PSU grad accused of orchestrating $1.2B in illegal drug sales on secret Web network
Ross Ulbricht slipped up for less than a minute but left behind digital fingerprints.
The Penn State University graduate charged with running a $1.2 billion illegal online drug market called “Silk Road” successfully hid the enterprise for 2 1⁄2 years on a government-created network called Tor.
Federal agents said Ulbricht, 29, of San Francisco left key evidence by accidentally using his real name on an online message board before quickly changing it seconds later to a pseudonym.
At one point, after authorities arrested a Silk Road employee taking delivery of cocaine, Ulbricht became concerned that the worker would become a government witness, court records state. He then hired an undercover FBI agent he thought was a hit man for $80,000 to have the employee tortured and murdered, the records show.
The FBI staged photographs of the worker's death and sent them to Ulbricht.
“I'm pissed I had to kill him ... but what's done is done,” he told the undercover agent later. “I just can't believe he was so stupid. ... I just wish more people had some integrity.”
Ulbricht faces a charge of murder for hire, attempted witness murder and counts of narcotics trafficking, computer hacking and money laundering. If convicted, he faces life in prison.
Despite the online anonymity, federal authorities say Ulbricht left clues that enabled them to identify him through conventional detective work.
“When we're dealing with unbreakable encryption or anonymization, then old-fashioned detective work — usable informants and undercover detectives — is going to help,” said Joseph DeMarco, a former head of the cybercrime unit at the U.S. Attorney's Office in New York City. His Park Avenue law firm, DeVore & DeMarco, specializes in Internet and privacy matters.
“There's the human aspect of it. People do talk. They do brag. They have grudges,” he said. “Even before the advent of Tor, that was the way you made cases.”
The Tribune-Review reported earlier this year in its series Cyber Rattling: The Next Threat how scientists at the U.S. Naval Research Laboratory created Tor — short for The Onion Router — to provide anonymity on the web. It allows protesters in places such as the Middle East to evade government censors and monitors, but it also means criminals can operate freely.
Websites on Tor offer all manner of illicit goods and services: drugs, counterfeit passports, hacking software and even hit men.
Silk Road connected thousands of drug dealers with more than a hundred thousand customers to sell cocaine, marijuana, heroin and other drugs, federal investigators said. The site made $80 million in commissions, with Ulbricht using the pseudonym Dread Pirate Roberts from the movie “The Princess Bride,” court records say.
The Tor network remains secure so no one can identify users, said Andrew Lewman, executive director of The Tor Project, a Massachusetts nonprofit that runs it.
“Tor users shouldn't be worried about Tor, but rather their own operational security,” Lewman said. “As is generally the situation, the human is fallible. As this takedown confirms, old-fashioned police work continues to be very effective.”
Alexander Volynkin, a researcher at CERT, a computer security research arm of Carnegie Mellon University's Software Engineering Institute, agreed.
“From the complaint it's pretty clear that they just used good old investigative techniques to get the guy,” he said. “It does not appear that Tor was compromised in any way.”
Ulbricht displayed uncommon understanding of complex ideas when he graduated from Penn State in May 2009 with a master's degree in materials science. His master's thesis was titled, “Growth of EuO Thin Films by Molecular Beam Epitaxy.”
He also showed an affinity for Ron Paul, a former Texas congressman and presidential candidate for the Libertarian and Republican parties. Ulbricht told The Daily Collegian, the Penn State student newspaper, for a story about a Paul campus visit in 2008: “There's a lot to learn from him and his message of what it means to be a U.S. citizen and what it means to be a free individual.”
Federal agents said they ended Ulbricht's freedom because he left a trail of clues that helped them. He used his real email address while researching Bitcoin electronic currency and accessed a server from an Internet cafe near his San Francisco apartment.
Ulbricht also purchased nine counterfeit identity documents with his photo and date of birth but with different names, which was found by border patrol agents during a routine inspection, leading investigators to his home.
Andrew Conte is a staff writer for Trib Total Media. He can be reached at 412-320-7835 or email@example.com. Freelancer Anna Orso contributed to this report.
Add Andrew Conte to your Google+ circles.
Show commenting policy
TribLive commenting policy
You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.
We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.
While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.
We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers.
We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.
We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.
We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.
We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.