This story has everything – Hitmen, Bitcoins, Drugs – it’s like a chapter out of the Walter White book.  The Silk Road is gone – busted by the FBI and shut down in a significant operation that was announced by the agency today.  If you don’t know what Silk Road is, that’s okay, the online marketplace had gained notoriety for its mere existence within a rarely seen part of the internet.  This “Amazon” of the underworld was a place where drugs, guns and other illegal items could be purchased, the transactions often include the use of bitcoins, digital currency that is gaining widespread adoption.

Silk Road was only accessible on the Tor network, a clandestine and supposedly anonymous network where all kinds of activities take place including those that many would call illegal.  It also marks the larges seizure of bitcoins to date – approximately $3.6m worth of the virtual currency. 29 year old Ross William Ulbricht, was arrested “without incident” at a public library in San Francisco.   Ulbricht was the operator of the site, his LinkedIn profile fittingly lists him as an “Investment Adviser and Entrepreneur” – indeed.  The government complaint adds that Ulbricht- also known as Dread Pirate Roberts or DPR had generated sales of more than $1.2bn via the Silk Road.

 “He is 29 years old, graduated from the University of Texas with a Bachelor of Science degree in Physics in 2006. From 2006 to 2010, he attended graduate school at the University of Pennsylvania School of Materials Science and Engineering.”

“Earlier this year Carnegie Mellon University estimated that over $1.22m (£786,183) worth of trading took place on the Silk Road every month.”

The site is now offline and visitors will find the FBI seizure notice when they try to cruise over there.

“From in or about January 2011, up to and including September 2013, the Silk Road Hidden Website… has served as an online marketplace where illegal drugs and other illicit goods and services have been regularly bought and sold by the site’s users,” court papers filed in the Southern District of New York state.”

The FBI also says DPR’s cut ranged anywhere from 8% to 15% and was subsequently involved in a money laundering operation to hide the activity.  He is also reported to have been willing to pursue violence in defending the operation, as the FBI cites messages from back in March and April that DPR had been looking to hire someone to murder for him.  A Canadian Silk Road user known as FriendlyChemist had tried to extort money by threatening to reveal the identities of thousands of users on the site and according to the email messages, DPR wanted to retaliate against this threat by having him executed.  DPR paid $150,000 dollars and had been sent a picture of the victim.  But there was no homicide.

Ulbricht is scheduled to appear in San Francisco federal court later today and face charges of narcotics trafficking, computer hacking, conspiracy, and money laundering.

There were some rumors that the rise in Tor nodes had something to do with trying to isolate and identify DPR.  Other stories attributed this rise in nodes to a botnet.  The truth may be somewhere in between, possibly incorporating both, an answer we may never know as it is assumed whatever method the FBI used will want to be kept private.  Still, if this operation was caught on the supposedly anonymous Tor network, it can be done again and it surely has a lot of people thinking of their usage of anonymous services and how secure they are.

There is a tremendous amount of detail in this story on how this all happened here, and more news is rapidly emerging – here is one page where a timeline for the investigation is shared – http://grugq.tumblr.com/post/62914009002/silk-road-investigation-timeline

Reddit has captured a lot of the breakdown on how and why DPR was caught in an ongoing thread there:

I’m currently reading through the criminal complaint, which covers a lot of things worth noting with regard to how and why DPR got caught.

• This has been a joint operation run the cybercrime squad within the FBI’s New York field office. It involved the FBI, DEA, IRS and Homeland Security’s investigative unit.
• —
• It’s unstated from when the investigation started, but they received a complete copy of the Silk Road web server on the 23^rd of July 2013. This was all done under the Mutual Legal Assistance Treaty, which implies that they had access to current site information up until the point they shut the site down.
• This included user account and transaction information. It’s unclear whether or not this covers addresses and other sensitive transaction information.
• **This also apparently covers at least 60 days worth of messages from the period where the site was copied.
• From February 6, 2011 to July 23 2013, 9,519,664BTC was generated in sales, 614,305BTC going directly to DPR in the way of “commissions”. This comes to a total of 1,229,465 transactions.
• Based on the copy of the site which the FBI received, they believe DPR to have been the sole operator and owner of SR, handling all aspects of the site himself and delegating only user affairs to appointed moderators.
• —
• In March of this year, a SR user/vendor called “FriendlyChemist” attempted to extort DPR via SR’s private message system, providing proof that he had the names/addresses of thousands of vendors/users after having allegedly hacked a bigger vendor. He demanded $500,000USD, saying that he needed the money to pay off his supplier. DPR then stated that he wished to speak to FriendlyChemist’s supplier.
• A user called “redandwhite” then proceeded to contact DPR, stating that he was FriendlyChemist’s supplier and also the owner of his debt. DPR then solicited redandwhite to “execute” FriendlyChemist, supplying redandwhite his full name and address. After having agreed on terms, DPR sent redandwhite approximately $150,000USD (1,670BTC) to have FriendlyChemist killed. redandwhite later provided photographic proof of the alleged murder.
• Investigators could not find any record of somebody in that region being killed around that date or matching that description. This possibly implies that DPR was duped/scammed, but, DPR is also quoted as having told redandwhite the following: “Not long ago, I had a clean hit done for 80k.”
• —
• DPR has been identified as Ross William Ulbricht.
• > “He is 29 years old, graduated from the University of Texas with a Bachelor of Science degree in Physics in 2006. From 2006 to 2010, he attended graduate school at the University of Pennsylvania School of Materials Science and Engineering.”
• His LinkedIn profile is at: http://www.linkedin.com/in/rossulbricht

Now, onto how he got caught…

• An agent involved in the investigation (“Agent-1”), found the first few references to SR on the internet from somebody only identified as “altoid”, attempting to promote the site in its beginning days, in January of 2011.
• In October of the same year, a user also going by the name of “altoid” made a posting on Bitcoin Talk titled “a venture backed Bitcoin startup company”, which directed interested users to “rossulbricht at gmail dot com”.
• That email address is what led to DPR’s downfall.
• —
• After identifying “altoid”, they started connecting the “DPR” identity to Ulbricht pretty quickly.
• Ulbricht’s Google+ page and YouTube profile both make multiple references to the a website dubbed the “Mises Institute”. DPR’s signature on the SR forums contained a link to the Mises Institute.
• DPR cited the “Austrian Economic theory” along with the works of Ludwig von Mises and Murray Rothbard, all of which are closesly associated with the Mises Institute.
• Server logs show that someone logged onto the SR administration panel from San Fransisco around the same time that Ulbricht was staying in San Fransisco.
• Multiple fake IDs were intercepted by U.S. Customs & Border Patrol while on their way to an address which Ulbricht was living at the time. These IDs all carried photos of Ulbricht but had false names and details. This was around the same time that DPR stated in a message that he was acquiring some fake IDs to buy new servers.
• When questioned by Homeland Security about the fake IDs, he refused to answer any questions but then stated that anyone could purchase such things using “Silk Road” and “Tor”.
• The address which Ulbricht was staying at was being rented in cash and he was living with housemates who knew him under a name which corresponded with one of the fake IDs.
• He posted on StackOverflow using his real name, inquiring about how to use curl/PHP to grab things off Tor, before quickly changing the name to “frosty” (with a fake email: frosty@frosty.com)

Miscellaneous notes

• Some of DPR’s friends were apparently aware of SR, even going so far as to not-so-subtly ask him about it on Google+: http://imgur.com/quEjWDh
• His Facebook URL is at: https://www.facebook.com/rossulbricht/
• His YouTube URL is at: http://www.youtube.com/user/ohyeaross
• There’s a pretty lengthy “interview” with him and a friend, discussing their lives available here: https://www.youtube.com/watch?v=Olib3jnvSmw (doesn’t reference SR at all)