It’s been known for quite some time that the feds were desperately trying to hunt down the folks behind Silk Road, the somewhat infamous “dark web” e-commerce site, accessible only via Tor, which was famous mainly for selling drugs in a slightly anonymous fashion. Of course, when the news came out recently that the FBI had used malware to reveal Tor Browser users, many believed that this was part of an attempt to track down Silk Road, and that seems increasingly likely after the FBI announced this morning that it has arrested Silk Road’s owner, Ross William Ulbricht, who went by the moniker “Dread Pirate Roberts” online. Turns out that Ulbricht was based in San Francisco and was arrested at the public library, of all places….

The case against him (pdf) is interesting, because beyond just going after him for helping to distribute illegal drugs, they claim that he solicited a Silk Road user in a murder-for-hire request (though he’s not charged with that), to potentially go after a different Silk Road user who was threatening to reveal the identities of people on the site (the user claimed to have hacked a large vendor’s account, and demanded $500,000 to not reveal names). They also go after him (of course) with a CFAA violation claim and a money laundering claim. Of course, we’ve seen the DOJ inflate and pile on charges against people in the past, so it will be worth watching to see what details come out of this — but soliciting a murder, if true, seems like a fairly big deal.

In addition, the complaint against him claims that Silk Road generated 9.5 million Bitcoins in revenue, leading to 600,000 Bitcoins in commissions (or roughly $1.2 billion in sales and $79.8 million in commissions). Of course, that seems noticeably higher than previous research had suggested. It also notes that the FBI itself made over 100 purchases on Silk Road — including ecstasy, cocaine, heroin, LSD and others. Apparently, they wanted a lot of evidence. And, in case you were wondering, the FBI informs us that their orders “have typically shown high purity levels of the drug the item was advertised to be on Silk Road.”

While the details in the complaint seem pretty thorough, there are some tidbits that stand out as questionable. The complaint clearly states that Bitcoin and Tor are both legal and have legitimate purposes, but it also says that Silk Road’s use of proxies to “hide the identities of those that run Silk Road… reflect his awareness of the illegal nature of the Silk Road enterprise.” I don’t quite see how wanting to be anonymous automatically suggests that you’re engaged in illegal behavior. Later in the complaint, the FBI agent spends an awful lot of time talking about how Ulbricht was interested in the Mises Institute, the well-known libertarian think tank. I’m not sure what that has to do with anything. The FBI notes that Dread Pirate Roberts’ defense of Silk Road included quoting Ludwig von Mises and Murray Rothbard (two economists closely associated with the Mises Institute), but lots of people follow the Mises Institute, so that seems like a stretch.

Another questionable tidbit: the FBI notes that Ulbricht posted a question to Stack Overflow using his real name, but “less than one minute later, Ulbricht changed his username at Stack Overflow from ‘Ross Ulbricht’ to ‘frosty.'” and then the FBI agent noted “I know that criminals seeking to hide their identity online will often use pseudononymous usernames to conceal their identity.” Later, after Ulbricht changes the email on the account to frosty@frosty.com — an invalid email address — the FBI agent similarly notes that “criminals seeking to hide their identity online will often use fictitious e-mail addresses.” Well, yes, but the same is true of people with perfectly legitimate reasons to be anonymous, or those who don’t want spam. While there does appear to be plenty of actual evidence, the use of these tidbits seems highly questionable.

The whole extortion/murder for hire story is a bit crazy. As noted above, one user contacted Dread Pirate Roberts, claiming to have hacked another vendor and obtained the details of users, which he’d release if not given $500,000 to pay off another drug supplier. Ulbricht asked the guy who was threatening him, a user who went by the name FriendlyChemist, to put him in touch with that supplier. After FriendlyChemist did so, Ulbricht used the opportunity to try to get that supplier to sell drugs via Silk Road. There was a further discussion, and when FriendlyChemist started getting anxious, the complaint says Ulbricht asked FriendlyChemist’s supplier how much “would be an adequate amount” in order to “put a bounty on his head.” After being quoted a price of $150,000 to $300,000 (rate dependent on “clean” or “not clean”) Ulbricht allegedly complained that the price was high, and noted that he’d previously hired someone to kill someone for $80,000. They eventually agreed to a price of $150,000 (16710 Bitcoins), and Ulbricht was told that the job was done: “Your problem has been taken care of. . . . Rest easy though, because he won’t be blackmailing anyone again. Ever.” Apparently a photo was supplied. The FBI notes that while this supposedly happened in Canada, Canadian law enforcement says that it didn’t happen.

The complaint also notes that Ulbricht has a LinkedIn page which includes a bit of a rant about “using economic theory as a means to abolish the use of coercion and aggression amongst mankind.” It also notes “I am creating an economic simulation to give people a first-hand experience of what it would be like to live in a world without the systemic use of force.” Not sure how one squares that with trying to hire someone to commit murder, but we’ll let others debate that.

It appears that while Ulbricht was mostly careful to cover his tracks, he wasn’t always that careful. The complaint notes that Silk Road was first advertised on different forums by a user named “altoid,” in a manner that indicated altoid was connected with the site. Months later, altoid also posted elsewhere that he was looking to hire an “IT pro in the Bitcoin community” for “a venture backed Bitcoin startup company” — but then told interested people to contact him at his actual gmail address: rossulbricht@gmail.com. And, voila, the FBI had a name. Also, later, when Homeland Security officials intercepted a package that contained a bunch of fake IDs for Ulbricht, they showed up at his home in July. While he generally refused to answer questions, he did tell them that “‘hypothetically’ anyone could go onto a website named ‘Silk Road’ on ‘Tor’ and purchase any drugs or fake identity documents….” There was also the above mentioned Stack Overflow account, which (briefly) used his real name and email address, which indicated that he was working on a Tor hidden service, and posted some code that (in a modified form) was also found on Silk Road.

All in all, there does seem to be a fairly compelling case built against Ulbricht based on this (though, again, we’ve seen in previous DOJ cases where things aren’t always as they seem). At a first glance, they have a lot of evidence on him. However, some questions do remain. At the beginning of the post, we mentioned the whole thing where the FBI was using malware to identify Tor users… but, of course, that doesn’t show up anywhere in the complaint. Instead, the big “breakthrough” was when a “random border search” by DHS turned up those fake identities intended for Ulbricht. However, as Parker Higgins notes, it seems like this could be a case of “parallel construction” whereby the hacking revealed those details, and DHS was then tipped off to check packages sent to Ulbricht, seeking to create “parallel construction” of evidence, in order to launder the fact that the FBI had hacked its way into identifying Tor users. After all, we’d just reported on how the FBI was actively trying to avoid revealing its hacking/malware powers to technologically sophisticated individuals.

Either way, we’re sure that there will be plenty more news on this case.

The whole sealed complaint is available on the next page…