Silk Road Journal Found On Ulbricht's Laptop: "Everyone Knows Too Much"

sarahnaomi writes On Wednesday, prosecutors in the Silk Road trial began to lay out the wealth of evidence found on the laptop taken from accused kingpin Ross Ulbricht in a San Francisco library in October 2013. The evidence presented by prosecutor Timothy Howard was the most comprehensive and damning thus far, including more than a thousand pages of chats between the site's pseudonymous operator Dread Pirate Roberts and Silk Road administrators. Also entered into evidence was a journal that dates back to at least 2010 describing the creation and operation of the site. FBI computer scientist Thomas Kiernan, the second witness in the trial, testified about the day Ulbricht was arrested and the evidence gathered from his laptop.

Interesting

Do we have any frequent contributors here that can give us more detail?

Re:Interesting

yes, I would love to hear bennetts take on this

Re:Interesting

Just ride around for a while in a car with worn out brake pads, it's a pretty reasonable approximation for the experience of reading any given BH article.

What an idiot

[wiredlogic]

So not only could he not secure his black site, he couldn't even secure the files on his own laptop.

It makes you wonder how he ever got it running in the first place.

Re:What an idiot

It makes you wonder how he ever got it running in the first place.

Perhaps that, in itself, is compelling evidence that he didn't.

Re:What an idiot

You eventually need to decrypt your own files so you can use them, so the trick is to catch the person when they're actually sitting at their machine using it so that they don't have time to slam the lid on the laptop. If they can do that they can plug in an external drive and copy everything, unencrypted. They got him when he was at the SF public library, agents probably swooped in and manhandled him before he could react.

Re:What an idiot

On the other hand, a psychopath is marked by superhuman hubris, i.e. the assumption that everyone is stupid except them. This is often their downfall when it comes to criminal trial, because they are genuinely shocked that other people are smart enough to have figured them out.

Re:What an idiot

it most certainly does not make me wonder how he ever got it running in the first place. only an idiot would wonder that. it was a public site, meant to be found by public customers.

the files on his laptop were meant to be opened and viewed by users of his laptop.

you're an idiot.

Re:What an idiot

[grnbrg]

Apparently he was arrested (in public) at a library, and the techs who got the laptop knew what they were doing...

It was logged in, and they spend several hours copying data without letting it sleep or lock.

Full disk encryption is great, but assumes that you won't have unlocked it for the attacker.

Re:What an idiot

Now that we know how the FBI handles this (grabbing the laptop and acting like a crazy person), the next DPR will have a laptop with the battery removed. Someone grabs the laptop, pull the plug.

Re:What an idiot

There's actually some neat forensic gear out there designed for this kind of situation. It's basically a battery with a fast UPS style switchover mechanism and various bits for tapping into the power line connected to a computer. Basically they wire this thing in, pull the plug, and the battery keeps the machine running and unlocked while they cart it away/image it/etc. They've also got devices called "jigglers" that simulate mouse movement to keep the screen from locking.

Obviously this turns into a cat and mouse thought experiment with a variety of rube goldberg type countermeasures and counter-countermeasures, but against the average guy this kinda thing probably works quite well.

Re:What an idiot

[ganjadude]

why would you assume he is a psychopath?

Re:What an idiot

Good reason to have a panic button that destroys your in-memory keys along with firing up the screen saver.

Re:What an idiot

Dear stupid person: they don't remove the laptop, they remove the person then work on the laptop.

Re:What an idiot

[grnbrg]

Not much use if the create a distraction and grab the laptop before you can do anything...

Re:What an idiot

OP's point stands. Why in the name of royal fuckery would anyone operate such a machine in a public library? That comes under "not securing the files". As does not keeping records out of reach except while they're being accessed - if he had everything on one partition which is wholly accessible while the machine is running, he's a fucking idiot.

These aren't Best Practices For Criminals but Best Practices For Anyone With Private Data. If any of my employees was so lackadaisical with the laptops I issue to them, they'd be fired and I'd have to go through a serious audit to reassure my clients. It's the difference between "obtain access to medical records in of person X relevant to condition Y in date range A-B" and "obtain access to every single piece of medical data we have on everyone".

Still, though, a novel use for the Boss Keys games used to have...

Re:What an idiot

[CaptBubba]

Yeah they had two agents get into a fight right behind him and when he jumped up to see what was going on (just like anyone would do) another agent snatched the laptop and started the task of getting evidence off it and mirroring the drive's contents.

The FBI is often really fucking good at what they do.

Re:What an idiot

[h4ck7h3p14n37]

Full disk encryption is great, but assumes that you won't have unlocked it for the attacker.

That's why you also encrypt sensitive files separately. You only unlock the file when you're actually using it and then lock it back up when done.

Just use dd to create some space to use, create a filesystem on the file and then apply your preferred means of encryption. Encrypted USB sticks are another good solution.

Re:What an idiot

why would you assume he is a psychopath?

I'm countering AC's "compelling" argument by providing one likely alternative for someone who has been charged with procuring murder.

I am obviously not in a position to assess and diagnose him, so your question seems rather odd.

Re:What an idiot

In which case you should have a system with a deadman switch that cuts power if it is removed from your immediate proximity.

One could rig a laptop power supply like that and then run the laptop without the battery plugged in. One could use a passive RFID or NFC as the proximity token, among other concepts.

Re:What an idiot

[sudon't]

So not only could he not secure his black site, he couldn't even secure the files on his own laptop.
It makes you wonder how he ever got it running in the first place.

Well, that's a big part of his defense: "How could someone so stupid be the kingpin and mastermind the government is making him out to be?" I'm starting to believe it myself.

Re:What an idiot

[sudon't]

That's why you also encrypt sensitive files separately.

This.

Re:What an idiot

[chispito]

Yeah they had two agents get into a fight right behind him and when he jumped up to see what was going on (just like anyone would do) another agent snatched the laptop and started the task of getting evidence off it and mirroring the drive's contents.

The FBI is often really fucking good at what they do.

Raise your hand if you immediately started thinking about how you would mitigate this. Voice commands? Bluetooth remote in your watch?

Re:What an idiot

[Bill+Hayden]

How about a dead-man's switch, like the ones worn when you drive a WaveRunner or SnowMobile? It might be a physical lanyard, or a more modern approach could be Bluetooth based. When the BT dongle/wristband/whatever that you are wearing gets more than the range of Bluetooth away from the laptop, it auto-locks.

Re:What an idiot

[KingMotley]

Sort of like windows-L?

Too bad he wasn't running windows. Linux is so insecure.

Re:What an idiot

Bluetooth based on phone proximity - pretty trivial, hard-drive wipe if logged on and phone moves out of range without local (keyboard) intervention. Job done.

Re:What an idiot

What I would do is have a process running that monitors input from the microphone on the laptop. If goons come and grab me before I can close it, I shout a specific phrase which would cause the laptop to shut down.

Re:What an idiot

[kylemonger]

The simplest strategy would have been to have already moved to a non-extradition country. He'd already racked up tens of millions of dollars in profits! What was he waiting for?

Re: What an idiot

Or like, don't log in as root

Re:What an idiot

[Thud457]

ob. Bloom County

Re:What an idiot

So not only could he not secure his black site, he couldn't even secure the files on his own laptop.
It makes you wonder how he ever got it running in the first place.

Well, that's a big part of his defense: "How could someone so stupid be the kingpin and mastermind the government is making him out to be?" I'm starting to believe it myself.

His defense is even better:

"I'm not the real Dread Pirate Roberts."

FTFA:

But the defense has now suggested that Ulbricht created the site as an "economic experiment" and passed control of it, and the Dread Pirate Roberts name on to someone else. In other words, Ulbricht had no control of it when the site was at its most nefarious, and he's merely a fall guy for the real Dread Pirate Roberts, his defense team said.

Next thing, Ulbricht will suggest looking in Patagonia.

Re:What an idiot

Not caring about what is happening behind you..

Re:What an idiot

Yea- I'm amazed that he didn't pull the switch to disconnect power. ANY event that causes one to jump should cause one to grab as well in the case one is involved in risky behaviours such s this.

Re:What an idiot

[DrXym]

Perhaps that, in itself, is compelling evidence that he didn't.

"Your honour, the defence submits that the fact that an entire room of people saw the accused stab the victim and state he was glad he did it, proves conclusively that he didn't. There is so much compelling evidence against our client that it is actually evidence of his innocence. And with that the defence rests."

Doesn't exactly work.

Re:What an idiot

[DrXym]

The most likely diagnosis is the Dunning-Kruger effect. He thought himself smarter than he actually was. Add to that the fact he was running a market in illegal goods (drugs, weapons, hitmen etc.) which tends to make law enforcement throw lots of manpower at finding out who the perpetrator is and the determination to take them down.

Re:What an idiot

[Rinikusu]

And finally, once the FBI is there, knocking down your door (metaphorically speaking), you're pretty much fucked. The investigation that led them to you is probably more than enough to indict you and probably get the conviction, and refusing to turn over your keys once they already have you pinned down will be viewed as contempt of court and you'll sit in prison for a long damned time without a trial. This is why, from what I can tell, the defense is mainly focused on the procedure/evidence that led the FBI to him (poisoning the well) since if they can't give a good accounting for how they connected him to the SR, then all that evidence is for nothing if they used illegal techniques to get it.

Re:What an idiot

[DrXym]

Well obviously, but the smart perp would think of that situation. They would use encrypted drives. They would use shadow volumes. They would disable logging, or archive and encrypt them or routinely permanently erase them as a matter of habit. They would use virtual machines that didn't preserve state. They would route their activity through encrypted proxies in as many jurisdictions as humanly possible. They would situate their servers or computers with several locked doors between them and the outside. They'd have power switches within easy reach if the cops bust in. If they were super duper paranoid they'd even have the disks dangling above strong degaussing devices as a last resort. Preferably they'd be as far as way as possible from the United States when they did all this.

Re:What an idiot

[Cajun+Hell]

If that worked, then it would work for every "criminal mastermind" ever prosecuted.

"You say I hatched this ingenious plan! But if I were that clever, you never would have caught me!"

Re:What an idiot

[K.+S.+Kyosuke]

Hidden wirelessly attached storage?

Re:What an idiot

In SF? No.

Re:What an idiot

[FlyHelicopters]

People DO all that, they are just not caught... We're hearing about this guy because he didn't and was caught.

Or do you think the FBI catches everyone?

Re:What an idiot

[FlyHelicopters]

Why in the name of royal fuckery would anyone operate such a machine in a public library?

Thank you for saying what I was thinking...

Re:What an idiot

[Dan+East]

A skilled hacker / engineer could create a system for under $40 that would circumvent this.

Use two microcontrollers (a raspberry pi would be overkill - I'd use a $10 STM32 Nucleo board), one hidden somewhere in your house that has a small coil around a power line which introduces a signal into the power wires, and another in the case of the PC that monitors the signal generated by the first microcontroller. As soon as the device inside the PC detected loss of the signal it could then shut the PC down. Or trip a relay connected to a servo that allows acid to flow into the HDD. It could also have light sensors (covering the largest spectrum possible) to detect the case opening, which would also trigger the destruct mechanism. It would be powered by 4 AA batteries when external power is removed. I would also add a trivial voltage divider circuit to an ADC line on the microcontroller to monitor battery power, and if it got down close to 5V it would destroy the device.

There are dozens of things you could do along those lines. Place a magnet in whatever the PC is setting on and then have a magnetometer sensor in the buttom of the case connected to the microcontroller. If the PC is moved then it destroys the media. Etc, etc.

Re:What an idiot

[Vintermann]

Ah, the old "I wouldn't be that stupid, would I? So someone must be framing me" defense.

Re:What an idiot

Rube is that you?

Re:What an idiot

Already exists in the Bluetooth form, they used to sell it on Thinkgeek a few years back. The software was horrible though. I image somebody else has made a go at this since then. Its useful for at work, so you can just walk away from your PC and it would lock the screen. You could have shutdown or whatever too.

Re:What an idiot

[Ralph+Wiggam]

Prior to that, the FBI took control of a forum mod's account. They asked "dread" in chat to look into something on the site that required him to log in as an admin. When they grabbed his laptop, a window with him logged into the site admin account was open. That's pretty damning evidence even without the journal.

Re:What an idiot

Who else would be running a site like Silk Road? Non-psycopaths would never bother running a site like that as it's a huge risk of getting caught. Eventually the IRS or somebody starts to look into where the money is coming from and either can't find a legal source or finds the source to be Silk Road.

A psycopath OTOH, wouldn't be concerned with that as nobody is smart enough to catch them, even if they leave a huge trail of breadcrumbs.

Re:What an idiot

[ganjadude]

I was not sure if something were posted somewhere I missed was all

Re:What an idiot

[AchilleTalon]

Exactly, there is ton of things that can be done to wipe out the memory and shutdown an encrypted drive even without destructing the data or even without shutting down the system.

Re:What an idiot

That is what happened with that Linux guy who murdered his wife and thought nobody could catch him.

Re:What an idiot

[ShanghaiBill]

why would you assume he is a psychopath?

He allegedly hired hit men to kill competitors and ex-employees.
So he is at least as psychopathic as other CEOs, and maybe even as bad as a Wall Street banker.

Re:What an idiot

Or just a mandatory lock-screen. No activity time-out, just a semi-random time interval between locks and it wipes RAM after X minutes of being locked. If you aren't sitting there to immediately unlock it, chances are you won't lose much work if RAM gets wiped anyway.

Re:What an idiot

Gee, you claim you are that smart, yet you are too stupid to know that just the destruction of evidence can carry a 20 year sentence, and, in addition, the court can instruct the jury to assume that the evidence that was destroyed showed exactly what the prosecution says it shows. Genius.

Re:What an idiot

[AchilleTalon]

Not if they keep you on-site while collecting the evidence. The Bluetooth range is pretty long enough to keep you out of reach of the laptop while mirroring the drives.

Re:What an idiot

[wiredlogic]

Basic OpSec would insist that you keep the incriminating stuff locked in a separate container that you only open when needed and with a low inactivity timeout to demount it when you forget.

Re:What an idiot

Many years ago I knew kid in school who took an onion, wrote his first name on it and threw it at a Korean teacher who always reeked of onions. She didn't see him do it, but she did see the name written on the onion. When he was summoned to the dean's office, they asked him why he did it. His response was "What do you mean? I didn't do anything." and when asked why his name was written on the onion he said "Do you really think I'd be stupid enough to write my name on an onion and throw it at you?".

They let him go with no punishment.

Re:What an idiot

[CaptainDork]

No.

Evidence is an attribute that that exists only after criteria are met. I can destroy my hard drive today and be charged with a crime tomorrow. When the authorities realize what I have done, there's nothing they can do. The hard drive only becomes evidence after probable cause has been established and a warrant has been issued and I am made aware that my hard drive is evidence.

There are exceptions, but not as relates to this matter.

... the court can instruct the jury to assume that the evidence that was destroyed showed exactly what the prosecution says it shows ...

You are an asshat and what pisses me off is that you know damn well that you are making a false statement.

So fuck you very much.

Re:What an idiot

[rtb61]

Who is kidding who. When a whole bunch of skilled people are specifically focused on getting evidence of criminal actions you have committed they will get you, if they do not make any mistakes and there is nothing you can do to prevent it. The idea is not to make so many mistakes that a whole bunch of skilled people become specifically focused upon you because by then it is way too late already. Of course once you get neck deep in criminal activity and when greed becomes you sole guiding motivation. The ego driven stupidity that comes with that ensures once they have you scent they will track you down and get the evidence they need to prosecute.

Re:What an idiot

[hoggoth]

Feds: "Grab him!"
Ross: "Beetlejuice!"
Librarian: "Shhhhhh!"
Feds "Cover his mouth quick!"
Ross: Beetlejuice!"
Feds drag Ross away with his mouth covered...

Fed1: "What was that about?"
Fed2: "It was some sort of codeword"
Fed1: "What do you mean?"
Fed2: "When he yelled Beetlejuice it activated a..."
Both: "Oh shit..."

Re:What an idiot

[complete+loony]

Kill two birds, disguise an NFC chip or similar on yourself. Use that to maintain your session, so whenever you and your computer are separated, your session and encrypted files are locked.

Re:What an idiot

Here is the law. What part of the law supports your position?

Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.

Nothing in there about being charged or having probable cause. And if you think anyone will buy your explanation that you weren't attempting to destroy evidence with your little bomb you are an even bigger idiot than it originally appeared.

Re:What an idiot

[allfieldsrequired]

Mblockquote> Why in the name of royal fuckery would anyone operate such a machine in a public library?

Perceived anonymous Internet access

Re:What an idiot

Just as likely we don't hear about them because they tripped over the power cable or accidentally activated the dead man switch or just forgot their super secure password and lost all their files before they even could launch.

Re:What an idiot

It's not as unusual as you think, Fujitsu has shown that computer savvy users are at greatest risk of information leaks... let me find teh link for you...

Re:What an idiot

I'd be concerned to if a naughty ghost showed up and started causing problems too.

Re:What an idiot

committing crimes in the belief that rules don't apply to you, and your needs are important, and other people's needs don't exist i.e. are not considered are actually the exact traits that put one on the narcissist-psychopathy spectrum, so it's not a bad assumption at all. Many many criminals fit this pattern.

Re:What an idiot

good idea till you are not a suspect but you wipe out all your records just the same for any of dozens of reasons you didn't anticipate, trip over power cord, blackout, etc.

you go wrong in your first sentence when you claim that a raspberry pi is overkill on the basis of cost for your millions of dollars drug dealing business.

Re:What an idiot

The trick is to sit with your back to the wall so people cannot sneak up on you. Therefore you are free to power off / disable your laptop at will.

Re:What an idiot

The fact that something was going on behind him shows he was sat out in the open where his screen could be viewed by anyone passing. He is an idiot.

Re:What an idiot

Funny, my Linux computer locks with windows-L too. The key works just fine even if the logo doesn't match the OS.

Re:What an idiot

[citizenr]

https://www.youtube.com/watch?...

there are rfid rings/bracelets that do this already

Re:What an idiot

[JonathanR]

I think you're really talking about a narcissism.

Re:What an idiot

[JonathanR]

Including all those who inadvertently exceed the speed limit.

Re:What an idiot

[JonathanR]

Knowing that there's an investigation is the key part; Viz. ...or influence the investigation or proper administration... If you pre-emtively design a self-destruct system, you've no knowledge of an investigation.

Re:What an idiot

[Ralph+Wiggam]

He admits to creating the site originally, but claims he sold it or gave it away before any drugs were sold. So he can't be *that* dumb.

Re:What an idiot

> that Linux guy who murdered his wife and thought nobody could catch him.

Well, from his perspective she was merely Lost & Found. ;-)

Re:What an idiot

[CaptainDork]

... knowingly ...

Those support my position.

Re:What an idiot

In the original scenario, the bad guy is in a public library when the feds show up. So that's pretty clear cut.

I'm not convinced that "knowingly" applies to an investigation, and not just to "alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object".

If you are a criminal and therefore have a good reason to believe you might be investigated, building such a device is obviously intentionally impeding an investigation that you anticipate may happen. To me, the word "knowingly" there is there to get you off the hook if you unintentionally destroy evidence, or if the intent was something other than to keep the evidence from being found by (real or imagined) investigators.

Re:What an idiot

Lock the machine before jumping up?

Re:What an idiot

[Gumbercules!!]

According to a referenced article on the link above, he got a lot of help from a Comp Sci friend, in setting up the site - but the guy doing it wasn't fully involved - just giving bits of code and advice. So it's conceivable he knew enough and had enough help to get the site running - but didn't think through all the elements of what he was doing, properly.

It seems he told his GF, who later broke up with him and told her friends... one of whom posted on his Facebook page: "I’m sure the authorities would be interested in your drug-running site". http://motherboard.vice.com/re...

Re:What an idiot

Narcissism is often a sign of psychopathy.

Re:What an idiot

[Intrepid+imaginaut]

Well that's half of facebook fucked.

Re:What an idiot

So not only could he not secure his black site, he couldn't even secure the files on his own laptop.

He was living in San Francisco. Once the feds identified his person and location is was only a matter of time before he was taken down, no matter how good the security on his laptop was. They had him on round the clock surveillance, both on and offline, and they arranged to move in on him at his weakest moment when his laptop was open, logged in and all of the files open. In effect, they walked into that library and caught him with his pants down and his dick in his hand.

Re:What an idiot

[Paradise+Pete]

The simplest strategy would have been to have already moved to a non-extradition country. He'd already racked up tens of millions of dollars in profits! What was he waiting for?

Another good strategy would be to just stop doing it. Taking a big risk when you don't have money is much different from taking it when you do. He had enough to be comfortable for the rest for his life. Why risk that? You've already won whatever game you think you're playing.

Re:What an idiot

webservers and stuff, not oemntion the complexities of PHP :P...and with his personal email. :) Ok, so this probably applies to idiots and ignorant ppl alone. Move along, nothing new to see here. FBI, NSA: i'm truly sorry this is just within your reach! Ie not very advanced. I'm feel very dumb for thinking you guys actually had any real skills, besides lying to citizens and selectivly interpet laws based onj what suits you the best. Watching you dumb fucks go back and forth really hurts my brain. Do us all favour quit your jobs and go into retirement, somewhere you can edibles. You do that, i will give my encryption keys no contest, well worth your troubles, not to mention get rid of you lot.:) I'm ashamed to be white after all the shit we've done to indigenous ppl over the years.

Re:What an idiot

My completely free network setup can piggy back on GSM/3g/4g/wifi/usb in such a way that operator cannot have the sim enable microphone, allow acccess , use baseband, without being to twart, detect stop it and have fun with them. and it gives the NSA a run for it's money too, while exposing their tactics. The only thign that cost anyhting .. uh the handsets :) and those u can for virtually nothing. The moral is do not rust a device dependent on sim/smart card/simliar you do not have full access to them period. and even then. due ot the way pki works CA chains too... err just remove their fucknig keys lol. Understand this: whent he governent corporations label a consumer device secure that means THEY have all the access they need whenever they need. not you. they got busted 3 times this week doing this shit breaking that holy law of theirs they swore uphold, except went htey don't like it, that's just tragic comedy with a denial going around. These people are government AGENTS - they need instruction on going to the fucking bathroom, they default to shoot ppl with lethal weapons when obviously nonlethal weapons are much better. these are the ppl who think in mandator backdoor in all crypto sw/hw is a smart idea. still. these people are not here to protect you, but to protect the status quo. NSA employees continues to abuse their spy tech to spy on love interests lol. Nobody outside the usa believes anything you say anymore. you lust that trust and you gotta fucking earn it back like everyone else has to when they fuck up.

nsafbiwargames@mailinator.com. i would love for you test it. i bet you can figure it out.

all this said: thank you fbi for taking scum bag murderer out of circulation. i mean that. you should do that more often. instead of busting ppl doing drugs and shit.

PS: care to explain the USA has medical marijuana patent it's when they assert that it has no medical use?! oh shit, i think hear the double standard engine rawring up. :) i
P.P.S: a big MASSIVE fuck you to mudge(and pr horny "white hats" (read narcissistic egocentric ignorant geeks) and the rest of the l0pth heavy industries for teaching these fucking savages how computers work. i truly hope you guys have miserable ends to your careers for being basically the architect the current state of their surveilence capabilities. i hope you all go to for violating trust and sanctity the us public and the rest of hte world put in you.
I wish that the NSA might once have served a good purpose, but the insane access you ignorant government hacks want us to blindly give a bunch of perfect strangers like yourself with evidently doobious history. it's just beyond insane, and if you don't see that, you have been in power too long. don't worry tho, most of don't give a flying fuck about any of you amateurs, or wether or not you breathe at all. it's agencies like yours that put the world into a perpetuals tate of fucking fucked up entropy. i see mr putin PR gguy uses this techique to keep polical competitors in a constant state of confusion.

is a PICTURE dawning?. also: yeh, lot's of typos and i care exactly enough about you folks to correct none.

Thank you, that rant felt amazing,. upon reading this maybe just maybe you can use two braincells and figure out that this is how insane you appear in your needs and demands on access to our innerselves and hte sanctiy of that privacy. was the famous american who said that we should never offer our liberties for temporary security? So why the fuck do you keep pushing it then?

Re:What an idiot

you call destruction of evidence, others might call it self preservation. My mother raised me not to accept candy from strangers why pn earth would i let this rotten bag of bad apples into my personal life You want accsss, come ask me and pay me for using up my with your sillyness, too. cyrazy fucking world. I'm looking at you barack obama. i really belived in you, boy have you let us all down on that front. remidns me a bit of facism actually.. franco would be proud of you ppl.

Re:What an idiot

only if you are really dumb and ignorant with what you do. the fact that the vast majority of people will never ever bee on the end of search warrant for their phones. However. why would store any data on a phone aynhow. You do understand the full duisk encryptions STOP NOBODY in the govt or right resources from access your phone, again, why would you even react like that as if that ok. the fact is most ppl are too ignorant to read about how things actually work. I would welcome the chance to test my gear a well armed arsenal of digital us agency, in a friendly match. really i would. i bet you miss the simples back int he 60s and 70s or w/e whne nobody was onto your kleptography game. mostly nobody. you jsut makign bvasically everoyne insecure to put this fucked up backdoor that eaks the entire state in like 32 bytes.. jesus.

Re:What an idiot

if the FBI are so amazing, how come their orignal job desciption was to check in with the sex workers int he brothels only? not to mention j edgar hoover being a corrupt fuck or letting this joke harry j anslinger spread his fuckign ignorant racism under the guise of protecting us from drugs. i don't need your protection from drugs, most drug users never develop addiction. serious drug addiction is a VERY RARE THING. all you guys do isput ppls lives in jeopardy in that regard.
Of the two deaths in my family from drugs, one was cigarets the other was alcohol. FUCK OFF.

Re:What an idiot

Hmmm, and I thought psycopaths were supposed to often be kinda smart. Guess not, or maybe there are psycopaths all around the smarness scale. So the smart ones don't get caught, and the stupid ones give them all a bad rep.

Re:What an idiot

Why would I need $40? For nachos and Dr.Pepper? I'd have to be pretty fast drinker to down more than one or two bottles before I'd have completed my "wire the powerswitch throuh another switch that my wrists sit on". Grab the computer and it shuts down. Unless you know about the device, which you don't. If I wanted to be serious about it I could create a super low power bluetooth device with the range of only couple of feet, and rig the system so when it doesn't get the ping reply from that it shuts down. Wear it like a watch.

Re:What an idiot

That's why you don't store anything sensitive on the disk, it should be encrypted on a remote server.

Re:What an idiot

Reiser was not a psychopath and probably not under the impression that he wouldn't get caught. It was in part the fear of being caught that led him to make some dumb mistakes that led to his conviction.

I say ‘dumb mistakes’ but I doubt any of us would have held up better if we suddenly snapped and murdered someone and then had to deal with it.

Re:What an idiot

I was just watching a video on security where the USB ID was added to one of the Linux Distributions to detect this and immediately lock the computer when it is plugged in. I don't remember if it was a Defcon 22 or other security conference video.

Anybody remember which distribution of Linux locks when this is plugged in?

Re:What an idiot

[Vintermann]

Achievement unlocked: Batman gambit.

Re:What an idiot

Be paranoid enough to lock your computer any time you aren't touching the keyboard/mouse?

Re:What an idiot

[meta-monkey]

I mean, I encrypt my journal, in which I write about what movies I saw recently and the progress of people I tutor in math. And this guy doesn't encrypt the record of his illegal activities? What the hell man?!

Re:What an idiot

[meta-monkey]

But you still haven't addressed the question of how it makes sense that Chewbacca, a Wookiee from Kashyyyk, lives on Endor. That's grounds for acquittal right there.

Re:What an idiot

[Ralph+Wiggam]

Lay off the meth, homey.

Re:What an idiot

[rochrist]

This. The FBI has a lot of very skilled people working on cyber crime. You're kidding yourself if you think otherwise.

Re:What an idiot

[rtb61]

I specifically mentioned no organisation as this is a global issue and that globally, yes, investigatory agencies do have very skilled people working for them and I thought I was pretty clear on that. Note, those same agencies just by the application of statistics also get very low skilled people working for them. Some agencies are even stupid enough to use lie detectors, which ensure those most skilled at lying ie psychopaths still get hired and they are far more interested in pursuing their own ego and their ability to abuse power than they are in justice. So the majority of investigations are done well but also some investigations are completely botched up by incompetent people out of their depth or by those pursuing their own ego ahead of justice. Inevitably they seek to twist evidence to make up for the incorrect original guesses to which they become administratively bound as a result of the agencies resources they have expended and this ultimately fails to the shame and dishonour of all those involve, this as exemplified by abusive and corrupt plea bargain arrangements. You are kidding yourself if you think all investigatory officers are equal and in fact, some are so bad not only should they not be on the job, they should also be investigated and prosecuted for the criminal misconduct.

Re:What an idiot

Sorry, if you are capable of murdering someone, especially your own wife, then you are a psychopath. He felt absolutely zero remorse and even tried to represent himself in court.

Re:What an idiot

Full disk encryption is great, but assumes that you won't have unlocked it for the attacker.
Yep the one big flaw in full disk encryption. If its on it is unencrypted. Hack it or Login the data is there for your picking.

Re:What an idiot

That's pretty damning evidence even without the journal.

True but keeping a journal of a crimminal activity that is just plain stupid.

Re:What an idiot

[Ralph+Wiggam]

Absolutely. My point is that all of Ulbricht's lawyer's claims and theories are completely destroyed by the evidence the FBI collected.

Re:What an idiot

[rdnetto]

That would be injecting noise on to the power lines, which means either it screws with the rest of the grid, or it's small enough that other devices could swamp it with noise. There's been some interesting work done on hiding signals below the noise floor using frequency hopping, but that's excessively complex.

Re:What an idiot

Whoa, whoa, no, he allegedly attempted to hire a hitman to deal with a guy who was threatening to blackmail multiple people involved in the site for millions of dollars.

While it's not exactly ethical behavior, the hitman hiring sounds a lot more like a desperate person backed into a corner than a psychopath carefully "dealing with" the competition.

Re:What an idiot

Yes, there's some overlap to that particular venn diagram.

Re:What an idiot

Why you would have your old journal, which is not likely to be updated hourly, unlocked for the attacker?

How can people be so clueless about full disk encryption and its limitations? Yes, it's nice to have, but it's never enough by itself. In addition to the full disk encryption that protects your OS and applications, you should have one or several encrypted containers containing your actual sensitive files. When you are not using these sensitive files, you should always unmount containers.

Mental note:

[JWSmythe]

Mental note: When establishing a questionably legal site for definitely illegal transactions to be made through, don't keep any logs about it, nor your conversations regarding it.

Re:Mental note:

[slew]

Mental note: When establishing a questionably legal site for definitely illegal transactions to be made through, don't keep any logs about it, nor your conversations regarding it.

Observation: if you have a big enough ego to think you can create such a questionable site and get away with it, you have probably can't stop yourself from feeling invincible in whatever you do and dismiss any possibility that your logs will get compromised *ever*. Conversely, if have enough doubt about the eventual security of your logs in the event you might eventually get caught, you probably don't have the balls to go through with it in the first place...

Re:Mental note:

[OzPeter]

Mental note: When establishing a questionably legal site for definitely illegal transactions to be made through, don't keep any logs about it, nor your conversations regarding it.

The first rule of Questionably Legal Site is . . . [fill in the blanks]

Re:Mental note:

Mental note: JWSmythe does not have anything to deal with the feds with. implicate him and walk away knowing he doesn't have anything to prove innocence.

Re:Mental note:

[H0p313ss]

Also "if you have a big enough ego to think you can create such a questionable site and get away with it" you're probably wrong.

Re:Mental note:

[rogoshen1]

i know if i were trying someone, and wanted them to appear as a criminal mastermind, a self penned manifesto/journal would be an incredibly convenient piece of evidence. Perfectly convenient, it could turn a technically challenging case into a total slam dunk.

Fortune favors the feds in such situations it seems.

Re: Mental note:

I keep seeing things like "don't save logs of conversations" but you do realize it doesn't matter if you save logs or not if the person you're chatting to is a fed..

All they have to do is match up your computer with the one they think is in the logs and it's a wrap.

Re:Mental note:

don't get Edward Norton to work on it, because he has some serious psychological issues?

Re:Mental note:

I'm not convinced of that in all cases, but generally speaking, would agree about this tending to be true most of the time. You do have to be unusually paranoid if your taking these types of risks and want to reduce the risk factor.

It seems other actions taken he took were the more risky ones though. If he was paranoid he should have have a very good test setup to monitor network traffic and ensure nothing was leaking. That would have distanced him from identification, but had it not the last thing he should have done is worked from a library.

The problem today is there are potentially ways to monitor a suspect without gaining access to the suspects laptop. That in and of itself may be sufficient for a prosecutor to gain a conviction. As such the trick is ensuring they never get that close in the first place.

Re:Mental note:

[CBravo]

I almost read s/Norton/Snowden/ and then I read after the comma.

Re:Mental note:

[tlhIngan]

Mental note: When establishing a questionably legal site for definitely illegal transactions to be made through, don't keep any logs about it, nor your conversations regarding it.

Problem is, without the logs, no one would believe you!.

And by that, I mean when you eventually come around to wanting to brag about your achievements - without evidence that you actually did it, no one would believe you, and everyone thinks you're just trying to satisfy some ego thing.

Yes, that's how a lot of people get caught - they got away with it, but then their bragging gives them away to authorities.

And yet, it's human nature to want to brag about the achievement. After all, what's the point of doing something "amazing" when you can't brag about it afterwards?

Re:Mental note:

[catmistake]

I think you're missing the point of /.ers coming up with possible solutions. These aren't criminal minds sharing how to do crime. They're compulsive puzzle solvers, and there is no puzzle greater than, no solution more elusive than defeating the well-run FBI investigation. Perhaps they really want to help the FBI be even more effective and irresistable. This pursuit is no different than penetration testing, nor the ability of the logical and clever to come up with solutions for problems in fields which they have absolutely no experience or insight. Let them look for that whistle in their box of cereal, and lets not attempt to disway from nor even verbally punish for hypothetical crime. On second thought, naw, I changed my mind. Stop thinking about that right now!

Re:Mental note:

"disway"?

Re:Mental note:

[JWSmythe]

I'm the wrong one to implicate. Your diversion will be a bit too transparent. You may as well hang a neon sign in your front window saying "IT'S ME!"

At best, someone will show up to my door with doughnuts, and we'll have a good laugh over it.

Re: Mental note:

[JWSmythe]

That's farther down the list. "Don't implicate yourself, even to your friends" :)

Re:Mental note:

..Do it somewhere where the law is mostly on your side. If it's a nice northern welfare state all the better, because jail time isn't that bad there. (piratebay)

Encryption, motherfucker, do you speak it?

See subject. Did someone want to be found out?

Re:Encryption, motherfucker, do you speak it?

It was obvious he did not understand the encryption.

  On the seller side of the site there was a place to put your pgp public key. That way customers could grab it and encrypt there communication to you. I never understood why he did not configure the site to auto encrypt all messages to you with your public key. That way all the seller/buyer communications, stored on the system, would have been secured. I even submitted it to SR and got no response.

That was when I decided to move on and stop selling on the site.

Re:Encryption, motherfucker, do you speak it?

[grnbrg]

It was encrypted. And seized while he was logged in and active.

Initial analysis was done before the laptop was allowed to shut down.

The feds may be cavalier about laws, but it's a mistake to think they are stupid.

Re: Encryption, motherfucker, do you speak it?

You realize anonymous doesn't apply to the Slashdot admins right?

Journal?

Isn't it the first thing they teach you in Criminal 101: Don't keep a journal!

Re:Journal?

[Dutchmaan]

No, the very first lesson of Criminal 101 is always operate under the assumption that you will be caught.

Re:Journal?

[Marginal+Coward]

Isn't it the first thing they teach you in Criminal 101: Don't keep a journal!

It just shows what happens when you take drugs: you end up losing interest in your education and dropping out, just before you get to the part of your Criminal 101 class that you really needed. Here's the transcript:

Dear Diary,

Criminal 101 class was really, really, boring today. I don't know how much longer I can take it. We learned about a bunch of junk about how not to leave fingerprints and how to wipe a hard drive. Duh - everybody knows that. When are we gonna learn something really useful?... I think I'll just drop out.

your friend,

Ross

Re:Journal?

[DarkOx]

Yea, but know all the folks actually majoring in Crime, just copy their answers off the Criminology major in the front of the room who is just taking class as an elective. The Crime students never do the reading...

Re:Journal?

[Rashdot]

Dear Diary,

Today I learned that I'm not so bricht after all and changed my name accordingly.

your friend,

Ross Ul

Re:Journal?

[Dutchmaan]

Yea, but know all the folks actually majoring in Crime, just copy their answers off the Criminology major in the front of the room who is just taking class as an elective. The Crime students never do the reading...

Which is why they're the ones who get caught! ;)

lets not jump to any hasty conclusions.

[nimbius]

I mean, I work in tech support and im sure ive added comments to at least two or three tickets about how "everyone knows too much" Or maybe he was a wikipedia moderator?

Missing the point.

[B5_geek]

While a lot of people are jumping on the "..it wasn't encrypted.." "..FBI grabbed it while he was logged in.."
You are missing the point.
Step 1) NEVER carry incriminating evidence with you. Encrypted or not.
2) use a VPN/SSH Tunnel/etc (and/or both) to connect to the server where your data is. (make sure that server is located in a non-extraditing country, and filtered from you by a few shell companies)
3) keep an absurdly low 'idle-timeout' on your ssh sessions
4) use a dead-mans switch on that servers encrypted data
(i.e. run command "I_am_not_in_jail_yet.sh" every 15minutes.) {be more vague then this*}
5) ALWAYS assume that your local system is compromised. (boot/run from a read-only media)
6) don't brag about it! If more then 1 person knows; then your secret is not safe.

Re:Missing the point.

[Celarent+Darii]

Like in C, the winning sequence starts with a 0:

Step 0) Don't do any criminal activity.

That's it, there are no more steps (not even profit!). So much can be avoided by following step 0 first.

Re:Missing the point.

[vux984]

You are missing the point.

No. You are. You can't have perfect security.

With the exception of point 5 and 6, which are simply just good advice (but #5 wouldn't have helped him here; and #6 makes it difficult to provide a criminal service -- after all someone else needs to know about it.)

All your suggestions have caveats and vulnerabilities. I'm picking on 1 and 4 in particular below, but there are issues with 2, 3, 5 too.

Step 1) NEVER carry incriminating evidence with you. Encrypted or not.

Good advice, but how exactly do you accomplish this? Either your data is somewhere with you. Or you have remote access to it, and there will be evidence that you do in fact have remote access to it if they seize your laptop WHILE YOU ARE USING IT to remotely access it.

Plus if YOU have remote access to it, then so does somebody else; if they can somehow convince the remote system they are you; or if there is some unpatched exploit they know about that you don't. (And you should assume there IS.)

After all what is it they say about stuff you don't EVER want leaked online? Oh right... DON'T PUT IT ONLINE. That runs directly counter to your advice to "always put it online".

You can't have it both ways.

4) use a dead-mans switch on that servers encrypted data

And then if the internet goes down due to a storm, beaver, or backhoe somewhere; all your records are gone and your now out of business. No idea who you owe what, or what people owe you; or where any of your assets and contacts nor how to reach them...Oh yeah. That's a great plan.

2) use a VPN/SSH Tunnel/etc (and/or both) to connect to the server where your data is. (make sure that server is located in a non-extraditing country, and filtered from you by a few shell companies)

If they have enough network surveillance at their disposal in place to unmask tor users, a couple VPNs and shell corporations isn't going to work. It might work to keep boris and igor from being able to find you. But I wouldn't rely on it to keep the FBI at bay if they are genuinely interested in shutting you down; and you live in the states.

Re:Missing the point.

[ArsonSmith]

How many crimes do you commit before breakfast?

You might be surprised.

Re:Missing the point.

[reikae]

Technically correct, but do you not consider some laws unworthy of respect? Outside the area of drug and gun laws for example (AFAIK) anal and oral sex were criminal in many parts of the US as recently as twelve years ago.

Re:Missing the point.

[Fwipp]

None.

That's rule number 1 of crimes - never ever commit a crime before breakfast. Without the clear head that comes from getting a healthy start to the day, you'll get caught for sure.

Re:Missing the point.

[master5o1]

Ok my morning routine:

1. Wake up.
2. Murder my neighbour.
3. Have a shower.
4. Have breakfast.

See, nothing illegal there.

Re:Missing the point.

Step 0) Don't do any criminal activity.

Unless:

- you have a badge
- you can grant yourself retroactive immunity
- OMG the Democrats might win
- you can rely on the fact your successor will pardon you
- you can rely on the fact your successor will not prosecute you
- you are not "criminal at heart"
- overthrowing a foreign leader is deemed in your short-term interests
- you are after oil
- you need untraceable funds for black operations (therefore, order the CIA to obstruct FBI investigations
    of money laundering in Mexico)

FTFY.

Are you fucking stupid?

The "authorities" engage in criminal activity ALL THE TIME.

Even AGAINST EACH OTHER when it suits them / when they have been ordered to.

"Criminal activity" is little more than "who does it" and "who it pisses off" and "who's bank account is affected"

Jesus fucking christ!

Do you have any idea how ridiculous you sound?

Re:Missing the point.

Showering naked is a crime in Florida. I'm keeping my eyes on you mister.

Having a journal was the smartest thing he did

[SuperKendall]

Isn't it the first thing they teach you in Criminal 101: Don't keep a journal!

Possibly, but in Criminal 504 (Profiting in the Long Term) they teach you KEEP a journal so you can write a fully revealing book later.

He may go to jail for a bit, but he can profit afterward - just hope he had the journal backed up somewhere they could not reach it.

Re:Having a journal was the smartest thing he did

He may go to jail for a bit.

That is understating it a bit.

Re:Having a journal was the smartest thing he did

Isn't it the first thing they teach you in Criminal 101: Don't keep a journal!

Possibly, but in Criminal 504 (Profiting in the Long Term) they teach you KEEP a journal so you can write a fully revealing book later.

He may go to jail for a bit, but he can profit afterward - just hope he had the journal backed up somewhere they could not reach it.

The journal was submitted as evidence... shouldn't it be a matter of public record therefore precluding the need for a backup?

Re:Having a journal was the smartest thing he did

Public records can be pretty expensive to access and copy.

Re:Having a journal was the smartest thing he did

[david_thornley]

Why would he have to provide evidence to verify the book? Don't lots of people write books that are only nominally non-fiction?

What happened to the hacking argument?

Did we ever find out how the government hacked the site? The last I remember their claim of leaking IP adresses was not credible.

Re:What happened to the hacking argument?

Not yet, but the way defense tried to prove their story was not credible is not credible itself.

Basically, they point to nginx.conf from that server that said:

http {
        server {
                # snip
                location / {
                        # snipped some options
                        allow 123.45.67.89;
                        allow 127.0.0.1;
                        deny all;
                        # snip some more
                }
                location ~ \.php$ {
                        # snip more options
                }
        }
}

At first glance it looks like "Set global options, including IP access rules, and then tweak them for PHP"

The way it actually interpreted by nginx is "Set some options for PHP, and then set other options for everything that's not matched by PHP rule". To actually inherit settings, you need to nest location {} blocks.

Also, he could've put access rules in global http {} block instead.

Also, he could've backed it up with firewall rules too.

TL;DR: DPR is a fucking nincompoop who doesn't RTFM and pushes configs into production without testing them in staging.

Geeks in particular tend to forget this

[Sycraft-fu]

The FBI may not be all up to date on the latest technologies and they aren't great at dealing with things purely in the digital world. However they are one of, if not the best investigative organizations in the world. They have a lot of experience investigating crimes of all kinds, often committed by experienced criminal organizations that are quite clever.

So there's a good chance if they are interested in getting you, they will. They are quite literally professionals at it, and they institutionally learn from their experience. You very well may know a lot more about computers than they do, but they almost certainly know way more about criminal investigations than you do.

Re:Geeks in particular tend to forget this

[rochrist]

I don't know about that. Years and years (literally) someone hacked a linux system I had and was using to mess with other systems remotely, including some involved with the government. The FBI sent a woman who was /very/ smart about all things linux. I suspect they eventually caught that guy.

Oh Boy!

[PPH]

I hope they never examine all the stuff I've saved on my PC and posted on line.

-- Signed,
Walter Mitty.

Re:Oh Boy!

I hope they never examine all the stuff I've saved on my PC and posted on line.

-- Signed,
Walter Mitty.

THAT'S NOT FAIR.
THAT'S NOT FAIR AT ALL.
THERE WAS TIME NOW.
THERE WAS, WAS ALL THE TIME I NEEDED.
[sobbing] IT'S NOT FAIR.
IT'S NOT FAIR.

-- Henry Bemis

Note to self

[zeroryoko1974]

If I were going to create an underground illegal drug black market, don't keep a journal and detailed notes that can easily be recovered by investigators.

Tin Foil Hat Time

The problem with them gaining access to the open system is they can pretty much put whatever data they want onto it.

If he's guilty and the data they found within the laptop is genuine, great. Good job. . . I guess.

If he's not and they want him to be, it's dead simple once you have access to the open machine. One of the reasons you never give up your encryption keys is that without them, you KNOW what data is in the encrypted container. Once you hand over the keys, you have to work on the assumption the folks trying to prosecute you are going to follow the laws in doing so.

Which, as we tend to learn over time, isn't always the case.

Re: Tin Foil Hat Time

Ridiculous. If the defense fornhim is the government pit all that evidence on there then that is grasping at straws...

All they have to offer is that someone else was the dpr...well, the dpr that was using the laptop that was confiscated from ulbricht had copies of state ids for his staff...who was it? Where is the momey trail establishing transfer of ownership? What site was used to communkcate to the new owner?

To correlate the diary and thus everything else to ulbricht they could try to id the peole he talks about(gurls, friends....)

lol!!!! FBI really grapsing straws now

because he got complacent; he was going to write a book/movie; he wanted a place to keep track of his ideas about the site;...... he was logged in when they got him,.... he was not framed the gubmint.

"One folder on the laptop also included an application for a form of paid citizenship for the Caribbean island of Dominica, filled out with UlbrichtÃ(TM)s personal information, including his address, email, phone number and relativesÃ(TM) names."

I guess he should've quit and moved to "Patagonia" sooner.

Tin foil hats only help focus mind control rays

I'd assume Ulbricht would be at least a little bit surprised if prosecution just started quoting him on something he had no recollection of writing, dontcha think?

Anyways, prosecution could also plant physical evidence or just go for good old perjury if they felt like that, no need for fancy-schmancy high tech.

Hackers have one major flaw ...

[CaptainDork]

"Three can keep a secret, if two of them are dead."

~ Benjamin Franklin

Re: lol!!!! FBI really grapsing straws now

In the journal text he discusses telling his tory one day.

In the journal text he stated he grew mushrooms to sell(kilos of them), corroborated by his college buddy who got pinched.

He had a crapload of bitcoin that he authorized feds to auction and paperwork to buy a citizenship in a caribean island country...

Conspiracy nut, NEXT...

Re:lol!!!! FBI really grapsing straws now

Clearly he as the two of you seem to think he is.

He kept a journal

https://www.youtube.com/watch?v=pBdGOrcUEg8

Stringer: Nigga, is you taking notes on a criminal fucking conspiracy? What the fuck is you thinking?

/. has super helpful community

[Tranzistors]

Every time /. has news on someone, who has committed [cyber]crime, the comments read like from ask.slashdot.org article "I would like to set up a criminal enterprise online. Any helpful tips?"

As per all "ask /." articles, most comments are borderline manslplaining (meaning, author has no experience in the field, has idea what he is talking about, but somehow it makes sense in his head and he is happy to share it). As in all diverse communities, some try to suggest that this is a bad idea and shouldn't be attempted in the first place. Such suggestions are soon thwarted with detailed explanations, why it is [a good idea|ethical|for the common good].

This sort of entertainment is why I keep reading Shashdot. Keep up the good work.

Re:/. has super helpful community

[Tranzistors]

has no idea what he is talking about

Fixed that for me.

Re:/. has super helpful community

[spintriae]

Did you just mansplain mansplaining to me?

Re:/. has super helpful community

[Tranzistors]

Yes, indeed I did.

Right and wrong

[Sycraft-fu]

Right in that yes, they already have a lot of evidence, and are just working to seal the deal. They like to have everything in a row and an overwhelming amount of evidence before going to trial.

Wrong about the contempt thing. If you look it up in the US you find out that the courts have decided the 5th amendment applies to passwords. So you can keep your mouth shut and they can't compel you to hand over a password. If it is locked with something physical like a key fob or fingerprint, that you have to hand over. Basically if something is solely in your mind, they can't compel you to hand that over if it can be used against you.

Re:Right and wrong

[david_thornley]

Passwords and the Fifth Amendment aren't that simple. The courts have held that it's legal to require a password to reveal something known to be there. The main case was a guy whose laptop showed child pornography as he went through Customs. The Customs agent testified to it, and the courts ruled that he had to hand over the password. In this case, they'd have to know there were specific illegal records on the laptop to use that as a precedent.

One definite case is that, if the authorities know there's illegal stuff on a laptop, and don't know it's yours or that you know the password, requiring the password would be self-incrimination since it would link the suspect with evidence. In this case, the guy was working on the laptop, and so that wouldn't apply.

Not necessiarly

[Sycraft-fu]

He may well have been as smart as he thought (I'm not saying that is the case for sure, mind) but turns out others were smart enough, and more knowledgeable in the ways that mattered.

Hans Reiser is a good example. Man is unquestionably very smart. However, he had the geek hubris that I call SMFU, Smartest Motherfucker in the Universe syndrome. He figured he was so much smarter than everyone else, he could easily get away with his crime. Turns out that the police have some smart people too, and those people know a lot more about criminal investigation than he did.

Or just rig up a Cryptonomicon-style doorframe..

[caveat]

Cantrell is now drawing an elaborate diagram, and has even slowed down, almost to a stop, the better to draw it. It begins with a tall rectangle. Set within that is a parallelogram, the same size, but skewed a little bit downwards, and with a little circle drawn in the middle of one edge. Randy realizes he’s looking at a perspective view of a door-frame with its door hanging slightly ajar, the little circle being its knob. STEEL FRAME, Cantrell writes, hollow metal channels. Quick meandering scribbles suggest the matrix of wall surrounding it, and the floor underneath. Where the uprights of the doorframe are planted in the floor, Cantrell draws small, carefully foreshortened circles. Holes in the floor. Then he encircles the doorframe in a continuous hoop, beginning at one of those circles and climbing up one side of the doorframe, across the top, down the other side, through the other hole in the floor, and then horizontally beneath the door, then up through the first hole again, completing the loop. He draws one or two careful iterations of this and then numerous sloppy ones until the whole thing is surrounded in a vague, elongated tornado. Many turns of fine wire. Finally he draws two leads away from this huge door-sized coil and connects them to a sandwich of alternating long and short horizontal lines, which Randy recognizes as the symbol for a battery. The diagram is completed with a huge arrow drawn vigorously through the center of the doorway, like an airborne battering ram, labeled B which means a magnetic field. Ordo computer room door.

"Wow," Randy says. Cantrell has drawn a classic elementary-school electromagnet, the kind of thing young Randy made by winding a wire around a nail and hooking it up to a lantern battery. Except that this one is wound around the outside of a doorframe and, Randy guesses, hidden inside the walls and beneath the floor so that no one would know it was there unless they tore the building apart. Magnetic fields are the styli of the modern world, they are what writes bits onto disks, or wipes them away. The read/write heads of Tombstone’s hard drive are exactly the same thing, but a lot smaller. If they are fine-pointed draftsman’s pens, then what Cantrell’s drawn here is a firehose spraying India ink. It probably would have no effect on a disk drive that was a few meters away from it, but anything that was actually carried through that doorway would be wiped clean. Between the pulse-gun fired into the building from outside (destroying every chip within range) and this doorframe hack (losing every bit on every disk) the Ordo raid must have been purely a scrap-hauling run for whoever organized it—Andrew Loeb or (according to the Secret Admirers) Attorney General Comstock’s sinister Fed forces who were using Andy as a cat’s paw. The only thing that would have made it through that doorway intact would have been information stored on CD-ROM or other nonmagnetic media, and Tombstone had none of that.

Re:lol!!!! FBI really grapsing straws now

[rochrist]

What are you? 10?

Not evidence - outline

[SuperKendall]

The point of having the journal would not be for evidence the resulting book was real, it would be simply to have vast amount of source material to create a book from more quickly, so you could have a book ready sooner after trial.

He could presumably re-create most of the information from memory, but memory is fickle and it would take a lot more time to get it out.

Rules to live by

A refresh from the last.

Hacking Rules To Live By.

don't trust anyone.
never reveal your operational details
never reveal your plans
never operate from your own house
be pro-actively paranoid it doesn't work retroactively
keep personal life separated
don't talk to police
don't give anyone power over you
never store data locally