Apple Crime Log: The $320 Million iCloud Slip-Up
Toggle Dark Mode
Federal police in Brazil used an iCloud backup to expose a large-scale, $320 million money laundering operation whose key members included influencers and musicians.
The exposure of the scheme came as part of an investigation into illegal gambling and international drug trafficking. When the Brazilian Feds arrested accountant Rodrigo Morgado, they gained access to his iCloud backup. It was in that cache of data where investigators found evidence of a separate money laundering scheme.
As 9to5Mac reports, the discovery of the complex scheme led to 39 temporary arrest warrants and 45 search and seizure warrants in eight states and Brazil’s federal district.
Authorities say the data from the accountant’s iCloud Backup allowed them to map the complex structure of the group that is now accused of laundering over $320 million in ill-gotten funds. The group sanitized their cache of cash by funneling it through illegal betting, international drug trafficking, cryptocurrencies, proxies, raffles, and other money laundering methods.
Brazil’s top cops cross-referenced conversations, corporate records, financial documents, bank statements, contracts, receipts, legal documents, and more. This allowed them to map the relationship between the shell companies, influencers, and artists named as members of the group’s scheme.
Among those arrested were musicians MC Ryan SP and MC Poze do Rodo, who were both key figures in the scheme, and influencers Raphael Sousa Oliveira and Chrys Dias.
The authorities also seized luxury cars, watches, jewelry, weapons, cash, documents, and electronic devices, all of which were allegedly proceeds of the scheme. The feds have gotten new warrants for the data stored on the seized electronic devices, which includes data from the iCloud and Google Drive accounts linked to the devices. They hope any new cloud storage accounts on the device will reveal more data about the group’s scheme.
Brazilian publication G1 reports that Rodrigo Morgado “placed great trust in the digital security of iCloud, which ultimately allowed the Federal Police to map the organization.”
The $320 Million Security Oversight
While Messages stored in iCloud use end-to-end encryption (E2EE), there’s a loophole here that the cops will run through every time: if a user has turned on iCloud Backup, the key used to encrypt Messages is stored in that iCloud Backup without using E2EE. This is designed to allow a user to recover their messages even if they lose access to their devices, but it also means Apple can — and will — provide this information to law enforcement when they come a knockin’ with subpoena or warrant in hand.
Apple has long been crystal clear about the iCloud backup data it provides to law enforcement when presented with a subpoena. The exact details are outlined on the Apple Platform Security support documentation:
If the user has enabled iCloud Backup, the CloudKit Service Key used for the Messages in iCloud container is backed up to iCloud to allow the user to recover their messages even if they have lost access to iCloud Keychain and their trusted devices.
However, you don’t even need to dig into the technical documentation to find this, as Apple also publishes it in a support article on iCloud data security, which outlines what’s encrypted — and what’s not (emphasis ours):
Standard data protection: Messages in iCloud is end-to-end encrypted when iCloud Backup is disabled. When iCloud Backup is enabled, your backup includes a copy of the Messages in iCloud encryption key to help you recover your data. If you turn off iCloud Backup, a new key is generated on your device to protect future Messages in iCloud. This key is end-to-end encrypted between your devices and isn?t stored by Apple.
That same article also points to the solution for those who want greater security: Advanced Data Protection, which encrypts nearly everything in iCloud, including iCloud Backups. This is an opt-in feature, since even Apple can’t recover your data if you forgot your password and recovery information,
It’s clearly helpful for law enforcement that a lot of crooks don’t understand how this all works, since the Brazilian feds wouldn’t have been able to glean anything from Morgado’s iCloud account had he thought to enable Advanced Data Protection. While Apple does cooperate to the extent it is required to by law — which includes providing all the data that can be decrypted to law enforcement carrying government warrants and subpoenas, the company continues to refuse to implement encryption backdoors.
