Allen Hoffman on the Ulbricht Indictment

12 minute read

Posted by: Allen Hoffmann, JD

November 27, 2014

There aren’t many people who sit on top of drug empires who can have the privilege of grating press access to the likes of Forbes while keeping their name and face unknown and have it published, and without question, that’s why the FBI and HSI went so damn hard after him; word to the wise, kids, don’t challenge the police, especially via international media, because they will do their level best to meet it, and meet it they indeed did with the seizure of SR and the allegations (as yet undetermined) that Ross William Ulbricht is Dread Pirate Roberts.

I have to be honest – the feeb and their partners have made a very compelling case against Ross Ulbricht, owing to a number of pieces of what I would call not altogether outlandish pieces of circumstantial evidence. When viewed as a conglomerate, it gets pretty damming. There’s the temporal and geographic proximity to SR server logins on the part of Ulbricht (not much on its own), there’s the ‘frosty’ email login issue (by itself, quite slender), and then there’s the very, very problematic ‘altoid’ posts (this is where the troubles really start), but any way in which you look at it, its likely that the FBI was onto Ross Ulbricht as being a potential contender for the alter ego of DPR not far into the investigation owing to, if it is Ulbricht, very early slips which he couldn’t obliterate; but knowing it and proving it, as we know, are different things. That’s not what I’m looking at in this article. Those who investigated DPR and SR knew they were up against a forensically aware, technically advanced adversary who wasn’t going to fall apart (from an evidentiary view at least) very easily. They had to play the long game, and what’s more, they’ve had to play a dirty game, the specifics of which are unlikely ever to be admitted, not just because there’s a need to keep investigative tactics safe as long as possible for repeat use, but also because some of it probably wasn’t, strictly, legal.

The vendors of SR could’ve, with the resources or desire of LE, been decimated in a couple of months tops using the USPS’ Mail Isolation Control and Tracking (MICT) mass surveillance program [sidebar – this one’s declassified, who knows what else lurks beneath] combined with old fashioned detective work. Whilst some vendors, such as Nod/Steven Sadler (who has pleaded guilty), did incidentally get picked up during the course of the intermediate investigations, possibly with the help of MICT, the golden prize was always DPR’s scalp, and considering DPR was never (under that name) a vendor, a novel approach was needed.

We’ll pick this up in late 2013 – The NY DA and associated LE has been running a long term operation into SR and not making headway. Having hit the judicial thresholds in ‘exhaustion’ using standard investigative methodologies, its time to approach this investigation in a novel way; whilst most of the time, its the buyer who is an undercover operative, in this case, because of the way in which postage and other parcel couriers complicate matters (rather than allowing the photographing of a hand to hand transaction – we’ve all seen ‘The Wire’, right?), why not see if we can find a way to get DPR to tell us where someone close to his inner sanctum is?

The UC operation to sell fake coke and expose SR’s staff – October 1, 2013, Maryland Superseding Indictment, pages 4-5.

In late 2012, an undercover operative contacts DPR with an enticing lure; a desire to move wholesale quantities (kilograms or more) of cocaine. DPR and the SR staff (including ‘SR Support’, referred to rather amusingly as the ’employee’) make enquiries and in late 2012 and early 2013, negotiations take place for this kilo of blow to be sold for 27k to an SR vendor, with DPR taking a commision. The UC makes sure that its not sent by USPS, most likely because his controller wanted a safely handled delivery. A mixture of cocaine and inert substance is delivered to SR Support. Do not pass go, do not collect $200.

What did DPR do wrong?

Directly or indirectly, DPR exposed to a purported vendor a component of his operation by allowing an employee to accept delivery of a kilo of fake coke. Operating on the very mistaken assumption that LE will only buy, and never sell, drugs in an effort to infilitrate an operation, DPR invites LE into his inner sanctum, and they strike hard.
DPR, possibly in an effort to maintain his margin, lets LE basically walk into his front yard and take a shit in it.

We’ve talked in brief before about the difference between intelligence and evidence; the distinction is not controversial. What I will suggest in this paragraph is also not controversial – that LE agencies often use underhanded tactics to acquire evidence. However, as far as controversial goes, this assertion of mine certainly is in some parts; that law enforcement or those deployed by law enforcement sought shape the conduct of DPR such as to entice him to engage in some seriously heavy offences, the type which would, perhaps, leverage international cooperation from previously reluctant governments, who may have held off providing assistance in accessing SR’s servers.

The missing period 17 January 2013 to 26 January, 2013 – October 1, 2013, Maryland Superseding Indictment pages 6-10 Employee’s arrest, provision of information to authorities, and supposed release.

Conveniently ommitted from the otherwise remarkably comprehensive narrative is this 9 day period, after which the ‘murder for hire’ case comes together; and presumably, the ’employee’ comes to an arrangement with federal authorities. Is he the one who first named Ulbricht as allegedly being DPR? Its a distinct possibility. Those involved in executing a warrant on the employee during this period know what they’re up against; probably someone with reasonable technological know-how, and accordingly, they no doubt go equipped to seize any and all evidence very proficiently. They seize everything they need, probably in a similarly dramatic ‘live’ way to the manner in which Ulbricht was arrested, in front of a computer with an account open. I’d surmise that a quantity of BTC funds are also seized/made to disappear. The situation is carefully crafted and spun from the start to do two things; have an iron-clad case against the employee to the extent that he has no choice but to cooperate, and to prod DPR into action.

January 26, 2013 to March 1 2013 – fake murder for hire of the arrested employee – October 1, 2013 Superseding Indictment, pages 6-10.

DPR is aware that the employee has been arrested, and references his having been ‘on the inside’ – in other words, aware that this will entice DPR into further correspondence and action, the employee is, at least as far as anyone asking is concerned, able to make bail and ‘disappear’, no doubt at the behest of investigators. The tactical objective at this point is to rattle DPR, so making the arrest public knowledge is a component of this. DPR orders the employee to be killed [sidebar: for a guy who has, by his own admission, never had someone hit before, DPR shifts from maybe getting someone tortured to definitely getting someone whacked out pretty fast – was this course of action prompted or otherwise suggested to DPR during those missing 9 days in the indictment?]. As at February 8th, the UC says they are good to “kill” the employee, and from February 12 to 19, they pretend to be torturing and killing him, with correspondence from the UC on 19 February indicating that the employee had died ‘that weekend’ – presumably meaning the 16th or 17th of February, 2013. The (definitely fully cooperative) employee, presumably still actually in LE custody is posed in various ways and photographs are staged. DPR is enticed to make various inculpatory remarks throughout the correspondence.

What did DPR do wrong?

Its clear reading the indictment that DPR began to feel a little like Tony Montana, and simply talks too much about a variety of factors, not least of which includes waxing lyrical to a guy who supposedly tortured and killed a key witness.
He also sends an international wire transfer which helps to firm up, from an evidentiary perspective, who he may infact be.

The fake hacker and the completely fictitious murder for hire. New York indictment, September 2013, Page 21 – 24

Under the tabloid-worthy headline “DPR’s willingnes to use violence to protect his interests in Silk Road”, we learn of another interesting side story which helps cement DPR’s future courtroom image as that of a ruthless murderer prepared to kill anyone threatening his business. On March 13, a supposedly Canada based user named ‘friendlychemist’ contacts DPR and decides to start blackmailing him. Interestingly, no effort has been made by those preparing the indictment to obscure the username [I surmise that this user is either a tasked human LE asset, was otherwise taken over by LE or an outright LE fabrication] How the information he is proposing to blackmail DPR with got to him is a case of legit hacking, or perhaps using other investigative methods, such as a honey trap TOR node – but any way you look at it, ‘friendlychemist’ is taking home cheques from LE if his username is left in here without any indictments in relation to him/her being public by now. Even more potentially concerning if the user was an active vendor; did LE let someone sell drugs on SR with Government approval, if not having LE itself sell drugs on SR to help build its fictitious front man’s credibility?

It seems that ‘friendlychemist’ owes money to some people, because he puts them in touch with DPR – and the guy who contacts him has an interesting username; “redandwhite” (for those not knowledgeable in this aspect of the world, those are the colors associated with a particular worldwide sized biker group). From here, ‘friendlychemist’ demands half a mil later in March, and so DPR, presumably believing he is speaking to someone affiliated with the relevant people one might associated with ‘redandwhite’, reaches out for some help. ‘redandwhite’ gets paid 150k via BTC, DPR even mentions that the price is high compared to what he paid last time, and is then provideded with images proving a homicide to DPR’s apparent satisfaction. As far as anyone knows, this homicide didn’t happen; the indictment says this.

What did DPR do wrong?

“I hacked someone and will blackmail you… actually, no, speak to this guy I owe money to and pay him directly” “This guy owes me money, but I could totally kill him for you if you want” “If you don’t give me 500k, I will totally expose you” Does this situation seem stupidly convoluted to anyone else?

DPR has now done something much worse than the first fake killing – he has crossed international borders with his capacity to kill. But no one is saying redandwhite is a cop, and no one is saying friendlychemist is a cop, but the inescapable reality is, that this whole little charade was a covert LE effort to manufacture yet more evidence of DPR’s dangerousness and apparent power. In sodoing, he also tried to bargain the price down, mentioning his last hit costing what it did. Good work, DPR… talk about helping the evidence get built.

The server image acquisition by the FBI – New York indictment, September 2013, page 14

Its not until after two (fake) murders, one of which DPR apparently manages to orchestrate across international borders, despite the allegations of large scale drug trafficking, money laundering and other wholesale misbehaviour, that in July 2013, a Mutual Legal Assistance Treaty request is made, which secures an image of the Silk Road Web Server. Coincidental timing? Not likely. The country where the server was acquired is not mentioned, and most likely for good reason; namely, that the FBI would prefer not to have to go through the same song and dance next time this happens, and would like to avoid anyone knowing which jurisdiction it was that made them put on this monumental dog and pony show in building their case.

Buying Fake IDs under your own username when you’re DPR – New York indictment, September 2013, page

A parcel of fake IDs addressed to Ross Ulbricht and all bearing his face was seized by CBP coming from Canada in July 2013. “Canada?” you say… “Canada is not the fake ID hub of the world, so why would they come from there?” Why, indeed? Its a pretty good question. But then it gets more interesting – we see that DPR was talking to the famed ‘redandwhite’, of fake international murder and further evidence development fame from just a moment ago. Messages apparently recovered from the SR server show who that DPR was talking to redandwhite about buying some fake ids, but of course, the indictment, apparently so comprehensive in other aspects, wholly fails to identify whether or not a transaction was agreed to or closed on this point. [I surmise that the same unacknowledged LE operation which was responsible for putting together the ‘friendlychemist’ scenario had a hand in the seizure, if not the outright manufacture, of the Ulbright IDs]

Writer’s note – I’ve seen the IDs bearing Ulbricht’s face, whether or not these are the same IDs that DPR was talking about is something for the Government to prove in court. Coincidentally, they all seem to have come from the catalogue of a Chinese site called ‘IDChief’ (whose templates were supplied via a forum known as Ultimate Fakes, and for whose products holograms could be bought wholesale from various Chinese suppliers since at least 2008-2009), who had not embraced BTC, instead, relying on Western Union and similar transfers, which shipped from China until it was supposedly voluntarily taken down in recent years.

If you run the world’s biggest TOR dark market, somewhere which allows you to be anonymous and have multiple identities, why would you expose the fact that you, the owner of that infrastructure, is looking for tangible goods which will require an ultimate delivery address, to other parties? And worse, not just that you need tangible goods but that YOUR GOD DAMN FACE WILL BE ON ALL OF THEM?

Its a dangerous game and a very slippery downhill slope if LE starts making evidence fit via shoehorn. Its not for me to say whether or not Ross Ulbricht is DPR, but the use of such elaborate tactics, measures and means, which one would usually expect to see employed in a counter terrorism capacity, to catch a guy running eBay for drugs, is cause to stop and think. What doesn’t add up is incidental in the bigger picture, but deeply troubling for those with an eye for detail. Who will the puppetmasters behind ‘redandwhite’, ‘friendlychemist’ and who knows how many other LE persona’s draw into committing a non existent crime to bolster some other case next?

Updated: 2014-11-27