As details continue to emerge about the two year-investigation into Ross William Ulbricht, an unassuming 29-year-old and alleged founder of the massive online drug market Silk Road, one important piece of information remains cloaked in shadow: How did the FBI find the organization's servers?
Court documents offer only the barest of details.
"The FBI has located in a certain foreign country the server used to host Silk Road's website," an agent wrote in charging documents against Ulbricht, who was charged by a grand jury in Maryland with conspiracy to distribute a controlled substance and attempted witness murder, among other charges. "An image of the Silk Road Web Server was made on or about July 23, 2013."
Typically, finding a server would be no great feat, but Silk Road used "Tor" technology to conceal its real-world location. Computer security experts are scratching their heads over how the FBI broke through that protection.
Agents with the Drug Enforcement Administration and Homeland Security Investigations have describeda bold, undercover strategy to infiltrate the site's inner circle. But FBI agents in New York have been less forthcoming about their technological approach.
There are a few clues. A related civil case to seize Silk Road's assets spells out the Internet Protocol, or IP, addresses — the unique identifier for computers on the Internet — of servers that were home to caches of electronic currency authorities believe are the proceeds of the drug market.
And online lookup tools reveal that those addresses trace back to companies located in Iceland, Romania, Latvia and the United States. Following up on Icelandic press reports, Runa A. Sandvik, a researcher at the Tor Project, learned that police in that country helped the FBI with its investigation.
But beyond that, the trail is mostly cold.
Eyjólfur Magnús Kristinsson, a managing director at Advania, an Icelandic company linked to one of the addresses, said it had no customer with the name Silk Road or Ross Ulbricht. But he said many customers sublet server space to third parties.
Kristinsson said he could not comment on whether his firm helped U.S. authorities.
"We work in accordance with Icelandic laws and regulations," he added.
twitter.com/iduncanCopyright © 2014, The Baltimore Sun