How Law Enforcement Officers Bypassed Encryption on Windows, macOS, iOS, and Android
This article is based on a real criminal case in which law enforcement officers hacked the encryption of Windows, macOS, iOS, and Android, which many consider impregnable.
A group of fraudsters also considered it impregnable, having created a custom Trojan for Android mobile devices that stole money from users of a mobile banking application. Everything worked simply: malicious software was loaded onto the phone, which checked for the presence of the Sberbank Online application or SMS from Sberbank, and upon detection, sent an SMS to the bank with an instruction to transfer money to the fraudsters' cards.
The fraudsters had previously purchased the cards on the black market, and then one of the participants, responsible for cashing out the funds, along with his team, emptied them. When the victim noticed the missing money and contacted the bank, they could no longer help.
The applications were distributed through purchases on shadow forums of webmasters, spam mailings, direct installations to victims, or redirects to the fraudsters' website from other sites – a typical straightforward gentleman's set, with no extreme measures like attempting to push malware into the official Android store.
Thus, the money from the victim leaked onto the bank cards they had purchased, and then was quickly cashed out and shared among the members of the criminal group. It was a provincial town, and the guys could earn the average salary of a local resident for a year in just one day; they understood well that sooner or later they would attract attention.
They awaited a visit from law enforcement and prepared accordingly; in particular, all their devices were encrypted. Both standard Bitlocker encryption and more reliable full disk encryption using TrueCrypt were used.
One winter morning, the guys were visited by polite plainclothes officers accompanied by a special unit, who presented court orders for search and arrest. To the surprise of the arrested, their encrypted devices were decrypted almost immediately, and the argument "I have no idea what you're talking about" fell away by itself. How did this happen?