A Google remote wiping tool let a child grooming suspect delete possible evidence, according to the DOJ.
getty
A man caught in a child grooming sting operation had his brother in India remotely wipe his Samsung phone, after it had been seized by police and before it could be searched by the FBI, the Justice Department says. According to one security analyst, the cops should have done more to secure the device from outside tampering.
According to the Justice Department, it was the coldest Valentine’s Day in 77 years when Anmol Chugh sought to meet with a girl he believed to be just 15 in Bradley, Illinois. He’d been chatting to her on a dating app, sent her sexuallly explicit images and asked her for nude photos, according to the government’s narrative of events. What he didn’t know was that he was talking with an undercover agent and walking straight into an FBI sting operation, court documents reviewed by Forbes allege, though Chugh, a 28-year-old husband and father to a daughter, has denied all charges, writing a letter to the judge claiming he was the victim of an “evil plan” carried out by the cops.
As part of an FBI initiative that led to the arrest of 15 Central Illinois men, on February 14, Chugh was apprehended outside what he believed to be the girl’s home address and found to be in possession of “a bagful of sex toys and accessories,” investigators claimed. When in Kankakee jail, Illinois, later that day, Chugh made some calls, both recorded by the jail. One was to his wife to say that he’d been arrested and it had something to do with some messages to a girl, prosecutors claim. Another was to an unidentified male, to whom the defendant provided his Google account login information, saying in Punjabi, “[e]ither you, or tell Vishu to reset everything. They have my phone. I think they will get permission by Tuesday or Wednesday to open the phone; they do not have it yet.” The government believes he wanted his contact or his brother Vishu, based in India, to initiate a remote factory reset of a Samsung S9 that was taken from him when he was arrested during the sting.
The contact told police he had declined to help, fearing he could be breaking the law by destroying evidence, but somehow the device was wiped. “No information could be obtained,” the government wrote, explaining how it had tried to forensically examine the phone on February 15. Later, in November 2021, prosecutors said that Chugh had “enlisted assistance from overseas in remotely wiping the data from this device.”
It’s a rare public case of a suspect being able to destroy evidence while incarcerated using a Google feature that’s designed to help protect users’ privacy when a third party gets hold of their device. It also shows that federal cases could be undone by forensic failures to prevent criminals from using that Google tool, or similar services offered by rivals like Apple.
FBI failure?
While the DOJ account indicates Chugh may have been quick to ensure his Samsung was wiped before police had a chance to find any possible evidence inside, investigators could have done more to ensure outside tampering was impossible. “While the loss of evidence is regrettable, I would say that in this case law enforcement failed to take standard precautions with the device,” said cybersecurity analyst and former NSA staffer Jake Williams. “Digital forensics professionals have used special purpose storage devices called faraday bags for years to prevent remote wipe from occurring. At the time the device is physically acquired, it should be placed in a faraday bag to prevent signals from reaching the device.
“Many such bags even include passthrough charging to ensure the device remains powered on until it can be imaged. If the device had been secured in a faraday bag, it would not have been remote wiped. This has been standard practice for almost a decade, so it’s not clear why it wasn’t followed here.”
It is, however, possible to get some useful data from devices, including those made by Samsung, that have been factory reset. Peter Sommer, professor of digital forensics at the U.K.’s University of Birmingham, said it was dependent on the device. Another recently-unsealed search warrant reviewed by Forbes showed that investigators in West Virginia were following up on a so-called Cybertip from Canadian messaging app Kik, raiding the home of a man suspected of uploading child sexual abuse imagery in a group chat. When they tried to search the suspect’s Samsung tablet, they found it had been wiped of its contents. But the forensic search found Kik had previously been installed on the Samsung tablet, which was “consistent with the device that had uploaded the images in the Kik Cybertip.”
Chugh has been charged with attempting to coerce a minor and trying to engage them in sexual exploitation. He has pleaded not guilty to all of those charges. His counsel hadn’t responded to requests for comment at the time of publication. The government is also charging Chugh in a claim that he “knowingly altered, concealed, covered up, and falsified documents, and tangible objects, and attempted to do so, with the intent to impede, obstruct, and influence the investigation.” He has pleaded not guilty to that charge too.
The Department of Justice couldn’t comment any further on the case. The case is set for trial on 22 February.
This story is part of The Wire IRL feature in my newsletter, The Wiretap. Out every Monday, it’s a mix of strange true crime and real-world surveillance, with all the relevant search warrants and court documents for you to pore over. There’s also all the cybersecurity and privacy news you need to read. Sign up here.