The FBI headquarters in Washington. The bureau has resources to recover stolen cryptocurrencies that are beyond the reach of most law enforcement agencies. Photo / Stefani Reynolds, The New York Times
The FBI scored two major victories, recovering a Bitcoin ransom and tricking lawbreakers with an encryption app. But criminals may still have the upper hand.
Whether it was gangsters a century ago speeding off in faster getaway cars or terrorists and hackers in recent decades who shielded their communications throughencrypted apps, criminals have perennially exploited technology to stay a step ahead of law enforcement.
The FBI struck back in the past week with a pair of victories: a seizure of most of the US$4 million ($5.6 million) ransom in Bitcoin that Russian hackers extorted from a US pipeline operator and the announcement of a years long sting where thousands of suspects were duped into using a messaging app secretly controlled by authorities. More than 800 people were arrested in more than a dozen countries.
The breakthroughs came in part because law enforcement officials learned how to leverage two rapidly advancing technologies — encryption and cryptocurrencies — that had previously been a boon for criminals.
Yet the events did little to fundamentally alter the challenges for authorities in an increasingly digital world, according to former law enforcement officials, prosecutors, historians and technology experts. The global sting is highly unlikely to keep criminals from using encryption and could encourage them to go even further underground, experts said. And while the FBI has shown that it can recover stolen cryptocurrencies, doing so requires resources beyond the reach of most law enforcement agencies.
Ultimately, the cases were the latest iteration in the decades long back and forth between lawbreakers and the FBI in which both sides have seized on technological advances, whether it is criminals hiding behind encryption or investigators exploiting facial recognition, drones and other mechanisms.
"You get a sharper sword; they get a stronger shield. The greed of the bad guys is always stronger than the reach of the good guys," said Tim Weiner, author of Enemies: A History of the FBI. "That's not just the story of the FBI; it's been true throughout the history of warfare."
Now law enforcement agencies are seeking more access to digital devices, sometimes buying hacking tools from the private sector, and urging lawmakers to give them more power to track suspects.
"This does not end the debate on encryption," said Joseph DeMarco, a former federal prosecutor in Manhattan who has spent years working on cybercrime. "It shows that law enforcement is willing to design flanking manoeuvres to go around encryption obstacles. But the debate about whether or not those workarounds are adequate will continue."
Law enforcement gains
Technology has not been all bad for the police. Beyond facial recognition and drones, authorities in the United States use gunshot detectors and devices that simulate cell towers to surreptitiously connect to suspects' phones and determine their location.
Law enforcement also has an advantage when it gets hold of digital devices. Despite claims from Apple, Google and even the Justice Department that smartphones are largely impenetrable, thousands of law enforcement agencies have tools that can infiltrate the latest phones to extract data.
"Police today are facing a situation of an explosion of data," said Yossi Carmil, CEO of Cellebrite, an Israeli company that has sold data extraction tools to more than 5,000 law enforcement agencies, including hundreds of small police departments across the United States. "The solutions are there. There is no real challenge to accessing the data."
The police also have an easier time getting to data stored in the cloud. Technology companies like Apple, Google and Microsoft regularly turn over customers' personal data, such as photographs, emails, contacts and text messages, to authorities with a warrant.
From January 2013 through June 2020, Apple said, it turned over the contents of tens of thousands of iCloud accounts to US law enforcement in 13,371 cases.
And Friday, Apple said that in 2018, it had unknowingly turned over to the Justice Department the phone records of congressional staff members, their families and at least two members of Congress, including Representative Adam Schiff, D-Calif., now the chair of the House Intelligence Committee. The subpoena was part of an investigation by the Trump administration into leaks of classified information.
Challenge of encryption
Yet intercepting communications has remained a troublesome problem for the police. While criminals used to talk over channels that were relatively simple to tap — like phones, emails and basic text messages — most now use encrypted messengers, which are not.
Two of the world's most popular messaging services, Apple's iMessage and Facebook's WhatsApp, use so-called end-to-end encryption, meaning only the sender and receiver can see the messages. Not even the companies have access to their contents, allowing Apple and Facebook to argue that they cannot turn them over to law enforcement.
Authorities' frustration has prompted them to target smaller encrypted apps favoured by criminals. In July, the police in Europe said they hacked into one called EncroChat, leading to hundreds of arrests.
That pushed many criminals onto a new service, Anom. They had to buy specialized phones with few working features, aside from an app disguised as a calculator. With a code, it would turn into a messaging app, Anom, that claimed to be encrypted.
In fact, the FBI created Anom. The bureau and the Australian police started the operation by persuading an informant to distribute the devices to criminal networks, after which they caught on by word-of-mouth. After three years, Anom had more than 12,000 users.
Criminals felt so comfortable on the service that they stopped using coded language, sending photos of smuggled cocaine shipments and openly planning murders, the police said. And when authorities obtained court approval to surveil any Anom users, they could easily monitor their messages.
But when the police carried out hundreds of arrests and detailed the scheme to news cameras this past week, the ruse was over. Authorities were once again in the dark.
An attractive tool for criminals
For years, Bitcoin and other digital currencies were the coin of choice for international criminal syndicates. The qualities that make cryptocurrencies attractive — decentralisation and anonymity — make them great for theft, ransom and selling drugs.
Getting paid used to be the hardest part of holding something or someone hostage, said Ross Anderson, a cybersecurity researcher at the University of Cambridge who studies how the police and criminals use technology.
"It's easy enough to grab the heiress or her dog, but the problem then is that when you threatened to cut her ear off and asked Mr. Rockefeller to send you a large suitcase full of dollar bills, the police tagged along, or they put a radio transmitter in it," he said. "With Bitcoin, you can get actually quite substantial extortion amounts, like seven- and eight-figure sums, which can be delivered instantaneously to Russia or North Korea or wherever."
That new model fueled a surge in ransomware attacks, where hackers take control of a person's or company's computers and demand a ransom. Recorded Future, a security company that tracks such attacks, estimated that last year, one attack occurred every eight minutes.
Ransomware attacks have recently hit hospitals, meatpackers, minor league baseball teams and the ferries to Martha's Vineyard. Many companies pay the ransoms because it is easier and faster than alternative solutions, despite also giving hackers more incentive.
Yet the Colonial Pipeline case showed that the police could also use cryptocurrencies to their advantage. Each transaction is recorded in a public ledger, making the money traceable even as it travels from one anonymous account to the next. That means that law enforcement with enough money and know-how can typically hack into an account and snatch back the money.
But hacking can be expensive and time-consuming, leaving few agencies outside the FBI with the ability to do it.
The 21st-Century fight
The history of the cat-and-mouse game between the police and criminals is long. In the 1920s, bandits realized that cars could allow them to rob a home or bank and quickly escape to the next county or state, where the police would be less interested in solving the crime.
"It took something like 50 years for the police to catch up with regional crime squads and police national computers and eventually with automatic plate number recognition," Anderson said. "But for a while, the existence of the car meant that it was a fun time for the gangsters."
Today, law enforcement's eagerness to keep up has spawned a rapidly growing industry dedicated to extracting suspects' communications data. Cellebrite, the Israeli company, said its sales increased 38 per cent in the first quarter to US$53 million as more police departments bought its tools to hack into suspects' phones.
At least 2,000 law enforcement agencies in all 50 states have such tools, including 49 of the 50 largest US police departments, according to Upturn, a Washington nonprofit that investigates how the police use technology.
Still, some of the nation's top law enforcement officials have asked for more from tech companies and lawmakers. Cyrus Vance Jr., the Manhattan district attorney, told Congress in 2019 that data extraction tools were expensive and unreliable. They can sometimes take weeks or even years to crack into a phone, he said.
"There are many, many serious cases where we can't access the device in the time period where it is most important for us," Vance told lawmakers.
Apple said security researchers agreed that the iPhone is the most secure device on the market. Google declined to comment.