Silk Road was a particularly unfortunate example of good technology used for bad ends. It was a virtual black market for drugs, identity theft, and other crime. An affidavit from FBI special agent Christopher Tarbell hit the internet today which shed some light on how the FBI identified the alleged founder of Silk Road Ross Ulbricht. Ulbricht was identified by identifying information in common between his Google+ and LinkedIn profiles with internet posts made to Stack Overflow, server activity, Youtube video favorites, and other interesting tidbits. The lynchpin of the FBI effort, however, appears to be the seizure of servers from an unidentified foreign locale using the Mutual Legal Assistance Treaty. The affidavit does not give any information on how they located the physical servers given that Silk Road used TOR:
During the course of this investigation, the FBI has located a number of computer servers, both in the United States and in multiple foreign countries, associated with the operation of Silk Road. In particular, the FBI has located in a certain foreign country the server used to host Silk Road's website (the "Silk Road Web Server"). Pursuant to a Mutual Legal Assistance Treaty request, an image of the Silk Road Web Server was made on or about July 23, 2013, and produced thereafter to the FBI. (Paragraph 22, Page 14).
I am hoping the FBI made some really awesome break on their own or that Ulbricht slipped up, but cannot help but wonder if the shadow of “parallel construction” may ultimately have fallen over the road. This is certainly plausible given recent incidents involving deanonymization attacks against the tor network, and other recent news coverage raising concerns about government efforts against it. Hypos aside, I would love to know the details on how they identified the server location.