Silk Road: How FBI closed in on suspect Ross Ulbricht
A lengthy investigation into internet communications led the FBI to their suspect
US authorities believe that 29-year-old Ross William Ulbricht, arrested on Wednesday, is Dread Pirate Roberts (DPR) - the administrator of the notorious Silk Road online marketplace.
It was an underground website where people from all over the world were able to buy drugs.
In the months leading up to Mr Ulbricht's arrest, investigators undertook a painstaking process of piecing together the suspect's digital footprint, going back years into his history of communicating with others online.
The detail of how the FBI has built its case was outlined in a court complaint document published on Wednesday.
The search started with work from Agent-1, the codename given to the expert cited in the court documents, who undertook an "extensive search of the internet" that sifted through pages dating back to January 2011.
The trail began with a post made on a web forum where users discussed the use of magic mushrooms.
In a post titled "Anonymous market online?", a user nicknamed Altoid started publicising the site.
"I came across this website called Silk Road," Altoid wrote. "Let me know what you think."
The post contained a link to a site hosted by the popular blogging platform Wordpress. This provided another link to the Silk Road's location on the so-called "dark web".
Records obtained by Agent-1 from Wordpress discovered, unsurprisingly, that the blog had been set up by an anonymous user who had hidden their location.
But then Altoid appeared in another place: a discussion site about virtual currency, bitcointalk.org.
Altoid - who the FBI claimed is Mr Ulbricht - was using "common online marketing" tactics. In other words, he was trying to make Silk Road go viral.
Months later, in October, Altoid appeared again - but made a slip-up, granting investigators a major lead.
In a post asking seeking to find an IT expert with knowledge of Bitcoin, he asked people to contact him via rossulbricht@gmail.com.
With a Gmail address to hand, Agent-1 linked this address to accounts on the Google+ social network and YouTube video site. There he discovered some of Mr Ulbricht's interests.
Among them, according to the viewing history, was economics. In particular, Mr Ulbricht's account had "favourited" several clips from the Ludwig von Mises Institute, a renowned Austrian school of economics.
Years later, on the Silk Road discussion forums, Dread Pirate Roberts would make several references to the Mises Institute and its work.
Covering tracks
According to the court complaint document, it was the discovery of the rossulbricht@gmail.com email address that gave investigators a major boost in their search.
Through records "obtained from Google", details of IP addresses - and therefore locations - used to log into Mr Ulbricht's account focused the search on San Francisco, specifically an internet cafe on Laguna Street.
Furthermore, detailed analysis of Silk Road's source code highlighted a function that restricted who was able to log in to control the site, locking it down to just one IP address.
As would be expected, Dread Pirate Roberts was using a VPN - virtual private network - to generate a "false" IP address, designed to cover his tracks.
Mr Ulbricht said to have been running Silk Road from Hickory Street in San Francisco
However, the provider of the VPN was subpoenaed by the FBI.
While efforts had been made by DPR to delete data, the VPN server's records showed a user logged in from an internet cafe just 500 yards from an address on Hickory Street, known to be the home of a close friend of Mr Ulbricht's, and a location that had also been used to log in to the Gmail account.
At this point in the investigation, these clues, investigators concluded, were enough to suggest that Mr Ulbricht and DPR - if not the same person - were at the very least in the same location at the same time.
Fake IDs
The court complaint went into detail about further leads that followed.
In July of this year, by coincidence, a routine border check of a package from Canada discovered forged documents for several fake identities all containing photographs of the same person.
It was headed to San Francisco's 15th Street. Homeland security visited the address, and found the man in the photographs - Mr Ulbricht.
He told officers that the people he lived with knew him simply as Josh - one housemate described him as being "always home in his room on the computer".
Around the same time, investigators working on the Silk Road case later discovered, DPR had been communicating with users privately to ask for advice on obtaining fake IDs - needed in order to purchase more servers.
Further activity attributed to Mr Ulbricht took place on Stack Overflow - a question-and-answer website for programmers - where a user named Frosty asked questions about intricate coding that later became part of the source code of Silk Road.
In another apparent slip-up, one of Frosty's messages initially identified itself as being written by Ross Ulbricht - before being quickly corrected.
"I believe that Ulbricht changed his username to 'frosty' in order to conceal his association with the message he had posted one minute before," lead prosecutor Christopher Tarbell wrote in court documents.
What was the Silk Road?
Silk Road took its name from the historic trade routes spanning Europe, Asia and parts of Africa.
News reports and other internet chatter helped it become notorious. However, most users would not have been able to stumble upon the site as the service could only be accessed through a service called Tor - a facility that routes traffic through many separate encrypted layers of the net to hide data identifiers.
Tor was invented by the US Naval Research Laboratory and has subsequently been used by journalists and free speech campaigners, among others, to safeguard people's anonymity.
But it has also been used as a means to hide illegal activities, leading it to be dubbed "the dark web".
Payments for goods on Silk Road were made with the virtual currency Bitcoin, which can be hard to monitor.
Court documents from the FBI said the site had just under a million registered users, but investigators said they did not know how many were active.
Earlier this year Carnegie Mellon University estimated that over $1.22m (£786,000) worth of trading took place on the Silk Road every month.
How bitcoins work
Bitcoin is often referred to as a new kind of currency.
But it may be better to think of its units as being virtual tokens that have value because enough people believe they do and there is a finite number of them.
Each of the 11 million Bitcoins currently in existence is represented by a unique online registration number.
These numbers are created through a process called "mining", which involves a computer solving a difficult mathematical problem.
Each time a problem is solved the computer's owner is rewarded with 25 Bitcoins.
To receive a Bitcoin, a user must also have a Bitcoin address - a randomly generated string of 27 to 34 letters and numbers - which acts as a kind of virtual postbox to and from which the Bitcoins are sent.
Since there is no registry of these addresses, people can use them to protect their anonymity when making a transaction.
These addresses are in turn stored in Bitcoin wallets, which are used to manage savings. They operate like privately run bank accounts - with the proviso that if the data is lost, so are the Bitcoins contained.
No comments:
Post a Comment