Revenge of Meatspace: Reality Bites for Web Drug Kingpin
Lessons from Silk Road’s Ross William Ulbricht
by JOSHUA FOUST
On Wednesday, the FBI announced a fascinating arrest: they had nabbed Dread Pirate Roberts, or DPR, the founder of Silk Road, a black-market Website famous for selling narcotics over the Web.
In the indictment, the Bureau listed activities worthy of a Martin Scorsese film: smuggling, billions of dollars of money laundering and even a murder-for-hire. But the person the FBI identified as the ringleader of this internet criminal ring was not who anyone expected: a mild-mannered, seemingly humble geek living in San Francisco.
Reality bites
Ars Technica uncovered the details of Ulbricht’s arrest:
[Tuesday], Ulbricht left his apartment to visit the Glen Park branch of the San Francisco Public Library in the southern part of the city. Library staff did not recognize him as a regular library patron, but they thought nothing of his visit as he set up his laptop in the science fiction section of the stacks.
Then, at 3:15 PM, staffers heard a “crashing sound” from the sci-fi collection and went to investigate, worried that a patron had fallen. Instead, library communications director Michelle Jeffers tells us that the staff came upon “six to eight” FBI agents arresting Ulbricht and seizing his laptop.
The agents had tailed him, waiting for the 29-year old to open his computer and enter his passwords before swooping in. They marched him out of the library without incident.
Let this be a lesson to the geeks who think “cyberspace” is as real as reality: it is not. Talk of “citizens of the Web” aside, your real citizenship and real location still make you vulnerable to law enforcement.
By waiting until Ulbricht had input his password into his laptop, FBI agents were able to get full access to his archive and accounts — a treasure trove of intelligence on the criminal network that made up the Silk Road.
Moreover, by moving about so freely in public, Ulbricht made himself vulnerable, thinking his supposed anonymity would be enough cover to escape scrutiny. It was not.
True anonymity is hard
DPR was never shy about press coverage. Most drug kingpins — Silk Road handled around $1.2 billion in transactions over the last few years — don’t give lengthy interviews to the press. DPR, however, loved to comment for reporters.
His most recent was a lengthy profile in Forbes, when a reporter asked him if he was confident he could avoid being identified by law enforcement of the NSA. “I am,” he boasted, “unless they have cracked the modern encryption algorithms, which I highly doubt.”
As it turns out, the FBI did not have to: while it turned out the Silk Road’s encryption was too difficult to break, Ulbicht had left fingerprints all over the Web. By extensively searching the Internet, agents were able to trace the earliest postings about Ulbricht identifying himself with accounts later associated with DPR — allowing them to concretely identify him.
Scrubbing one’s entire presence from the Internet is surprisingly difficult — and that undid Ulbricht’s criminal enterprise.
TOR is not a privacy cure-all
Many privacy-obsessed geeks use TOR, the supposedly anonymous routing service that allows untraceable Web activity. Though fiercely anti-authority, three of TOR’s largest funders are the Broadcasting Board of Governors — a government agency which funds Radio Free Europe and Voice of America — the National Science Foundation and the Naval Research Laboratory. TOR was originally created by the U.S. Navy.
Despite this, TOR officials like to brag about how secure their service is. The thing is, any anonymity service is only as good as its own security and that of its users. In August, the FBI had already demonstrated it could compromise and take down TOR-affiliated Websites by manipulating security bugs and attacking user security — in doing so, they broke up an enormous child pornography ring being hosted in Ireland.
Silk Road functioned on TOR — you can only access it through TOR — and while TOR itself says the network is still secure, users have to ask how good it can really be at true anonymity if its most successful users are being taken down so often.
Anonymous browsing is nice, but no one is ever perfect enough to escape all scrutiny.
Cypherpunk ideology is contradictory
If Ulbricht could be said to have an ideology, it is a purified form of the technolibertarianism that drives the cypherpunk movement espoused by hackers like Julian Assange. “At its core, Silk Road is a way to get around regulation from the state,” Ulbricht told Forbes.
This technolibertarianism takes the anarchic ideals of Ayn Rand — governments are inherently coercive, taxation is theft, regulation is oppression — and tries to use technology to create havens where states cannot rule. I explored this belief system at length in a recent feature article for Talking Points Memo.
But lurking underneath that purified Western liberalism is a desire for coercion. Cypherpunks want to keep the government out of the Web, but they also want free rein to do whatever they want in it — even if it infringes on the rights of others. That is why some were protecting child pornographers on TOR: they think viewing the sexual exploitation of children is an inherent right, even if it infringes on the rights of those children.
In a recent “State of the Road Address,” where he spoke about the site’s ideals, Ulbricht said he hopes people use Silk Road to “choose freedom over tyranny.” Yet according to the FBI’s indictment, Ulbricht was not shy about using violence to enforce his rule of the website. It documents at least one example where Ulbricht tried to hire an assassin to kill one member of the site who was threatening to blackmail him.
Some kind of freedom that is.
The FBI is really good at its job
While the NSA has received all of the attention and ire for its Internet monitoring the last few months, the FBI that has performed sophisticated feats of cyber-investigation to identify and arrest Web criminals. Privacy advocates worry about the NSA passively analyzing metadata, but it’s the FBI that cracks open criminal computer networks and marches their administrators off to jail.
Reading the account of how the FBI managed to track down Silk Road servers around the world and identify its administrator demonstrates a tenacity and technical sophistication at odds with the conventional wisdom most hackers espouse when discussing government agencies.
While the NSA remains a worry for many who care about their privacy, the FBI has demonstrated its ability to infiltrate and unravel complex, secured networks it deems sufficiently threatening.
That’s pretty astonishing when you think about it.
Subscribe to War is Boring here.
