A nice change to see the cops actually doing good police work.
One more scally off the street.
A drug dealer's ham-handed OPSEC allowed British police to identify him from a picture of him holding a block of cheese, which led to his arrest, guilty plea, and a sentence of 13 years and six months in prison. Liverpool resident Carl Stewart, 39, who went by the name "Toffeeforce" on now-defunct message service EncroChat, …
Was it the finger prints or the metadata in the pictures. I mean I know that police are allowed to lie, but most crims forget about that. Because for such a small scale crim it's a lot of work to get the print and then pass it through some database that costs a fair bit compared to passing the pic in some "forensics" too that reads the metadata and gets the location.
I think you'll find the intention is to make it *not* a lot of work. All these platforms online with citizens happily identifying themselves gives a good dataset which can be run through when any are arrested, for measuring success rate (should one actually care about accuracy).
Seems like a great tool for plod and MI5 etc to have so I am sure there is plenty of investment in developing the tooling. Frankly I think its fine, scraping publicly available data for catching real criminals... fine.
Using that data to track people in case they're criminals, or upset BoJo et al... not fine.
I'm sure they'll stick with the former, right?
The problem is that many data harvesting projects used for evil purposes around the world have started with a narrow use for something laudable and then gradually expanded into general harassment of citizens. Also what happens if the police have all this data and the government slowly turns authoritarian over time (Turkey, India, Hungary)?
Yes, there are no privacy implications whatsoever from our infallible police forces, ever-fair guardians of justice, combing through photographs to extract palm- and fingerprints. I have the utmost confidence they will use this technique only to find those they know are Bad People, or are pretty sure about, or figure might be more or less Bad People, or would maybe do some Bad Stuff at some point in the future, or might annoy them at some time, or might annoy someone in a position of influence, or ...
But, I mean, an alleged drug dealer was caught,1 so that excuses anything. Mustn't have drugs. Except alcohol, obviously. What good are my civil rights if someone else somewhere is getting high?
1We're told he confessed, and that's indisputable proof, right?
So lessons to learn for all you up and coming ne'er-do-wells. Dont take Photos, Videos or make any other form of personally identifiable details available and send them over any service. Even one claiming to be encrypted and secure, because eventually it wont be secure anymore (once the Fuzz get hold of the servers).
Oh and stay away from M&S... Really M&S branded cheese considered good? Kids these days...
"Even one claiming to be encrypted and secure, because eventually it wont be secure anymore (once the Fuzz get hold of the servers)."
Not even then? Surely anything you share you're at a risk of someone else taking a copy/police getting their computer/etc and therefore getting a copy of the image?
I see sharing something like that in the way of keeping a secret - once you tell anyone else, you have to trust them not to share/leak it from that moment.
AFAIK the police infiltrated EncroChat simply by joining
According to reports, by getting a mole hired as an employee and compromising the software. End-to-end doesn't help in that case, as long as the client (on either end) is compromised.
ObReference to "Reflections on Trusting Trust", etc, etc.
I'm not convinced about this one. I tried a few filters on the image, but no way were there any decent fingerprint details there. The focus and resolution just weren't enough. I would say maybe a few whitre lies were put to the guy.
Well that's either a very poor return in arrests or it shows that a lot of encrypted chat is not for nefarious purposes.
Even allowing for some of them to go free for continued surveillance / Queen's evidence (possibly) and lord know what else, that's still quite a poor return is it not?
Just speculating, but could it be the majority of the 10,000 were the users, and not the dealers, and the cops are only going after the dealers?
Although saying that, I doubt too many end users bothered to buy into an expensive service like Encrochat just to pick up a couple of ounces of Colombia's finest, when they could just take a bus to Brixton for a few bucks...
Who knows? Anyone actually hear of any other uses for EncroChat apart from the nefarious type...
"Anyone actually hear of any other uses for EncroChat apart from the nefarious type..."
Well, it looks like the Cops couldn't drum up any charges against around 9,940 of the UK userbase. After doing the incredibly difficult math(s), it would seem that roughly 99.4% of all users in the UK are not using it for illegal acts.
"I am led to believe that some criminals live in other parts of the UK too..."
Yes, they do. But have you not noticed that the cops always raid all premises simultaneously in these cases, so none of the perps can warn perps in other locations?
If they only arrested 60 people, that was the total number of people in the list that they could gather anything on. Time for a new list, methinks.
"EncroChat was founded in 2016 as an encrypted instant-messaging service and was said to have been favored by criminals as a communication tool until 2020."
OK, so just let me get this straight. Criminals aren't using the mainstream Social Media apps such as WhatsApp, Facebook, Instagram, Twitter, et al, but prefer to use dedicated channels of encryption on far more obscure services.
So why are we focusing efforts against WhatsApp, etc? Is it because the Government isn't overly worried about the hardcore criminals, they really just want to spy on everyone?
OK, so just let me get this straight. Criminals aren't using the mainstream Social Media apps such as WhatsApp, Facebook
Actually, that's not what was said. Just because apples are green things doesn't mean all green things are apples. Hence, even if EncroChat was set up in 2016 and is favoured by criminals, doesn't mean it's the only messaging service that criminals use.
The focus on various services to stop the criminals seems generally to be limited to pornography and terrorism. I wonder if this has anything to do with using emotional subjects to railroad through draconian legislation. Surely not.
A lot of financial criminals use chat systems such as Bloomberg safe in the knowledge that only whistleblowers seem to get punished. EncroChat might appeal to some if it promises not to disclose member information but there are plenty of services out there that provide reliable e2e with message destruction (which is what you really need). Through in some good VPN and burner phones and you're getting close to secret service levels… but only if you keep the phone switched off nearly all the time.
Silly boys and girls in blue. Why did they raid the encrypted site if they knew how to "spy" on the chat in the first place?
Surely it would make sense, well to me, to let the site continue and then drip feed the intelligence of other crimes over a number of years.
Maybe I'm wrong, sometimes I am.
Biting the hand that feeds IT © 1998–2022