As the trial of alleged Silk Road drug market creator Ross Ulbricht approaches, the defense has highlighted the mystery of how law enforcement first located the main Silk Road server in an Icelandic data center, despite the computer being hidden by the formidable anonymity software Tor. Was the FBI tipped off to the server’s location by the NSA, who used a secret and possibly illegal Tor-cracking technique?

The answer, according to a new filing by the case’s prosecution, is far more mundane: The FBI claims to have found the server’s location without the NSA’s help, simply by fiddling with the Silk Road’s login page until it leaked its true location.

In a rebuttal filed Friday to a New York court Friday and accompanied by a letter from the FBI, the prosecution in Ulbricht’s case laid out an argument dismissing a series of privacy concerns Ulbricht’s lawyers had expressed in a motion submitted to a New York court last month. That earlier motion had accused the government of illegal searches in violation of the Fourth Amendment, including a warrantless search of the Silk Road server, and argued that those privacy violations could render inadmissible virtually all of the prosecution’s evidence. The defense motion also demanded that the government explain how it tracked down the Silk Road’s server, and reveal whether the NSA had participated in that hunt.

IF THE JUDGE ACCEPTS THE PROSECUTION’S EXPLANATION, IT COULD REPRESENT A MAJOR BLOW TO ULBRICHT’S CHANCES OF BEATING THE SEVEN CHARGES AGAINST HIM.

In the latest filing, however, former FBI agent Christopher Tarbell counters Ulbricht’s defense by describing just how he and another FBI agent located the Silk Road server in June of last year without any sophisticated intrusion: Instead, he says, they found a misconfiguration in an element of the Silk Road login page, which revealed its internet protocol (IP) address and thus its physical location.

As they typed “miscellaneous” strings of characters into the login page’s entry fields, Tarbell writes that they noticed an IP address associated with some data returned by the site didn’t match any known Tor “nodes,” the computers that bounce information through Tor’s anonymity network to obscure its true source. And when they entered that IP address directly into a browser, the Silk Road’s CAPTCHA prompt appeared, the garbled-letter image designed to prevent spam bots from entering the site.

Read More