If you are going to create an anonymous site to sell anything, including drugs, do not use gmail


spam gmail

The incredibly simple story of how the gov’t Googled Ross Ulbricht
[Via Ars Technica]

NEW YORK—Prosecutors in the Silk Road drug-trafficking trial have shown heaps of evidence from the laptop they seized from Ross Ulbricht, the man they say was the kingpin behind the world’s biggest drug-trafficking website.

What hasn’t been known, until this morning, is what exactly led them to Ulbricht. A Homeland Security agent who testified last week had been investigating the site since it became famous in mid-2011, but it wasn’t until September 2013 that he heard the name “Ross Ulbricht.” Days later, Ulbricht had been arrested.

Today, IRS Special Agent Gary Alford took the stand and explained how he got onto Ulbricht’s trail using one of the most basic tools on the Internet: a simple Google search.


Yep, the guy on trial was discovered using Google searches anyone could have done. And, seeing he had a gmail account, they got a warrant from Google to give them access to the account.

Where he conveniently had all the receipts for all the stuff he had bought, along with itineraries of his travels. There was a spreadsheet for the expense for Silk Road.

From there , it was a short trip to a warrant to search his house and the man apparently behind the anonymous market was no longer anonymous.

Operational security is not easy at all in today’s world. But you think someone setting up a secure, anonymous site in the dark web would have been a little more careful.

Unless he is really a fall guy for the real genius. That’s how the movie would go.

(As an aside, saw Imitation Game yesterday. Great movie if a little too hagiographic with respect to Turing and Enigma. But a key element they showed was that the unbreakable code could be broken because humans do stupid things. All it takes is one guy to do the easy thing and there goes the security.

I read up about the whole crew working on breaking various Enigma codes. One important thing about the Enigma machine – a letter could never retuen itself when being encrypted. That is, if the operator punched “A” the encoded letter would be any other letter but “A.”

One day, the British decoder saw that in a long document, the letter “L” never showed up. The only way that could happen is if the letter “L” was punched continually. Sure enough, it turned out that the German operator was told to send out a dummy message. Instead of typing up something random and encoding it, which would have been a little laborious, he simply typed the same letter over, again and again. 

The Enigma machine gave out a different letter every time and he thought he had an encrypted message. But what he actually did was give away all the information needed to back calculate that day’s settings on the machines. Sometimes the stupidity of human operators outweighed the brains of the decoders.)