Silk Road founder was tracked down by a Googling tax agent

FBI forensics! DEA investigation!

Sophisticated Tor-cracking techniques squeezed (or bought?) out of Carnegie Mellon!

We’ve heard (and written) all about the whiz-bang techno-smarts that went into the dismantling of Silk Road, the biggest dark web drug market ever, and the manhunt and unmasking of its mastermind, Dread Pirate Roberts.

But the New York Times (NYT) reports that identifying the Dread Pirate, now better-known by his real name, Ross Ulbricht, was more a triumph of investigative skills than a display of techno-smarts.

Indeed, the investigatory work had far more to do with the long, deep data trails we leave behind in our online travels than it does with piercing the anonymizing layers of Tor.

Finding Ulbricht really boiled down to this: a bunch of Google searches done by an investigator for the Internal Revenue Service (IRS).

Yep, it was a tax wonk who nabbed him.

That man’s name is Gary L. Alford, and he’s a special agent for the IRS.

Based in the Chelsea neighborhood of Manhattan, Alford was assigned to work with the Drug Enforcement Agency (DEA) as they struggled, unsuccessfully, to figure out the most basic element of their investigation: just who, exactly, was running Silk Road.

By mid-2013, the market had burgeoned into a massive enterprise, selling some $300,000 in drugs and other contraband every day, according to the NYT.

Alford was young, energetic, and dogged as hell: all characteristics that his superiors hoped would help to jumpstart an investigation that was stuck in the mud.

His preferred tool: Google. Particularly the advanced search option that lets you focus in on a date range.

After all, one of the few things investigators had to go on was Silk Road’s inception date.

The NYT quotes Alford, who describes what he recalls thinking to himself at the time:

I’m not high-tech, but I’m like, ‘This isn’t that complicated. This is just some guy behind a computer.’

In these technical investigations, people think they are too good to do the stupid old-school stuff. But I’m like, ‘Well, that stuff still works.’

Using the advanced search option to look for material posted within specific date ranges in May 2013 led Alford to a chat room posting made just before Silk Road had gone online, in early 2011, by someone with the screen name altoid.

The posting from altoid asked:

Has anyone seen Silk Road yet? It’s kind of like an anonymous Amazon.com.

Sounds a bit like an advertisement, doesn’t it? Given the posting’s early date, Alford suspected that altoid might have inside knowledge about Silk Road.

So Alford directed his searching at altoid, looking for everything he’d ever written: what the NYT compares to sifting through trash cans near the scene of a crime.

What he found was a message that altoid had apparently deleted but which had lingered in another user’s response.

In that conversation, altoid had asked for programming help.

He also gave his email: rossulbricht@gmail.com.

And who, Alford asked of the Internet, was this Ross Ulbricht?

A Google search for the name turned up a young man from Texas who, just like Dread Pirate Roberts, admired the free-market economist Ludwig von Mises and the libertarian politician Ron Paul.

He found other parallels as well.

Eventually, after asking a colleague to run a search on Ulbricht, the investigation struck gold.

Homeland Security agents had seized a suspicious package containing fake IDs at the Canadian border, addressed to Ulbricht’s apartment in San Francisco.

The agents visited the apartment, coming face-to-face with Ulbricht, who answered the door.

His face matched that on the bogus IDs, but the agents had no inkling that Ulbricht had anything to do with Silk Road.

But Ulbricht apparently couldn’t stop subtly advertising Silk Road: he mentioned to the agents that “hypothetically” anyone could go on a site called Silk Road and buy fake identification.

Armed with this fresh evidence to link Ulbricht to Silk Road, Alford called the prosecutor.

That’s when Ulbricht’s fate was sealed: it turned out that his address was a brief walk from a cafe from which the FBI knew that Dread Pirate Roberts had signed in to Silk Road.

Over the coming weeks and months, Ulbricht was put under full surveillance, and ultimately arrested at a public library on 2 October 2013.

So, as 2016 approaches, let’s all pause to consider the story of Ross Ulbricht, undone by words expressed long ago.

He thought he’d deleted those messages, but, even with the “right to be forgotten” (or, at least, the right in some parts of the world to get Google to hide search results about us), they lived on for Alford to find.

Alford couldn’t be at Ulbricht’s arrest, but he did receive a plaque.

The NYT reports that Alford’s superiors had it inscribed with this quote from Sherlock Holmes:

The world is full of obvious things which nobody by chance ever observes.

Well, it turns out that Gary Alford is one of those people who do observe. He’s a tax detective, and his magnifying glass was Google.

Readers, what data trail did you leave in 2015?

We should all bear in mind, as we get ready for a new year, that the words we leave behind in dusty chatrooms, in Facebook throw-aways or in Twitter snippets well might reappear to haunt us.

Whether it’s a future criminal investigation, a personalised marketing campaign, a targeted attack by cybercriminals, or any other sort of surveillance…

…the internet never really forgets.

Sherlock Holmes image courtesy of Shutterstock.