Internet privacy and security course
About translation
Previous Next

Chapter 108

The 3 mistakes of Russel Knaggs, or 20 years of imprisonment for a “deleted“ email.

Drugs are a big evil, I am in no way defending drug dealers here, but you can learn a lot from the mistakes that led to their arrests. This chapter looks at the three mistakes of trafficker Russel Knaggs that led him to a life sentence in a top security prison.

In one of the previous chapters I told you about the mistake that landed the owner of the biggest online drug marketplace Ross Ulbricht into jail to serve a life sentence. His days were numbered when an undercover FBI agent distracted him, while the other agent grabbed Ulbricht's laptop with decrypted data to access the forum. However unfeasible it may seem, there are effective ways to prevent unathorized access to such decrypted data, and I have already described how they work in this course.

The mistakes described in this chapter cost only 20 years in jail. When writing this article, it took me some time to decide which part of the course it better fits: email or stenography. Since email was just a tool to hide the communication, this chapter is about stenography.

You probably know that the web clients (websites) of email services have auto-save function that saves messages that can be sent later. Many services automatically save any user's draft.

Russel Knaggs, an inmate of a British top security prison on drug-related charges, knew about this function and devised a brilliant plan on how to import 5 tons of cocaine hidden in crates of fruit to the UK from Colombia, and just as brilliant a way of safe email communication among the conspirators.

Russel Knaggs' brilliant scheme was supposed to work the following way: one of the conspirators would log in to a Yahoo email account,  write a draft email and without actually sending it saves the contents of the email in a draft. An accomplice would later log in to the account, read the email's draft, responding to it in the same manner.

 The criminals believed that if they were using a draft and then deleted it, the email won't be saved on Yahoo's email server. This was Knaggs' first mistake who wasn't actually using the email account himself.

Important

Even drafts you delete can be saved on a mail client's server and handed over at the request of law enforcement.

Your email client saves even the history of your draft edits. For instance, you want to send the email “Hello, my phone number is +1 (213)-77 -77“ through Gmail's web interface, you enter this text into the form and then decide you are better off without Google knowing your phone number.

Perhaps you have read Edward Snowden's or Julian Assange's leaked documents about Google's cooperation with NSA. Or maybe you've seen targeted advertising related to the contents of the email you've just sent and realized that Google analyzes your messages. All in all, you want to hide your phone number or part of it using Privnote. This is a sensible decision, however you've already entered your text into the email form and the data were already saved on Google's servers. In this case you should either write your email in a text editor or give a Privnote link instead of your data, or you can get an email app that can be securely installed, for instance, Thunderbird.

Important

Many web clients save any texts you enter on their servers or save any data you enter at periodic intervals. This way the email clients' servers save the history of changes as you write your email even if the email is never sent.

The messages you enter in the form are saved not only by email clients but by instant messaging services, for instance, by Telegram.

Yahoo has produced all the data over six months including the deleted drafts. This data including other incriminating evidence led to a 20-year drug trafficking conviction for Russel Knaggs.

 There is probably no email service that is so unsafe as Yahoo. You must've heard about the hacking of Yahoo affecting all three billion accounts which was kept by the company in secret for years. Surprisingly, but few users are actually aware of Yahoo's fruitful cooperation with intelligence agencies.

Use @Yahoo? They secretly scanned everything you ever wrote, far beyond what law requires. Close your account today.
Edward Snowden

The above quote was prompted by the scandal that followed after it was revealed that Yahoo had passed the access to its servers to intelligence agencies. This allowed them to scan all emails using content analysis systems. Using a Yahoo account was Knaggs' second mistake.

Tip

Don't use Yahoo.

If you need to use an email service, instead of Yahoo, Gmail, Yandex, create an account with Protonmail, disabling logging and enabling two-factor authentication in the settings. 

Overall, using an email client for concealing the contents of your messages is an interesting option, but you should make sure your communication is encrypted, for instance, through a plugin in your browser or at least use a one-time-use notes service Privnote. Lack of encryption was Knaggs' third mistake.

Of course, to connect to an email client, you are supposed to use Tor or VPN. If you get paranoid, you can set up traps if someone else has obtained access to your information. Don't forget to use strong and reliable password and login, securely store them, and, of course, apply these secrets of hacker's passwords.

Previous
5544
Next