Accounts with third-party service providers were used “for exfiltration or infrastructure,” according to a post by law enforcement on LockBit’s seized darkweb domain.
I’d be interested in seeing the number of E2EE enabled accounts used for criminal activity versus the number of regular ol’ free Gmail, Yahoo, Outlook etc accounts. Governments absolutely have a hate-on for E2EE, so the police calling out these services specifically raises questions of motive.
Not that we should not be shutting down criminals… but this sort of framing tends to suggest that E2EE services are inherently criminal enabling, and that does not feel like a mistake.
Forgive my question, but if the email is encrypted and the service is unable to read it, how are they sure the accounts in question are criminal? How would they know any account was?
This is confusing to me so I am grateful for any insight.
If an email address is being used for fraud, they don’t need to see the encrypted copy; they can see the copy sent out to other people from that address. So if I send you a message from my Protonmail to your Gmail, the following is true:
Copy @ Protonmail: E2EE.
Copy @ Gmail: NOT E2EE.
There are other, circumstantial ways to tell as well. If you’re trying to scam people with DudeBro Cryptocurrency, you necessarily reveal the address you use when you send our your spam or scams. If I send malware from notactuallydiotima@proton.me, the proof that I sent the malware does not require you to see my server stored mail; you can just look at your own copy to see.
Surely Proton also receives the mails in plaintext? There’s no E2EE about it. You have to take their word that they encrypt it and discard the plaintext data.
Yes, the “to address” cannot be encrypted as it is necessary to deliver the mail, the “from address” are needed to send a notification when the “to address” doesn’t exist.
Technically, the “from address” probably can be encrypted, like in signal; but I think it is required in the current email standard.
There’s typically reason to suspect the account owner first. They’re not trawling through random accounts, law enforcement doesn’t have the time or authority to do that. Note that intelligence agencies are not law enforcement, I’m not talking about what some spy agencies might do.
Since this is law enforcement, typically you don’t have a verdict to rely on, but they’d have a warrant or subpoena to get the necessary evidence to further the case.
I’d be interested in seeing the number of E2EE enabled accounts used for criminal activity versus the number of regular ol’ free Gmail, Yahoo, Outlook etc accounts. Governments absolutely have a hate-on for E2EE, so the police calling out these services specifically raises questions of motive.
Not that we should not be shutting down criminals… but this sort of framing tends to suggest that E2EE services are inherently criminal enabling, and that does not feel like a mistake.
Forgive my question, but if the email is encrypted and the service is unable to read it, how are they sure the accounts in question are criminal? How would they know any account was?
This is confusing to me so I am grateful for any insight.
Fair question!
If an email address is being used for fraud, they don’t need to see the encrypted copy; they can see the copy sent out to other people from that address. So if I send you a message from my Protonmail to your Gmail, the following is true:
Copy @ Protonmail: E2EE.
Copy @ Gmail: NOT E2EE.
There are other, circumstantial ways to tell as well. If you’re trying to scam people with DudeBro Cryptocurrency, you necessarily reveal the address you use when you send our your spam or scams. If I send malware from notactuallydiotima@proton.me, the proof that I sent the malware does not require you to see my server stored mail; you can just look at your own copy to see.
Does that make sense?
Surely Proton also receives the mails in plaintext? There’s no E2EE about it. You have to take their word that they encrypt it and discard the plaintext data.
So any email address is not encrypted even if the message goes to another encrypted account? Is this correct?
Yes, the “to address” cannot be encrypted as it is necessary to deliver the mail, the “from address” are needed to send a notification when the “to address” doesn’t exist.
Technically, the “from address” probably can be encrypted, like in signal; but I think it is required in the current email standard.
Thank you. This helped.
There’s typically reason to suspect the account owner first. They’re not trawling through random accounts, law enforcement doesn’t have the time or authority to do that. Note that intelligence agencies are not law enforcement, I’m not talking about what some spy agencies might do.
Since this is law enforcement, typically you don’t have a verdict to rely on, but they’d have a warrant or subpoena to get the necessary evidence to further the case.
Email encrypted at rest maybe. Email is awfully insecure whilst in transit.