TechCrunch
Court Docs Reveal Reputed Silk Road Founder's Alleged Murder-For-Hire Plot
For two and a half years, Silk Road was the Deep Web’s worst keep secret. The underground site was infamous for drug trafficking, gun running and murder for hire – a veritable rogues gallery for underground dealers. Since launching in 2011, the site generated over $1.2 billion in revenue and $79.8 million in commissions. It was one of the not-so-secret successes of the underground web.
The site was taken offline today and the founder, Ross William Ulbricht, a/k/a “Dread Pirate Roberts”, charged with one count each of narcotics trafficking conspiracy, soliciting murder, computer hacking conspiracy and money laundering conspiracy, according to a court filing. It is the end of a strange era in computer security when one man and a team of salesmen, programmers, and cryptographers kept the government at bay for two solid years. The court filing reveals in explicit terms the lengths Ulbricht’s site went to ensure its users anonymity and details the violent means he allegedly used to protect himself and the site.
The image of Ulbricht comes from his LinkedIn profile.
What follows are excerpts from the court document compiling the notes of Special Agent Christopher Tarbell of the Federal Bureau of Investigation.
Incidentally, Silk Road users, take note: Ulbricht instituted a multi-layer system that protected your identity, but it wasn’t perfect as it seems Silk Road vendors were the weak link in the system. Read on for more details.
Anon Transactions
Tarbell explains in detail Silk Road’s transaction process.
Silk Road uses a so–called “tumbler” to process Bitcoin transactions in a manner designed to frustrate the tracking of individual transactions through the Blockchain. According to the Silk Road wiki, Silk Road’s tumbler “sends all payments through a complex, semi–random series of dummy transactions, . . . making it nearly impossible to link your payment with any coins leaving the site.” In other words, if a
buyer makes a payment on Silk Road, the tumbler obscures any link between the buyer’s Bitcoin address and the vendor’s Bitcoin address where the Bitcoins end up — making it fruitless to use the Blockchain to follow the money trail involved in the transaction, even if the buyer’s and vendor’s Bitcoin addresses are both known. Based on my training and experience, the only function served by such “tumblers” is to assist with the laundering of criminal proceeds.
Special Agent Tarbell acknowledges that Bitcoins are an anonymous, decentralized form of electronic currency, existing entirely on the Internet and not in any physical form. He also notes,
Every communication sent through Tor is bounced through numerous relays within the network, and wrapped in numerous layers of encryption, such that it is practically impossible to trace the communication back to its true originating IP address.
All Bitcoin transactions are recorded on a public ledger know as the “Blockchain,” stored on the peer-to-peer network on which the Bitcoin system operates. The Blockchain serves to prevent a user from spending the same Bitcoins more than once. However, the Blockchain only reflects the movement of funds between anonymous Bitcoin addresses and therefore cannot by itself be used to determine the identities of the persons involved in the transactions. Only if one knows the identities associated with each Bitcoin address involved in a set of transactions is it possible to meaningfully trace funds through the system.
Tarbell alleges that Silk Road used a system that held Bitcoin payments in escrow until the transaction was complete. This was done through user accounts and an Silk Road bank. He explains that every user must have a Silk Road account, Silk Road Bitcoin address, and these address are stored on wallets maintained on servers controlled by Silk Road.
After thus funding his account, the user can then make purchases from Silk Road vendors. When the user purchases an item on Silk Road, the Bitcoins needed for the purchase are held in escrow (in a wallet maintained by Silk Road) pending completion of the transaction.
Once the transaction is complete, the user’s Bitcoins are transferred to the Silk Road Bitcoin address of the vendor involved in the transaction. The vendor can then withdraw Bitcoins from the vendor’s Silk Road Bitcoin address, by sending them to a different Bitcoin address, outside Silk Road, such as the address of a Bitcoin exchanger who can cash out the Bitcoins for real currency.
However, the aforementioned tumbler used by the Silk Road makes it “nearly impossible to link your payment with any coins leaving the site.”
Protecting Revenue Streams
Tarbell explains Ulbricht’s continuing efforts to protect the identity of vendors. They were, after all, netting him hefty commissions from the sale of illegal substances.
On February 27, 2012, DPR posted a message announcing “a new feature called Stealth Mode,” targeted at the
site’s “superstar vendor[s]” who consider themselves at particular “risk of becoming a target for law enforcement.” The posting explained that the listings of a vendor operating in “stealth mode” would not be visible to users searching or browsing the site. Instead, only users who already knew the specific address of the vendor’s page on Silk Road would be able to access the vendor’s listings, by traveling to the vendor’s page directly. This posting again evidences not only that DPR has been aware that the vendors on Silk Road are engaged in illicit trade, but also that he has specifically designed the site to facilitate such trade.
Murder for hire
Perhaps most chilling was the evidence of murder for hire. Ulbricht himself requested murders and allegedly paid for them using Bitcoin – one murder cost a little under 2,000 BTC. Special Agent Tarbell alleges that Ulbricht himself used the service at least once to protect his interest in Silk Road. The internal communication also reveals that vendors apparently kept a list of users, showing that while Silk Road was secure, the vendors themselves could be compromised.
For example, DPR’s private–message communications from March and April 2013 reveal at least one occasion when solicited a murder-for-hire of a certain Silk Road user, who was attempting to extort money from DPR at the time, based on a threat to release the identities of thousands of Silk Road users. Specifically, the messages reveal the following:
Beginning on March 13, 2013, a Silk Road vendor known as began sending threats to DPR through
Silk Road’s private message system. In these messages, stated that he had a long list of real names and
addresses of Silk Road vendors and customers that he had obtained from hacking into the computer of another, larger Silk Road vendor. Threatened to publish the information on the Internet unless DPR gave him $500,000, which
indicated he needed to pay off his narcotics suppliers.
On March 15, 2013, provided DPR a sample of the usernames, addresses, and order information he
intended to leak. Also, as proof that he had obtained the data from the vendor whose computer he claimed to have hacked, supplied the vendor’s username and password on Silk Road so that DPR could verify it.
At the request of DPR, the vendor contacted him to “work out something with them.” Over the course of several communications, the court documents reveal, that DPR indicated that he did not owe the accuser any money and viewed him as “liability and I wouldn’t mind if he was executed….I’m not sure how much you already know about the guy, but I have the following info and am waiting on getting his address.” DPR provided a name for and
stated that he lived in White Rock, British Columbia, Canada, with “Wife 3 kids.” DER added: “Let me know if it would be helpful to have his full address.”
After being threatened again, DPR apparently requested a bounty be put on the accuser’s head and inquiring about the appropriate amount. After a bit of negation and DPR stating “Not long ago, I had a clean hit done for $80k”, the two parties settled on 1,670 Bitcoins, or about $150,000.
Several hours later on March 31, 2013, redandwhite wrote back: received the payment. . . . We know where he is. He’ll be grabbed tonight. I’ll update you.”
Approximately 24 hours later, redandwhite updated DPR, stating: “Your problem has been taken care of. . . . Rest easy though, because he won’t be blackmailing anyone again. Ever.”
Ulbricht is currently indicted in New York narcotics trafficking conspiracy, computer hacking conspiracy, soliciting murder and money laundering conspiracy. Silk Road was seized by the FBI, today, and replaced with a FBI notice. However, the Silk Road forums are still operating.
LinkedIn's Mobile Update Telegraphs Its Interest In Endorsement Data
LinkedIn has updated its iPhone app with the ability to create endorsements for your connections right from your smartphone or tablet. The move demonstrates how important LinkedIn feels that this endorsement data is to its growing trove of signals.
The app has also been updated to look more ‘iOS 7-ready’ and has a new on-boarding guide for users that haven’t used the mobile app before. The LinkedIn newsreader app Pulse for iPhone also gets a refresh which adds background downloading and a new look on iOs 7.
But the biggest change is the emphasis on endorsements in the main LinkedIn app, and the additional connective tissue that this adds to its products on all platforms. In a blog post announcing the new ability today, LinkedIn positions endorsements as something that can and should be done on the fly. Previously, these kinds of personal recommendations have only been accessible from the web and were a fairly involved affair. You could draw a fairly clear connection between endorsements and the references you see on a resume. Thorough, in-depth explanations of why someone is good at what they do.
Adding them to mobile, along with the language in the release, indicates that LinkedIn wants to ramp up the gathering of these endorsements. Faster, lighter notes about why someone should be considered an expert sounds like a good supplemental source of data that LinkedIn can use to index and recommend workers.
Though endorsements have been around since late last year — and LinkedIn says that over 2B of them have been given to day — adding them to mobile introduces a new dynamic.
In some ways this sounds like what Geeklist has been doing with developers and tech folks for a while. Geeklist allows users to create ‘brag cards’ of achievements and accomplishments that can be summed up in just a couple of sentences. If LinkedIn is able to turn endorsements into this kind of quick-fire card stack that can be flipped through by users and indexed by LinkedIn itself, it might have something interesting on its hands.
Specifically, a source of endorsements that’s more human and parseable. LinkedIn has gained a reputation for being overly complex and dry. A layer of humanity and shareable ‘brag points’ could do something to offset that.
These moves fit in with LinkedIn’s efforts to make online resumes feel more at home on mobile. Messaging services for networking and content are two clear facets of LinkedIn’s current product push, but this seems to dovetail nicely with the shifting perception of LinkedIn as a job search site, rather than a ‘connection’ resource.
CardFlight, The Stripe For Real-World Payments, Has Raised $1.6 Million From ff Venture Capital
CardFlight was founded to enable any developer to create his or her own branded app and take in-person credit card payments from it. To accomplish this, it’s raised $1.6 million in funding as it moves to support more customers with its card reader and mobile SDKs.
The company received $1.6 million in funding that was led by ff Venture Capital, with additional participation from Payment Ventures, Apostolos Apostolakis, Entrepreneurs Roundtable Accelerator, Plug & Play Ventures, and Great Oaks Venture Capital. Along with the funding, ffVC founding partner John Frankel will join the company’s board.
The team behind loyalty startup LocalBonus launched CardFlight earlier this year as a way to provide small businesses with their own way to build apps that accept in-person credit card payments. Just as Stripe provides an SDK for payments that happen online and through mobile apps, CardFlight provides tools enabling developers to take and process payments. The difference is that CardFlight focuses on the 90 percent of credit card transactions that still happen in the real world.
While other companies like Square and PayPal have provided businesses with the ability to collect payments with mobile credit card readers, businesses are reliant on the provider’s apps to process those payments. CardFlight provides its clients with card readers, and also gives them an SDK to build payment processing into their own branded apps.
CardFlight has SDKs available for both iOS and Android platforms, and connects with 23 different payment processors. The company’s gateway also allows clients to connect apps with their own internal CRM, inventory management, fulfillment, and reporting and analytics tools.
While it’s focused on helping businesses that want to create their own apps, CardFlight has also been used by several vertical solutions providers — that is, third-party developers who build apps for companies that don’t have the technical know-how to do so themselves. That extends the potential reach for CardFlight to provide white-labeled in-person payments for clients.
CardFlight has seen tremendous demand for its service since launch: It has hundreds of app developers signed up on its waiting list, according to CEO Derek Webster. The funding will be used to grow its team — currently at seven employees — to quickly ramp up and support more potential customers.
Growing the team will not only give it the ability to catch more clients, but also will enable it to diversify its own products and to expand its reach into new verticals. While it’s been particularly strong with event organizers like EventFarm, it sees opportunities in a wide range of use cases.
GoDaddy Buys Ronin, Makes Inroads Into Accounting Services For Small Businesses
Another week, and another acquisition for GoDaddy: the domain registration and hosting company today is announcing that it has bought Ronin, a company that specializes in online invoicing services — helping businesses bill customers and keep track of how they get paid. The news is being made public today because GoDaddy has now integrated the service into its existing, SMB-focused accounting business, GoDadddy Online Bookkeeping; but the deal actually closed in April, the company says.
Terms have not been disclosed, but we are trying to find out what they are anyway. GoDaddy tells us that Ronin had been bootstrapped, raising money only from friends and family.
This is the fifth acquisition for GoDaddy in 15 months, and comes just weeks after the fourth was made public. The others were Afternic for aftermarket domain registry services (basically a domain resellers’ marketplace); M.dot to help website owners to create mobile internet sites; Locu to help them organize and distribute their business data to other sites/services; and Outright for bookkeeping. Ronin will sit alongside Outright in the Bookkeeping division and basically will help GoDaddy offer a more complete suite of services. This potentially puts GoDaddy into closer competition with the likes of Intuit and others that aim cloud-based services at small businesses.
“Our customers love our product – but they wanted us to provide invoicing capabilities. We knew Ronin provided an unparalleled experience, so we started discussions,” GoDaddy SVP for business applications, Steven Aldrich, said in a statement. “ It soon became clear – we needed the team at Ronin to be on our team and we needed to seamlessly integrate invoicing into our product. The end result is GoDaddy Online Bookkeeping.”
Like Ronin, the other four acquisitions were also made to build out the services that GoDaddy offers for small businesses and sole traders, which make up the majority of its 12 million customers today. The idea here is that by offering extra services to domain owners, GoDaddy can attract more of them to buy and host domains via GoDaddy.
That’s because domain purchases and hosting remain the company’s mainstay for generating revenue, but adding more services like these puts GoDaddy into a position of making more from other areas longer term. Ronin currently offers a range of pricing tiers, from free to $49/month, depending on how many staff use the service, how many clients are listed, and so on.
Ronin founder Lu Wang, who is staying on with GoDaddy and Ronin post-acquisition, clearly saw an opportunity to grow his product by being able to sell it out to a wider base of users.
“GoDaddy and Ronin share a vision of giving small businesses the best tools to succeed online,” he said in a statement. “The ability to reach 12 million customers… is a tremendous opportunity. Joining the GoDaddy team has given us the access to the resources and smart people who we’ve wanted.”
No comments:
Post a Comment