[davmre]

Where in the complaint do you see evidence of a website vulnerability? The part you quoted just reads to me as describing DPR's use of a VPN, with the "forensic analysis" part referring to analysis of the disk image after the server had already been identified and imaged.

That said, a security vulnerability in the website does seem like a really plausible conjecture: it's hard to write that much PHP code and not screw up somewhere, especially given that he was probably doing most of it himself, without anyone to do independent QA. And even if the site code itself was fine, the Silk Road is a high-enough value target that the FBI might have thought it worth using a PHP 0-day. Once they're into the site, it's probably not hard to get it to dump an IP address or other externally identifying information.

[srollyson]

Yeah, that was a bit of a logical leap. I can see that the code analysis was probably done after getting a disk image now. I think the original lead probably came from his second bitcointalk "altoid" post, though.

[XorNot]

Don't forget there was a glitch with SR about 8 months ago where it was briefly returning the real IP address of the server on an error page.