Given the huge number of illegal transactions taking place on Silk Road, it still took authorities quite a bit of time and effort to track down the man behind the site. The key piece of investigative work that led to his identity being uncovered surprised me.
I found this to be very clever thinking on the part of the police –
Some months earlier, Alford had figured that whoever had started Silk Road had tried to drum up interest on regular websites with like-minded audiences. He searched for Tor URLs around the time of the site’s first appearance and found a mention in a Shroomery.org forum on January 27, 2011, days after the Silk Road launch. A user named Altoid talked up this exciting new “service that claims to allow you to buy and sell anything online anonymously.”
Googling elsewhere for the username Altoid revealed a question about database programming posted on Stack Overflow, dated March 16, 2013, asking, “How do I connect to a Tor hidden service using curl in php?” The email listed was firstname.lastname@example.org. A minute later, that user changed the alias to Frosty.
The IRS didn’t know what any of this meant, so that’s where it ended. The info sat in a case file until dumb luck put Alford in Tarbell’s lab, whose wall was a map where all roads led to Frosty. Der-Yeghiayan ran the name Ross Ulbricht through the federal database and found the Homeland Security report on Ross’ fake IDs. A quick search for his last known address showed that he had lived half a block away from Café Luna, the San Francisco node on his chart (the site where an administrator had logged in to the Silk Road VPN).
Tarbell was ecstatic. Finally, here was the missing piece, the end of the digital trail. Tarbell thought it was funny that these clues were sitting out in the open. In the end, one of the best law enforcement tools was Google. It seemed clear that Ross had no idea Silk Road would become such a success and was careless early on. And in the era of informational perpetuity, you only have to be careless once.