Security

Cyber-crime

'Corrupt' cop jailed for tipping off pal to EncroChat dragnet

Taking selfie with 'official sensitive' doc wasn't smartest idea, either


A British court has sentenced a "corrupt" police analyst to almost four years behind bars for tipping off a friend that officers had compromised the EncroChat encrypted messaging app network.

Natalie Mottram, 25, of Warrington, England, was sent down for three years and nine months on Friday at Liverpool Crown Court. She previously worked for Cheshire Police, most recently as an intelligence analyst for the North West Regional Organised Crime Unit. She was arrested by the UK National Crime Agency (NCA) on June 12, 2020.

In August this year, Mottram pleaded guilty to misconduct in public office, perverting the course of justice, and unauthorized access to computer material.

Bent ... Natalie Mottram's mugshot. Source: Crown Prosecution Service

Mottram was collared as part of Operation Venetic, the NCA's codename for the EncroChat takedown. According to the cops, their secret infiltration of the supposedly impregnable chat app, allowing officers to silently read crooks' private messages and probe criminal dealings, has led to action against many of its more than 60,000 users.

There is no place for corrupt officers in UK law enforcement and it was vital that this investigation uncovered her betrayal

"Operation Venetic is a once in a generation investigation which has made a huge contribution to public protection," said John McKeon, head of the NCA's anti-corruption unit, in a statement. "There is no place for corrupt officers in UK law enforcement and it was vital that this investigation uncovered her betrayal."

In 2020, police in France and the Netherlands led the effort to compromise the communications service. Once they'd busted into the network's servers, cops used that access to collect conversations and other data from EncroChat handsets and use this information to make arrests, with the NCA doing the legwork in the UK.

To date, British law enforcement has arrested 3,147 suspects and convicted 1,240 of those based on intel harvested from EncroChat, according to the Crown Prosecution Service (CPS).

The operation also led to lawsuits arguing the dragnet surveillance of the chat network violated European and UK laws, and that evidence wasn't obtained legally.

We've got a leak

Soon after British police got in on the EncroChat spying action, they realized they had a security problem of their own.

According to the NCA, Mottram told Jonathan Kay, 39, the police were monitoring people's encrypted EncroChat conversations, and tipped him off that the cops had intel on him presumably from his use of the app.

Then in April 2020, according to the plod, a friend of Kay's pinged another EncroChat user to warn them that the app was under surveillance. Kay's friend also, we're told, tipped off a second contact, messaging:

I no [sic] a lady who works for the police. This is not hearsay. Direct to me. They can access Encro software. And are using to intercept forearms [sic] only at the moment. There [sic] software runs 48 hours behind real time. So have ur burns one day max. And try to avoid giving postcodes over it.

"Burns" refers to the delete-time on messages. The friend continued:

Her words was are you on Encro, I said no why, I only sell a bit of bud. She said cool just giving you heads up. Because NCA now have access. But she wouldn't lie.

In June 2020, investigators suspected Mottram has been alerting people to the covert monitoring of EncroChat, so they placed her under surveillance and asked her to analyze intelligence that mentioned Kay, who was also the boyfriend of Mottram's friend, Leah Bennett, 38. Crucially, the intel had been fabricated by officers to snare Mottram.

The NCA said Mottram, Kay, and Bennett "had grown close a few years before over a shared love of exercise." 

We're told Mottram drove to Kay and Bennett's house to warn them about the police file on Kay – which as we know, and she didn't, was deliberately bogus. Mottram, Kay, Bennett, and another were all later arrested that month.

Additionally, the plod seized £200,000 in cash from Kay and Bennett's house.

Kay, who earlier admitted perverting the course of justice, was jailed for 30 months on Friday. A similar charge was dropped against Bennett.

In addition to warning her friends that they were about to be scooped up in the EncroChat surveillance, evidence presented by the prosecution at trial showed Mottram bought weed from a dealer whose phone number was saved in her mobile phone. She also told Bennett about a murder file she had seen on her boss's desk, and took selfies with her work computer visible and showing an "official sensitive" document. ®

Send us news
62 Comments

Cisco merch shoppers stung in Magecart attack

The 'security issue' was caused by a 9.8-rated Magento flaw Adobe patched back in June

Uncle Sam charges Russian GRU cyber-spies behind 'WhisperGate intrusions'

Feds post $10M bounty for each of the six's whereabouts

White House seizes 32 domains, issues criminal charges in massive election-meddling crackdown

Russia has seemingly decided who it wants Putin the Oval Office

North Korean scammers plan wave of stealth attacks on crypto companies, FBI warns

Feds warn of 'highly tailored, difficult-to-detect social engineering campaigns'

Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data

93GB of info feared pilfered in Montana by heartless crooks

Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade

Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials

UK trio pleads guilty to running $10M MFA bypass biz

Crew bragged they could help crooks raid victims' bank accounts

Transport for London confirms cyberattack, assures us all is well

Government body claims there is no evidence of customer data being compromised

Telegram CEO was 'too free' on content moderation, says Russian minister

CEO Pavel Durov charged in France, messaging platform insists it abides by EU laws

Novel attack on Windows spotted in phishing campaign run from and targeting China

Resources hosted at Tencent Cloud involved in Cobalt Strike campaign

RansomHub hits 210 victims in just 6 months

The ransomware gang recruits high-profile affiliates from LockBit and ALPHV

Iran hunts down double agents with fake recruiting sites, Mandiant reckons

Farsi-language posts target possibly-pro-Israel individuals