October 04, 2013

Awesome: Notorious Online Outlaw Caught Because He Forgot the First Rule of the Internet

The first rule of anonymity on the internet is never post your email address when that email address can be linked to you. It's a classic rookie mistake. I've outed dozens of extremists who did this same thing. And what is this super sekrit tool used to link a flesh and blood human to some "anonymous" nom de guerre on the internet? Google search:

US authorities believe that 29-year-old Ross William Ulbricht, arrested on Wednesday, is Dread Pirate Roberts (DPR) - the administrator of the notorious Silk Road online marketplace....

The trail began with a post made on a web forum where users discussed the use of magic mushrooms.

In a post titled "Anonymous market online?", a user nicknamed Altoid started publicising the site.

"Altoid" was in fact Ulbricht. He was trolling message boards and blogs that catered to people trying to score drugs. He was trying to drum up business for his own website where people could buy drugs and worse -- Ulbricht himself hired a hitman through his website to take care of a guy in Canada who threatened to out users on the site.

On one of the blogs "Altoid" left an email address:

In a post asking seeking to find an IT expert with knowledge of Bitcoin, he asked people to contact him via rossulbricht@gmail.com
Wow, that's a rookie mistake. You'd think a guy running one of the most successful darkweb sites would know better. You'd be wrong.

Purp over at AoSHQ thinks the guy was caught because the FBI has been able to use a bug designed for TOR to get info on users. But if you read the indictment it was nothing as sophisticated as that. Once they had an email link to the suspect, they got a warrant. With a warrant for proxy server's records they could locate the guy's real IP. And once you have that, well, the rest is just a mopping up exercise.

By Rusty Shackleford, Ph.D. at 12:34 PM | Comments |