OP 15 December, 2020 - 05:16 PM
Hi members
Iam SlodderrVos
Its Story Time
Ross William Ulbricht [aka. Dread Pirate Roberts](Founder of Silk Road)
Ross Ulbricht is a story that I am sure everyone is familiar with, I'd hope to think at least 90% of the people on the dark web know who he is. For those who don't know, he ran the fist dark web drug market place (Silk Road) and set the standards for copycats and wannabes.
Silk Road saw a massive $1.2 billion in exchanges and was a total monopoly, no other market stood a chance.
Law enforcement initially passed off investigators who were looking for the earliest references of the Silk Road. Investigations were made easier as Ross commonly reused usernames and had bad OPSEC
One investigator was actually ignored and had actually found Ross Ulbrichts email, his findings were found to be more useful further down the line.
The earliest reference found was found on a website called the Shroomery (forum for mushroom based phycodelics) in January 2011 in a post by a user named 'Altoid'. That username was also on a website called BitcoinTalk where he talked about Silk Road and also asked for IT advice. In one post asking for IT advice Altoid asked "interested parties to contact rossulbricht at FUCKING gmail dot com". Dumb in hindsight, right?
He also asked a question on stack overflow asking "how can I connect to a Tor hidden service using curl in php". He asked this question under the username 'Ross Ulbricht' but quickly changed it to 'Frosty'.
He also talked too much on Silk Road. He kepted talking about his philosophy and economic ideas. Which made it easier for law enforcement to ensure it was him with the use of 'guess who' forensics where you can cut down a suspect pool by the more things you know.
With time corrolation they could figure out that Ross's replies on Silk Road will probably put him within the Pacific time zone.
The FBI actually got inside of the Silk Road servers ( potentially Silk Road staff turn informant ) and saw someone was connecting to Silk Road from a internet Cafe. FBI found SSH keys which ended with "frosty@frosty".
FBI started to track Ulbrich and setup a sting operation in a library. Two undercover officers pretended to have a argument, and while Ross entered his password into his computer the police pounced on him. Leaving him logged in and his computer unencrypted.
There are way more places whe
re he went wrong. Like ordering multiple fake IDs at the same time getting caught and telling the police "anyone could have gone on silk road and ordered that", or saying to room mates his name is Josh. There were so many slip ups, but I'd waste time talking about all of them.
What can we learn.
Don't reuse usernames. And be careful when marketing a hidden service. Keep the real life accounts totally seperate. Don't talk to much about beliefs. Don't order multiple fake ID's at the same time. And there are probably a couple more.
Ross Ulbricht was the first of many, and it was unlucky he had so many trip ups. But from when he was around there was not as many case studies of OPSEC trip ups.
I will keep posting real stories, in hope that anyone who's dealing with Dark Business be more aware of the OPSEC measures!
DONT message me anymore on ICQ! Message me now on TELEGRAM!
Have a nice day!![[Image: tea.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia.nulled.to%2Fpublic%2Fstyle_emoticons%2Fdefault%2Ftea.png)
[/b]
Iam SlodderrVos
Its Story Time
Ross William Ulbricht [aka. Dread Pirate Roberts](Founder of Silk Road)
Ross Ulbricht is a story that I am sure everyone is familiar with, I'd hope to think at least 90% of the people on the dark web know who he is. For those who don't know, he ran the fist dark web drug market place (Silk Road) and set the standards for copycats and wannabes.
Silk Road saw a massive $1.2 billion in exchanges and was a total monopoly, no other market stood a chance.
Law enforcement initially passed off investigators who were looking for the earliest references of the Silk Road. Investigations were made easier as Ross commonly reused usernames and had bad OPSEC
One investigator was actually ignored and had actually found Ross Ulbrichts email, his findings were found to be more useful further down the line.
The earliest reference found was found on a website called the Shroomery (forum for mushroom based phycodelics) in January 2011 in a post by a user named 'Altoid'. That username was also on a website called BitcoinTalk where he talked about Silk Road and also asked for IT advice. In one post asking for IT advice Altoid asked "interested parties to contact rossulbricht at FUCKING gmail dot com". Dumb in hindsight, right?
He also asked a question on stack overflow asking "how can I connect to a Tor hidden service using curl in php". He asked this question under the username 'Ross Ulbricht' but quickly changed it to 'Frosty'.
He also talked too much on Silk Road. He kepted talking about his philosophy and economic ideas. Which made it easier for law enforcement to ensure it was him with the use of 'guess who' forensics where you can cut down a suspect pool by the more things you know.
With time corrolation they could figure out that Ross's replies on Silk Road will probably put him within the Pacific time zone.
The FBI actually got inside of the Silk Road servers ( potentially Silk Road staff turn informant ) and saw someone was connecting to Silk Road from a internet Cafe. FBI found SSH keys which ended with "frosty@frosty".
FBI started to track Ulbrich and setup a sting operation in a library. Two undercover officers pretended to have a argument, and while Ross entered his password into his computer the police pounced on him. Leaving him logged in and his computer unencrypted.
There are way more places whe
re he went wrong. Like ordering multiple fake IDs at the same time getting caught and telling the police "anyone could have gone on silk road and ordered that", or saying to room mates his name is Josh. There were so many slip ups, but I'd waste time talking about all of them.
What can we learn.
Don't reuse usernames. And be careful when marketing a hidden service. Keep the real life accounts totally seperate. Don't talk to much about beliefs. Don't order multiple fake ID's at the same time. And there are probably a couple more.
Ross Ulbricht was the first of many, and it was unlucky he had so many trip ups. But from when he was around there was not as many case studies of OPSEC trip ups.
I will keep posting real stories, in hope that anyone who's dealing with Dark Business be more aware of the OPSEC measures!
DONT message me anymore on ICQ! Message me now on TELEGRAM!
Have a nice day!
[/b]
![[Image: 7xibycc.jpg]](https://i.imgur.com/7xibycc.jpg)
