How OSINT Took Down the Dark Web’s Silk Road
Though the Dark Web has been around since the early 2000s, it entered the lexicon of mainstream popular culture in 2013 after the high-profile FBI bust of a Dark Web site called Silk Road, an anonymous narcotics website run by 29-year-old Ross Ulbricht, code name “Dread Pirate Roberts.”
This was the FBI’s first major interaction with infiltrating the Dark Web and federal agents involved in the case described working with it as “uncharted territory.” It required a different investigation approach: collecting evidence from Silk Road over time and then trying to identify individuals rather than starting with probable cause for an already identified individual. To do this, investigators used a combination of open source intelligence (OSINT) and traditional investigation tactics to arrest Ulbricht and take down the site.
The Silk Road was created in early 2011 and quickly became a hub for drug and other illicit transactions all over the world. In the two and a half years that it was active, over 11,000 different kinds of narcotics were bought and sold through the site using Bitcoin. In addition to illegal substances, Silk Road sellers touted stolen credit and debit card numbers, fake IDs, counterfeit currencies, and various hacking tools.
The official investigation began in mid-2011 when the United States Department of Homeland Security received an anonymous tip about an international online drug market unable to be accessed by search engines like Google or Bing. Soon, a multi-agency task force was created in Baltimore with an end goal of identifying and arresting the owner and operator of the site.
Investigators focused on gaining access to two groups: the top 1% of sellers and the moderators in order to seize their computers and acquire information about the site, its users, private communications, and, hopefully, the owner himself.
The task force’s strategy was to watch the Silk Road for any identifying information from the anonymous users, and, once someone slipped up, investigate that lead using traditional methods. After six months of monitoring, one user finally made a revealing mistake. Jacob Theodore George IV, a drug dealer based in Baltimore, posted on a Silk Road forum that a US Postal Inspector had seized one of his packages containing narcotics because it was spilling a white substance. Despite other Silk Road users urging George to not dispute the confiscation, he later posted that he’d gotten the package back by telling the inspector that the substance was not going to be used for illegal purposes.
After this, task force investigators were able to identify George and arrested him in January of 2012. With this arrest, investigators gained access to his Silk Road account, including all emails, shipping records, and financial details. The initial arrests were kept quiet from the media to prevent Dread Pirate Roberts from finding out about the investigation. These were kept under the radar by filing charges later or filing state charges instead of easily searchable federal ones.
It was Ross Ulbricht’s mistakes on the Surface Web that ultimately tied him to Dread Pirate Roberts and Silk Road. Using OSINT, the FBI found the first-ever internet mention of Silk Road on January 27, 2011, when a user named “altoid” had posted an advertisement for the site in a drug user forum. The FBI then searched the open web for uses of that same username and found that someone had posted in a Bitcoin forum seeking workers for a Bitcoin startup. However, that forum post had an email address attached: firstname.lastname@example.org.
Now that they had a potential name and an email, they looked through Ulbricht’s social media for more ties to Dread Pirate Roberts and found that both had mentioned the obscure Ludwig von Mises Institute for Austrian Economics. The FBI also found that in March 2012, a user named Ross Ulbricht logged into a forum to ask for help using a Dark Web site. Within a minute, the user had changed their name to “frosty,” but the website still recorded the original name.
The FBI had correctly identified Dread Pirate Roberts using OSINT, but they still had to arrest him. This happened using good old-fashioned police work. In April 2012, an undercover agent started to build an online relationship with Ulbricht by posing as a cocaine seller. Around this time, the FBI also busted a moderator who was employed as Silk Road’s customer service representative. This was the first moderator arrest, which gave the FBI details of sales and all Bitcoin accounts, including Ulbricht’s. Eventually, US customs seized a package containing fake ID documents that had Ulbricht’s address on it, and in October 2013, he was arrested in San Francisco.
The FBI officials used both OSINT and in-person investigation techniques to identify and arrest high-level Silk Road sellers and moderators. Using an OSINT tool like Skopenow could’ve automated the online investigation process for faster results in this case. Skopenow aggregates all relevant data from the open web including all mentions and references to a specific person, site, or username, as well as known addresses and contact information for any search subject.
Skopenow is an analytical search engine that uses social media and open web data to provide actionable intelligence and automate your online investigation. Skopenow's platform identifies, collects, and analyzes public information on people and businesses by scouring millions of sources and data points. While Skopenow is built for use in insurance, government, and law, the product is also highly applicable in HR, real estate, and education.
Claire Van Note