The Technologies That Betrayed Silk Road's Anonymity

itwbennett writes Silk Road was based on an expectation of anonymity: Servers operated within an anonymous Tor network. Transactions between buyers and sellers were conducted in bitcoin. Everything was supposedly untraceable. Yet prosecutors presented a wealth of digital evidence to convince the jury that Ross Ulbricht was Dread Pirate Roberts, the handle used by the chief operator of the site. From Bitcoin to server logins and, yes, Facebook, here's a look at 5 technologies that tripped Ulbricht up.

Stupidity is a technology now?

Looks like I might have my shot at being a multimillionaire.

Re:Stupidity is a technology now?

Yes, Facebook is a technology.

Re:Stupidity is a technology now?

[gweihir]

What you say is partially true. It is fully true if you still want convenience (and Ulbricht clearly did). If you do things right, you get a very high level of security, but it means things like having no storage in you laptop, only a tails CD, typing in long passwords yourself, and never, ever use any computer that ever has seen your real identity for any "business"-related task ever.

That said, most people cannot get to that stage, but if you ever have worked with a computer that is authorized for classified data or have talked to somebody that has, you know that there are entirely different levels of isolation and protection that can be reached. It does not even need much in the way of software or hardware. It needs extreme discipline and real understanding.

TL;DR

[OverlordQ]

Rusty treated OpSec as suggestions instead of law.

Re:TL;DR

[Jeremi]

Rusty treated OpSec as suggestions instead of law.

Of course, he also treated the law as suggestions instead of law. I have no sympathy at all. :P

More than a little retarded

[HBI]

If I were running a criminal enterprise via my computer, wtf would you go out in a public place and do so? At least sit in your car or something.

Why would I have a facebook account?

Why would I be advertising on facebook for people to join my enterprise?

Why would I keep logs of any sort?

There is so much stupid here, it hurts. Some "Dread Pirate" he turned out to be.

Re:More than a little retarded

[hodet]

Sounds like a case of hubris. He was overconfident in his abilities and probably got more and more sloppy as time went on, convincing himself that he was too smart to get caught.

Re:More than a little retarded

[drinkypoo]

He was overconfident in his abilities and probably got more and more sloppy as time went on, convincing himself that he was too smart to get caught.

I think it's more convincing himself that his opponents were too dumb to catch him even if he was sloppy... but they're not complete idiots, obviously.

Re:More than a little retarded

[taustin]

The cops don't have to be smarter than the crooks to catch them. They only have to be competent, and patient.

Re:More than a little retarded

It seems to me, that when he was just starting he didn't realize the magnitude of the enterprise he was launching; later he tried to go back & cover his tracks, but couldn't do it completely. And then he made a few slipups along the way.

Re:More than a little retarded

[demonlapin]

As the saying goes, it's not enough to be smarter than every cop; you have to be smarter than all the cops put together.

Re:More than a little retarded

[rogoshen1]

also the cops only have to 'get lucky' once. the criminal (or suspect) needs to be lucky 100% of the time. The odds are definitely in the police's favor.

Re:More than a little retarded

[Comrade+Ogilvy]

Yup. The real secret to not being caught by Columbo is not, as would be geniuses tend to think, by having a "full proof" scheme by which Columbo will never be able to prove you did it. It is by never showing up on Columbo's suspect list in the first place. Ulbricht's post that reveals his email was probably his doom, putting him on a select list of mere hundreds of people who knew about Silk Road early in the game. Then it becomes a numbers game, and the list shortens and shortens until the Dread Pirate has made one too many small errors.

Re:More than a little retarded

[blueg3]

This is true.

I mean, the "cybercrime" investigators that work for the FBI are not stupid and they're not incompetent. If you're running a large, well-known drug-selling site, they probably will put resources into finding you. On top of that, the deck is really stacked against you -- as a criminal, you need to avoid making any mistakes, while the investigator only need to wait for you to make a mistake. They're patient. (And "investigator" is not just people working for the police -- it's also anyone who might both have reason to dislike you and also motivation to reveal your identity to the police.) So, it may well be possible to hide indefinitely from prosecution, but it's not easy.

Re:More than a little retarded

[rmdingler]

Careful now.

I have it on good authority one can go from "the worst pirate I ever heard of" to "that's got to be the best pirate I've ever seen" in less than *one film at the Bijou.

*It's a colloquial measurement, like football fields and olympic swimming pools.

Re:More than a little retarded

Posting anonymously, just because. :-)

While I am not, and have not been involved in any criminal matters, I happen to be somewhat paranoid about my privacy. If you have.. interesting private fetishes that won't get you into any legal trouble but WILL generate mockery from your co-workers, you learn that in that private world you have to simply be very careful.

Let me tell you, if you want to keep your professional and private lives separate, being 'careful' for decades is very, very difficult. You always have to resist the impulse to chat about what you do at work, lest you create a connection between the two. You have to resist posting about each side in their various communications forums.

Maintaining privacy for extended periods of time is just difficult. For a week? Sure! Constant vigilance! Wheee! After a year, you start to slack off. Maybe you start to think "fuck it." Maybe not getting caught with anything will make you lower your guard. Maybe there will be a point of time when you start to take shortcuts. You may also greatly regret the public Usenet postings you made under your real name in your early college years when you were young and dumb and thought "privacy? Who will ever care about this?" You might even think "eh, I'm tired of being in the closet. Who really cares if I'm a furry anyway? I don't even do any of that weird stuff people would associate with them."

Then you come back to your senses and get back into the closet, and keep your two lives separate! But boy, it's difficult to not accidentally leave evidence around Google, etc.

Re:More than a little retarded

[Stan92057]

Because not all criminals are smart nor are they smart as they think they are.

Re:More than a little retarded

[Altrag]

Sounds like the FB link was used more for correlation than direct evidence -- they even included an example (the FB account had pictures from Thailand posted at approximately the same time that DPR was bragging about a trip to Thailand on some other forum.) Its unlikely he did anything like posting "come see my illegal website!" on his real-name account. (Of course they did mention that he used his own name @gmail.com for a reply address so who knows..)

Re: More than a little retarded

[AvitarX]

The lack of end game is key.

If you're making real money doing illegal things, yup I need an end game, and it needs to be a relatively soon date. Unless you're real smart, there's a practical limit to what can be spent anyway.

Re:More than a little retarded

[LordWabbit2]

That's just the thing, at some point someone will make a mistake, he should have been more like the Dread Pirate Roberts and retired before that happened. From what I understand he had made a lot of money, should have walked away while he still could (yeah, yeah I know easier said than done).

Re:More than a little retarded

[houghi]

it's also anyone who might both have reason to dislike you and also motivation to reveal your identity to the police

This is what causes many criminals to get arrested. I can be a jealous competotor or even a jealous partner or just some poor joe presured into giving up your name.

So even if you make no mistakes, you can still get caught. So after that you need to leave no evidence they can use against you.

Re:More than a little retarded

[Rei]

Haha, I knew right from your second paragraph that you must be a furry. ;)

While I don't personally get it, power to you, man. :) Rrrawr! And my sympathies for having to be in the closet about it. :(

Good lord, that photoshop job.

[Sowelu]

Not much really needs to be said.

Non-repudiation

[mitcheli]

The advantages to Encryption and defense-in-depth strategies is they are based on the triad of information assurance, one key of that is "non-repudiation". The "downside" to non-repudiation is the ability to connect the dots come litigation time. Interesting that they mention that the SSH sessions used key based authentication when the opposing attorneys claimed that anyone can name their systems "frosty" and use the login name "frosty". My question is, did the key on the laptop that was supposedly logged in as "frosty" also correlate to the key on the server? If so, the "anyone" list just got a lot smaller.

Re:Feds tipped hand

Also, this whole story probably is BS.

They used some classified NSA method (I can think of at least two major approaches) and now they spread some BS in order to cover their REAL methods.

"Parallel Construction" at work.

Problem Exists Between Chair and Keyboard

[darkmeridian]

I think the knee-jerk response is to say that the problem exists between the chair and keyboard. Just reading the article makes it impossible to draw another conclusion. He was nabbed in a public library before he had a chance to turn his laptop off so nothing was encrypted. Similarly, ARE YOU TAKING NOTES ON A CRIMINAL FUCKING CONSPIRACY? Why would you ever keep data in plain text even if the hard drive is encrypted? I am not expecting the FBI to raid me at any time, but just out of caution, I have my computer encrypted using Bitlocker (yeah, I know) and all data at rest is stuck in a hidden TrueCrypt partition. If I want to access it, I have to sign in separately. But most hilariously, he had a stupid freaking Facebook page that linked him directly to his true identity and Silk Road.

However, this only underscores how difficult it is to have operational security for any complex business. At some point, he needs to keep track of all transactions, with reasonably easy access. It's a pain in the ass for me to repeatedly log in and access data. I can only imagine how difficult it must have been to conduct business. I guess the bottom line is that physical security is crucial.

Seems like the technologies didn't get him

[jandrese]

Looks like he was done in by being stupid more than the technologies.

The article is more than a little sensational too. "He was done in by CHAT!" No, he was done in by keeping a goddamn log of his criminal activities. The fact that it happened to be chat is beside the point. Probably the only entry in there that deserves the headline is the Bitcoin one, only because it highlights how people misrepresent Bitcoin (It's so anonymous that every single transaction ever is recorded on the internet!). The article points out that he could have used tumblers to hide his bitcoins, but with the volume of coins Silk Road deals with that probably wasn't practical. Tumblers are really only useful for relatively small numbers of coins at a time. Put too many in and take too many out and your transactions stand out.

The article does harp a lot on how this information was only available because Ulbrict was dumb and let his laptop be snatched out of his hands while he was logged in. It is somewhat frightening to consider how poor the government's case might be if he had simply been facing the other direction.

How do we know this is not parallel construction?

[Magnus+Pym]

This seems like a perfect use of parallel construction: figure out who he is by using illegal/secret technologies, and develop a plausible narrative of how legal methods were actually used. Maybe we are jumping too quickly to the "He was stupid" conclusion.

Re:Feds tipped hand

Oh boy, that is what they want ***YOU*** to think.

Just read how Churchill ordered "recon planes" to "mysteriously" show up five minutes before the bombers dropped the ordnance on the u-boats.

He fooled Admiral Dönitz with that method.

Re:Caught flat-footed...

[jabuzz]

It looks to me that the biggest goof he made was using the Altoid pseudonym more than once, and on one occasion leaving an obvious connection to himself. After that it was mainly just patience on behalf of the law enforcement officers. If he had not made that crucial mistake they probably would still not have any idea who dreadpirateroberts was.

Re:Feds tipped hand

[duranaki]

And how did they know to stalk him until they found him with his laptop open and unlocked to begin with? I haven't followed the case closely, but from the article I didn't see what technological failure led them to him to begin with. Every point seemed to be: Once they had his laptop, they could prove he did XXX because of this technology. Maybe I missed the part where they explained how he became a suspect worth stalking to a library to begin with. Until that's explained, seems like secret NSA method is the most likely.

This article seems to agree there's something odd about the investigation: http://arstechnica.com/tech-po...

Re:Bitcoin and criminals

[bobbied]

Because on places like Slashdot they read "BitCoin is anonymous!"

Re:How do we know this is not parallel constructio

You don't need parallel construction when they seized his lap top.

All of this is based on the seizure of his lap top.

The bit coins, the chat logs, the encryption keys, the SSH logins.

If they didn't seize the lap top in tact, they would have had a much more difficult time with this. It would have been he said/she said buried in tech gobbledygook.

But they did get his lap top, in tact, in plain text. I imagine getting the lap top was primary goal of his arrest. They'd probably have let him run and catch him later, if they could get his lap top.

And once they got that lap top, the world opened up for them. He was laid bare.

His most trusted ally ratted him out. It's that simple.

Who is Dread Pirate Roberts?

[lippydude]

"As Ulbricht's trial unfolded over the last month, one character appeared again and again in the chat logs prosecutors pulled from the laptop seized from Ulbricht at the time of his arrest: a man calling himself Variety Jones, and later, Cimon " ref.

Re:Feds tipped hand

[Comrade+Ogilvy]

Someone named rossulbricht@gmail.com revealed himself as one of the first people who knew about Silk Road. Item #4 in TFA. (Could be lying/misinformation, but it is a plausible explanation.)

Re:Feds tipped hand

[JustSomeProgrammer]

He posted on Bitcointalk.org early on about the site and then later on posted a help wanted add on Bitcointalk.org that contained his personal real name email address rossulbricht at gmail dot com. That was pretty damn stupid.

The true architect of Silk Road: Variety Jones

Variety Jones, perhaps the true mastermind behind Silk Road, had the perfect level of involvement. He was disconnected and impossible to track, which means he ran this empire through a patsy. This isn't meant as an insult to Ulbricht. It's too hard to do everything right at that level of involvement. Jones's mistakes only had negative ramifications for Ulbricht. You could say that his only error that might come back to him was that he didn't explicitly tell Ulbricht to keep logging disabled for his Tor chats, which allowed Jones's writing habits and estimates of his schedule (time zone) can be analyzed and perhaps mapped to his other (less obscured) online activity in a manner similar to Ulbricht's Facebook notes about Thailand.

Who knows, perhaps Jones, who was quite arguably the true architect of Silk Road, is now serving the same capacity in another similar enterprise.

Re:How do we know this is not parallel constructio

[im_thatoneguy]

Parallel construction could be considered though 'Fruit of the Poisonous Tree' http://en.wikipedia.org/wiki/F...

If they only found him by ?illegal NSA wiretapping? the laptop would inadmissible. My understanding is that most parallel construction (supposedly) isn't for the sake of using illegally obtained evidence but simply to protect the method or person by which the evidence was obtained. Which also could be the case here. Maybe they actually got him using a sophisticated and warranted attack that they don't want people know they're capable of (e.g. how they took down SilkRoad 2 and 3 and 4.)

Then again IANAL so who knows, maybe all of my law and order reruns are of no use in this instance. :D

Re:How do we know this is not parallel constructio

[DarkOx]

My understanding is that most parallel construction (supposedly) isn't for the sake of using illegally obtained evidence but simply to protect the method or person by which the evidence was obtained.

May I inquire as to why you think this? Do you have any interesting evidence or even anecdotes that lead you to this conclusion or is this just what the nice man from the DOJ told you?

Additionally I can see virtue in protecting the persons evidence was obtained from in *some* cases, but the methods? In a free society with an adversarial justice system based on the presumption of innocence, what legitimate goals are furthered by secrecy around evidence gathering methods?

Re:How do we know this is not parallel constructio

[stealth_finger]

In a free society with an adversarial justice system based on the presumption of innocence, what legitimate goals are furthered by secrecy around evidence gathering methods?

It would be nice if we had one of those but are you joking? Cover up the methods to stop people defending against it. it's not fucking rocket science.

Re:It's all about the laptop

> Indeed. Just working behind two doors and/or having a dead-man-switch handy would have been enough.

Nobody expects the spanish inquisition, the SAS, GSG-9, S. Matkal, GIGN, GROM, SEAL-6 or Spetnaz to come through the window on fast-rope? With a Silent Hawk Laden-copter hovering above?

In fact, military-style commandos usually enter through the walls, using tube-like shaped charges to form a nice big manhole, out of concern for the possible booby-trapping of doors and windows. Or they will first infiltrate the basement / attic, gas the building from there russian theatre style, then carry out the targets and collaterals on stretchers. Or simply drop in a flash-bang grenade through the chimey for starters, which leaves the inhabitans unable to tell their left and right hands apart for several minutes.

After all, that Kim Un Dotcom guy was caught, even though his ranch was a fortress. They came for him in a black helicopter and said drop your shotgun now, cause we have RPGs.

Re:Bitcoin and criminals

[Rei]

Yep. Base your operations in Russia or another country reluctant to extradite to the west, and then use bitcoin to get the money to you so it can't be readily blocked. Even if they identify you, they probably can't extradite.

Seems to be the strategy that the CryptoWall folk are using, at least.

Re:How do we know this is not parallel constructio

[r_a_trip]

*** Yes he might of left information around that could help narrow down suspects, or even incriminate himself, but that doesn't mean that it would have been found, noticed, and acted on.***

Well, Silkroad was a huge piece of evidence for criminal activity. I think it is safe to assume that the FBI tripped over that boulder first. Since it was a web-based auction site, someone must have created it and someone must maintain it. Someone with he nym Dread Pirate Roberts seems to run the show.

Standard investigative work tends to work backwards to the source. In the very early days of Silkroad the nym Altoid pops up and focussing on Altoid, a post with rossulbricht at gmail dot com connected to the nym Altoid is found. I think it is safe to assume that from that moment on the name Ross Ulbricht led the suspect list and all effort was put in to linking DPR to Ross Ulbricht.

Re:How do we know this is not parallel constructio

[mrchaotica]

My understanding is that most parallel construction (supposedly) isn't for the sake of using illegally obtained evidence but simply to protect the method or person by which the evidence was obtained.

Parallel construction is illegal even if there is a warrant, because the accused has a Constitutional right to face his accuser. Keeping the method of obtaining evidence secret is simply not allowed (at least, as long as the court itself is actually obeying the law).

Re:Feds tipped hand

[david_thornley]

Recon planes did not mysteriously show up five minutes before. Recon plane pilots were told to search in this area today, just do it and don't ask questions, and things proceeded from there.

Nor did he fool Doenitz, who suspected that his communications were being read. He went to the Germany crypto folks, and they said, "No, that's impossible, but if you insist we'll give you a special Enigma with an extra rotor". This is one reason why 1942 was a good year for Germany in the Battle of the Atlantic. Once that was cracked, Doenitz thought the same thing, but was flatly told he had to be wrong.