United States Attorney’s Office – 1/Ross Ulbricht – 0

Ross Ulbricht, 30, was found guilty by a Manhattan federal jury on all seven counts in the indictment he was charged.  He was convicted as the mastermind behind the original version of the Tor Hidden Service known as the Silk Road. The pundits have already begun to take apart the prosecution’s case saying it was unfair. The maligning of Judge Forrest’s handling of the case before and during the trial has begun in earnest. Even Ulbricht’s attorney, Joshua Dratel, is being questioned publically for his apparent lack of a real defense.  Some explaining he simply set the stage for the inevitable appeal.

silk_road01 Guilty

So what happens next?  Well Ross still has a pending indictment for the murder-for-hire plot in the Maryland District. Whether or not he will go to trial on that charge is unknown at this time. But, a betting man might consider that will be a slam dunk too based on the evidence presented in New York.

So how was Ross convicted when he wasn’t guilty according to his defense? What I have said before is exactly what the U.S. Attorney’s office presented; they put on a typical drug trial. Ross Ulbricht was convicted because of the drug case not because of his inventive method of using Tor as a “Social Experiment”. The Tor Hidden Service was only the vehicle by which the drug conspiracy was conducted. The Assistant United States Attorney (AUSA) Serrin Turner put the pieces together one by one and connected the face of Ross Ulbricht to the online persona Dread Pirate Roberts (DPR). They moved the evidence collected from the real world through the medium of communication, which just happened to be Tor. The AUSA used cooperating witnesses to explain the drug trade and like in any good drug trial followed the money straight back to Ross Ulbricht. Never mind that the money was in what the jury probably thought was some obscure online money trading system. Money for drugs is just that, money for drugs.  Ross Ulbricht is now, not just a famous drug King pin, but a convicted one.

Wow, the FBI can’t investigate Cybercrime: What do We do now?

The tech headlines since September have included how the FBI is so incompetent that it can’t investigate Cyber crime. Many articles have even insisted that they have lied about how they investigated certain cyber crimes. Some online are saying the Silk Road 1 arrest of Ross Ulbricht, whose trial starts this week, could not have happened without a grand conspiracy with the CIA. The investigation of the attack on Sony did not happen the way the FBI said because, well, apparently they are too slow to know how it was done The tech headlines since September have concluded the FBI is incompetent and can’t investigate cyber crime properly. The  “FBI Lied About How it Obtained Silk Road Server Location Says Security Expert” and “The FBI May Have Made An Embarrassing Mistake While Investigating The Sony Hack” or “Some Experts Still Aren’t Convinced That North Korea Hacked Sony

I guess the FBI’s work  and arrest of Blake Benthall during the Silk Road 2 investigation was not real nor was the malware arrest under operation Blackshades. What I think is happening to the FBI is a broader reactionary response to law enforcement by some.  The current tech industry attitude being espoused concerning the FBI is a similar distrustful reaction that some are having towards U.S. law enforcement in general after the recent police shootings.

In the Tech industry it appears that every so called “Cyber Security” firm that wants its fifteen minutes of fame has come out saying the FBI is wrong. At this point, the problem is no one outside of these investigations has any idea what the evidence is or is not in these cases.  Sony brought in Mandiant to assist in their investigation.  Even Kevin Mandia, CEO of Mandiant, in a letter to Sony’s Michael Lynton states that the attack was unprecedented.

2015-01-05_12-56-22

Now this certainly does not say that the attack was done as the FBI claim by the North Koreans, but it certainly does support the fact that there is much we have yet to understand about the case.

I understand the FBI’s position and that external criticism is part of law enforcement. What I do not understand is the huge amount of discord without knowing the facts.  Okay, maybe the FBI is wrong, but the only people that know the facts are the FBI, the victims and the perpetrators. External analysis is always good in a free society, but let us be careful when we call the ones we enlist to help us liars without the benefit of all the facts.

Silk Road 2.0: A Cheap Imitation of the Original

Last week it was announced that law enforcement had again taken down illegal Tor markets. Kudos to law enforcement on their apparent success! Although, they took down several such online market places, the one that caught everyone’s attention was Silk Road 2.0, the heir apparent to the original, shut down a little over a year ago. But has anyone really compared the original Silk Road to 2.0? It appears that 2.0 is a cheap knock off or imitation.

The Original

The first Silk Road was in operation from approximately February 2011 to October 2013, roughly 32 months. It reportedly had total sales of about $1.2 billion, earning $80 million in commissions. It also had over 13,000 in drug listings. When it was initially shut down, 26,000 Bitcoins (BTC) were seized from Silk Road accounts, worth approximately $3.6 million at the time. However, there was also 144,000 BTC, or about $28 million, seized from the purported mastermind. We have little information that it was every hacked, at least to any great extent. We have no information to date its fall was due to an undercover agent working on the inside.

Silk Road 2.0

Silk Road 2.0, operated from about November 2013 to October 2014, roughly about 12 months. One particular month’s sales were noted at $8 million. At a 5% commission, this earned the illegal business about $400,000. However, we can’t say they averaged $8 million a month. In fact, shortly after Silk Road 2.0 start-up it was hacked, losing about $1.5 million in BTC. It reportedly had drug listings of about 14,024. We have information that only about $1 million has been seized at the present time. Finally, the complaint reflects that early on an undercover agent was on board, working with the supposedly more “secure” management team.

Looking at longevity, total sales, and amount seized Silk Road 2.0 pales in comparison to the original. The only area Silk Road 2.0 appears to exceeded the original in was total drug listings. However, more listings did not translate into more money. To be fair to Silk Road 2.0, they clearly had more competition than the original. But I think that success is all negated when one considers they were hacked and had an undercover agent working on the inside.

Now we have news that Silk Road 3.0 has started up. Maybe someone should point out to the new Dread Pirate Roberts that this franchise appears to be a dead end. You can’t spend all those earned BTC commissions very well in prison, particularly if they end up being seized. One thing I would point out though, which kind of sends chills up my spine. Both Silk Road and 2.0, were not run by career drug dealers. They were run by tech savvy individuals, with no brick and mortar drug dealing expertise. With the kind of money being made it will not be long, if it hasn’t happened already, that a traditional drug dealer or gang will decide to go “high tech” into Tor’s marketplace. When that happens, this so called “safe” online market place will become a lot more dangerous for those involved. On that thought, I left a cigar lit somewhere.

Additional Reading

More Than 400 .Onion Addresses, Including Dozens of ‘Dark Market’ Sites, Targeted as Part of Global Enforcement Action on Tor Network

Operator of Silk Road 2.0 Website Charged in Manhattan Federal Court

Original Silk Road Complaint

Silk 2.0 Complaint

Silk Road 3.0 Opens for Business

The FBI’s Plan For The Millions Worth Of Bitcoins Seized From Silk Road

Silk Road Reload – 3.0 is already up and running

The new main page of what purports to be the reboot of Silk Road says “This is no place for men without souls. We rise again Silk Road 3.0.” Check it out, the new site address is at http://qxvfcavhse45ckpw.onion.

2014-11-07_14-42-08 Redo

 

Who knows if this is a reboot by the 2.0 staff or a total take over of the name and concept by new people. Whatever it is the store is open.

2014-11-07_14-48-10 for sale

 

No doubt that someone is interested in the millions of dollars in Bitcoin possible in the name, The site appears to have reopened with in just two days of the FBI’s take down of the Silk Road 2.0 and many of its competitors. From a business model having all your competitors eliminated in one large law enforcement take down is pretty helpful.

At least the new Dread Pirate Roberts is polite….

2014-11-07_14-45-43 DPR Message

How long until the next hand off to a new DPR….FBI, the ball is in your court.

 

Operation Onymous- What it actually means for law enforcement and the Internet

By now most of the Internet has heard and is digesting the actions of law enforcement agents around the world taking down the infamous Silk Road 2 and other online Tor hidden markets. The question for all of us now is what does this mean in the future? We have been talking about the subject of Internet Investigations for more than two decades. The normal conversation is about how difficult it is and how law enforcement does not have the capacity to stay up with the online criminals. I think this week’s efforts will be game changer in the general investigative philosophy of law enforcers.

What this week has shown the community of law enforcement, as well as the for the criminals, is that law enforcement does have the ability to extend their reach into the darkest places of the Internet. The have the ability to find the criminals, identify them and handcuff them in the real world. Internet investigations have now been brought out into the light of day as a real and productive opportunity for policing in the 21st century. What the average law enforcement investigator needs to take away from this week is that they can go online, they can investigate internet crimes, and they can protect their communities from criminals hiding amongst them using anonymization.

Investigating crimes on the Internet does take some understanding of the technology and it does require training in the proper techniques and skills required to successfully conduct these investigations.

But, these crimes can be investigated…

FBI 2 – Silk Road 0

2014-11-06_12-25-53

Its early in the reporting, but the FBI has announced that they have arrested the new mastermind behind Silk Road 2.0, a BLAKE BENTHALL, a/k/a “Defcon,”. The early reports online are also stating that other sites including Cloud 9, Cannabis Roads Forums and Hydra have been taken down also. The FBI and Homeland Security have been busy. The great part of this, according to the reports, is that the undercover investigator had infiltrated Benthall’s organization and had early on had access to the administrative side of the website.

I am sure there will be more to follow on this case. If you are interested in the escapades of those behind the original Silk Road and the investigation you should check out  Deep Web the Movie.  Author, and digital forensic expert, Todd G. Shipley is working with the production staff on the movie.

Digital Domestic Violence

“Stranger danger” has been used frequently to describe online threats, particularly those facing minors. However, one of the most serious digital dangers facing some individuals is posed by those who likely know the Internet user the best, such as a former spouse or significant other. Increasing domestic abusers are turning to technology to harass, threaten, and/or stalk their victims. This has become known as “digital domestic violence.” Use of technology to stalk or harass, has been since almost since the Internet’s inception. In the mid-1990’s, we started seeing the term “cyberstalking” and cyber harassment being coined in recognition of how individuals were using electronic communications to victimize others. Digital domestic violence (DDV) is more narrowly focused on those who use technology against a former girl/boyfriend or spouse. It can include using the Internet to:

  • Research methods and means to harass or stalk their victims;
  • Keep track and follow their victim’s movements and habits, frequently by accessing social media, either with or without global positioning information;
  • Transmitting and/or accessing computer monitoring software reports installed on victim’s computer or devices;
  • Transmit actual threats or harassment towards their victim; and
  • Facilitate the use of other technologies in DDV, such as GPS trackers, cell phone tracking, and remote video/audio surveillance.

One’s former significant other or spouse, is in a unique position to wreak digital chaos on their victim’s lives. This is because of trust. The victim at some point in the relationship likely trusted their future attacker. With trust can come access to the victim’s computer and/or mobile devices. Prior to the relationship’s termination, the offender may have searched the device, viewing browsing history, e-mails, text messages, etc. They may have also left their e-mail account or social media profile opened. This access also may have allowed the future attacker to install monitoring software unbeknownst to the victim. Monitoring software by the way is very easy to install on computers and mobile devices. It is rather inexpensive, free versions are available, and depending upon the vendor, the results can be reviewed via the Internet, without direct access to the device that it is installed on.

Even if the victim did not provide access to their devices, they may have accessed their e-mail and/or social media from their future attacker’s own device. It isn’t that uncommon for a trusting girlfriend to check on their social media profile or e-mail via their boyfriend’s lap top or computer. They might not have been completely logged off when they were done, allowing the boyfriend to gain access. Even if they did log off, depending upon the offender’s technical sophistication, the password may be able to be recovered from their system at a later date. An unsophisticated offender may have even installed monitoring software on their own computer to capture passwords of unsuspected users for later retrieval. These are not the only methods to gain access to a victim’s digital life. Other cyber-criminal’s rely on methods, such as social engineering, to get passwords. Because of trust, a future attacker, may know their victim’s passwords to e-mail accounts and social media profiles. DDV offenders unlike strangers, know their victims, their friends, their habits, their history, etc.. If they don’t know the passwords, they likely know the answers to challenge questions to reset them. They know a lot about their victims, which can be used to trick them into providing information, getting them to install a program, such as monitoring software, or unknowingly add them as an “old” school friend in their social media circle. Other DDV offenders focus at the start with more direct methods of harassment and/or threats, such as sending messages or posting on social media profiles.

Victims should make sure to print out or take screen shots of all harassing or threatening messages so they can be provided to law enforcement. These posts can be quickly dealt with by reports to law enforcement and service providers and electronically blocking the offender from sending or posting messages. However, if the DDV offender still manages to electronically get to their victim, it may be that they have gotten access to the victim’s accounts and/or installed monitoring software. At a minimum, individuals involved in a bad break up with no violence, need to change all passwords to all accounts. They should also consider removing their former partner from their social media circles or at a minimum imposing restrictions on what they can access. Additionally, it is important to turn off GPS tracking on one’s mobile devices (cell phone, I-Pads, Windows Tablets, etc.) as well as for digital cameras (Digital cameras will embed GPS coordinates in the meta-data of image files created). If it appears that their former partner is still gaining access to them or following them they may wish to either get new devices or have their old ones checked for monitoring software (this can be costly but effective). In cases where violence occurred, victims need to immediately stop using their devices until they are deemed safe and gain access to new or trusted devices. In all cases where DDV is occurring victims need to contact law enforcement and seek help from resources such as those listed below. Obviously, victims should not use an untrusted device to make these contacts as their attacker may be monitoring them. (The National Domestic Violence Hotline is 1-800-799-7233 TTY: 1-800-787-3224).

Resources

Daily Tip: How to turn off GPS geo-location for iPhone photos, protect your privacy

Digital Harassment Is the New Means of Domestic Abuse

How to Turn Off GPS on a Cell Phone

How to Turn off GPS on the iPhone

How to Turn Off Location Services on an iPad

Minnesota Center Against Violence and Abuse

National Coalition Against Domestic Violence

Privacy and Domestic Violence

Smartphone Pictures Pose Privacy Risks

The National Domestic Violence Hotline

Turn Off Your Smartphone Camera’s GPS to Protect Your Privacy

What is Digital Abuse?