(ThomasWhite, picture National Crime Agency)
Privacy activist CthulhuSec outed as head of illegal bazaar
For years, it was assumed he had escaped the Feds. But on Friday at Liverpool Crown Court, 24-year-old university dropout Thomas White pleaded guilty to drug trafficking, money laundering and possessing child abuse images and was sentenced to 5 years and 4 months in prison.
White was in fact Dread Pirate Roberts 2, a pseudonym under which he set up dark-web commerce site Silk Road 2. The "2"s were deliberate and an attempt to pick up where the original Roberts – real name Ross Ulbricht – left off with his highly profitable but wildly illegal Silk Road website.
The original Silk Road was set up in 2011 and traded in everything illegal – from drugs to child abuse images to weapons and even contract killings – but the site collapsed in October 2013 when Ulbricht was arrested at a public library in San Francisco following a massive FBI investigation.
That's when White, along with a number of former administrators of Silk Road, decided to set up a new version of the site. Within a month Silk Road 2 was up.
But the admins underestimated the extent of law enforcement's intel on the original site and in less than a year, this second incarnation was also taken down when another San Franciscan, Blake Benthall was arrested. Soon after, another member of the team - Brian Farrell – was cuffed and later charged in Seattle. Another, Gary Davis, was captured in Ireland; and another in Australia.
None of those men – all of them in their mid-20s - were the driving force behind the second site however. Without any news of Dread Pirate Roberts 2's arrest, many assumed that he had managed to stay out of the FBI's clutches.
Following White's sentencing today however it is now possible to reveal that White was in fact arrested in November 2014, at the same time as his co-conspirator Benthall. Thanks to UK court reporting laws, it was not possible to report on his arrest or the subsequent case against him.
That secrecy led to the extraordinary situation where White, under his own name as well as the pseudonym 'The Cthulhu' and using the Twitter account @CthulhuSec, has become a well-known privacy activist in the intervening years. White was repeatedly quoted in articles as an expert on hacking and security and his blog at thecthulhu.com was frequently cited (both the website and his Twitter account have been recently deleted by White.)
He didn't let up on borderline illegal behavior either: in October 2015 – a year after his arrest - White talked in length to Forbes about why he was hosting hacked data taken from the Patreon website and was ignoring takedown requests.
Tracking back in time, some details have suddenly become more relevant: like when White, as CthulhuSec, announced that he'd "lost control of all servers" soon after he was arrested. That was thought to be part of a wider crackdown by the FBI on the Tor network – which it was, but the main target was White and not his Tor exit node.
Unknown to White, his downfall was in place from day one. Undercover DHS officer Jared Der-Yeghiayan, using the handle "Cirrus", had infiltrated the secure chat forums that the site's admins used and through that he was able to track down Ross Ulbricht and ultimately arrest him - you can read the whole story here.
The admins didn't suspect Cirrus was a mole and so invited him into secure forums where they discussed setting up Silk Road 2. From his position inside the group, Cirrus/Der-Yeghiayan was able to grab chat logs and trawl through them for clues about who the other admins were.
Crucially, he was able to track back that a user called "St Evo" (sometimes StExo) became Dread Pirate Roberts 2 and the main administrator of the site. As with other members of the group, White only introduced measures that would protect his identity some time into the evolution of the online souk.
Investigators were able to track Blake Benthall, for example, because he initially registered some servers with the email address [email protected]. Investigators were able to track down St Evo's identity thanks to a combination of him using his real name for BitCoin transfers and his address for purchases from the site.
Each piece of evidence built on the next and, as law enforcement seized the computers of other members, so they were able to correlate chats and other transactions to connect pseudonyms with real names and build a case against each.
In emerged in the subsequent trial that White completed only a single term of his accounting degree at Liverpool John Moores University before quitting and was spending a lot of money with no discernible job or income stream.
He rented a fancy apartment on the waterfront in Liverpool, paying nearly £11,000 upfront, and spent tens of thousands of dollars on computers. When the police raided his home, one of the computers contained nearly 500 child abuse images - something that White had told Silk Road admins that he intended to use to set up a secure site for pedophiles - because they were willing to pay for it.
Encrypted material on his home machine included hacked databases from websites like Ashley Madison as well as the FBI and NASA. Other details that emerged included that he had over 50 bitcoins – currently worth around $250,000 – and was a gamer, staying up playing into the early hours.
Amazingly, even though he had been arrested for setting up and running Silk Road 2 – a site that routinely broke the law - and even after the original Dread Pirate Roberts, Ulbricht was found guilty of charges normally associated with the mob, he said on Twitter he was creating a guide for people to set up a hidden service online. "Ok, guide on setting up a hidden service with nginx done. What guides would people want to see next and I'll try make it understandable ," the now-deleted tweet read.
After Ulbricht was given life in prison without parole, White asked on Twitter: "Anyone know how to send cash to people in US federal prisons internationally? Can't find much information on it."
White was rearrested in early 2017 and the investigation reportedly took so long because the full evidence against him didn’t arrive in the UK from US investigators until the end of 2018 – five months ago.
Given the gravity of the charges, White should probably count himself lucky he only got a sentence of five years and four months. The original Dread Pirate Roberts, Ross Ulbricht, has already been in jail for six years and there are no signs that he will emerge anytime soon, despite his repeat appeals and pleas and, just last month, a hand-drawn sketch* of what he imagines that day will look like.