Yup, we won't really know for sure until the other sites like SR start to get taken over.  I've read some of the articles that say he accessed the site over a VPN from a coffee shop.  Not a very smart thing to do when running a site as illegal as SR.

Why don't you set one up through Tor then if you disappear and stop posting here we will know Tor isn't secure.

Don't think I haven't given it much thought.

Follow the money !

I haven't read into this as yet but my guess is they cross-referenced transactions between Bitcoin and the real world. It won't have been done through cracking encryption but by many, many months of watching activity on the site.

Tor encryption is secure, Bitcoin is secure, however you still have to convert the virtual cash into real world money. If you track a user or site for long enough you will be able to build a picture of when Bitcoins were 'cashed in' and a corresponding amount of real money paid into a bank account, say on the first of the month a user cashes in £1000 of bitcoin and shortly after deposits £1000 into their bank account, and then the same happens a week later, and then again a week after once more you can safely say that those transactions relate to that specific bitcoin account holder. But were not talking about the odd transaction here and there but hundreds over a long period of time, follow it up with warrants and equipment seizures and eventually you'll get your man.

All this relates to watching specific individuals though rather than all users of a site, the more you use it the more likely you are to be watched, if you're the owner of a site dealing in dodgy stuff then you can guarantee every post is being tracked, every tiny bit of information given will be logged to build up a profile of who the 'anonymous' user is. One day they may say which country they live in, months later they might say which town and then later still what sex and age they are - all the time this narrows down the search for that persons true identity. You might not remember what you said in a post 18 months ago but someone somewhere might have it logged on a database.

Like I said it has nothing to do with beating encryption but more a case of was the suspect using Tor at the time of a certain post/transaction, do they match personal details revealed on a site, do bank records corelate to virtual cash, and a whole heap of other stuff as well. Once enough info has been recorded the warrants and arrests follow.

It was due to very poor Administration and plain stupidity.  The own employed someone who tried to extort him. The owner then hired a hit man (who was actually a federal agent). The owner also logged into the site from a coffee shop using only a VPN and not TOR.  You really should read some of the articles.  They set up a fake hit and everything, including pictures.

So I am optimistic that you're right.

It seemed to me to be a combination of stupidity and reasonably good online/offline detective work.

Very true, but if you don't make mistakes you can't get caught. Unless TOR is broken.

Well, except that assuming TOR isn't broken is a mistake?

Or even just assuming that your client is safe and wasn't tampered with in transit - did you download the source and check every line of code before compiling...?

According to Snowden leaks, tor is very far from broken. Interesting thing though is it has US gummint funding.
http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption

The Tor network was not broken, beyond the known statistical analysis flaw, at the time those documents were written, almost a year ago.

The default Tor client ships with a JavaScript-enabled Firefox that is constantly receiving security updates - visit the wrong website and splat.

I don't use Tor. Either the NSA is lying about not having broken it, or they've since broken it, or they still haven't broken it. Whatever.

I don't care what you do or don't use - I was simply clarifying the situation, since your post could give an incorrect impression.

You are very annoying.

You are very annoyed.

Not really.

I'll try harder then. :>