Email Provider Linked to Alleged NSA Dumps: We Can't Help
A Tutanota email address was linked to the Github account used to host alleged NSA data.
On Monday, Motherboard reported that a hacker or group of hackers called "The Shadow Brokers" had dumped what it claimed was a cache of NSA hacking tools. In the wake of that rather extraordinary claim, the security community has feverishly compared notes, largely on Twitter, to try to figure out whether the data is legitimate, and what exactly the collection of files contains.
One of those researchers was Matt Suiche, the CEO of UAE-based cybersecurity company Comae. In his analysis, he used the Github API to find an email address linked to one of the accounts that published the data. If law enforcement were to dig into this case, then that email account is likely of interest to investigators: perhaps they could find out more about the user's identity, or their location.
But in a conversation with Motherboard, the co-founder of that email service said that it had very little useful data to hand over if requested, or perhaps ordered, to do so.
"Under normal circumstances, we can provide no additional data besides the encrypted mailbox," Matthias Pfau, the co-founder of Germany-based email provider Tutanota told Motherboard in a phone call.
Tutanota automatically encrypts the contents of its users' emails, as well as their contact list. An encrypted mailbox may not be all that helpful to investigators, considering they likely can't read the messages.
Pfau said the company doesn't usually log IP addresses of its users, meaning that it couldn't tell law enforcement where the user logged in from.
"We don't log any IP addresses when we are not forced to do that," Pfau said. It's different if a judge orders the company to start recording login IP addresses for a particular user, but that process can't be applied retroactively.
"This has occurred once during our lifetime, and we have beyond one million users, so this is really something that happens not very often," he added.
"The Shadow Brokers" have said they will release more data upon payment of the audacious sum of 1 million bitcoin (around $568 million). They claim that the data comes from the Equation Group, which is the name given to a group of hackers widely believed to be linked to the NSA. (As an aside, parts of the NSA's website have been inaccessible since Monday).
Of course, the question is whether the US government will pursue this email lead any further. A potential parallel could be the case of shuttered email provider Lavabit. Lavabit's owner Ladar Levison shut down the service in 2013 after the FBI tried to obtain the company's encryption keys. The target of that order was Edward Snowden.
Is Tutanota afraid of a similar fate, considering it has just been linked to a dump of alleged files belonging to the NSA?
"No, we are not concerned. We are operating from a country with strong privacy laws. Everything we do is in fully aligned with German law," Pfau told Motherboard in a follow-up email.
"We believe in privacy and anonymity as cornerstones of modern democracies. Fantasies of omnipotence and total surveillance are threatening our fundamental rights. That is not acceptable and that is why we stand up and fight for privacy," he continued.
Whoever is behind the Tutanota email account did not respond for a request for comment.