I am really dubious that this is really what brought him down.
Do you think they really investigated everyone they could find that ever asked a public question about Tor hidden services?
If not, what role do you think this evidence played in the investigation? They suspected a few people, but then when they found that one of them had asked this question, and then investigated him more deeply? That seems kinda unlikely to me too.
And of course, the lone fact of asking such a question on StackOverflow is not (yet) enough to indict or arrest someone in America.
They included this piece in their list of evidence, sure; they included it in their press release, for sure, it makes good press (because it's more understandable than most of their stuff, and because it makes them look good).
But I suspect it's really a case of "parallel construction"[1] -- they found this piece of evidence long after they had identified him, in part due to NSA information, but are just pretending it's what tipped them off.
This is not what brought him down, it was just a nail in the coffin. The FBI did the fairly straight forward thing:
1. Look for the oldest mentions of SilkRoad 2. Investigate the people talking about SilkRoad before it was established... that's all they had to do, he publicly outed his identity on bitcointalk.org, This article isn't very good...
> Based on forensic analysis of the Silk Road Web Server, I know that the computer code ... includes a customized PHP strip based on 'curl' that is functionally very similar to the computer code described in Ulbricht's posting on Stack Overflow, and includes several lines of code that are identical to lines of code quoted in the posting.
> Oh, and the encryption key on the Silk Road server ended with the substring "frosty@frosty." Whoops.
I don't know if that encryption key was a public key, or if they found it after gaining access to the server. But if it was public, then a search for the username 'frosty' would have turned up the SO profile.
You also can't do 'forensic analysis' on HTML to figure out the PHP code, so they must have used an exploit. Or like you say, it was retrospective, after taking control of the server.
Do you think they really investigated everyone they could find that ever asked a public question about Tor hidden services?
If not, what role do you think this evidence played in the investigation? They suspected a few people, but then when they found that one of them had asked this question, and then investigated him more deeply? That seems kinda unlikely to me too.
And of course, the lone fact of asking such a question on StackOverflow is not (yet) enough to indict or arrest someone in America.
They included this piece in their list of evidence, sure; they included it in their press release, for sure, it makes good press (because it's more understandable than most of their stuff, and because it makes them look good).
But I suspect it's really a case of "parallel construction"[1] -- they found this piece of evidence long after they had identified him, in part due to NSA information, but are just pretending it's what tipped them off.
[1] https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intel...