back to article Hard cheese: Stilton snap shared via EncroChat leads to drug dealer's downfall

A drug dealer's ham-handed OPSEC allowed British police to identify him from a picture of him holding a block of cheese, which led to his arrest, guilty plea, and a sentence of 13 years and six months in prison. Liverpool resident Carl Stewart, 39, who went by the name "Toffeeforce" on now-defunct message service EncroChat, …

  1. Chris G

    A nice change to see the cops actually doing good police work.

    One more scally off the street.

    1. simonlb Silver badge

      Yeah, you've got to hand it to them!

      1. Pascal Monett Silver badge

        Indeed. And it's another case of not needing backdoored encryption or violating one's privacy without a warrant to get the job done.

        1. sreynolds

          Was it the finger prints or the metadata in the pictures. I mean I know that police are allowed to lie, but most crims forget about that. Because for such a small scale crim it's a lot of work to get the print and then pass it through some database that costs a fair bit compared to passing the pic in some "forensics" too that reads the metadata and gets the location.

          1. claimed Silver badge

            I think you'll find the intention is to make it *not* a lot of work. All these platforms online with citizens happily identifying themselves gives a good dataset which can be run through when any are arrested, for measuring success rate (should one actually care about accuracy).

            Seems like a great tool for plod and MI5 etc to have so I am sure there is plenty of investment in developing the tooling. Frankly I think its fine, scraping publicly available data for catching real criminals... fine.

            Using that data to track people in case they're criminals, or upset BoJo et al... not fine.

            I'm sure they'll stick with the former, right?

            1. llaryllama

              The problem is that many data harvesting projects used for evil purposes around the world have started with a narrow use for something laudable and then gradually expanded into general harassment of citizens. Also what happens if the police have all this data and the government slowly turns authoritarian over time (Turkey, India, Hungary)?

          2. Chris G

            If he got 13yrs6months, he was hardly small scale.

            I also doubt the fuzz had to do an expensive database search, I am guessing they already had a palm print, suspected him and just needed some corroberation, he handed it to them.

            1. Anonymous Coward
              Anonymous Coward

              I bet the dude was now wishing he'd joined the masons

              Membership includes GOJF cards

        2. Persona Silver badge

          Errrm .... as I understand it they police did gain access to the encrypted system content. There they found evidence of criminal activity and this picture that was the evidential link between the criminal activity and the person using the account.

          1. Michael Wojcik Silver badge

            Yes, but in the EncroChat case they did it without "cracking the encryption" per se. Police forces (according to reports) got a mole hired by the company, who introduced a back door into the system.

            Is that any better? Debatable.

        3. Michael Wojcik Silver badge

          Yes, there are no privacy implications whatsoever from our infallible police forces, ever-fair guardians of justice, combing through photographs to extract palm- and fingerprints. I have the utmost confidence they will use this technique only to find those they know are Bad People, or are pretty sure about, or figure might be more or less Bad People, or would maybe do some Bad Stuff at some point in the future, or might annoy them at some time, or might annoy someone in a position of influence, or ...

          But, I mean, an alleged drug dealer was caught,1 so that excuses anything. Mustn't have drugs. Except alcohol, obviously. What good are my civil rights if someone else somewhere is getting high?

          1We're told he confessed, and that's indisputable proof, right?

          1. elip

            13+ years for some drugs bruh? Fucking amazing...I would think maybe in the US, possibly, but in Europe?!! When do we start locking up every sugar dealer - turns out its more addictive (and worse for your systematic health) than cocaine!

            1. Anonymous Coward
              Anonymous Coward

              Shhh, sensible thought is not allowed here

              Challenging perceptions is a big no no

  2. lglethal Silver badge
    Go

    So lessons to learn for all you up and coming ne'er-do-wells. Dont take Photos, Videos or make any other form of personally identifiable details available and send them over any service. Even one claiming to be encrypted and secure, because eventually it wont be secure anymore (once the Fuzz get hold of the servers).

    Oh and stay away from M&S... Really M&S branded cheese considered good? Kids these days...

    1. Chloe Cresswell Silver badge

      "Even one claiming to be encrypted and secure, because eventually it wont be secure anymore (once the Fuzz get hold of the servers)."

      Not even then? Surely anything you share you're at a risk of someone else taking a copy/police getting their computer/etc and therefore getting a copy of the image?

      I see sharing something like that in the way of keeping a secret - once you tell anyone else, you have to trust them not to share/leak it from that moment.

      1. elip

        Chloe gets it! Never crime in a team. Only crime by yourself. Golden rule.

    2. Charlie Clark Silver badge

      On properly e2e systems the servers aren't that useful. AFAIK the police infiltrated EncroChat simply by joining.

      Otherwise the advice is as sound as it's ever been: never call when you can talk, never talk when you can whisper…

      1. CAPS LOCK

        As usual in these sort of matters Ben Franklin has words of wisdom...

        ..."Three may keep a secret, if two of them are dead"

        1. jake Silver badge

          Re: As usual in these sort of matters Ben Franklin has words of wisdom...

          Ol' Ben probably borrowed that from Romeo and Juliet, Act 2 Scene 4:

          "Is your man secret? Did you ne'er hear say/Two may keep counsel, putting one away?" —Shakespeare

      2. Michael Wojcik Silver badge

        AFAIK the police infiltrated EncroChat simply by joining

        According to reports, by getting a mole hired as an employee and compromising the software. End-to-end doesn't help in that case, as long as the client (on either end) is compromised.

        ObReference to "Reflections on Trusting Trust", etc, etc.

    3. N2

      Its Long Clawson

  3. Potemkine! Silver badge

    It may not be a smart move to tell how that guy was caught, it may help others to avoid to make the same mistake.

    Anyway, I fear the vacancy will (if not already) be filled by another thug.

  4. Anonymous Coward
    Anonymous Coward

    Hard cheese

    He should be more caerphilly taking photos

    1. UCAP Silver badge
      Joke

      Re: Hard cheese

      I suspect that he is feeling really cheesed off about everything.

      1. DrewWyatt
        Joke

        Re: Hard cheese

        It is risky to take Cheesy photos.

    2. Alpine_Hermit

      Re: Hard cheese

      That was a rarebit of good police work.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hard cheese

        Edamn straight.

        1. Anonymous Coward
          Anonymous Coward

          Re: Hard cheese

          You gouda do better than that.

      2. Roland6 Silver badge

        Re: Hard cheese

        Na it was a Brie's

    3. jake Silver badge

      Re: Hard cheese

      Typical criminal, figured he was too good for the cops to be casein him out. He certainly doesn't seem to know Jack about anonymity. Perhaps he should have whey'd the consequences of his actions.

    4. Pseudonymous Clown Art

      Re: Hard cheese

      Indeed, he was caught Red Leicestered.

    5. IGotOut Silver badge
      Coat

      Re: Hard cheese

      Glad to see they locked up this curd a whey for a long time.

      1. Anonymous IV
        Unhappy

        Re: Hard cheese

        Not a person of whom it could be said, "Cheese a Jolly Good Fellow"...

    6. ThereBePirates

      Re: Hard cheese

      He should have been more mature about his security.

    7. Anonymous Coward
      Alert

      Re: Hard cheese

      I'm going to go out on a Limburger here and suggest that the perp wasn't expecting that.

      [Icon: looks a bit like a wedge of cheese!]

    8. adam 40

      Re: Hard cheese

      Well done by the Boys in Blue-vein. Still, tons of other criminals get awhey with it.

      Which prison is he going to? The Rock? Fought so.

    9. Anonymous Coward
      Anonymous Coward

      Re: Hard cheese

      "A drug dealer's ham-handed OPSEC allowed British police to identify him from a picture of him holding a block of cheese"

      Ham AND cheese!

    10. SuperGeek

      Re: Hard cheese

      Brie-liant work. All for the "grater" good!

      1. adam 40

        Re: Hard cheese

        That takes the biscuit! Good job it wasn't cheese-wire fraud, and now his board is at Her Majorero's Pleasant Creek.

    11. Michael Wojcik Silver badge

      Re: Hard cheese

      A clear queso unintended consequences.

      (Thought I'd wedge one more in there. These aren't hard.)

  5. Warm Braw

    Conspiring to supply cocaine, heroin, MDMA, and ketamine

    Finally an explanation of how people are able to afford to buy cheese from M&S.

  6. Pascal Monett Silver badge
    Windows

    "His palm and fingerprints were analyzed from this picture"

    Dear $Deity, they can lift prints off of pictures now ?

    Wow.

    1. jake Silver badge

      Re: "His palm and fingerprints were analyzed from this picture"

      No. They can see them in the photo. You can easily duplicate this with your own phone, should you care to try it.

      1. Greycon

        Re: "His palm and fingerprints were analyzed from this picture"

        I'm not convinced about this one. I tried a few filters on the image, but no way were there any decent fingerprint details there. The focus and resolution just weren't enough. I would say maybe a few whitre lies were put to the guy.

        1. Stoneshop
          Holmes

          Re: "His palm and fingerprints were analyzed from this picture"

          You don't have the original pic to work from.

          1. Ken Moorhouse Silver badge

            Re: You don't have the original pic to work from.

            Just as well, really. GDPR could arguably be an issue, otherwise.

            1. Stoneshop

              Re: You don't have the original pic to work from.

              GDPR could arguably be an issue, otherwise.

              Well, it does contain Personally Identifiable Digestibles, so, yes.

  7. Lord Parity, Last Count of Register

    What a Friend We Have in Cheeses ...

    ... all our crimes and deeds to bare. Stilton knows our fatal weakness. Take it to the cops in care.

    1. Kubla Cant
      Thumb Up

      Re: What a Friend We Have in Cheeses ...

      Brilliant!

  8. Dabooka

    10,000 UK users and 60 arrests?

    Well that's either a very poor return in arrests or it shows that a lot of encrypted chat is not for nefarious purposes.

    Even allowing for some of them to go free for continued surveillance / Queen's evidence (possibly) and lord know what else, that's still quite a poor return is it not?

    1. lglethal Silver badge

      Re: 10,000 UK users and 60 arrests?

      Just speculating, but could it be the majority of the 10,000 were the users, and not the dealers, and the cops are only going after the dealers?

      Although saying that, I doubt too many end users bothered to buy into an expensive service like Encrochat just to pick up a couple of ounces of Colombia's finest, when they could just take a bus to Brixton for a few bucks...

      Who knows? Anyone actually hear of any other uses for EncroChat apart from the nefarious type...

      1. jake Silver badge

        Re: 10,000 UK users and 60 arrests?

        "Anyone actually hear of any other uses for EncroChat apart from the nefarious type..."

        Well, it looks like the Cops couldn't drum up any charges against around 9,940 of the UK userbase. After doing the incredibly difficult math(s), it would seem that roughly 99.4% of all users in the UK are not using it for illegal acts.

      2. Anonymous Coward
        Anonymous Coward

        Re: 10,000 UK users and 60 arrests?

        Dodgy corporates?

    2. Ken Moorhouse Silver badge

      Re: 10,000 UK users and 60 arrests?

      The rest mainly involved Swiss cheese.

      Some got away because they were found to be Swiss cheese plants.

    3. noisy_typist

      Re: 10,000 UK users and 60 arrests?

      The article says Merseyside police have arrested 60 people.

      I am led to believe that some criminals live in other parts of the UK too...

      1. jake Silver badge

        Re: 10,000 UK users and 60 arrests?

        "I am led to believe that some criminals live in other parts of the UK too..."

        Yes, they do. But have you not noticed that the cops always raid all premises simultaneously in these cases, so none of the perps can warn perps in other locations?

        If they only arrested 60 people, that was the total number of people in the list that they could gather anything on. Time for a new list, methinks.

        1. Anonymous Coward
          Anonymous Coward

          Re: 10,000 UK users and 60 arrests?

          Those 60 forgot to reaffirm their freemason memberships, silly boys

      2. lglethal Silver badge
        Trollface

        Re: 10,000 UK users and 60 arrests?

        I thought everyone on Merseyside was a criminal? Just some of them havent been arrested yet.

  9. Velv
    Mushroom

    End to End

    "EncroChat was founded in 2016 as an encrypted instant-messaging service and was said to have been favored by criminals as a communication tool until 2020."

    OK, so just let me get this straight. Criminals aren't using the mainstream Social Media apps such as WhatsApp, Facebook, Instagram, Twitter, et al, but prefer to use dedicated channels of encryption on far more obscure services.

    So why are we focusing efforts against WhatsApp, etc? Is it because the Government isn't overly worried about the hardcore criminals, they really just want to spy on everyone?

    1. ThatOne Silver badge

      Re: End to End

      > So why are we focusing efforts against WhatsApp, etc?

      Maybe because the small, obscure services are easy to infiltrate/crack, as proven in this case here? On the other hand you don't stand a chance against the rich and powerful Republic of Zuckerbergen.

      1. Charlie Clark Silver badge

        Re: End to End

        Or, even if the messages are unbreakably encrypted, it's easy for the CIA to get as list of people's contacts: just sent a fax.

    2. Charlie Clark Silver badge

      Re: End to End

      OK, so just let me get this straight. Criminals aren't using the mainstream Social Media apps such as WhatsApp, Facebook

      Actually, that's not what was said. Just because apples are green things doesn't mean all green things are apples. Hence, even if EncroChat was set up in 2016 and is favoured by criminals, doesn't mean it's the only messaging service that criminals use.

      The focus on various services to stop the criminals seems generally to be limited to pornography and terrorism. I wonder if this has anything to do with using emotional subjects to railroad through draconian legislation. Surely not.

      A lot of financial criminals use chat systems such as Bloomberg safe in the knowledge that only whistleblowers seem to get punished. EncroChat might appeal to some if it promises not to disclose member information but there are plenty of services out there that provide reliable e2e with message destruction (which is what you really need). Through in some good VPN and burner phones and you're getting close to secret service levels… but only if you keep the phone switched off nearly all the time.

  10. mark4155
    Holmes

    Plain stupid!

    Silly boys and girls in blue. Why did they raid the encrypted site if they knew how to "spy" on the chat in the first place?

    Surely it would make sense, well to me, to let the site continue and then drip feed the intelligence of other crimes over a number of years.

    Maybe I'm wrong, sometimes I am.

    1. jake Silver badge

      Re: Plain stupid!

      "Surely it would make sense, well to me, to let the site continue and then drip feed the intelligence of other crimes over a number of years."

      Maybe they did.

  11. Ken Moorhouse Silver badge

    The accused had heard...

    ...a rumour that cheese makes Rozzers Mellow.

  12. Robert Carnegie Silver badge
    Joke

    My cheese is sweating and that's all that I intend to say about it. :-)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like