FBI's Case Against Silk Road Boss Is A Fascinating Read
from the for-you-breaking-bad-junkies dept
It's been known for quite some time that the feds were desperately trying to hunt down the folks behind Silk Road, the somewhat infamous "dark web" e-commerce site, accessible only via Tor, which was famous mainly for selling drugs in a slightly anonymous fashion. Of course, when the news came out recently that the FBI had used malware to reveal Tor Browser users, many believed that this was part of an attempt to track down Silk Road, and that seems increasingly likely after the FBI announced this morning that it has arrested Silk Road's owner, Ross William Ulbricht, who went by the moniker "Dread Pirate Roberts" online. Turns out that Ulbricht was based in San Francisco and was arrested at the public library, of all places.The case against him (pdf) is interesting, because beyond just going after him for helping to distribute illegal drugs, they claim that he solicited a Silk Road user in a murder-for-hire request (though he's not charged with that), to potentially go after a different Silk Road user who was threatening to reveal the identities of people on the site (the user claimed to have hacked a large vendor's account, and demanded $500,000 to not reveal names). They also go after him (of course) with a CFAA violation claim and a money laundering claim. Of course, we've seen the DOJ inflate and pile on charges against people in the past, so it will be worth watching to see what details come out of this -- but soliciting a murder, if true, seems like a fairly big deal.
In addition, the complaint against him claims that Silk Road generated 9.5 million Bitcoins in revenue, leading to 600,000 Bitcoins in commissions (or roughly $1.2 billion in sales and $79.8 million in commissions). Of course, that seems noticeably higher than previous research had suggested. It also notes that the FBI itself made over 100 purchases on Silk Road -- including ecstasy, cocaine, heroin, LSD and others. Apparently, they wanted a lot of evidence. And, in case you were wondering, the FBI informs us that their orders "have typically shown high purity levels of the drug the item was advertised to be on Silk Road."
While the details in the complaint seem pretty thorough, there are some tidbits that stand out as questionable. The complaint clearly states that Bitcoin and Tor are both legal and have legitimate purposes, but it also says that Silk Road's use of proxies to "hide the identities of those that run Silk Road... reflect his awareness of the illegal nature of the Silk Road enterprise." I don't quite see how wanting to be anonymous automatically suggests that you're engaged in illegal behavior. Later in the complaint, the FBI agent spends an awful lot of time talking about how Ulbricht was interested in the Mises Institute, the well-known libertarian think tank. I'm not sure what that has to do with anything. The FBI notes that Dread Pirate Roberts' defense of Silk Road included quoting Ludwig von Mises and Murray Rothbard (two economists closely associated with the Mises Institute), but lots of people follow the Mises Institute, so that seems like a stretch.
Another questionable tidbit: the FBI notes that Ulbricht posted a question to Stack Overflow using his real name, but "less than one minute later, Ulbricht changed his username at Stack Overflow from 'Ross Ulbricht' to 'frosty.'" and then the FBI agent noted "I know that criminals seeking to hide their identity online will often use pseudononymous usernames to conceal their identity." Later, after Ulbricht changes the email on the account to frosty@frosty.com -- an invalid email address -- the FBI agent similarly notes that "criminals seeking to hide their identity online will often use fictitious e-mail addresses." Well, yes, but the same is true of people with perfectly legitimate reasons to be anonymous, or those who don't want spam. While there does appear to be plenty of actual evidence, the use of these tidbits seems highly questionable.
The whole extortion/murder for hire story is a bit crazy. As noted above, one user contacted Dread Pirate Roberts, claiming to have hacked another vendor and obtained the details of users, which he'd release if not given $500,000 to pay off another drug supplier. Ulbricht asked the guy who was threatening him, a user who went by the name FriendlyChemist, to put him in touch with that supplier. After FriendlyChemist did so, Ulbricht used the opportunity to try to get that supplier to sell drugs via Silk Road. There was a further discussion, and when FriendlyChemist started getting anxious, the complaint says Ulbricht asked FriendlyChemist's supplier how much "would be an adequate amount" in order to "put a bounty on his head." After being quoted a price of $150,000 to $300,000 (rate dependent on "clean" or "not clean") Ulbricht allegedly complained that the price was high, and noted that he'd previously hired someone to kill someone for $80,000. They eventually agreed to a price of $150,000 (16710 Bitcoins), and Ulbricht was told that the job was done: "Your problem has been taken care of. . . . Rest easy though, because he won't be blackmailing anyone again. Ever." Apparently a photo was supplied. The FBI notes that while this supposedly happened in Canada, Canadian law enforcement says that it didn't happen.
The complaint also notes that Ulbricht has a LinkedIn page which includes a bit of a rant about "using economic theory as a means to abolish the use of coercion and aggression amongst mankind." It also notes "I am creating an economic simulation to give people a first-hand experience of what it would be like to live in a world without the systemic use of force." Not sure how one squares that with trying to hire someone to commit murder, but we'll let others debate that.
It appears that while Ulbricht was mostly careful to cover his tracks, he wasn't always that careful. The complaint notes that Silk Road was first advertised on different forums by a user named "altoid," in a manner that indicated altoid was connected with the site. Months later, altoid also posted elsewhere that he was looking to hire an "IT pro in the Bitcoin community" for "a venture backed Bitcoin startup company" -- but then told interested people to contact him at his actual gmail address: rossulbricht@gmail.com. And, voila, the FBI had a name. Also, later, when Homeland Security officials intercepted a package that contained a bunch of fake IDs for Ulbricht, they showed up at his home in July. While he generally refused to answer questions, he did tell them that "'hypothetically' anyone could go onto a website named 'Silk Road' on 'Tor' and purchase any drugs or fake identity documents...." There was also the above mentioned Stack Overflow account, which (briefly) used his real name and email address, which indicated that he was working on a Tor hidden service, and posted some code that (in a modified form) was also found on Silk Road.
All in all, there does seem to be a fairly compelling case built against Ulbricht based on this (though, again, we've seen in previous DOJ cases where things aren't always as they seem). At a first glance, they have a lot of evidence on him. However, some questions do remain. At the beginning of the post, we mentioned the whole thing where the FBI was using malware to identify Tor users... but, of course, that doesn't show up anywhere in the complaint. Instead, the big "breakthrough" was when a "random border search" by DHS turned up those fake identities intended for Ulbricht. However, as Parker Higgins notes, it seems like this could be a case of "parallel construction" whereby the hacking revealed those details, and DHS was then tipped off to check packages sent to Ulbricht, seeking to create "parallel construction" of evidence, in order to launder the fact that the FBI had hacked its way into identifying Tor users. After all, we'd just reported on how the FBI was actively trying to avoid revealing its hacking/malware powers to technologically sophisticated individuals.
Either way, we're sure that there will be plenty more news on this case.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bitcoin, cfaa, doj, fbi, murder for hire, ross ulbricht, silk road
Companies: silk road
Reader Comments
Subscribe: RSS
View by: Time | Thread
Heh, heh: "Dread Pirate Roberts"! Aren't "pirates" funny?
Looks like "Baghdad on the Bay", the "Barbary Coast", is still full of pirates.
[ link to this | view in chronology ]
Re: Heh, heh: "Dread Pirate Roberts"! Aren't "pirates" funny?
And you are conflating two very different definitions of pirate. I guess he's not using the regular term Hollywood likes or even the term the Pirate Parties adopted. I'm inclined to think the dictionary definition is at play here.
Silly, I'd say "stick to the article" but this ain't one of your abilities. Ad considering I'm replying to your blabbing I'm not one to complain either.
[ link to this | view in chronology ]
Re: Re: Heh, heh: "Dread Pirate Roberts"! Aren't "pirates" funny?
[ link to this | view in chronology ]
Re: Re: Heh, heh: "Dread Pirate Roberts"! Aren't "pirates" funny?
Particularly as "Dread Pirate Roberts" is a character from "The Princess Bride" - an actual "ships-and-swords" pirate (https://en.wikipedia.org/wiki/Dread_Pirate_Roberts)
[ link to this | view in chronology ]
Re: Re: Re: Heh, heh: "Dread Pirate Roberts"! Aren't "pirates" funny?
America. In plain sight...
[ link to this | view in chronology ]
Re: Re: Heh, heh: "Dread Pirate Roberts"! Aren't "pirates" funny?
[ link to this | view in chronology ]
That said it's worrying how they try to pile up charges on the guy regardless of how much he is guilty in fact or if he is at all. The e-mail part struck me odd. I use fake e-mails all the time to register on some shady sites or places I don't trust at all and I clearly try to maintain my real identity somewhat concealed online (or at least segregated from my various pseudonyms) while using all sorts of encryptions, proxies and so on. This would make me at least a suspect in the eyes of FBI if not a criminal just because.
[ link to this | view in chronology ]
It doesn't suggest illegal behavior and I don't think they are trying to say that it is. But if you are doing illegal behavior, hiding that behavior suggests that you know that it is illegal.
Lots of people wear ski masks. If you are wearing one while robbing a bank don't try to make the case that it is all a misunderstanding and you were just trying to withdraw money from your account.
[ link to this | view in chronology ]
Has no meaning. Any net user can say why.
I did the same thing on one of those overflow sites because I didn't want to reveal my real-life ignorance to real-life colleagues under my real-life name.
If I put more energy into researching my questions to the overflow site, I could remove the problem by making higher level contributions, but that would be a greater investment.
Nuanced, you see?
[ link to this | view in chronology ]
DHS?
[ link to this | view in chronology ]
Re: DHS?
Nope. Complaint says US Customs and Border Patrol (CBP), which is a division of DHS.
I'm guessing some people may be confused and think that CBP means Canadian Border Patrol. But the complaint shows otherwise on page 28.
[ link to this | view in chronology ]
Re: Re: DHS?
It seems to be a very U.S thing to automatically assume that everybody knows what the acronym stands for, and as most U.S acronyms are for branches of government I can sort of see why. Though it can be very confusing and hard to follow for foreign readers (even, it would seem, if they are as close as Canada).
[ link to this | view in chronology ]
The thing here is that he is involved in illegal behaviour, that part seems pretty clear.
What worries me is that this may set the way for Mafia (with one 'a') style hit's on well meaning white/grey hats.
[ link to this | view in chronology ]
Parallel construction...
The interesting question not answered in the complaint is how they discovered Silk Road's server to get an image of it in July.
[ link to this | view in chronology ]
Re: Parallel construction...
The FBI hacked everybody that used tor mail, a legitimate e-mail service. What makes you think they're not going to hack a drug king-pin's online drug shopping mall? They probably dropped a Flame-like Trojan on the Silk Road servers that eventually made it to Ulbricht's computer(s). He had to manage the servers somehow, and with that was a tunnel into his personal life. Once on his computers, they probably just waited for him to check his Facebook page or they got the local IPs of every site he visited, like they did with Magneto. They knew he would be at the coffee shop where they picked him up. They probably wanted it that way so he would be away from his home (and away from any weapons or means of destroying evidence).
I'd give 80% odds that the extortion plot was the FBI too, or some other law enforcement agency trying to get a rise out of DPR. They do this sort of thing all the time, using harassment or some other illegal tactic to apply pressure. Believe me, they know how not to leave evidence of their involvement.
The question is: do the ends justify the means?
[ link to this | view in chronology ]
For those who didn't follow the adventures of Walter and Jesse, is the story of a chemistry school teacher who becomes a drug lord of sorts.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
The old saying about internet piracy sites being like a hydra (Pirate Bay being one).
From my extremely limited knowledge of the Deep Web, I'd say that it's like a hydra on steroids. You can't kill it, because not only do more heads grow in place of the one you just killed, they're extremely hard to find.
But as the Zen Master says, "We'll see."
[ link to this | view in chronology ]
That's not to human nature works in the real world. It's more profitable to take the suckers money, and not bother shipping anything to them.
What's the sucker going to do? He has no idea who he sent the Bitcoins too. The only way the sucker could "maybe" find out who the anonymous seller is, would be to track those Bitcoins through the block chain and attempt to see which exchange they're cashed out at.
Even then, unless you have some authority over the Bitcoin exchange, or can hack into it in order to see financial records of exchange customers. There's no way you'd ever identify the seller.
Even then, the seller could also use a fake ID to cash out Bitcoins at the exchange.
There's a sucker born every second, as the saying goes. If I ever did a transaction with an anonymous person, that exchange would happen face to face. At an agreed upon location. I'd have at least one sharp shooter get there early and setup around the outside perimeter.
Sound dangerous? It is, and that's why doing business with anonymous people you don't know is stupid. Teach your kids early so they don't grow up to be suckers.
[ link to this | view in chronology ]
Re:
I expect the reputation portion of the deal also helps buyers determine the level of trust they have in what they are buying; giving a marketplace with ratings an advantage over buying on the street.
[ link to this | view in chronology ]
Re:
So then all of those retail establishments that I do business with are stupid? Because I'm certainly an anonymous person they don't know.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Online on legal commerce sites, there is zero anonymity for the reason you state: you have to pay them electronically and accept shipment of the goods, so they have to know very specifically who you are.
In a physical store, there can be great anonymity since you can pay in cash and you take the goods with you.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Parallel Construction
FBI or NSA? Tor is most vulnerable to adversaries who have a global view of all Internet traffic. The FBI doesn't have that, but the NSA does.
[ link to this | view in chronology ]
Re: Parallel Construction
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Charges
[ link to this | view in chronology ]
[ link to this | view in chronology ]
How not to hire a hit man....
Big Opsec problem...you have to physically get whatever it is that is illegal!
[ link to this | view in chronology ]
Sudonims
I also frequently use the nobody@nowhere.com email address because, guess what, there's no reason you need my email address for me to view your crappy content on your sub-standard site (not you, Techdirt, I mean whatever site I happen to be looking over before deciding that it's not worth the effort of even making a bookmark).
[ link to this | view in chronology ]
This is what the "I have nothing to hide" crowd doesn't seem to get. To them I say: You know that completely benign, innocent thing you did? Or everything you ever did that there's a record of? In the real world, yeah, it's quite a stretch to say that any of that was a violation of the law.
But if someday the authorities are coming after you, perhaps for a completely unrelated charge which may or may not be justified, you need to realize that they won't be operating in the real world; they'll be operating in the ultra-adversarial bizarro-world of the criminal justice system. In that world, they will be using everything you have ever said and done against you, twisting your words and actions in extreme ways, attempting to nail you to the wall with anything that will stick. That's their job, in fact; the system is set up that way. In court, you get the chance to confront your accuser and state how ridiculous their interpretation is, but it's still a gamble. Will a judge and jury believe you or the authorities?
The authorities have the ability to fish ever further and more deeply through your past activity, online and off. It really doesn't matter if you think none if it would ever be construed as a crime. They don't have to presume your innocence; that's the court's job. The authorities have the luxury of treating you as if you're as guilty, untrustworthy, and downright evil as the day is long. So if there's anything that, viewed in the worst possible light, could possibly be twisted and used against you in court, you'd better believe it will be.
This reminds me of a recent case where someone switched from a wireless to a wired connection, and the ensuing, totally normal change of the networking hardware's MAC address was cast by the DOJ as some kind of arcane witchcraft, the kind of spoofing a criminal "hacker" would do to circumvent network access restrictions, in violation of the Computer Fraud and Abuse Act...
[ link to this | view in chronology ]
Adding "starving authors to death!" to his crimes.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Society then can focus on the roots of drug use and addiction instead of having the drugs business corrupt hundreds of thousands in positions of authority, and tens of thousands of murders a year. Better the Silkies fight over Google keywords in online auctions than murder and behead each other.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I like to be different, I guess
Nope, not me. I just create a throwaway on Mailinator. :D
[ link to this | view in chronology ]
To them, it's a battle between good and evil, of which without skirting their own laws they'd likely have a much harder time making cases. It bodes the question: do the ends justify the means?
[ link to this | view in chronology ]
What's the End Game?
The legal theory is this: if you operate a broad online service, and the users of that service break laws, then the service provider has broken laws.
That legal theory, if it becomes embedded in law through a series of precedents, will knock Google and some other service providers off of their perches. Just for an example, it's hard to see how Google could operate its YouTube service at all if that legal theory takes hold, since anyone might upload illegal content, and Google would be instantly liable for it happening.
If those precedents are established, it will be awfully sweet news for a lot of media corporations who do not want user-generated content sucking attention away from their products. The only safe way forward for service providers would be to allow *only* edited content - which is what media corporations have for sale.
Currently, statutes do not endorse this legal theory, but it hasn't stopped a plethora of civil suits advancing it.
Now the FBI is going after these low-level service providers. The legal reasoning seems to be 'If he hosted it, he's as guilty as the actual offenders.' Once that precedent is in place, it will supercede the DMCA, which only requires that offending content be taken down after the service provider receives a notice of infringement or illegality.
I don't know if the Silk Road operator himself violated any statutes. But it sure sounds like the FBI wants to nail his hide to the wall for what his users did, and that right there is troubling for those who value an open net.
[ link to this | view in chronology ]
[ link to this | view in chronology ]