The rise and fall of Silk Road is the stuff of cinema. You've got the deep web, a hidden Tor website, illegal drugs, happy customers, some not-so-happy dealers, assassins, forged documents, the Dread Pirate Roberts alias, and, of course, a great unraveling triggered by a number of small, amateur mistakes exploited by a methodical FBI investigation.All of this has me wondering how a Silk Road successor might try to avoid Ross William Ulbricht's (AKA, Dread Pirate Robert's) fate. Since I'm no expert in secret crime rings, I figured we should look at every trail Ulbricht left behind. All of this derived from the FBI's sealed complaint against Ulbricht and Silk Road. Of course, one should also read that document for full details on Ulbricht's capture.
Advertisement
(Note: In case it's not clear, this isn't a guide. If you get busted for starting Silk Road 2, don't blame us.)Posted on Shroomery.org & Other Drug ForumsVirtual drug markets, and black markets in general, require publicity just like government-approved rackets (banking, investment, commodities exchanges, currency markets, real estate, etc). But this should not be taken to mean that it's advisable, if one wishes to become the next Dread Pirate Roberts (DPR), to adopt a DIY approach to a publicity campaign.Professional G-Men are looking for this shit all the time in virtual drug markets and other black market dealings. As great a tool as Shroomery.org is for the magic mushroom enthusiast and neophyte alike, it shouldn't be used as a marketing platform for a virtual drug bazaar. It's a bit like posting a flier on an anarchist bookstore message board advertising a new armed revolutionary group, while not anticipating that an undercover cop will stroll in and have a look at the message board. Paper fliers eventually disintegrate, internet postings do not. Bad form, Dread Pirate Roberts. Bad form.Similarly, think twice about posting on Bitcoin forums or anywhere else for that matter, even if you're doing so from a Tor browser. Better safe than sorry. Opt for organic word-of-mouth hype, which tends to happen on the internet anyway.Used His Real Email AccountUlbricht posted a request to hire an IT professional for a Bitcoin-backed venture, then encouraged forum users to email him at his real address. This is so amateur night that it is, quite frankly, astonishing Ulbricht would even attempt it.
But the larger lesson here is that one should be wary of soliciting help off of the internet. It's difficult enough to know whether people are who they say they are in person; doubly so online. Ulbricht could have unknowingly hired a federal agent posing as an IT guy, intent on sniffing around to determine if anything illegal was brewing. In fact, I would assume this happens quite often on Bitcoin forums.
Advertisement
On the virtual black market, as in the real world, people work with those they know and completely trust. And if you can't trust anyone, don't create a virtual drug market.Mixed His Public Social Media AccountsSocial media accounts are the modern day fingerprints of conspiratorial efforts. If you've ever posted any material that could lead back to your virtual black market (political, economic, or drug culture musings), then don't do it. If, however, your social media profiles are fairly clean, shut them down and never use them again. And if the future DRP simply must use social media, then post kitteh videos, never any serious, ideological pronouncements. That just goes without saying in this post-Snowden world.
Was Vocal About His IntentionsOn LinkedIn, Ulbricht publicly offered up his vision of an "economic simulation" that would circumvent state economic control systems. Anarchists, for example, talk very openly of this sort of tactic. But, if you're building a virtual black market and want to remain anonymous, keep those dreams to yourself.Now, it's only in retrospect that the FBI agent who authored the federal complaint believed this economic simulation was Silk Road. But, this is precisely how law enforcement works. They find the cookie crumbs, follow them back to the cookie jar, and make connections along the way. The fact that Ulbricht openly advocated an alternative black market economy only adds to his legal woes.
Advertisement
Didn't Keep Time Zone SecretUlbricht left yet another cookie crumb by telling a Silk Road user that he was in the Pacific time zone. Once the FBI suspected Ulbricht of being DPR, they were able to subpoena records from Google's Gmail service to learn that Ulbricht was accessing his email from California. This is circumstantial evidence, but in an investigation of this type of thing, it is a means of narrowing the field and focusing in on other evidence.Didn't Pay Attention to IP AddressesUsing a VPN server was an obvious and smart move on Ulbricht's part. However, the agent still determined a connection existed between the IP address used to log in one final time to the VPN server, and the IP address that Ulbricht used to log in to his Gmail account (in or around the San Francisco cafe he frequented). If you can't sort out the obscuring of IP addresses, don't get into virtual drug dealing.Bought Counterfeit Documents OnlineAnother piece of evidence used to snag Ublricht was his purchase of a counterfeit California ID with his face and another name on it. Apparently a routine border inspection between Canada and the US resulted in the interception of the package of counterfeit documents. (I'd like to know more about this type of interception). The package was addressed to Ulbricht's San Francisco apartment. When confronted with the forged documents, Ulbricht "hypothetically" stated that one could buy such documents via Tor or Silk Road. He's either arrogantly brazen or a dumbass—well, both really.
Advertisement
It seems that Ulbricht wanted to rent servers, and needed the fake ID to do so. The Feds determined that DPR was looking for such documents at the same time on Silk Road. It's almost as if Ulbricht wanted to test how secure Silk Road was in a way. If one needs an ID for a server, maybe that should suggest the server shouldn't be used. Other servers might well exist that do not request this information.Used His Real Name on Stack OverflowUlbricht posted a question on Stack Overflow about creating programming code for a hidden Tor site. He used his real name, then doubled back and altered the username to "frosty." The cookie crumbs mounted. This is the type of slip-up that feds gleefully await. It makes their careers, and allows them to advance to higher positions. Any would-be virtual black market bosses now know to exercise caution in asking Tor-related questions on a site like Stack Overflow, since the feds are probably watching.Didn't Keep His Public Encryption Key Safe for Public EyesUlbricht ensnared himself yet again by using his Stack Overflow user name, frosty, in his SSH public encryption key—frosty@frosty. This means that Ulbricht was logging into his Silk Road server with frosty@frosty, and posting queries as frosty on Stack Overflow regarding the management of an anonymous Tor site.Granted, an investigator would learn about this after seizure of Silk Road's server and access to the public encryption key (after the arrest), but it's still moronic to use the same name twice.Hired a HitmanSelf-evident. Don't do that.
ONE EMAIL. ONE STORY. EVERY WEEK. SIGN UP FOR THE VICE NEWSLETTER.
By signing up, you agree to the Terms of Use and Privacy Policy & to receive electronic communications from Vice Media Group, which may include marketing promotions, advertisements and sponsored content.
