The DPR, in the Tor Hidden Service, with the Bitcoins
Give it to me straight Dr the Grugq, or tl;dr
NOTE: this was written in October 2013, and aside from minor edits, it is posted as-is
This is an abridged version of a longer post pulling out the lessons learned from the Silk Road Complaint. This post will only list the OPSEC errors, rather than explore them in detail.
Generally, it appears that Ross Ulbricht was applying his economic and
techno-libertarian philosophy to real life. As his project grew, his security posture improved — too late. Ross Ulbricht made the most serious security mistakes during the period Jan 2011 — Oct 2011. A full timeline of the events in the Complaint is available on my tumblr — this is a better more complete timeline.
The OPSEC Failures
The fundamental error is poor compartmentation. Ross Ulbricht, the real person and the online persona (Google+, LinkedIn, etc), and the Dread Pirate Roberts persona share ideological views and geographic locations. There is contamination between the two personas. Most of these seem to be due to the organic evolution of the Silk Road venture, where early naive Ulbricht makes mistakes that later smarter DPR wouldn’t. Unfortunately, the later DPR is more ideologically extreme and consequently less savvy about mainstream society.
- Poor Compartmentation
- Geographic Location
Heavy contamination between personas — far too many links existed.
- Silk Road + altoid: Shroomery, BitcoinTalk forums
- altoid + email@example.com: BitcoinTalk
- Ross Ulbricht + frosty@frosty[.com]: StackOverflow
- frosty@frosty + Silk Road: Silk Road server admin SSH key
The compartmentation failures are really pervasive, in particular the ideological Austrian School of Economics and the mises.org site. However two particular contamination error stand out:
- Silk Road → altoid → firstname.lastname@example.org link in 2011
- Ross Ulbricht → email@example.com → Silk Road server link in 2013
The first of these failures happened because the altoid persona used to
promoted Silk Road was poorly fleshed out (not even an email address). Ross did not put the plumbing in place and backstop his altoid cover. Then he joined joined the BitcoinTalk community and started participating. This false layer of anonymity left him with his guard down and he revealed a great deal of profiling information about his project and beliefs. Many of his posts are about Silk Road infrastructure or his mises.org influenced economic theories. After participating for 10 months he finally made the fatal OPSEC error of posting his personal email address.
“I’ll take Profiles for $300, Alex” : “Too much in common” : “What do Ulbricht and DPR share?”
- Profiling: Ross Ulbricht talks and acts like Dread Pirate Roberts
- LinkedIn profile
- Timezone leakage: private messages, forum posting times
- On BitcoinTalk altoid posts about: economics (mises.org), security, programming
- On the Silk Road Forum Dread Pirate Roberts posts about: “Austrian School of Economics” and mises.org
- On Mises.org Ross Ulbricht had an active account
Ross Ulbricht, the person, was an active participant in the mises.org website and the BitcoinTalk forums. In both cases he was deeply committed to the Austrian School of Economics, something the Dread Pirate Roberts was also a huge fan of.
The altoid cover alias, linked directly to Ross Ulbricht, frequently talked about bitcoin security and PHP programming. He is, based on his posts, clearly involved in running some sort of PHP based bitcoin using venture that requires high security. Sort of exactly like the Silk Road site.
- Silk Road web server administered over VPN from a server
- VPN server IP stored in the Silk Road PHP source code
- VPN server accessed from a location `15240 cm` (`500 ft`) from a location where the Ross Ulbricht GMail account was accessed.
The location of the Dread Pirate Roberts was something of an open secret. It is clear that he was based in the west coast of the US. Ulbricht was located in San Francisco, as proved by his large online footprint: Google+, YouTube, GMail.
Isolation is bad, mmmkay
All people who lead double lives report mental stress. Klaus Fuchs, one of the Atomic Spies, dealt with it by living with something he called “controlled schizophrenia.”
- Isolation without relief
- Rented room under assumed name
- No “mainstream” social circle to realign with social mores
- No peers to talk to, only Silk Road forum members and admins
One solution to mental compartmentation is simply cutting off all social contact, that way only one personal identity has to exist. This approach has significant problems too though. After the altoid persona is retired from BitcoinTalk, Ulbricht migrates his social interaction to a more extreme community: the Silk Road forums. This appears to have been his “scene”, where he interacted with people and cultivated friends (including an impressive array of undercover law enforcement officials).
Human beings are social animals. We are the average of our peer group. We require social interaction to maintain a healthy mental state. The strict security of DPR required isolation, leaving Ross Ulbricht living his social life on forums with niche ideological views, initially BitcointTalk (in 2011) and then the Silk Road forums. Ross Ulbricht’s social group became the Silk Road users and administrators (particularly Variety Jones.)
Isolation from mainstream society is known to lead to ideological extremism as members of the niche community self-reinforce their ideological tendencies. Consequently, they are less able to understand mainstream society’s ideas, beliefs and morals. This is dangerous. This isolation is what leads him to rationalising hiring online hitmen to preserve the Silk Road community is an acceptable idea. He basically radicalised himself.
What have we learned?
So, the Dread Pirate Roberts Complaint basically tells us nothing that we didn’t already know about OPSEC. There are some lessons learned which can be used to harden OPSEC practices going forward. The main things are still, strong compartmentation, use Tor all the time, avoid leaking profiling information, and I think it is prudent to frequently migrate to new cover personas.