It was a simple Web search that led to the arrest of Ross Ulbricht, accused mastermind of the Silk Road underground online marketplace, a U.S. Internal Revenue Service special agent testified Monday in a Manhattan federal courtroom
As the first step in investigating Silk Road, IRS agent Gary Alford, who was part of an agency task force investigating organized crime, simply entered "Silk Road" into Google and looked for the oldest mention on the site.
The details he found would ultimately lead to the arrest of Ulbricht in October 2013, as well as to the forfeiture of all the assets of Silk Road itself.
According to prosecutors, Silk Road facilitated the exchange of $1.2 billion in illegal goods, mostly drugs, and generated $80 million in commissions for the operators. Like an eBay for unlawful goods, Silk Road matched sellers with buyers, who used bitcoins to pay for goods that would be delivered through the mail.
The earliest mentions of Silk Road dated back to January 2011, shortly after the site had started operating, Alford said. In two online forums, Bitcointalk.org and Shroomery.org, a user going by the name of Altoid had posted questions asking about Silk Road, the agent testified before a jury.
With further searching, Alford found an email address associated with the Altoid user name -- email@example.com. With a search warrant, the IRS then obtained all the email under this account name from Google.
The IRS investigation began in March 2013, and by September of that year, the agency had given Ulbricht's name to another Silk Road investigation, this one undertaken by the Department of Homeland Security.
DHS agents subsequently coordinated Ulbricht's arrest in October 2013, at a library in San Francisco, where he was performing administrative work on the Silk Road website using his own laptop.
Ulbricht's defense lawyer, Joshua Dratel, argues that Ulbricht handed off the site to other operators shortly after he started it. He rejoined immediately prior to his arrest, lured back in by the new operators to serve as a fall guy, according to Dratel. As a result, prosecutors need to convince the jury that Ulbricht managed Silk Road for most of the site's existence -- quite a challenge given that much of the site's maintenance was conducted through anonymous accounts.
Alford's investigation helped federal prosecutors further tie Ulbricht to Silk Road, which could weaken Ulbricht's contention that he was not involved with the site during its heyday. Much of the prosecution's testimony Monday sought to connect the emails from Ulbricht's Gmail account with the content on the laptop he was using when he was arrested.
To cement proof that Ulbricht was the holder of the Gmail account, prosecution showed a picture he took of himself that Ulbricht then emailed as an attachment to a friend, soliciting feedback about his new haircut.
A spreadsheet of Silk Road expenses and a journal, both found on the laptop, also more firmly connected Ulbricht to Silk Road, according to prosecutors.
In a journal, the user wrote about renting a cabin near Bastrop Texas in 2010 to grow hallucinogenic mushrooms. A set of emails in Ulbricht's account details an exchange in 2010 about renting a property in Bastrop that was advertised on the Craigslist classifieds website.
Other emails show receipts from Amazon for purchasing equipment that could be used for growing mushrooms, such as a humidifier and a filter. The cost of these items closely match the costs, and times purchased, recorded in the Silk Road spreadsheet found on the laptop.
The email account even has a receipt documenting the purchase of a new laptop from Amazon in May 2012. The purchased computer was the same model--Samsung 700Z--that Ulbricht had at the time of his arrest.
Alford found additional damning evidence by comparing the contents of the laptop with Ulbricht's Facebook account. On the social networking site, Ulbricht posted photos from a January 2012 vacation trip to Thailand. In chat logs found on the machine, the user also boasted of visiting Thailand in that time period.
Email appeared to solve another mystery. When Ulbricht was caught, he was logged into his laptop with the user name of Frosty, a user name not found on Silk Road. Alford showed an email from an old friend of Ulbricht's which started with the greeting "Rossy Frosty."
Alford's testimony will continue on Wednesday, when he is expected to present additional details that tie Ulbricht to Silk Road.
Alford will also be cross examined by Ulbricht's defense attorney, Joshua Dratel.
To date, Dratel has been aggressively working to convince the jury that just because Ulbricht used the computer on which all of these documents and files were found, that doesn't mean he necessarily created them. The correlation with the material on the Gmail account will make his task more difficult.
Ulbricht was charged with narcotics conspiracy, engaging in a continuing criminal enterprise, conspiracy to commit computer hacking and money laundering. The narcotics and criminal enterprise charges carry maximum penalties of life in prison. Ulbricht has pled not guilty to all charges.
The case is being overseen by District Judge Katherine Forrest of the Southern District of New York.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.