Silk Road was one of the first Tor-based dark-web websites
Silk Road was one of the first Tor-based dark-web websites to make use of Bitcoin and even reckoned as the true proprietor of the Bitcoin phenomenon. However, this story is focused on the arrest of the man behind the Silk Road network, and how special agent Jared Der-Yeghiayan infiltrated notorious dark web market the Silk Road and helped unmask site operator Dread Pirate Roberts, aka Ross Ulbricht.
Jared told the whole story to the audience at France’s FIC 2019 infosec, from the beginning when he stumbled upon a pill of ecstasy, yes one ecstasy pill lead to the arrest of a man who was trading millions worth of drugs, illegal pornography, ecstasy, and whatever illegal people were ready to pay for.
The man behind the network was arrested in 2013 in a San Francisco Library and was sentenced to life in prison without parole.
The Beginning
Jared was working at the Chicago airport when the Homeland Security Investigations (HSI) case against Silk Road began. He recalls that he got a call from one of his fellow inspector, who has stumbled upon a pill of ecstasy. Jared recalls the call from his fellow inspector who said he found some ecstasy. Jared enquired on the quantity, to which the officer replied, ‘I’ve got one.’
Jared replied, “why would I be interested in a single pill of ecstasy”, to which the officer replied, “It looks more commercialized, a website or something behind this’”.
Jared along with his fellow officers reached the buyers home to inquire more about the source of the drug. The buyers seemed in a jolly mood, as they merely told the officers that his friend is ordering weed, ecstasy, LSD, maybe some heroin” from “a website called Silk Road”.
Jared responded in affirmative, saying “you mean silkroad.com”, to which the guy replied, “Nah, dot-onion, Tor”. Jared said, he is aware of the website and was just testing whether they knew the exact thing.
After a few Google searches and trying to trace the Bitcoin transaction to and from the silk road, HSI realized they don’t have anything concrete to get a search warrant. The officers went back to the basics and the drug seizure went from 10 a week to 200 in order to expand the investigation.
Getting in the Head of the Operator of the Network
Jared knew he can never trace the owner of the websites with the usual investigation methodologies. So, he started to read more about the website, where he discovered that the website admin has started a book club thread. This discovery was a crucial point in the investigation as it gave the officer a proper insight into the beliefs and ethics of the owner.
Jared explains,
“He focused on libertarian beliefs that the free market enterprises, the Austrian school of economics, the principles of no government control over everything; that’s what the Silk Road was meant to represent,” “One of the things we focused on, though, was his signature [block]. We would see he would also put different comments there, things to read. The reading lists he had up there were websites on the regular internet.”
The investigation officer by now knew that the silk road operators had several inner forums which were only accessible to trusted vendors, and the key to nab the admin was through these forums only.
The Purchase of plastic Baggies Led to a Crucial Break Through In The Case
The HSI ordered a bag of plastic baggies in order to trace the Bitcoin to the vendor. And the ploy played off as their package came along with a tracking number on it. The officers traced back the tracking number to the credit card used for the purchase of the tracking number, which leads them to a terminal. The terminal shipped over 30 packages in a single day, with a few drugs too.
The owner easily gave up the account of the forum, but the real breakthrough came from a package which was traced to the Netherlands. The HSI got a search warrant, which leads them to a building where a blind man lived. However, it also housed a couple who used to run the drug cartel from the building, and they handed over there accounts too, and it was another dead end for the HSI.
The Nomad Bloodbath Arrest Brought HSI a Step Closer to the Real owner
While the previous breakthrough leads to complete dead ends, another user which goes by the name of Nomad Bloodbath. The vendor had access to inner forums which the agents were looking for, Jared started using the account as an undercover account trying to gather more information.
He came to know that, Nomad Bloodbath was indeed an inner-circle vendor since people were crazy for his product, no matter what the product was unless it came from the Nomad. He was selling small plastic skulls made at home, there is nothing illegal in that.
Jared used the account o gain the trust in the inner circle and gathered critical real-world info on various vendors. Jared explained the importance of Nomad in the whole case,
“If you took a username, or someone [the inner circle] didn’t know, they wouldn’t respond. You couldn’t get a lot of info. But what I noticed was, using the Nomad account I was getting a lot of info from these admins. In particular, one called Scout.”
Scout was a cat loving lady who poured her heart out to Nomad, not knowing she is talking to an undercover agent. Jared went on with the raid on Scout’s home and turned her in as HSI confidant on the Silk Road.
The Final Nail in the coffin
Scout was a trusted admin in the inner circles and the owner has already upgraded her status and was paying her weekly $1000 for her time, not knowing she was the eye and ears of the law enforcement agency.
With the help of Scout’s account, HSI was able to pinpoint the Silk Road servers in Iceland. However, this information does not provide any info on the owner, however, the server showed a piece of very critical information that the admin was logging into the Silk Road Server from an internet cafe in San Francisco.
In the meantime, Jared noticed another peculiar thing, that whenever he chatted with the Silk Road anonymous admin, the time-zone would change from UTC to Pacific. The same time zone the San Francisco shared.
Jared and Law enforcing agencies were closing down on the culprit, and the final nail in the coffin came from a few old forums dating back to January 2011, which said,” Hey have you seen the new Silk Road?”
This information was very critical since, the Silk Road was launched in February 2011, and any info before its launch date would surely be traced back to the owner or one of the owners.
On those posts was an email address belonging to Ross Ulbricht. Further searches on that email address revealed Ulbricht was also asking for help with Bitcoin development – and how to connect to Tor over CURL in PHP. Put together, these were increasingly pointing to DPR and Ulbricht being one and the same.
The law enforcement agencies finally arrested Ross Ulbricht in an internet library, Jared the man behind the whole process which started from a single ecstasy pill says,
“On the laptop, we found an enormous amount of evidence, It was hard to decide what to produce at court. Detailed notes and journals of everything he did… Ransoms. Spreadsheets detailing every server, where they were at, admin logins, everything.”
Ulbricht had 50,000 Bitcoins circulating through the Silk Road’s marketplace. 144,000 Bitcoins were in “cold storage” and 25,000 packages from vendors to customers were in transit.