Some interesting titbits to come out of the latest Silk Road “rogue agent” allegations

Posted: April 23, 2017 in Dark Web, Silk Road
Tags: , , , , , , , ,

I was digging through my Silk Road archives when researching parts of my new book, and came up with a couple of little nuggets surrounding the latest “rogue agent” allegations that I don’t think have been reported yet.

Yuhendri Fajri via flickr.com, poorly adulterated

TL;DR:

  • What we assumed to be a simple Silk Road scam in early 2013 may have been law enforcement intelligence gathering + another Force/Bridges theft
  • There may be an explanation why Ross Ulbricht didn’t move to Belize after the controlled delivery of fake IDs to him in July 2013
  • If you’ve ever spoken to me, chances are the three-letter-agencies know about it

Background

Last November Ross Ulbricht’s defence team alleged yet another rogue law enforcement/government officer had been swapping intel for bitcoin whilst Silk Road was running. That person methodically removed all traces of their interactions with Dread Pirate Roberts from the evidence, other than from a stray backup in a nondescript file and copies of correspondence kept in a file on Ulbricht’s computer called le_counter_intel.txt.

The defence is adamant that this agent, who used the aliases “albertpacino” / “alpacino” and “notwonderful” is not either Carl Force or Shaun Bridges, both of whom are serving time for corruption and theft in respect of their roles in the Silk Road case.

“notwonderful” is a reference to the first major piece of intel the agent provided DPR – i.e. that someone calling themselves “Mr Wonderful” was contacting Silk Road staff trying to get them to turn on DPR and Silk Road in return for cash. Mr Wonderful was another HSI agent according to testimony by undercover HSI agent Der-Yeghiayan (who posed as moderator Cirrus on Silk Road for some time).

According to Motherboard, DPR and notwonderful/alpacino exchanged roughly 30 pages worth of messages between July 22 and August 15, 2013.

Here’s what I came up with when looking at things happening on Silk Road at the time.

1. Is it possible that what we thought was a scammer phishing for Bitcoin was actually LE phising for login credentials?

From Ulbricht’s computer file:

Alpacino: Now, there have and continue to be attempts to compromise staff accounts (on the forum and main side) by the normal methods of password guessing, but AFAIK none have been successful. There have been successful instances of cloning lookalike accounts which have all been shut down on your side.

This was interesting, because a few months earlier, March 2013, messages went out to major vendors from users calling themselves SRAdmin, SR Staff and SR Vendor Support offering the opportunity to take part in an invite-only Silk Road 2.0:

Greetings,

Silk Road has decided to move on with a new venture, a new Silk Road. We have listened to sellers feedback from here and the forums and with the amount of buyer scams on the rise we have decided to act. On the 1st of April we will be launching Silk Road 2.0 as a separate site to the main site. This site will be invite only and work on a web of trust method.

As one of our high ranking, trusted sellers we are inviting you to participate and be amongst the few to join. Sellers will be recruited from the main site when we feel they have gained our trust that they are reputable sellers. Buyers will in the first instance be recruited on their seller stats

The Site is due to go live on the 31st of March 2013 with an announcement on the forum at the same time, the reason we have kept it quiet so far is that we expect a lot of debate about the site on the forum as until sellers begin to invite their customers the people allowed to join will be limited. We ask that you do not mention it to your customers until this time.

As a trusted vendor the fee for joining with this invite is 2btc (~$100) after the 1st of April the fee will be the same as the main site. Your unique btc address to send the payment to is 17UcDKHtusuSijELtFxqpw2p8dYFvQARuU

Once the payment has been matched and confirmed you will receive the address of the new page with a link to register and build your store. please do not release the address until after 31st March.

Silk Road Admin

The blockchain shows around 35 transactions for 2BTC on 20 March (though I’m confused by the Satoshi Dice transactions afterwards – would LE obfuscate this way?). In the grand scale of Bitcoin scams, $3500 is negligible. Those login credentials, however, could have been a goldmine from any vendors with sloppy OPSEC.

Another rogue LE theft?

A couple of days later a similar scam netted a whopping 800 BTC, when members received a message that looked like it came from “Inigo” (DPR’s first lieutenant) offering an opportunity to “invest” in Silk Road:

SR Staff –

Good morning Silk Road vendors and buyers, my name is Inigo. As some of you will already know I offer customer support here on Silk Road.

We are now also ready to offer a very unique opportunity to a lucky few. The chance to invest in the site. I must be very clear and say that this is investment only, you will not own or have a say in any part of the running or management of the site. This can all be verified with DPR’s forum post here http://dkn255hz262ypmii.onion/index.php?topic=138016.0 Or message him here http://silkroadvb5piz3r.onion/messages/send_message/b1e30b5819 Please do not speak about this on the forums yet as we are anticipating a lot of media attention over this and would like to minimize the impact if possible.

We are offering 250 investment shares of 0.1 percent of the income of the site (income excluding running costs & Dread Pirate Roberts share, staff etc.) which currently stands at ~$200’000 per month or $2’400’000 annually Shares will be priced at $500 for a 0.1% share, paid in btc (see below) at Mt. Gox’s weighted average at that time. There is no limit on the amount of shares you can buy, and the amount we will be paying out equates to 25% of the sites income.

Payment for your shares need to be paid to the address specified below, these are then tracked internally and after payment for 250 investments has been received the payment address will no longer be valid and payments will not be able to made into it.

Payment address – 1F48CymZsof76oZob8UiCAaz7P4yUdnz7M

If you receive an invalid wallet address error, you are too late.

This is strictly first come, first served. As, said before there is no limit on how many one person can buy. Again, this is the chance to be a part of the site and a part of history.

Thank you and good luck

Inigo

SR Staff

Knowing what we know now, it is possible that the first was a genuine LE attempt at taking control of vendor accounts, and the second was a theft by Messrs Force or Bridges.

It’s worth noting at the time that these incidents were covered up by Silk Road administration, with the stolen amounts quietly repaid. I found out about it thanks to a privnote message sent to me from “Whisteblower”:

Eily,

Hope your trip was well. Long time. There’s been a lot of stuff going on in these parts. I’m sure you heard about the investment scammer making nearly 150,000 USD in the last few days by using names such as “SR STAFF” “VENDOR SUPPORT” “SR ADMIN” etc. And the mods have been tight lipped on how that was possible. Even DPR remained hush. Then widhtrawls got delayed yesterday. And today, we have some poor guy saying how he got a cryptic message from the “ADMIN” account.

Scout made some vague BS answer about how he handled it (he has no idea how the person did it either).

What if I were to say my birdies were reporting some very, very serious stuff to me? Stuff that could send this place in a tailspin. And they have proof that they could clone/compromise ANYONE’s account. (They haven’t used it for any bad purposes). And when I say anyone, I mean *anyone*. Human, Admin, or Pirate *cough cough*. And lets say I asked them to prove it, and right infront of my disbelieving eyes, logged into an Admin account and DPR’s account and sent me a message. And they’d be willing to prove that they could do it again. Regards..

If nothing else, it is an interesting little bit of Silk Road history.

2. Was Ulbricht lulled into a false sense of security by alpacino/notwonderful after the CD of his fake IDs?

Because DPR did not keep a record of his side of the correspondence with alpacino, sometimes we have to guess what alpacino is responding to. So some guesswork was required when ascertaining what DPR had said to make alpacino respond like this:

Alpacino: I’m sorry if I said anything that makes you unhappy.. I would not lie to you about anything, I would not gain anything from withholding, rather you’d lose your utility for me and obviously that’s counter to me even reaching out.

Please understand that it’s obviously possible that I’m not privy to EVERYTHING that goes on. I work in a 9-5 environment and I’m nowhere near the field (and I’d never be). If there’s something that you’re 99.9% sure of is in DPR’s profile then you’d know better. If I don’t know about it or have not heard/seen it, then that’s a limitation of what I’m privy too. And I apologize for that sincerely, but I have no control over that.

Earlier in the conversations, alpacino/notwonderful outlined what was in the profile law enforcement had created of DPR (most of which turned out to be wrong). From the response above, it appears DPR must have responded that he was sceptical of the information because there was something he was 99.9% sure would be in the profile.

On July 26 2013, US Homeland Security knocked on the door of an address on 15th Street in San Francisco, California. Earlier that month they had intercepted a package of false identification documents for the US, Australia, Canada, and the United Kingdom – nine different names but all with a photograph that matched the man who answered the door, who identified himself as Ross Ulbricht. It was billed as a “routine inspection” of inbound mail from Canada at the US-Canada border.

This would have taken place right in the middle of the correspondence with alpacino. DPR would have expected that information to be added to the FBI’s profile of him. Was he comforted by the fact alpacino/notwonderful didn’t seem to be aware of the controlled delivery?

3. I feel like I’m being watched

“I know that Eileen has a publishing deal and is writing a book around SR, and has had extensive dialogue with everyone from buyers to new vendors to old hats. She claims that she has your blessing and at some point will be (or has) interviewing you of sorts,” alpacino/notwonderful wrote to DPR. “Do not put it past them to wiretap journos. If you (for example), interact with people like Chen or Ornsby [sic], assume they can see it. Assume journalists are compromised/breached”.

This could be pure speculation on alpacino’s part, but I’ve always wondered what happened on in January 2015, when all emails between me and two former Silk Road staffers – Scout/Cirrus and Nomad Bloodbath – inexplicably disappeared from my Gmail account.

Scout and Nomad Bloodbath had both been compromised, their accounts taken over by LE, in 2013.

TINFOIL HAT LEVEL: EXPERT

n.b. When “alpacino” made his first appearance at the trial of Ross Ulbricht, he was assumed to be Special Agent Force and his appearance validated an anonymous tip I’d dismissed as a crackpot about rogue LE feeding intel to DPR.

 

Don’t forget, it’s always smart to hide your IP from prying eyes. I use IPVanish

Comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s