How the FBI tracked down Dread Pirate Roberts
Earlier this morning, the infamous Silk Road was seized by the FBI and Department of Homeland Security. The Deep Web black market reportedly generated $1.2 billion in revenue over the course of its two-year lifespan.
The big question on everyone’s mind is how law enforcement got Dread Pirate Roberts, the site’s mysterious founder, who had managed to remain anonymous since launching Silk Road in 2011.
The investigation named Roberts as Ross William Ulbricht, a 29-year-old graduate of the University of Texas. He was charged in San Francisco, Calif., on charges of computer hacking, money laundering, and narcotics trafficking, specifically heroin, cocaine, LSD, and methamphetamines, among others.
The answer’s simple: profound carelessness.
The trail begins in January 2011, right as Silk Road first came into existence.
On Jan. 27, 2011, a user named Altoid made a post on The Shroomery, a website devoted to illegal mushrooms, about advertising Silk Road. Altoid never made any other posts on Shroomery, leading FBI investigators to believe he’d registered only to advertise his newly launched drug marketplace.
“I came across this website called Silk Road,” Altoid wrote. “It's a Tor hidden service that claims to allow you to buy and sell anything online anonymously. I'm thinking of buying off it, but wanted to see if anyone here had heard of it and could recommend it. I found it through silkroad420.wordpress.com, which, if you have a tor browser, directs you to the real site at http://tydgccykixpbu6uz.onion. Let me know what you think…”
Altoid used Tor to make the post, rendering it relatively untraceable by the FBI.
Two days later, on Jan. 29, 2011, another user named Altoid made a similar post on BitcoinTalk.org. “Altoid” was on a campaign to generate interest in the site. He ended both messages with “Let me know what you think.” The repetition tipped investigators off.
On Oct. 11, 2011, Altoid posted a wanted ad on BitcoinTalk looking for “an IT pro in the Bitcoin community.” He asked interested parties to email “rossulbricht at gmail dot com,” forever linking Ulbricht’s name with Silk Road in the eyes of the FBI.
The FBI obtained records from Google indicating that Ross William Ulbricht was the owner of the Altoid account. They looked at his Google+ page, where they found YouTube videos from the Mises Institute, the self-proclaimed “world center of Austrian economics.” Ulbricht was a regular member of mises.org.
On the Silk Road, founder Dread Pirate Roberts regularly linked to mises.org, as well as writing about Austrian school of economics, an ideology popular with libertarians—which Dread Pirate Robers proudly claimed to be.
The investigation found that Ulbricht was residing on Hickory Street in San Francisco in June 2013. On June 3, someone logged into the Silk Road administrator account from an Internet cafe just feet from Ulbricht’s residence. Ulbricht had lived in the area since October 2012, according to a YouTube video in which Ulbricht and a friend talk about their move.
The FBI claims that Dread Pirate Roberts regularly referred to the Pacific timezone as his own in private messages with vendors and Silk Road staff.
The Silk Road Web server restricted administrative access except to a user from a specific IP address. The FBI believes that Ulbricht accessed that IP address through a Virtual Private Network (VPN), an anonymizing tool used on top of networks such as Tor as an extra layer of protection. Records show that the logins originated down the street from Ulbricht’s residence.
Ulbricht’s name also shows up on StackExchange.com, a question-and-answer website for programmers. An account using the name Ross Ulbricht was registered in March 2012. Soon, the account asked “How can I connect to a Tor hidden service using curl in PHP?”
The FBI alleges that a minute after posting the question, Ulbricht changed his account name to the more anonymous “frosty.” Later, he changed the account’s email from the Ulbricht GMail account to firstname.lastname@example.org, a fake address.
That a was enough to convince the FBI investigators that Dread Pirate Roberts was Ulbricht. Thanks to a catch on the border, they were soon knocking on his door.
On July 10, 2013, a package containing documents to build nine fake identities was intercepted at the Canadian-American border. They were all addressed to the same San Francisco home in which Ulbricht lived. The documents had different names and details, but all had photos of Ulbricht on them.
Homeland Security first visited Ulbricht on July 26, to investigate the counterfeit documents. When the agents showed Ulbricht the counterfeits, "Ulbricht volunteered that 'hypothetically' anyone could go onto a website named 'Silk Road' on 'Tor' and purchase any drugs or fake identity documents the person wanted."
Ulbricht's housemates—who knew him as "Josh"—told the agents that he was always on the computer. He paid $1,000 in monthly rent in cash.
The FBI claims that Ulbricht had been seeking counterfeit documents on Silk Road for some time in order to rent servers under false identities.
If the FBI’s story is true, Ulbricht’s carelessness has forever linked him to the moniker Dread Pirate Roberts, a man famous for his brazen stifling of police action.
According Department of Justice documents, Ulbricht was apprehended in San Francisco, along with $3.6 million in bitcoins, a cryptocurrency at the heart of Silk Road’s billion dollar economy.
Photo by Mark Coggins/Flickr (remix by Jason Reed)