Silkroad Backup Server Helped Lead to Arrest of Ross

http://dealbook.nytimes.com/2014/03/04/silk-road-had-digital-outpost-in-pennsylvania/?_php=true&_type=blogs&_r=0

"A staff member in the electrical engineering department of a liberal arts college in eastern Pennsylvania played a small role in the investigation that resulted in the shutdown last fall of Silk Road, the online marketplace where drugs and weapons could be bought with Bitcoin.

The employee, Christopher Nadovich, director of laboratories at the electrical and computer engineering department at Lafayette College, owned a company that provided Silk Road with a backup server for its website, according to a previously undisclosed court filing in the two-year investigation.

On Sept. 9, three weeks before the United States authorities shut down Silk Road and arrested Ross William Ulbricht, the man they say founded the site, an F.B.I. agent served a search warrant on Mr. Nadovich's company, JTAN.com. The warrant sought to preserve records of any transactions involving Silk Road's customers and any private communications between sellers and buyers of drugs on the website.

Related Links Search warrant application and affidavit The search warrant on JTAN and the company's involvement in the Silk Road case had remained a secret until a few weeks ago. On Feb. 18, federal prosecutors asked a United States magistrate in federal court in Philadelphia to unseal the matter so authorities could begin providing Mr. Ulbricht's lawyer with information to begin planning a legal defense.

Silk Road's website ran on an encrypted Internet network called Tor, which allowed it to remain hidden from general viewing. The website, which authorities have called an eBay for illegal drugs, ran off a server in a foreign country and a backup server provided by JTAN.

The search warrant illustrates the appeal a company like JTAN has for any online business that desires anonymity and uses a digital currency like Bitcoin to preserve the privacy of its customers' activities. In the search warrant, the federal authorities said that JTAN specialized in allowing "customers to lease servers through its service with complete anonymity." The filing also said that JTAN never asked customers to verify their identities and permitted them "to pay anonymously through the use of Bitcoins."

Mr. Nadovich is not named in the warrant, but other public records identify him as the owner of JTAN, which lists an address in Easton, Pa., where Lafayette College is based. In the warrant, the company is listed as having an address in Sellersville, Pa., about 33 miles from Easton.

Mr. Nadovich has not been charged with any wrongdoing. In an emailed response, he said, "I'm afraid that I don't feel inclined to comment about Silk Road or any business decisions made by JTAN."

Just days after the F.B.I. served the search warrant on JTAN, Mr. Nadovich began taking steps to close parts of his business. In a Sept. 14 online notice to JTAN customers that still appears on the company's website, Mr. Nadovich said he was terminating the firm's "dedicated server" business. Mr. Nadovich gave no explanation but said "the business situation we find ourselves in does not allow continuing this service." On Oct. 30, he posted another notice, telling JTAN customers the company was struggling financially and could file for bankruptcy protection in 2014.

Mr. Nadovich said on Tuesday that JTAN was still in business.

James Margolin, a spokesman for Preet Bharara, the United States attorney in Manhattan, whose office is prosecuting Mr. Ulbricht, declined to comment. The name of the F.B.I. agent who signed the search warrant application was redacted by authorities to protect his identity.

The search warrant reveals that JTAN potentially provided the authorities with a wealth of information about Silk Road and Mr. Ulbricht. The authorities said that Silk Road's primary server would purge information every 60 days or so, but data on the backup server at JTAN was not regularly deleted or destroyed.

"I believe that this backup data will reflect the details of numerous narcotics transactions conducted through the Silk Road website and the use of Bitcoins to launder the proceeds from these transactions," the unidentified F.B.I. agent said in the search warrant application.

Federal prosecutors contend that in a little more than two years, Mr. Ulbricht, who is 29, built Silk Road into the go-to place in the dark corners of the Internet for buying drugs like cocaine, ecstasy and heroin and stolen credit card numbers. Authorities contend the website handled $1.2 billion in transactions, all in Bitcoin.

Mr. Ulbricht pleaded not guilty on Feb. 7 to money-laundering and drug-trafficking charges in Federal District Court in Manhattan. Federal prosecutors said they obtained roughly 10 terabytes of data from the servers they seized in addition to the laptop Mr. Ulbricht had with him when he was arrested by authorities on Oct. 1 at a public library in San Francisco.

The government's crackdown on Silk Road and the arrest of Mr. Ulbricht began a series of embarrassing episodes for Bitcoin and digital currency enthusiasts, who see it as an alternative to traditional currencies because it is not backed by any government and not subject to political control.

Bitcoin proponents suffered another black eye last week when Mt. Gox, once the biggest exchange for converting dollars and other currencies into Bitcoin, filed for bankruptcy in Japan. The company collapsed after its owner, Mark Karpeles, said it had lost more than $450 million worth of Bitcoins, possibly as the result of an attack by computer hackers. But days later, it's still not clear what happened to the roughly 750,000 of its customers' Bitcoins.

In late January, another Bitcoin proponent, Charlie Shrem, was arrested by federal authorities and charged with helping a Florida man sell Bitcoin to people looking to buy drugs on Silk Road."

This article makes me believe that they have waaayyyy more information about sales on Silkroad than anyone originally thought.


Comments


[5 Points] U_235:

The warrant sought to preserve records of any transactions involving Silk Road’s customers and any private communications between sellers and buyers of drugs on the website.

This is why you use PGP.


[2 Points] wordsTORm:

Thanks for posting dude.


[1 Points] Sanitarium-Market:

"The employee, Christopher Nadovich, director of laboratories at the electrical and computer engineering department at Lafayette College, owned a company that provided Silk Road with a backup server for its website, according to a previously undisclosed court filing in the two-year investigation."

Here is the problem that I have with this... How did they know or what linked them to the Backup server in the first place?

Either the user used an unsecured data connection to it

OR the connection was secured, maybe TORed or SSH or VPN and was still monitored.

Normally the existence of a backup server is not found unless the main server is found and the backup scripts or logs are analyzed.

Also, given the situation, it was pretty stupid to go through all of that trouble to create purge scripts for the main server, to purge potentially incriminating data so no one would get caught, but to back up 100% of the data on a remote system that is not under the control of the user????? WTF. Almost as if the guy was begging to get caught.

Also, why were they housing private communications in one central location??? WTF. Now the entire user program is compromised and it is just a matter of time till they sift through it and weed out all of the valuable people.

Also need to ask, why were the backups not encrypted? Why was the remote HD not full encrypted? These are rhetorical questions but f***king stupid. Spend all that time and money to secure a main system but not the remote systems or hardware, usb, external drives or what ever. If all of it was encrypted with 30 char passwords that can not be remembered, then nothing would have ever been recovered.

Also keep in mind that it is entirely possible that any data in the case that you THINK is released to you for your information, may also be misinformation. There is no way to know.

Sorry guys.


[-11 Points] R4ID:

this same article was posted almost 18 hours ago in this sub, please use the search function next time before making a thread