Catching criminals in the online realm often involves the old-fashioned footwork of tracking them down in real life. But the expended shoe leather still only goes so far in cyberspace, U.S. federal prosecutors may be learning.
Before a jury in the U.S. District Court for the Southern District of New York, Justice Department prosecutors are making the case that 30 year old Texas native Ross Ulbricht is the mastermind behind the now-shuttered Silk Road online marketplace, which prosecutors estimate may have facilitated over a billion dollars in sales of illegal and unlawful goods.
The case hinges on prosecutors convincing the jury that Ulbricht is, in fact, "Dread Pirate Roberts," the handle of the otherwise anonymous person, or people, who oversaw Silk Road operations.
At the time of his arrest, Ulbricht was charged with narcotics conspiracy, engaging in a continuing criminal enterprise, conspiracy to commit computer hacking, and money laundering. Both the charges of narcotics and engaging in a criminal enterprise carry maximum penalties of lifetime imprisonment. Ulbricht has pleaded not guilty to all charges.
On Thursday, Jared DerYeghiayan, an agent with the Department of Homeland Security testified how he and fellow law enforcement agents captured Ulbricht, red-handed managing the Silk Road system. But Ulbricht's lawyer, Joshua Dratel, raised questions about how much of the work done on Silk Road could be safely be assumed was actually Ulbricht's doing.
By September 2013, DerYeghiayan and his team had been tracking Silk Road for over a year. DerYeghiayan himself was working undercover as a Silk Road administrator under the user handle "Cirrus." He was in regular contact with "Dread Pirate Roberts" on the site.
They needed to attach "Dread Pirate Roberts" with a real person in order to make a bust and shut down the site. Luckily, they had gotten a lead from an Internal Revenue Service agent that Ulbricht was the behind the "Dread Pirate Roberts" non de plume, a name taken from the book "Princess Bride."
Ulbricht was living in the Glen Park neighborhood of San Francisco then. Knowing Ulbricht sometimes left his home to work at one of the neighborhood's Internet cafes, a team of law enforcement officers waited for him to appear.
That finally happened during the afternoon of Friday October 1, when Ulbricht walked over from his house and into Bello Coffee and Tea. He immediately left the cafe -- maybe because it was crowded -- and walked to the library next door.
Unbeknownst to Ulbricht, agent DerYeghiayan was across the street, with his laptop. Once Ulbricht set up his laptop in the library, DerYeghiayan, acting as Cirrus, contacted "Dread Pirate Roberts" on secure chat software Silk Road administrators used, called Pidgin, and asked him to check out a trouble ticket on the Silk Road site. Once Ulbricht did, the cops rolled in and busted him, careful not to let him close his laptop.
DerYeghiayan had prepared well for the bust. By chatting with Ulbricht and having him log into the Silk Road administrative site, he had clearly shown that Ulbricht was acting as "Dread Pirate Roberts." The prosecution displayed for the jury screenshots of both of their chat screens side-by-side, showing they were the same conversation. And "Dread Pirate Roberts" never reappeared online once Ulbricht was jailed.
The law enforcement officers also found additional evidence back at Ulbricht's home, for which they had a warrant and searched once Ulbricht was in custody. There, they found crumpled pieces of paper in a trash can with terms such as "buyer wait," and "sales volume," which echoed the terminology "Dread Pirate Roberts" had then recently used in a discussion thread with fellow administrators, about revamping the site's customer and vendor rating system.
Through questioning of DerYeghiayan, the prosecution also made the case that Ulbricht had been "Dread Pirate Roberts" for the entirety of Silk Road, by examination of the forum messages posted by under that name, which had all been signed with the Pretty Good Privacy (PGP) encryption software.
Because the jury may not be technically inclined, DerYeghiayan explained in detail how messages that have a PGP signature can be verified as having come from the individual holding the private encryption key that signed the message. He said that forum messages from "Dread Pirate Roberts" going back to 2011 had all been signed with the same key, inferring that they had all come from the same individual.
While the Glen Park bust of Ulbricht had pretty clearly shown him to be logged on and working at that time as "Dread Pirate Roberts," further questioning from Ulbricht's attorney quickly showed the limits of how much could be concluded from the association.
One of the chief defenses Ulbricht's attorneys plan to use in this case will be to argue that while Ulbricht might have founded Silk Road, and did log on as Dread Pirate Roberts,he was not the only person using the account, and, in fact, had little to do with its sophisticated large-scale operations.
In cross-examination questioning with DerYeghiayan, Ulbricht's lawyer Joshua Dratel had pointed to where DerYeghiayan, in August 2013 internal correspondence, expressed concern that the "Dread Pirate Roberts" account might have changed hands at some point. It felt to DerYeghiayan, working undercover as Cirrus, like he was talking with a different "Dread Pirates Roberts" than he was earlier.
In fact, the entire investigative team at times felt that many of the Silk Road administrative accounts were operated by different people, and that managers of the site might have been logging in under multiple accounts, DerYeghiayan admitted under questioning. In one e-mail brought to the jury's attention by Dratel, DerYeghiayan even exclaimed in frustration in one e-mail "Who's on First?"
Dratel also potentially laid to waste any notion that one person was behind all the PGP-signed messages from "Dread Pirate Roberts." He pointed out that anyone who had a copy of the "Dread Pirate Roberts" private PGP key could have signed those messages. It would be like holding a key to a locked office cabinet, Dratel said: Anyone could gain entrance if they had a copy of the key. He also got DerYeghiayan to admit that at least some of the forum messages signed by "Dread Pirate Roberts" could not be verified through a PGP check, in effect meaning they could have been posted by anyone.
Dratel also worked to cast doubt that Silk Road was as widely trafficked as prosecutors alleged.
The site first came to DerYeghiayan's attention in October 2011 when, working as a customs inspector for international mail coming into Chicago O'Hare International Airport, he had noticed a surge of illegal ecstasy tablets being mailed in from other countries, he testified. Then, Silk Road had recently gotten a lot of press attention from the likes of Gawker and National Public Radio, and so was a natural suspect for the source of this traffic.
Dratel had pointed out, however, that the mail coming in didn't have any sort of identification that would directly tie it to Silk Road. It was entirely possible that the drugs could have arrived from other services, or perhaps they were being procured without the aid of an Internet exchange. Or the buyer and seller might have met on Silk Road, but conducted business privately.
Dratel tried to cast doubt that Ulbricht was a mastermind of sorts. Many of Silk Road's most sophisticated features, such as the "tumbler" service that obscured customer Bitcoin transactions, were implemented in 2012, he said, a time prosecutors have no direct proof that Ulbricht was involved with Silk Road. The defense has maintained from the start of the trial that Ulbricht started Silk Road, handed it off to others, and then was lured back in just prior to the bust of October 2013.
Even the crumpled up sheets of paper found at Ulbricht's home were used to contradict the prosecutor's take on events. What sort of sophisticated mastermind of billion dollar illegal online marketplace would be foolish enough to leave evidence on paper, sitting in a trash can? Dratel asked rhetorically.
U.S. District Judge Katherine Forrest of the Southern District of New York is overseeing the case.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.