Is FBI lying about how it located the Icelandic server that hosted the alleged Silk Road underground drug kingpin?
Is FBI lying about how it located the Icelandic server that hosted the alleged Silk Road underground drug kingpin?Wikimedia Commons

Security experts and some newspapers have raised questions over whether the FBI is lying about how it located the Icelandic server that hosted the alleged Silk Road underground drug kingpin, an event that led to Ross Ulbricht's arrest in October last year.

When the law enforcement agency busted the billion-dollar drugs empire known as Silk Road, there were concerns expressed by certain conspiracy theorists that some illegal spying methods could have been used in locating the server. 

While explaining the technical nitty-gritty of how the drug bazaar's website was hacked into for securing its IP address, Christopher Tarbell, the FBI agent leading the investigation, had said that the process had not involved accessing any administrative systems or "back door". It instead, only involved typing "miscellaneous entries" into the username, password and CAPTCHA fields on the website's login page.

FBI's defence, which was made in an affidavit filed with the court in New York -- where Ulbricht is due to stand on trial for various count that are usually laid against heads of drug cartels -- was analysed by security researcher Nik Cubrilovic. In an extensive blog post on the matter, he claims that the FBI has oversimplified its explanation and that there was absolutely no way the information was obtained in the way they have claimed they did.

The researcher claimed that he also attempted to replicate the FBI's purported method but found it impossible to access the IP address.

Questions have thus been raised if the FBI got its information from the NSA illegally, in which case, it has committed a crime in the eyes of law. Cubrilow however, cautioned that it may not actually be the case.

"We do know that the Silk Road application suffered from numerous security flaws during its lifetime," he wrote.

"Ross Ulbricht was not an experienced programmer and was learning how to develop web applications and write PHP at the same time as he was implanting the Silk Road web application."

He also outlined another plausible explanation that the "FBI discovered a security exploit or information leak in the login page, in the same way a number of other people discovered similar security holes or information leaks in both the login page and the Silk Road application itself."