Calling him stupid seems to kinda miss the point to me. I think it's more that when you're up against the Feds, especially on something so deeply entrenched as being illegal worldwide as distributing drugs on a massive scale, you're going to get caught eventually, because it only takes one mistake. Sure, he was kinda dumb and made a lot more than one mistake, but how much better could anybody here do? Enough to keep the Feds away for how long, exactly? Another year or two maybe?
I kinda sympathize with his position in a way. He was clearly in over his head both on the technological front and on the administration front, despite making piles of money. When that happens in a normal business, you hire some help. But how do you find help to hire for such a massively illegal operation? Finding anyone who could be trusted is a tough problem, much less someone who can be trusted and also has strong technical skills.
Yeah, I don't have that urge. My spending hasn't increased [with the exception of what I spend to help my SO out when she is unemployed] since I started making $40k, let alone what I make now.
Kim Dotcom is "kicking it" about as well as Julian Assange is. It's not like he's hidden somewhere. The authorities know exactly who he is, where he is, how much he owns, and how to get it. They're just sorting out the court procedures to make sure they get all of it.
In any event, Ross was running something somewhat more illicit than Megaupload. His opsec probably should have been commensurately better.
What always gets me is how (in this situation) he would ever operate a laptop that was usable without being plugged in... If he had simply removed the battery and kept the thing plugged then the laptop would have powered off immediately after it was grabbed.
That would have been an improvement, but even basic computer forensic gathering knowledge would get around this without trouble. What he needed to do is keep his sensitive files encrypted separately from his laptop login. Like on a USB drive encrypted with GPG and a nice long passphrase.
Even then, the FBI grabbed him with his laptop logged into the management interface for Silk Road... So he still would have been in some hot water.
Maybe. For stuff like the personal notes you're keeping on a criminal conspiracy, a flash drive might be fine. But I'd be very skeptical of storing, say, the PHP source code to the Silk Road on a flash drive or SSD, because the internal data structures of the SSD could leak information about the sizes of individual files. If the feds can recover the sizes of individual files, rounded up to the next multiple of 4K, and you've got the PHP source code for the Silk Road stored there, it's game over. The same goes for filesystem encryption, like the kind ZFS (I think) has.
(I'm not personally familiar with ZFS, but the ZFS docs, especially https://docs.oracle.com/cd/E26502_01/html/E29007/gkkih.html#... really creep me with regard to this. The last thing you'd want is blocks in your local encrypted copy of PHP source code to be compressed first. And so then you'd think you'd want encryption enabled on a pool, but from reading the docs it seems that feature merely makes the filesystems on that pool inherit that encryption option, instead of doing some sort of filesystem-blind block-level encryption, where there's any variance in the encryption of blocks, or any information that could be derived from locations of blocks. So I think the suggestion to encrypt on a directory-by-directory basis to limit your exposure is not a very good one. I'd recommend that you use a spinning hard drive, whole disk encryption of the sort we have today, take out the battery, and keep your foot by the power outlet.)
If the laptop turned off and the drive was encrypted by what basic method could they extrapolate the same information as if the computer was decrypted and powered on? Are you referring to some kind of memory attack? Wouldn't they need to be prepared to do that kind of forensic work in the extremely near term (or have some equipment on-hand to preserve the memory at least)? I'm pretty uninformed in this area and would appreciate a lesson.
You wouldn't turn off the device, particularly if you thought that turning it off could make you lose access to information.
That can be achieved by (1) transferring the machine to a portable battery unit without interrupting the power feed from the AC wall adapter and/or (2) imaging the machine's memory and mounted drives in-place.
These are things the FBI has in its toolbox, precisely because "yank the power cable" is how many criminals rely on protecting their otherwise encrypted data.
Why would the LEOs unplug the device? They'd use one of those power transfer gadgets to cutover to battery and keep it running. Same as with desktops and servers. They can just grab him, not necessarily the device.
The idea is that typically people expect a laptop to remain powered when the cord is unplugged (due to the battery), and so in a situation where the laptop is grabbed the power is cut immediately (and unexpectedly) and the hard-drive is no longer decrypted. As another commenter pointed out, a forensics team could then probably grab whatever they needed from the system memory (presuming they acted fast enough), but as I understand it the problem becomes significantly more complicated.
I kinda sympathize with his position in a way. He was clearly in over his head both on the technological front and on the administration front, despite making piles of money. When that happens in a normal business, you hire some help. But how do you find help to hire for such a massively illegal operation? Finding anyone who could be trusted is a tough problem, much less someone who can be trusted and also has strong technical skills.