Slashdot Mirror
The Technologies That Betrayed Silk Road's Anonymity
itwbennett writes Silk Road was based on an expectation of anonymity: Servers operated within an anonymous Tor network. Transactions between buyers and sellers were conducted in bitcoin. Everything was supposedly untraceable. Yet prosecutors presented a wealth of digital evidence to convince the jury that Ross Ulbricht was Dread Pirate Roberts, the handle used by the chief operator of the site. From Bitcoin to server logins and, yes, Facebook, here's a look at 5 technologies that tripped Ulbricht up.
Looks like I might have my shot at being a multimillionaire.
Rusty treated OpSec as suggestions instead of law.
Your hair look like poop, Bob! - Wanker.
If I were running a criminal enterprise via my computer, wtf would you go out in a public place and do so? At least sit in your car or something.
Why would I have a facebook account?
Why would I be advertising on facebook for people to join my enterprise?
Why would I keep logs of any sort?
There is so much stupid here, it hurts. Some "Dread Pirate" he turned out to be.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
While the Feds were enforcing drugs laws, they tipped off about some of their methods.
Now, terrorists will now go and make sure these openings are closed; possibly messing up investigations of other Feds who want to stop terrorism.
End the Drug War. It's doing us no good.
Not much really needs to be said.
itworld is bad enough, but posting "$N $foo that $bar" filler tripe? Come on guise, no need to insult our intelligence that much.
Looks like what happened is that Ross got tired of having to log in, and the Feds were quite shrewd at catching him with the pants down. I'd say this was a coup on the LEO's part, nailing someone so fast they couldn't even close their laptop.
Pretty much, one gets sloppy over time, the 2FA turned into 1FA, then an automatic login. A tumbler turned into just spending the coins, and so on.
My lesson? Here in the US, it isn't anything I'm worrying about, since I'm not running a criminal enterprise. I keep FDE on all computers so that Jack Crackhead (who is going to yank things from the wall that look "techie" so he can hand them to a fence for a hit of meth) is going to cause a hardware loss, as opposed to data falling into the wrong hands.
However, as for BitCoins, my stash is so pitiful, it almost isn't worth the bits they take up on a HDD, my external server is part of a VPS and I just SSH directly to it without a password (using RSA key encryption), and I just use the OS's password storage mechanism (KeyChain for OS X) for passwords. Since most of my documents are stashed on GDrive, I'm sure there are easier ways for a LEO to access them other than a SWAT raid.
You can't be anonymous with a handle. This was a case of ego, and wanting a 'name' to associate with 'deeds'. Just because a name isn't one you are born with doesn't mean it isn't associated with you. Even if you create a false identity to represent you, you still own that identity. Even an encryption key can be an alias. Police are completely used to tracking people by alias, and linking aliases to human beings. It's their job, they have been doing it for years.
In the end, his goal was to associate a number of impressive 'deeds' with a 'name' that he would later claim as his when he felt it was a safe time. This way he could enjoy the fame that all of his work had built up. Just the fact that he was doing this for money, and trying to create earnings through the system was enough of a risk. A huge risk. Keeping that, alone, under wraps, would be tough. Ego just made it easy for them.
The advantages to Encryption and defense-in-depth strategies is they are based on the triad of information assurance, one key of that is "non-repudiation". The "downside" to non-repudiation is the ability to connect the dots come litigation time. Interesting that they mention that the SSH sessions used key based authentication when the opposing attorneys claimed that anyone can name their systems "frosty" and use the login name "frosty". My question is, did the key on the laptop that was supposedly logged in as "frosty" also correlate to the key on the server? If so, the "anyone" list just got a lot smaller.
Select from tblFriends where interesting >= 4;
well, there might be more "tech" to it than just this reportage.
I think the knee-jerk response is to say that the problem exists between the chair and keyboard. Just reading the article makes it impossible to draw another conclusion. He was nabbed in a public library before he had a chance to turn his laptop off so nothing was encrypted. Similarly, ARE YOU TAKING NOTES ON A CRIMINAL FUCKING CONSPIRACY? Why would you ever keep data in plain text even if the hard drive is encrypted? I am not expecting the FBI to raid me at any time, but just out of caution, I have my computer encrypted using Bitlocker (yeah, I know) and all data at rest is stuck in a hidden TrueCrypt partition. If I want to access it, I have to sign in separately. But most hilariously, he had a stupid freaking Facebook page that linked him directly to his true identity and Silk Road.
However, this only underscores how difficult it is to have operational security for any complex business. At some point, he needs to keep track of all transactions, with reasonably easy access. It's a pain in the ass for me to repeatedly log in and access data. I can only imagine how difficult it must have been to conduct business. I guess the bottom line is that physical security is crucial.
A NYC lawyer blogs. http://www.chuangblog.com/
Looks like he was done in by being stupid more than the technologies.
The article is more than a little sensational too. "He was done in by CHAT!" No, he was done in by keeping a goddamn log of his criminal activities. The fact that it happened to be chat is beside the point. Probably the only entry in there that deserves the headline is the Bitcoin one, only because it highlights how people misrepresent Bitcoin (It's so anonymous that every single transaction ever is recorded on the internet!). The article points out that he could have used tumblers to hide his bitcoins, but with the volume of coins Silk Road deals with that probably wasn't practical. Tumblers are really only useful for relatively small numbers of coins at a time. Put too many in and take too many out and your transactions stand out.
The article does harp a lot on how this information was only available because Ulbrict was dumb and let his laptop be snatched out of his hands while he was logged in. It is somewhat frightening to consider how poor the government's case might be if he had simply been facing the other direction.
I read the internet for the articles.
This seems like a perfect use of parallel construction: figure out who he is by using illegal/secret technologies, and develop a plausible narrative of how legal methods were actually used. Maybe we are jumping too quickly to the "He was stupid" conclusion.
Dont say that, you act like a terroaaarist !!!!
How are they supposed to control the plebejans ???
I do not understand how bitcoin makes the life of a criminal any easier.
The hash identifying the wallet cannot be secret because otherwise people would not know how to pay you. All the transactions in/out of the wallet are traceable and duly recorded in the block chain. Therefore, everybody can see all the transactions in and out of the criminal's wallet. Finally, at some point the criminal will have to convert the bitcoins into cash. When he does so, he will be forced to go through an exchange and there will be a record somewhere of his back account.
So what am I missing? Why do criminals use bitcoin?
Even if it was parallel construction, the game is then to make sure that no path to legal methods exists.
Crime has always been played by the rules of the jungle; nobody gets to cry technical foul at the end.
They had all that evidence because tehy had a man on the inside, duh. Sure DPR/Ulbricht wasn't the greatest at stealth to begin with, but DHS was inside building up evidence.
http://www.ibtimes.co.uk/silk-road-mole-dread-pirate-roberts-paid-me-1000-week-i-tracked-him-down-1483452
You don't need parallel construction when they seized his lap top.
All of this is based on the seizure of his lap top.
The bit coins, the chat logs, the encryption keys, the SSH logins.
If they didn't seize the lap top in tact, they would have had a much more difficult time with this. It would have been he said/she said buried in tech gobbledygook.
But they did get his lap top, in tact, in plain text. I imagine getting the lap top was primary goal of his arrest. They'd probably have let him run and catch him later, if they could get his lap top.
And once they got that lap top, the world opened up for them. He was laid bare.
His most trusted ally ratted him out. It's that simple.
"As Ulbricht's trial unfolded over the last month, one character appeared again and again in the chat logs prosecutors pulled from the laptop seized from Ulbricht at the time of his arrest: a man calling himself Variety Jones, and later, Cimon " ref.
If you can get something from a to b on the internet, people can figure it out.
It's only about increase the level of cost to figure it out.
Just like anything encrypted that needs to become human readable at some point can be figured out. Not necessarily the way you are thinking.
The Kruger Dunning explains most post on
Dude. Conserve the use of your space key.
Laptop, intact, bitcoin. They do not have spaces.
Variety Jones, perhaps the true mastermind behind Silk Road, had the perfect level of involvement. He was disconnected and impossible to track, which means he ran this empire through a patsy. This isn't meant as an insult to Ulbricht. It's too hard to do everything right at that level of involvement. Jones's mistakes only had negative ramifications for Ulbricht. You could say that his only error that might come back to him was that he didn't explicitly tell Ulbricht to keep logging disabled for his Tor chats, which allowed Jones's writing habits and estimates of his schedule (time zone) can be analyzed and perhaps mapped to his other (less obscured) online activity in a manner similar to Ulbricht's Facebook notes about Thailand.
Who knows, perhaps Jones, who was quite arguably the true architect of Silk Road, is now serving the same capacity in another similar enterprise.
Parallel construction could be considered though 'Fruit of the Poisonous Tree' http://en.wikipedia.org/wiki/F...
If they only found him by ?illegal NSA wiretapping? the laptop would inadmissible. My understanding is that most parallel construction (supposedly) isn't for the sake of using illegally obtained evidence but simply to protect the method or person by which the evidence was obtained. Which also could be the case here. Maybe they actually got him using a sophisticated and warranted attack that they don't want people know they're capable of (e.g. how they took down SilkRoad 2 and 3 and 4.)
Then again IANAL so who knows, maybe all of my law and order reruns are of no use in this instance. :D
While that is possible, most cops I know and have met are not that devious or clever. They are patient and observant, and very successful. The mindset is that only a dumb person will turn to crime. So often it is true that they keep very busy and have quite the arrest history to prove it works. Greed does even the best criminals in. DPR wanted to be billionaire I'm sure. He could have quite 1 year in and gotten away easily. He could have just gone back to work or whatever.
In order to effect the seizure of his laptop and search it they needed probable cause. If their whole case relied only on the laptop, that would be precisely where the parallel construction would be needed because they wouldn't be able to explain how they identified this particular individual in their investigation.
My understanding is that most parallel construction (supposedly) isn't for the sake of using illegally obtained evidence but simply to protect the method or person by which the evidence was obtained.
May I inquire as to why you think this? Do you have any interesting evidence or even anecdotes that lead you to this conclusion or is this just what the nice man from the DOJ told you?
Additionally I can see virtue in protecting the persons evidence was obtained from in *some* cases, but the methods? In a free society with an adversarial justice system based on the presumption of innocence, what legitimate goals are furthered by secrecy around evidence gathering methods?
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
It seems to me that if he had managed to close the lid on his laptop, the prosecuters would have been completely screwed.
Encryption is great stuff, but the IBKAC loophole can get you every time.
IBKAC = Interface Between Keyboard and Chair
Never substitute a conspiracy theory when you don't need one.
Sure, I suppose the NSA could have used magical spying technology to know everything about Dread Pirate Roberts, but whether they did or not, they didn't need to. He had left enough clues about DPR's identity scattered around in public to put him on a small list of suspects.
I hate it when some one finds my lap top in tact and un covers all my il legal activity and bit coin trans actions.
Both the "inevitability" and "good-faith" exceptions might apply in this case. But in the end the defence didn't or couldn't use parallel construction to get the laptop evidence omitted so it's irrelevant.
Indeed. And in fact this story is good for freedom, as we can now point out that this guy was caught without dragnet surveillance, without breaking crypto and without all the other stuff the NSA does. Hence what the NSA does gets zero positive press from this, but rather their claims of what it does as being "necessary" is exposed as a lie even for catching hardened Internet drug-lords and murderers.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I don't intend to suggest something underhand happened, but I want to highlight what I feel is a flaw to this logic. Once you know someone has committed a crime it will be comparatively simple to find masses of evidence. Yes he might of left information around that could help narrow down suspects, or even incriminate himself, but that doesn't mean that it would have been found, noticed, and acted on.
The lap top was just the endgame - he'd already left enough small clues scattered about for law enforcement to figure out who was worth looking at. He made the classic security error of the n00b, he thought he had encryption and that made him safe.
> This seems like a perfect use of parallel construction: figure out who he is by using illegal/secret technologies
This is very american thinking. In Europe and Japan, guvmint forces catch murderers, kidnappers, bank robbers and tenorists, locked them up or execute them and then there is some discussion post facto, whether the methods used to find them were conductive to the society's progress. However, the duty is to stop criminals first and philosophy second.
In contrast, US law enforcement and courts seem to exist for one purpose: to facilitate the development of ever more advanced methods of criminality. In America and other anglo-saxon countries you become a hero for life when you murder somebody and can get away with it. This encourages other people to consider leading lives outside the law. In Europe there is no restriction on "double jeopardy" and murderers who once escaped punishment are regularly nailed 10-15 years later, when new evidence comes to life or accomplices loosen lips. Because of this, criminality is not encouraged in Europe, because a perpetrator can never, ever be sure of his eventual success!
In America, allowing and even ecouraging criminality by the guvmint serves an economic aim. An old lady pensioner sitting on a big pile of savings is detrimental to the economy, as if buried treasure in a pot in the corner of a field. But a criminal who murders her and promptly spends the loot on drugs, pussies and roulette at Vegas is pumping so many thousands into the economy. The victim has no value, but the perpetrator is a symbol of progress and boom in America.
Although TorChat promises encrypted messaging, Ulbricht chose to save the logs in plain text on his computer, creating a trove of conversations with fellow Silk Road administrators. In example after example, the prosecution pointed to logs where the laptop user identified himself as Dread Pirate Roberts.
Our "drug laws" are arbitrary as they single out some substances but not others.
So I do feel sorry that he will be locked away for providing a service for people who are interested in certain products but damn he is fucking retard!
In a free society with an adversarial justice system based on the presumption of innocence, what legitimate goals are furthered by secrecy around evidence gathering methods?
It would be nice if we had one of those but are you joking? Cover up the methods to stop people defending against it. it's not fucking rocket science.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
In my opinion the laptop's LCD screen had been observed and read for months before that action-hero like arrest, using remote TEMPEST technology (either via radio reception or they were modulating his AC supply with a harmonious frequency that acted as a carrier to syphon out info from the laptop as he was logged in).
If there was a need for more "magical" and inadmissible NSA trickery to find Ross, trial couldn't happen. The guvmint would simply arrange for Ross to end up in the crossfire of a random-looking ghetto afro vs hispanic drug gang shootout and come to rest 6ft under and then SR comes to a halt spontaneously.
Anyhow, I think the aesop is, one should not lead a life of criminalty. If you are clever, well-paying jobs with stable and perfectly legal income are available by the galore. If you think you are smart enough to become the uncatchable millionare crime kingpin, you should be earning at least twice as much by simply sitting at an office chair 8hrs a day. If you are not clever, your criminal carreer will be short and you would earn more in total by spending your days in a dull, but honest workplace. Furthermore, it is hard to raise kids well, when you are the godfather. Pablo Escobar once burned 2 million USD in cash in a campfire, trying to keep his 10-year old daughter warm in the rainforest, as they were on the run from CIA in the last days of his reign. (Yes, that's a true story.)
It wasn't "technology" that betrayed him, it was the sort if unthinking stupidity that leads to the downfall of all sorts of criminals. In another era, he would have been boasting about his exploits at a bar or to impress a date.
The primary bug was in the Wetware, tech just moved things along.
*** Yes he might of left information around that could help narrow down suspects, or even incriminate himself, but that doesn't mean that it would have been found, noticed, and acted on.***
Well, Silkroad was a huge piece of evidence for criminal activity. I think it is safe to assume that the FBI tripped over that boulder first. Since it was a web-based auction site, someone must have created it and someone must maintain it. Someone with he nym Dread Pirate Roberts seems to run the show.
Standard investigative work tends to work backwards to the source. In the very early days of Silkroad the nym Altoid pops up and focussing on Altoid, a post with rossulbricht at gmail dot com connected to the nym Altoid is found. I think it is safe to assume that from that moment on the name Ross Ulbricht led the suspect list and all effort was put in to linking DPR to Ross Ulbricht.
# touch universe # chmod +rwx universe #
And another way you can get caught: language use (esp. "errors in -").
Took me less than a minute to find a non-anonymous post in a Microsoft help forum (or usenet newsgroup) that combines "lap top" and "in tact" in the same message.
Once the most likely suspect is located this way, all you have to do is keep an eye on him, and jump his back when he has opened his lap top.
WHAT THE ACTUAL FUCK, SLASHDOT?
Seriously, are we still perpetuating the total myth that Bitcoin is both anonymous and untraceable???
Bitcoin is the DEFINITION of traceable. It is also very easily identifiable because of this.
Cover up the methods to stop people defending against it.
That's my point thought defendants have right to defend themselves. When does covering up evidence gathering methods serve a legitimate judicial use? Why would hiding the methods used to gather evidence be necessary unless for example the government did something illegal?
Conducted a search without cause, hacked a system in violation of the CFAA, inserted a mole acting as an agent of the state who induced you to commit the crime which would make it entrapment; etc.
Protecting the identity of whiteness etc, makes sense but there are really very few situations where I can see secrecy around evidence gathering methods doing anything other than violating the rights of defendants to challenge the evidence against them and allowing the sate to cover up its own misdeeds in the course of the investigation.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Parallel construction is illegal even if there is a warrant, because the accused has a Constitutional right to face his accuser. Keeping the method of obtaining evidence secret is simply not allowed (at least, as long as the court itself is actually obeying the law).
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Cover up the methods to stop people defending against it.
That's my point thought defendants have right to defend themselves. When does covering up evidence gathering methods serve a legitimate judicial use? Why would hiding the methods used to gather evidence be necessary unless for example the government did something illegal?
Um that's what parallel construction is. Getting information though illegal means (usually better and quicker) and the presenting a story about how you got it legally.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
Fucking thing
I also think it is likely that they caught him exactly as they said he did. That doesn't mean that they shouldn't be expected to keep records to show that is what in fact happened, and have their records audited to ensure they tell the truth. We're seeing far too many cases of things like the FBI protecting the police from having to reveal information about certain methods of surveillance to trust their word.
There are enough examples of very serious crimes, that don't get solved for decades and when they are that the quantity and obviousness of evidence is overwhelming; yet somehow it was missed at the time.
The bottom line is: Don't connect your alter ego to your real name, EVER!
The list of his failures to hide evidence was long. But none of them would have mattered if they didn't learn his name.
First, he posted as 'altoid' advertizing the Silk Road.
Then he posted as 'altoid' seeking help with 'bitcoin service' and soliciting contact with a gmail address which was based on his real name.
That's what got his name on the police's radar. That's why they began to monitor him. Since then it was just a matter of time to slip and reveal true identity. All he had set up would hide him 99.99% of time, making a casual observer or random search to notice his activity pretty much impossible. But a focused observation - being a suspect - could easily correlate things between his two identities. And from then on it was just about catching him red-handed.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2