Internet Security Blog - Hackology
Ross Ulbricht SilkRoad

The Harmless Crime of Ross Ulbricht #FreeRoss

Ross Ulbricht was a 26 yr old programmer, idealist, young & naïve, who built a website that was free for anyone to use as they saw fit. He is a non-violent, first-time offender who was sentenced to double life +40 years Listen to Ross talk from prison. He is still in a prison #FreeRoss.

I’m sure many of you have heard about the Silk Road before, but not many of you seem to know the full story.

Who is Ross Ulbricht

Ross William Ulbricht (born March 27, 1984) is an American who created and operated the darknet market website Silk Road from 2011 until his arrest in 2013. The site used Tor for anonymity and bitcoin as a currency and facilitated the sale of narcotics and other illegal sales. One of Ulbricht’s online pseudonyms was “Dread Pirate Roberts” after the fictional character in the novel The Princess Bride and its film adaptation.

In February 2015, Ulbricht was convicted of conspiracy to commit money laundering, conspiracy to commit computer hacking, conspiracy to traffic fraudulent identity documents, and conspiracy to traffic narcotics by means of the internet. In May 2015, he was sentenced to a double life sentence plus forty years without the possibility of parole. Ulbricht’s appeals to the U.S. Court of Appeals for the Second Circuit in 2017 and the U.S. Supreme Court in 2018 were unsuccessful. He is currently incarcerated at the United States Penitentiary in Tucson.

How Ross was Scammed

The beginning of this story dates back to January 27th, 2011, when a user by the name “altoid” posted a thread on the shroomery.org forum stating the following:



Since it was the first mention of the Silk Road website anywhere on the internet, and because the post urged people to give their feedback on it, it was believed to be some sort of marketing tactic.

This ultimately led the FBI to look into the username of who altoid really was…

Funny enough, the moniker “altoid” was also on the BTC talk forum.

If you take a glance through their posts, you’ll find they had quite a few BTC to their name.

They made many posts about trading Bitcoin, however, none of which would be as incriminating as their final post..

The final post made by altoid was on October 11th, 2011, in a thread titled:

“IT pro needed for venture backed bitcoin start up” which included the following text:

The email stated in this post, along with other posts made by the account led the FBI to start tracking Ross Ulbricht in an ongoing investigation.

The FBI continued to monitor Ulbricht up through 2013, until undercover agents tracked him to the San Francisco Public Library At the library, two undercover agents created a diversion causing Ross to get up and leave his chair with his computer unattended.

Once Ross was away from his computer, an agent swept in and grabbed his computer while it was still open. Ross was caught logged into the mastermind section or dashboard of the Silk Road website.

In another tab, there was a full diary dedicated to the creation of the Silk Road written in his name.

The contents contained within the Silk Road servers would later come to light in the New York City trial of Ross Ulbricht, when prosecutors unsealed a 33-page transcript of private messages in which Dread Pirate Roberts (allegedly Ross) attempted to arrange 6 murder-for-hires. Before diving into the transcript, I will introduce its characters, because things will get confusing quick without first touching base on the players involved.

Dread Pirate Roberts – Ross Ulbricht Lucydrop – One of the top vendors on the Silk Road, who built up a solid reputation on the website prior to exit scamming

If you’re not familiar with exit scamming, it is essentially just building up a good reputation as a vendor before cashing out and refusing to fulfill orders

Leading up to the messages we’re about to read, Lucydrop claimed that they had been imprisoned for 7 months, and that their business partner had stolen their account.

As if that doesn’t sound sketchy enough, when Lucydrop returned to the forums, he claimed he was sad because he lost everything & had everything stolen from them.

On top of that, he claimed he wanted to come back & get their old acc frozen, & that he would never sell again There are striking similarities between Lucydrop and another vendor by the name “Tony76”, who had also exit scammed previously in a similar fashion.

Both vendors were from the same area in Canada, and sold the exact same type of product.

Additionally, both vendors shared the same idiosyncrasies when it came to typing.

As a result of being a scammer on the marketplace, Tony76 was not liked by Ross Ulbricht, because such scams tainted the reputation of his brand.

This is something to keep in mind before diving in to the rest of these messages.

The next character referenced in these logs goes by the name “FriendlyChemist”.

FriendlyChemist wasn’t a vendor, but was someone who claimed to be a middleman between the Hells Angels, a biker gang based in Canada, and Lucydrop. Throughout these messages, FriendlyChemist is frantic, and claims he needs $500,000 dollars or else he will release the names of thousands of customers on the Silk Road. Lastly, we have “redandwhite”, who is supposedly from the Hells Angels. This is the person FriendlyChemist claims to be in debt to for about $700,000 dollars.

Now that you have an idea of all the characters involved, lets dive into the messages. The first message in this story comes on March 13, 2013 from Friendly Chemist with the subject line “VERY IMPORTANT”.

This message includes the following:

The next morning on March 14, 2013, Ross Ulbricht gets back to FriendlyChemist:

FriendlyChemist replies to Ross a few hours later, where he explains that he is in desperate need of money from Lucydrop, and that his life is in danger if he doesn’t get these funds.

FriendlyChemist also states he has the identities of numerous vendors and their customers..

Ross then replies to FriendlyChemist stating that he has never had any ins with Lucydrop, and that he had probably made it up to trick him.

FriendlyChemist replies saying that he finds it hard to believe Ross didn’t have any special connections with Lucydrop.

FriendlyChemist explains that his life is in danger if he does not pay back his debts, and threatens to release info on customers if he is forced to

A day later on March 15, 2013, Ross gets back to FriendlyChemist and says he will get in touch with LucyDrop.

He also requests that FriendlyChemist sends all the information he has harvested so he can verify it is true.

Four minutes later, Ross sends a message to Lucydrop explaining the situation, and also requests that he provides him with FriendlyChemist’s name and address so that he can stop him in his tracks before doing anything stupid.

Note that this was not the best move by Ross, in the case that Lucydrop’s computer was indeed keylogged.

But given the circumstances, Ross could just be testing the bluff. Next, FriendlyChemist responds to Ross asking why he wants him to send him anything.

He explains that Lucydrop kept a log of all of his transactions on Silk Road, and that he has already provided proof that he can get into his account

Clearly, Ross was being threatened with real identities, and this is why the government actually redacted this in the court documents.

Later that same day, DPR would get back to FriendlyChemist saying that he will let him know when he hears from Lucydrop.

FriendlyChemist then replies to DPR, once again pleading his case:

On March 16 at 5:22am, RealLucyDrop entered the Silk Road forums.

Here RealLucyDrop posted the following:

That same day, DPR replies to RealLucyDrop asking how the new person gained access to his account:

Next, RealLucyDrop explains to DPR that it was not a new person that gained access to his account, but was his partner in real life that took over the account after he got picked up on previous drug offence warrants and spent time in jail.

He also goes on to explain his relationship to FriendlyChemist, and asks how DPR came across FriendlyChemist.

Keep in mind at this point, Dread Pirate Roberts never once mentioned FriendlyChemist to the RealLucyDrop, he only ever brought it up to the other account…

Regardless, the next day, DPR responds to RealLucyDrop explaining that he is being blackmailed by FriendlyChemist, who is threatening to release the identities of customers on his website.

He also goes on to ask for the identity of FriendlyChemist:

RealLucyDrop then replies to DPR explaining how he doesn’t know how he feels about releasing information on him, since he also knows the identity of him as well.

Next, he explains that he will attempt to set up a meeting with him to try and reason with him.

A few hours later, Ross replied stating:

The next day, RealLucyDrop gets back to DPR stating that he has had a meeting with him.

He says that he told him who he owes money to and understands his concerns, and that he thinks DPR is not taking him seriously and is thinking about partially releasing the information.

The next day, DPR responds to RealLucyDrop:

RealLucyDrop responds to DPR about an hour and half later, basically reiterating what he had just said:

DPR then responds to RealLucyDrop telling him to not bother messaging him again if the message does not contain his personal information:

RealLucyDrop then replies to DPR saying that if he really thinks it is a good idea, then he will provide him with his personal info.

He also asks if there are any positions open on the Silk Road since he has no source of income since his partner screwed him over.

Next, DPR contacts FriendlyChemist again, requesting that he puts him in touch with his suppliers to work something out with them.

This is an interesting move my DPR, because he is trying to cut out the middleman and get directly in touch with suppliers. Three minutes later, RealLucyDrop sent DPR a public key and an encrypted PGP message that contained the persons personal information:

Must Read:  Cloudflare 1.1.1.1 for Family and WARP Beta

DPR replies to RealLucyDrop requesting that he sends him the exact address of FriendlyChemist, and that he may be able to provide him a position on Silk Road as apart time mod.

On March 25, a new user would pop into the scene by the name “redandwhite”, and this is where the negotiating begins.

On March 26, DPR gets back to redandwhite explaining the difficulties he’s been having, and asks if they would be interested in becoming a supplier on the Silk Road:

Redandwhite then gets back to DPR stating that he would be interested in doing business on the Silk Road, and asks some technical questions about the Silk Road.

Additionally, he states that if he can get FriendlyChemist to pay him back, he is open to giving it a try.

DPR then sends another message to RealLucyDrop, who hasn’t followed up yet, asking why he hasn’t gotten the address of FriendlyChemist yet, and offers $1,000 in BTC for such information.

22 minutes later, DPR sends another message to redandwhite explaining that he thinks it would be best if FriendlyChemist was executed.

He then provides the information he has on FriendlyChemist, and goes on to answer some of the questions asked about being a vendor on Silk Road

Next, redandwhite replies to DPR saying that he already has the information on FR, and that they have already kidnapped his business partner.

He then says he believes they could have synergies, given the site lacks big time suppliers, but he needs more time to research it

DPR replies to redandwhite saying that he understands his situation, and recommends he looks into PGP.

He also offers to cover the $500 security deposit required to start as a vendor on the Silk Road.

redandwhite replies to DPR saying that he is already familiar with PGP, and explains that there is no loss since they were able to recover missing product when they grabbed xin

Side note: This Xin character seemingly came out of nowhere, but was supposedly LucyDrop’s partner

Since FriendlyChemist’s partner, or LucyDrop’s old partner is now taken out, FriendlyChemist is starting to get panicked.

On March 29, FriendlyChemist would once again reach out to DPR after a long hiatus:

DPR replies to FriendlyChemist’s threats with the following:

FriendlyChemist replies to DPR stating that the situation is still not diffused.

He explains that he can not just go on with his life and they are still requesting that he meets them in person, and that he knows what will happen to him if he does.

-DPR replies to FriendlyChemist requesting for some time to work things out:

Following this message, DPR reaches out to redandwhite again stating he is still having problems with FriendlyChemist.

He then asks if he is able to put a bounty out on him, and asks what would be an adequate amount of money to motivate him.

Redandwhite responds to DPR with the following:

DPR responds by asking for his location, and if there is anything more he could do to make it worth his while.

edandwhite replies to DPR explaining that just blackmailing him by using his location may not work out, and offers something more permanent as a solution to the problem:

DPR replies to redandwhite by explaining that he is still under threat of his client’s info being released, and how anonymity is of utmost importance to the Silk Road.

He then states that the hit doesn’t have to be clean, and he is unsure if there is any funds to be recovered

redandwhite gets back to DPR explaining the pricing for a hit to be carried out, and asks when he would like it to be done:

DPR gets back to redandwhite stating that he thinks the prices are a bit steep, and he has had a previous clean hit done for $80k.

redandwhite responds by stating that they are not willing to go lower on price.

“We use professionals, and we pay them a good price”

redandwhite sends another message saying that if he wants it done by monday, that only leaves one day to sort things out.

He then leaves his Bitcoin address for payment, and says he will check again for payment in 10 hours for whether or not he wants it to be done

DPR gets back to redandwhite a few hours later, stating that he will cover the rest of the money if the exchange rate for BTC falls, and provides the tx ID for the BTC sent.

As we can see from the blockchain, this payment did actually take place:

On April first, redandwhite responds to DPR:

“Your problem has been taken care of”

At this point, if you can guess who the “third person” mentioned in the above message is, you’re going to start putting everything together in your head.

I won’t spoil it now for those that haven’t, and will leave it for the end. DPR replies to redandwhite requesting for any information he can provide in this third party, and gives him a link where the picture of the hit can be uploaded:

redandwhite then replies to DPR providing him the information he was able to gather on the third party, and also asks him how to withdraw the Bitcoin he has received:

DPR gets back to redandwhite, answering his question on how to strip image metadata.

He also provides him with a list of Bitcoin exchanges, and asks what he thinks about going after this third party for stealing millions from him and his customers on Silk Road:

redandwhite replies with the following:

A few hours later, DPR replies saying that he would like redandwhite to see if they can find any info on him:

Redandwhite replies back asking if DPR has received the image, and asks if he would like the third party to be taken care of as well:

DPR replies back saying that he has received the picture and deleted it. He then asks if he can connect with him in real time chat to discuss further.

redandwhite replies back stating it was his pleasure, that he hates thieves as much as he hates informants, and would like to verify he is the intended target.

As for the real time chat, he asks DPR to send information on it and he will have his tech guy review it.

DPR replies stating that his gut tells him it is the right guy, and sends over instructions on how to set up the chat:

Next, redandwhite sends a long message to DPR stating what they had found, and the process by which they went about scamming others online.

He also states that he works/sells with three other people, and they all scam together.

DPR replies by asking if it would be possible to round all 4 of them up and get them to out each other and give up the stolen money:

redandwhite replies by saying he would be able to round all of them up, and offers that he is willing to carry out hits on each of them for the same price as last time x 4.

DPR then replies by saying he wants to just have a hit out on Andrew and leave it at that

redandwhite then explains to DPR that it would be easiest to take a hit out on all of them, and that since they are all working together they are probably guilty of everything Andrew has done.

DPR then agrees to redandwhite’s judgement, and sends funds over to his address for all the hits to be carried out.

Again, this transaction indeed did take place as referenced by the blockchain. The next few messages are a back and forth of redandwhite having errors connecting to the real time chat, so I will dump them all here for those that want to read:

To summarize the last bit of messages, the hit goes through, they weren’t able to recover much money, and Ross sends redandwhite and extra 500 BTC to make up for price fluctuations.

Conclusion

Now lets do a final analysis on these messages. As interesting as they are to read, there’s one thing I haven’t told you.. What we just read through, is exactly how someone went about scamming 7225 BTC off DPR.

At the time these messages were sent, it was worth about $1m. Today, however, it is worth nearly $300m. All of these hits were paid for, but Blake Kirkoff, Xin, Andrew Larsey, and all of the people involved in these hits aren’t actually real people. There is no proof that anyone under these identities went missing or ever existed in the first place.

It took a while for Ross’s investigation to pick up for this, but even in court documents they say he got hit with an elaborate scam. Up until 2018, no one knew who the user redandwhite was.. here’s the reality though:

DPR got played by one person. That one person is alleged to be James Ellingson In a later investigation, Bitcoin was trades from redandwhite’s accounts on the Silk Road to another seller on the site named MaryJaneIsMyMuse.

Both of which were registered on a Canadian Bitcoin exchange that had James’ drivers license on it. It appears that James initially sought out to blackmail FriendlyChemist out of $500k, but ended up thinking quick on his feet and ended up getting double the amount. If you made it this far, thank you for reading this thread. This is one of my favourite stories to read through, and its storyline could win an Oscar. Eventually Ross was arrested after series of mistakes including using a internet cafe and accessing the site from a non Tor IP near his residence or server misconfiguration showing IP address of the server , which eventually made Silk Road go down and Ross alongwith it. A detailed timeline which you will enjoy reading can be found here .

Utopia decentralized p2p Ecosystem is the answer where user mistakes should not lead to privacy violation. Details about Utopia Ecosystem are given in various articles on this blog.

Hear Ross

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get Wise

Subscribe to my newsletter to get latest InfoSec / Hacking News (1 Email/week)
Utopia p2p Ecosystem