FBI Owns the Entire TorMail Database of Hidden E-mails

FBI Owns the Entire TorMail Database of Hidden E-mails
FBI Owns the Entire TorMail Database of Hidden E-mails

TorMail is no longer operational, but the FBI is now sitting on a potential treasure trove of communications that the parties involved considered to be anonymous. It is not a complete surprise, but it is the first time that suspicions have been confirmed. During the FBI operation against Freedom Hosting, TorMail was one of the hosted services that began serving malware that was generally accepted to be FBI spyware.

At that time Dread Pirate Roberts, the operator of the underground Silk Road website, posted a warning which, suggests Wired, "now seems prescient."

“I know that MANY people, vendors included, used TorMail,” he wrote. “You must think back through your TorMail usage and assume everything you wrote there and didn’t encrypt can be read by law enforcement at this point and take action accordingly. I personally did not use the service for anything important, and hopefully neither did any of you.” Since then, Ross William Ulbricht has been arrested and is alleged to be Dread Pirate Roberts.

The TorMail seizure has now been confirmed by the evidence of postal inspector Eric Malecki in US v. Sean Roberson court papers. "Between July 22, 2013 and August 2, 2013, in connection with an unrelated criminal investigation, the FBI obtained a copy of a computer server located in France via a Mutual Legal Assistance Treaty request to France, which contained data and information from the Tormail email server, including the content of Tormail e-mail accounts. 

"On or about September 24, 2013, law enforcement obtained a search warrant to search the contents of the Platplus Tormail Account, which resided on the seized Tormail server."

References to the 'platplus@tormail.net' account had been found in the investigation of Sean Roberson. It was enough for the FBI to seek and obtain a search warrant to examine its cloned copy of the entire TorMail database.

"The tactic," writes Wired, "suggests the FBI is adapting to the age of big-data with an NSA-style collect-everything approach, gathering information into a virtual lock box, and leaving it there until it can obtain specific authority to tap it later. There’s no indication that the FBI searched the trove for incriminating evidence before getting a warrant. But now that it has a copy of TorMail’s servers, the bureau can execute endless search warrants on a mail service that once boasted of being immune to spying."

It is further evidence that central server-based webmail cannot be made secure in the modern world. Last year two anonymous email providers (Lavabit and Silent Circle) shuttered their own services because they were no longer able to guarantee the anonymity that they sought to provide. Since then they have together formed the Dark Mail Alliance, a collaboration set on developing an encrypted peer-to-peer email service that can eliminate that vulnerable central server.

What’s Hot on Infosecurity Magazine?