How an Allegedly Crooked DEA Agent Got Busted for Making Money off the Silk Road

​Two former investigators into the Silk Road dark web market have been arrested for money laundering and fraud charges directly related to their investigation.

Both Shaun Bridges, a former US Secret Service (USSS) Special Agent, and Carl Mark Force IV from the Drug Enforcement Administration (DEA) were members of the Baltimore Silk Road Task Force. But in particular, Force's story provides a textbook lesson in exactly not what to do if you want to maintain multiple identities on the dark web without getting caught.

Force allegedly acted as a double agent: simultaneously being part of a plot to capture the site's leader, known as Dread Pirate Roberts (DPR), while siphoning snippets of sensitive information to DPR.

But as alleged in a criminal complaint released today, Force made a series of critical mistakes that would eventually identify him as the source of DPR's tip-offs, and as the profiteer of hundreds of thousands of dollars.

The complaint alleges that Force was known as "Nob" on the Silk Road while carrying out sanctioned DEA work, and presented himself as a bulk cocaine dealer. With this identity, Force facilitated a drug deal with a Silk Road employee, Curtis Green, who gave the DEA agent his home address, and was subsequently raided. This would culminate in an elaborate, and fabricated, murder-for-hire, with fake photos of Curtis Green being sent to DPR as "evidence" that the deed had been done.

The US Attorney's office contends that Force also maintained a number of other identities that were not approved by the DEA, the first being "French Maid."

After the Silk Road server was seized in October 2013, law enforcement gained access to all of the private messages sent between users of the site. Amongst these were the communications of French Maid and DPR. In his first message to DPR, French Maid signed off with the name Carl, and didn't encrypt the message, meaning that it could be read by investigators after the fact.

"I have received important information that you need to know asap. Please provide me with your public key for PGP. Carl." [Emphasis in the criminal complaint.]

It appears that French Maid quickly realised his mistake, and sent another message to DPR four hours later. With the subject header of "Whoops!" French Maid then claimed that he was actually a female called "Carla Sophia," and that she had "many boyfriends and girlfriends on the market place. DPR will want to hear what I have to say :) xoxoxo."

Irrespective of whether DPR bought the bluff or not, the damage was done, and this nugget would eventually be one of the pieces of evidence linking Carl Mark Force IV to the French Maid moniker.

Investigators also found that Nob and French Maid used the same, outdated piece of encryption software, according to the complaint. "This is not akin, for example to two people using the same model of mobile phone but both having software that is out of date," the complaint reads. "Rather, the outdated version that both French Maid and FORCE (as Nob) used is more of a 'signature' given the greater number of versions available."

Arguably the strongest clues tying Force to French Maid involved investigators following the money. As revealed by Silk Road server data, on September 15, 2013 DPR made a 770 bitcoin payment to French Maid, which was worth around $98,000 at the time. According to the complaint, this was in the same period that Ulbricht wrote in his journal "paid French Maid $100k for the name that [K]arpeles provided to DHLS [likely a typo for DHS]." French Maid had told DPR that Mark Karpeles, the owner of the now defunct Bitcoin exchange, had provided the identity of the Silk Road owner to the authorities.

Although those 770 bitcoins were broken up into four separate Bitcoin addresses, presumably in an attempt to obfuscate their destination, investigators were able to trace their movements through blockchain analysis, and they all eventually landed in one account between September 23 and September 29.

The account, run by Bitcoin trading platform CampBX, in fact belonged to Force, the government contends. "Records obtained from CampBX demonstrate that this was an account held in FORCE's personal capacity," according to the complaint.

On top of this, at least 600 bitcoins were moved from that account to another at Bitstamp. This account, again according to records obtained by investigators, was allegedly owned by Force, and was registered with his "home address, date of birth, personal bank account, and personal email address," the complaint reads.

In the last step, "hundreds of thousands of dollars" worth of bitcoin were then funnelled into Force's personal checking account, cementing the flow of cash from DPR's payment to French Maid, right to Force's own pocket.

But the agent is accused of also using another identity in an attempt to earn more money, and in turn investigators found evidence of blackmail.

The user "Death From Above" messaged DPR in April 2013, claiming to know all about the murder-for-hire plot that had targeted Curtis Green—the very plot that Force, in his DEA work, had been a part of—as well as DPR's identity.

Days later, and after an exchange of messages, Death From Above wrote to DPR, "So, $250,000 in U.S. cash/bank transfer and I won't give your identity to law enforcement."

However, upon review of the screen recordings that were taken as part of Force's official undercover work on Silk Road, investigators noticed that he had been logged into the "Death From Above" account from his DEA-issued laptop.

"At some point in that several hours' worth of video footage there is a clip of a message being typed on the Silk Road using the 'Death From Above' account," according to the complaint.

If the government's allegations are found to be true, Force made several mistakes. He leaked his real name in an unencrypted message, he connected his identity to the cash he was making illicitly, and he failed to separate his official DEA identity from one that he was attempting to make money with, by using them both on the same agency-provided computer.

Since the Silk Road was shut down in October 2013, we've learned that everybody from drug dealers to site administrators to blackmailing double agents all make mistakes. Even years after, people are still getting busted, and more are probably to come.

Correction: This story has been updated, including the headline, to more clearly identify allegations presented by the government, as opposed to statements of record presented in the previous Silk Road trial.