Slashdot Mirror

← Back to Stories (view on slashdot.org)

Silk Road Journal Found On Ulbricht's Laptop: "Everyone Knows Too Much"

Posted by timothy on from the that's-not-my-bag-baby-honestly dept.

sarahnaomi writes On Wednesday, prosecutors in the Silk Road trial began to lay out the wealth of evidence found on the laptop taken from accused kingpin Ross Ulbricht in a San Francisco library in October 2013. The evidence presented by prosecutor Timothy Howard was the most comprehensive and damning thus far, including more than a thousand pages of chats between the site's pseudonymous operator Dread Pirate Roberts and Silk Road administrators. Also entered into evidence was a journal that dates back to at least 2010 describing the creation and operation of the site. FBI computer scientist Thomas Kiernan, the second witness in the trial, testified about the day Ulbricht was arrested and the evidence gathered from his laptop.

21 of 180 comments (clear)

  1. What an idiot by wiredlogic · · Score: 4, Insightful

    So not only could he not secure his black site, he couldn't even secure the files on his own laptop.

    It makes you wonder how he ever got it running in the first place.

    --
    I am becoming gerund, destroyer of verbs.
    1. Re:What an idiot by Anonymous Coward · · Score: 4, Insightful

      On the other hand, a psychopath is marked by superhuman hubris, i.e. the assumption that everyone is stupid except them. This is often their downfall when it comes to criminal trial, because they are genuinely shocked that other people are smart enough to have figured them out.

    2. Re:What an idiot by grnbrg · · Score: 4, Interesting

      Apparently he was arrested (in public) at a library, and the techs who got the laptop knew what they were doing...

      It was logged in, and they spend several hours copying data without letting it sleep or lock.

      Full disk encryption is great, but assumes that you won't have unlocked it for the attacker.

    3. Re:What an idiot by Anonymous Coward · · Score: 5, Interesting

      There's actually some neat forensic gear out there designed for this kind of situation. It's basically a battery with a fast UPS style switchover mechanism and various bits for tapping into the power line connected to a computer. Basically they wire this thing in, pull the plug, and the battery keeps the machine running and unlocked while they cart it away/image it/etc. They've also got devices called "jigglers" that simulate mouse movement to keep the screen from locking.

      Obviously this turns into a cat and mouse thought experiment with a variety of rube goldberg type countermeasures and counter-countermeasures, but against the average guy this kinda thing probably works quite well.

    4. Re:What an idiot by CaptBubba · · Score: 5, Interesting

      Yeah they had two agents get into a fight right behind him and when he jumped up to see what was going on (just like anyone would do) another agent snatched the laptop and started the task of getting evidence off it and mirroring the drive's contents.

      The FBI is often really fucking good at what they do.

    5. Re:What an idiot by h4ck7h3p14n37 · · Score: 4, Insightful

      Full disk encryption is great, but assumes that you won't have unlocked it for the attacker.

      That's why you also encrypt sensitive files separately. You only unlock the file when you're actually using it and then lock it back up when done.

      Just use dd to create some space to use, create a filesystem on the file and then apply your preferred means of encryption. Encrypted USB sticks are another good solution.

    6. Re:What an idiot by kylemonger · · Score: 5, Interesting

      The simplest strategy would have been to have already moved to a non-extradition country. He'd already racked up tens of millions of dollars in profits! What was he waiting for?

    7. Re:What an idiot by DrXym · · Score: 3, Funny

      Perhaps that, in itself, is compelling evidence that he didn't.

      "Your honour, the defence submits that the fact that an entire room of people saw the accused stab the victim and state he was glad he did it, proves conclusively that he didn't. There is so much compelling evidence against our client that it is actually evidence of his innocence. And with that the defence rests."

      Doesn't exactly work.

    8. Re:What an idiot by DrXym · · Score: 3, Insightful

      The most likely diagnosis is the Dunning-Kruger effect. He thought himself smarter than he actually was. Add to that the fact he was running a market in illegal goods (drugs, weapons, hitmen etc.) which tends to make law enforcement throw lots of manpower at finding out who the perpetrator is and the determination to take them down.

    9. Re:What an idiot by Rinikusu · · Score: 4, Informative

      And finally, once the FBI is there, knocking down your door (metaphorically speaking), you're pretty much fucked. The investigation that led them to you is probably more than enough to indict you and probably get the conviction, and refusing to turn over your keys once they already have you pinned down will be viewed as contempt of court and you'll sit in prison for a long damned time without a trial. This is why, from what I can tell, the defense is mainly focused on the procedure/evidence that led the FBI to him (poisoning the well) since if they can't give a good accounting for how they connected him to the SR, then all that evidence is for nothing if they used illegal techniques to get it.

      --
      If you were me, you'd be good lookin'. - six string samurai
    10. Re:What an idiot by Dan+East · · Score: 4, Interesting

      A skilled hacker / engineer could create a system for under $40 that would circumvent this.

      Use two microcontrollers (a raspberry pi would be overkill - I'd use a $10 STM32 Nucleo board), one hidden somewhere in your house that has a small coil around a power line which introduces a signal into the power wires, and another in the case of the PC that monitors the signal generated by the first microcontroller. As soon as the device inside the PC detected loss of the signal it could then shut the PC down. Or trip a relay connected to a servo that allows acid to flow into the HDD. It could also have light sensors (covering the largest spectrum possible) to detect the case opening, which would also trigger the destruct mechanism. It would be powered by 4 AA batteries when external power is removed. I would also add a trivial voltage divider circuit to an ADC line on the microcontroller to monitor battery power, and if it got down close to 5V it would destroy the device.

      There are dozens of things you could do along those lines. Place a magnet in whatever the PC is setting on and then have a magnetometer sensor in the buttom of the case connected to the microcontroller. If the PC is moved then it destroys the media. Etc, etc.

      --
      Better known as 318230.
    11. Re:What an idiot by Ralph+Wiggam · · Score: 4, Informative

      Prior to that, the FBI took control of a forum mod's account. They asked "dread" in chat to look into something on the site that required him to log in as an admin. When they grabbed his laptop, a window with him logged into the site admin account was open. That's pretty damning evidence even without the journal.

    12. Re:What an idiot by CaptainDork · · Score: 4, Informative

      No.

      Evidence is an attribute that that exists only after criteria are met. I can destroy my hard drive today and be charged with a crime tomorrow. When the authorities realize what I have done, there's nothing they can do. The hard drive only becomes evidence after probable cause has been established and a warrant has been issued and I am made aware that my hard drive is evidence.

      There are exceptions, but not as relates to this matter.

      ... the court can instruct the jury to assume that the evidence that was destroyed showed exactly what the prosecution says it shows ...

      You are an asshat and what pisses me off is that you know damn well that you are making a false statement.

      So fuck you very much.

      --
      It little behooves the best of us to comment on the rest of us.
    13. Re:What an idiot by hoggoth · · Score: 4, Funny

      Feds: "Grab him!"
      Ross: "Beetlejuice!"
      Librarian: "Shhhhhh!"
      Feds "Cover his mouth quick!"
      Ross: Beetlejuice!"
      Feds drag Ross away with his mouth covered...

      Fed1: "What was that about?"
      Fed2: "It was some sort of codeword"
      Fed1: "What do you mean?"
      Fed2: "When he yelled Beetlejuice it activated a..."
      Both: "Oh shit..."

      --
      - For the complete works of Shakespeare: cat /dev/random (may take some time)
    14. Re:What an idiot by citizenr · · Score: 3, Interesting

      https://www.youtube.com/watch?...

      there are rfid rings/bracelets that do this already

      --
      Who logs in to gdm? Not I, said the duck.
  2. Mental note: by JWSmythe · · Score: 3, Insightful

    Mental note: When establishing a questionably legal site for definitely illegal transactions to be made through, don't keep any logs about it, nor your conversations regarding it.

    --
    Serious? Seriousness is well above my pay grade.
    1. Re:Mental note: by slew · · Score: 4, Interesting

      Mental note: When establishing a questionably legal site for definitely illegal transactions to be made through, don't keep any logs about it, nor your conversations regarding it.

      Observation: if you have a big enough ego to think you can create such a questionable site and get away with it, you have probably can't stop yourself from feeling invincible in whatever you do and dismiss any possibility that your logs will get compromised *ever*. Conversely, if have enough doubt about the eventual security of your logs in the event you might eventually get caught, you probably don't have the balls to go through with it in the first place...

  3. Re:Journal? by Marginal+Coward · · Score: 5, Funny

    Isn't it the first thing they teach you in Criminal 101: Don't keep a journal!

    It just shows what happens when you take drugs: you end up losing interest in your education and dropping out, just before you get to the part of your Criminal 101 class that you really needed. Here's the transcript:

    Dear Diary,

    Criminal 101 class was really, really, boring today. I don't know how much longer I can take it. We learned about a bunch of junk about how not to leave fingerprints and how to wipe a hard drive. Duh - everybody knows that. When are we gonna learn something really useful?... I think I'll just drop out.

    your friend,

    Ross

  4. Missing the point. by B5_geek · · Score: 3, Interesting

    While a lot of people are jumping on the "..it wasn't encrypted.." "..FBI grabbed it while he was logged in.."
    You are missing the point.
    Step 1) NEVER carry incriminating evidence with you. Encrypted or not.
    2) use a VPN/SSH Tunnel/etc (and/or both) to connect to the server where your data is. (make sure that server is located in a non-extraditing country, and filtered from you by a few shell companies)
    3) keep an absurdly low 'idle-timeout' on your ssh sessions
    4) use a dead-mans switch on that servers encrypted data
    (i.e. run command "I_am_not_in_jail_yet.sh" every 15minutes.) {be more vague then this*}
    5) ALWAYS assume that your local system is compromised. (boot/run from a read-only media)
    6) don't brag about it! If more then 1 person knows; then your secret is not safe.

    --
    "The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
    1. Re:Missing the point. by Fwipp · · Score: 4, Funny

      None.

      That's rule number 1 of crimes - never ever commit a crime before breakfast. Without the clear head that comes from getting a healthy start to the day, you'll get caught for sure.

  5. Geeks in particular tend to forget this by Sycraft-fu · · Score: 4, Insightful

    The FBI may not be all up to date on the latest technologies and they aren't great at dealing with things purely in the digital world. However they are one of, if not the best investigative organizations in the world. They have a lot of experience investigating crimes of all kinds, often committed by experienced criminal organizations that are quite clever.

    So there's a good chance if they are interested in getting you, they will. They are quite literally professionals at it, and they institutionally learn from their experience. You very well may know a lot more about computers than they do, but they almost certainly know way more about criminal investigations than you do.