Encryption is becoming more and more of a problem for the police

Criminals using encryption on their computers have become a problem for the police. There are numerous publicly known cases that prove this.

German version

Take a look at the family photo linked here (unfortunately, for copyright reasons, I can’t include it directly in the article). The picture shows the US-American beautician Susan Powell (1981-?) with her husband Joshua and their two children.

But if you think you are looking at a happy family, you are mistaken.

The Susan Powell missing persons case

Susan and Joshua Powell married in 2001, and they had two sons. But the marriage quickly hit a serious crisis. Joshua couldn’t handle money, gave his spouse little space and threatened her. In a self-taped video, Susan Powell says, “If I die, it may not be an accident, even if it looks like one.”

On December 6, 2009, Susan Powell disappeared without a trace. Her husband became entangled in contradictions during police questioning, but they could not prove anything. It is hard to believe that Susan Powell is still alive, but her body was never found.

During a search of the house, police found an encrypted hard drive that belonged to Joshua Powell. Investigators would have liked to examine the contents of this disk, but Powell stated that he had forgotten the password (from which the key for the encryption is generated). Police tried to determine the password with a dictionary attack (programs like Hashbull exist for this purpose), but to no avail.

In 2012, Joshua Powell and his two sons died in an explosion. Police assumed it was a suicide. Susan Powell remains missing to this day. Her husband’s hard drive has never been decrypted.

 

Good encryption cannot be broken

Not only the Susan Powell case shows: Encryption technology in the hands of criminals has become a problem for the police. I have blogged on this topic many times and also created a list of relevant cases. I used this list to give a presentation at the RSA conference in San Francisco in 2016. Since then, I have admittedly neglected this collection of cases somewhat, but I intend to change that now. If any reader knows of a criminal case in which the police had to deal with encrypted computer data, I would appreciate a tip.

In the meantime, the aforementioned problem has led to numerous reactions and proposals for solutions. Politicians are calling for legal backdoors, and code-breaking authorities are being set up. However, none of this should play a role today. Instead, this article is about criminal cases in which police have encountered encryption. My list cites the following examples, among others:

  • As part of the VW diesel scandal, police investigated 1500 laptops. Many of them were secured with encryption software, and investigators had great difficulty obtaining the passwords.
  • On June 8, 2015, Ray C. Owens, a U.S. citizen from Evanston, Illinois, was shot dead in his car. Police found two smartphones with the body: an iPhone 6 and a Samsung Galaxy S6 Edge. The data on both devices was encrypted. To decrypt them, the correct passwords were needed.The police were unable to determine them and found no other way to crack the encryption. The killer was never identified.
  • Ross Ulbricht, the operator of the illegal platform Silk Road, also used various forms of encryption. In the end, however, this did not protect him from arrest, nor did it protect him from a richly excessive sentence.
  • Canadian photographer Justin Gerard Gryba was suspected of producing child pronography. The police confiscated an encrypted data carrier from him. After a two-and-a-half-year search, investigators managed to guess the password in 2014. Gryba was sentenced to two years in prison.

 

Maskenmann

Quelle/Source: Phantombild

  • On April 15, 2011, the police arrested 40-year-old educator Martin Ney. He was the infamous “mask man” who had killed several children and sexually abused numerous others. Ney possessed several encrypted data carriers. However, he refused to hand over the password. The police dictionary attacks ran for years into the void. Only years later, when he had long since been convicted, did Ney come to his senses and reveal the secret words. According to police, no relevant information was found on the records.
  • On April 24, 2015, Brittney Mills, a U.S. citizen, received a visit. The person, who was standing in front of the door of her apartment in Baton Rouge (Louisiana), possibly wanted to borrow Mills’s car. When she refused, she was shot. The killer escaped unidentified. Investigators wanted to examine the slain woman’s iPhone, but the iPhone’s iOS 8 operating system had strong encryption built in. Police tried to determine Mills’ iPhone password – in vain.
  • Encrypted data was found on the laptop of former BND employee Markus R., who is said to have spied for the CIA. Neither the BND nor the Federal Office for Information Security (BSI) managed to crack the encryption.
  • In 2012, police in Hamburg arrested the Swiss neo-Nazi Sébastien Nussbaumer. He was suspected of gunning down a man. During house searches, the police found several encrypted data carriers. Apparently, they did not succeed in decrypting them.
  • In 2014, Miami police tried to arrest businessman Jonathan Kent Lee (50) at his home. An acquaintance had alerted investigators to him after he proudly showed him some child porn. Lee managed to escape, but during his flight he fell from a garage roof and died. Investigators later found about 3,000 child pornography photos on a laptop and also evidence that Lee had molested a girl. Officers also came across two external hard drives with encrypted content encoded on them. They were unable to decrypt them.

 

The San Bernardino attack

Probably the most famous criminal case involving computer-based encryption occurred in 2015. On December 2 of that year, two people in camouflage suits stormed into the room at the Christmas party of a health authority in San Bernardino (California) and fired wildly with assault rifles. After only about four minutes, they took flight. Both later died in their car in a hail of police bullets as they fled. The result: 14 fatalities (not counting the perpetrators) and 22 injured.

Farook-car

Quelle/Source: Wikimedia

The perpetrators were quickly identified: Syed Farook, an employee of the health authority, and his wife Tashfeen Malik. Farook had left the Christmas party and returned – heavily armed and with his wife as an accomplice. Both Farook and Malik were Muslim.

The background to the crime is not fully understood. Apparently, Farook and Malik were not members of a terrorist group. They had not committed any criminal acts before the crime. Nevertheless, the circumstances speak for an act with a Muslim-terrorist background.

The police found an iPhone on Syed Farook’s person. It was secured with a password. The iPhone operating system iOS uses the password to derive a key that encrypts almost the entire contents of the iPhone. Thus, the police could not access the iPhone data. Trying out a few passwords on suspicion was forbidden, because after ten incorrect entries the built-in encryption program deletes all data.

The FBI has now asked Apple for help. It is clear that Apple does not have a master key that can easily decrypt an iPhone. However, Apple could do something. The company knows exactly how the built-in encryption program works and therefore knows where certain information is stored in the memory.

However, Apple refused to assist the police with decryption – even though the company was even ordered to do so by a court order. Apple feared a precedent and wanted to prevent doubts from arising about the security of iPhone encryption.

In the end, the police managed to decrypt the smartphone without Apple’s help. However, they did not find any relevant information on it.

Conclusion

Criminals who use encryption will undoubtedly keep us busy for a while yet. Therefore, my list will certainly grow. Maybe my readers can help me to update it.

If you want to add a comment, you need to add it to the German version here.


Further reading: Wie die Polizei verschlüsselt mit einem Millionen-Erpresser kommunizierte

Linkedin: https://www.linkedin.com/groups/13501820
Facebook: https://www.facebook.com/groups/763282653806483/

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.