Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Technologies That Betrayed Silk Road's Anonymity

Posted by samzenpus on from the little-mistakes dept.

itwbennett writes Silk Road was based on an expectation of anonymity: Servers operated within an anonymous Tor network. Transactions between buyers and sellers were conducted in bitcoin. Everything was supposedly untraceable. Yet prosecutors presented a wealth of digital evidence to convince the jury that Ross Ulbricht was Dread Pirate Roberts, the handle used by the chief operator of the site. From Bitcoin to server logins and, yes, Facebook, here's a look at 5 technologies that tripped Ulbricht up.

17 of 129 comments (clear)

  1. TL;DR by OverlordQ · · Score: 4, Insightful

    Rusty treated OpSec as suggestions instead of law.

    --
    Your hair look like poop, Bob! - Wanker.
    1. Re:TL;DR by Jeremi · · Score: 4, Insightful

      Rusty treated OpSec as suggestions instead of law.

      Of course, he also treated the law as suggestions instead of law. I have no sympathy at all. :P

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
  2. Re:Stupidity is a technology now? by Anonymous Coward · · Score: 5, Funny

    Yes, Facebook is a technology.

  3. More than a little retarded by HBI · · Score: 5, Insightful

    If I were running a criminal enterprise via my computer, wtf would you go out in a public place and do so? At least sit in your car or something.

    Why would I have a facebook account?

    Why would I be advertising on facebook for people to join my enterprise?

    Why would I keep logs of any sort?

    There is so much stupid here, it hurts. Some "Dread Pirate" he turned out to be.

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
    1. Re:More than a little retarded by hodet · · Score: 4, Insightful

      Sounds like a case of hubris. He was overconfident in his abilities and probably got more and more sloppy as time went on, convincing himself that he was too smart to get caught.

    2. Re:More than a little retarded by drinkypoo · · Score: 4, Interesting

      He was overconfident in his abilities and probably got more and more sloppy as time went on, convincing himself that he was too smart to get caught.

      I think it's more convincing himself that his opponents were too dumb to catch him even if he was sloppy... but they're not complete idiots, obviously.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:More than a little retarded by taustin · · Score: 4, Insightful

      The cops don't have to be smarter than the crooks to catch them. They only have to be competent, and patient.

    4. Re:More than a little retarded by rogoshen1 · · Score: 5, Insightful

      also the cops only have to 'get lucky' once. the criminal (or suspect) needs to be lucky 100% of the time. The odds are definitely in the police's favor.

    5. Re:More than a little retarded by Comrade+Ogilvy · · Score: 4, Insightful

      Yup. The real secret to not being caught by Columbo is not, as would be geniuses tend to think, by having a "full proof" scheme by which Columbo will never be able to prove you did it. It is by never showing up on Columbo's suspect list in the first place. Ulbricht's post that reveals his email was probably his doom, putting him on a select list of mere hundreds of people who knew about Silk Road early in the game. Then it becomes a numbers game, and the list shortens and shortens until the Dread Pirate has made one too many small errors.

    6. Re:More than a little retarded by blueg3 · · Score: 4, Insightful

      This is true.

      I mean, the "cybercrime" investigators that work for the FBI are not stupid and they're not incompetent. If you're running a large, well-known drug-selling site, they probably will put resources into finding you. On top of that, the deck is really stacked against you -- as a criminal, you need to avoid making any mistakes, while the investigator only need to wait for you to make a mistake. They're patient. (And "investigator" is not just people working for the police -- it's also anyone who might both have reason to dislike you and also motivation to reveal your identity to the police.) So, it may well be possible to hide indefinitely from prosecution, but it's not easy.

    7. Re:More than a little retarded by Anonymous Coward · · Score: 5, Insightful

      Posting anonymously, just because. :-)

      While I am not, and have not been involved in any criminal matters, I happen to be somewhat paranoid about my privacy. If you have.. interesting private fetishes that won't get you into any legal trouble but WILL generate mockery from your co-workers, you learn that in that private world you have to simply be very careful.

      Let me tell you, if you want to keep your professional and private lives separate, being 'careful' for decades is very, very difficult. You always have to resist the impulse to chat about what you do at work, lest you create a connection between the two. You have to resist posting about each side in their various communications forums.

      Maintaining privacy for extended periods of time is just difficult. For a week? Sure! Constant vigilance! Wheee! After a year, you start to slack off. Maybe you start to think "fuck it." Maybe not getting caught with anything will make you lower your guard. Maybe there will be a point of time when you start to take shortcuts. You may also greatly regret the public Usenet postings you made under your real name in your early college years when you were young and dumb and thought "privacy? Who will ever care about this?" You might even think "eh, I'm tired of being in the closet. Who really cares if I'm a furry anyway? I don't even do any of that weird stuff people would associate with them."

      Then you come back to your senses and get back into the closet, and keep your two lives separate! But boy, it's difficult to not accidentally leave evidence around Google, etc.

  4. Good lord, that photoshop job. by Sowelu · · Score: 5, Insightful

    Not much really needs to be said.

  5. Non-repudiation by mitcheli · · Score: 4, Insightful

    The advantages to Encryption and defense-in-depth strategies is they are based on the triad of information assurance, one key of that is "non-repudiation". The "downside" to non-repudiation is the ability to connect the dots come litigation time. Interesting that they mention that the SSH sessions used key based authentication when the opposing attorneys claimed that anyone can name their systems "frosty" and use the login name "frosty". My question is, did the key on the laptop that was supposedly logged in as "frosty" also correlate to the key on the server? If so, the "anyone" list just got a lot smaller.

    --
    Select from tblFriends where interesting >= 4;
  6. Problem Exists Between Chair and Keyboard by darkmeridian · · Score: 4, Insightful

    I think the knee-jerk response is to say that the problem exists between the chair and keyboard. Just reading the article makes it impossible to draw another conclusion. He was nabbed in a public library before he had a chance to turn his laptop off so nothing was encrypted. Similarly, ARE YOU TAKING NOTES ON A CRIMINAL FUCKING CONSPIRACY? Why would you ever keep data in plain text even if the hard drive is encrypted? I am not expecting the FBI to raid me at any time, but just out of caution, I have my computer encrypted using Bitlocker (yeah, I know) and all data at rest is stuck in a hidden TrueCrypt partition. If I want to access it, I have to sign in separately. But most hilariously, he had a stupid freaking Facebook page that linked him directly to his true identity and Silk Road.

    However, this only underscores how difficult it is to have operational security for any complex business. At some point, he needs to keep track of all transactions, with reasonably easy access. It's a pain in the ass for me to repeatedly log in and access data. I can only imagine how difficult it must have been to conduct business. I guess the bottom line is that physical security is crucial.

    --
    A NYC lawyer blogs. http://www.chuangblog.com/
  7. Seems like the technologies didn't get him by jandrese · · Score: 4, Interesting

    Looks like he was done in by being stupid more than the technologies.

    The article is more than a little sensational too. "He was done in by CHAT!" No, he was done in by keeping a goddamn log of his criminal activities. The fact that it happened to be chat is beside the point. Probably the only entry in there that deserves the headline is the Bitcoin one, only because it highlights how people misrepresent Bitcoin (It's so anonymous that every single transaction ever is recorded on the internet!). The article points out that he could have used tumblers to hide his bitcoins, but with the volume of coins Silk Road deals with that probably wasn't practical. Tumblers are really only useful for relatively small numbers of coins at a time. Put too many in and take too many out and your transactions stand out.

    The article does harp a lot on how this information was only available because Ulbrict was dumb and let his laptop be snatched out of his hands while he was logged in. It is somewhat frightening to consider how poor the government's case might be if he had simply been facing the other direction.

    --

    I read the internet for the articles.
  8. How do we know this is not parallel construction? by Magnus+Pym · · Score: 4, Insightful

    This seems like a perfect use of parallel construction: figure out who he is by using illegal/secret technologies, and develop a plausible narrative of how legal methods were actually used. Maybe we are jumping too quickly to the "He was stupid" conclusion.

  9. Re:Feds tipped hand by Comrade+Ogilvy · · Score: 4, Informative

    Someone named rossulbricht@gmail.com revealed himself as one of the first people who knew about Silk Road. Item #4 in TFA. (Could be lying/misinformation, but it is a plausible explanation.)