If You're Running an Illicit Drug Site, Maybe Don't Use Your Real Email
Ross Ulbricht, who is accused of creating and running Silk Road, posted in forums about the internet black market.
Ross Ulbricht. Image: Facebook
After months of in-depth federal investigation and infiltration of online drug market Silk Road, the first evidence implicating Ross Ulbricht, the accused mastermind behind the site, was found using a much simpler tool: a Google search.
Gary Alford, a special agent with the Criminal Investigation Unit of the Internal Revenue Service (IRS), testified Monday that he traced the origins of the online drug market to Ulbricht as part of his first assignment after coming onto the task force in June 2013.
The government had been monitoring the site for more than a year at that point, hacking into accounts and carrying out undercover purchases of drugs.
This investigation previously led Department of Homeland Security Agent Jared Der-Yeghiayan to suspect Mark Karpeles, the former CEO of Bitcoin exchange Mt. Gox. It was Alford who turned the investigation toward Ulbricht.
Motherboard's podcast about the trial—see more here.
Alford said although Silk Road could only be accessed using the anonymous browser Tor, he had a hunch it would have to be advertised elsewhere to draw in customers.
"I figured since the site was on the deep web, someone would have to tell you on the regular internet where to go to find it," he testified.
Alford said he searched for the .onion URL, or Tor address, of the site on Google to see when it was first mentioned online. He restricted his search for dates before the site's launch on January 31, 2011.
Sure enough, the first mention of Silk Road appeared on a bitcointalk.org forum on January 29, 2011. The original post had been taken down, but a quoted post from a user named "altoid" remained, discussing a site called Silk Road that was like "an anonymous amazon.com."
A search into the profile of the author "altoid" showed another another post from October 11, 2011 that advertised a position for an "IT pro," imploring interested parties to email "rossulbricht at gmail.com."
Alford also showed another post advertising Silk Road on shroomery.org, a forum about psychedelic mushrooms, that had been made under a username registered with Ross Ulbricht's email.
While the connections laid out in court today between Ulbricht and Silk Road are far-reaching, they do not necessarily conflict with his defense. Ulbricht's lawyer Joshua Dratel conceded the first day of the trial that Ulbricht did create the website, but maintains he later passed it off to others and was set up to take the fall. However, it does contradict the defense's argument that Ulbricht gave up the site after "a few months" and exposes countless sloppy mistakes he made while creating and maintaining the site that would later lead to his downfall.
As Der-Yeghiayan testified earlier in the case, Alford introduced Ulbricht as a potential suspect around September 10th, 2013. Ulbricht was arrested in a San Francisco library on October 1st, less than a month later.
After Ulbricht's arrest, Alford obtained a search warrant for the email address firstname.lastname@example.org. On the account, he found multiple emails mirroring the posts and dates found on the forums, including a notification from Bitcointalk that one of the posts had been flagged for removal since it was promoting another site and therefore classified as spam and other messages addressed to "altoid."
The prosecution also submitted selfies Ulbricht took sent through his email
Alford's testimony outlined other privacy missteps Ulbricht made while launching the internet black market, including discussing the site using on-the-record Gchats. The prosecution also submitted selfies Ulbricht took and sent through the email to demonstrate that it was, in fact, his account.
Other evidence found in Ulbricht's email reflected information that was also discussed in journals and chats found on his laptop. For example, Amazon receipts for a humidifier and a HEPA filter found in Ulbricht's email matched items found in spreadsheet of costs related to Silk Road found on Ulbricht's computer. The items were presumably used to grow the psychedelic mushrooms Ulbricht used to launch the site. Also in Ulbricht's email was a conversation about a Craiglist post for a cabin outside of Austin where, according Ulbricht's journal, he grew the mushrooms.
A conversation Ulbricht had with a friend by email was referenced verbatim in a Torchat, an encrypted instant messaging service, that he carried out under the username the Dread Pirate Roberts in February 2012. Airline confirmations for a trip to Thailand, which Ulbricht referenced on Facebook and discussed in a Torchat saved to his laptop, were found in his email.
Alford only testified for an hour on Wednesday, as the court dismissed at noon to allow jurors to travel home before a blizzard hit New York. The trial is now postponed and set to pick up again on Wednesday.
Correction: An earlier version of this story said Ulbricht was arrested on October 3rd; he was arrested on October 1st.