Ulbricht occasionally took his laptop out in public to work. So agents staked out his San Francisco neighborhood until he showed up at the local library, set up his laptop and logged on. They arrested him before he could close the laptop lid, which would have logged him out and locked the contents. Ulbricht didn't do himself any favors by working that day with his back turned to the rest of the room -- something he had warned other Silk Road administrators not to do.
Because law enforcement agents snatched the laptop before Ulbricht had closed it, the contents of its hard drive were completely accessible to them, including the chat logs, a personal journal, Silk Road spreadsheets, and most importantly, Dread Pirate Roberts' private encryption keys.
In the end, encryption did as much to betray Dread Pirate Roberts' identity as to protect it.
Ulbricht had affixed Dread Pirate Roberts' public encryption key to an untold number of Silk Road-related emails and forum posts. A public key allows someone to verify that a message comes from the person who claims to have sent it. On Ulbricht's computer, in a folder marked "keys," were the private keys used to sign Dread Pirate Roberts' messages. Law enforcement had only to verify that the messages, many of them incriminating, came from Dread Pirate Roberts, by using the public key found on the laptop.
4. Facebook and other public websites: Ulbricht sowed the seeds of his demise the very first time he publicized the Silk Road. To get people interested in the the new site in January 2011, Ulbricht posted a message on the Bitcointalk.org forum, under the username Altoid, asking if anyone had tried the site.
Ulbricht (or someone else) later deleted the message, perhaps to cover his tracks. But another user had quoted Altoid's message in their own post, and that message was found by an IRS agent with a simple Google search.
Later in 2011, Altoid popped up on the forum again, posting a help-wanted ad for a bitcoin venture and leaving rossulbricht at gmail dot com as the contact address. That allowed the agent to connect Altoid to Ulbricht.
Ulbricht's Facebook account also helped prosecutors. To make their case that Ulbricht was Dread Pirate Roberts, prosectors looked for times when the actions of Dread Pirate Roberts correlated closely with those of Ulbricht himself. In a chat with a fellow administrator in February 2012, Dread Pirate Roberts boasted of enjoying a vacation in Thailand. At the same moment, Ulbricht posted vacation pictures on Facebook ... from Thailand.
5. Automated server log-ins: The Silk Road servers were maintained in large part through ssh (Secure Shell), a tool that allows administrators to log into remote machines in a way that the communication is encrypted. Users can set up ssh hosts such that trusted parties can log in automatically without providing a password. A list of trusted parties is kept in a file on the server, along with their encrypted passkeys.
Sign up for CIO Asia eNewsletters.