Sloppiness, Social Media Led to Silk Road Founder's Capture
Rule #1 of staying anonymous on the Internet: never use your real name.
Yesterday, we brought you the tale of Captain Jack Sparrow Dread Pirate Roberts, a/k/a Ross Ulbricht, the alleged founder of The Silk Road, a website on the anonymous Tor network where users buy and sell drugs, firearms, and services, such as hacking and murders for hire.
Ulbricht was indicted yesterday on drug conspiracy charges and for multiple murder for hire plots. Yesterday, we recounted the alleged attempt to hire a hit man to kill a user that threatened to leak the identities of Silk Road users. Today, in another indictment, it is alleged that he tried to hire an undercover officer to torture and kill an ex-employee to recover stolen money and to prevent him from cutting a deal.
How does the founder of a site dedicated to anonymous drug transactions get caught? From the indictment, it all came back to a single identifier: rossulbricht@gmail.com.
The Email Address
The biggest indicator of a connection between Ulbricht and The Silk Road was his eponymous email address.
That email address was connected to a Google+ profile (with matching photo), where he shared Mises Institute economic theory posts. On The Silk Road, Dread Pirate Roberts's signature, and posts in the forums, included links to and mentions of the Mises Institute.
The Gmail address was also linked to a StackOverflow account where he discussed code (which was nearly identical to that found on the Silk Road servers), and to posts made in forums by a user named "altoid," one where he mentions The Silk Road's WordPress blog, and another where he posts a job ad for a Bitcoin/IT pro.
The IP Address
A user's IP address corresponds with a device on a network, and in many cases, can lead to the physical location of the device. Your home WiFi network, your work network, and even your smartphone all have IP addresses. A Virtual Private Network (VPN) disguises this IP address by routing internet traffic through a third-party computer.
The Ulbricht Gmail address logged in through an IP address on Hickory Street in San Francisco, where Ulbricht was living with a friend.
The FBI agent also tracked an IP address from the Silk Road servers to a VPN. The records of the VPN were subpoenaed and tracked back to the IP address of an Internet cafe less than 500 feet from the Hickory Street address where Ulbricht resided.
Other Connections
The Silk Road connected to a computer via encryption keys registered to a "frosty@frosty." The Ulbricht StackOverflow account was changed after registration, from his real name and email address to "frosty" and "frosty@frosty.com."
"Dread Pirate Roberts," on The Silk Road, asked "redandwhite" (the same person hired for yesterday's alleged murder for hire) to procure fake IDs, with Ulbricht's picture. The IDs were delivered to his address, where Homeland Security agents met Ulbricht in person. The counterfeit IDs were located in a random search by Customs and Border Patrol.
Lessons in Anonymity
If the leader of an "anonymous" marketplace, which prides itself on protecting users' identities, can be caught this easily, can anyone remain truly anonymous? It's doubtful, but we'll take the challenge early next week.
Related Resources:
- Ulbricht Criminal Complaint (Scribd)
- FBI: Silk Road mastermind couldn't even keep himself anonymous online (Ars Technica)
- Tinkering With Tor: Anonymous Web Has Promise, Perils, Privacy (FindLaw's Technologist Blog)