Pages:
Author

Topic: Ross Ulbricht Guilty of Everything (Read 6674 times)

legendary
Activity: 1652
Merit: 1016
February 07, 2015, 09:01:58 AM
Can't believe they're actually allowing him to stand trial with all the evidence so far.
Everybody has a right to a trial and have their side of the story heard.
hero member
Activity: 544
Merit: 500
February 07, 2015, 08:45:23 AM
The evidence is so overwhelming, it's hard to believe some people actually are surprised. Even if he manages to magically prove some of the evidence against, the rest would flood him. Can't blame him for not trying though. Can't believe they're actually allowing him to stand trial with all the evidence so far. He could be proven guilty 1000 times before anyone bat an eyelid.
legendary
Activity: 1232
Merit: 1001
mining is so 2012-2013
February 07, 2015, 08:30:31 AM


It does seem like we've got some wild conspiracy theorists here. I don't know if you've noticed but he did at least admit to creating one of the worlds largest drug dealing markets and was caught in the act doing so. You people could have caught Ulbrict in the act fucking your own girlfriend and you would try find away to exonerate him and blame it on the feds. I believe you ross, the feds set you up to fuck my gf.

Protip: If you're going to set up the worlds greatest drug bazaar don't use your own email address to do so and don't get caught sat at your own computer LOGGED IN AS DPR. Jesus. Yes, the FBI and USG is corrupt as fuck but Ross is also guilty as fuck but that doesn't suit your argument so you just disregard any evidence as inside jerb.

That was funny.

There is soooo much evidence against him, even if he got appeals and got half of it thrown out, the other half will still be enough to convict. 

And then there is the murder trial that will come up later, where he logged his conversations!  That evidence is going to really hurt his defense.

But again, maybe he was set up, right?  Or maybe it was just fan fiction?
311
full member
Activity: 230
Merit: 100
Come original.
February 07, 2015, 05:37:31 AM
Actually, the thermite idea was one used back in the day before encryption became so widespread, like a couple of decades ago.

As for Ross, the way he was captured makes me wonder if the whole thing wasn't planned out. I wonder if the whole trial isn't a fake thing, designed to attack TOR, Bitcoin and the whole Internet - a false flag operation like 9/11 - and Ross is part of it.

Smiley

His defence was a joke and told people who wanted help fuck off. Binging up mark kapeles is just insane and you probably.closer to the truth than you realise. Now they can start going after websites they don't like and accusing them for then 'crimes' of others. Sites that host live streaming and torrent sites for starters off the top of my head. Everything fits into place too nicely for the mafia once more. They have a 99% success on conviction! Doesn't anyone see anything wrong with that? Lol

Fucking upside down backward western societies! And the sheep think they live in the land of the free and brave haha. Nothing further from the truth

It does seem like we've got some wild conspiracy theorists here. I don't know if you've noticed but he did at least admit to creating one of the worlds largest drug dealing markets and was caught in the act doing so. You people could have caught Ulbrict in the act fucking your own girlfriend and you would try find away to exonerate him and blame it on the feds. I believe you ross, the feds set you up to fuck my gf.

Protip: If you're going to set up the worlds greatest drug bazaar don't use your own email address to do so and don't get caught sat at your own computer LOGGED IN AS DPR. Jesus. Yes, the FBI and USG is corrupt as fuck but Ross is also guilty as fuck but that doesn't suit your argument so you just disregard any evidence as inside jerb.
POM
sr. member
Activity: 547
Merit: 254
February 07, 2015, 05:31:53 AM
I would tell him "don't drop the soap homie'"  Cry
sr. member
Activity: 388
Merit: 250
ELYSIAN | Pre-TGE 5.21.2018 | TGE 6.04.2018
February 07, 2015, 05:17:48 AM
Actually, the thermite idea was one used back in the day before encryption became so widespread, like a couple of decades ago.

As for Ross, the way he was captured makes me wonder if the whole thing wasn't planned out. I wonder if the whole trial isn't a fake thing, designed to attack TOR, Bitcoin and the whole Internet - a false flag operation like 9/11 - and Ross is part of it.

Smiley

His defence was a joke and told people who wanted help fuck off. Binging up mark kapeles is just insane and you probably.closer to the truth than you realise. Now they can start going after websites they don't like and accusing them for then 'crimes' of others. Sites that host live streaming and torrent sites for starters off the top of my head. Everything fits into place too nicely for the mafia once more. They have a 99% success on conviction! Doesn't anyone see anything wrong with that? Lol

Fucking upside down backward western societies! And the sheep think they live in the land of the free and brave haha. Nothing further from the truth
full member
Activity: 411
Merit: 100
February 07, 2015, 12:47:39 AM
Another potential setup would be to boot from tails and have a 2nd USB drive (that is encrypted) that contains a password to log into the administrative panel of SR, along with his other sensitive documents, and private keys (bitcoin and PGP), and VPN information.

Yeah what he needed was layered encryption. He needed to have all his stuff encrypted separately and not just rely on the FDE. There is literally no reason to have his journal unencrypted at all times the machine is on, the same for his wallet and PGP key.

The problem is that having layered encryption means you need to have multiple passwords and increases the chances of you forgetting a password, so he probably didn't do that because of this.
He could use a very similar password for each layer (or different encryption algorithms using the same password) as I don't think you can look at the encryption key and calculate the password (although I may be very wrong on this).

Another solution would to have used a password manager to unlock various layers of encryption using only one password, however the encryption key to unlock the passwords/keys contained in the password manager DB would only briefly in RAM.   
This is actually an argument for the defense to have called the guy who "broke" *cough* (hacked) the Silk Road captcha to testify (or maybe it was why the government did not call him to testify). If they were to question him in detail about how he got the IP address of the server in Iceland then I would be willing to bet that it would be revealed the government did something illegal/unconstitutional.

You know what, the story that the gov said doesn't make any sense at all, but it is possible that the captcha could leak the real IP, just not the way he said it would. I think it was that Tarbell guy who broke the captcha, he has a massive reputation and lots of experience in this area, he's the guy who nailed a bunch of people in lulzsec/anonymous, I doubt he or his company would have intentionally done anything highly illegal during an investigation, at least not something that they couldn't use parallel construction to cover up. I believe he wrote the statement on how he did it when he was away on a business trip in the Netherlands (which is also probably why he wasn't called to testify), maybe he just got the cover story mixed up Tongue
I was under the impression that he actually worked for the FBI at the time he discovered the real IP address. If he got his "story" mixed up then it would be grounds to get the evidence mixed up as his sworn testimony would have been proven to be a lie (or at least not the 100% truth). I do remember reading something about him being able to find the RL identity of several people in the "hacking" community when his declaration was presented to "explain" how he was able to discover the IP address of the SR server.

Based on what he said in his declaration, I would say that he likely was not simply manually entering text into the captcha - it was most likely something automated
full member
Activity: 411
Merit: 100
February 07, 2015, 12:06:48 AM
Ulbricht made enough opsec mistakes to get himself convicted even if the laptop was excluded.  He talked about illnesses and other personal problems with informants on torchat in dozens of timestamped messages, then he would get on social media with his real identity and write to his friends/gf about them. That Poison Oak message for one. Unbelievable !! It's like he forgot what he was doing wasn't legal.  They also had their informant sitting in the library on torchat watching him type out replies.

Ulbricht's lawyer feigning incompetence by getting defence witnesses excluded to give meat to an appeal after realizing this trial was doomed is not likely to produce a different outcome since even if his entire arrest was tossed feds can still easily convict with the mountain of other opsec mistakes like that IRS agent who found his altoids persona linked to the name Ross Ulbricht which is good enough when combined with all the informant chats. They prosecute skiddies all the time from hackforums markets peddling illegal booters and spam services with same self incriminating chat with informants.

What I think they are hoping to do is use the fruit of the poisonous tree doctrine to try and get as much evidence as possible thrown out by saying the FBI did something they weren't supposed to do, by saying things like the forensics weren't done properly so the laptop can't be used as evidence etc etc or bring up the whole discovery of the server issue again and try and get pretty much everything thrown out.
This is actually an argument for the defense to have called the guy who "broke" *cough* (hacked) the Silk Road captcha to testify (or maybe it was why the government did not call him to testify). If they were to question him in detail about how he got the IP address of the server in Iceland then I would be willing to bet that it would be revealed the government did something illegal/unconstitutional.
full member
Activity: 411
Merit: 100
February 07, 2015, 12:01:44 AM
That is interesting because I believe in Ross's case, the FBI was able to get everything except for the RAM

That would make sense actually as there were screenshots of FTK submitted during the case and in them only the home folder was open. I thought it was because the home folder contained all the goodies, but it's probable they didn't get access to the entire filesystem and had just copied the home folder while the thing was on. I remember hearing the defense claim the forensic tech was incompetent,
In theory this could be a potential appeal avenue for the defense. If Ross's attorneys can convince an appellate court that the judge ruled in favor of the prosecution that the forensic tech was not incompetent in error. If that ruling does get overturned then it would have a significant impact on the case as a very large amount of evidence against Ross was found on his Laptop.
   it would seem that is the case. I guess both Ross and the tech left the laptop charger at home.
LOL

It appears that you know more about this kind of stuff then me, however in theory, Ross intentionally left the charger at home and it was some custom charger that would not be commonly be used. I don't remember reading about why most/all what was on the RAM was lost, however if an explanation could not be given (or if it is something stupid like "the laptop charger was left at home") then the chances of getting the laptop evidence thrown out goes up significantly.
I have been a speculator watching Silk Road for a while, longer then I have been into bitcoin; I actually got the idea from a post on either SR1 or SR2 forums shortly after SR1 was shut down.

I actually have that USB setup, but it wasn't intentional. My bootloader is stored on a USB stick for integrity purposes, so that someone can't tamper my bootloader while I'm away from my machine. And because I have some auto-updates enabled it isn't safe to remove it while the machine is switched on, so if it is removed my machine will shut down, as if it was removed and there was an auto-update for my bootloader my machine would be likely be unbootable. It's not tethered to me though, I guess I could always rank it out if I ever felt really unsafe Cheesy
I would imagine that a tethering setup would not be difficult.
Another potential setup would be to boot from tails and have a 2nd USB drive (that is encrypted) that contains a password to log into the administrative panel of SR, along with his other sensitive documents, and private keys (bitcoin and PGP), and VPN information. Although the FBI could still have grabbed him when his RAM contained the encryption keys of the USB drive, the window to do this would be much smaller - they likely would still have caught him red handed logged into the admin panel, but would most likely not have gotten the laptop at a time when they could have gotten everything else.

Remember that they discovered that the decision to try to snatch Ross's laptop while he was using it was only a last minute idea when they were conducting surveillance on him shortly prior to them planning to arrest him.   

hero member
Activity: 899
Merit: 1002
February 06, 2015, 11:36:16 PM
Ulbricht made enough opsec mistakes to get himself convicted even if the laptop was excluded.  He talked about illnesses and other personal problems with informants on torchat in dozens of timestamped messages, then he would get on social media with his real identity and write to his friends/gf about them. That Poison Oak message for one. Unbelievable !! It's like he forgot what he was doing wasn't legal.  They also had their informant sitting in the library on torchat watching him type out replies.

Ulbricht's lawyer feigning incompetence by getting defence witnesses excluded to give meat to an appeal after realizing this trial was doomed is not likely to produce a different outcome since even if his entire arrest was tossed feds can still easily convict with the mountain of other opsec mistakes like that IRS agent who found his altoids persona linked to the name Ross Ulbricht which is good enough when combined with all the informant chats. They prosecute skiddies all the time from hackforums markets peddling illegal booters and spam services with same self incriminating chat with informants.
full member
Activity: 411
Merit: 100
February 06, 2015, 11:17:57 PM

Law enforcement cyberforensics are known to use mouse jigglers like this:
http://www.cru-inc.com/products/wiebetech/hotplug_field_kit/

You are probably actually referring to this --> http://www.cru-inc.com/products/wiebetech/mouse_jiggler/

What you linked appears to only keep a computer powered while moving it (likely one that does not have a battery)
full member
Activity: 411
Merit: 100
February 06, 2015, 11:07:55 PM
You think an attacker would only need access to your computer for a few seconds to copy an entire unencrypted hard drive?

No, they only need to dump the RAM. They can then turn the laptop off. Later on in a lab they can use tool such as aesfind and FTK (used in Ross' case) to search the RAM dump for the encryption key and decrypt the drive, which must be stored in RAM in order for it to be able to read from the drive (though there are now new projects that are storing keys in the CPU debug registries, which is an awesome idea but it's very experimental right now).
That is interesting because I believe in Ross's case, the FBI was able to get everything except for the RAM - I remember reading that, due to a power issue they were not able to determine what exactly Ross was running/looking at when his laptop was pulled from him - but maybe all they got before his security measures kicked in was the encryption key.

If the encryption software were programmed to automatically encrypt the entire hard drive after n minutes with the absence of a password, then someone in the process of copying the hard drive would not be able to continue doing so after n minutes.

I think you are confused. How it works is that data written to the drive is encrypted, but in order to read the drive the password needs to be stored in RAM, and shutting it down clears the ram. Once they have the password, thats all they need they can turn the thing off.
This could potentially be countered by using some kind of time based key (similar to how authy works) Scratch that, I think this would be defeated by having the encryption key stored in RAM. It sounds like the key here (no pun intended) is to keep your RAM secure).
The software prompting a password would be based on time, not computer activity.

If the thing is prompting me every 15 minutes for a password it's going to bug me out and after about a week I'll either turn it off or go mentally insane. And if I keep using it eventually I'll give in and use a weak pasword. And if I'm being watched by the FBI there is no way I'm going to be able to enter a secret password every 15 minutes without them knowing.
You could potentially enter some kind of code based on the response it gives you. It could be very simply as long as it is not static, and as long as you only have a very short amount of time to enter it and only have one chance, or else the computer shuts down
Other solutions would be to have some kind of USB stick/drive that would serve as a kill switch in the event that it is unplugged, such USB drive would be tethered to either his wrist or neck so if the laptop is pulled away from him then it would be unplugged and the computer would shut down.

G-sensor is probably better IMO.
I have been a speculator watching Silk Road for a while, longer then I have been into bitcoin; I actually got the idea from a post on either SR1 or SR2 forums shortly after SR1 was shut down.
legendary
Activity: 1092
Merit: 1000
full member
Activity: 411
Merit: 100
February 06, 2015, 10:41:31 PM
Well you could set a library on fire

My laptop gets hot enough to do that anyway, so its not an increased risk.

When the FBI try to steal my Bitcoins, signing all the dust transactions in my wallet will cause the laptop to heat up, detonating the thermite.
Probably not true (your laptop getting hot enough). If your laptop did get hot enough to burn down the library then it would likely melt.

Although the burning point of a HDD is lower then that of paper/wood it would be difficult to have a controlled enough burn so that your computer melts (which is essentially what will need to happen to sufficiently protect yourself) but the table/books around you do not catch fire.

Not only that but his work on the site likely would require him to remain concentrated for times of greater then one minute.

One potential similar solution would be for him to be required to enter his password ever n minutes (with n[/n] being a small number) or else the hard drive shuts down (which obviously has full disk encryption) and power is cutoff from the RAM)

I thought it was obvious we were using satire.

And yes you are right, that is a good solution, though the problem is it's not convenient, your security solutions need to be very convenient or else you're likely to turn them off. Something like that is going to slow down your work speed as you'll be constantly interrupted to enter a password, and everytime you enter the password you risk exposing it to any audio/video recording device or a shoulder surfer. On top of that someone only needs access to your powered on computer for a few seconds to defeat FDE, though LE have a standard procedure they must go through to keep everything forensically sound and that takes much longer than a few seconds.

Law enforcement cyberforensics are known to use mouse jigglers like this:
http://www.cru-inc.com/products/wiebetech/hotplug_field_kit/

These are a USB device that simulates a moving mouse to prevent the laptop from locking/shutting down when conducting forensics. What is great about these is that many of them use USB vendor ID's that software can easily detect Wink

Also, many laptops such as macbooks have a built in g-sensor, so if the laptop is suddenly moved or pulled away from you, it can easily be programmed to lock the screen or shutdown.

And what about voice commands, should something go wrong you could setup a voice command where you shout out a secret word and the laptop shuts down.

Another thing you can do is solder your RAM to the motherboard. Unless the forensics can get root on your machine or your motherboard has some way of DMA (such as firewire) that you didn't disable they will need to bring it to a lab to dump the RAM. This will take a couple of hours at least I'd say, so your solution would be very useful here.

And speaking of prying apart laptops, many laptops have sensors that can detect when the case has been opened.

The list of things he could've done goes on, but hindsight is always 20/20.
You think an attacker would only need access to your computer for a few seconds to copy an entire unencrypted hard drive?

If the encryption software were programmed to automatically encrypt the entire hard drive after n minutes with the absence of a password, then someone in the process of copying the hard drive would not be able to continue doing so after n minutes.

The software prompting a password would be based on time, not computer activity. The timer would be housed on some separate hardware that could not be controlled/manipulated without physically opening (and powering off) the computer. Instead of a password, it could be a very simply encryption system, something that can easily be "decrypted" by a person, for example the computer could display the word "bitcoin" and someone would need to input the numbers "2472646" (the telephone numbers that commonly have such letters engraved into them) - or maybe something slightly more complex.

Other solutions would be to have some kind of USB stick/drive that would serve as a kill switch in the event that it is unplugged, such USB drive would be tethered to either his wrist or neck so if the laptop is pulled away from him then it would be unplugged and the computer would shut down.
legendary
Activity: 3990
Merit: 1385
February 06, 2015, 10:15:56 PM
Actually, the thermite idea was one used back in the day before encryption became so widespread, like a couple of decades ago.

As for Ross, the way he was captured makes me wonder if the whole thing wasn't planned out. I wonder if the whole trial isn't a fake thing, designed to attack TOR, Bitcoin and the whole Internet - a false flag operation like 9/11 - and Ross is part of it.

Smiley
full member
Activity: 411
Merit: 100
February 06, 2015, 10:00:10 PM
Well you could set a library on fire

My laptop gets hot enough to do that anyway, so its not an increased risk.

When the FBI try to steal my Bitcoins, signing all the dust transactions in my wallet will cause the laptop to heat up, detonating the thermite.
Probably not true (your laptop getting hot enough). If your laptop did get hot enough to burn down the library then it would likely melt.

Although the burning point of a HDD is lower then that of paper/wood it would be difficult to have a controlled enough burn so that your computer melts (which is essentially what will need to happen to sufficiently protect yourself) but the table/books around you do not catch fire.

Not only that but his work on the site likely would require him to remain concentrated for times of greater then one minute.

One potential similar solution would be for him to be required to enter his password ever n minutes (with n[/n] being a small number) or else the hard drive shuts down (which obviously has full disk encryption) and power is cutoff from the RAM)
legendary
Activity: 3990
Merit: 1385
February 06, 2015, 09:57:00 PM
Yeah and don't bring that puppy on a plane either or you'll have some explaining to do.

Yeah! And be careful how you carry it in your backpack.

Smiley
legendary
Activity: 3990
Merit: 1385
February 06, 2015, 09:44:23 PM
When you are in a position like Ross was in the library, you need to have a layer of thermite placed above your hard drive. If you don't click a certain link before a minute elapses since the last time you clicked the link, the thermite ignites, and destroys your entire hard drive. You are the only one who knows about the click-the-link process. You better not forget to click.

If your hard drive goes up in flames for any reason, you can get your computer info back later, when it is safe, from encrypted clouds on the Net, where it can't be compromised.

There are easier ways to implement a deadmans switch, but I like this approach. I might give this a go, I don't see how anything could go wrong.
Well you could set a library on fire

Yes. Think things through well. Have a failsafe if practical. You might have a 10-second delay with a flashing icon that would remind you if you forgot. Line the inside base of your laptop with a layer of asbestos cloth. Test on an old hard drive ahead of time, to see how much thermite you would need. Use your head. Think the thing out clearly.

Obviously, Ross was smart enough to think these things out... if only he hadn't become overconfident.

Smiley

EDIT: There might be a business opportunity here, making thermite inserts for laptops.
legendary
Activity: 1526
Merit: 1000
February 06, 2015, 09:33:42 PM
All he had to do was close his laptop and he wouldn't have gotten prosecuted. How your life can change from little reactions/decisions.

Or just listen to the great stringer bell.

https://www.youtube.com/watch?v=pBdGOrcUEg8
full member
Activity: 411
Merit: 100
February 06, 2015, 09:29:20 PM
When you are in a position like Ross was in the library, you need to have a layer of thermite placed above your hard drive. If you don't click a certain link before a minute elapses since the last time you clicked the link, the thermite ignites, and destroys your entire hard drive. You are the only one who knows about the click-the-link process. You better not forget to click.

If your hard drive goes up in flames for any reason, you can get your computer info back later, when it is safe, from encrypted clouds on the Net, where it can't be compromised.

There are easier ways to implement a deadmans switch, but I like this approach. I might give this a go, I don't see how anything could go wrong.
Well you could set a library on fire
Pages:
Jump to: