Professional Documents
Culture Documents
A
lengthy investigation into internet communications led the FBI to their suspect
It was an underground website where people from all over the world were able to
buy drugs.
The detail of how the FBI has built its case was outlined in a court complaint
document published on Wednesday.
The search started with work from Agent-1, the codename given to the expert cited
in the court documents, who undertook an "extensive search of the internet" that
sifted through pages dating back to January 2011.
The trail began with a post made on a web forum where users discussed the use of
magic mushrooms.
In a post titled "Anonymous market online?", a user nicknamed Altoid started
publicising the site.
"I came across this website called Silk Road," Altoid wrote. "Let me know what you
think."
The post contained a link to a site hosted by the popular blogging platform
Wordpress. This provided another link to the Silk Road's location on the so-called
"dark web".
But then Altoid appeared in another place: a discussion site about virtual currency,
bitcointalk.org.
Altoid - who the FBI claimed is Mr Ulbricht - was using "common online marketing"
tactics. In other words, he was trying to make Silk Road go viral.
Months later, in October, Altoid appeared again - but made a slip-up, granting
investigators a major lead.
With a Gmail address to hand, Agent-1 linked this address to accounts on the
Google+ social network and YouTube video site. There he discovered some of Mr
Ulbricht's interests.
Years later, on the Silk Road discussion forums, Dread Pirate Roberts would make
several references to the Mises Institute and its work.
Covering tracks
According to the court complaint document, it was the discovery of the
rossulbricht@gmail.com email address that gave investigators a major boost in
their search.
As would be expected, Dread Pirate Roberts was using a VPN - virtual private
network - to generate a "false" IP address, designed to cover his tracks.
While efforts had been made by DPR to delete data, the VPN server's records
showed a user logged in from an internet cafe just 500 yards from an address on
Hickory Street, known to be the home of a close friend of Mr Ulbricht's, and a
location that had also been used to log in to the Gmail account.
At this point in the investigation, these clues, investigators concluded, were enough
to suggest that Mr Ulbricht and DPR - if not the same person - were at the very
least in the same location at the same time.
Fake IDs
The court complaint went into detail about further leads that followed.
It was headed to San Francisco's 15th Street. Homeland security visited the
address, and found the man in the photographs - Mr Ulbricht.
He told officers that the people he lived with knew him simply as Josh - one
housemate described him as being "always home in his room on the computer".
Around the same time, investigators working on the Silk Road case later
discovered, DPR had been communicating with users privately to ask for advice on
obtaining fake IDs - needed in order to purchase more servers.
"I believe that Ulbricht changed his username to 'frosty' in order to conceal his
association with the message he had posted one minute before," lead prosecutor
Christopher Tarbell wrote in court documents.
"The posting was accessible to anyone on the internet and implicated him in
operating a Tor hidden service."
Visitors trying to
access the Silk Road are now presented with a seizure notice
The value of bitcoins has dropped after the closure of the clandestine Silk Road online
marketplace.
The price of a bitcoin, a virtual currency for use online, fell steeply after the arrest of suspected
website administrator Ross Ulbricht.
Investor confidence may have been shaken by the association of bitcoins with illegal activity,
according to a security expert.
"When there's a big bust, that's going to knock people's confidence in investing," said Rik
Ferguson, a senior researcher at security company Trend Micro.
"The more a currency is associated with illegal activity, the more people will be nervous about
using it," he said.
Silk Road, which allowed users to trade in illegal drugs, required transactions to be made using the
virtual currency.
Price drop
News of the closure was followed by a rapid drop in the price of bitcoins, according to figures from
the Mt. Gox bitcoin exchange.
The going rate for the virtual currency dropped from more than $140 (86) to around $110, before
climbing back up to $123 (75).
Investors may have been concerned about the FBI's ability to confiscate bitcoins, said Mr
Ferguson.
"Knowing that a currency could be seized or shut down could pressure people to look for
alternative investment vehicles," he said.
The FBI seized the virtual currency by getting hold of encryption keys for the bitcoins, according to
Jerry Brito, George Mason University's technology policy director.
The keys were made available through seized computer equipment, Mr Brito said in a blog post.
The FBI then transferred the bitcoins to an address controlled by the US government, according
to the seizure order (PDF).
Silk Road took its name from the historic trade routes spanning Europe, Asia and parts of Africa.
News reports and other internet chatter helped it become notorious. However, most users would not have
been able to stumble upon the site as the service could only be accessed through a service called Tor - a
facility that routes traffic through many separate encrypted layers of the net to hide data identifiers.
Tor was invented by the US Naval Research Laboratory and has subsequently been used by journalists and
free speech campaigners, among others, to safeguard people's anonymity.
But it has also been used as a means to hide illegal activities, leading it to be dubbed "the dark web".
Payments for goods on Silk Road were made with the virtual currency Bitcoin, which can be hard to monitor.
Court documents from the FBI said the site had just under a million registered users, but investigators said
they did not know how many were active.
Earlier this year Carnegie Mellon University estimated that over $1.22m (786,000) worth of trading took
place on the Silk Road every month.
But it may be better to think of its units as being virtual tokens that have value because enough people
believe they do and there is a finite number of them.
Each of the 11 million Bitcoins currently in existence is represented by a unique online registration number.
These numbers are created through a process called "mining", which involves a computer solving a difficult
mathematical problem.
Each time a problem is solved the computer's owner is rewarded with 25 Bitcoins.
To receive a Bitcoin, a user must also have a Bitcoin address - a randomly generated string of 27 to 34
letters and numbers - which acts as a kind of virtual postbox to and from which the Bitcoins are sent.
Since there is no registry of these addresses, people can use them to protect their anonymity when making a
transaction.
These addresses are in turn stored in Bitcoin wallets, which are used to manage savings. They operate like
privately run bank accounts - with the proviso that if the data is lost, so are the Bitcoins contained.
But it may be better to think of its units as being virtual tokens that have value because enough people
believe they do and there is a finite number of them.
These numbers are created through a process called "mining", which involves a computer solving a difficult
mathematical problem with a 64-digit solution.
Each time a problem is solved the computer's owner is rewarded with bitcoins.
To receive a bitcoin, a user must also have a Bitcoin address - a randomly generated string of 27 to 34 letters
and numbers - which acts as a kind of virtual postbox to and from which the bitcoins are sent.
Since there is no registry of these addresses, people can use them to protect their anonymity when making a
transaction.
These addresses are in turn stored in Bitcoin wallets, which are used to manage savings. They operate like
privately run bank accounts - with the proviso that if the data is lost, so are the bitcoins contained.
22 April 2013 Last updated at 12:00 GMT
The hacker "Demon Killer" taunted police via remotely compromised computers
Japanese people who "abuse" the Tor anonymous browsing network could
be blocked from using it.
The recommendation was made in a report drawn up for the National Police
Agency (NPA) in Japan by a panel of technology experts.
The panel was formed to help decide how to tackle crimes committed with the aid
of the Tor network.
For months, Japanese police attempts to catch a hacker known as "Demon Killer"
were hampered by his use of Tor.
'The Onion Router'
The internet service provider (ISPs) industry would be asked to help site
administrators block the use of Tor if people were found to be abusing it, the
Mainichi Shimbun newspaper reports.
Tor (The Onion Router) is a way for people to use the web without surrendering the
identifying data that websites typically gather. As its name suggests, it sends data
traffic through a series of routers arranged in layers like in an onion to make it
difficult to find out who is browsing a site or is behind any particular web activity.
Tor has vexed several Japanese police investigations into cybercrime. In particular
it stifled attempts to find and arrest a hacker who used the "Demon Killer" alias.
Japanese police began investigating the hacker after he started threatening to
bomb schools and nurseries via messages posted to chat forums and discussion
boards. A reward of 3m yen (20,000) was offered for information leading to the
hacker's identification.
Police arrested four people for posting the threats but realised the hacker had
compromised the computers of these innocent victims and was abusing their
machines remotely via Tor.
Malicious program
The hacker continued to taunt police in emails that sent investigators all over the
country looking for him. In a bizarre twist the hacker directed investigators to
Enoshima, an island off Tokyo, and gave them information that led them to a cat
wearing a collar on which was a memory card.
The card held details of the code and malicious program he used to gain remote
control of victim's computers. Inadvertently, directing police to the cat helped them
catch the suspected hacker, Yusuke Katayama, 30, who was seen on CCTV
footage with the cat.
After Mr Katayama's arrest, the NPA sought guidance on how to handle similar
cases. The industry report drawn up for the NPA recommended considering a ban
on Tor and other anonymising networks as they had been found to be used in a
wide variety of crimes.
Japanese ISPs have not welcomed the recommendation.
"Communication privacy is our lifeline. We won't be able to accept such a request,"
an industry insider told the Mainichi Shimbun.
Secret net Tor asks users to sign up
to cloud services