Genesis of the Silk Road

In 2011, Ulbricht registered the website silkroad420.wordpress.com. During this time, Ulbricht created a user account on shroomery.org, with the username “Altoid” and submitted a post promoting Silk Road (see Figure 13.2):

I came across this website called Silk Road. It's a Tor hidden service that claims to allow you to buy and sell anything online anonymously. I'm thinking of buying off it, but wanted to see if anyone here had heard of it and could recommend it.

I found it through silkroad420.wordpress.com, which, if you have a tor browser, directs you to the real site at http://tydgccykixpbu6uz.onion.

Let me know what you think…

Ulbricht also created a user account on Bitcointalk Forum and then posted an advertisement for an employment opportunity, as follows:

the best and brightest IT pro in the bitcoin community [to] be the lead developer in a venture-backed bitcoin startup company

Those interested were asked to contact [email protected] (see Figure 13.3).

Investigators linked Ulbricht’s email to his Google+ account (see Figure 13.4), and Google was later subpoenaed for information related to his Google accounts. In April 2012, Ulbricht posted on Google+, “anybody know someone that works for UPS, FedEX, or DHL?”

Ross Ulbricht also posted a question under the name “Ross Ulbricht” on the website Stack Overflow:

How can I connect to a Tor hidden service using curl in php?

I'm trying to connect to a tor hidden service using the following php:

$url = 'http://jhiwjjlqpyawmpjx.onion/'

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

curl_setopt($ch, CURLOPT_PROXY, "http://127.0.0.1:9050/");

curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);

$output = curl_exec($ch);

$curl_error = curl_error($ch);

curl_close($ch);

print_r($output);

print_r($curl_error);

when I run it I get the following error:

Couldn't resolve host name

However, when I run the following command from my command line in ubuntu:

curl -v --socks5-hostname localhost:9050 http://jhiwjjlqpyawmpjx.onion

I get a response as expected

the php cURL documentations says this:

--socks5-hostname

Use the specified SOCKS5 proxy (and let the proxy resolve the host name).

I believe the reason it works from the command line is because Tor (the proxy) is resolving the .onion hostname, which it recognizes. When running the php above, my guess is that cURL or php is trying to resolve the .onion hostname and doesn't recognize it. I’ve searched for a way to tell cURL/php to let the proxy resolve the hostname, but can't find a way.

There is a very similar question here: CURL request using socks5 proxy fails when using PHP but works through the command line

Death Threat

According to court records, in March 2013, a Silk Road seller, with the username “Friendly Chemist”, threatened to reveal the real name of DPR (Dread Pirate Roberts) unless hush money, in the amount of $300,000 (later $500,000), was paid. DPR then allegedly asked a user on the Silk Road, called “redandwhite”, to execute FriendlyChemist, in exchange for $150,000 (1,760 Bitcoins). DPR subsequently provided the real name and address for FriendlyChemist.

Silk Road Takedown

Ulbricht decided to order some fake drivers’ licenses from a criminal retailer on the Silk Road (see Figure 13.5). In June 2013, U.S. Border Control agents at the Canadian border interdicted these fake licenses. In July 2013, Homeland Security visited the residence to where these licenses were being shipped, and they encountered Ross Ulbricht. Ulbricht himself actually informed Homeland Security about a great website called the Silk Road, where he made the purchase.

Ultimately, federal investigators tracked Ulbricht to the Bay Area (San Francisco, CA). They determined that his Gmail account was accessed from a computer in the area and also realized that the Silk Road server had been accessed from an Internet café beside the residence of Ulbricht’s friend. Investigators had subpoenaed Comcast for information related to the secure server that had been accessed via a virtual private network (VPN).

The Takedown of Ulbricht

DHS Special Agent, Jared Der-Yeghiayan, managed to infiltrate the Silk Road by posing as a site administrator, with the username “cirrus”. Investigators had two major concerns: (1) that Ulbricht likely had encryption running on his laptop, which would later be problematic for forensics investigators and (2) that he would later deny involvement in the Silk Road site.

At one point, Ulbricht was staying at his friend’s place in the San Francisco Bay Area. When the Internet connection was cut to the apartment, Ulbricht decided to use the free Wi-Fi at the Glen Park Library, where investigators planned an undercover operation to take down Ulbricht. At 15:08, Ulbricht opened his laptop and logged into the staff chat for the Silk Road site (see Figure 13.6). Special Agent Der-Yeghiayan contacted Ulbricht, who had logged in as “dread” and the following chat transpired:

cirrus: hey

can you check out one of the flagged messages for me?

dread: you did bitcoin exchange before you worked for me, right?

cirrus: yes, but just for a little bit

dread: not any more then?

cirrus: no, I stopped because of reporting requirements

dread: damn regulators, eh?

ok, which post?

cirrus: lol, yep

there was the one with the atlantis

Once Ulbricht (“dread”) said “ok, which post?”, Special Agent Der-Yeghiayan knew that Ulbricht was on the flagged message page and therefore had administrator access. Two undercover agents, male and female, feigned an argument near Ulbricht, in the Science Fiction section of the library. Ulbricht stood up and turned around. The woman held onto Ulbricht while the male agent grabbed Ulbricht’s laptop, so that the computer remained on, and so that any potential encryption would not be implemented. Ultimately, it was determined that the seized Samsung 700z laptop was in fact running TrueCrypt (full disk encryption software). The agents could then show that Ulbricht was still logged into the Silk Road and he was using TorChat with backups, which would later assist investigators.

Ross Ulbricht Pre-trial

The defense counsel argued that the FBI hacked into a server in Iceland without a warrant. The defense subsequently filed a motion to suppress the evidence from that server. This server was supposedly used to host the Silk Road Dark Web marketplace. On June 12, 2013, a request was made to the Icelandic authorities to:

(1) obtain subscriber information associated with the Subject Server; (2) collect routing information for communications sent to and from the Subject Server, including historical routing data from the prior 90 days; and (3) covertly image the contents of the Subject Server

Subsequently, the Reykjavik Metropolitan Police (the “RMP”) acted upon this request. It appears that these results, by the RMP, were shared with U.S. authorities on July 29, 2013. Going back to the motion to suppress, the judge ruled that Ulbricht “failed to submit anything establishing that he has a personal privacy interest in the Icelandic server or any of the other items imaged and/or searched and/or seized.” The issue for Ulbricht’s defense counsel is that showing a personal privacy interest in the Icelandic server could imply that he was in fact still involved with the Silk Road at that time and they wanted to argue that he created the idea of the Silk Road but then abandoned the site.

The U.S. government did not just rely on digital evidence at trial but could also rely on the testimony of a number of people, including a narcotics dealer associated with the Silk Road. His name was Cornelis Jan Slomp, aged 22, from Woerden, the Netherlands (see Figure 13.7). Also known as “SuperTrips”, Jan Slomp was the largest vendor on the site and was responsible for 10,000 transactions, which were worth 385,000 Bitcoin. Jan Slomp was arrested at Miami Airport, as he was about to get into his rented Lamborghini. Investigators found his fingerprints on DVD cases that he used to ship the drugs. In a plea deal, he offered to testify about his activities during the Ulbricht case, but he was never called to testify. His plea led to a more lenient sentence of 10 years, instead of potentially 40 years behind bars.

Unfortunately, prior to testimony, the U.S. government inadvertently leaked a list of exhibits online that they intended to use at trial, which included potential objections by defense counsel. Figure 13.8 shows some of the leaked exhibits and potential objections.

Ross Ulbricht on Trial

Special Agents Chris Tarbell and Illhwan Yum, CY2 (Cyber Crimes Squad), FBI, both worked on the case and gave testimony at trial. Illhwan Yum testified that investigators had tracked 3,760 Bitcoin transactions to Ulbricht after the time that Ulbricht had claimed that he had abandoned to site. Yum cross-checked transactions on the public ledger (Blockchain) with data pulled from Ulbricht’s laptop and the Silk Road web server. Evidence was also presented that showed Bitcoin transfers from servers located in Philadelphia, Pennsylvania, and from Reykjavik, Iceland.

According to the “Declaration of Christopher Tarbell”, the location of the Silk Road server was a result of the login interface, for the site, leaking its IP address. During the login process, some packets sent by the web server contained an IP address that was different from the IP addresses of known Tor nodes. It appears as though the IP address for the web server was leaked as a result of a misconfigured CAPTCHA, which was an application used to prevent automated bots from logging into the site.

Laptop Evidence

A logbook was found on Ulbricht’s laptop, which detailed his day-to-day activities. Ulbricht’s PGP private key was also recovered from the laptop, and this key was used for signing messages from DPR (Dread Pirate Roberts). Numerous .php files, used to create the Silk Road website, were also retrieved from his laptop (see Figures 13.9–13.11). Investigators also discovered an application for economic citizenship in Dominica. Ulbricht perhaps thought that he would become a legend because of his marketplace and therefore kept a journal on his laptop. In one entry he wrote the following:

I am creating a year of prosperity and power beyond what I have ever experienced. Silk Road is going to become a phenomenon and at least one person will tell me about it, unknowing that I was its creator

His entry in December 2011 stated the following:

I felt compelled to reveal myself to her. It was terrible. I told her I have secrets. She already knows I work with bitcoin wich [sic] is terrible. I’m so stupid. Everyone knows I am working on a bitcoin exchange. I always thought honesty was the best policy and now I don’t know what to do. I should have just told everyone I am a freelance programmer or something, but I had to tell half-truths. It felt wrong to lie completely so I tried to tell the truth without revealing the bad parts, but now I am in a jam. Everyone knows too much, dammit.

Trial Verdict

The trial of Ross Ulbricht lasted 13 days and was followed by 3.5 hours of jury deliberations. Ulbricht was found guilty on the following charges:

• Narcotics trafficking conspiracy

• Computer hacking conspiracy

• Money laundering conspiracy

Background

Zacharias Moussaoui was born on May 30, 1968, in France and was of Moroccan descent. Moussaoui received his master’s degree from South Bank University in London. During his time in Britain, he frequented the Brixton Mosque, which the “Shoe Bomber”, Richard Reid, also attended. Moussaoui also attended the more radical Finsbury Park Mosque in London. He connected with Islamist extremists in England and subsequently trained with Al Qaeda in 1998 at Khalden, Derunta, Khost, Siddiq, and Jihad Wal training camps in Afghanistan. He also lived in Hamburg between 1998 and 1999 and shared an apartment with Mohammed Atta, one of the 9/11 co-conspirators who crashed American Airlines Flight 11 into the North Tower of the World Trade Center.

In August 2001, Moussaoui attended flight school in Minneapolis and trained on 747 flight simulators. The Federal Bureau of Investigation (FBI) had Moussaoui under surveillance and wanted to search his Toshiba laptop in early 2001. Unfortunately, the FBI agent requests from the bureau office in Minnesota were apparently rejected by FBI headquarters.

Table 13.1 shows a timeline of Moussaoui’s actions leading up to the events of 9/11/01, as noted in the Virginia grand jury indictment (/www.vaed.uscourts.gov/notablecases/moussaoui/exhibits/).

Moussaoui was indicted by a federal grand jury, in the Eastern District of Virginia, to stand trial on six felony charges:

• Conspiracy to commit acts of terrorism transcending national boundaries

• Conspiracy to commit aircraft piracy

• Conspiracy to destroy aircraft

• Conspiracy to use weapons of mass destruction

• Conspiracy to murder United States employees

• Conspiracy to destroy property of the United States

Digital Evidence

Government investigators examined numerous computers in the wake of 9/11. The computer that Mukkarum Ali owned, in the apartment where Moussaoui lived in Norman, Oklahoma, was seized. The apartment was owned by the University of Oklahoma, and a computer from the University of Oklahoma computer lab was also seized.

The FBI also visited a Kinko’s in Eagan, Minnesota, to examine a computer that the suspect used to access the Internet. FBI agents became aware of his use of a computer at Kinko’s after examining Kinko’s firewall logs. They discovered that Moussaoui had used the computer to access Hotmail. One of the email addresses the suspect used was [email protected]; the suspect listed it as one of his accounts in one of his pro se pleadings in July 2002. (Pro se refers to someone who advocates for him- or herself and does not use legal representation. Moussaoui requested to represent himself at trial.) The computer at Kinko’s was not seized because agents were informed that the data on the computer would have been scrubbed every 24 hours, as part of standard operating procedures, and 44 days had now passed.

Prosecutors had failed to link the computer’s Internet Protocol (IP) address at Kinko’s with Moussaoui’s Hotmail account because so much time had elapsed. After 30 days, the company deletes IP connection data and email content. Email account registration information is maintained for an additional 60 days, but this information then is deleted, and the account username once again becomes available to the public. Once investigators discovered the suspect’s claim that he had used [email protected], they contacted Hotmail (Microsoft). Alas, Hotmail had no saved information for this account.

The FBI found Moussaoui’s receipt from Kinko’s, related to his paid use of the Internet on a computer in the Eagan, Minnesota, store on August 12, 2001. The investigation concluded that the suspect had been connected to MSN/Hotmail for eight minutes. It also discovered that the other 19 9/11 hijackers had accessed the Internet on Kinko’s computers at other locations across the country.

Government agents were aware of Moussaoui before 9/11. INS (Immigration and Naturalization Service) agents in Minnesota had arrested him on August 16, 2001, and actually seized his laptop and a floppy disk. Moussaoui had been staying in a Residence Inn in Eagan, Minnesota, while attending the Pan Am International Flight Academy. The FBI subsequently obtained and executed a warrant on September 11, 2001, to seize these items again. On the floppy disk, they found Moussaoui’s emails to flight schools. He had contacted these flight schools from [email protected].

The FBI appears to have been a lot luckier when examining Moussaoui’s [email protected] records. Investigators were able to match Hotmail IP address connection logs to determine that he had accessed his email account from an address in Malaysia, from the computer lab at the University of Oklahoma, from Mukkarum Ali’s apartment (in Norman, Oklahoma), and from Kinko’s (in Eagan, Minnesota). Al Qaeda operatives had met in Kuala Lumpur in January 2000. The discovery of the IP address for Kinko’s prompted investigators to search the computer at this location.

Standby Counsel Objections

Standby counsel argued that the government had failed to provide the defense with evidence recovered from the [email protected] account or from computers at Oklahoma University, at Kinko’s, or at Mukkarum Ali’s apartment. Standby counsel is a lawyer who assists a client who has invoked his right to self-representation.

Donald Eugene Allison provided computer forensics expert witness testimony for the defense in an affidavit dated September 4, 2002.

In this same court document, standby counsel questioned methods by which the prosecution authenticated digital evidence. They noted the following:

[The] authentication information (such as the MD5 message digest and other accepted computer forensic methods) is critical as without it, it is impossible to verify that the duplicate hard drives are an exact copy of those that exist on the original systems. Likewise, without such information it is impossible to determine if the material retrieved from the hard drives is accurate.

In the same document, standby counsel argued that more than 200 hard drives were produced during discovery, yet the defense lacked the resources to thoroughly examine the drives to the same extent as the prosecution.

Standby counsel then asserted that the hard drive from the University of Oklahoma must have been contaminated. The defense contended that evidence from the Hotmail account should have been available from temporary Internet files. This again relates to the lack of evidence concerning the [email protected] account. Additionally, the defense argued that there was a mismatch of IP addresses used as evidence by the prosecution. The defense contended that even though Kinko’s appeared to have erased data every 24 hours, investigators could theoretically have examined the computer for files that still existed, but they failed to attempt to retrieve any files. Moreover, the defense argued that the prosecution had not examined the file slack on Mukkarum Ali’s computer.

Prosecution Affidavit

Dara K. Sewell was a supervisory special agent for the FBI and a computer forensics investigator who worked on this case. Sewell submitted an affidavit rebutting the assertions made by defense counsel, particularly Donald Eugene Allison. Sewell noted that the FBI uses three methods of duplicating or imaging a hard drive: (1) Linux dd, (2) SafeBack, and (3) Logicube handheld disk duplicator. All of these tools had undergone validation testing.

Sewell responded to Allison’s assertion that NIST approves only one method of making duplicates by stating, “NIST does not ‘approve’ any computer forensic tools. Instead, it merely reports the results of its testing. Moreover, Mr. Allison wrongly identifies Linux dd as the ‘only one method. . . . approved by [NIST].”

Interestingly, Allison questioned the lack of a Message Digest Sum Version 5 (md5sum) or Secure Hash Algorithm Version 1 (SHA-1) hash verification being produced by the prosecution. Sewell responded by noting that a number of verification hashes can be used, including Cyclical Redundancy Checksum (CRC). Sewell continued that SafeBack and Logicube disk duplicators were used. They used an internal CRC and were tested by the FBI’s CART. Therefore, “there would not ordinarily be any MD5 or SH-1 hash values to disclose to the defense for any computer drives imaged with SafeBack or a Logicube disk duplicator.” However, even with confidence in SafeBack’s CRC verification process, Sewell went back and generated an md5sum for the original evidence and the duplicates, and they were a match.

Exhibits

Hundreds of exhibits were submitted at trial. In terms of digital evidence, the prosecution presented numerous emails, wire transfers, receipts, and other exhibits.

The following email demonstrates Moussaoui’s interest in learning how to fly:

Hi, I would like some information on if I can get a full Simulator Training on a Boeing or Airbus even if I am not a Commercial Pilot. I am doing my PPL, but my dream is to fly one of these big Bird (of course in a simulator). Will you consider me even if I have not pass all the exam, I know it is a bit peculiar, but I am 33 years so a bit late to start a pilot career and the school where I do my ppl now told me he will take me two year before being a full qualified atp pilot. But for the moment I just want the experience to Fly.

Ultimately, it was the Pan Am International Flight Academy that provided Moussaoui with training on a flight simulator:

Zac;

I need the shipping address for your manuals. Operations want to send on thursday, July 12.

Please email or call with the address on thursday.

Thank you

The Pan Am International Flight Academy still provides flight simulator training today, according to its website (www.panamacademy.com).

A copy of a receipt from a store called Sporty’s, located in Batavia, Ohio, was also admitted into evidence. The receipt indicates that two VHS video tutorial tapes on the Boeing 747-200 and Boeing 747-400 were shipped to Moussaoui in Norman, Oklahoma, in June 2001. Receipts detailing payments to the Pan Am International Flight Academy were also produced at trial.

In August 2001, Moussaoui traveled to Eagan, Minnesota, to attend the Pan Am International Flight Academy. A hotel receipt for Moussaoui’s stay at the Residence Inn, from August 11 to August 17, 2001, in Eagan, Minnesota, was admitted into evidence.

From a computer forensics perspective, this case is important because much of the prosecution’s declarations depended on digital evidence. The case is interesting because it also highlights the types of objections that defense counsel can raise. Ultimately, the judge dismissed the objections made by Moussaoui’s defense counsel relating to the digital evidence provided by the prosecution.

Profile of a Killer

Dennis Lynn Rader was born in Pittsburg, Kansas, on March 9, 1945. Rader grew up in Wichita, Kansas and attended Wichita Heights High School. After a brief stint at Wichita State University, he joined the U.S. Air Force. He left the Air Force to study at a couple of colleges, but he ultimately returned to Wichita State University. Ironically, he graduated with a major in the administration of justice, in 1979. Rader’s employment history included a part-time position in the meat department at an IGA grocery store and a job as an assembler at the Coleman Company, and he spent time working as an installation manager at ADT Security, where he had access to many homes, from 1974 to 1988. From 1990 to 2005, he was a supervisor for the Compliance Department at Park City.

Rader was also a father of two and, for three decades, was a member of the Christ Lutheran Church, where he was later elected president of the Congregation Council. Rader was even a Cub Scout leader. Yet even as he taught many kids how to tie knots, he plied his own trade when he bound, tortured, and killed his victims.

Rader began his serial killing on January 15, 1974, when he killed four members of the Otero family in Wichita, Kansas. He went on to kill another six people. He strangled his final victim, Dolores Davis, age 62, with pantyhose on January 19, 1991.

Evidence

In March 2004, Rader began sending letters and packages to the local media describing his victims. Some of the packages actually included items belonging to the victims, to prove that he was the killer but still remained anonymous. Rader left one of these packages, a cereal box, in the bed of a pickup truck at a Home Depot. However, the owner of the vehicle discarded the box as trash. When Rader asked members of the media about the evidence, they had no knowledge. He subsequently went back to the Home Depot and retrieved the box from the trash. Investigators were later able to review surveillance footage from the Home Depot and noticed a black Jeep Cherokee returning to the scene to retrieve the evidence. This became a clue in the case. In 2005, Rader left a Post Toasties cereal box on a dirt road north of Wichita.

Rader then asked the police if it was possible to trace information to a floppy disk. Police posted their response in the Wichita Eagle newspaper by stating that it was “OK” to use a floppy disk. On February 16, 2005, an envelope arrived at KSAS-TV in Wichita. The package contained a translucent purple Memorex 1.44MB floppy disk. Randy Stone, from the Forensics Computer Crime Unit of the Wichita Police Department, examined the contents of the disk using EnCase forensics software. The disk contained one file, called Test A.rtf. The file metadata showed “Dennis” and Wichita’s “Christ Lutheran Church”. An Internet search then quickly indicated Dennis Rader as the suspect they would now search for.

Law enforcement began to monitor Rader and his residence. They noticed a black Jeep Cherokee parked outside the Rader residence. Investigators were then able to retrieve DNA from a Pap smear belonging to Rader’s daughter from a sample at the University of Kansas medical clinic. The DNA from the Pap smear was a match to the DNA found on one of the victims, thereby proving that the murderer was a member of the Rader family.

On February 25, 2005, Dennis Rader was arrested by a task force of agents from the FBI, the KBI, and the Wichita Police. In June 2005, Rader pleaded guilty and was sentenced to 10 life sentences. He is currently serving time at the El Dorado Correctional Facility.

Federal Anti-harassment Legislation

47 USC § 223 is an anti-harassment act aimed to prevent those who use telecommunications from transmitting “any comment, request, suggestion, proposal, image, or other communication which is obscene or child pornography, with intent to annoy, abuse, threaten, or harass another person.”

State Anti-harassment Legislation

HB 479, The Offense of Stalking, is an act passed by the state of Florida that explicitly prohibits cyberstalking. It defines the term cyberstalk to mean communication by means of electronic mail or electronic communication that causes substantial emotional distress and does not serve a legitimate purpose. It includes within the offenses of stalking and aggravated stalking the willful, malicious, and repeated cyberstalking of another person. It also provides penalties and revises the elements of the offense of aggravated stalking to include placing a person in fear of death or bodily injury of the person or the person’s child, sibling, spouse, or dependent.

Numerous states, including Alabama, Arizona, Connecticut, Hawaii, Illinois, New Hampshire, and New York, prohibit harassing electronic, computer, or email communications.

Warning Signs of Cyberbullying

Warning signs generally arise when a child is being bullied. Signs can include the following:

• Feelings of anxiety, sadness, or hopelessness;

• A decline in school grades;

• Diminishing interest in social and recreational activities;

• Upset behavior after leaving a computer or cellphone;

• Excessive use of digital devices;

• Irregular sleep patterns; and

• Changes in weight or loss of appetite.

What Is Cyberbullying?

Cyberbullying is not simply sending harassing emails or nasty text messages. Many forms of intimidating communications fall under this category:

• Images and video: Cyberbullies commonly use social media sites such as Facebook to post images and videos in attempts to embarrass other children.

• Sexting: In sexting, an individual illegally shares a sexually explicit image, usually via MMS from a cellphone. If an adult becomes involved and images of minors are being shared, charges of possession or distribution can ensue.

• Outing: Outing occurs when an individual publishes confidential personal information online or shares it in an email to embarrass another individual.

• Flaming: Flaming is online arguing, often including vulgar and offensive language to denigrate another person.

• Bash boards: Bash boards are online bulletin boards used to post hateful comments about peers or teachers that people dislike. Twoo.com, formerly Spring.me, is a website often connected with Facebook that has been used as a bash board.

• Tricking: Tricking is the process of duping an individual into divulging personal comments, with the intent to publicly publish those secrets to humiliate another individual.

• Happy slapping: Happy slapping occurs when people organize to physically harm another person and also video the abuse and later post the content online or send it to others. The proliferation of smartphones has facilitated a disturbing growth in these types of attacks.

• Online polls: Online polls are used to get classmates to vote on certain topics, such as the ugliest student in class.

• Impersonation: Impersonation is when a person either illegally breaks into another person’s account and pretends to be that person or sets up a fake page purporting to be someone else.

Phoebe Prince

On January 14, 2010, Phoebe Prince, a 15-year-old who had immigrated to South Hadley in Massachusetts, from the West of Ireland, committed suicide after being consistently bullied by other teenagers. Unbelievably, highly disrespectful comments were posted to her Facebook memorial page after her death. Six teenagers were charged as adults with a variety of felony charges, including statutory rape, stalking, and assault with a deadly weapon. Like so many other cyberbullying cases, the perpetrators got off lightly—some with probation or community service. Nevertheless, the state legislature enacted Senate No. 2404, an anti-bullying law.

Ryan Halligan

Ryan Halligan, a middle school student from Vermont, was another victim of cyberbullying who committed suicide. Many of the nasty messages sent to him were inadvertently archived on his computer through an application known as DeadAIM. In the aftermath of his death, in 2004, Vermont enacted a Bullying Prevention Policy Law and, later, the Suicide Prevention Law (Act 114) in 2005.

Megan Meier

Megan Meier was a 13-year-old student from Ostmann Elementary School, in Missouri, who committed suicide by hanging herself. Lori Drew, a 47 year old, posed as a boy named Josh Evans. She created a fake MySpace page and befriended Megan. In the case of United States vs. Lori Drew, Drew was charged with the following:

• Indicted on Charge of Conspiracy (Violation of 18 U.S.C. § 371)

• Infliction of emotional distress (Violation of 18 U.S.C. §1030(a)(2)(c))

• Computer Fraud & Abuse Act (CFAA)

• Breach of MySpace Terms of Service Agreement

After becoming good friends online, “Josh Evans” (Lori Drew) began to send hurtful comments to Meier, which many believed led Megan to commit suicide. Josh Evans sent comments such as “everybody hates you” and the “world would be a better place without you”. Evans communicated first via MySpace but later through AOL IM. The trial culminated with Lori Drew ultimately being acquitted, without serving any jail time.

In the wake of Meier’s death, the City of Florissant, Missouri, changed the cyber-harassment law from a misdemeanor to a Class D felony. Proving that cyberbullying ultimately led to suicide is always challenging.

Tyler Clementi

On September 22, 2010, a distraught 18-year-old Rutgers student ended his life by throwing himself off the George Washington Bridge. The unfortunate case of Tyler Clementi highlights the importance of digital evidence in bullying cases. Clementi was from Ridgewood, New Jersey. Just before committing suicide, Clementi checked Dharun Ravi’s Twitter account for the 59th time. Sadly, he then posted one last message on his Facebook profile: “Jumping off the gw bridge, sorry”.

Ravi was Clementi’s roommate, and he had secreted a webcam in their dorm room to capture Clementi’s intimate encounters with another man, intending to stream the video over the Internet on September 19. He then viewed the video from a friend’s dorm room across the hall. Ravi apparently encouraged others to invade Clementi’s privacy and watch the video. Prosecutors contended that Ravi intended to use the video to humiliate his gay roommate. Ravi’s tweets on Twitter clearly illustrated his intent to do just that, with Twitter messages informing his friends that he was in a dorm mate’s room, watching a video of Clementi “making out with a dude”. Ravi intended to set up yet another video of an intimate encounter of Clementi when he tweeted, “Anyone with iChat I dare you to video chat me between the hours of 9:30 and 12. Yes, it’s happening again”.

Classroom Discussions

1. What objections did Ross Ulbricht’s defense counsel raise before and during trial?

2. Why were there quite a number of supporters of Ross Ulbricht during his trial?

3. How can you recognize a child who is a victim of cyberbullying, and how can you help?

4. What type of digital evidence can be used in a cyberbullying investigation?

Multiple-Choice Questions

1. Which of the following best describes sending a sexually explicit MMS on a cellphone?

1. Flaming

2. Happy slapping

3. Tricking

4. Sexting

2. Which of the following refers to someone who advocates for him- or herself and does not use legal representation?

1. Pro se

2. En banc

3. Impersonation

4. Certiorari

3. Which of the following describes convincing a person to provide confidential information, with the intention of later publicizing the information to embarrass the person?

1. Tricking

2. Happy slapping

3. Online polls

4. Flaming

4. Much like a blog, this online service is specifically used to post hateful comments about peers or teachers that some people dislike.

1. Online poll

2. Bash board

3. User group

4. Social media

5. Which of the following terms refers to all members of an appellate court hearing an argument rather than just the required quorum?

1. En banc

2. Certiorari

3. Per curiam

4. Per se

Fill in the Blanks

1. When an individual publishes confidential personal information with others online or in an email to embarrass another individual, it is known as __________.

2. A group that organizes to physically harm another person and then video the event to share with others is involved with __________ __________.

3. __________ occurs when a person breaks into another person’s account and pretends to be that person.

4. Arguing online with another person using obscenities is called __________.

5. When peers are asked to rank who they believe to be the ugliest in the class online, the peers are asked to contribute to an online __________.

Project

Assessment of Cases by Judges

Each team will be adjudicated by a panel of judges who have technical and legal expertise. The panel will judge the teams based on the following criteria.

I. Technical Ability

1. Detailing the evidence to be used in the case

2. Detailing the admissibility of the evidence

3. Detailing how the evidence was acquired and handled

4. Warrants issued

5. Subpoenas issued

II. Legal and Presentation Skills

1. Detailing the charges being brought by the prosecution

2. Detailing the prosecution’s arguments

3. Detailing the defense’s arguments

4. Detailing the prosecution’s objections and cross-examinations

5. Detailing the defense’s objections and cross-examinations

6. The judge’s facilitation of court proceedings