In the middle of the summer of 2017 the popular VPN service HideMy.name in Russia was blocked by the decision of Medvedev district court of Yoshkar-Ola. The reason is the presence on the site of a book written in 1924 in the prison of Landsberg city by the former corporal of Austrian origin Adolf Hitler.
This is a great example of a threat... no, not of planting digital evidence, but the Internet censorship. In the case described the court found on the site something that had never been there, that is rather a threat to common sense and it has no direct relation to IT security. The VPN service allowed to bypass government blockages, it was popular with users and there were no official reasons for restricting access to it.
But sometimes it happens that law enforcement agencies especially in developing countries and malefactors plant digital evidence and they can plant it to anyone even to the highest ranking official.
There is no need to seek example for a long time: one day Czech President Milos Zeman being in his summer residence at Lama Castle discovered on his computer materials containing child pornography. Experts investigating the incident found that the files were downloaded by a hacker from the US IP-address.
Another example is already from the Russian realities. Konstantin, whose surname we are going to omit at his request, worked as a journalist in a provincial newspaper. Because of one journalistic investigation, he had a conflict with the main character of the article and with the editor, who strongly did not recommend publishing the material. Konstantin received a lot of blusters, one of which came true.
A colleague gave him password-protected archives with the investigation on the flash drive, only three files and a password to them. Two files opened successfully and they contained very interesting data, but the third password did not fit. A colleague said that he would look on later, maybe he confused the passwords a little bit.
But the next day Konstantin did not need a password, as some people in civilian met him at work, presented IDs, briefly reported about suspicions of possessing child pornography and asked to have a look at his working laptop. Konstantin gave access, because he had no pornography, especially children one.
However, the criminologist found the encrypted archives, somehow suspiciously simply picked up the passwords for them, and in the third one, that one where the password was not suitable, child pornography was found. Konstantin was arrested, he had a year of humiliation and court proceedings, dismissal from work, the collapse of his career, financial and family problems.
But in the end Konstantin was acquitted. Probably no one planned to send him to prison, the task was to discredit and dismiss him. Do you think the case with Konstantin is single one?
In the network you can find many similar stories. For example, the coordinator of one of the headquarters of the opposition Alexei Navalny, Vladimir Dubovsky was arrested for 8 days for posting an extremist song on his social networking account.
According to the arrested, he did not post the song, it was probably posted by an employee of the Center for Countering Extremism, to whom he gave out data for accessing the social networking account upon official request.
One popular misconception
Through a feedback form, I got a question from a user whether law enforcement officers are able to upload files on their own containing law violations during a search for further criminal prosecution?
Of course they can, if you get full access to a computer, nothing prevents them from doing so, but any forensic examination, which is mandatory in a criminal case, will immediately determine how and when the file was placed on the computer, so such employees may face serious problems. Therefore, this is the way to plant digital evidence the smallest one to be afraid of.
How to protect yourself from planting digital evidence
Encrypt all your data
Learn the secrets of safe working with cryptocontainers
Simply creating and starting to use crypto containers is not enough, even with a strong password. There are a number of important recommendations that you definitely need to get acquainted with.