Uncle Scam: Czech Owner of Sheep Marketplace Working With the FBI? And Follow Up After The Owner "Thought" He Was In The Clear I Guess It Did Make A Little Difference What I Did with BBMC( who was known as /sheeproadreloaded2) At That Time.

https://www.deepdotweb.com/2013/12/04/uncle-scam-czech-owner-of-sheep-marketplace-working-with-the-fbi/

Who benefited from one of the largest bitcoin heists in history? 'Benefit' is an interesting word - simply because a benefit doesn't necessarily mean a payoff in the form of currency. Perhaps, the payoff can come in the form of a successful operation, a mission accomplished.

Let us go on an adventure into an intriguing theory, based off what recent reports have already told us, and curious information from a source, known as Gwern Branwen.

What's Happened So Far?

Now up to $100 million in stolen BTC, this heist certainly rattled the entire Tor network drug trade. On Nov 21, the Sheep Marketplace administrators were sticking with the story that a vendor named EBOOK101 absconded with 5,400 bitcoins. However, SMP users weren't quite convinced, due to suspicious occurrences that had already been taking place. According to Net-Security.org,

"But there are many that don't believe the explanation, and suspect the operators of Sheep Marketplace of having executed a clever scam. In the week leading to the theft, they began blocking users from withdrawing their Bitcoins."

Due to the belief that the entire setup may have been a scam, SMP users begin to flock towards an online competitor, Black Market Reloaded. Knowing that this flood of new users would compromise stability and security, BMR decides to close its doors. According to RT.com,

"The administrator of the site, known as Backopy, said in a forum post the site would not be able to guarantee anonymity to its customers with the influx of new users since Tor - software that hides the identity of the site's users and owners - is not designed to handle a large user base.

"SR is down, The Black Flag ended up as a scam, Atlantis ended up as a scam and now The Sheep Market follows that dark path. This puts BMR at the edge of the blade. Tor can't support any site to be too big," Backopy wrote."

Essentially, Backopy has decided to close BMR doors in order to preserve the anonymity of its users. The Tor network hides anonymity through the difficulty of tracking a single user in a sea of other Tor users. However, when that network is channeled, it is much easier for these users to be tracked.

In addition, Tormarket, the site to which the suspected-scammer SMP has linked, is not happy about the publicity:

"Sheep Marketplace is not directing to another site called Tormarket, but the attention isn't wanted. "First of all, we are not associated with the sheep team," wrote Tormarket. "The sheep admin is linking us on their frontpage. This is the worst PR we can get right now. Please admin remove the link. Please. And most important thing: delete all data and backups to keep the users safe."

At this point, Tormarket has now become 'invite only', attempting to hold back the flow from Sheep Marketplace. Thus, Pandora is the natural next place that the SMP traffic will flow, as there are already several sources pointing in their direction.

Essentially, all of this traffic is bouncing from site to another in a massive exodus from SMP, then being forced in almost predictable directions -from BMR to Tormarket to Pandora. From what we know of the NSA's methods of 'end-to-end correlation', it certainly would make sense that SMP's demise has provided law enforcement with volumes of information about the Tor network's illicit drug trade traffic. Backopy of BMR even warned about such movements in traffic, deciding to close down the site as a result. This movement of traffic must have been predictable from the start.

Czech, Please

Only 1 month ago, a Reddit post from Theduded23 complained that Sheep Marketplace security was extremely flawed, saying that it took very little time to track down where the site was based and what company ran the server:

"Oh, we found sheepmarketplace.com's real ip at the first attempt. Not bad.. Let's check IP details whois 185.2.42.79 Result: http://i.imgur.com/YUUUjtf.png Well, as you see sheepmarketplace.com hosted in Czech Republic on HexaGeek's servers Guess what it means sheepmarketplace.com's owner same as sheep5u64fi457aw.onion He is living in Czech Republic He sucks at security"

Perhaps it was this relaxed stance on security that landed Tomas Jiřikovský, the suspected scammer, in a difficult situation. Attempting to move the stolen bitcoins like the wind through the blockchain, it appears as if he was running from a disgruntled SMP user called TheNodManOut:

qoutes below are not mine like he puts on his site, but it is /sheeproadreloaded/BBMC

"I've been a very busy boy. All day, we've been chasing the scoundrel with our stolen bitcoins through the blockchain. Around lunchtime (UK), I was chasing him across the roof of a moving train, (metaphorically). I was less than 20 minutes, or 2 blockchain confirmations, behind Tomas," he wrote on 2 December Reddit post that refers to the individual accused of the scam.

"I've just chased a thief through a washing machine for you."

"I chased him through the washer to find out TheNodManOut had already sussed the main wallet first, I imagine he drives around in a van solving mysteries all the time"

This is where the story becomes interesting...

They Call Him Gwern

A researcher named, Gwern Branwen, posted a bet, heralding the end of both SMP and BMR. He noticed that Sheep Marketplace had a 'mirror site' on the clearnet, meaning that it would show up on Google. A clearnet site is, by nature, very easy to trace by law enforcement. In addition, the similarities between the real darknet site and the clearnet site were eerie, as operation from servers in the Czech Republic seemed to be a recurring theme. DJ Pangburn of Motherboard.vice.com reports,

"Even before the mysterious leaker's help, Branwen smelled something fishy with the goings-on at Sheep Marketplace. "The veriest Google search [of Sheep Marketplace] would turn up that clearnet site," wrote Branwen in his Reddit post The Bet: BMR and Sheep to die in a year. "And ithas been pointed out that the clearnet Czech site hosted by HexaGeek was uncannily similar to the actual hidden service."

This bet was posted roughly one month before the SMP scam took place; however, mere days afterwards, Branwen was contacted by an anonymous 'security hobbyist', who told him that SMP was started and run by none other than a Czech individual named Tomas Jiřikovský, according to Pangburn.

The anonymous source said that he was able to track down Jiřikovský, and began to divulge damning information about the wayward scammer to Branwen. The information was very convincing that Jiřikovský is the one who runs SMP. Pangburn writes,

"The documents note, among other things, that Jiřikovský owns the Sheep Marketplace VPS hosting service, and controlled several other domains on that service, Old Cans and Font Park being two of them; that he was the earliest Sheep Marketplace promoter, advertising it on other sites earlier this year; that he is a Czech developer who runs Ubuntu, just like the Sheep Marketplace developer; and that his email address is listed on the Bitcoin Scammer List."

The tale becomes even muddier when Branwen finds out that this anonymous security hobbyist had already contacted the FBI, concerning his findings (in addition to leaking information about BMR and even Project Black Flag in the past). This means that the FBI already knew the location of Sheep Marketplace servers, in addition to the real world identity of it's creator -and did nothing? Could it be that the FBI wasn't exactly surprised by this information?

An FBI Operation From the Start?

According to the Pangburn article, this anonymous security hobbyist leaked information to the FBI on Nov 2, which means that law enforcement would have had plenty of time to track down Jiřikovský. However, the Czech was able to get away with millions in bitcoins after 18 days of no law enforcement interference? Why didn't they move in?

Perhaps, the FBI either allowed the scam to happen, or outright orchestrated the scam by gaining leverage through Jiřikovský's wayward past.

One website even goes as far as to suggest that this Czech scammer was working with the authorities, and was able to work out some kind of a deal. Curiously, this website is written in Czech. Be warned, the translation is a little rough:

"FBI reportedly had received information from the same informant, who spoke with Branwen. Thus, if the programmer Thomas J. indeed for the operation of Sheep Marketplace centuries, perhaps a deal with investigators in some form of cooperation, Vice speculates."

Again, we must ask, who benefitted most from the demise of Sheep Marketplace and the subsequent scamming of its users out of $100 million in BTC? The result of this most recent scam removed one marketplace (SMP), shut down another (BMR), and directed the traffic to two obvious others (Tormarket then Pandora).

Concerning the scammer himself, Ross Ulbricht of Silk Road was caught from only a few mere slips in security, but Jiřikovský was not caught -yet had massive security flaws, in addition to a mirror site running on the same servers from the Czech Republic?

In addition, what was the true purpose of the mirrored clearnet SMP site? Could it have provided law enforcement with an opportunity to launch "man-in-the-middle" attacks against Sheep Marketplace users? We already know that the NSA is utilizing these tactics, especially against the Tor network, according to Bruce Schneier. Could these attacks have infected user computers, and now authorities are extracting mountains of data about darknet drug trade traffic by stirring the anthill?

One argument against this theory could be that the FBI would never use such tactics, as it enables crime to persist on a grand scale. Law enforcement itself would be responsible for untold numbers of illicit drug transactions. However, this would not be the first time that the FBI has allowed large amounts of cybercrime to persist for the purpose of catching the big fish.

On Friday, Nov 15 2013, a hacker named, Jeremy Hammond was sentenced to 10 years in prison. How did he get caught? He was enabled by the FBI, and setup for the sting, said the convict:

"In August, Hammond released a statement suggesting that while Sabu aided the FBI, the bureau also used him to encourage other group members to hack various websites at the agency's choosing, including those of foreign governments.

"What the United States could not accomplish legally, it used Sabu, and by extension, me and my co-defendants, to accomplish illegally," Hammond wrote. "Why was the United States using us to infiltrate the private networks of foreign governments? What are they doing with the information we stole? And will anyone in our government ever be held accountable for these crimes?""

If the FBI simply used SMP to track users in the darknet drug trade, allowing it to continue until the time was right, it is certainly not outside the realm of possibility. With all we have found out about US government tactics in 2013 alone, no tactic seems out-of-bounds any longer.

They ended catching Tomas later on in money laundering, by depositing hundreds of thousands of dollars bought with bitcoin to his Wife(Girlfriends?) bank account which later purchasing a house in his grandfathers name worth few hundred thousand.

The Follow Up To The Story What Happened To Tomas

Sheep Marketplace was one of the online markets that gained popularity after the fall of Silk Road 1.0. The site's alleged owner, Tomáš Jiřikovský, was arrested in March 2015 and little information has been released since his arrest, until now.

Jan Danek, head of the South Moravian police's economic division, spoke with a local news outlet on the investigation and arrest of the Sheep Marketplace owner. Not only was Jiřikovský arrested for enabling a drug trade, but Moravian police are charging him also with the theft of millions of bitcoins, stolen from the site's users.

Although two Florida men were arrested for stealing 5,400 bitcoins from the Sheep Marketplace between 2013-2014, the number of bitcoins stolen by Jiřikovský is far greater. At the time, the amount stolen was reported to be worth around $40 million.

In the Florida case, law enforcement was able to trace the stolen bitcoins through services like Blockchain.info. Danek explains that following the Sheep Marketplace shut down, officers were able to trace suspicious transactions to bank accounts in a similar manner.

South Moravian police became aware of the Sheep Marketplace once the site disappeared, causing a major disturbance on the internet. Millions of dollars in bitcoins were stolen from users resulting in law enforcement being notified of a South Moravian man who was receiving suspicious transactions, while also fitting the profile of the site's owner.

Danek claims this man "magically got rich." The exit-scam is unanimously known as the "biggest darknet scam ever."

Law enforcement started tracing money that was deposited into the bank account of Eva Bartošová, Jiřikovský's wife. $38,000 had been deposited from abroad, connecting her to the case for the very least, with money laundering charges. From there, more money was traced to Jiřikovský's realtor where police discovered he purchased a house under his grandfather's name for around $300,000.

Further investigation proved that Jiřikovský was the owner of the Sheep Marketplace. He had purchased a new home, news cars, luxury furniture, as well as expensive computers. Danek says that during their 9-month investigation, Jiřikovský's new purchases totaled more than $800,000. Everything has since been seized, including the house and cars.

All of the money was laundered from foreign accounts. The bitcoins were exchanged overseas before deposited into both his account and his wife's account via Air Bank.

Jiřikovský is in police custody and faces up to 12 years in prison for the theft of bitcoins and enabling a drug trade. His wife is charged with aiding him in laundering the money, but she is currently not being detained by police.

A spokesperson from the South Moravian prosecutor's office, Hynek Olma, says that Bartošová, if convicted, could face eight years in prison.

Wasn't disgruntled so don't why know he put that, I was more "bored" since I never used sheep personally. lol! I remember a lot of users always said it wouldn't ever matter would never amount to him getting in trouble or caught. As my purpose wasn't really for him to get caught or hurt. It was merely trying to prevent him to cash out easy. Especially with /sheeproadreloaded2 kept tagging wallets with .0666 btc on multiple wallets, while others was leaving msg's like these coins are from sheep market heist.


Comments


[3 Points] llllllilllilillllili:

Wouldn't even hold up in a kangaroo court in the Islamic Republic of Iran.


[2 Points] jaydee0007:

Where is the TLDR version.


[1 Points] None:

I'm commenting so I can remember to read this when I'm on lunch break