The Silk Road, Federal law enforcement and who’s watching the Undercover Agent!

The week’s arrests of former Federal Agents Carl Mark Force IV and Shaun Bridges is more than just an embarrassment to the agencies involved.  It is another indicator of the managers’ lack of understanding of their agents’ Internet investigations work.  Much to the chagrin of some of our book, Investigating Internet Crimes, readers, we devoted considerable space to discussing investigative policy. Gee, I wonder why? The Silk Road investigation has provided an example, and not a good one for law enforcement managers to have policy and understand what their investigators are doing online.

Several clear things have appeared in this case. Early on the lack of documentation exploded when the former FBI Agent Tarbell wrote in an affidavit that he failed to document his actions when he found the Silk Road server. I had previously defended the FBI and publically stating that we needed to wait until all the facts (and testimony) were in. Well at Ross Ulbricht’s trial it never came in and we have just found out why some things were never discussed. Agents Carl Mark Force IV and Shaun Bridges were under investigation and the defense was prevented from disclosing anything about their conduct.  Now, I am not an attorney and cannot discuss how those motions were or should have been handled, but I can discuss the disclosures recently made and how poorly it appears the Federal supervisors acted.

Supervising people undercover has been a long standing supervision intensive problem. Long ago working vice I remember a supervisor criticizing my performance after the fact. However, that supervisor was right there, listening to the wire and gave me immediate feedback. I would not be making that mistake again.  Internet investigations have changed what it means to be undercover (UC).  When we first started doing UC on the Internet in the late 1990’s to document what we did and the chat’s we had included a video camera over our shoulder. At that point there was not much else we could do.  As investigative techniques continued, law enforcement found tools to assist them in their documentation. Screen captures and video recordings were accomplished with tools like Techsmiths Snagit and Camtasia which were adopted for this new purpose. Later tools like WebCase were designed specifically for treating information on the Internet as evidence.

Collection of evidence from the Internet is a unique and specific problem which I wrote about years ago in a whitepaper Collecting Legally Defensible Online Evidence.  Not collecting Internet evidence properly is just the beginning of the Federal Managers supervision problems in this case. The next issue was the fact that they were not supervising their undercover agents. We do know that some recordings were made, but who looked at them.  Was anyone looking at the UC’s actions online? Was anyone review the recordings being made? Was anyone supervising the agents? Apparently not,  because the criminal investigation of the agents found the use of one of the unauthorized accounts in one of the UC recordings. No supervisor was looking or if they were they didn’t know what they were looking at. Agent  Gambaryan reviewed the case file of Force and found “…several DVDs of video taken with FORCE’s official DEA laptop with a screen-recording program…”.

Image one

Gambaryan found the reference to an account that Force used that was not mentioned in the reports. But it was in the undercover video’s. What supervisor was reviewing his actions.  Again,  apparently no one.

Another indicator  the supervisors should have seen with Agent Force as UC was the encrypted communication.  Everyone should have known he was using encrypted communications with DPR (Ross Ulbricht). In fact in Agent  Gambaryan’s affidavit he comments on the prosecutors continual mentioning of providing all of the encrypted communications.

Image two

Agent  Gambaryan also, although probably not intentionally, puts the issue of undercover Agent supervision squarely on the managers feet when he surmises Force’s failure to provide the encryption keys to his managers.

 Image three

If the supervisors/managers were, doing their job this would not have been an issue. They should have known and would have obtained the keys. But they didn’t.

Okay, back to our book. As a former law enforcement supervisor I have recognized for years that supervision, management of undercover officers and policy go hand in hand.  Previous to writing our book, I wrote the first published model policy on using social media by law enforcement because I saw the need. We included much of this in our book, including ethics discussions and these model policy’s for law enforcement conducting Internet investigations. We did so, because it has not been discussed and needs to be understood. Law enforcement managers at all levels (local, State and Federal) need to understand that undercover work on the Internet has just as many supervision issues as undercover work in the real world. Some of the issues are the same and some are different. But, supervision and management must still occur regardless of the case.

 

Advertisements

Wow, the FBI can’t investigate Cybercrime: What do We do now?

The tech headlines since September have included how the FBI is so incompetent that it can’t investigate Cyber crime. Many articles have even insisted that they have lied about how they investigated certain cyber crimes. Some online are saying the Silk Road 1 arrest of Ross Ulbricht, whose trial starts this week, could not have happened without a grand conspiracy with the CIA. The investigation of the attack on Sony did not happen the way the FBI said because, well, apparently they are too slow to know how it was done The tech headlines since September have concluded the FBI is incompetent and can’t investigate cyber crime properly. The  “FBI Lied About How it Obtained Silk Road Server Location Says Security Expert” and “The FBI May Have Made An Embarrassing Mistake While Investigating The Sony Hack” or “Some Experts Still Aren’t Convinced That North Korea Hacked Sony

I guess the FBI’s work  and arrest of Blake Benthall during the Silk Road 2 investigation was not real nor was the malware arrest under operation Blackshades. What I think is happening to the FBI is a broader reactionary response to law enforcement by some.  The current tech industry attitude being espoused concerning the FBI is a similar distrustful reaction that some are having towards U.S. law enforcement in general after the recent police shootings.

In the Tech industry it appears that every so called “Cyber Security” firm that wants its fifteen minutes of fame has come out saying the FBI is wrong. At this point, the problem is no one outside of these investigations has any idea what the evidence is or is not in these cases.  Sony brought in Mandiant to assist in their investigation.  Even Kevin Mandia, CEO of Mandiant, in a letter to Sony’s Michael Lynton states that the attack was unprecedented.

2015-01-05_12-56-22

Now this certainly does not say that the attack was done as the FBI claim by the North Koreans, but it certainly does support the fact that there is much we have yet to understand about the case.

I understand the FBI’s position and that external criticism is part of law enforcement. What I do not understand is the huge amount of discord without knowing the facts.  Okay, maybe the FBI is wrong, but the only people that know the facts are the FBI, the victims and the perpetrators. External analysis is always good in a free society, but let us be careful when we call the ones we enlist to help us liars without the benefit of all the facts.

Silk Road 2.0: A Cheap Imitation of the Original

Last week it was announced that law enforcement had again taken down illegal Tor markets. Kudos to law enforcement on their apparent success! Although, they took down several such online market places, the one that caught everyone’s attention was Silk Road 2.0, the heir apparent to the original, shut down a little over a year ago. But has anyone really compared the original Silk Road to 2.0? It appears that 2.0 is a cheap knock off or imitation.

The Original

The first Silk Road was in operation from approximately February 2011 to October 2013, roughly 32 months. It reportedly had total sales of about $1.2 billion, earning $80 million in commissions. It also had over 13,000 in drug listings. When it was initially shut down, 26,000 Bitcoins (BTC) were seized from Silk Road accounts, worth approximately $3.6 million at the time. However, there was also 144,000 BTC, or about $28 million, seized from the purported mastermind. We have little information that it was every hacked, at least to any great extent. We have no information to date its fall was due to an undercover agent working on the inside.

Silk Road 2.0

Silk Road 2.0, operated from about November 2013 to October 2014, roughly about 12 months. One particular month’s sales were noted at $8 million. At a 5% commission, this earned the illegal business about $400,000. However, we can’t say they averaged $8 million a month. In fact, shortly after Silk Road 2.0 start-up it was hacked, losing about $1.5 million in BTC. It reportedly had drug listings of about 14,024. We have information that only about $1 million has been seized at the present time. Finally, the complaint reflects that early on an undercover agent was on board, working with the supposedly more “secure” management team.

Looking at longevity, total sales, and amount seized Silk Road 2.0 pales in comparison to the original. The only area Silk Road 2.0 appears to exceeded the original in was total drug listings. However, more listings did not translate into more money. To be fair to Silk Road 2.0, they clearly had more competition than the original. But I think that success is all negated when one considers they were hacked and had an undercover agent working on the inside.

Now we have news that Silk Road 3.0 has started up. Maybe someone should point out to the new Dread Pirate Roberts that this franchise appears to be a dead end. You can’t spend all those earned BTC commissions very well in prison, particularly if they end up being seized. One thing I would point out though, which kind of sends chills up my spine. Both Silk Road and 2.0, were not run by career drug dealers. They were run by tech savvy individuals, with no brick and mortar drug dealing expertise. With the kind of money being made it will not be long, if it hasn’t happened already, that a traditional drug dealer or gang will decide to go “high tech” into Tor’s marketplace. When that happens, this so called “safe” online market place will become a lot more dangerous for those involved. On that thought, I left a cigar lit somewhere.

Additional Reading

More Than 400 .Onion Addresses, Including Dozens of ‘Dark Market’ Sites, Targeted as Part of Global Enforcement Action on Tor Network

Operator of Silk Road 2.0 Website Charged in Manhattan Federal Court

Original Silk Road Complaint

Silk 2.0 Complaint

Silk Road 3.0 Opens for Business

The FBI’s Plan For The Millions Worth Of Bitcoins Seized From Silk Road

Silk Road Reload – 3.0 is already up and running

The new main page of what purports to be the reboot of Silk Road says “This is no place for men without souls. We rise again Silk Road 3.0.” Check it out, the new site address is at http://qxvfcavhse45ckpw.onion.

2014-11-07_14-42-08 Redo

 

Who knows if this is a reboot by the 2.0 staff or a total take over of the name and concept by new people. Whatever it is the store is open.

2014-11-07_14-48-10 for sale

 

No doubt that someone is interested in the millions of dollars in Bitcoin possible in the name, The site appears to have reopened with in just two days of the FBI’s take down of the Silk Road 2.0 and many of its competitors. From a business model having all your competitors eliminated in one large law enforcement take down is pretty helpful.

At least the new Dread Pirate Roberts is polite….

2014-11-07_14-45-43 DPR Message

How long until the next hand off to a new DPR….FBI, the ball is in your court.

 

FBI 2 – Silk Road 0

2014-11-06_12-25-53

Its early in the reporting, but the FBI has announced that they have arrested the new mastermind behind Silk Road 2.0, a BLAKE BENTHALL, a/k/a “Defcon,”. The early reports online are also stating that other sites including Cloud 9, Cannabis Roads Forums and Hydra have been taken down also. The FBI and Homeland Security have been busy. The great part of this, according to the reports, is that the undercover investigator had infiltrated Benthall’s organization and had early on had access to the administrative side of the website.

I am sure there will be more to follow on this case. If you are interested in the escapades of those behind the original Silk Road and the investigation you should check out  Deep Web the Movie.  Author, and digital forensic expert, Todd G. Shipley is working with the production staff on the movie.