By Gwern, Obviously.
Possible implications? read: Ross Ulbricht’s lawyer: Alleged police corruption casts doubt on entire Silk Road trial – At the DailyDot by Patrick Howell O’Neill.
The excerpts from the criminal complaint (scroll down for the full version):
Throughout 2012 and 2013, both FORCE and BRIDGES had significant responsibilities related to Baltimore’s investigation. In this capacity, FORCE was the lead undercover agent in communication with DPR, the owner, administrator and operator of the Silk Road website. BRIDGES was the computer forensics expert on the Baltimore investigation. In their capacity as members of the Baltimore Silk Road Task Force, both FORCE and BRIDGES had significant exposure to and developed expertise in the digital currency known as Bitcoin. As will be described further herein, FORCE and BRIDGES abused their positions as federal agents and engaged in a scheme to defraud a variety of third-parties, the public, and the government, all for their own financial enrichment. With respect to former Drug Enforcement Administration (DEA) Special Agent FORCE, the investigation has revealed among other things that: a. FORCE created certain fictitious personas — that were not officially sanctioned — to communicate with DPR, the target of FORCE’s investigation. Using one of these personas, FORCE sought to extort DPR by seeking monetary payment, offering in exchange not to provide the government with certain information if DPR paid $250,000; FORCE acted outside the scope of his official role on the Baltimore Silk Road Task Force and created a fictitious persona named “French Maid.” Operating as “French Maid,” FORCE fraudulently represented to DPR certain information concerning “French Maid’s” true identity and offered to sell DPR information about the government’s investigation into Silk Road in exchange for approximately $100,000 worth of bitcoin, which DPR paid and FORCE deposited into his own personal accounts; c. FORCE stole and converted to his own personal use a sizeable amount of bitcoins that DPR sent to FORCE in FORCE’s official undercover capacity and rather than turning those bitcoin over to the government, FORCE deposited them into his own personal accounts;
…FORCE resigned on May 4, 2014, shortly after law enforcement began the current investigation.
…As part of his official role in the Baltimore Silk Road investigation, FORCE communicated with 4 DPR using an undercover identity, hereafter referred to as “Nob.” Nob (FORCE) and DPR communicated throughout 2012 and 2013 using a variety of methods of communication, including on a private messaging system on the Silk Road website and on chat programs that operated over the TOR network. Their communications reveal that DPR believed Nob to be a drug smuggler operating in the United States with connections to criminal organizations throughout the world. In reality, of course, Nob was FORCE, an undercover DEA agent. Many but not all of their communications were encrypted, as discussed further below. Some portion of the communications between DPR and Nob (FORCE) are memorialized in FORCE’s official case file, preserved in what are known as DEA 6s, which are official reports of the DEA’s investigation. Some of the communications are also preserved on FORCE’s official computers. However, not all of the communications between DPR and Nob (FORCE) were memorialized. At the time of Ulbricht’s arrest, law enforcement seized a laptop computer from Ulbricht’s person. This computer has been forensically analyzed. It, too, contained evidence of communications between DPR and Nob (FORCE). It also contained certain communications between DPR and FORCE that FORCE did not memorialize in his official reports or as part of his official case file. Ulbricht’s computer also contained a handful of files that appear to be Ulbricht’s notes to himself. One such file is named “LE counterintel” which your affiant believes stands for “Law Enforcement Counterintelligence” and contains information that DPR was receiving from purported “inside” law enforcement sources. I have reviewed these files and believe that they contain information that came from a person or persons inside law enforcement, in part because of their substance and in part because of their use of certain terminology and acronyms that are not widely known by the public.
…A review of FORCE’s official case file does not contain any of the private PGP keys or passwords needed to decrypt FORCE’s encrypted communications with DPR. Nor did FORCE provide these private PGP keys to the prosecutor on the Baltimore case or to those in his chain-of-command. Instead, FORCE appears to have been the only individual to have possessed the private PGP keys and passwords needed to unlock his communication with DPR. This is notable, because as a law enforcement agent, I know that one of the chief concerns in working an investigation and building evidence is the ability to obtain decipherable, admissible evidence for use in later proceedings.
…One of the cover stories that Nob (FORCE) created with DPR was that Nob had access to a corrupt government employee, fictionally named “Kevin.” Ironically, “Kevin” was supposed to be a corrupt Department of Justice case agent on the government’s Silk Road investigation and simultaneously on Nob’s payroll, who would feed Nob information about law enforcement’s
…DPR subsequently paid Nob (FORCE) in bitcoins on at least two occasions. One payment was in June 2013 for 400 bitcoins for fraudulent identification documents that Nob was supposed to provide to DPR. A second payment was in August 2013 for 525 bitcoins for “Kevin’s” inside law enforcement information. At the time of the payments, 400 bitcoins would have been worth approximately $40,000 and 525 bitcoins would have been worth approximately $50,000. 8…The 400 bitcoin payment was actually an 800 bitcoin payment but Nob (FORCE) refunded DPR 400 bitcoins because the deal for the fraudulent identification documents allegedly fell through.
…As part of this investigation, a federal search warrant was issued to search various personal email facilities belonging to FORCE. One such email account contained what appears to be a note to himself saved in a drafts folder. This note references two transfers of bitcoin payments from DPR, one made in “June/July 2013 for the fraudulent UK identification” and one made on August 4, 2013, the same date that DPR transferred 525 bitcoins to Nob (FORCE). See Exhibit C attached (“Draft Note”). In other words, FORCE’s own saved email note indicates there was a payment from DPR on August 4, 2013. 11 The note also appears to attempt to justify FORCE’s conduct, noting that the government actually made money during the time FORCE retained the payments (presumably given the fluctuating value of Bitcoin).
...Notably, by late July 2013, the Baltimore Silk Road Task Force had been made aware that the FBI was seeking to obtain an image of the Silk Road server, and therefore FORCE may have had reason to fear that any communications between himself and DPR would be accessible to the FBI in the event the FBI was successful in imaging the server.
…The September 27, 2013 date has significance because email records I have reviewed indicate that, at the latest on September 27, 2013, FORCE learned that DPR was about to be apprehended as part of the separate New York investigation into the Silk Road. In response to learning this information, FORCE wrote to the prosecutor with whom he was working inquiring as to the true name and identifying information of DPR. To my knowledge, FORCE was not provided with that information on September 27, 2013 in response to his inquiry.
…As discussed above, Ulbricht’s laptop contained a text document entitled “LE counterintel,” a record of sorts that he maintained about information he was receiving from apparent law enforcement “insiders” purporting to have knowledge about the government’s investigation into the Silk Road. The file appears to contain cut and pasted sections of what the insiders were relaying to him through online chats or private messages. One such insider used the moniker “French Maid.” Notes in a file from Ulbricht’s computer indicate that he paid “French Maid” approximately $100,000 worth of bitcoin in exchange for a name that he was told Mark Karpeles had provided to law enforcement. Mark Karpeles was at the time the CEO of the now-defunct Mt. Gox digital currency exchange. The Baltimore Silk Road Task Force was attempting to arrange an interview of Karpeles during the July to August 2013 timeframe, in order to obtain any information Karpeles might have had concerning the operator of Silk Road. Specifically, in a text document recovered from Ulbricht’s computer titled “‘log,” there is an entry dated September 13, 2013, in which Ulbricht wrote: “French Maid claims that mark karpeles has given my name to DHLS [sic]. I offered him $100K for the name.” Days later, Ulbricht wrote “I paid French Maid $1OOK for the name given to DHLS by karpeles. ” Our investigation has revealed that there is probable cause to believe that FORCE was “French Maid,” a source that Ulbricht paid for inside information. I have reviewed private messages between “French Maid” (FORCE) and DPR obtained from the Silk Road server imaged by the FBI. The messages span from August 26, 2013 through September 14, 2013. The bulk of the messages are encrypted with PGP keys, but some early messages are not encrypted. In the first message in this thread, dated August 26, 2013, “French Maid” wrote to DPR: “I have received important information that you need to know asap. Please provide me with your public key for PGP. Carl.” (Emphasis added). Just four hours later, “French Maid” sent a follow-up message to DPR with the subject line “Whoops!” and a message stating “I am sorry about that. My name is Carla Sophia and I have many boyfriends and girlfriends on the market place. DPR will want to hear what I have to say ;) xoxoxo.” (Emphasis added) . What follow are a series of back and forth encrypted messages between DPR and “French Maid.” Of particular note, there are several encrypted messages between DPR and “French Maid” on September 13, 2013, with “French Maid” including the subject line “Hope you like.” It is unclear whether “French Maid” ever provided DPR with any name. In the “log” file recovered from Ulbricht’s computer, after the entry stating that he had “paid French maid $100k for the name given to DHLS by karpeles,” there is an entry stating: “He hasn’t replied for 4 days. ” There is no further entry in the ” log” file regarding “French Maid.” The fact that the Baltimore Silk Road Task Force was attempting to arrange an interview with Karpeles was not widely known in law enforcement circles. In other words, “French Maid” could not have been just anyone out of the universe of law enforcement. It had to have been someone who knew about Baltimore’s attempt to arrange an interview with Karpeles. …Based on emails I have reviewed, FORCE was one of a small group of individuals that knew of those discussions. Additional pieces of circumstantial evidence prove that FORCE is “French Maid.” Both “French Maid” and FORCE (operating as “Nob”) used the exact same brand of PGP software, a free brand called GnuPG. There are different brands of POP software so it is noteworthy that both FORCE (operating as “Nob”) and “French Maid” used the same brand. Not only did FORCE and “French Maid” both use the same brand of PGP software, they also both used the same outdated version of that software, 1.4.12. Version 1.4.12 was released on January 2012, and was replaced with a new version by December 2012, and was one of several versions of GnuPG software. 14 As such, both “French Maid” and FORCE (as Nob) were using a specific, older version of the GnuPG software, and neither of them replaced it with the other (free) versions of GnuPG that came out thereafter. I know based on conversations with another federal agent who is involved in undercover investigations that among TOR users and consumers of PGP software, vl.4.12 version was somewhat outdated by late August 2013 when “French Maid” appeared in communication with DPR for the first time. This is not akin, for example, to two people using the same model of mobile phone but both having software that is out of date. Rather, the outdated version that both “French Maid” and FORCE (as Nob) used is more of a “signature” given the greater number of versions available. There are also additional similarities between FORCE’s (Nob’s) and “French Maid’s” PGP patterns. Both “Nob” and “French Maid” left certain default settings on their PGP software. For one thing, both “French Maid” and FORCE (Nob) left a “tag” that appeared on every message authored from their PGP key revealing the brand and version of PGP software they were using. This is akin to, for example, leaving the phrase “sent from my iPhone” on the bottom of one’s emails but with greater detail: it would be akin to leaving a phrase like “sent from my iPhone 6 iOS 8.0.1.” Leaving this “tag” on typically reveals that one is dealing with a fairly inexperienced user of PGP, because someone that regularly uses PGP to communicate would normally have changed their settings to omit this tag. After
…My understanding is that that the interview with Karpeles never materialized.
From reviewing one of FORCE’s official reports dated November 12,2012, I know that around that time FORCE obtained information from Homeland Security Investigations (HSI) about an individual then being considered as a possible suspect for DPR. [actual name omitted here for confidentiality.] Due to its law-enforcement sensitive nature, FORCE was not permitted to share this information with individuals outside the government. The individual was named “AA.” On or about April 1, 2013, FORCE created a fictitious persona on the Silk Road website named “Death from Above.” FORCE, using the “Death from Above,” moniker, solicited a $250,000 payment from DPR and provided DPR the AA name and personal identifying details. Specifically, on April 1, Death from Above wrote DPR a message on the Silk Road server stating, “[ know that you had ‘ something to do with [C.G.’s [Curtis Green/chronicpain]] disappearance and death. Just wanted to let you know that I’m coming 3 for you. Tuque. You are a dead man. Don’t think you can elude me. De Oppresso Liber.” 15 4 On April 6, 2013, DPR replied: “J don’t know who you are or what your problem is but let me tell you one thing: I’ve been busting my ass every god damn day for over two years to make this place what it is. [ keep my head down, I don’ t get involved with the drama … somehow psychotic people still tum up at my doorstep … I’ve been hacked, I’ve had threats made against the site and now, thanks to you, I’ve had threats made against my life. I know [ am doing a good thing running this site. Your threats and all of the other psychos aren’t going to deter me .. . stop messaging me and go find something else to do.” Later that day “Death From Above” (FORCE) replied to DPR, this time dropping a reference to AA’s name, stating “It’s not that easy [AA]. I’m legit. Green Beret. Friend of [C.G.]. I have access to TS/SCI files that FBI, DEA, AFP, SOCA would kill for. In fact, that is what I do … kill. The only thing that I do . . . Don’t worry DoD has no interest in you and your little website. North Korea and Iran are a lot more important. [n fact, as far as the Army and Navy are concerned you are a nobody. Petty drug dealer. But, [C.G.] was somebody. So tell me where he is and we will be done with this.” On April 10, 2013, “Death from Above” (FORCE) wrote to DPR again, this time giving DPR details concerning AA including full name, date of birth, citizenship, address, and other personal identifying details . DPR stated, “Is that enough to get your attention? After watching you, there is no way you could have killed [C. G.]. But I think you had something to do with it. So, $250,000 in U.S. cash/bank transfer and I won’t give your identity to law enforcement. Consider it punitive damages. Death From Above.” This payment appears to have never materialized, apparently because DPR did not believe “Death From Above’s” information: in April 20 13 Ulbricht wrote in the “log” file found on his laptop that he was “being blackmailed again. Someone says they have my ID, but hasn’t proven it.” Then, on April 11, 2013, Ulbricht wrote “guy blackmailing me who says he has my ID is bogus.”
...From reviewing one of FORCE’s official reports dated November 12,2012, I know that around that time FORCE obtained information from Homeland Security Investigations (HSI) about an individual then being considered as a possible suspect for DPR. The individual was named “A.A.” [actual name omitted here for confidentiality.] [[almost certainly Anand Athavale, see comments]] Due to its law-enforcement sensitive nature, FORCE was not permitted to share this information with individuals outside the government.
...In this role, C. G. had administrator access to the Silk Road website, 21 meaning C.G. had certain administrative privileges on the Silk Road website, including the ability to access vendor accounts and reset Silk Road user and vendor passwords and pins. On or about January 17, 2013, FORCE and BRIDGES were part of a team that apprehended C.G. in a controlled delivery for a kilogram of cocaine. C.G. was arrested and soon thereafter began to cooperate with law enforcement, turning over his Silk Road login credentials in the process to members of the Baltimore Silk Road Task Force. During this same timeframe C.G. also turned over access to his account and passwords to other digital currency accounts to include his Mt. Gox and Dwolla accounts. As a result of this controlled delivery, C.G. was charged with federal criminal narcotics charges. 22 One of the accounts that C.G. provided access to was a Silk Road administrator account named “Flush.” C.G. acted as a Customer Service representative on the Silk Road site using the account name “Flush.” But on January 17,2013, C.G. turned over access to the “Flush” account to members of the Baltimore Silk Road Task Force. C.G. also executed several consent forms authorizing law enforcement to use and assume the “Flush” identity. 23
…Because of concerns about C.G.’s whereabouts, DPR at some point cut off the “Flush” account’s access, but through communications with DPR, C.G. was able to regain access to the account on January 20, 2013, and pass that information onto the Baltimore Silk Road Task Force.
On January 25, 2013, C.G. debriefed with FORCE, BRIDGES, and other members of the Baltimore Silk Road Task Force. According to BRIDGES’ report of the interview, C.G. showed them how to log into Silk Road vendor accounts and reset passwords, how to change the status of a seller to a vendor, how to reset pins, and information about how the Silk Road administrative functions worked. BRIDGES’ text messages indicate that he left the proffer session after one day, and a Silk Road Task Force member stated that BRIDGES told him that he left the latter part of the January 25, 2013, proffer. 24 On January 25, 2013, during the afternoon and into the night, the Silk Road website sutTered a series of sizeable thefts. These thefts affected certain Silk Road vendors and overlapped with the time of the C.G. proffer session. The thefts were accomplished through a series of vendor password and pin resets, something that could be accomplished with the administrator access that C.G. had given to the Baltimore Silk Road Task Force. On January 26, 2013, the proffer of C. G. continued. BRIDGES left early and did not participate on this day. At some point during that day, DPR communicated to Nob (FORCE) that Silk Road had suffered thefts and that those thefts were associated with C.G.’s account. Law enforcement questioned C.G. about this, and C.G. denied that he had committed the thefts. According to chats I have reviewed from the Silk Road servers and from Ulbricht’s laptop (as well as communications between DPR and one of his employees at the time of the January 25, 2013 thefts) it appears that DPR and the employee believed C.G. was responsible for the thefts, because they managed to associate C.G.’s account, “Flush,” with the theft. with Nob (FORCE) – whom he believed to be a major drug dealer with the ability to procure hit men – and hired Nob to have his associates kill C.G. DPR also communicated with another individual and commissioned a hit on C.G. For the hit that Nob’s associates were to perform, DPR paid Nob a total of approximately $80,000 through a bank wire transfer for the murder. FORCE and C.G., together with assistance from others on the Baltimore Silk Road Task Force, then faked C.G.’s death to make it look as if Nob’s associates had killed C.G. BRIDGES was to assist with perpetrating this supposed murder- for-hire by working on .. proof of death photographs of C. G. that Nob (FORCE) was to send to DPR.
…My analysis of both the block chain and data recovered from the Silk Road servers reveals that, also on January 25, 2013, a single Bitcoin address received no less than 20,000 bitcoins. 26
I believe that BRIDGES controlled and/or had access with others to “Number13,” the account that appears to have initiated the sizeable bitcoin thefts. I believe this for at least two reasons. First, in a DEA 6 that FORCE authored dated January 23 , 2013 , FORCE described how he had transferred 60 bitcoins into a DEA-controlled account known as “TrustUsJones.” Data from the Silk Road servers demonstrates that on that January 23, 2013 date, there was a 60 bitcoin transfer from “Number13” into “TrustUsJones.” Second, in an email dated January 23 , 2013, FORCE emailed BRIDGES requesting that BRIDGES deposit bitcoins to replenish the “TrustUsJones” account. In other words, BRIDGES, in consultation with FORCE, appears to have been controlling “Numberl3” during the late January 2013 timeframe.[TODO !!!! TrustUsJones was a vendor?! http://antilop.cc/sr/forum/srvendor/SR_Vendor_profile_10518.html ] [Force explained his use of Tor for connecting to Bitstamp:] “I utilize TOR for privacy. Don’t particularly want NSA looking over my shoulder :)” The following day, a member of Bitstamp’s management learned of FORCE’s comments and thought it was strange that a government official would make such a statement. FORCE’s account was blocked again…On April 29, 2014, Bitstamp’s General Counsel advised BRIDGES by telephone from the Northern District of California that Bitstamp suspected FORCE of wrongdoing and intended to formally bring it to the attention of law enforcement via a Bank Secrecy Act filing. Bitstamp did so on May 1, 2014. By May 4, 2014, FORCE submitted a letter of resignation after 15 years of service to be effective later that month. On approximately May 2, 2014, the U.S. Attorney’s Office for the Northern District of California opened an official investigation into FORCE concerning his activities with his Bitstamp account and bitcoin holdings. On approximately May 4, 2014, the Public Integrity Section opened an official investigation into FORCE concerning his improper use of a subpoena to Venmo. On May 8, 2014, the Northern District of California and Public Integrity investigations were merged.
The full criminal complaint: