What issues should CISOs be prioritizing, and how can they get the most bang for their buck? An esteemed panel of accomplished security leaders discuss the challenges for 2022 and more - check it out...
July 25, 2022 |
Born in Israel in 1975, Malicious Life Podcast host Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.
In 2007, created the popular Israeli podcast Making History. He is author of three books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.
Malicious Life by Cybereason exposes the human and financial powers operating under the surface that make cybercrime what it is today. Malicious Life explores the people and the stories behind the cybersecurity industry and its evolution. Host Ran Levi interviews hackers and industry experts, discussing the hacking culture of the 1970s and 80s, the subsequent rise of viruses in the 1990s and today’s advanced cyber threats.
Malicious Life theme music: ‘Circuits’ by TKMusic, licensed under Creative Commons License. Malicious Life podcast is sponsored and produced by Cybereason. Subscribe and listen on your favorite platform:All Posts by Malicious Life Podcast
It’s probably safe to say that when 30-years-old Ross Ulbricht launched Silk Road – “The Amazon of Drugs” – in February 2011, he had no idea that within less than a year, his libertarian free-market experiment would become a record-setting success, netting him hundreds of millions of dollars.
But Silk Road’s new found fame did more than bring the site more sellers and buyers: it also brought it more attention from law enforcement agencies, as well as hackers and other shady characters.
At Chicago’s O’Hare Airport, over a period of four months, ICE agent Jared der-Yeghiayan had amassed hundreds of envelopes containing various drugs sent to Silk Road customers. He even opened an account on Silk Road and ordered drugs from several international sellers: most of the items he ordered were indeed sent to his PO box. Silk Road was living up to its reputation.
But when der-Yeghiaya tried to convince his managers to investigate the matter more deeply, he was met with a refusal: the quantities of drugs he seized so far, his bosses said, were too small to warrant a full blown investigation. And so, for the present moment, der-Yeghiayan was still a task force of one.
But not for long. At roughly the same time, a multi-agency task force was being assembled in Baltimore, Maryland, to take down the Silk Road.
Carl Force was a seasoned DEA undercover agent: he had his share of fake identities and door-kicking drug busts. Now in his late 40’s, after a two-year break from active duty due to a mental breakdown, he was back with the DEA as a desk cop. When the call came, in February 2012, to join the Silk Road task force in Baltimore – he saw in it the action and excitement he was badly missing. Assuming the role of a coke and heroin smuggler from the Dominican Republic, Force went undercover as a seller on Silk Road, calling himself “Nob”.
In April, Force – posing as Nob – sent Ross Ulbricht – himself hiding behind the moniker ‘Dread Pirate Roberts, or DPR for short – a message with an offer:
“Mr. Silk Road,
I am a great admirer of your work. Brilliant, utterly brilliant! I will keep this short and to the point. I want to buy the site. I’ve been in the business for over 20 years. SILK ROAD is the future of trafficking.”
DPR told Nob that the site’s starting price was at nine figures, and added:
“This is more than a business to me. It’s a revolution and is becoming my life’s work…It would not be easy to pass the baton without hurting the enterprise… And right now, that is more important to me than the money.”
Ross wasn’t overvaluing his website. It was estimated that Silk Road accounted for nearly 20% of all Bitcoin transactions, with sales of just under $40 million a month at its peak in September 2013.
Although the sale didn’t go through, agent Force had provided the task force with an estimate of the site’s magnitude – and, more importantly, Nob the smuggler managed to get his foot in the door. DPR now thought of Nob as a major player, and when Nob asked DPR to facilitate a two pound cocaine sale, DPR was more than happy to oblige and referred him to one of his moderators as a middleman.
In January 2013, a van was parked across the street from a house in Spanish Fork, Utah. The DEA agents who were sitting inside it were watching intently as a man wearing a postal service jacket dropped off a small package on the doorstep.
47 year old Curtis Green picked up his wife’s pink walking cane and hobbled to the front door to check out the delivery. A sickly, overweight man whose body had betrayed him at an early age, Green was in chronic pain – which is why he chose ChronicPain as his handle in Silk Road, where he had been working as a moderator, deal broker and the occasional middleman for the past two months.
With the DEA agents watching his every move and waiting for the opportune moment to pounce, Green bent over laboriously and picked up the package. He wasn’t expecting any delivery, and so after inspecting the envelope – he threw it in the outside garbage can. The DEA agents were left slack-jawed. It seemed like their planned drug bust was going down the drain.
But a few minutes later, Green – having apparently changed his mind – went outside again and retrieved the package from the trash. That was exactly what the agents were waiting for: a SWAT team busted down the front door, and Curtis Green was thrown to the floor with traces of cocaine on his hands and face.
The frightened Green immediately offered his full cooperation. It was a fortuitous turn of events for the Baltimore task force because, as it turns out, Green had admin privileges to private user messages, details of sales transactions and access to Bitcoin accounts of users and moderators – including that of DPR. In other words, Green, for all his frailty, was a big fish.
Somehow, Ross Ulbricht learned of Curtis Green’s arrest, and was understandably concerned by his potential to flip. At the same time he was also alerted by another moderator that $350,000 had been stolen from the website. The theft was quickly traced back to ChronicPain’s account. So DPR reached out to Nob, the seasoned smuggler, with a question: Can you “fix” the problem?
That is how Curtis Green, a.k.a ChronicPain, found himself being fake-waterboarded by a government agent at a Salt Lake City Marriott Hotel bathtub, while DEA agent Carl Force was taking pictures.
But Variety Jones, Ulbricht’s trusted friend and mentor, was still pissed.
“At what point in time do we decide we’ve had enough of someone’s shit, and terminate them?” He wrote on a secure chat.
The other moderators were also concerned. They were afraid ChronicPain would cooperate with the Feds or skip town with the money he stole. “I would have no problem wasting this guy.” DPR replied.
Nobs’s assignment was therefore changed. For a mere $80k he was hired by DPR to make ChronicPain disappear for good, making it the first of six alleged assassinations ordered by Ulbricht. Force instructed Green over the phone on how to fake-kill himself: Green drenched himself in water and drooled Campbell soup out of his mouth to make it look like he had vomited after being tortured, while his wife took the pictures and sent them to agent Force.
At this point in time, being hacked, ransomed, DDoSed and stolen from had become almost a routine for Ross Ulbricht. In his second year of operation, he was paying an average of $50k per week to various hackers. When a hacker calling himself FriendlyChemist threatened to release the real names and addresses of Silk Road’s users and sellers unless DPR paid him half a million dollars – Ulbricht saw himself justified in ordering another hit. He even haggled over the price. It was, after all, three times more than the last hit. The blackmail saga was concluded with a short entry on Ulbricht’s digital diary: “got word that blackmailer was executed”, which was followed a couple of days later with – “received visual confirmation of blackmailer’s execution.”
But that wasn’t the end of Ulbricht’s troubles. In April, he got a message from someone calling himself ‘Death From Above’ who threatened to assassinate him unless DRP paid him 250,000$.
“I know that you had something to do with Curtis [Green]’s disappearance and death. Just wanted to let you know that I’m coming for you. You are a dead man. Don’t think you can elude me.”
Ulbricht was apparently unphased by the threat. He replied to Death From Above:
“I don’t know who you are or what your problem is but let me tell you one thing: I’ve been busting my ass every goddamn day for over two years to make this place what it is. I keep my head down, I don’t get involved with the drama… somehow psychotic people still turn up at my doorstep… I’ve been hacked, I’ve had threats made against the site, and now, thanks to you, I’ve had threats made against my life. I know I am doing a good thing running this site. Your threats and all of the other psychos aren’t going to deter me… stop messaging me and go find something else to do.”
In New York City, Gary Alford, an IRS agent with the Department of Criminal Investigations, was called to his boss’s office. There’s a multi-agency task force trying to take down Silk Road, he was told, and they need someone to follow the money.
Alford was the right man for the job. A meticulous man, Gary Alford always read everything three times, just to make sure he didn’t miss anything. But after a few months with the New York taskforce, having read everything on the FBI and DEA’s database three times – Alford grew frustrated. They were getting nowhere, while Silk Road was getting bigger. So, Alford decided to do what other mortals do when they don’t know the answer to something: He asked Google.
You see, Alford had this idea – or rather a question: When was the very first time in internet history that the Silk Road was mentioned? Maybe the first person to mention the website, thought Alfod, knows something about something?
Knowing that Silk Road was launched in February 2011, Alford searched for mentions starting in January of that same year. A short time later, he found Ulbricht’s famed post on the hroomery, going by the name Altoid. Alford subpoenaed the Shroomery for all information relating to Altoid, which was how learned about a 26- year-old, college graduate and avid libertarian from Austin Texas named Ross Ulbricht, who made the rooky mistake of signing up to the Shroomery using his personal email: RossUlbricht@gmail.com.
When Alford ran Ross’s name through the government database, he found plenty of suspicious evidence against him. For example, he learned that Ross had recently traveled to Dominica, a known safe haven for money laundering, and that Ross was questioned a few weeks prior by Homeland Security for ordering nine fake IDs, which were intercepted by U.S Custom and Border Protection at a Canadian border, as part of a routine border search. His San Francisco address was on the package containing the IDs. When the Homeland Security agents asked him where he got nine fake IDs from, he told them he ordered them on a website called Silk Road.
Now, all that Alford had to do was convince the agents who were searching for DPR for over two years, that he found the mastermind behind Silk Road over the weekend. On google. It…didn’t go over too well. In a BBC interview, Alford recalled:
“You come into this big case and tell people you’ve cracked it over the weekend doing Google searches. I was just this total outsider. People just dismissed it.”
However, while Alford was googling the case wide open, there was another interesting development. By tinkering with Silk Road’s login interface until it leaked an IP address, the task force was able to figure out the website’s server location: a data center in Iceland. The Icelandic authorities, for their part, had no problem making a copy of the server and sending it back to America along with the passcode: TrytoCrackThisNSA (one word). The data from the server was retrieved and analyzed, and what do you know: it turned out that taxman Gary Alford and his google searches – were right.
Meanwhile, back in Chicago’s O’Hare Airport, DHS agent Jared der-Yeghiayan managed to get his hands on another Silk Road moderator: a woman from Texas whose handle was Cirrus. He flew her to Chicago where, for several days, she debriefed him about her online persona and provided him with passwords and related security information about the website. In exchange for impunity, Cirrus got to fly back home to Texas, leaving der-Yeghiayan to impersonate her as a Silk Road moderator.
For two weeks the FBI had been following Ross Ulbricht around the neighborhood of Glenn Park, San Francisco, where he had been living for the past year. der-Yeghiayan, who was now a full time Silk Road employee, stayed glued to his laptop, updating the San Francisco team when DPR was on and offline. DPR was offline when Ross Ulbricht went on dates, hikes, coffee runs or just hung out with friends. When Ross was spotted working on his computer – DPR was also logged on to the site. The timeframes matched: it was time to fly everyone to San Francisco to take down the Silk Road.
On October 2nd, 2013, at about 3pm in the afternoon, Ross Ulbricht decided he needed a change of scenery. He had been working from his apartment all day and needed a break. Ross logged off the site, grabbed his laptop and walked down three flights of stairs to the street and towards the local coffee shop. When he arrived at Bello Coffee, he realized the place was packed with patrons. Not a good place to be running the Amazon of drugs, he thought, and crossed the street to the Glen Park Public Library. As he walked past the plaza, he didn’t notice the plain clothes agents hanging out on the street and park benches, one of them talking on the phone, the other typing on his laptop. To get the evidence they needed the FBI had to catch Ross red handed – on the site, with his laptop open and logged on as DPR. It was up to der-Yeghiayan, who was sitting with his laptop on the bench at the plaza, to make sure that DPR was logged on.
Ross went into the half empty library and looked for a good spot: somewhere with steady wifi and few people. While he was getting settled, a small group of people entered the library and spread out. Their colleagues waited for them outside in the computer forensics van.
der-Yeghiayan was already online as Cirrus when DPR and him started a chat:
“Can you check out one of the flagged messages for me?” der-Yeghiayan asked.
“Sure,” DPR wrote. “Let me log in.”
While DPR was checking the flagged message for Cirrus, a couple who was seated at a table behind Ross began a heated argument. It was odd. People arguing at a public library?… As the woman yelled “Fuck you!” at her partner, Ross turned his head to see what was going on. At that brief second, while his head was turned, an agent swooped in and took his laptop. The agent then ran outside to the computer forensics van, where he made several copies of the hard drive while Ross Ulbricht, The Dread Pirate Roberts, was being handcuffed and searched.
Ross was locked up for two weeks in a jail in Oakland, California, until he was transferred to New York City, where he stood trial. The government offered Ross a plea bargain of ten years to life, but he refused. He wanted his day in court. Maybe he felt he had the moral high ground.
In a 2020 article for Vanity Fair author Nick Bilton wrote:
“Ulbricht had made an argument that he had started the Silk Road site to try and create “harm reduction” within the war on drugs, allowing people to have a safer place to buy and sell illegal wares without the worry of being harmed by dealers, or arrested by the police. For this, he reasoned, and because he did his drug dealing from a computer, not the streets, he should not be charged to the full extent of that law.”
But the Judge presiding over the case considered this argument an utter nonsense: an attempt by a middle class, educated white man to distance himself from the fact that he was in fact a drug dealer, and paint himself as an ideological freedom fighter – just because he sold drugs from the privacy of his own home:
“No drug dealer from Harlem or the Bronx would have made these arguments. It’s an argument of privilege.”
According to Bilton, the seizure of Ross’s laptop while he was still logged on as The Dread Pirate Roberts, decimated all lines of his lawyer’s defense. They had everything: the secured chats on Silk Road, the digital diary Ross kept, passcodes, source code, accounts, names and addresses of buyers and sellers, photo IDs of all moderators and the assasination orders. His defense went from ‘it wasn’t him’, to ‘it was him but he only built the site’, to ‘ok, he built the site, ran it for a few months but sold it to someone else’ – but to no avail. There was also an attempt to dismiss the money laundering charges because Bitcoin isn’t “real money”.
But the evidence was insurmountable. The jury deliberated for only 3.5 hours before they passed a guilty verdict. After the trial Bilton interviewed one of the jurors, who told him they had actually reached the guilty verdict within minutes, but broke for lunch to make it look like they had actually deliberated.
Ross William Ulbricht was convicted on four counts of conspiracy to money laundering, conspiracy to commit computer hacking, conspiracy to traffic fraudulent identity documents, and conspiracy to traffic narcotics by means of the internet. The assasination charges were dismissed by the DoJ as no bodies were ever found. District Court Judge Katherine Forrest gave him a sentence that exceeded that requested by the prosecution: two life sentences plus 40 years without parole.
Ulbricht is now starting his tenth-year of incarceration. He has a twitter account where he shares tidbits of jail life and thoughts. He wrote code for a computer program which he can’t sell because he’s a prisoner. There’s also a Free Ross Ulbricht initiative championed by his mother, Lyn. According to their website, FreeRoss.org, over half a million people have signed a petition demanding clemency for Ross, stating that the severity of his sentence was a miscarriage of justice. According to Lyn Ulbricht, first-time offenders charged with non-violent crimes are usually sentenced to a maximum of 20 years in prison, while Ross’s punishment was much much harsher.
Amongst his supporters you can find none other than Ross’s alleged first “murder victim”: Curtis Green. In a tweet from 2017 Green wrote:
“Ross Ulbricht got a raw deal. There is so much more to the Silk Road story than people know, and I can’t yet talk about. I don’t believe Ross is dangerous or that it’s in his character to order a hit on anyone. He should never have gotten that horrible sentence.”
The Free Ross website also publishes his writings and has recently started selling his art as NFT. All proceeds go to pay so kids could come visit their parents in jail. Ross, through his supporters, is also fighting for prison reform.
Several hundred people from forty-three different countries have been caught since Ross Ulbricht’s arrest, concluding with the capture of Variety Jones. A Canadian living in Thailand, Roger Thomas Clark was extradited to the United States in 2018 where he pleaded guilty in a Manhattan Court. As of 2022 his sentence is still pending.
But the biggest surprise following the conclusion of Ulbricht’s trial was the arrests of two members of the task force itself.
Remember when I told you that immediately following Curtis Green’s arrest, a moderator alerted Ulbricht that some 350,000$ were stolen from Silk Road? Well, turns out this was no coincidence. Secret Service Agent Shaun Bridges was a computer forensic expert with the team. After Curtis Green was arrested in Utah, Bridges confiscated his computer as possible evidence – but then used the admin credentials he found in that computer to siphon off 350,000$ . He also locked several Silk Road dealers out of their accounts and then drained their bitcoins – valued at about 820,000k. Bridges was sentenced to 71 months in prison – but was later caught trying to leave the U.S. before the beginning his prison term. In 2021 it was discovered that Bridges was also involved in the theft of some 70,000 Bitcoins from Ulbricht’s account. Needless to say, his jail sentence just keeps getting longer.
The 2nd arrest following the trial was even more surprising: it was none other than DEA agent Carl Force.
Unbeknownst to his superiors, Force, who was communicating with DPR as Nob, created another account on Silk Road under a different name: Death From Above. It was him who tried to blackmail Ulbricht, and when that got him nowhere, he created another Silk Road identity called French Maid. As French Maid, he offered DPR inside-information about the government investigation against Silk Road. Ulbricht paid Force 100,000$, but probably got no information in return. It was also discovered that Force was involved with a digital currency exchange company called CoinMKT, and abused his position as a DEA agent to do criminal background checks for various customers. Lastly, he stole some 300,000$ from a customer.
Carl Force was sentenced to 78 months in prison. US District Judge Richard Seeborg said in his sentencing hearing:
“The extent and the scope of Mr. Force’s betrayal of public trust is quite simply breathtaking…It is compounded by the fact that it appears to have been motivated by greed and thrill seeking, including the pursuit of a book and movie deal.”
The fact that not one but two agents involved in the Silk Road case went rogue, raises some serious questions. Sure, it could be purely a coincidence – but then again, listen to the numbers I’ve been throwing around this entire episode: 350,000$, 100,000$, 250,000$, 820,000$… the temptations facing the task force’s team members were absolutely huge. No doubt, agents working on drug-related cases are somewhat used to resisting such temptations – but maybe when it comes to computer crimes, things are a bit… different. With Tor and Bitcoin’s promise of near-total anonymity, perhaps it’s harder now to resist the lure of the Dark Side.
The same can be said for markets on the Dark Web in general, markets that make it feel as if the crimes you’re committing are not “really” crimes at all: You’re just part of the chain of supply and demand. If someone wants it and you have it, who are you to deny them their desires? A victimless crime and a crimeless criminal.
Maybe that is why it took Defcon, Ross Ulbricht’s deputy in Silk Road, just five weeks to resurrect the site, as Silk Road 2.0. He too was arrested a year later, and the site was shut down along with 27 other dark web markets selling illegal goods. Defcon was sentenced to five years and four months in prison – but after Defcon, came someone else. He’s serving time too. Someone calling himself The Dread Pirate Roberts 2 opened a site called Silk Road 2. Along with narcotics and weapons the site also sells child pornography.
But here’s the thing: anonymity on the web is fragile. Digital communications leave a trail – and the internet never forgets. You might be a tech genius and know how to hide yourself behind layers of encryption – but as Ross Ulbricht learned the hard way, even geniuses make rookie mistakes when starting out. It might take law enforcement a bit longer to peel the layers off your encrypted onion – but eventually, usually, they will.