On the Cyber Hunt: Tracking Wildlife Criminals through Email Investigations

On the Cyber Hunt: Tracking Wildlife Criminals through Email Investigations
Like

Wildlife law enforcement agencies must have all the technological tools in their arsenal to combat the menace of wildlife trafficking in modern digital globalized world. One such invaluable tool is the analysis of email addresses associated with wildlife traffickers. Wildlife criminals might use not only regular email services like Gmail, Yahoo Mail, Rediffmail etc. but also end-to-end encrypted email services like Proton Mail, Tutanota, Hushmail, CounterMail, StartMail, Posteo, Mailfence etc. for communication and carrying out their illicit activities. Wildlife traffickers mention their email addresses on their social media accounts and websites including darknet websites so that buyers may contact them for obtaining the details about the wildlife contrabands like picture/video of the same and discuss other modalities for the deal. These email addresses serve as digital footprints. Wildlife crime investigators can meticulously analyze these email addresses by simply running them on different search engines and by using OSINT & proprietary tools which may yield crucial leads and wealth of informations about wildlife traffickers, their networks & their illegal activities.

By following due process and with necessary legal authorization as prescribed by jurisdictional laws, wildlife law enforcement agencies can obtain details of a wildlife trafficker from regular email service providers which may include the following:

  • Basic Information such as name, address, date of birth, phone number, recovery email etc.
  • Account Information such as username, account creation date, IP Address used to create the account.
  • Email Metadata such as timestamps of sent and received emails, email headers containing information about the sender and recipient.
  • Login Activities i.e. when the account was accesed and from where (IP Addresses).
  • Device Information i.e. the devices (mobile phones, laptops, desktops etc.) used to access the account.
  • Content of Sent & Received Emails i.e. subjects, body and attachments.

However, seasoned wildlife criminals use end to end encrpted email services like Proton Mail. Wildlife traffickers opearting on Darknet invariably use Proton Mail. The digital architechture of Proton Mail is such that the contents of eamils are encrypted on the sender's device and can only  be decrypted by the recipient. Even the end to end encrypted email service provider can not have access to the content of the emails exchanged between the wildlife criminals. This poses significant challenges before the wildlife crime investigators. However, in approriate cases where a wildlife trafficker is found to be using Proton Mail, wildlife enforcement authorities investigating the crime in a jurisdiction may approach the Swiss Authorities (Proton Mail is a Switzerland based service provider) using proper channels like Mutual Legal Assistance Requests/Letter Rogatory and Swiss Authorities may ask the Proton Mail service provider to start collecting the details of the suspected Proton Mail ID which may be shared with the wildlife enforcement authorities of the requesting jurisdiction. Following two posts by Proton Mail founder & CEO Andy Yen on Twitter (now X) in 2021 shows how they provided the details of Proton Mail account of a French Activist after getting legal request from Swiss Authorities: (For more details refer to: ‘Secure’ Email Provider ProtonMail Handed Over User Data to Law Enforcement (yahoo.com) )

Wildlife crime investigators can use tools like NeverBounce, BriteVerify, Email Hunter, VerifyEmailAddress.org etc. to verify the validity of email addreses to ensure that they are working with valid email addresses.

MXToolBox Email Header Analyzer, EmailHeaders.net, G Suite Toolbox Messageheader, IP2Location etc. are some tools which can be used by the wildlife law enforcement agencies to analyze the email headers which may provide crucial informations as shown in the following analysis of an email header using IP2Location tool:

Wildlife crime investigators can use tools like EPIEOS, IntelligenceX, Googel Advanced Search Operators, Pipl, SpiderFoot, Shodan, Maltego, Hunter, TheHarvester etc. for email analysis, identifying additional email addreses associated with the suspected email address, domain names associated with the email address, associated social media profiles and other online accounts which may help in online profiling and links analysis of the suspect.

Similary wildlife crime investigators can use websites like 'DEHASHED' & 'Have I Been Pwned' to check if email under investigation has ever been compromised and if yes, details of which can be gathered from which leaked data. This may provide many crucial leads into the investigation of wildlife crimes like name, address, phone numbers etc. of the accused.

Very often crime investigators including wildlife crime investigators face challenges in collecting details of user of a email address of suspected/accused of being involved in wildlife trafficking due to jurisdictional issues as the server of email service provider may be located in a different jurisdiction. It necessitates international cooperation in investigation of wildlife crimes by facilitating the enforcement agencies of different jurisdiction in gathering of cyber evidences including email details. One example of such international cooperation is the 24/7 Network (https://www.coe.int/en/web/cybercrime/24/7-network-new-). The 24/7 Network, established according to Article 35 of the Convention on Cyber Crime (also known as the Budapest Convention), is a tool for expedited international cooperation on cybercrime and electronic evidence which is very much used for operational cooperation between Parties to the Budapest Convention. Under the current legal framework, the 24/7 Network facilitates immediate assistance for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence. Following are the member countries of this Network:

As the 24/7 Network is not created under United Nations Convention, many countries have not joined it. There is need for United Nations Cyber Crime Treaty. In this direction a major breakthrough was made when through its resolution 74/247 ( https://documents-dds-ny.un.org/doc/UNDOC/GEN/N19/440/28/PDF/N1944028.pdf?OpenElement ), the United Nations General Assembly decided to establish an open-ended ad hoc intergovernmental committee of experts, representative of all regions, to elaborate a comprehensive "International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes". Once adopted by United Nations, this treaty would be the first binding UN instrument on cyber issues. For more on this refer to: ( https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/home ).

In a nutshell, analysis of email addresses has emerged as an indispensable tool for the wildlife law enforcement agencies in their relentless efforts to combat wildlife crimes effectively. Through meticulous analysis of email addresses, wildlife crime investigators can unearth vital leads, collect evidences linking accused to the crime, track their wider criminal networks and hold these wildlife traffickers accountable for their illegal activities by successfully prosecuting them in the court of law. 

Please sign in or register for FREE

If you are a registered user on WildHub, please sign in