted.
All that said, its even more likely that they found his identity other way. He seems to have slipped from time to time. I think most people underestimate the amount of boring and tedious chores they must do year after year if they want to conceal their identity from FBI who is actively searching them online. It seems that the main theme in revealed identities seems to be reusing usernames or using the same email in two different contexts that link person to his anonymous identity.
1) Located the first reference to "silk road" on the internet. You can find this yourself on Google:
"silk road" site:shroomery.org Date range: Jan 1,2011 - Jan 31,2011 *
2) The same username, "altoid", showed up on a bitcointalk days later.
3) Later in 2011 "altoid" made a post on bitcointalk with his email address, containing his real name, in it:
If you search the name on Google it doesn't show up, but if you look at the user's page you can see it in his posts.
That seems like more than enough for a warrant for this individual. Everything after that should be easy.
I've used Google before to locate when a particular word or phrase first appeared. Kind of surprising someone didn't figure this one out quicker.
* Obviously this is a common word, so either adding other keywords with it would be likely.
Having the world believe they can't reverse Tor would clearly be more valuable than having the world believe they can. Remember that Tor explicitly doesn't protect against a global passive adversary.
I'm betting a dozen entrepreneurs are looking at this right now thinking "I can do this better" and are designing their systems as this is happening.
All joking aside, I hope you're right, and that the next few SR alternative sites figure out how to get it right, and that Tor itself isn't fundamentally broken by the FBI.
Unfortunately that all now needs to be viewed with the suspicion of "parallel reconstruction" - I'm somewhat less convinced that if the NSA targeted someone specific that SSL and TOR would resist their efforts (and that for something like Silk Road, that the NSA wouldn't happily break and read everything DPR did over his SSL secured TOR connections, and "share" just the right tidbits with the FBI for them to go and create a plausible explanation involving google searches and old forum posts).
Welcome to the post Snowden era - where we know that our governments not only don't have our best interests in mind, but have sophisticated programs in place to lie to us about how they arrive at the evidence they present (in those annoying occasions where they have to use courts who aren't just rubber-stamping everything they're told too).
(Edit: on reflection, it's kinda sad that this might well have been good detective work by diligent, talented, and persistent FBI investigators doing exactly what he taxpayer employs them to do - but that effort is now permanently under the dark cloud of suspicion of unconstitutional dragnet surveillance and morally corrupt processes like "parallel reconstruction".)
The trust and review system, the search engine and the communication platform can all run independently and don't need to happen on the same platform.
The web interface can be provided by an open-source turn-key package, so the next DPRs only need to figure out the hosting.
Who are you talking about? Everywhere I look people are saying tor is certainly broken, the NSA is watching us, etc.
Obviously, the disappearance of such a site leaves a gaping hole on the Web:
Silk Road has proven that the demand/market is there, that people are willing to use the Web to acquire those goods, that they are willing to pay, that the whole transaction works and that this leads to a massive amount of cash.
So, make no mistake, the next Silk Road creator is certainly out there, probably technically more astute and careful, and already building.
> A: The road has more users, but our service is better (to put it bluntly).
> [...] We have automated PGP encryption of messages for the members who refuse to send their messages using PGP.
Black Market Reloaded is the odds-on favorite to be the new Silk Road.
Drugs are bad, mm'kay?
And almost as certainly: more experienced in the use of serious violence. The next guy won't be hiring hitters without introductions from fellow violent criminals. (Not that undercover cops have never been vouched for in such a manner, but it raises the stakes significantly.) Yay Drug War!
Yes, they are legally obligated to not lie about the true means of how they came to have the evidence. But if nobody can prove you're lying, they can't call you on it.
Google searches and reading some public forum threads... Staggering sophistication!
Someone asking for help on the bitcointalk forum for a new venture? Happens almost daily. Someone asking a question on SO about how to access Tor? Ditto.
You don't discover who "Dread Pirate Roberts" is from this. But you do discover these types of things pretty easily AFTER the NSA tells you who DPR is.
Obviously there's lots of ways that guessing DPR's identity might allow someone with the FBI's resources to unmask the Silk Road server, though I don't know enough to know whether the forum post on its own would be considered sufficient evidence for a warrant to bug all of Ross Ulbricht's online activities. A lot of the more damning evidence for Ross Ulbricht as DPR (IP logs, the connection to the counterfeit documents, hostname of his personal machine, etc) seems to come from forensics on the captured server image. Analysis of Tor traffic doesn't seem like an implausible hypothesis, especially because that's a capability we'd be expecting the FBI/NSA to be developing anyway.
And a few post below someone says:
> I'm interested Ross
Spy film discretion here.
That post was made today.
A warrant to keep "pulling the string", issuing subpoenas, and compelling production of evidence from those who might have it? Absolutely!
I assumed bitcointalk had a small member base when "altoid" joined. A quick look at their tables show 3,694 total new registered users through January 2011.
"altoid" registered on shroomery on January 27th 2011 and the "altoid" who revealed his name publicly registered on bitcointalk on January 29th 2011.
Found the BBC story about this, if you're interested.
Lesson learned, if trying to stay anonymous only use cat photos as profile pictures found on google images.
A careful user might have a more-shallow slope; they might be able to post more photos, if they're carefully scrubbing EXIF and being mindful of spillage (unintentional details in the frame). But every single posted photo is still inexorably eating away at their potential to remain anonymous.
Even when I take photos of interesting stuff, I'll find an alternate source rather than post mine.
Most people don't realize the government can have an army of people working 24/7 to track you down while you're busy trying to cover your tracks. The odds are never in your favor.
Also, having an active social media presence doesn't help either. lol
From the time the silk road sold it's first product, it was only a matter of time before it's owner went to prison. If he were as smart as he thought he was, he would have gotten out of the business and the country shortly after he became a millionaire.
I believe this guy is the second owner. If I recall correctly, the first guy did pretty much exactly what you said.
Given the information released today this claim seems to be false in every way.
If the servers' IPs were obtained as a result of a passive traffic confirmation system that breaks Tor's anonymity, I would expect a detailed parallel construction to demonstrate an alternate explanation for how they unmasked the servers.
Any defense attorney worth his salt is going to request the evidence relating to the method of de-anonymization of the Silk Road servers. If a traffic confirmation system was used, the prosecution would be forced to disclose that to the defense, which could very well raise a solid argument that it violated the defendant's Fourth Amendment rights.
My guess is that the FBI used the gmail account information and early public silk road advertisements to obtain a warrant from a friendly judge to remotely monitor DPR's computer, and waited until he connected to the server. It's also possible that they exploited the web server, as was the case with FreedomHost.
I guess the investigation stemming from the IDs was probably where it started to come together.
http://krebsonsecurity.com/wp-content/uploads/2013/10/Ulbric... / Mirror: http://www.scribd.com/doc/172773407/Ulbricht-Criminal-Compla...
According to the filing, they found him through a combination of posting his personal @gmail.com address on the bitcointalk forum from the same account used to market Silkroad. Further, they found that his LinkedIn account somewhat corroborated the timeline/interest in what Silkroad is. Page 24 for the juicy details of how they identified him.
Also there is a section about murder-for-hire in Canada. Pretty wild stuff.
Update: Also he posted on Stackoverflow asking questions about Tor with his real name, then later changed his name. Supremely conspicuous.
Incidentally exactly how much Walter White made... That's a strange coincidence, or perhaps one of the clerks that gets paid to make up statistics for drug related criminal complaints is a breaking bad fan...
Seems like this could lead either to the legitimation or deligitimation of bitcoin as the FBI must assess their worth. It also gives the FBI the ability to mess with bitcoin markets if they choose, by flooding supply.
OTOH I can totally understand spoiler alerts with respect to sport and sporting-type events (like politics). It usually does seem to diminish the pleasure of watching a game when you know the outcome.
I know that I'm personally much more sensitive to spoilers than a lot of other people, so it always annoys me how somebody says something thinking they're not spoiling anything without fully thinking through the implications of what it is they're saying. It's almost arrogance, really, to simply assume that you know what will and will not spoil some given experience for another person.
Seen JFK? He dies.
The Zebra did it.
According to this that's close to the current total supply of all bitcoins:
The graph shows the supply in 2013 at around 9.5 million, same number as what the article claims.
"total_amount" : 11784364.79571183
"Based on my training and experience, I know that criminals
seeking to hide their identity online will often use
pseudonymous usernames to conceal their identity."
> Today, those specific, articulable facts take the form of sweeping generalizations that officers assure us are based on their “training and experience.” This phrase comes from the Evidence Code section stating the sources an expert can use to form their “expert opinion” in court. Today, police are taught to repeat this phrase on the witness stand when they want the court to take their bullshit speculations and generalizations as actual evidence.
He posted a question about connecting to a Tor hidden service with PHP on Stack Overflow. He didn't realize it puts your full name next to the question (and he had signed up with his real name), so literally 1 minute after posting the question, he changed his full name to a "pseudonymous username". He then changed his SO registration information from firstname.lastname@gmail to a fake name at a fake server.
If this is true then how did they catch it? Does SO keep records of all name changes? Did they give that info to the FBI? Do the FBI scrape SO and save all versions of the data? Was this data collected from PRISM?
Like "hey guys I'm starting a server for the illegal trade in drugs, but it's on Tor so nobody will know who I am, sincerely I M Anidiot".
Oh and just in case my names not distinctive enough here's my Gmail account so you can trace back all my IP connections and verify when I'm online and such.
Interestingly, the FBI agent that wrote that document and requested his arrest warrant is the same one cited as tracking down Sabu of LulzSec: http://nymag.com/news/features/lulzsec-sabu-2012-6/index3.ht...
EDIT: But interestingly looks like canadian police can't confirm.
It's known that the FBI and DEA get help from the NSA on high profile investigations, and they sometimes look at people 2 or 3 degrees of separation from their main person of interest.
Given what we've learned in the last few months about the government's intelligence apparatus, it seems I can reasonably assume that my emails, texts, phone call history etc. have all been scrutinized because I was in this guys email history. And it's not unreasonable to wonder if the same can be said of anybody I've ever emailed, or chatted with on facebook etc. because that's only 2 degrees of separation.
While I don't think the government will be scooping me up in a black van or kicking my doors in over this, I wouldn't be remotely surprised if I get special attention from the TSA next time I'm going through an airport because now I'm on some list.
I guess this is what it means to live in a surveillance state. Having to be afraid of what this might mean for myself, and for my friends and family, because I once exchanged a couple of emails with a guy who years later got into some very shady things.
The TSA is not scary compared to US customs although.
1. The SilkRoad Camel image in the background.
2. "THIS HIDDEN SITE HAS BEEN SEIZED" text.
These are not standard parts to the image, based on previous seizures. (though I'll admit those all were clear-web seizures that just took over the DNS and resolved back to a gov controlled IP hosting a image - here the image is hosted on-site).
So there is a chance that this is DPR's "dead-man" script running after DPR was not able to communicate with the site for X hours.
It's hard to tell if the actual site (with it's data) has been taken over or compromised.
There is also the possibility it's only the onion domain-name that has been taken, though I'm not sure how TOR/ONION works (if that's possible without access to the server).
In any way, I hope that none of you used a plain-text (vs a PGP'ed one) home address for your recent orders, nor have any tracking #s lingering in messages from the vendors in your accounts. If I recall correctly, messages are deleted after 30 days. But who knows what type of backups where maintained.
It will be intresting to see if -
1. There are admins that have access to the data + site that can get it back up and operational.
2. The forums (which are still working) will produce another site.
3. BMR (BlackMarketReloaded) and another one I'm not familiar with called Sheeps Market will continue to operate and/or pick up the majority of SR's business.
...and also if the DEA and FBI will go after the users (and not just the vendors) that they can find enough "conspiracy to commit" evidence on to make a point.
For the other two possibilities, why would DPR's dead man switch pretend to be a FBI note instead of a 'dead man warning,' especially since a hoax FBI message would immediately destroy SR? So I would assume that the FBI managed to get the actual hardware.
Edit: Slight clarification
The guy that got busted was the first one. So the second guy could still be out there, who would be able to post that image.
While I hope a dead man switched was flipped it doesn't look good for the integrity of the site. Hopefully everyone involved was smart enough to encrypt.
The disk image would of course contain the heavily encrypted data of SR (wallets, transactions, messages).
So unless the private key was on the server right next to the public key (AKA the Linode Incident), or the site did not encrypt that data (which goes against what we have seen so far), the disk image would not compromise that much.
"Now, my goals have shifted. I want to use economic theory as a means to abolish the use of coercion and agression amongst mankind. Just as slavery has been abolished most everywhere, I believe violence, coercion and all forms of force by one person over another can come to an end. The most widespread and systemic use of force is amongst institutions and governments, so this is my current point of effort. The best way to change a government is to change the minds of the governed, however. To that end, I am creating an economic simulation to give people a first-hand experience of what it would be like to live in a world without the systemic use of force."
Do not mistake believing that our current government (which is, might I add, the single largest entity in the history of man; sorry, it isn't that bizarre to think that it might just be a teensy bit too large, despite people's best efforts to somehow cast this as a crazy idea) is too large with thinking that the correct amount of government is zero.
Sure, an anarchist society could determine everyone has the right to murder/rob/etc., but our problems are bad enough when it's only the government robbing and murdering people (legitimately). I can't imagine why a society would decide it's OK for everyone!
No true libertarian...
Arguably stretching "safety" I would also include prevention of the concentration of power (i.e. wealth) and exploitation by capitalists (i.e. those significant portion of the real assets of the world).
Everyone wants public safety, even Anarchists. It is a nothing statement. Beliefs vary in how to achieve it. Most libertarians* would want public safety to be outsourced to private sector so it supposedly would be ruled by a free market.
*To be clear, I refer to the people (mostly from USA) who call them selves libertarians. Whose beliefs have only superficial similarity with historically Libertarianism.
Systemic use of force, then, is a situation where the use of force against some parties is inherently part of the system. Whether it be physical, legal with threat of physical, emotional force or violence.
If the particular economic sphere he's running in relies on violence (based on my experience in Las Vegas in the 90s, I'd say the drug world is one such system), then this isn't libertarian free market at its best, it's just the systemic use of force typical of the illicit drug industry.
It sounds like he corrupted himself through his own institution, if the allegations are true.
We have the world's largest prison population for a reason: we imprison large numbers of people each year.
Either way, intriguing story. If it's true he's really up shit's creek. And I have no problem with that, if it's true. An old 'hood motto: I'm not the law, break it, I don't care. But when you get caught, remember that I don't care.
He should have operated as if he lived on the DEA's front lawn.
Maybe it's not deliberate, but keep that in mind. There's going to only one source on this story for a long time.
1) using a low latency onion routing network, rather than a mixnet like an anonymous remailer or other 1990s blacknet, was a big problem. You could maybe get away with throwaway front end nodes as a web interface, stateless, to package up transactions, run by third parties, but for long running anonymity vs traffic analysis or server compromise, low latency bidirectional connections are impossible.
2) repeatedly sticking his dick into the hornet nest by provoking the FBI in the press
3) remaining in the USA while doing all of this
Acting in ways which make him a less sympathetic defendant (connection to assassinations? Really?) doesn't help
Let's hope SR hasn't been keeping any real identifying transaction records, or I bet we'll see a spate of high-profile arrests from tech companies.
Of course, after this I think most would-be entrepreneurs might be having second thoughts.
Black Market Reloaded is where most of the SR users will go.
Then the site went dark and took everything.
Still, this is disappointing. As a libertarian / ancap / voluntaryist / whatever-you-want-to-call-me, I totally support the Silk Road and other unregulated marketplaces.
I'd be tempted to try one of the alternatives, but now I'm worried that one or more of them might be LE honeypots or something.
Damnit, what's a hacker to do, who just wants to try acid once before he dies? Sheesh. :-(
Add in the fact that I'm so busy with this startup + consulting part-time, that I never have time to go to music events, I decided to just go the "easy way" and use SR. And then I didn't. And now it looks like it might have been a good thing that I didn't. Heh.
Also, if you enjoy the idea of having a space to opt out of government regulation but want the stability of having a place you can settle down, be non-anonymous and set up infrastructure, support:
Bizarrely I'm actually more annoyed that he didn't accept an answer on StackOverflow:
The traditional method of catching drug kingpins has been to flip the lower-levels of the organization until you can finally stick something on the leader. Here, the feds were able to go straight to the source.
I'd expect more prosecutions of SR's larger vendors as part of the fallout. If I were one of those vendors, I'd be ordering dust filter for my Hoover MaxExtract PressurePro model 60.
I think the pseudo-anonymity that Tor, Bitcoin, and computers in general can provide gave DPR too much confidence. But like every other ringleader who has been caught, a new one will take over and play the game smarter.
No matter what the precautions someone takes, my bet is that they will eventually get caught if they engage in illegal activity online.
(browse logged-out to see the full thing. If you're logged in and not connected to him, you won't see anything.)
Way to go, feds. Go justify that budget with scare tactics while we have open-air drug markets all over the US that you can't even shut down.
* An international marketplace doing millions of dollars of business in drugs, weapons, and fake IDs
* A few drug dealers in a public park in a city where you might not even have jurisdiction
If there are drug dealers in the parks, that's a shame-- but that's really not the type of issue that the FBI is supposed to handle. Take it up with your local police department.
(screenshot in case it's removed http://i.imgur.com/GjqdYDe.png)
It's hilarious that his tagline is "spunky, funky, not so chunky".
If you were running a massive online black market that can be set up and operated from anywhere in the world and making 80mm in commissions, wouldn't it make sense to not only set up the servers outside the US but also fly out of the US to a country with no extradition treaty with the US and low law enforcement cooperation with the US. By doing so, they have committed all crimes outside US jurisdiction. Near as I can tell this means that no crime they are charged with should stick, however IANAL.
Can anyone elaborate if it is possible to manage a site like this in a way where all actions associated with its operation never constitute crimes prosecutable in the US?
I can imagine that, had the Silk Road specialized in consumer goods and threatened to become popular, then it'd have been brought down much, much faster.
It doesn't seem like it's how they caught him, but it's some circumstantial evidence towards his guilt. He changed his username from his real name to "frosty" at some point.
When operating an underground network
1) don't post to SO questions regarding Tor
2) keep distinct login names for everything
It's probably best to keep distinct OS containers for everything. Don't trust the browser at all.
Those who are working are essentially working for the promise of payment at some indefinite time in the future (except for the military, who apparently really are a sacred cow...).
If you're a contractor, on the other hand, then you're not a government employee (legally), so the whole discussion doesn't apply to you directly.
If, on the other hand, you believe that the greatest value of bitcoins comes from their use by criminals, doesn't that make your investment in them a touch morally questionable?
Hypothetical Meta Twist: DPR actually suffers from multiple personality disorder and is also the guy he's trying to kill and thus also the hitman.
A truly anonymous system really poses some hard problems, man.
(Or at least include a link or something.)
Given that, if you were going to run a SR like site, are any of the other anonymizing networks of various sorts (Freenet, I2P, whatever) a valid alternative? And would any of those deals be better than Tor in any meaningful way?
Was just a matter of time. I'd be interested in knowing how they traced him, considering how overtly cautious he was known to be.
Also, leaving friends/family/network in the US behind is very, very difficult.
They also got an image of his server, but no details on how they found the server are given. The complaint notes that another user warned him "an external IP is leaking", so the FBI might have found a weakness in his PHP setup. All it'd take is one command on the server...
So he probably has a successor and/or is a decoy.
However, there also appears to be a criminal complaint out for the founder.
EDIT: Seems like this is real. Reuters reports that Ross Ulbricht, the founder of Silk Road, was arrested in San Francisco. http://www.reuters.com/article/2013/10/02/us-crime-silkroad-...
2. I think they left SR alone, because they have bigger
concerns-- terrorism, foreign surveillance? They still want
the world to think VPN's are private?
3. If you can't make money in this system-- I understand.
I don't think I've every met a wealthy person who wasen't
a psychopathic hypocrite--usually with a very advanced degree. I live among these hypocrites, and it's nauseating.
I won't even start on how many parasitic people in Marin
County start up nonprofits, and no one bothers to find
out how much they make--all legal.
4. If you are going to do something that could land you
in jail Don't Tell Anyone What You Are Doing. That includes
the person you bed with......
5. Never take advantage of the poor, animals, children, or
the environment. It's pathetic I needed to make a list, but
some of you repress what you are doing.
Not sure how the case will go, but I think that you can't say beyond a reasonable doubt Ross is DPR (Because, well, he's not.)
I'm sure he'll get great lawyers that can get him out of this.
I had heard rumors for months that DPR he been compromised.
I know quite a few people who used Silk Road, many carelessly so.
So far the known tally, from reading the forums & Reddit, is: a SR employee (arrested, unknown), DPR (arrested, charged), a UK vendor (arrested, probably won't be charged), and a WA vendor (arrested, charged). If anyone knows of other arrests/charges/convictions, please tell me. I've been trying to maintain a complete list at http://www.gwern.net/Silk%20Road#safe
- Fewer people, the better.
- Trust is earned, especially in criminal enterprises, slowly.
- Checks and controls are important when participants are inherently shady.
- If you're the head of the world's largest criminal exchange, being extremely careful to ensure actual anonymity is difficult but required. One slip, and it's all over.
- Tor might help, but a distributed app (vaguely like BitTorrent) might be more "SWAT proof" than having centralized servers.
The fact that they intercepted his fake travel documents during a routine search of mail at customs when they were already that close to him seems unlikely.
But maybe I'm reading this wrong, or maybe they actually do intercept a high percentage of fake passports moving across the border.
Did they merely sieze the server hosting the site and ask apache to serve something else?
(please don't raid me NSA/FBI)
- SilkRoad is down
- the Atlantis drug store is down
...all of that leads me to believe Tor hidden services are very, very unsafe to use, since all bigger illegal services that used them have been brought down eventually.
" In an 8–0 ruling on Simon & Schuster v. Crime Victims Board, the court ruled the law unconstitutional. The majority opinion was that the law was overinclusive, and would have prevented the publication of such works as The Autobiography of Malcolm X, Thoreau's Civil Disobedience, and even The Confessions of Saint Augustine."
Good catch, and you're definitely not being rude by correcting my ignorance!
Thank you :)
I guess ASAC Shrader's guys were finally able to handle this case once most of their resources became available again thanks to the Gilligan's shut down few days ago...
It's pretty convincing. :/
1. The agent randomly (?) stumbling on a LinkedIn profile which matched the timeline/description of the Silkroad project, which prompted to seek another unidentified agent which had all kinds of juicy deets on the suspect.
2. CBP intercepted a package addressed to Ulbright containing a bunch of counterfeit official documents during a "routine border search".
3. Found Tor/PHP/curl-related posts on Stackoverflow from his real name account, but also says he changed his name/email to a fake one. Did they happen to stumble on it before he changed his name? Or had some kind of access to an earlier archive? Or cooperation from Stackoverflow? Unclear.
I'll update more as I run into them. Super interesting read.
Still, it's clear that they've done a ton of research on Silkroad and DPR. The notes are thorough and accurate. A job well done.
Sounds like parallel construction to give them a legal way to introduce evidence.
True, but "connecting the dots" is much easier when it's your job, and something you've spent decades practicing.
Not to say that you're wrong, but there's no evidence to back you up. We might as well assume that the NSA is behind everything, ever.
It tends to work well from a prosecutorial POV as well because anyone who is accused by that process has little evidence to exclude them.
So we now have to prove a negative or the NSA did it? Logic has officially left the building.
This certainly bolsters the claim that the NSA's surveillance is doing society good. I'm not comfortable with that, but there it is.
No seriously, the whole parallel construction dialogue for NSA feeding DEA tips is exactly the situation suggested here. Why do you equate published journalism with hoaxes and factually devoid crazies. It is insulting to a fairly civil discussion.
We also know this is an incredibly high profile case. It's in the interests of the DEA and FBI to lean on their contacts in the NSA, even.
That said, the FBI is very good at what it does, and finding this sort of thing isn't just what the FBI does, it's what any investigator does. (I have personal experience with this area that I can't disclose, but trust me, everyone knows how to link usernames between websites.)
Stackoverflow is one not specifically mentioned as "obtained records from" just that those actions happened on stackoverflow. Non-public actions. Also why would stackoverflow keep a record about each username and email change, but not IP and access times? They never mentioned how he connected to SO or if he masked it. BUT they mentioned that in every other case.