Our Research Manager and comms data expert, Will Metters, looks at the changing trends in the use of communications technology by criminals, and considers what the future may hold for criminal comms.
Do you remember the 90s? I certainly do, but it feels a long time ago with phone technology progressing at an exponential rate.
With the steady decline of landline use, wider adoption of mobile phones and development of apps, as well as the evolution from 2G to 5G, the communication technology arms race shows no sign of slowing.
But what has really changed – the technology or the techniques? And what can we learn from the evolving trends of criminal communication?
Back in the early 90s, all mobile phones needed to be registered by someone providing their name, address and billing information. You would be forgiven for assuming this meant attributing the phone to a user was simple however phones could easily be registered to one Individual and used by another. Households and criminal gangs alike often shared devices, and without reliable evidence to put the phone in the hand of a particular individual, attributing the use of a phone to a single user was challenging.
Burners and Prepays
By the mid-90s prepay SIM cards and burner phones had arrived and brought with them an extra dimension to the attribution challenge. Rather than having a named account holder linked to each phone criminals could now cheaply purchase a mobile phone and SIM card without having to register any details, meaning they could regularly drop and replace their handsets as often as they wanted.
This ease of changing phones made attribution of phones to individuals harder given that the phone number being used could change frequently – however it did not provide absolute anonymity and techniques such as cell site analysis and top-up pattern analysis could often provide strong support for an attribution.
Until the mid 2000’s most techniques to attempt to obfuscate communications exploited loopholes and limitations in mainstream devices and services. In the late 2000’s we started to see bespoke or modified devices and services that had been designed to make attribution more difficult or attempt to avoid detection by investigators.
IMEI tumblers, were probably the most prolific of these new range of devices enabling the user to regularly change the International Mobile Equipment Identity (IMEI) number and therefore make an investigators life more difficult. In addition to changing the IMEI these devices also claimed to provide other anti-surveillance features which helped earn them the nickname “stealth phones”
The early 2010s saw the explosion in numbers of communication apps for smartphones. In addition to mainstream messaging and communications apps such as Whatsapp and Viber criminals were typically inventive in the ways they could exploit a service for their own purposes such as the use the gaming apps to communicate with each other through drawings or board games. There also emerged several dedicated “secure communications” apps such as Silent Circle and Wickr which were naturally appealing to those wishing to keep their communications private.
Encrypted Communications Platforms
In the wake of the Edward Snowden revelations the early 2010’s we saw a uptake of the use of encryption and encrypted communications services. PGP Blackberry devices were the first examples of encrypted communication devices that saw wide and almost ubiquitous adoption by criminal groups in the UK and overseas. Often these devices would use non-UK data only SIM cards and remove cameras and microphones to prevent accidental insecure use.
Other platforms came and went before the now infamous EncroChat platform reigned supreme. That was, for a few years, before Op Venetic burst its bubble in 2020 (see our article on ‘Encrochat’s Dead’).
The future of criminal consulting
What is the next headache for analysts and investigators? As with anything in life, it’s impossible to predict with absolute certainty the creativity of both the private sector and how criminals may exploit their technology.
However, it’s likely we’ll see greater use of encryption features such as end-to-end encrypted (E2EE) Voice over IP (VoIP) calls, on-device encryption and given the rise of video calling in 2020 potentially E2EE video calls too. Other possible features include the use of decentralised messaging services and call spoofing services to further mask the identity of the user.
Of course, the future may hold something completely different and unexpected. As technology and the creativity of criminals advances, we remain dedicated to ensuring that so too does forensic analysis.