A criminal complaint filed on January 17th, 2015 reveal the arrest of a man Brian Farrell who is alleged to have served on the Silk Road 2.0 as DoctorClu, the right hand man to Defcon. According to the complaint the defendant's residential IP address was leaked at some point and a "cooperating witness" who lived at the address identified Farrell as a "computer wizard" who bragged he could buy "anything" off of the Internet.
He was identified through a Homeland Security Investigations "lead" about a particular IP address identified as having accessed the vendor portion of Silk Road 2.0 though details about the lead are missing other than it came on July 30th, 2014. From that point the residence attached to that IP's Comcast account was surveilled. Then on December 22nd agents made contact with Farrell and the cooperating witness.1 While Farrell acknowledged familiarity with the Silk Road and having visited it, he denied engaging in drug commerce through the site.
On the other side the cooperating witness described Farrell teaching the witness about the "dark net" and the Silk Road. They also reported on Farrell's habit of obsessively watching the mailbox and the next day surrendered a package delivered to the house which contained a number of Xanax2 tablets.
January 2nd, 2015 the house was raided and searched. Agents interviewed him the same day and report finding $35,000 in United States Dollars, $3,900 in silver bars, prescription drugs, drug paraphernalia, and a bunch of "computer media" during the raid. Farrell initially denied extensive knowledge, but later revealed his DoctorClu username and offered:
You’re not going to find much of a bigger fish than me.
When asked if he could help to implicate other people in operating the Silk Road 2.0 which given that the Silk Road 2.0 was busted and Blake Benthall arrested back on November 6th, 2014 suggests Farrell engaged in substantially better operational security practices than Benthall with one exception. Given the Silk Road 2.0 bust and knowledge that there was an extraordinary risk of incriminating information leading back to him, why did he not pack his bags and leave back in November?
The text of the complaint is reproduced in full below.
UNITED STATES DISTRICT COURT FOR THE
WESTERN DISTRICT OF WASHINGTON
AT SEATTLE
UNITED STATES OF AMERICA, NO. MJ / ‘YT’ / (9
Plaintiff COMPLAINT FOR VIOLATION
Title 21, United States Code, Sections
v. 841(a)(1) and (b)(1)(C), 846BRIAN RICHARD FARRELL,
Defendants.
BEFORE, Mary Alice Theiler, Chief United States Magistrate Judge, U. S. Courthouse,
Seattle, Washington.
The undersigned complainant being duly sworn states:
COUNT 1 I
(Conspiracy to Distribute Cocaine, Heroin, and Methamphetamine)
Beginning at a time unknown, but within the last five years, and ending on or
about September 2014, in Bellevue, within the Western District of Washington, and
elsewhere, BRIAN RICHARD FARRELL, and others known and unknown, knowingly
and intentionally did conspire to distribute heroin, a substance controlled under Schedule
I, Title 21, United States Code, Section 812, and cocaine and methamphetamine,
substances controlled under Schedule 11, Title 21, United States Code, Section 812.It is further alleged that this offense involved one kilogram or more of a mixture or
substance containing heroin, 500 grams or more of a mixture or substance containing a
detectable amount of methamphetamine, and 5 kilograms or more ofa mixture and
substance containing a detectable amount of cocaine.All in violation of Title 21, United States Code, Sections 841(a)(1), 84l(b)(1)(A),
and 846.The undersigned complainant, Michael Larson, being duly sworn, further deposes
and states as follows:INTRODUCTION
1. I am a Special Agent with the Department of Homeland Security (DHS),
U.S. Immigration and Customs Enforcement (ICE), Homeland Security Investigations
(HSI), assigned to the Office of the Special Agent in Charge, Seattle, Washington. I have
been employed as an HSI Special Agent since July 2009 and I am currently assigned to
the Border Enforcement Security Task Force (BEST). I am a graduate of the Federal
Law Enforcement Training Center’s Criminal Investigator Training Program in
Brunswick, Georgia, as well as the ICE Special Agent Training Program. I am also a
graduate of Michigan State University in East Lansing, Michigan, where I received
Bachelor’s degrees in International Relations and Criminal Justice from James Madison
College and the School of Criminal Justice, respectively. Prior to my employment with
HSI, I worked for the United States District Court for the Western District of Michigan
and Western District of Washington for eleven years as a United States Probation Officer
and United States Probation Officer Assistant.2. During my career, I have participated in investigations and search warrants
involving theft, fraud, money laundering, smuggling, import and export violations,
counterfeit goods, crimes against persons, and drug trafficking. Because of my training
and experience, I am familiar with common methods of drug smuggling and trafficking.I have participated in numerous drug smuggling and trafficking investigations and search
warrants involving the use of computers and the internet, and have assisted in the
gathering of evidence during execution of those warrants.3. The facts set forth in this Affidavit are based on my own personal
knowledge; information obtained from other individuals during my participation in this
investigation, including other law enforcement officers; interviews of cooperating
witnesses; review of documents and records related to this investigation; communications
with others who have personal knowledge of the events and circumstances described
herein; and information gained through my training and experience.4. Because this Affidavit is submitted for the limited purpose of establishing
probable cause in support of a criminal complaint, it does not set forth each and every
fact that I, or others, have learned during the course of this investigation.SUMMARY OF PROBABLE CAUSE
A. The Silk Road and Silk Road 2.0
5. According to law enforcement papers that I have reviewed, the Silk Road
was an online black market that offered various illegal items for sale, including narcotics.
The Silk Road operated on the “The Onion Router” (the “TOR”) network, which is a
special network of computers distributed around the world designed to conceal the true
Internet Protocol (“IP”) addresses of the users on the network. Every communication
sent through TOR is bounced through numerous relays within the network and wrapped
in a layer of encryption at each relay, such that the end recipient of the communication
has no way of tracing the communication back to its true originating IP address. TOR
also enables web sites to operate on the network in a manner that conceals the true IP
address of the computer server hosting the website.6. In October 2013, law enforcement arrested the head of the Silk Road, Ross
Ulbricht, who operated under the name “Dread Pirate Roberts.” The government also
seized the Silk Road website.7. Later that year, in the wake of these developments, Silk Road 2.0 (“SR2”)
was launched. SR2 also operated on the TOR network, and the appearance of the site
was virtually identical to that of the Silk Road. SR2 contained a user—friendly interface
with links to various categories of items for sale on the site, including drugs such as
MDMA (Ecstasy), LSD, cannabis, hashish, methamphetamine, cocaine and heroin. The
site offered illegal items aside from drugs, including weapons, fake identification cards,
drug paraphernalia, counterfeit merchandise, stolen identity/credit cards, and malicious
software and computer equipment.8. If a user clicked on any particular item for sale, the website would display
the details of the listing, including a description of the item, the price, the username of the
vendor selling the item, and prior customers’ feedback on the vendor. To buy an item,
the user would click a link labeled “add to cart.” The user was then prompted to supply a
shipping address and to confirm the placement of the order.9. Users paid for items on SR2 using Bitcoins. Bitcoins are a virtually
untraceable, decentralized, peer-to—peer form of electronic digital currency having no
association with banks or governments. In order to pay for an item, a user would first
obtain Bitcoins (typically from a Bitcoin exchanger) and then transfer them to the user’s
SR2 account. After completing the sale, the vendor’s SR2 account would be credited the
amount of the sale, and the user’s account would be debited accordingly. SR2 would
charge a commission on the sale, which at times ranged from four to eight percent.
Vendors were allowed to anonymously transfer their Bitcoin proceeds from their SR2
accounts to accounts not associated with the site.10. In November 2014, law enforcement arrested the head of SR2, Blake
Benthall, who operated under the name “Defcon.” The SR2 website was also seized.B. Farrell’s Participation in SR2
11. I have spoken with a law enforcement agent who accessed SR2 over an
extended period of time. SR2 had a portion of its site that was open only to vendors.
Between January 2014 and July 2014, a source of information provided law enforcement
with particular IP addresses that had accessed the vendor portion of SR2. A user could
not accidentally end up on the vendor portion of SR2. Rather, SR2
administrators/moderators restricted access to the vendor portion of the site to vendors
who had conducted a certain amount of transactions. In addition, a user required a
username and a password to access the vendor portion of SR2.12. On July 30, 2014, HSI Seattle received a lead regarding one of these IP
addresses, 67.182.142.24. According to Comcast records, the IP address resolved to an
account maintained by a cooperating witness (“CW1”) at 4238 l63rd Avenue SE,
Bellevue, Washington 98006. Washington Department of Licensing records showed that
two individuals maintained vehicles at that address, CW1 and BRIAN FARRELL. Over
the next few months, agents observed multiple vehicles at the residence, including one
belonging to FARRELL. Agents also observed FARRELL on one occasion outside the
residence.13. On December 22, 2014, law enforcement approached both CW1 and
FARRELL at the Bellevue residence. FARRELL said that he was familiar with Silk
Road from the news, and said that he had visited the site within the last six months.
FARRELL said, “I deal with bitcoins,” further stating that Silk Road was the “shady side
ofbitcoins.” FARRELL denied ever buying or selling drugs on the Silk Road, stating
that to the best of his knowledge no one living with him was involved in buying or selling
drugs. FARRELL said that his roommate was CW1, and said that the two of them had a
shared Comcast account.14. CW1 said that he had rented a room at the Bellevue residence since 2008.
CW1 said that several people had lived at the residence over time, but that currently
FARRELL was the only other person to live there. CW1 stated that FARRELL was a
“computer wizard,” and had made a number of upgrades to the computer network in the
house. CW1 said that FARRELL had a computer server in the garage. CW1 said that
he/she had learned about Silk Road and the “dark net” from FARRELL. CW1 said that
FARRELL had showed him/her the Silk Road website, which was full of drugs for sale.
According to CW1, FARRELL said that he could get “anything” off the website. CW1
also said that FARRELL bragged about being a hacker.15. According to CW1, FARRELL received packages on a daily basis from
UPS, FedEx, and USPS. FARRELL also “obsessively” tracked his packages online and
“babysat” the mailbox. CW1 said that on one occasion CW1 had opened a suspicious
package addressed to FARRELL and found it to contain a bag of Xanax pills. When
asked about what he did about the pills, CW1 stated that he/she held onto them.16. On December 23, 2014, CW1 voluntarily surrendered the package to law V
enforcement. It contained 107 Xanax pills.17. On January 2, 2015, agents executed a search warrant at the Bellevue
residence. During the course of the search, agents seized various computer media,
various prescription medications, drug paraphernalia, silver bullion bars valued at
$3,900.00, and approximately $35,000 in U.S. currency.18. On the day of the search, FARRELL was interviewed after being provided
Miranda warnings. Initially, FARRELL maintained that he did not really know much
about SR2. FARRELL stated he heard about the Silk Road from the news and had been
on the website one time in the past. He said he had done some research on the site after
his first interview with law enforcement about the topic.19. Agents confronted FARRELL with the fact that an IP address tied to the
residence was tied to SR2. FARRELL stated many people had come and gone from the
house and there had been a lot of past users of the intemet in the residence. FARRELL
stated he registered with SR2 with a username to allow him to look around the site.20. Agents asked FARRELL whether he would help identify others involved in
SR2. FARRELL stated, “You’re not going to find much of a bigger fish than me.” He
continued by saying, “My moniker on Silk Road was “DoctorClu”. Agents asked
FARRELL what he did as “DoctorClu,” and he said he was the support manager and
worked as “Defcon’s” right hand man. As mentioned above, “Defcon,” i.e., Blake
Benthall, was the chief operator of SR2.21. FARRELL said that he had lead a “denial—of-service-attack” on the TOR
Market, a competitor to SR2. He said that after the attack, at the end of 2013, he was
offered a position on the SR2 staff. He said that he had been given a starting salary of ,
about $750.00 per week that later climbed to about $1,750.00 per week. FARRELL said
he did not have complete access to SR2, but that he could change passwords on the site.
He said he served mainly as “Defcon’s” spokesman. FARRELL said that other SR2 staff
would obtain his permission to do things if they were unable to get a hold of “Defcon.”22. l have reviewed screen shots of SR2 activity that were captured by law
enforcement. The screen shots that I reviewed include ones pertaining to
communications by “DoctorClu,” z'.e., the moniker that FARRELL admitted to using.
The screen shots show FARRELL communicating with others in SR2 forums that could
only be accessed by SR2 administrators and moderators.23. Examples of screen shots that I reviewed include:
24. On December 23, 2013, “DoctorClu” was communicating with “Defcon”
regarding the promotion of a SR2 member to the site’s staff. “DoctorClu” stated
“promotions abound today.” His title was listed as “Global Moderator,” which indicates
his position with Silk Road 2.25. On January 14, 2014, “DoctorClu” and “Defcon” discussed new interface options for
the site. “DoctorClu” also offered to help with the new “Support Rollout” for
SR2 staff members.26.On April 29, 2014, a SR2 staff member posted a message indicating that he
and “Clu” had interviewed candidates for a staff position. The screen shots include
communication between the staff member and “DoctorClu” about a particular candidate.27. On May 1, 2014, “DoctorClu” posted a message on SR2 approving a
particular vendor for the site.28. On May 30 and 31, 2014, “DoctorClu” posted messages pertaining to a
“denial of service attack” on SR2.C. Scope of Drug Sales on SR2
29. 1 have reviewed screen shots documenting SR2 sales, and spoken with law
enforcement agents who have accessed SR2’s site. During the time period that
FARRELL was a staff member of SR2, there were sales of drugs far exceeding the
mandatory minimums specified in section 84l(b)(l)(A) of Title 21. Specifically, there
were sales far exceeding 1 kilogram of a mixture of substance containing heroin, 5
kilograms of a mixture or substance containing cocaine, and 500 grams of a mixture or
substance containing methamphetamine.CONCLUSION
30. Based on the foregoing, I submit that there is probable cause to believe that
BRIAN FARRELL conspired to distribute cocaine, heroin, and methamphetamine, in
Violation of Title 21, United States Code, Sections 84l(a)(l) and (b)(1)(A), and 846.CY"90V\\ 003"”
Michael Lzhlson, Complainant
Special Agent, ICE, HSI