Disclaimer

Disclaimer: I am providing the content on this blog solely for the reader's general information. This blog contains my personal commentary on issues that interest me. Unless otherwise stated, the views expressed on this blog are mine alone, and not the views of any law firm with which I am in any way associated or any other member of any such law firm. Nothing on this blog is intended to be a solicitation of, or the provision of, legal advice, nor to create an attorney-client relationship with me or any law firm. Please view my "Full Disclaimer" statement at the bottom of the page for additonal information..

Tuesday, October 8, 2013

Follow-up: The Stupid Mistake That Brought Down Silk Road (huge online illegal marketplace)



Yesterday, we reported that that the FBI had taken down UT Grad Ross Ulbricht and his enormous online marketplace for just about all illegal products and illegal services.  The federal government has filed a criminal complaint against him, and in the papers, revealed the stupid – I mean really stupid – mistakes that caused the downfall of his “onion routing” system.

Ulbricht doesn't seem so smart after all
By now, we all know that the feds, and particularly the NSA monitor computer traffic.  The FBI and portions of the Postal Inspector Service monitor online message boards for kiddie porn. What most people probably didn’t know, and Ross Ulbricht seemingly didn’t know, was that the FBI was monitoring Stack Overflow, an online programmer web-board where programmers help each other with thorny questions.

In March 2012, Ulbricht got on Stack Overflow and asked two questions. As reported by Slate: According to the criminal complaint against Ross William Ulbricht, the man who allegedly ran the vast online drug marketplace from his San Francisco apartment, he ventured humbly onto the site in March 2012 to ask a couple of friendly questions. The first one, it seems, was relatively innocuous, if a bit unorthodox. But a second query struck FBI investigators as rather incriminating, in retrospect: “How can I connect to a Tor hidden service using curl in php?” the user asked. Silk Road is, of course, a Tor hidden service—perhaps the world’s most famous one at that.

What’s dumber is that Ulbrigcht used his real name in the query.  Then, perhaps after a facepalm and much cursing, changed his username to “frosty.”  Dumber still is that the encryption key on the Silk Road server ended with the substring frosty@frosty.

The FBI then did what it does, sat back and saw what was going on, who was doing what and very likely built cases against lots and lots of other people and organizations, perhaps putting pressure on other programmers associated with Silk Road to explain the onion routing tor system (which they understood when they were able to locate Ulbricht when the arrested him) until they were ready to take Ulbricht down.

So, two stupid mistakes, a year and a half later and Ulbricht likely thought he was in the clear, and all the while, the feds were building cases against him and others. 

See full story at Slate: http://www.slate.com/blogs/future_tense/2013/10/02/silk_road_s_dread_pirate_ross_ulbricht_asked_stack_overflow_question_under.html

No comments:

Post a Comment