Ross William Ulbricht, Dread Pirate Roberts: What the big Silk Road bust reveals about buying illegal drugs online.
Silk Road, a prominent online marketplace for illegal goods and services, has been seized and shuttered by the FBI, and its alleged proprietor arrested. Ross William Ulbricht, a 29-year-old San Francisco resident who went by the name “Dread Pirate Roberts,” was charged with operating a site that made buying illegal drugs almost as easy as ordering a book from Amazon
The complaint alleges that not only did Ulbricht manage and maintain a site that facilitated more than $1.2 billion worth of mostly illegal transactions in its two-and-a-half years of operation, he also solicited a hitman to murder someone who was threatening to reveal the names of several thousand Silk Road users. (While Ulbricht apparently paid the assassin, the FBI can find no evidence that the hit ever took place.) The feds caught Ulbricht’s scent after Canadian authorities randomly intercepted a package of fake IDs that was en route to Ulbricht’s San Francisco address. From there, they were able to accumulate enough circumstantial evidence to convince them that Ulbricht was Dread Pirate Roberts.
The government has been after Silk Road for a while, and it’s interesting to note that the site was brought down not by some great feat of hacking, but by old-fashioned investigative work. The idea behind Silk Road was that, if you followed the proper security protocols, you could conduct illegal transactions right out in the open and the government would be powerless to stop them. As far as I can tell, nothing in the criminal complaint disproves this notion. Ulbricht was arrested not because Tor failed, but because it is risky to send illegal goods through the mail. Further, agents were able to corroborate their suspicion that Ulbricht was “Dread Pirate Roberts” not by defeating Tor, but by noting that some of the earliest message board postings touting Silk Road were linked to an email address in Ulbricht’s name. And as Slate's Will Oremus already reported, the criminal complaint also indicates that Ulbricht stupidly used his real name to ask an in-retrospect-suspicious question on an online coding forum. The security failures here were human, not technological.
You read a lot these days about how online privacy doesn’t really exist, and how the government can crack most encryptions. And while this is undoubtedly true, the best online privacy measures are still pretty good—or, at least, good enough to stymie the FBI. Silk Road isn’t the only black-market website out there, and if the others ever get busted, I’m guessing it’ll be thanks to a similar human slip-up.
Silk Road's Dread Pirate, Ross Ulbricht, asked Stack Overflow question under real name.
According to the criminal complaint against Ross William Ulbricht, the man who allegedly ran the vast online drug marketplace from his San Francisco apartment, he ventured humbly onto the site in March 2012 to ask a couple of friendly questions. The first one, it seems, was relatively innocuous, if a bit unorthodox. But a second query struck FBI investigators as rather incriminating, in retrospect: “How can I connect to a Tor hidden service using curl in php?” the user asked. Silk Road is, of course, a Tor hidden service—perhaps the world’s most famous one at that.
But here’s the facepalm-worthy part: According to the criminal complaint, Ulbricht posted the question using his own real name. Less than one minute later, he changed his username to “frosty.” And then, one assumes, banged his head against a hard wall several times.
According to the complaint, the Stack Overflow post served as key evidence for authorities trying to link Ulbricht to Silk Road. From the complaint:
Based on forensic analysis of the Silk Road Web Server, I know that the computer code ... includes a customized PHP strip based on 'curl' that is functionally very similar to the computer code described in Ulbricht's posting on Stack Overflow, and includes several lines of code that are identical to lines of code quoted in the posting.
Oh, and the encryption key on the Silk Road server ended with the substring "frosty@frosty." Whoops.
Frosty’s account lives on at Stack Overflow, where you can inspect his code and pass judgment on his chops if you’re so inclined. And while this won’t appear anywhere in the criminal charges against Ulbricht, the court of computer-programmer opinion may duly note that he asked two questions on the site, but didn’t take the trouble to answer anyone else’s.
Ulbricht Criminal Complaint
Meet The Dread Pirate Roberts, The Man Behind Booming Black Market Drug Website Silk Road - Forbes
)]
