In 2015, WIRED published a list of the ‘dark web drug lords who got away.’ That list included the Dread Pirate Roberts 2 (DPR2), the creator of the second Silk Road site, which launched almost immediately after the FBI ended the first with the famous arrest of founder Ross Ulbricht.
Under DPR2, Silk Road 2 went on to rake in hundreds of thousands of dollars a day. The FBI shut that one down too and arrested its remaining administrator. By that time, DPR2 had already passed ownership of the site on and, publicly, it looked like he had evaded prosecution.
But today, a court in Liverpool, England, sentenced Thomas White, a technologist and privacy activist, for crimes committed in part while running Silk Road 2 under the DPR2 persona, among other crimes committed under another persona. White pleaded guilty to drug trafficking, money laundering, as well as making indecent images of children, and was sentenced to a total of 5 years and 4 months in prison.
White’s arrest took place in November 2014, but the case has remained largely under-wraps because of the UK’s strict court reporting rules, which prohibit journalists from covering some cases before their conclusion. This is to stop suspects facing "trial by media," and in order to let cases run their course.
Paul Chowles, an investigator from the National Crime Agency (NCA) who worked on the case, told Motherboard in a phone call one piece of evidence included the private encryption key belonging to DPR2 on one of White’s computers. If someone possesses the private part of a PGP key, which is used to decrypt and sign messages, it can be a good indicator that they are behind a particular online identity.
White has been out of prison on bail since his arrest in 2014, and became reasonably well-known in security circles under his real name in the time between his arrest and sentencing. After working on the Silk Road 2, White adopted the handle ‘The Cthulhu,.’ a moniker that may be familiar to those who follow technology news. On Twitter he mused about security and privacy topics, and has appeared under his own name in articles in Motherboard, Forbes, and more as an expert on Tor and other subjects. He previously ran a website archiving large data breaches that anyone could download, including the MySpace breach, data from hacked affairs website Ashley Madison, and customer information from a Muslim-focused dating site called ‘Muslim Match.’ White wrote blog posts on his own website, including a guide on how to securely setup a Tor hidden service, and he also ran a number of nodes for the volunteer-driven Tor anonymity network.
White declined to speak to Motherboard on the record about his case. White deleted his Cthulhu Twitter account on Thursday.
After the FBI took down the original Silk Road site in 2013 and arrested Ulbricht, a small cabal of Silk Road veterans banded together to create its replacement. Those included moderators of the first site, and “StExo,” White’s persona which he used to offer money laundering services.
White spear-headed that effort, and told others he would drop StExo and take on the mantle of DPR2, according to Chowles from the NCA. The Dread Pirate Roberts is a reference to the character from the book and film The Princess Bride, in which the title trickles down from successor to successor.
“DPR2, aka Thomas White, was the boss. He was the controlling mind in all of this, and he was the one driving it forward,” Chowles added.
One Silk Road moderator that White directed went by the handle “Cirrus.” As Motherboard showed in 2014, Cirrus was an undercover law enforcement official who captured chat logs detailing White’s transition from StExo to DPR2.
“He was able to capture that; that kind of transition,” Chowles said, referring to Jared Der-Yeghiayan, the US Department of Homeland Security (DHS) agent who controlled the Cirrus account. Chat logs US authorities recovered from the computer of Blake Benthall, Silk Road 2’s co-administrator, reflected much the same thing, Chowles added.
In a longform 2016 profile, DPR2 told Motherboard what it was like to create the second Silk Road.
“Once you hit that enter button, you've just launched something that you know there is going to be an absolutely fucking huge manhunt after you,” he said.
In December 2013, when law enforcement agencies arrested a number of the original moderators, DPR2 stepped back from public view. When the FBI launched Operation Onymous the following year, which took down Silk Road 2, UK authorities arrested White.
“This [wouldn’t] have been achieved without the significant assistance we’ve had from the [Department of] Homeland Security and the FBI and the Department of Justice,” Garry Tancock, a second NCA investigator who worked on the case, told Motherboard in a phone call.
"He was the controlling mind in all of this, and he was the one driving it forward."
The NCA investigators linked White first to the StExo identity in part by following financial and bitcoin transactions in the early days of the account’s creation.
“We effectively got him from his day one, week one, of activity on Silk Road,” Chowles said. Chowles explained that included tracing a loan from payday loan company Wonga in White’s name, which was then sent to cryptocurrency exchange Mt. Gox, which then transferred bitcoin funds to the StExo account on Silk Road and paid for some items on the site. Other evidence included receipts for items seized from other Silk Road vendors addressed to White, and White being in possession of bitcoin wallets associated with DPR2.
John Williams from the Crown Prosecution Service (CPS) told Motherboard in a statement that White "received an income that allowed lavish spending with no credible explanation."
The case has not been straightforward, however. Chowles said the NCA had challenges with White’s use of encryption. The agency was eventually successful, in part because of gaining access to a password manager which contained the unlock phrase for one of White’s encrypted laptops.
The whole process has also taken years. According to a source familiar with the case, the investigation data didn’t arrive in the UK until June 2016, and the FBI didn’t provide full copies until December 2018. Motherboard granted the source anonymity to speak more openly about a criminal case.
White’s motivation was a mix of financial gain and power, Chowles believes. Chat logs between White and Benthall said White planned to start a paid-for child pornography site to make money, Charles said. White would tell Benthall to work on a UK timezone and write in a particular way, the investigator added.
“Might set a forum up in onion land to bring together people who run hidden services to share knowledge? What do you think?” White tweeted in 2015.
This piece has been updated to include comment from the CPS.
Subscribe to our new cybersecurity podcast, CYBER.