Home » Articles » Uncle Scam: Czech Owner of Sheep Marketplace Working With the FBI?
Click Here To Hide Tor

Uncle Scam: Czech Owner of Sheep Marketplace Working With the FBI?

Who benefited from one of the largest bitcoin heists in history?  ‘Benefit’ is an interesting word – simply because a benefit doesn’t necessarily mean a payoff in the form of currency.  Perhaps, the payoff can come in the form of a successful operation, a mission accomplished.

Let us go on an adventure into an intriguing theory, based off what recent reports have already told us, and curious information from a source, known as Gwern Branwen.

What’s Happened So Far?

Now up to $100 million in stolen BTC, this heist certainly rattled the entire Tor network drug trade.  On Nov 21, the Sheep Marketplace administrators were sticking with the story that a vendor named EBOOK101 absconded with 5,400 bitcoins.  However, SMP users weren’t quite convinced, due to suspicious occurrences that had already been taking place.   According to Net-Security.org,

“But there are many that don’t believe the explanation, and suspect the operators of Sheep Marketplace of having executed a clever scam. In the week leading to the theft, they began blocking users from withdrawing their Bitcoins.”

Due to the belief that the entire setup may have been a scam, SMP users begin to flock towards an online competitor, Black Market Reloaded.  Knowing that this flood of new users would compromise stability and security, BMR decides to close its doors.  According to RT.com,

“The administrator of the site, known as Backopy, said in a forum post the site would not be able to guarantee anonymity to its customers with the influx of new users since Tor – software that hides the identity of the site’s users and owners – is not designed to handle a large user base.

“SR is down, The Black Flag ended up as a scam, Atlantis ended up as a scam and now The Sheep Market follows that dark path. This puts BMR at the edge of the blade. Tor can’t support any site to be too big,” Backopy wrote.”

Essentially, Backopy has decided to close BMR doors in order to preserve the anonymity of its users.  The Tor network hides anonymity through the difficulty of tracking a single user in a sea of other Tor users.  However, when that network is channeled, it is much easier for these users to be tracked.

In addition, Tormarket, the site to which the suspected-scammer SMP has linked, is not happy about the publicity:

“Sheep Marketplace is not directing to another site called Tormarket, but the attention isn’t wanted. “First of all, we are not associated with the sheep team,” wrote Tormarket. “The sheep admin is linking us on their frontpage. This is the worst PR we can get right now. Please admin remove the link. Please. And most important thing: delete all data and backups to keep the users safe.”

At this point, Tormarket has now become ‘invite only’, attempting to hold back the flow from Sheep Marketplace.  Thus, Pandora is the natural next place that the SMP traffic will flow, as there are already several sources pointing in their direction.

Essentially, all of this traffic is bouncing from site to another in a massive exodus from SMP, then being forced in almost predictable directions –from BMR to Tormarket to Pandora.  From what we know of the NSA’s methods of ‘end-to-end correlation’, it certainly would make sense that SMP’s demise has provided law enforcement with volumes of information about the Tor network’s illicit drug trade traffic.  Backopy of BMR even warned about such movements in traffic, deciding to close down the site as a result.  This movement of traffic must have been predictable from the start.

Czech, Please

Only 1 month ago, a Reddit post from Theduded23 complained that Sheep Marketplace security was extremely flawed, saying that it took very little time to track down where the site was based and what company ran the server:

“Oh, we found sheepmarketplace.com’s real ip at the first attempt. Not bad.. Let’s check IP details whois 185.2.42.79 Result: http://i.imgur.com/YUUUjtf.png Well, as you see sheepmarketplace.com hosted in Czech Republic on HexaGeek’s servers Guess what it means sheepmarketplace.com’s owner same as sheep5u64fi457aw.onion.sale He is living in Czech Republic He sucks at security”

Perhaps it was this relaxed stance on security that landed Tomas Jiřikovský, the suspected scammer, in a difficult situation.  Attempting to move the stolen bitcoins like the wind through the blockchain, it appears as if he was running from a disgruntled SMP user called TheNodManOut:

“I’ve been a very busy boy. All day, we’ve been chasing the scoundrel with our stolen bitcoins through the blockchain. Around lunchtime (UK), I was chasing him across the roof of a moving train, (metaphorically). I was less than 20 minutes, or 2 blockchain confirmations, behind Tomas,” he wrote on 2 December Reddit post that refers to the individual accused of the scam.

“I’ve just chased a thief through a washing machine for you.”

This is where the story becomes interesting…

They Call Him Gwern

A researcher named, Gwern Branwen, posted a bet, heralding the end of both SMP and BMR.  He noticed that Sheep Marketplace had a ‘mirror site’ on the clearnet, meaning that it would show up on Google.  A clearnet site is, by nature, very easy to trace by law enforcement.  In addition, the similarities between the real darknet site and the clearnet site were eerie, as operation from servers in the Czech Republic seemed to be a recurring theme.  DJ Pangburn of Motherboard.vice.com reports,

“Even before the mysterious leaker’s help, Branwen smelled something fishy with the goings-on at Sheep Marketplace. “The veriest Google search [of Sheep Marketplace] would turn up that clearnet site,” wrote Branwen in his Reddit post The Bet: BMR and Sheep to die in a year. “And ithas been pointed out that the clearnet Czech site hosted by HexaGeek was uncannily similar to the actual hidden service.”

This bet was posted roughly one month before the SMP scam took place; however, mere days afterwards, Branwen was contacted by an anonymous ‘security hobbyist’, who told him that SMP was started and run by none other than a Czech individual named Tomas Jiřikovský, according to Pangburn.

The anonymous source said that he was able to track down Jiřikovský, and began to divulge damning information about the wayward scammer to Branwen.  The information was very convincing that Jiřikovský is the one who runs SMP.  Pangburn writes,

“The documents note, among other things, that Jiřikovský owns the Sheep Marketplace VPS hosting service, and controlled several other domains on that service, Old Cans and Font Park being two of them; that he was the earliest Sheep Marketplace promoter, advertising it on other sites earlier this year; that he is a Czech developer who runs Ubuntu, just like the Sheep Marketplace developer; and that his email address is listed on the Bitcoin Scammer List.”

The tale becomes even muddier when Branwen finds out that this anonymous security hobbyist had already contacted the FBI, concerning his findings (in addition to leaking information about BMR and even Project Black Flag in the past).  This means that the FBI already knew the location of Sheep Marketplace servers, in addition to the real world identity of it’s creator –and did nothing?  Could it be that the FBI wasn’t exactly surprised by this information?

An FBI Operation From the Start?

According to the Pangburn article, this anonymous security hobbyist leaked information to the FBI on Nov 2, which means that law enforcement would have had plenty of time to track down Jiřikovský.  However, the Czech was able to get away with millions in bitcoins after 18 days of no law enforcement interference?  Why didn’t they move in?

Perhaps, the FBI either allowed the scam to happen, or outright orchestrated the scam by gaining leverage through Jiřikovský’s wayward past.

One website even goes as far as to suggest that this Czech scammer was working with the authorities, and was able to work out some kind of a deal.  Curiously, this website is written in Czech.  Be warned, the translation is a little rough:

“FBI reportedly had received information from the same informant, who spoke with Branwen. Thus, if the programmer Thomas J. indeed for the operation of Sheep Marketplace centuries, perhaps a deal with investigators in some form of cooperation, Vice speculates.”

Again, we must ask, who benefitted most from the demise of Sheep Marketplace and the subsequent scamming of its users out of $100 million in BTC?  The result of this most recent scam removed one marketplace (SMP), shut down another (BMR), and directed the traffic to two obvious others (Tormarket then Pandora).

Concerning the scammer himself, Ross Ulbricht of Silk Road was caught from only a few mere slips in security, but Jiřikovský was not caught –yet had massive security flaws, in addition to a mirror site running on the same servers from the Czech Republic?

In addition, what was the true purpose of the mirrored clearnet SMP site?  Could it have provided law enforcement with an opportunity to launch “man-in-the-middle” attacks against Sheep Marketplace users?  We already know that the NSA is utilizing these tactics, especially against the Tor network, according to Bruce Schneier.  Could these attacks have infected user computers, and now authorities are extracting mountains of data about darknet drug trade traffic by stirring the anthill?

One argument against this theory could be that the FBI would never use such tactics, as it enables crime to persist on a grand scale.  Law enforcement itself would be responsible for untold numbers of illicit drug transactions.  However, this would not be the first time that the FBI has allowed large amounts of cybercrime to persist for the purpose of catching the big fish.

On Friday, Nov 15 2013, a hacker named, Jeremy Hammond was sentenced to 10 years in prison.  How did he get caught?  He was enabled by the FBI, and setup for the sting, said the convict:

“In August, Hammond released a statement suggesting that while Sabu aided the FBI, the bureau also used him to encourage other group members to hack various websites at the agency’s choosing, including those of foreign governments.

“What the United States could not accomplish legally, it used Sabu, and by extension, me and my co-defendants, to accomplish illegally,” Hammond wrote. “Why was the United States using us to infiltrate the private networks of foreign governments? What are they doing with the information we stole? And will anyone in our government ever be held accountable for these crimes?””

If the FBI simply used SMP to track users in the darknet drug trade, allowing it to continue until the time was right, it is certainly not outside the realm of possibility.  With all we have found out about US government tactics in 2013 alone, no tactic seems out-of-bounds any longer.

These, of course, are only theories…

9 comments

  1. Cute conspiracy theory… there’s tons of kids out there right now in trouble for loosing all their bitcoins, some are in even deeper trouble because they own money they can’t replace because of this scam. Do you really think the FBI would go through such lengths and allow chaos like this to affect so many people?

  2. I always love how the conspiracy theories just keep building until they get ridiculous. The simplest explanation is always the best and the Czech guy was just out for a quick payday. The US didn’t act in the time frame mentioned because although they have a wide reach, he was still in Czechoslovakia and there are protocols when dealing with other countries, as compared to Ulbricht who was in their backyard. Investigations and building evidence also takes time. He may have even been forced to go on the run when he realised the Feds where onto him?
    Drugs are also different to hacking websites of foreign countries. I do not believe any US agency would risk the terrible publicity of an American teenager overdosing on drugs purchased from Sheep Market when they could have easily shut it down.

    • yes they would

      You do know that the FBI/DEA allowed Silk Road to continue for months after they acquired an image of the server, right?

      So that blows your “they wouldn’t risk the publicity of an overdose” idea out of the water.

      • I alluded to the fact I believe that they will likely keep these type of sites running while they build a case against the main perpetrator however not a minute longer than they have to. There is a delicate balance to be maintained between (supposedly) shutting the site down for good by building enough evidence to convict the people involved versus letting the site run indefinitely. So no, it doesn’t blow my theory out of the water.

  3. 100 million, no. those guys who were following the wallets had simply stumbled upon BTC-E’s wallet, as the thief must have used it to withdraw basically immediately, so all those guys were doing was chasing BTC-e’s automated system after they found the deposit wallet. this wallet was confirmed to be BTC-E’s by many people who made deposits, checked the blockchain and reported back on the wallet address.

    bob, There is not one single us government entity that gives a shit about bad publicity as they always spin it in their favour in the eyes of the ignorants like bob who doesn’t think they would like it much. Jahil. Look at what those devils do, bombing innocent people calling it war on terrorism. Its remote control terrorism is what it is and look at how easily the public just eat that shit up. One overdose, how about you weigh that against the many they have killed starting at say… Vietnam… have they ever stopped bombing other countries? no. do most of youse care about it? no. so why would one overdose be anything they are concerned with? its bloody well not. You are an idiot bob. So is the author of this article. Do some fucking research.

    what shitcunts.

    • Australian actually. I like how you resort to name calling and insults to shut me down, yet in a twisted way support my argument.
      By missing the point, you have highlighted the apparent hypocrisy I see between the value (or lack thereof) assigned to another country or more specifically the people of another country and its sovereignty by the collective American psyche (this is my generalised assumption) compared to the death of say an American teenager who made an individual choice to consume drugs on their own accord resulting in their death.
      In case you still don’t get my point, I will spell it out for you… a single American’s life is worth 10 Vietnamese and 20 Iraqis.

  4. I just fell on this old article and for all those who say the us gov wouldn’t willingly allow illegal site to operate, I ask you all this, have you heard of silk road 2.0 and the fact the had an undercover agent help launch the site and was an active paid member of sr2 admin from day 1 before launch up to the very end. Not only did they allow it to happen, they facilitated it and contributed to it! They play in an area where rules don’t seem to apply.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *