The FBI has brought down Silk Road arrested a man that they allege ran the operation under the moniker Dread Pirate Roberts, one Ross William Ulbricht.
At this stage, the FBI case against Ulbricht, who they allege is Dread Pirate Roberts (DPR) looks to be a slam-dunk – in every sense of the word. Investigators have released a few details about their case against him and what they have revealed looks damning to say the least. It is not possible, at the time of writing, to establish a proper timeline of events. It looks like the arrest was the result of good old-fashioned computer forensic investigative techniques, police work, and inter-agency cooperation, but living as we do in an age of total surveillance, you can never be sure.
What was it worth?
The criminal complaint states that since its creation in 2011, the Silk Road has acted as a middleman in approximately $1.2 billion worth of transactions. According to their estimates, this generated approximately $80 million worth of revenue for the site – which received as many as 60,000 hits per day.
How it probably happened
The FBI has not revealed all of the details of its investigation, but it seems that they took a tried and tested approach into their Silk Road investigation. Perhaps the Silk Road’s biggest weakness was that it was first. In the time that it came about, most people had never heard of the dark web, or the deep web as it is also known. To get people off the World Wide Web and onto tor would take some creative social marketing. It seems that this is where the FBI’s first efforts began – but maybe they simply caught someone and pushed them to talk.
On the Internet, everything that you write is forever. Not only is it forever, it is also time-stamped and linked to an IP address. Taken alone, IP addresses and time stamps do not give us much, but as we saw in the case of General Petraeus, that does not matter. Once you have an IP address and sufficient legal authority, you can start looking for where else it pops up. When someone posts anonymously on a forum and then logs into their regular email account then the breadcrumbs become a trail.
There are echoes of the Petraeus investigation in the events that transpired. While Ulbricht seems to have been fairly careful in his online movements, there are elements that appear sloppy. The username “altoid” was used to make a number of posts promoting the Silk Road on a magic mushroom forum. The post described Silk Road and pointed to an anonymously hosted WordPress blog, which listed the TOR address for the site. The same username later popped up on the Bitcoin Talk Forum in a job posting, which called for an IT expert with knowledge on Bitcoin. The post listed Ulbricht’s personal Gmail account. At this stage, there would not have been enough evidence to make an arrest, but there were just enough coincidences to have made Ulbricht a person of interest.
The beauty of watching data instead of people is that the right software can do most of the work. Aside from the pre-requisite paperwork, would it really be any harder to monitor a hundred people than it is to monitor one? That and the eternal nature of the data trail make digital surveillance an incredibly powerful investigative tool. Rather than painstakingly gathering information on each of the suspects, it would be gathered all at once, eventually someone will make a mistake.
Much of the FBI’s digital profile of Ulbricht seems to be circumstantial – not enough to prove that he is DPR, but certainly enough to suggest the possibility. Aside from the aforementioned forum posts, there are curious coincidences between his real-world interests and topics of DPR’s Silk Road articles. Curious coincidences are not enough to start a federal drug trafficking, money laundering and computer hacking case, but they are enough to prompt investigators to dig until they find material evidence. Unfortunately for Ulbricht, there seems to have been plenty of it.
A package containing nine counterfeit identification documents, each of which bore a photograph of the same person but a different name, was intercepted by Customs and Border Control agents. According to different versions of events his San Francisco address was visited by police, Homeland Security and/or ICE officials. We can assume that he was not arrested at that time. The FBI alleges that communications between DPR and at least one Silk Road seller discussed the identification documents, which he had planned to use to rent more servers for the site.
The IP address of a VPN used by Ulbricht was found in the source code of the Silk Road website. It was there to control access to the site. Unbeknown to Ulbricht, the FBI had issued the VPN provider with a subpoena and was able to establish his ownership of the account.
Last but not least was a Silk Road server that the FBI managed to clone. This allowed agents to look deeply into his on-site communications and presumably also allowed them to access the source code, through which they gleaned the above mentioned IP address – which was in place as a security measure.
The monitoring of DPR’s communications revealed that he had contracted two murders. The alleged hitmen reported that the killings had been carried out – but it seems possible that they were faked.
A maelstrom of stupidity
Where did things go wrong for DPR? Where to begin? The scene in Office Space where Michael Bolton offers a damning self-assessment of his group’s criminal abilities immediately springs to mind (as does Samir’s response):
Michael: “You know what I can’t figure out? How is it that all these stupid Neanderthal mafia guys can be so good at crime, and smart guys like us can suck so badly at it.” Samir: “We’re new to it though.”
If Ulbricht is in fact DPR – and it looks like he is – then everything he did was achieved without the benefit of an informal criminal education. He was book smart but not street smart and he did not think things through as well as he thought he did. The problem with the whole DPR persona is that it was a little obnoxious and way too grandiose. Its owner, whether Ulbricht or not, used it to brag about his exploits and as a soap box to share his views. It is the same churlish behavior that you see from a typical Internet troll. More importantly, writing in itself, can help to link a persona to an actual person. If DPR’s on-site manifestos were not enough motivation for authorities, the interview that he gave to Forbes certainly would have been. He was mum on a lot of the details, but he boasted about the perceived value of his site.
DPR’s lack of criminal expertise showed through in a number of the allegations that the FBI raised. When you grow up around people who commit crime for a living, you learn to look for the telltale signs that you are being watched. You hear anecdotes about what went wrong for whom and how badly – and get the benefit of being able to learn from other people’s mistakes. More importantly, you form actual, real-world bonds with like-minded people – who have learned that the only way to keep the gravy train rolling is to be loyal to one’s co-conspirators and to never, ever cooperate with authorities. A criminal enterprise will not function for long without loyalty, trust and a little bit of fear.
DPR was the weak link in the chain. He made the mistake of thinking that he was careful enough to never be caught. Then he entrusted his freedom to a bunch of criminals, whom he had never met, by asking them to kill for him. It is not clear, at this stage, whether the FBI were monitoring his communications at the time that he ordered the murders – or after. While it seems like the killings might not have taken place, hiring someone to commit murder amounts to criminal conspiracy is a very serious crime. A relationship spanning all of two years is nowhere near long enough to develop that level of trust in a relationship with someone that you have never met
The contracted killings were perhaps DPR’s biggest blunder. That they were ordered in the first place will dissolve any goodwill that a jury might have felt towards DPR and making the alleged arrangements in writing is foolish beyond words. These are things that are best communicated in as few words as possible and only ever face-to-face – never over the phone and certainly never in writing over the Internet. If these murders had taken place, then prosecutors could push for the death penalty.
If Ulbricht is indeed DPR, then he should have closed up shop or disappeared the moment that the discussion about the nine fake identity documents ended. One fake identity might be allowed to slide – but what law-abiding citizen has use for that many IDs? That he was allowed to walk after that suggests that a bigger investigation was already ongoing. It should have been take the money and run time, instead he stayed in San Francisco; that seems more than a little foolhardy.
Why was he even in the US at all? Hindsight is always 20/20, but come on – if you are making several million dollars a month and rubbing the FBI’s nose in it, do you really think that San Francisco is the best place to be? He should have been traveling – hopping between countries – and moving within the countries while he was there. It would suck, it would be a lot of work, but to get away with what he was allegedly trying to get away with, that is the price that you have to pay.
DPR has been presented as a drug kingpin, but at the end of the day he was never anything more than a systems administrator. It started as a clever idea – a way for people to exchange money for their favorite illicit substances without having to talk to drug dealers. Had it stopped there and remained low-key, it might have gone on for years – but when you add guns and murder for hire to the lineup – people who might otherwise be sympathetic are going to feel a lot less comfortable about looking the other way.
It is too early to say whether Ulbricht’s arrest marks the beginning of the end for similar black-market deep web sites, but the folks in charge of the competition had the benefit of starting later – which almost certainly left them less exposed in their initial efforts to promote their sites. Right now, Ulbricht will be slowly becoming aware of the full scope of the ramifications of his actions. The murder conspiracy allegations and the scope of Silk Road’s operations will ensure that any “deal” that he is offered will involve a lengthy stretch of time in prison. That being said, he has a couple of things going for him. As far as the Silk Road’s general operations go, DPR was only acting as a middleman. It paid handsomely, but he was not putting the drugs into packages – but he may be able to assist authorities in their efforts to locate people who were.
For the Silk Road’s many sellers, the quasi-anonymity that the site afforded may prove to be their Achilles heel. It is tough to imagine a scenario whereby someone facing a decades-long prison sentence would feel compelled to keep his mouth shut to save his nameless, faceless associates from going to prison – and that is what Ulbricht faces if he is indeed DPR. It is hard to imagine that he would not be charged under the Racketeering Influenced and Corrupt Organizations (RICO) Act, which carries a mandatory minimum sentence of 20 years per racketeering charge.
Stating the ridiculously obvious
When people tell you that crime does not pay, they are only partially right. According to the FBI, Silk Road generated somewhere in the vicinity of $80 million in revenue for its owner or owners. That is not exactly small change, but for the people involved, most of it would have never gone beyond being numbers on a computer screen. By all accounts, Ulbricht was living a low-key existence, he even had roommates – if he was DPR, then he was hardly living the high-life. The FBI claims to have seized around $4 million worth of Bitcoin – which means either their $80 million figure is an exaggeration or that there is more money out there somewhere. They will not stop until they find it; the RICO act allows for seizure of assets; the house always wins.