Slashdot Mirror
The Technologies That Betrayed Silk Road's Anonymity
itwbennett writes Silk Road was based on an expectation of anonymity: Servers operated within an anonymous Tor network. Transactions between buyers and sellers were conducted in bitcoin. Everything was supposedly untraceable. Yet prosecutors presented a wealth of digital evidence to convince the jury that Ross Ulbricht was Dread Pirate Roberts, the handle used by the chief operator of the site. From Bitcoin to server logins and, yes, Facebook, here's a look at 5 technologies that tripped Ulbricht up.
Looks like I might have my shot at being a multimillionaire.
Rusty treated OpSec as suggestions instead of law.
Your hair look like poop, Bob! - Wanker.
If I were running a criminal enterprise via my computer, wtf would you go out in a public place and do so? At least sit in your car or something.
Why would I have a facebook account?
Why would I be advertising on facebook for people to join my enterprise?
Why would I keep logs of any sort?
There is so much stupid here, it hurts. Some "Dread Pirate" he turned out to be.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
While the Feds were enforcing drugs laws, they tipped off about some of their methods.
Now, terrorists will now go and make sure these openings are closed; possibly messing up investigations of other Feds who want to stop terrorism.
End the Drug War. It's doing us no good.
Not much really needs to be said.
You can't be anonymous with a handle. This was a case of ego, and wanting a 'name' to associate with 'deeds'. Just because a name isn't one you are born with doesn't mean it isn't associated with you. Even if you create a false identity to represent you, you still own that identity. Even an encryption key can be an alias. Police are completely used to tracking people by alias, and linking aliases to human beings. It's their job, they have been doing it for years.
In the end, his goal was to associate a number of impressive 'deeds' with a 'name' that he would later claim as his when he felt it was a safe time. This way he could enjoy the fame that all of his work had built up. Just the fact that he was doing this for money, and trying to create earnings through the system was enough of a risk. A huge risk. Keeping that, alone, under wraps, would be tough. Ego just made it easy for them.
The advantages to Encryption and defense-in-depth strategies is they are based on the triad of information assurance, one key of that is "non-repudiation". The "downside" to non-repudiation is the ability to connect the dots come litigation time. Interesting that they mention that the SSH sessions used key based authentication when the opposing attorneys claimed that anyone can name their systems "frosty" and use the login name "frosty". My question is, did the key on the laptop that was supposedly logged in as "frosty" also correlate to the key on the server? If so, the "anyone" list just got a lot smaller.
Select from tblFriends where interesting >= 4;
well, there might be more "tech" to it than just this reportage.
I think the knee-jerk response is to say that the problem exists between the chair and keyboard. Just reading the article makes it impossible to draw another conclusion. He was nabbed in a public library before he had a chance to turn his laptop off so nothing was encrypted. Similarly, ARE YOU TAKING NOTES ON A CRIMINAL FUCKING CONSPIRACY? Why would you ever keep data in plain text even if the hard drive is encrypted? I am not expecting the FBI to raid me at any time, but just out of caution, I have my computer encrypted using Bitlocker (yeah, I know) and all data at rest is stuck in a hidden TrueCrypt partition. If I want to access it, I have to sign in separately. But most hilariously, he had a stupid freaking Facebook page that linked him directly to his true identity and Silk Road.
However, this only underscores how difficult it is to have operational security for any complex business. At some point, he needs to keep track of all transactions, with reasonably easy access. It's a pain in the ass for me to repeatedly log in and access data. I can only imagine how difficult it must have been to conduct business. I guess the bottom line is that physical security is crucial.
A NYC lawyer blogs. http://www.chuangblog.com/
Looks like he was done in by being stupid more than the technologies.
The article is more than a little sensational too. "He was done in by CHAT!" No, he was done in by keeping a goddamn log of his criminal activities. The fact that it happened to be chat is beside the point. Probably the only entry in there that deserves the headline is the Bitcoin one, only because it highlights how people misrepresent Bitcoin (It's so anonymous that every single transaction ever is recorded on the internet!). The article points out that he could have used tumblers to hide his bitcoins, but with the volume of coins Silk Road deals with that probably wasn't practical. Tumblers are really only useful for relatively small numbers of coins at a time. Put too many in and take too many out and your transactions stand out.
The article does harp a lot on how this information was only available because Ulbrict was dumb and let his laptop be snatched out of his hands while he was logged in. It is somewhat frightening to consider how poor the government's case might be if he had simply been facing the other direction.
I read the internet for the articles.
This seems like a perfect use of parallel construction: figure out who he is by using illegal/secret technologies, and develop a plausible narrative of how legal methods were actually used. Maybe we are jumping too quickly to the "He was stupid" conclusion.
It looks to me that the biggest goof he made was using the Altoid pseudonym more than once, and on one occasion leaving an obvious connection to himself. After that it was mainly just patience on behalf of the law enforcement officers. If he had not made that crucial mistake they probably would still not have any idea who dreadpirateroberts was.
They had all that evidence because tehy had a man on the inside, duh. Sure DPR/Ulbricht wasn't the greatest at stealth to begin with, but DHS was inside building up evidence.
http://www.ibtimes.co.uk/silk-road-mole-dread-pirate-roberts-paid-me-1000-week-i-tracked-him-down-1483452
Because on places like Slashdot they read "BitCoin is anonymous!"
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Tumblers.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
You don't need parallel construction when they seized his lap top.
All of this is based on the seizure of his lap top.
The bit coins, the chat logs, the encryption keys, the SSH logins.
If they didn't seize the lap top in tact, they would have had a much more difficult time with this. It would have been he said/she said buried in tech gobbledygook.
But they did get his lap top, in tact, in plain text. I imagine getting the lap top was primary goal of his arrest. They'd probably have let him run and catch him later, if they could get his lap top.
And once they got that lap top, the world opened up for them. He was laid bare.
His most trusted ally ratted him out. It's that simple.
Bitcoin is not really completely anonymous, but it is portable, and criminals need to move millions of dollars around. With bank regulators in the West being more on top of laundering, criminals want to send their money to countries that are still soft on laundering. To do that, cash is extremely inconvenient. Bitcoin, as long as it is a feasible store of wealth which can be exchanged for currency, is perfect for moving millions out of the US to somewhere where the criminals can cash in.
And so what if a trail has some drug deals on it? Every dollar bill in the US over a certain age has probably been passed in a drug deal at one point or another....
"As Ulbricht's trial unfolded over the last month, one character appeared again and again in the chat logs prosecutors pulled from the laptop seized from Ulbricht at the time of his arrest: a man calling himself Variety Jones, and later, Cimon " ref.
If you can get something from a to b on the internet, people can figure it out.
It's only about increase the level of cost to figure it out.
Just like anything encrypted that needs to become human readable at some point can be figured out. Not necessarily the way you are thinking.
The Kruger Dunning explains most post on
Most paper money have a level of drug residue.
The Kruger Dunning explains most post on
Variety Jones, perhaps the true mastermind behind Silk Road, had the perfect level of involvement. He was disconnected and impossible to track, which means he ran this empire through a patsy. This isn't meant as an insult to Ulbricht. It's too hard to do everything right at that level of involvement. Jones's mistakes only had negative ramifications for Ulbricht. You could say that his only error that might come back to him was that he didn't explicitly tell Ulbricht to keep logging disabled for his Tor chats, which allowed Jones's writing habits and estimates of his schedule (time zone) can be analyzed and perhaps mapped to his other (less obscured) online activity in a manner similar to Ulbricht's Facebook notes about Thailand.
Who knows, perhaps Jones, who was quite arguably the true architect of Silk Road, is now serving the same capacity in another similar enterprise.
Parallel construction could be considered though 'Fruit of the Poisonous Tree' http://en.wikipedia.org/wiki/F...
If they only found him by ?illegal NSA wiretapping? the laptop would inadmissible. My understanding is that most parallel construction (supposedly) isn't for the sake of using illegally obtained evidence but simply to protect the method or person by which the evidence was obtained. Which also could be the case here. Maybe they actually got him using a sophisticated and warranted attack that they don't want people know they're capable of (e.g. how they took down SilkRoad 2 and 3 and 4.)
Then again IANAL so who knows, maybe all of my law and order reruns are of no use in this instance. :D
My understanding is that most parallel construction (supposedly) isn't for the sake of using illegally obtained evidence but simply to protect the method or person by which the evidence was obtained.
May I inquire as to why you think this? Do you have any interesting evidence or even anecdotes that lead you to this conclusion or is this just what the nice man from the DOJ told you?
Additionally I can see virtue in protecting the persons evidence was obtained from in *some* cases, but the methods? In a free society with an adversarial justice system based on the presumption of innocence, what legitimate goals are furthered by secrecy around evidence gathering methods?
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
It seems to me that if he had managed to close the lid on his laptop, the prosecuters would have been completely screwed.
Encryption is great stuff, but the IBKAC loophole can get you every time.
IBKAC = Interface Between Keyboard and Chair
Never substitute a conspiracy theory when you don't need one.
Sure, I suppose the NSA could have used magical spying technology to know everything about Dread Pirate Roberts, but whether they did or not, they didn't need to. He had left enough clues about DPR's identity scattered around in public to put him on a small list of suspects.
Both the "inevitability" and "good-faith" exceptions might apply in this case. But in the end the defence didn't or couldn't use parallel construction to get the laptop evidence omitted so it's irrelevant.
Indeed. And in fact this story is good for freedom, as we can now point out that this guy was caught without dragnet surveillance, without breaking crypto and without all the other stuff the NSA does. Hence what the NSA does gets zero positive press from this, but rather their claims of what it does as being "necessary" is exposed as a lie even for catching hardened Internet drug-lords and murderers.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Stupidity. That BitCoin is not really anonymous has been known for a long time.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I don't intend to suggest something underhand happened, but I want to highlight what I feel is a flaw to this logic. Once you know someone has committed a crime it will be comparatively simple to find masses of evidence. Yes he might of left information around that could help narrow down suspects, or even incriminate himself, but that doesn't mean that it would have been found, noticed, and acted on.
The lap top was just the endgame - he'd already left enough small clues scattered about for law enforcement to figure out who was worth looking at. He made the classic security error of the n00b, he thought he had encryption and that made him safe.
In a free society with an adversarial justice system based on the presumption of innocence, what legitimate goals are furthered by secrecy around evidence gathering methods?
It would be nice if we had one of those but are you joking? Cover up the methods to stop people defending against it. it's not fucking rocket science.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
Yep. Base your operations in Russia or another country reluctant to extradite to the west, and then use bitcoin to get the money to you so it can't be readily blocked. Even if they identify you, they probably can't extradite.
Seems to be the strategy that the CryptoWall folk are using, at least.
"That girl is a witch!" "Yeah, but she's our witch. So cut her the hell down!"
It wasn't "technology" that betrayed him, it was the sort if unthinking stupidity that leads to the downfall of all sorts of criminals. In another era, he would have been boasting about his exploits at a bar or to impress a date.
The primary bug was in the Wetware, tech just moved things along.
*** Yes he might of left information around that could help narrow down suspects, or even incriminate himself, but that doesn't mean that it would have been found, noticed, and acted on.***
Well, Silkroad was a huge piece of evidence for criminal activity. I think it is safe to assume that the FBI tripped over that boulder first. Since it was a web-based auction site, someone must have created it and someone must maintain it. Someone with he nym Dread Pirate Roberts seems to run the show.
Standard investigative work tends to work backwards to the source. In the very early days of Silkroad the nym Altoid pops up and focussing on Altoid, a post with rossulbricht at gmail dot com connected to the nym Altoid is found. I think it is safe to assume that from that moment on the name Ross Ulbricht led the suspect list and all effort was put in to linking DPR to Ross Ulbricht.
# touch universe # chmod +rwx universe #
Cover up the methods to stop people defending against it.
That's my point thought defendants have right to defend themselves. When does covering up evidence gathering methods serve a legitimate judicial use? Why would hiding the methods used to gather evidence be necessary unless for example the government did something illegal?
Conducted a search without cause, hacked a system in violation of the CFAA, inserted a mole acting as an agent of the state who induced you to commit the crime which would make it entrapment; etc.
Protecting the identity of whiteness etc, makes sense but there are really very few situations where I can see secrecy around evidence gathering methods doing anything other than violating the rights of defendants to challenge the evidence against them and allowing the sate to cover up its own misdeeds in the course of the investigation.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Parallel construction is illegal even if there is a warrant, because the accused has a Constitutional right to face his accuser. Keeping the method of obtaining evidence secret is simply not allowed (at least, as long as the court itself is actually obeying the law).
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
The summary states that the technologies were "supposedly" untraceable and the linked article talks specifically about how LE used bitcoin to trace DPR.
Cover up the methods to stop people defending against it.
That's my point thought defendants have right to defend themselves. When does covering up evidence gathering methods serve a legitimate judicial use? Why would hiding the methods used to gather evidence be necessary unless for example the government did something illegal?
Um that's what parallel construction is. Getting information though illegal means (usually better and quicker) and the presenting a story about how you got it legally.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
I also think it is likely that they caught him exactly as they said he did. That doesn't mean that they shouldn't be expected to keep records to show that is what in fact happened, and have their records audited to ensure they tell the truth. We're seeing far too many cases of things like the FBI protecting the police from having to reveal information about certain methods of surveillance to trust their word.
There are enough examples of very serious crimes, that don't get solved for decades and when they are that the quantity and obviousness of evidence is overwhelming; yet somehow it was missed at the time.
The bottom line is: Don't connect your alter ego to your real name, EVER!
The list of his failures to hide evidence was long. But none of them would have mattered if they didn't learn his name.
First, he posted as 'altoid' advertizing the Silk Road.
Then he posted as 'altoid' seeking help with 'bitcoin service' and soliciting contact with a gmail address which was based on his real name.
That's what got his name on the police's radar. That's why they began to monitor him. Since then it was just a matter of time to slip and reveal true identity. All he had set up would hide him 99.99% of time, making a casual observer or random search to notice his activity pretty much impossible. But a focused observation - being a suspect - could easily correlate things between his two identities. And from then on it was just about catching him red-handed.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Thing with bitcoin is, it's perfectly traceable from wallet to wallet, but the wallet locations are the big unknown. You don't know who owns the wallet until you have access to the physical machine it resides on. So, you can easily *confirm* the transaction between two individuals happened once you know what their wallet IDs are, but if you don't know who the wallet belongs to, you're unable to determine the person from the Bitcoin operations alone.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2