[tor-talk] Silk Road taken down by FBI

Eugen Leitl eugen@leitl.org
Sun Oct 6 05:28:41 PDT 2013


----- Forwarded message from mirimir <mirimir@riseup.net> -----

Date: Thu, 03 Oct 2013 20:58:57 +0000
From: mirimir <mirimir@riseup.net>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Silk Road taken down by FBI
Message-ID: <524DDA91.30008@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
Reply-To: tor-talk@lists.torproject.org

On 10/03/2013 05:49 PM, Ahmed Hassan wrote:

> One question is still remain unanswered. How did they locate
> Silkroad server before locating him?
> 
> They had full image of the server before his arrest.

>From <http://www.bbc.co.uk/news/technology-24371894> we know:

> According to the court complaint document, it was the discovery of
> the rossulbricht@gmail.com email address that gave investigators a
> major boost in their search.
> 
> Through records "obtained from Google", details of IP addresses - and
> therefore locations - used to log into Mr Ulbricht's account focused
> the search on San Francisco, specifically an internet cafe on Laguna
> Street.
> 
> Furthermore, detailed analysis of Silk Road's source code highlighted
> a function that restricted who was able to log in to control the
> site, locking it down to just one IP address.
> 
> As would be expected, Dread Pirate Roberts was using a VPN - virtual
> private network - to generate a "false" IP address, designed to cover
> his tracks.
> 
> However, the provider of the VPN was subpoenaed by the FBI.
> 
> While efforts had been made by DPR to delete data, the VPN server's
> records showed a user logged in from an internet cafe just 500 yards
> from an address on Hickory Street, known to be the home of a close
> friend of Mr Ulbricht's, and a location that had also been used to
> log in to the Gmail account.
> 
> At this point in the investigation, these clues, investigators
> concluded, were enough to suggest that Mr Ulbricht and DPR - if not
> the same person - were at the very least in the same location at the
> same time.

So they did have the server before they knew who he was. We also knew
that he was sold out by his VPN provider. Hopefully, the identity of
that VPN provider will come out soon.

Given what I see in the complaints, I suspect that he was sold out by
one of his administrators, perhaps the one (with a huge drug debt) that
he tried to have killed. This is rather like Snowden, isn't it?

More fundamentally, a business built around selling drugs by mail to
customers' actual physical addresses was doomed. Anonymity in the
physical world is much^N harder than on the Internet.

> On Thu, Oct 3, 2013 at 1:26 PM, shadowOps07 <shadow.unit.x@gmail.com>
> wrote:
> 
>> No, it was a rookie fuck-up that enabled old-fashioned detective
>> work. if it wasn't a fookie fuck-up, then none of this would have
>> happened.
>> 
>> 
>> On Thu, Oct 3, 2013 at 11:15 AM, Gordon Morehouse
>> <gordon@morehouse.me
>>> wrote:
>> 
> Jonathan D. Proulx:
>>>>> 2) Traditional police work still works - this should be good
>>>>> news to the law and order folks that traditional methods
>>>>> still work and no extensive digital survailance state is
>>>>> needed.
>>>>> 
>>>>> Note I'm only anecdotally familiar with Silk Road so no
>>>>> personal opinion on wether he should be praised or flogged, I
>>>>> do think in a "dear legislator please don't ban privacy"
>>>>> kindof way point 2 is important.
> 
> A trillion times, this.
> 
> I knew Silk Road would very likely get busted by good old fashioned 
> police work.  It was too big to not leave trails that smart,
> patient, Bill-of-Rights-respecting (though that remains to be seen)
> cops can pick up.
> 
> Best, -Gordon M.
> 
>>> -- tor-talk mailing list - tor-talk@lists.torproject.org To
>>> unsusbscribe or change other settings go to 
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>> 
>> -- tor-talk mailing list - tor-talk@lists.torproject.org To
>> unsusbscribe or change other settings go to 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> 

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5



More information about the cypherpunks mailing list