Patrianna Napoleon, Counterintelligence and Cyber (CICYBER) Team; Owen Saturnia, Michael Shoesmith, and Jonathan Petrovitch, Weapons and Tactics (W/T) Team
Week of Monday, November 22, 2021
Criminals have increasingly used encrypted channels, like Telegram and Signal, as a method of communication in order to avoid law enforcement detection. Criminals are utilizing these channels to plan, execute and discuss their operations. On June 8, 2021, a US-led law enforcement operation by the Federal Bureau of Investigation (FBI), with the assistance of 16 other countries, developed an encryption company called ANOM that serviced over 12,000 encrypted devices for over 300 criminals, including drug traffickers and international crime organizations. ANOM targeted criminals by offering encrypted communication devices and publishing them on the dark web for criminals to obtain them, enabling them to eavesdrop and intercept communications as criminals were using the devices. Criminals will likely increase their use of asymmetric encryption to continue their communications, which allows them to use two separate keys to encrypt and decrypt the message. This is likely to make it more difficult for law enforcement agencies to identify and track criminal communications. Despite a joint operation by the United Kingdom (UK) and EU governments to hack into the popular encrypted service Encrochat, resulting in the conviction of over 1000 criminals, developments in end-to-end (E2E) encryption are likely to quickly fill this gap. It is likely that as cryptocurrencies become a popular form of currency, there will be significant investments into encryptions with increasingly complex access keys. Criminal organizations will very likely utilize this to evade law enforcement.
Criminals use encrypted communications to disguise their attacks, which often use malware and other computer viruses to infiltrate individuals’ private information on the web. As technology becomes more readily available, more criminals will likely have access to asymmetric encryption. Asymmetric encryption, which requires a pair of linked public and private keys to access data between recipients, will enable criminals to confirm that the messages they have received are from the intended sender and not from an impersonator. It is likely that criminals will use asymmetric encryptions to maintain communications as a result of the added security it offers. Law enforcement will likely need to adapt their decryption tactics to counter criminals using asymmetric encryption.
Government third-party encryption programs, such as the United Kingdom’s Government Communications Headquarters (GCHQ) “ghost protocol,” require the messaging service to authenticate their participation in the third-party encryption. However, future policies similar to GCHQ’s initiative will likely conflict with countries that have strict privacy laws, which require warrants before collecting personal communications. Even with court-issued wiretapping warrants, law enforcement agencies will likely be unable to predict the movements or imminent operations of criminals who maintain secure encryptions to protect their communications. Complex encryptions will likely require deciphering programs to decode them by systematic guesses of digit combinations. These decryption operations will likely be time-consuming for law enforcement because encrypted communications can have millions of potential combinations. Encryptions with multiple security keys almost certainly require significant time to locate, identify, and decrypt, making it unlikely that law enforcement will be able to identify potential threats before they occur. Although law enforcement agencies have penetrated criminal encryptions, police decryption operations like the FBI’s ANOM operation in 2021 took three years to execute successfully. Criminals with secure encrypted communications will likely be able to continue to plan and execute large-scale and coordinated attacks during the time it takes law enforcement authorities to build their cases.
In response to law enforcement sting operations using third-party encryption, criminals will likely create their own encryption services rather than relying on outside compromised vendors. Their encrypted communications will likely allow them to hide cybercrime activities such as committing identity theft. However, the open-source encryptions made by criminal groups will likely not be secure enough to avoid detection from government cybercrime units. As a result, criminal groups will likely attempt to increase their finances using cryptocurrencies in order to better develop their own encryptions or invest in more secure methods of communication. This will likely allow criminal groups to continue their illegal operations despite law enforcement attempts to track their communications.
Criminals and terrorists use encryption communications to hide their money transfers and protect against hacking schemes that incorporate malware and ransomware that target their financial assets. Cryptocurrency transfers are a form of encrypted communication that criminals will very likely use to evade authorities from seizing their finances, because the currency is secure and difficult to trace. The increased use of cryptocurrencies will likely lead to the investment of encryptions with complex access keys. As criminals will likely expand their assets with the use of cryptocurrencies, they will likely be able to invest in cutting-edge encrypted communications with higher effectiveness and security. This will likely allow them to stay ahead of developing police decryption efforts and use online currencies to fund future cyber and real-world attacks.
Criminals will likely favor the use of cryptocurrencies to buy equipment, weapons, and facilities to support their activities, as private businesses are increasingly accepting cryptocurrencies as payment for their products and services. National governments will likely be unable to track and seize criminals’ finances and transactions because they can convert their stolen money into cryptocurrencies like bitcoin, which are not controlled or regulated by a government body. Governments could likely seek to counter criminals using cryptocurrencies in their covert financial dealings by passing laws requiring government oversight on the currency. However, governments and international regulating organizations will likely have difficulty implementing successful regulations of cryptocurrencies as they are global currencies that do not fall under one nation's jurisdiction. Although countries like China have outlawed cryptocurrency transactions or mining, the restrictions led to an overall increase in bitcoin’s valuation. Banning cryptocurrencies entirely will likely not prevent individuals from using them.
Law enforcement agencies will continue to establish fake encryption services like the FBI’s ANOM to attract criminals into using communications which enable law enforcement agencies to monitor their activity. Future eavesdropping operations will likely wait until they can implicate a larger criminal network before arresting individuals using compromised devices. Interconnected criminal communications will likely allow law enforcement to map out the extent to which organizations such as drug traffickers and violent gangs are working together. Terrorist networks frequently use criminals to access weapons and money, and it is likely that they rely on encrypted communications to contact criminals and maintain their operational security. By opening a “backdoor” – opening up either end of the E2E encryption to bypass encryption without detection –, the communications are no longer encrypted and third parties could almost certainly access the decrypted data. Law enforcement efforts targeting encrypted criminal communications will likely enable them to track larger networks of terrorist and criminal groups, including drug traffickers and violent gangs, that are connected through encrypted communication channels.
Any attempts to limit the use of encrypted communication channels should be done without restricting the liberty of others utilizing the platforms. If platforms utilizing E2E encryption open a “backdoor,” all users of the platforms will be more vulnerable to cyberattacks, as messages sent and received are likely to be intercepted by unintended actors. Opening any of the backdoors of the encryption would very likely make E2E encryption more vulnerable to cyberattacks from both non-State actors, like cybercriminals and terrorist groups, and national governments seeking to undermine a rival State’s security infrastructure. If a third party accesses the decrypted data, they could very likely use it for financial profit, impersonation, or any other means to obtain a reward.
The Counterterrorism Group (CTG) recommends law enforcement agencies continue developing and executing encryption operations like ANOM to infiltrate criminal networks and undermine the integrity of encryption for criminals. Persistent arrests through compromised encryption police efforts will likely disincentivize the communication tactics for criminals as it will no longer appear to provide enough operational security for their activity. International police cooperation will almost certainly be vital towards identifying, tracking, and prosecuting criminals under future sting encryption operations as organized crime continues to collaborate across borders. CTG recommends that individuals and businesses regularly update and maintain their devices up-to-date to prevent outside threats from entering the systems through any backdoor located in E2E communications. Establishing a brand-name patch management program will help avoid backdoor entries like ransomware attacks.
CTG will continue to monitor the development and evolution of encrypted communications by criminals across the globe. The Weapons and Tactics (W/T) Team and Counterintelligence and Cyber (CICYBER) Team will continue to analyze criminal organizations using encryption methods and provide insightful recommendations for countering their operations. CTG will track law enforcement operations against encrypted criminal networks and future encrypted cyberattacks through CTG’s Worldwide Analysis of Threats, Crime, and Hazards (W.A.T.C.H.) reports.
The Counterterrorism Group (CTG) is a subdivision of the global consulting firm Paladin 7. CTG has a developed business acumen that proactively identifies and counteracts the threat of terrorism through intelligence and investigative products. Business development resources can now be accessed via the Counter Threat Center (CTC). The CTG produces W.A.T.C.H resources using daily threat intelligence, also designed to complement CTG specialty reports which utilize analytical and scenario-based planning. Innovation must accommodate political, financial, and cyber threats to maintain a level of business continuity, regardless of unplanned incidents that may take critical systems offline. To find out more about our products and services visit us at counterterrorismgroup.com.
________________________________________________________________________ The Counterterrorism Group (CTG)
 “Migration Moments: Extremist Adoption of Text Based Instant Messaging Applications,” Global Network on Extremism and Technology, 2020, https://gnet-research.org/wp-content/uploads/2020/11/GNET-Report-Migration-Moments-Extremist-Adoption-of-Text%E2%80%91Based-Instant-Messaging-Applications_V2.pdf
 Encryption and Crime: The Case for a Transatlantic Encryption Alliance, Center for European Policy Analysis, June 2021, https://cepa.org/encryption-and-crime-the-case-for-a-transatlantic-encryption-alliance/
 800 criminals arrested in biggest ever law enforcement operation against encrypted, Europol, June 2021, https://www.europol.europa.eu/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication
 What is Asymmetric Encryption? Understand with Simple Examples, Savvy Security, January 2021, https://cheapsslsecurity.com/blog/what-is-asymmetric-encryption-understand-with-simple-examples/
 The EncroChat police hacking sets a dangerous precedent, Al Jazeera, July 2020, https://www.aljazeera.com/opinions/2020/7/25/the-encrochat-police-hacking-sets-a-dangerous-precedent
 Study Reveals Hackers Increasingly Use Encryption to Hide Criminal Activity, Lifeline Data Centers, n.d., https://lifelinedatacenters.com/data-center/hackers-use-encryption/
 Symmetric vs. Asymmetric Encryption: What's the Difference?, Trenton Systems, May 2021, https://www.trentonsystems.com/blog/symmetric-vs-asymmetric-encryption
 Apple and WhatsApp condemn GCHQ plans to eavesdrop on encrypted chats, The Guardian, May 2019, https://www.theguardian.com/uk-news/2019/may/30/apple-and-whatsapp-condemn-gchq-plans-to-eavesdrop-on-encrypted-chats
 What is encryption? | Types of encryption, Cloud Flare, n.d., https://www.cloudflare.com/learning/ssl/what-is-encryption/
 How an app to decrypt criminal messages was born ‘over a few beers’ with the FBI, The Conversation, June 2021, https://theconversation.com/how-an-app-to-decrypt-criminal-messages-was-born-over-a-few-beers-with-the-fbi-162343
 Money: communicative functions of payment and price, Liz Moor, Consumption Markets & Culture, June 2017 https://www.tandfonline.com/doi/full/10.1080/10253866.2017.1359953
 Why Governments Are Wary of Bitcoin, Investopedia, September 2021, https://www.investopedia.com/articles/forex/042015/why-governments-are-afraid-bitcoin.asp
 China ‘Banned’ Crypto. Can The SEC Try Doing The Same?, Forbes, October 2021, https://www.forbes.com/sites/kenrapoza/2021/10/11/china-banned-crypto-can-the-sec-try-doing-the-same/?sh=14bb298e455c
 FBI’s Encrypted Phone Platform Infiltrated Hundreds of Criminal Syndicates; Result is Massive Worldwide Takedown, United States Department of Justice, June 2018, https://www.justice.gov/usao-sdca/pr/fbi-s-encrypted-phone-platform-infiltrated-hundreds-criminal-syndicates-result-massive
 Transnational Organized Crime: A Growing Threat to National and International Security, The White House Barack Obama, 2017, https://obamawhitehouse.archives.gov/administration/eop/nsc/transnational-crime/threat
 Why building backdoors into encryption won’t make us safer, Help Net Security, May 2020, https://www.helpnetsecurity.com/2020/05/26/backdoor-encryption/