Comment Re:Gentlemen, start your engines! (Score 5, Interesting) 219
It's completely possible.
Ulbricht was not very smart. He bought fake IDs off his own website and had them shipped to his actual home address. The IDs were intercepted in the mail. and this clued the FBI in on his activities. Then he managed his servers using a direct VPN connection. Once the FBI traced the VPN endpoint he was done. They coerced the hosting company to allow them access and they could collect all the information they needed to build a case from that point on.
I imagine this Defcon guy did something similarly dumb.
To do this right:
1. Find a VM hosting company offshore that accepts bitcoins and doesn't ask for identity. 2. Buy some bitcoins, use one of the many tumbler services to wash them, and pay for the services that way 3. Never manage or otherwise connect to your VM directly. Always use TOR. SSH works great over TOR. 4. Don't buy shit off your own website and have it shipped to your damn house.
Just finished reading the affidavit from the FBI. This guy was a dumbass. He used a gmail account to pay for the VPS service and used his home internet connection to connect to the gmail account. He used his own, hotel, and relatives internet connections to connect to the hosting provider without any sort of anonymizing service. The FBI used either an undercover agent or a confidential informant to eventually find the VPS provider. From there, he was quite easy to track. The FBI had been watching the guy for months. The affidavit suggested it was an undercover agent that was hired as a staff member on the website that lead to this case being cracked open.