Feds Take Down Online Fraud Bazaar ‘Silk Road’, Arrest Alleged Mastermind

By Brian Krebs
Krebs on Security

Prosecutors in New York today said that federal agencies have taken over the Silk Road, a sprawling underground Web site that has earned infamy as the “eBay of drugs.” On Tuesday, federal agents in San Francisco arrested the Silk Road’s alleged mastermind. Prosecutors say 29-year-old Ross William Ulbricht, a.k.a “Dread Pirate Roberts” (DPR), will be charged with a range of criminal violations, including conspiracy to commit drug trafficking, and money laundering.

 

A screen shot of the Silk Road Web site, taken Oct. 23, 2013.

A screen shot of the Silk Road Web site, taken Oct. 2, 2013.

The Silk Road is an online black market that as late as last month was hosting nearly 13,000 sales listings for controlled substances, including marijuana, LSD, heroin, cocaine, methamphetamine and ecstasy. Much like eBay sellers, merchants on the Silk Road are evaluated by previous buyers, who are encouraged to leave feedback about the quality of the seller’s goods and services.

The Silk Road is not available via the regular Internet. Rather, it is only reachable via the Tor network, an anonymity network that bounces its users communications across a distributed network of relays run by volunteers all around the world.

That is, it was until this week, when FBI agents arrested its alleged proprietor and seized the Web servers running the site. The feds also replaced the Silk Road’s home page with a message saying that the site had been seized by the FBI, Homeland Security Department and the Drug Enforcement Administration.

According to a complaint unsealed this week, Ulbricht alone controlled the massive profits generated from the operation of the business. The government alleges that Ulbricht also controlled and oversaw all aspects of the Silk Road, including: the maintenance of the computer infrastructure and programming code underlying the Silk Road Web site; the determination of vendor and customer policies; decisions about what could be sold on the site; and managing a small staff of online administrators who assisted with the day-to-day operations.

The Silk Road didn’t just sell drugs. For example, the complaint identifies 801 for-sale listings under “digital goods,” which included banking Trojans, pirated content, and hacked accounts at Netflix and Amazon. The ”forgeries” section of the Silk Road featured 169 ads from vendors of fake driver’s licenses, passports, Social Security cards, utility bills, credit card statements, car insurance records, and other forms of identity documents.

An ad for heroin on the Silk Road. Notice this seller has 97 feedback points.

An ad for heroin on the Silk Road. Notice this seller has 97 feedback points.

Another popular section of the Silk Road included 159 listings for generic “Services,” mostly those listed by computer hackers offering such services as hijacking Twitter and Facebook accounts of the customer’s choosing. Other classified ads promised the sale of anonymous bank accounts, counterfeit bills, firearms and ammunition, and even hitmen for hire.

FBI investigators said that on or about March 29, 2013, Ulbricht contacted a Silk Road seller “Redandwhite” to see about hiring him to to take out another Silk Road user — someone going by the nickname “FriendlyChemist” — who was threatening to release the identities of thousands of users of the site.

From the government’s complaint: “Asked what sort of problem FriendlyChemist was causing him, DPR responded in a message dated March 30, 2013, ‘[H]e is threatening to expose the identities of thousands of my clients that he was able to acquire….[T]his kind of behavior is unforgivable to me. Especially here on Silk Road, anonymity is sacrosanct.’” As to the murder-for-hire job he was soliciting, DPR commented that “[i]t doesn’t have to be clean.”

Later that same day, redandwhite sent DPR a message quoting him a price of $150,000 to $300,000, “depending on how you want it done, ‘clean’ or ‘non-clean’.

On March 31, DPR began haggling over the price, responding: “Don’t want to be a pain here, but the price seems high. Not long ago, I had a clean hit done for $80k. Are the prices you quoted the best you can do? I would like this done asap as he is talking about releasing the info on Monday.”

DPR, allegedly using the nickname "altoid" seeks to hire a tech expert for the Silk Road via bitcointalk.org

DPR, allegedly using the nickname “altoid” seeks to hire a tech expert for the Silk Road via bitcointalk.org

According to investigators, the two ultimately settle on a price of $150,000, and that Ulbricht paid for the transaction using Bitcoins — an anonymous virtual currency — sending the would-be hit man 1,670 bitcoins for the arranged hit. Bitcoin currency rates fluctuate quite a bit from day to day, but historic sites that track Bitcoin rates show that one bitcoin around that date in late March 2013 was worth about USD $90, meaning investigators believe Ulbricht paid approximately $150,300 for the hit.

The government’s complaint states that the hit wasn’t carried out, but it also doesn’t seem that FriendlyChemist was the source of investigators’ break in this case. That would come on July 23, 2013, when investigators gained access to a Silk Road server and made a complete copy of the data on the machine.

Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at University of California San Diego, said the information contained on the server seized by investigators indicates that Ulbricht/Dread Pirate Roberts routinely failed to heed his own advice to fellow Silk Road users: Prominent on the Silk Road site were links to tutorials DPR penned which laid out the technologies and techniques that users should adopt if they want to keep off the radar of federal investigators.

“This shows me that the head of the Silk Road wasn’t using [encryption] for all his communications, because [the government] wouldn’t have all of this information otherwise, unless of course he stored his encryption key on the server that was seized,” Weaver said. “Either [the government] got his encryption key off of this server or another server that they were able to access, or he wasn’t using encryption at all.”

The complaint also suggests that in June 2013, Ulbricht accessed a server used to control the Silk Road site from an Internet cafe that was 500 feet from the hotel he was staying at in San Francisco.

 

“In other words, he wasn’t even using Tor to administer the Silk Road,” Weaver said. “Given that, it’s amazing that he was able to keep this site running for three years.”

Other rookie mistakes also contributed to DPR’s identification as Ross William Ulbricht. In 2011, a person using the nickname “Altoid” posted a comment to the Bitcoin Talk forum trying to get users there to visit the Silk Road. Later in the year, Altoid posted again on the Bitcoin Talk forum, this time seeking an “IT pro” in the Bitcoin community to help with Silk Road administration. In that comment, he posted his Gmail address, the contents of which were later subpoenaed by federal investigators.

Finally, DPR tripped himself up when he ordered some fake IDs from an international Silk Road vendor and had them sent to his residence. The fraudulent IDs were intercepted at the border by customs agents working with the U.S. Department of Homeland Security, which paid a visit to the address to which the documents were to be delivered. The agents noted that while Ulbricht refused to answer any questions about the alleged purchase, one of the identity documents was a California driver’s license bearing Ulbricht’s photo and true date of birth, but with a different name.

Ulbricht's LinkedIn profile, as described by the government's complaint.

Ulbricht’s LinkedIn profile, as described by the government’s complaint.

A number of folks on Twitter, Reddit and other communities are linking to several identities on social media platforms that match up with timelines in the government’s complaint, including this profile on LinkedIn, and this page at Google Plus. According to page 24 of the government’s complaint, Ulbricht graduated from the University of Texas with a bachelors degree in Physics in 2006. From 2006 to 2010, he attended graduate school at the University of Pennsylvania School of Materials Science and Engineering.

The government’s investigation into the Dread Pirate Roberts and Silk Road officially began back in November 2011, when law enforcement agents began making a series of more than 100 individual undercover purchases of controlled substances from Silk Road vendors. Now, many of those vendors — and their customers — have to be wondering how long it may be before investigators come knocking on their doors.

“If I were a seller on the Silk Road, I’d be terrified right now,” Weaver said. “Any buyer that didn’t use encryption now has their Silk Road messages seized. The FBI may have the sellers’ shipping addresses for their customers, and for the sellers, the FBI knows the Bitcoin payout addresses, so then it’s a matter of tracing the Bitcoin wallets from there.”

Weaver pointed to research by Sara Meiklejohn, a graduate student at the University of California, San Diego who’s been analyzing the role of bitcoin and anonymity on the Silk Road. Meiklejohn’s study, A Fistful of Bitcoins: Characterizing Payments Among Men with No Names –  to be released in October 2013 at the ACM Internet Measurement Conference in Barcelona, Spain — lays out different methods that could be used to tie Bitcoin wallets to specific individuals.

According to a press release sent out by the office of the U.S. Attorney for the Southern District of New York, Ulbricht will be presented in San Francisco today. He is charged with conspiracy to traffic in narcotics, computer hacking conspiracy, and money laundering.

The ICSI’s Weaver said that if convicted on the drug charges alone, Ulbricht is facing life in prison.

“The drug trafficking counts include the weights of the drugs, which makes me think that the government wants to throw the book at this guy,” Weaver said, noting that those weights carry mandatory sentences. “The drug charges alone have a 30 year mandatory minimum.”

The government notes in its complaint that most of the drug pushers on the Silk Road sold packets of drugs for individual use (for an example of this, check out the 13 packets of heroin that a cyber fraudster ordered off of the Silk Road in July and had sent to my home in a botched attempt to frame this reporter). But Weaver said the government can apparently aggregate many different individual drug charges because he acted in a role to help facilitate those sales. For example, getting busted for possessing or selling one kilogram of heroin carries a sentence of 10 years to life.

“That’s why I think those weight numbers are in the complaint against him,” Weaver said. “They’re hoping these will trigger mandatory minimum sentences.”

The government also announced today that pursuant to this action, it has seized approximately 26,000 Bitcoins worth roughly $3.6 million, in what it’s calling the largest ever seizure of Bitcoins.

A copy of the complaint is available here (PDF). Apologies for not hosting is on my site, but when I did that earlier, the mad rush from Reddit readers melted my site.

Update, 3:02 p.m. ET: An earlier version of this story incorrectly stated that Ulbricht was charged with attempted murder. While the government’s complaint lays out that alleged conspiracy, it does not state that he was charged with attempted murder….yet.

Update, 5:47 p.m. ET: As Reuters reports, the price of Bitcoin digital currency dropped today, falling to $129 per bitcoin from $140 a day before.

Comments are closed.