Investigators Used a Simple Google Search to Link Ross Ulbricht to Silk Road

Last week, prosecutors outlined in painstaking detail a collection of chat logs, journals, and expense reports found on Ross Ulbricht's laptop that allegedly prove he was the mastermind behind the dark web site Silk Road. But jurors in the case still had no idea how federal investigators came to suspect Ulbricht in the first place.

On Monday, the court found out: The feds used Google.

After nearly two years of federal investigations into the site — which prosecutors allege facilitated $1.2 billion in sales, mostly of illicit drugs — IRS special agent Gary Alford decided to try finding early traces of it on the open web.

Alford testified Monday that in June 2013 he was "looking for the first mentions of the Silk Road website on the internet," dated prior to its launch in February 2011. Someone "would have to tell you about it," and "where to go on the hidden internet," Alford reasoned.

The agent entered "'silk road' .onion" into Google, using the site extension for the Tor network that Silk Road utilized, along with bitcoin, to maintain user anonymity. One result caught his eye — a post on bitcointalk.org that quoted a since-deleted message dated January 29, 2011, written by a user called "Altoid."

"Has anyone seen the Silk Road yet?" Altoid asked, linking to a web page on silkroad420.wordpress.com that explained how to access the marketplace via Tor. "It's kind of an anonymous amazon.com. I don't think they have heroin on there, but they are selling other stuff," the user wrote.

Accused Silk Road mastermind's friend testifies against him. Read more here.

Alford clicked on Altoid's profile and found more posts. In October 2011, the user posted a job listing on the cryptocurrency-focused forum. "I'm looking for the best and brightest IT pro in the bitcoin community to be the lead developer in a venture-backed bitcoin startup company," the message said.

"If interested, please send your answers to the following questions to rossulbricht at gmail dot com."

With three clicks, Alford had his man.

The post, which was still up at the time of Ulbricht's arrest, was the first piece of evidence investigators found linking him to the site. It also showcased the carelessness he allegedly exhibited while running it.

At the time of Alford's discovery, the FBI and the Department of Homeland Security were already well into efforts to infiltrate the site. Earlier in the trial, Homeland Security agent Jared Der-Yeghiayan testified that his investigation of the site began in 2011 after he encountered drug shipments at Chicago's O'Hare International Airport. He later matched the shipments to listings on Silk Road.

By July 2013, Der-Yeghiayan had taken control of the account of a staffer called "cirrus," and was being paid in bitcoins by Silk Road's pseudonymous head honcho, the Dread Pirate Roberts. But until Alford told him about Ulbricht in September of that year, Der-Yeghiayan suspected someone else of running the site: bitcoin kingpin Mark Karpeles.

Ulbricht's attorney, Joshua Dratel, has admitted his client set up the Silk Road, but claims he soon became stressed by his duties and handed it over to the real Dread Pirate Roberts. Dratel says others framed Ulbricht, leaving him "holding the bag." Earlier in the trial, Dratel explicitly fingered Karpeles, who ran the bitcoin exchange Mt. Gox until it went bankrupt in early 2014. Taken on their own, the forum posts Alford encountered don't discredit Dratel's narrative.

Prosecutors in Silk Road trial present damning evidence from Ross Ulbricht's computer. Read more here. 

Alford later obtained a search warrant for emails on Ulbricht's Gmail account, but the messages didn't arrive until a week after Ulbricht's arrest. In one message, Ulbricht sent a picture of himself to a friend named Kristal, asking her how she liked his new haircut. Another showed automated messages from "drugforum.com," where Ulbricht also used the "Altoid" handle, indicating he violated the site's rules by publishing spam posts about Silk Road.

Prosecutor Serrin Turner showed a July 2010 email in which Ulbricht responded to a Craigslist ad for a rental property in Texas. According to journals found on Ulbricht's laptop, he allegedly grew psychedelic mushrooms later that year in a cabin in Bastrop, Texas. Prosecutors say the drugs were the first to be listed on the site.

Alford testified that he was able to link emails containing travel itineraries to trips discussed in chat logs found on Ulbricht's laptop, including one to Australia. Other emails contained digital receipts for a humidifier, a laptop of the same model seized by authorities, and other items that correlated — down to the dollar amount — to purchases itemized in expense reports found on the computer.

Taken together, Ulbricht's alleged web presence and the evidence on his laptop present a damning case that the defense has done little to refute. One of Dratel's few notable efforts thus far was a suggestion that using BitTorrent could have opened Ulbricht to malware

Ulbricht, who faces a possible life sentence for a litany of charges, including narcotics trafficking, money laundering, and conspiracy, has grown noticeably morose as the trial has progressed. Dratel's bombshell allegation that Karpeles set up Ulbricht — a longshot, at best — feels decidedly small in the trial's rearview mirror.

Silk Road may have actually made dealing drugs safer, but not everyone's buying that. Read more here.

But even if Ulbricht was in fact the Dread Pirate Roberts, the government's case against him has done little to show their capacity to investigate sites on the dark web. If Ulbricht had merely refrained from posting his email on a public account associated with the Silk Road, Der-Yeghiayan, who spent more than 1,000 hours on the site, might still be sniffing the trail of Karpeles. Likewise, if Ulbricht had avoided saving chat logs and journals on his laptop, as prosecutors allege, the government would have little to work with beyond the testimony of a friend who says Ulbricht let him in on the Silk Road — yet another careless error.

Alford, whose testimony was cut short by the blizzard barreling down on New York, will return when the court resumes Wednesday. Prosecutors are expected to finish with their witnesses by the first week in February, at which point Ulbricht and his attorneys will decide if he should take the stand in his own defense.

Follow Samuel Oakford on Twitter: @samueloakford