Reflecting on Ross Ulbricht's arrest after being pardoned

General News
1

With Ross Ulbricht recently receiving a pardon, I think it is worth analyzing the faulty operational security (opsec) practices that led to his capture, as a valuable lesson in what not to do.

Mr Ulbricht was caught because of a stupid mistake—he posted his own email address using an account he had used to promote the Silk Road.

For some reason, he would visit public libraries when administering the Silk Road website. Despite having a laptop with full-disk encryption, law enforcement officers were able to seize it while the laptop was still turned on.

Behind Ulbricht in the library, a man and woman started a loud argument. Ulbricht turned to look at this couple having a domestic dispute in awkward proximity to him, but when he did so, the man reached over and pushed Ulbricht’s open laptop across the table. The woman grabbed it and handed it off to FBI Special Agent Thomas Kiernan, who was standing nearby.

Of course, this is just a fun mind exercise. We do not endorse any illegal activities on PG!

1 Like
2

Because he was using Tor. It’s obvious when someone is connecting to a Tor node even if you don’t know what they’re doing[1], so Ulbricht was attempting to mix in with other patrons at the library.

In fact, some public libraries pre-install Tor Browser on their computers.

Of course, they already had circumstantial evidence Ulbricht operated the site, so that didn’t help him.

IIRC, the Alpha Bay kingpin got caught and arrested at his home.

His biggest mistake was shilling for his illegal operation with his real name/email address, plus that stackoverflow post. I’d guess most wannabe kingpins would be using local LLMs instead of contacting helpful humans on StackOverflow these days.

  1. Or so I’ve heard. It’s hard to find a source for this information now. Correlation attacks are one vector but it doesn’t make sense for Ulbricht because he never surfed outside of the Tor network. I’m pretty curious myself why the advice for connecting to Tor in public spaces has been handed down all these years. Perhaps he just didn’t want his ISP (and thus the Australian government) to know he used Tor at his house. ↩︎