back to article 'Corrupt' cop jailed for tipping off pal to EncroChat dragnet

A British court has sentenced a "corrupt" police analyst to almost four years behind bars for tipping off a friend that officers had compromised the EncroChat encrypted messaging app network. Natalie Mottram, 25, of Warrington, England, was sent down for three years and nine months on Friday at Liverpool Crown Court. She …

  1. Stu J

    Inadequate sentence

    She should have been sent down for far longer as a much stronger deterrent for unilaterally endangering a multi-national investigation into some of the worst scumbags in Europe. Prize idiot.

  2. Andy3

    Good, should have been longer. Using your trusted position in law enforcement to tip off the bad guys is pretty low, don't you think?

    1. Alumoi Silver badge

      Of course. Only government officials are allowed to do it.

  3. Andy3

    Good, should have been longer. Anyone who uses their trusted position in law enforcement to tip off the bad guys in pretty low.

    1. Benegesserict Cumbersomberbatch Silver badge

      You must have sent your previous comment from your burner phone.

  4. Anonymous Coward
    Anonymous Coward

    Cop ?

    That's the word that should have been in dog-ears. The corrupt bit is a dictionary definition. She wasn't a sworn officer. (If she had been, the sentence would have been a lot stiffer),

    Honestly. journalism today.

    1. Anonymous Coward
      Anonymous Coward

      Re: Cop ?

      Same as yesterday, heh? You'd think with all those computers and electronic thingies they'd do befter than their predecessors...

    2. diodesign (Written by Reg staff) Silver badge

      Corrupt cop

      We're going purely for the alliteration. It sounds nice. Relax a little.

      C.

      1. Snowy Silver badge
        Coat

        Re: Corrupt cop

        I see the alliteration but I would have put the quotation marks around cop rather than corrupt.

      2. MOH

        Re: Corrupt cop

        El Reg is one of the few sources I still read that shows amazing inventiveness in its headlines, while remaining pretty accurate. Please don't compromise your standards. Especially when 15 second thinking would have yielded a similarly alliterative yet more accurate phrasing

  5. Anonymous Coward
    Anonymous Coward

    Does anyone else find some of this a little odd? I'll list what I find strange.

    The shortness of the sentence.

    This supposed 48 hour delay and the ability to delete messages. It's a MITM attack. You can't delete data already intercepted.

    The fact that even though she worked for the NCA she sent messages to people about it that could be read later.

    Why didn't she send them through the encrypted service then delete them if the above is true? how did she send these intercepted messages?

    The don't use postcodes comment. That's like saying to Amazon don't use postcodes. How are you supposed to deliver stuff?

    Reported elsewhere in the media, she had a £1500 a month pot habit. How is that even possible?

    They reportedly used an update to lift the entire contents of peoples phones. How did people not notice this when their burner PAYG phone ran out of credit rather quickly?

    I think there may be a bit more to this story though I could be wrong.

    1. Bebu Silver badge
      Windows

      I suspect the one word answer is "idiot"

      The overall impression I have is that none of the culprits were the sharpest tools.

      3.75 years less remission/probabation doesn't seem like a lot but for a 25 year old woman its probably harsher than it first appears especially for what seems to be acts of idiocy.

      Don't the NCA etc do continual background checks of staff in sensitive roles? I would imagine her association with the other two idiots would have raised the alarm earlier. Trust but check.

      As already commented there is possibly a lot more to this story?

      1. Anonymous Coward
        Anonymous Coward

        Re: I suspect the one word answer is "idiot"

        Regarding background checks:

        Having recently gone through security clearance to manage government IT stuff, the amount of checking depends on the level of clearance required. For something like this, it was probably checking on her and close family, same as I went through. Checking friends/associates happens more when you move into MI5/MI6 and probably GCHQ type levels, I'd assume.

        1. CountCadaver Silver badge

          Re: I suspect the one word answer is "idiot"

          Military also plus for military they also do counter terrorism check and for roles with access to the highest level you have another screening still.

        2. DJO Silver badge

          Re: I suspect the one word answer is "idiot"

          Regarding background checks

          plus ça change

          Many, many years ago I was contracting at a <reacted> factory making <reacted> for <redacted> when my military escort mentioned the penalties under the Official Secrets Act if I blabbed about what I'd seen. I had not then nor since signed the Official Secrets Act - so much for the military sorting out my clearance before I started the job.

          1. Julian Bradfield

            Re: I suspect the one word answer is "idiot"

            "signing the official secrets act" is merely a way to make sure you can't try to plead ignorance when you're prosecuted; you're bound by it regardless. (I found my "signing" the other day...)

            1. johnfbw

              Re: I suspect the one word answer is "idiot"

              Exactly - the Official Secrets Act is the law of the land and applies to everyone. Signing it is basically the same as signing a companies data policy - it is just to prove you read it, not to exempt you from it if you didn't

    2. Jellied Eel Silver badge

      Not really. The sentence would have been decided by the court, and maybe it was enough based on the evidence, or sentencing guidelines. If she was just an analyst working on the product, she probably wouldn't have known, or needing to know exactly how the compromise worked because that would have been really sensitive information. So maybe messages were held back 48hrs, or that was how long it took messages to get from collection, filtration and to the relevant LEAs. Her sending messages is just one of those security risks, ie if she sent messages from work devices, or personal. If the NCA suspected something, personal devices could have been monitored.

      The postcode thing is just criminals being criminals. Maybe they assumed because they were on an encrypted system, they could speak more freely, and not have to try and speak in code. But that's also why this operation has been so successful. Eventually the smarter ones might have realised their messages were being compromised, but LEAs would still have a mountain of evidence to work through. As for the phone stuff, I read it as her phone had been seized and the data recovered. If not, my contract has some free data, like to EE's systems and it's simple enough for mobile operators to zero rate or exclude some data in their billing systems. And the £1500 a month weed habit may have been sloppy journalism, they were buying more than just weed, or were buying a 9-bar and sharing it with friends. But there were no charges for dealing, so maybe the CPS felt they had enough to send a message.

      1. Doctor Syntax Silver badge

        "So maybe messages were held back 48hrs, or that was how long it took messages to get from collection, filtration and to the relevant LEAs."

        Apparently the messages were sent as an overnight download to UK. NCA then filtered it into separate batches for the various units who would have to deal with it. A message intercepted just after the previous download would would be ~24 hours old by the time of the next download so allow some processing time for sorting and her unit to upload their batch onto their own system & 48 hours sounds about right. But depending on the timing of the intercept vs the overnight download schedule it could have been a good bit shorter.

        There's an account elsewhere but it would make a good el Reg article.

        1. Anonymous Coward
          Anonymous Coward

          The article doesn't say that it says.

          I no [sic] a lady who works for the police. This is not hearsay. Direct to me. They can access Encro software. And are using to intercept forearms [sic] only at the moment. There [sic] software runs 48 hours behind real time. So have ur burns one day max. And try to avoid giving postcodes over it.

          "Burns" refers to the delete-time on messages. The friend continued:

          I completely understand the time it takes for messages to get to the relevant people and to be checked. What I don't understand is how you can delete it after it's been intercepted in a MITM attack. It also makes no sense to say avoid postcodes if they can in fact be deleted. Theoretically they could be pulling it from devices every 48 hours but how would you know when that 48 hour point is and even then you would have to trust the other person to delete it as well.

          1. Jason Bloomberg Silver badge

            That's a quote from a scumbag who probably doesn't have a clue what he's talking about, just telling his scumbag mates how he thinks it is and how he imagines it could be dodged.

            I doubt "having no effin' clue" is going to be on the charge sheet.

            1. Anonymous Coward
              Anonymous Coward

              > I doubt "having no effin' clue" is going to be on the charge sheet.

              If that was a thing, 75% of previous-place-of-employment would be behind bars.

          2. Jellied Eel Silver badge

            I completely understand the time it takes for messages to get to the relevant people and to be checked. What I don't understand is how you can delete it after it's been intercepted in a MITM attack.

            You can't. Don't get too hung up on that part. The woman wouldn't (or shouldn't) have known they were being collected by a MITM, just they turned up on her desk 48hrs old. She may have assumed, or been told they were a result of the handsets being compromised and the 'burn' feature may still work. It's unlikely there would have been an office memo explaining exactly how the collection worked because most staff wouldn't have needed to know. And knowing risked someone telling the bad guys, who then try to avoid surveillance as they did in this case. Kind of why this stuff is like magic, and the performers really don't like revealing all their secrets.

            It also makes no sense to say avoid postcodes if they can in fact be deleted.

            But like you say, you wouldn't know the window of opportunity and just figured 24hrs would be enough to hope messages self-destructed, and if they didn't, attempting to conceal stuff like postcodes might protect them. Criminals have been doing that for decades, eg 'Charlie's coming over on the 5th', and LEOs have long been wise to those games.

      2. Terry 6 Silver badge

        Some recent cases in the news give a distinct impression that sentencing guidelines are rather generic and not context sensitive.i.e. no difference between passing on confidential police information and passing on confidential information that endangers a major multi-national campaign.

        1. doublelayer Silver badge

          Yes, this is usually true, with the guidelines giving some basic constraints and the judge using the context to decide what the value should be from the provided range. There are some contexts where the guidelines are specifically modified to consider them, but trying to enumerate them all is tricky, whereas assuming that a judge will produce a number that the writers of the guidelines would have been fine with is easy.

        2. Jellied Eel Silver badge

          Some recent cases in the news give a distinct impression that sentencing guidelines are rather generic and not context sensitive.i.e. no difference between passing on confidential police information and passing on confidential information that endangers a major multi-national campaign.

          I guess that's by necessity. I did a quick look at what misconduct in public office could be, and that's punishable by up to life imprisonment. But then it's a pretty broad bit of legislation covering pretty much any misconduct by anyone in any public office, so could potentially be someone stealing paperclips, dodgy planning applications or nicking billions from the Treasury. Then there's the other more specific charges that could be laid, like the offences under the CMA with their own sentencing guidelines. Then those often include a bunch of aggravating and mitigating circumstances. I think if I were a Judge, part of my decision would be just how heavy the guideline book was, when printed, and I was considering throwing it at the guilty party.

    3. Anonymous Coward
      Anonymous Coward

      You're right, there'll be an awful lot more to the story that's not been released and some of the info that's been released will have been deliberately obfuscated, won't be 100% correct or will be deliberately misleading.

      Encro chat won't be the last operation like this either.

    4. Anonymous Coward
      Anonymous Coward

      Encrochat was a full service, you'd buy a "customised" phone with it installed and pay a subscription to use it so I doubt PayG phones were involved.

      It wasn't a cheap service either so you'd need to be seriously worried about your messaging and making a good chunk of cash to be using it.

    5. doublelayer Silver badge

      I can answer a few of those questions.

      "The fact that even though she worked for the NCA she sent messages to people about it that could be read later.": From what we know, she probably didn't. One of the people she told was stupid enough to send a message to someone else which could be read later. She ended up tipping off someone that was too stupid to hide that, but from the information available, she could have told the criminal about the surveillance in person or on some other safe communication method.

      "The don't use postcodes comment. That's like saying to Amazon don't use postcodes. How are you supposed to deliver stuff?": It meant to not send postcodes through this app. Theoretically, you would send them some other way, or encrypt them separately (no, they're not smart enough), or some other alternative not mentioned. They were trying to limit the data sent through a compromised system without just dropping it for some reason.

      "They reportedly used an update to lift the entire contents of peoples phones. How did people not notice this when their burner PAYG phone ran out of credit rather quickly?": WiFi? In any case, it's unlikely they had that much data to steal. All the text messages I've sent in the past year isn't a lot of data, especially if you compress it first. It is certainly more if you include pictures, but I don't send many of those and it's possible that they started with just all the text and requested images later if they needed them.

      "This supposed 48 hour delay and the ability to delete messages. It's a MITM attack. You can't delete data already intercepted.": The only answers I have for this one involve someone not getting it. One option is that she was telling her friends that their messages were visible about 48 hours after sending, so be careful with any long-term messages sent, and they misunderstood and though they could just delete before that happened. The other option is that she saw that messages were 48 hours old when they came through, so she thought they could delete them beforehand. Either way, someone was getting this all wrong.

      1. Michael Wojcik Silver badge

        Either way, someone was getting this all wrong.

        This. OP's argument rests on the premise that Kay's message was documenting viable OPSEC countermeasures. There's no evidence Kay knew what the hell he was talking about, or for that matter that Mottram herself knew anything more than that EncroChat was compromised.

    6. MachDiamond Silver badge

      "You can't delete data already intercepted."

      Yes, but the system may operate in a way you don't know. If "un-burned" messages get archived every 48 hours and the filth only have access to an archive server, that could explain it. I don't know the particulars so I'm just guessing. It may also be down to how it's taking to plow through the traffic given the number of people they've thrown at it. They can search for keywords, but spelling isn't a big thing with the underworld and euphemisms are used all over anyway. Somebody saying they want to buy a gram and who they've sent the message to identifies what sort of substance they are looking for. The msg might just read "wana g". Good luck on that keyword scan, but a human would understand PDQ.

  6. Anonymous Coward
    Anonymous Coward

    Hello, hello, hello

    Goodbye, goodbye, goodbye.

  7. Howard Sway Silver badge

    are using to intercept forearms

    Is this some kind of secret criminal slang, used so that the police can't understand what they're talking about?

    No, it's the work of the criminal mastermind who decided to warn his friend with a standard text message that encrypted text messages could now be read.

  8. Ideasource Bronze badge

    Sneaky badges got caught

    Regardless of what it's being employed for, I like it when would be sneaks are defeated by a bit of honesty.

    I have no loyalty to either side but I do find police subterfuge especially disgusting.

    To adopt criminal/dishonest practices in the name of fighting crime you lose your moral high ground and represent no better than what you oppose.

    1. IGotOut Silver badge

      Re: Sneaky badges got caught

      Ok. Next time we'll rely on the Police to politely ask people if they are involved in any crime. If they say no,we'll take their word for it, and move on.

    2. Lee D Silver badge

      Re: Sneaky badges got caught

      As Terry Pratchett went to great lengths to point out in his character Samuel Vimes:

      Sometimes you need secret policemen because there are sometimes secret crimes.

      1. Ideasource Bronze badge

        Re: Sneaky badges got caught

        But often the secret police create as much harm or more that's what they oppose.

        Leaving everyone else to pick up the collateral damage for their power struggles to dominate the behavioral landscape.

        With criminals I can make a deal, or provide a physical demonstration, have some trust that the principal of mutually assured destruction will motivate adequately. That combined with the easier marks my neighbors make for have some reasonable sense of security.

        With police involvement then all power choice and opportunity to handle my own business is taken away. They reduce the individual to a sitting duck.

        Police involvement renders one defenseless and paralyzed to take any personal responsibility regarding their own life.

        I prefer having opportunities to be directly effective rather than being reduced to infant like influence in my own affairs.

        Outsourcing personal security to others that have no genuine hard loyalty to you is a living nightmare.

        Not thank you.

        1. Random person

          Re: Sneaky badges got caught

          That only works if you are stronger and richer. If the criminals are stronger or richer or just have more guns or more prepared to die you are fucked.

          You may find the history of Grafton New Hampshire useful.

      2. Potemkine! Silver badge

        Re: Sneaky badges got caught

        Ah yes, a secret police, what a good idea...Let's call it the Secret State Police for instance.

  9. martinusher Silver badge

    I wonder what crimes were being investigated?

    In police-speak all criminals are equally culpable, so "selling a bit of bud" is put on about the same level as robbery, assault and so on. After all, a crime's a crime and being able to mark a crime 'solved' is the goal.

    The bit I'm having trouble with is that relatively low level crime -- street crimes like bad snatching, breaking and entering and so on, all the crimes that directly impact the lives of many -- seem to be ignored while plenty of effort seems to have gone into the detection and prosecution of dealers. Low hanging fruit

    1. Fruit and Nutcase Silver badge
      Joke

      Re: I wonder what crimes were being investigated?

      "selling a bit of bud"

      "Budweiser"? Beer? Some may say that's criminal

      1. KarMann Silver badge
        Pint

        Re: I wonder what crimes were being investigated?

        You mean selling Budweiser, and claiming it's beer?

        1. CrazyOldCatMan Silver badge

          Re: I wonder what crimes were being investigated?

          You mean selling Budweiser, and claiming it's beer?

          Budweiser *is* beer - as long as it's associated with the word "Budvar"..

          The US canoe mouthwash, not so much.

    2. Anonymous Coward
      Anonymous Coward

      Re: I wonder what crimes were being investigated?

      These are good for the numbers which is all they care about.

    3. MachDiamond Silver badge

      Re: I wonder what crimes were being investigated?

      "seem to be ignored while plenty of effort seems to have gone into the detection and prosecution of dealers. Low hanging fruit"

      Sometimes it's due to politics and the narrative of the day. If there's stories about too much availability of drugs on the street or yet another politicians kids OD's, arresting dealers becomes the priority delivered from on high. "On High" being the politicians that formulate and approve the budgets for the police. Ignore them and there will be no shiny new un-rusty cars for you this fiscal year. I swear the police fleet cars from manufacturers are pure crap. Since they usually get decommissioned and replaced every 5 or so years, things like anti-corrosion coatings aren't applied or aren't applied very thick. The high power engine and oversize brakes are worth salvaging. The regular maintenance is often very good so oil is kept topped up and changed on schedule unlike plenty of privately owned cars.

  10. Snowy Silver badge
    Coat

    Thinking about it

    Whatsapp the messages are encrypted but I remember reading that if you allow messages to be backed up to your google account the messages are backed up un-encrypted. Could the same kind of thing be how this is done?

    1. This post has been deleted by its author

      1. Mike007 Bronze badge

        Re: Thinking about it

        By default encryption is off... You have to specifically go in and configure a password to enable encryption.

    2. Fruit and Nutcase Silver badge
      Joke

      Re: Thinking about it

      What a pity that some of the criiminal[political] fratanity didn't use EncroChat phones when they were discussing Covid - the NCA would have been able to provide the messages to the Covid Inquiry that the likes of some very high profile politicians have said are no longer available

    3. Michael Wojcik Silver badge

      Re: Thinking about it

      Could the same kind of thing be how this is done?

      If you're asking how EncroChat was compromised, that was widely covered, including here in the Register, at the time.

      Short version: They compromised the company that developed the software.

  11. Anonymous Coward
    Anonymous Coward

    She should get a medal!

    The corrupt cops are the ones spying. She's a hero.

    1. Benegesserict Cumbersomberbatch Silver badge

      Re: She should get a medal!

      The team that developed EncroChat should get a medal. Culture-hacking the criminal class - "Oh, there's an app / a phone for that, and I got it from a mate so it must be legit" - was an act of genius. They were literally pyramid selling compromised comms word-of-mouth from crim to crim. No-one who was not a crim was compromised by this, because only crims a) needed it and b) found out about it.

      I suspect they hit this individual with as hard a sentence as they could because it was like the Enigma secret. Once it got out that it was compromised, the word was out, the system would change and any advantage would be lost, possibly compromising operations in progress.

      Great while it lasted, though.

  12. MachDiamond Silver badge

    Bad selfie, bad

    Taking a selfie of oneself is not a good move. The wide angle lens and close proximity makes you look goofy/fat. People in the habit of taking selfies will also do it a lot more when drunk/on drugs. The criminal class seem to get a big rush by filming themselves committing crimes and also documenting what they have stolen/done for some sort of criminal network social credit. The police love that since a defense attorney is up against it to get their client off when said client has peached on themselves in a way that's easy to analyze frame by frame.

    I am recalling one such case where the police wrongfully shot a young black male in the US that wasn't doin nuffin. Welllllll, the guy was streaming himself live on FB through the whole last hour or so of his life including his shooting at the police with a hand gun he'd posted selfies holding on FB previously over the course of some months. The people in the street suddenly had a lot of egg on their faces when that was released. Still, didn't matter, the police are fascists and totally at fault. That night of randomly firing by the gut into buildings while driving around downtown whose video was also found on the phone was just youths blowing off some steam in the weekend. Very clear photos of the same gun as it was highly personalized.

    An encrypted messaging system can be very useful but just like getting a computer, it doesn't make you any smarter and maybe the does the opposite. There's nothing like a computer to make mistakes bigger and faster. There's nothing like believing that an encrypted service is perfect and letting it lull you into a sense of invincibility. Why did the letter FSD pop into my head. Hmmm.

  13. chuckufarley Silver badge

    To be so young...

    ...and so wrong. I can't say I approve of her actions but I don't think years in prison is an accurate punishment. Now making her spend years writing the "Authorized Computer Use" parts of our employment contracts is closer to the mark, but still you can't make her change. Only she can do that.

  14. Anonymous Anti-ANC South African Coward Bronze badge

    Corrupt cops...

    ...are the worst.

    Especially in Africa.

    Wish we could get a Terminator/Robocop/Judge Dredd to sort out these sicko people for once.

    1. Benegesserict Cumbersomberbatch Silver badge

      Re: Corrupt cops...

      His name was Chappie.

      1. Anonymous Anti-ANC South African Coward Bronze badge

        Re: Corrupt cops...

        Ah yes, thanks for reminding me of Chappie.

  15. Electronics'R'Us
    Holmes

    Official Sensitive

    The security classification Official Sensitive is rather low and roughly equates to the old Restricted.

    Access to that simply requires a BPSS (Baseline Personnel Security Standard) background check which is a very basic criminal records check. It does not require a SC (Security Check) which is required for those who handle Secret. Just what checks had been made on this person remains something of a mystery (there is a counter terrorism check which is not much different from BPSS).

    That said, divulging anything protectively marked is a violation of the official secrets act which everyone is covered by. The typical 'they signed the official secrets act' statement means very little. Signing the form means you have had your responsibilities under the act highlighted. Even if you don't sign it, you are still (within the UK) subject to it.

    I remember when newspapers would come onto a base and get stamped 'Restricted' Hilarious in a way.

    Still, it is pretty dumb to take a selfie with a classified document (albeit of probably little intelligence value) clearly in view.

  16. navarac Silver badge

    Misleading headline (Not actually a cop?)

    I believe she was a civilian worker rather than a warranted Police Officer. Same rules apply though.

  17. Anonymous Coward
    Anonymous Coward

    EncroChat Is Secure! Signal E2EE Is Secure! WhatsApp E2EE Is Secure!

    .......and so on.......

    Why do people out there rely on HUGE INTERWEB CORPORATIONS to guarantee (!) their privacy?

    Why not just do it yourself for your own group of privacy sensitive folk?

    That way, your private encryption gives the spooks EVEN MORE heavy lifting do do!!

    Reading List

    - Applied Cryptography, Schneier, 1996 and 2016

    - Cryptography Engineering, Ferguson/Schneier/Kohno, 2010

    Code Links

    - Daniel Bernstein, https://cr.yp.to/chacha.html

    - Daniel Bernstien, https://cr.yp.to/ecdh.html

    Enjoy!!

    1. Anonymous Coward
      Anonymous Coward

      Re: EncroChat Is Secure! Signal E2EE Is Secure! WhatsApp E2EE Is Secure!

      Oh.....I forgot.......much of this discussion assumes that a single pass of some encryption scheme (e.g. AES) is "enough" to get the job done.

      Well.....no......a reasonable recommendation is perhaps three passes (with three random keys).......

      ......that way the spooks can't ever know if they have actually decrypted the last pass correctly!

      Did I mention "heavy lifting"?

  18. Anonymous Coward
    Anonymous Coward

    odd

    odd that non violent gets years, and they let people off with a fine and a little community service when they bash somebody's head in.

    1. stewwy

      Re: odd

      If it's the Met, she'd be guilty because she was female, I bet few of their mates were found in the sweep.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like