Silk Road, the anonymous Internet marketplace known as a destination for buying illegal drugs, has been seized by the FBI and it’s alleged owner Ross Ulbricht arrested.
The arrest, and the seizure of Ulbricht’s $US3.2 million stash of Bitcoins, has been a long time coming.
The feds have been investigating Silk Road — a major web site on the secret internet for criminals — and the Tor web network and browser you need to visit it, for years. The probe goes back to January 2011.
Here’s how it went down:
Tor first popped onto the national security/federal crime radar, at least publicly, in June 2013, when a photo emerged of NSA leaker Edward Snowden’s laptop, which features a Tor sticker.
Because Tor allows secret, anonymous and encrypted web browsing, it would be the perfect vehicle for someone like Snowden to store or transport secrets.
It’s also perfect for criminals, as Business Insider revealed back in March.
In July 2013, the FBI located the Silk Road server and copied an image of it — all its contents, in other words. They discovered 957,000 registered accounts on the server, of which at least 30% were from the U.S.
Things came to a head in early August, when the FBI arrested a man who was allegedly trading child pornography via a Tor-hosted site called Freedom Hosting.
At that point, “dark web” sites began going offline as users figured out that as much as 50% of the Tor network had been compromised by the feds.
The fact that Ulbricht was still online, and operating Silk Road, through September, is therefore surprising. he had ample warning the feds were after him as far back as June.
In fact, as the indictment against him makes clear, the feds were on to Silk Road back in January 2011. Their investigation discovered him allegedly trying to hire a hitman to take care of an extortionist in March 2013.
Now it’s emerged that Ulbricht, known online as “Dread Pirate Roberts”, used a site called Stack Overflow to ask for a hand.
According to the criminal complaint against him, Ulbrecht asked “How can I connect to a Tor hidden service using curl in php?”.
The FBI were watching, and the alarm bells sounded.
According to the criminal complaint, Ulbricht posted the question using his own real name. Less than one minute later, he changed his username to “frosty.”
From the complaint:
Based on forensic analysis of the Silk Road Web Server, I know that the computer code … includes a customized PHP strip based on ‘curl’ that is functionally very similar to the computer code described in Ulbricht’s posting on Stack Overflow, and includes several lines of code that are identical to lines of code quoted in the posting.
Oh, and the encryption key on the Silk Road server ended with the substring ‘[email protected]’
The bottom line is that if you were doing anything illegal on Tor or Silk Road for the last three years, you may be screwed.