Three Mistakes of Russell Knaggs, or 20 Years in Prison for an Unsent Letter.
Drugs are a great evil; I do not want to defend drug dealers, but one can learn a lot from their mistakes and arrests. This chapter will be based on an analysis of three mistakes made by drug dealer Russell Knaggs.
In one of the previous chapters, I talked about a mistake that cost the owner of the largest online drug market, Ross Ulbricht, a life sentence. His free life ended in a public library when one FBI agent distracted him while another snatched his laptop with decrypted data for accessing the forum. No matter how incredible it may seem, there are effective protections against such methods of accessing encrypted data, which I have already discussed as part of the course.
The mistakes described in this chapter cost only 20 years in prison. While writing this material, I pondered for a long time about which part of the course to place it in: the one dedicated to email or steganography. Since email was merely a tool to hide correspondence, I settled on steganography.
You probably know that web clients (websites) of email services have a draft feature, where you can save written but unsent emails and later edit and send them. Many services automatically save any data written in the email submission form.
Unfortunately for him, Russell Knaggs, who was sitting in a British prison for a drug-related crime, was aware of such a possibility. There, within the walls of his cell, he developed a "brilliant" plan to smuggle 5 tons of drugs from Colombia to England in fruit boxes, along with an equally brilliant method for securely exchanging information among criminals.
Russell Knaggs's secure information exchange scheme worked as follows: one drug dealer creates an email on Yahoo, writes a letter, and without sending it anywhere, saves it in drafts; another person logs in and reads the letter from the drafts, replying in a similar manner.
The criminals believed that if they used drafts without sending the email and then deleted it, the email would not be saved on the email service's server. This was the first mistake of Russell Knaggs, who, by the way, did not use this email account himself.