As an earlier report on Motherboard by Joseph Cox points out, sometimes it doesnt always take sophisticated malware and programs to identify criminals on dark net.
“Due to a misconfiguration of the server hosting the TARGET WEBSITE(Playpen), the TARGET WEBSITE was available for access on the regular Internet to users who knew the true IP address of the server,” the warrant application from February 2015 read. These documents were unsealed as part of the Richard Stamper, child pornography suspicion case.
“Basically, Playpen must have set their site to a default, meaning if you typed in the IP address you could see the Playpen site,” the UK activist and technologist Thomas White explained via encrypted chat.
“Whereas if they set another default like ‘server not found’ then you could only access Playpen by typing the corrct .onion address.” This would have enabled law enforcement could track the actual IP address that belonged to Playpen.
“An FBI Agent, acting in an undercover capacity, accessed IP address 126.96.36.199 on the fegular Internet and resolved to TARGET WEBSITE,” continued the warrant application. The FBI tracked the IP back to CentriLogic in North Carolina. Revised versions of the warrant say that the FBI was given a heads up by a law enforcement agency out of the United States. The newly unsealed version also tells about how the IP address was left vulnerable.
It does not however, tell how this law enforcement agency that tipped off the FBI found out Playpen’s real IP address. The application continues by saying that the suspected main administrator, Steven Chase who is from Florida, was aware of the problem and trying to fix it.
“FBI agents know this by reading his private messages from the copy of the TARGET WEBSITE that was seized pursuant to the aforementioned search warrant.”
It also states that Mr. Chase also leaked info directly related to himself. His PayPal he used to pay to host the site was accessed on the same IP address from his home from September to November 2014. The FBI subpoenaed Paypal to reveal where the person was paying for the server was roughly located. It states that Chase also connected to a Playpen admin. account from his mom’s house on different occasions from December 2014 to January 2015.
These mistakes and more listed are what led to his arrest ultimately. Additionally Blake Benthall is suspected of being an additional administrator of the second Silk Road, registered a sever with his identifying email address. The Dark Net drug dealer went as far as to brand his products with his own name, which connected him to even more illegal activity.