Article Lead Image

How the FBI busted Silk Road 2.0 before it even launched

Benthall hid in plain sight, but the FBI makes it clear how they found him.

 

Kevin Collier

Internet Culture

Posted on Nov 7, 2014   Updated on May 30, 2021, 6:13 am CDT

The government did not track down alleged Silk Road 2.0 kingpin Blake Benthall by exploiting some technological vulnerability or some incredible online surveillance mechanism. Instead, Federal Bureau of Investigation (FBI) officers found the accused black-market leader through old-fashion human betrayal.

In its public legal complaint against Benthal, the FBI says it made use of an undercover Department of Homeland Security Investigations agent, referred to in the document as “HSI-UC,” who successfully infiltrated the second Silk Road’s inner circle, giving him or her incredible access to its inner workings.

The undercover agent was in on it from before the site even started, according to law enforcement claims. On Oct. 7, 2013, the agent made his or her way in a Deep Web forum devoted to creating a replacement for the first Silk Road site, which was shut down in a similar bust last year. The next day, that agent became a moderator. That forum ended up becoming the official one for the new Silk Road, giving the government ground-floor access to its operations.

A month later, the site officially went live, with an individual who called himself Dread Pirate Roberts—the same pseudonym used by the head of the first Silk Road site, allegedly Ross Ulbricht, who was already in jail—running the show.

Someone going by the name “Defcon” quickly established himself as the employee with DPR’s total trust and authority. When a handful of former employees of the original Silk Road were arrested in December, Defcon comforted his staff: “The Captain is alive and well and is in touch with key staff members,” he wrote. “DPR places operational security above all else.”

Over the coming months, the undercover agent testified, Defcon oversaw the site’s major moves, including changing servers, upgrading Bitcoin payment platforms, and setting the commission rates that the Silk Road took in. When the second Silk Road was hacked for a massive loss in September, Defcon confided to the undercover agent that he would pay 1,000 BTC ($345,000) of his own money to get the site running again as soon as possible. Defcon was also in charge of paying the staff, and directly paid the undercover agent a salary of the equivalent of about $42,000 in bitcoins.

There is one hole–possibly deliberate–in the FBI’s recounting of what happened. The agency reports that in May, it identified a foreign server, commissioned someone to conduct a forensic analysis of it, and found that indeed was the basis of Silk Road 2.0’s operations. But it neglects to say how it identified that particular server, or what legal basis it used to search it, though it’s possible the agent found the server through his or her administrative privileges.

There is significant controversy over how the agency found the first Silk Road’s servers. The FBI discovered them located in Iceland, and claimed that their location were made public because Ulbricht didn’t properly conceal the site in Tor. But recent reports show that the National Security Agency (NSA) sometimes engages in “parellel reconstruction”—using its considerable technological power to find alleged criminality outside its jurisdiction, without a warrant, and then tips its findings to a relevant law enforcement agency, trusting them to find evidence once they already know their suspect. Some critics have argued out that the first Silk Road’s “mistake” was too glaring, and suspect Ulbricht was actually illegally nabbed through parellel reconstruction.

Once the FBI had that server, though, it was all over. The FBI noticed it regularly sent customer service emails to a particular Gmail address. The agency then subpoenaed Google for that user’s account. They found it was both registered to “Blake Benthall” and its owner identified himself by that name in multiple emails. Google also gave up that user’s IP address, which the FBI found matched one with administrative access to the Silk Road server. Moreover, the agency noticed, for a short while in April, that server was accessed by an IP address tied to a hotel in Las Vegas. Guest records showed Benthal stayed there during those days. This incident repeated itself in Lake Tahoe in June.

The FBI also found that Benthall cashed out a heap of bitcoins, at least $273,626.60 worth, into U.S. dollars, though it doesn’t name the exchange. Their look into his emails concluded he bought approximately $25,000 worth of goods in Bitcoin. Perhaps most amazingly, he put down a $70,000 down payment on a $127,000 Tesla Model S. SpaceX, a space transport company owned by Elon Musk, who also founded Tesla Motors, has confirmed that Benthall was a former employee.

In September, the feds moved in. FBI agents followed Benthall on a trip to see family in Houston, Texas, posted up outside his house, and corroborated with the undercover agent that Defcon was active when Benthall was inside his family’s house, and silent when he was gone. The FBI acquired a Pen register from a court, which allows them to monitor a home’s Internet use, and noted that Benthall used Tor when Defcon was active.

But that evidence was just icing on the cake. The FBI waited until Nov. 5 to move in on Benthall, when a number of other Dark Net black markets went down in a joint operation with European law enforcement. By then, they had all they needed on Benthall.

Photo via Andrea Schaffer/Flickr (CC BY 2.0) | Remix by Fernando Alfonso III

Share this article
*First Published: Nov 7, 2014, 4:05 pm CST