Silk Road founder was tracked down by a Googling tax agent

FBI forensics! DEA investigation!
Sophisticated Tor-cracking techniques squeezed (or bought?) out of Carnegie Mellon!
We’ve heard (and written) all about the whiz-bang techno-smarts that went into the dismantling of Silk Road, the biggest dark web drug market ever, and the manhunt and unmasking of its mastermind, Dread Pirate Roberts.
But the New York Times (NYT) reports that identifying the Dread Pirate, now better-known by his real name, Ross Ulbricht, was more a triumph of investigative skills than a display of techno-smarts.
Indeed, the investigatory work had far more to do with the long, deep data trails we leave behind in our online travels than it does with piercing the anonymizing layers of Tor.
Finding Ulbricht really boiled down to this: a bunch of Google searches done by an investigator for the Internal Revenue Service (IRS).
Yep, it was a tax wonk who nabbed him.
That man’s name is Gary L. Alford, and he’s a special agent for the IRS.
Based in the Chelsea neighborhood of Manhattan, Alford was assigned to work with the Drug Enforcement Agency (DEA) as they struggled, unsuccessfully, to figure out the most basic element of their investigation: just who, exactly, was running Silk Road.
By mid-2013, the market had burgeoned into a massive enterprise, selling some $300,000 in drugs and other contraband every day, according to the NYT.
Alford was young, energetic, and dogged as hell: all characteristics that his superiors hoped would help to jumpstart an investigation that was stuck in the mud.
His preferred tool: Google. Particularly the advanced search option that lets you focus in on a date range.
After all, one of the few things investigators had to go on was Silk Road’s inception date.
The NYT quotes Alford, who describes what he recalls thinking to himself at the time:

I’m not high-tech, but I’m like, ‘This isn’t that complicated. This is just some guy behind a computer.’
In these technical investigations, people think they are too good to do the stupid old-school stuff. But I’m like, ‘Well, that stuff still works.’

Using the advanced search option to look for material posted within specific date ranges in May 2013 led Alford to a chat room posting made just before Silk Road had gone online, in early 2011, by someone with the screen name altoid.
The posting from altoid asked:

Has anyone seen Silk Road yet? It’s kind of like an anonymous Amazon.com.

Sounds a bit like an advertisement, doesn’t it? Given the posting’s early date, Alford suspected that altoid might have inside knowledge about Silk Road.
So Alford directed his searching at altoid, looking for everything he’d ever written: what the NYT compares to sifting through trash cans near the scene of a crime.
What he found was a message that altoid had apparently deleted but which had lingered in another user’s response.
In that conversation, altoid had asked for programming help.
He also gave his email: rossulbricht@gmail.com.
And who, Alford asked of the Internet, was this Ross Ulbricht?
A Google search for the name turned up a young man from Texas who, just like Dread Pirate Roberts, admired the free-market economist Ludwig von Mises and the libertarian politician Ron Paul.
He found other parallels as well.
Eventually, after asking a colleague to run a search on Ulbricht, the investigation struck gold.
Homeland Security agents had seized a suspicious package containing fake IDs at the Canadian border, addressed to Ulbricht’s apartment in San Francisco.
The agents visited the apartment, coming face-to-face with Ulbricht, who answered the door.
His face matched that on the bogus IDs, but the agents had no inkling that Ulbricht had anything to do with Silk Road.
But Ulbricht apparently couldn’t stop subtly advertising Silk Road: he mentioned to the agents that “hypothetically” anyone could go on a site called Silk Road and buy fake identification.
Armed with this fresh evidence to link Ulbricht to Silk Road, Alford called the prosecutor.
That’s when Ulbricht’s fate was sealed: it turned out that his address was a brief walk from a cafe from which the FBI knew that Dread Pirate Roberts had signed in to Silk Road.
Over the coming weeks and months, Ulbricht was put under full surveillance, and ultimately arrested at a public library on 2 October 2013.
So, as 2016 approaches, let’s all pause to consider the story of Ross Ulbricht, undone by words expressed long ago.
He thought he’d deleted those messages, but, even with the “right to be forgotten” (or, at least, the right in some parts of the world to get Google to hide search results about us), they lived on for Alford to find.
Alford couldn’t be at Ulbricht’s arrest, but he did receive a plaque.
The NYT reports that Alford’s superiors had it inscribed with this quote from Sherlock Holmes:

The world is full of obvious things which nobody by chance ever observes.

Well, it turns out that Gary Alford is one of those people who do observe. He’s a tax detective, and his magnifying glass was Google.
Readers, what data trail did you leave in 2015?
We should all bear in mind, as we get ready for a new year, that the words we leave behind in dusty chatrooms, in Facebook throw-aways or in Twitter snippets well might reappear to haunt us.
Whether it’s a future criminal investigation, a personalised marketing campaign, a targeted attack by cybercriminals, or any other sort of surveillance…
…the internet never really forgets.
Follow @NakedSecurity
Follow @LisaVaas
Sherlock Holmes image courtesy of Shutterstock.
View the original article here

The weird and wacky of 2015: strange security and privacy stories

This year was a big one for news about threats to our cybersecurity and online privacy.
Some of the major stories included big data breaches – such as Ashley Madison, TalkTalk and VTech, plus many more in between – while the political debate over encryption backdoors reached new levels of intensity after the terrorist attacks in Paris.
Serious security vulnerabilities in commercial products, like the Stagefright and OCtoRuTA bugs in Android, and the FREAK and LOGJAM problems in TLS/SSL, also raised widespread concerns.
Ransomware, the punch-in-the-face malware that scrambles your files and then demands money to buy the decryption key back from the crooks, was in the news all year long – more and more victims, caught without backup, ended up with little choice but to pay the ransom.
And, unsurprisingly, worries about ever-encroaching surveillance grabbed headlines throughout 2015.
But as we look back at the year gone by, we thought we’d highlight some of the oddball stories that may have slipped through the cracks.
Despite their quirkiness, these stories remind us how important cybersecurity and online privacy have become in all areas of our lives.
Here are some of the weirder stories we’ve covered this year.
Man seeking hacker for hire on Craigslist gets busted when cop answers his ad.
A Pennsylvania man attempted to use Craigslist to hire a hacker to wipe out his court records and $16,000 in fines he owed. Now Zachary J. Landis, 27, is facing up to four years in jail after an undercover cop answered the posting and Landis requested proof the “hacker” could do the job by wiping out some of his fines.
Maybe Landis would have been better off using an anonymous hacker-for-hire service.
Earlier this year, we noted the emergence of a hacker-for-hire site called Hackers List that acts as a job board for possibly illegal activity. Hackers List’s founder, a US Army veteran and cybersecurity “consultant” named Charles Tendell, claims his service doesn’t permit illegal activity.
It’s hard to imagine people using the site for legitimate purposes, but anyone who does go in search of hacking services should beware that hiring a hacker to do something illegal is at least as bad in the eyes of the law as doing the hacking yourself.
UK police were worried about apocalyptic Star Trek and X-Files fans.
Investigative journalist Dr. David Clarke published a book earlier this year about UFOs revealing that the UK’s Metropolitan Police were worried about violent, apocalyptic science fiction fans.
Clarke uncovered a memo written by the Metropolitan Police in the 1990s warning that fans of the X-Files, Star Trek and other sci-fi shows might commit acts of violence in the run-up to the new millennium.
There’s no evidence that the Metropolitan Police acted on the scaremongering memo, but it looks even sillier now, with the enormous popularity of the new Star Wars flick showing that millions upon millions of people love science fiction without posing any threat to society.
Given how much power law enforcement and governments have today to keep track of our activities – including our comings and goings in the real world, and online – we might want to ask: what other kinds of innocuous behavior will authorities start fretting about next?
Criminals still don’t understand how social media works.
We saw a lot of stories this year about crooks incriminating themselves with social media posts confessing their illegal activities, and fugitives giving away their location with geolocation on their devices, selfies and social posts.
Even self-described “hackers” can over-estimate their own cleverness while under-estimating law enforcement, such as the serial SWATter who said hackers can’t be caught in taunting voicemail messages, but was arrested a few weeks later.
There’s also the wacky story about a woman who fled the scene of an accident only to have her own car report her to the cops.
And there’s the case of Ross Ulbricht, a.k.a. Dread Pirate Roberts, sentenced to life in prison for running the underground website Silk Road, who was busted at least in part because of information left behind in a reply to an online post that he thought he’d deleted.
There’s an important lesson here for law-abiding citizens too – be very cautious about what you share on social media and elsewhere, such as location data. You never know how it could be used against you.
The rise of robots is scary to people, who sometimes react violently.
Robots, and artificial intelligence (AI) more broadly, are becoming more useful in many areas of our lives – and also more threatening.
As robots learn how to carry on discombobulated conversations and to write articles nearly as well as humans can, a number of leading tech gurus and scientists have begun warning that our very existence could one day be threatened by the rise of AI.
In this context, we saw several weird stories this year about people allegedly committing violence against robots, such as the “murder” of a hitchhiking robot, and a drunken attack on a joke-telling, rapping robot named Pepper.
Similarly, there was the story of a Colorado man who was arrested for popping caps into his computer for freaking him out with Blue Screens of Death. (You’ve never done such a thing. But you’ve wanted to!)
And after police in Switzerland seized a robot for buying drugs on the Dark Web, it’s starting to look like our public policies and legal systems are not quite ready to handle the rise of AI.
Although robots have enormous potential to help humans, we’re also increasingly worried about drones and talking dolls invading our privacy and harming our way of life.
Now it’s your turn.
Those are some of the stories that caught our attention this year.
What are you seeing out there? What are your thoughts on the weirdly worrisome security stories of 2015?
Let us know in the comments below.
Follow @NakedSecurity
Follow @JohnZorabedian
Image of girl in 2015 glasses taking selfie courtesy of Shutterstock.com.
View the original article here