In the end, encryption did as much to betray Dread Pirate Roberts’ identity as to protect it.
Ulbricht had affixed Dread Pirate Roberts’ public encryption key to an untold number of Silk Road-related emails and forum posts. A public key allows someone to verify that a message comes from the person who claims to have sent it. On Ulbricht’s computer, in a folder marked “keys,” were the private keys used to sign Dread Pirate Roberts’ messages. Law enforcement had only to verify that the messages, many of them incriminating, came from Dread Pirate Roberts, by using the public key found on the laptop.
4. Facebook and other public websites: Ulbricht sowed the seeds of his demise the very first time he publicized the Silk Road. To get people interested in the the new site in January 2011, Ulbricht posted a message on the Bitcointalk.org forum, under the username Altoid, asking if anyone had tried the site.
Ulbricht (or someone else) later deleted the message, perhaps to cover his tracks. But another user had quoted Altoid’s message in their own post, and that message was found by an IRS agent with a simple Google search.
Later in 2011, Altoid popped up on the forum again, posting a help-wanted ad for a bitcoin venture and leaving rossulbricht at gmail dot com as the contact address. That allowed the agent to connect Altoid to Ulbricht.
Ulbricht’s Facebook account also helped prosecutors. To make their case that Ulbricht was Dread Pirate Roberts, prosectors looked for times when the actions of Dread Pirate Roberts correlated closely with those of Ulbricht himself. In a chat with a fellow administrator in February 2012, Dread Pirate Roberts boasted of enjoying a vacation in Thailand. At the same moment, Ulbricht posted vacation pictures on Facebook ... from Thailand.
5. Automated server log-ins: The Silk Road servers were maintained in large part through ssh (Secure Shell), a tool that allows administrators to log into remote machines in a way that the communication is encrypted. Users can set up ssh hosts such that trusted parties can log in automatically without providing a password. A list of trusted parties is kept in a file on the server, along with their encrypted passkeys.
In the case of the SIlk Road servers, only two accounts had full administrative privileges. One was for a remote user called “frosty” who was able to connect from a machine also named “frosty.” As it happened, the laptop that law enforcement seized from Ulbricht at the time of his arrest was named “frosty” too. You get bonus points (though only a few) for guessing that Ulbricht was logged in as “frosty” on that laptop at the time of his arrest. In effect, his laptop had full administrative rights to the Silk Road operations.
Ulbricht’s defense lawyer, Joshua Dratel, pointed out to the jury that any computer could be given the name “frosty,” with a user account on it named “frosty.” But like a lot of other evidence in the case, while not definitive proof, the ssh accounts were part of a bigger picture that were enough to convince a jury of his guilt.