Operation: Safe Escape Statement on the alleged ProtonMail “Breach”

When working with victims of domestic violence, Operation: Safe Escape endeavors to recommend, but not necessarily endorse, certain security products and services that may help an individual communicate securely with their support system, our team members, or anyone else that they wish to speak to. For many use cases, one of those recommendations is to use ProtonMail.

Recently, an individual released a statement claiming to have “hacked” ProtonMail and stolen usernames, passwords, and email content. We have received several messages from people that we’ve worked with that are now concerned about their safety. At this time, those claims are unsubstantiated and have been refuted by ProtonMail. At this time, we see no reason to believe that this is anything more than a scam and an attempt to extort money from the company. However, if any information is revealed that substantiates this claim, we will update accordingly.

As a general precaution, we highly recommend that all users change your password to something you haven’t used before and enable two-factor authentication on your accounts. Those recommendations have always been a part of our recommended solution set, so they are likely already in place.

Furthermore, we condemn in the strongest terms any scam or FUD (Fear, Uncertainty, and Doubt) campaign that negatively impacts the safety and perceived safety of victims of domestic violence.

If you are an individual impacted by domestic violence and would like to discuss your concerns, please feel free to reach out to us at [email protected]

When the abuser is a police officer

24-40% of police officer families are affected by domestic violence; that’s between 2 and 4 times higher than the general public. This type of situation can be more concerning because of the level of access and both perceived and actual authority that the abuser may hold.

For one thing, it’s important to remember that abusers are excellent liars. In many such cases, the officer will tell their victim that no one will listen to them about the abuse or that they are able to somehow intervene in the investigation. At best, this is an exaggeration. They may also be saying that knowing it’s an outright lie- one that’s designed to discourage reporting.

This post is roughly in a “list-like” format, but should not be considered to be a checklist. Instead, these are elements that should be considered for this specific type of circumstance.

Let’s start with the police-specific stuff.

Make sure you save everything that could be considered evidence. Every email, every record of an inquiry, ever contact (especially if there’s a restraining order). A good rule of thumb is to back it up in three different formats or devices. For example, hard copy, thumb drive, online backup.

You already have talked to advocates outside the police force; sometimes, the shelters or state coalitions have specialists that deal specifically with police-involved domestic violence. They can also help navigate the complex legal aspects should you decide to report the behavior.

If you do report the behavior- which I encourage you to do especially if it escalates- you have multiple options. The first is the district attorney, who may or may not take a report of police-involved crimes directly from the victim. Some do, some don’t. If they don’t, report it to a police department that has jurisdiction, but not the abuser’s specific agency.

If you can report to the DA, request to speak with the prosecutor in charge of domestic violence in they have one. If not, make sure the prosecutor is experienced with felony crimes. Inform them that the abuser is a police officer and that you want to report domestic violence, but fear for your safety and are worried about bias if the investigation is conducted by a (especially thei) police agency.

Never meet with the prosecutors, investigators, or officers alone. Make sure your advocate is with you. They’ll act as a witness to what was said and make sure that the important questions are asked.

Ask the prosecutor exactly what you say or report that will be discoverable by the defense. They’ll walk you through that part. Also, request that they inform you when the officer is interviewed or arrested so you can be vigilant around that timeframe.

If possible, request that you would like to have one single, all-inclusive interview and that it be recorded. This will help avoid slight differences in wording that the defense may portray as being contradictory.

If you decide not to make a criminal report, you can make a report to his agency’s Internal Affairs section. As before, make sure you go with your advocate and never give them your only copy of anything; record everything yourself, even if they do. Their job is to protect the department, but that sometimes means keeping officers in check. If the behavior continues after involving IA, do it again. Every report shows up when a new complaint is made, and multiple offenses are more likely to be taken seriously.

Restraining Orders

You may or may not already have a restraining order, but such orders are especially effective against police officers who understand their purpose. The abuser will know that violating the order will definitely cost them their job; however, sometimes they will expect you to give your address as a part of the process in order to inform they recipient where they need to avoid; this may also reveal your new name if they don’t know it already. Make sure to check on that before completing the process. Your state’s legal aid office may be able to provide a pro bono (free) lawyer that can help answer your questions and argue the case. It’s highly recommended that you have the assistance of a lawyer.

Tell your lawyer that you don’t want to have a “mutual” restraining order, which is essentially an order that tells both parties to stay away from one another or contacting each other. Although this is better than nothing in some cases, it can also be damaging down the road because if gives the appearance that you did something wrong. Also fight against so-called “special” protective orders which may have different provisions that can be beneficial to the abuser. Your lawyer will need to review any proposed orders prior to acceptance and discuss your options.

Once a restraining order is in place, report every single violation and get a copy of the report.


This is a tricky one in cases involving a police officer, because they have access to certain databases that can show show name changes and the like. The good news is that accessing those databases for non-official purposes (like tracking a former partner) is logged and illegal. If you feel that this has been done, report it to either the District Attorney or Internal Affairs, once again with your advocate present. Assuming they’re not willing to risk their job by accessing those databases, then it’s time to disappear.

The first thing to do is to search for yourself. Making sure you’re logged out of any social media accounts or google services, start searching for yourself everywhere. Here’s a pretty good guide on doing that. Then you can lock down your social media and other accounts using the guides here.

Also, I’m a huge fan of strategic misdirection. In other words, lying. If there’s anything that you know he’ll find or see for some reason, let YOU be the one to control how he can interpret it. Mention the cold weather when you’re someplace warm. Talk about lunch when it’s actually dinner time. If you think he’ll see it, put thought into how you can use that to your advantage.

If your state has one, an address confidentiality program can offer additional protection by giving you an alternate address to use for anything that goes into a government database, like drivers licenses or voter databases. They’ll forward your mail to your actual address, and keep it secure unless ordered by a court to release it. If the abuser doesn’t know your address and if you live in a populated state with a relatively common name, it can be very easy to disappear.

Also, whenever possible, use another name for utilities and services. For example, getting a phone plan with a friend or using a prepaid phone. That’s not always feasible, but it’s a good idea if possible. And if you’re on a lease (rather than owning property) while using an address confidentiality program, you will blend in even more.

Even though it can be hard to disappear completely, you can certainly reduce your footprint as much as possible using the steps and guides above. Doing that means that they’ll have to be even “noisier” to find you, increasing the risk to him and the likelihood that they are detected. They have a lot to lose, so making it hard for them to find you without being detected decreases the chances of them taking that risk.

What are OPSEC indicators?

Operations Security, or OPSEC, is the name of a process that helps you identify vulnerabilities and develop countermeasures. In other words, it’s a way to reduce risk to you and your loved ones.

Originally, OPSEC was practiced by the military. However, today’s it’s something that’s used by not only the military, but also businesses, law enforcement, and anyone else that needs to protect their plans or information. One important piece of OPSEC is identifying indicators.

An indicator is an action or information that can be detected and used to give away your plans. Sometimes, it’s not enough information by itself, but it’s one piece of the puzzle that can give away your plans. For example, hanging up the phone very quickly when someone walks into the room is a good indicator that you’re talking about something you want to keep from them. Removing clothes and important documents is a good indication that someone’s planning on leaving.

Sometimes, you can’t avoid creating indicators. When that’s the case, it’s important to think about ways that you can explain them or hide their meaning.

There are five characteristics of indicators to consider. Understanding these will help you to consider what indicators you may be creating in your daily life.

A signature is something that causes an indicator to be identifiable and stand out. If the signature is unique and stable, it makes it more interesting and useful to the observer. When something is constant and repeated, someone noticing it might be able to predict future actions. For example, making a phone call to the same number at the same time every week might be something that would be looked into. By varying your patterns, you can interrupt the stability and increase the ambiguity.

An association is a relationship between an indicator and other information or activities. Humans are wired to look for patterns, so when something new is associated with something we already know, the brain tends to key in on it. For example, if you greet someone in public and they say it was “great to see you the other day,” and an observer knows that person is a travel agent, it may be reasonable to infer that you are planning to travel. Like many indicators, that might not be enough information to go on alone, but it may warrant additional questions.

An association may also take the form of a pattern. For example, if you always fill up your gas tank, check the tires, and top off all the fluids right before a long trip, someone might assume you’re about to take a long trip if they see you do those things. This can be countered by knowing yourself and the patterns you set, then varying the associations wherever appropriate.

A profile is what you get when you match multiple signatures together. It’s when you see more than one thing put together, which gives you a good idea of what’s going on. Driving down the beltway in Washington D.C., you’ll reach areas where everyone starts to slow down (even more so) for some reason. It’s because they saw a white SUV parked by the side of the road, which is right near a port-a-potty. Whenever you see those things together, you know there’s a speed camera right up ahead. People have noticed that profile and they know what it means.

A contrast is what you have when there’s a change- a difference between an established pattern and what’s going on now. These are considered to be very reliable indicators because they’re a reliable sign that something’s going on or has changed. An example of a contrast is leaving for work or getting home at different times, or the presence of vehicles that weren’t previously there. When noticing a difference, the observer will start to wonder what it might mean and to see if it’s a one time or repeated change. When you’re planning a major change, it’s important to keep your contrasts to a minimum. Whenever possible, this also includes changes in mood and outlook.

The exposure of an indicator refers to the length of time and the timeframe in which an indicator can be observed. The longer it can be observed, the more likely it is to be noticed and built in the profile. If it can only be observed for a short period of time, it’s less likely to attract attention (unless it’s repeated often). Whenever you have to make a change or do something that can be observed, try to keep the exposure as short as possible.

By understanding indicators, you’ll be more aware of what patterns you’re establishing or deviating from. You’ll be able to think about the things that you do and the actions you take and consider what that might meant to someone that may be watching. You don’t have to spend a lot of time analyzing your plan and daily activity for indicators, but keep this information in mind and you’re more likely to be successful in any venture.

Watch out for phishing!

Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.

The term ’phishing’ is a spin on the word fishing, because criminals are dangling a fake ’lure’ (the email that looks legitimate, as well as the website that looks legitimate) hoping users will ’bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, usernames, and more.

See just how clever these phishing scams can be in this example of a fake Charles Schwab notice. The following image highlights clues that will tip you off that this is indeed fraudulent.

Here are some clues indicating this email is actually a scam:

  1. The email is not addressed to the recipient. If the recipient was truly being notified by Charles Schwab that there was an issue with their account, they would know the recipient’s name.
  2. Again, they don’t know the recipient’s name;”Dear Customer” isn’t an identifier.
  3. The recipient hasn’t attempted to sign into a Schwab account, so could not have exceeded the number of attempts allowed.
  4. Grammatical errors: The words Online Banking are capitalized throughout the text. And, if you read carefully, the text says “Please visit www.schwab.com/activate Reset Account your account” which clearly doesn’t make sense, but since most people scan emails quickly, grammatical errors that are this small usually don’t get noticed.
  5. They try to reassure recipients by encouraging them to confirm the email is from Schwab….. by using a link they provide.
  6. Look at the 6th flag; this shows the true email address displayed when you hover your mouse over any link on this page (which is a red flag in itself, what company would have all of these actions point to the same link?). See that the website is actually http://almall.us? The scammer added the words /schwab.com/ after their website’s true name in an attempt to look legitimate, but this site is anything but legitimate.

Seeing any one of these flaws is enough to tell you the email is a phishing attempt – but what if these errors aren’t present?

A smarter scammer could have corrected all these mistakes, including knowing the recipient’s name and email address, and masking their URL in a much more convincing manner. If they had done a better job there would have been nothing in the message to trigger your alarm bells – even though the email would still be fake.

So how can you avoid falling for a phishing scam?

Applying these two actions consistently will help to protect you from online scams:

  1. Use your own link. If you use the company, you may already have a bookmark for the website you can use, if not, use a search engine and type in the company’s name, then use the link from your search engine to go to the correct site. If the email is legitimate, you will see the same information when you log into your account on the legitimate site.This is the ONLY way to guarantee you land on the legitimate site. If you use the link (or phone number) in an email, IM, ad on a website/blog site/forum/social network/text message, etc., where you land (or who you talk to) is their choice, not yours. The website they take you to (or the ’bank manager’ on the phone) may be a very convincing copy, but if you enter your information it will be stolen and abused.
  2. Install or activate a web tool that identifies malicious sites for you so you know the website you find is legitimate. There are several tools that will do this for you. Every standard browser now has a tool you can turn on to alert you if a website you are about to click on, or just clicked on, is safe or malicious.

If you find you are the victim of a phishing scam, change all of your passwords immediately. If you use the same password for multiple sites (we hope you don’t), cybercriminals could be in the process of trying to access other commonly used sites. Consider using a password manager in the future to lower your risk profile, and make sure you have an antivirus solution with secure web browsing features installed and up to date.


There are different kinds of phishing scams, to learn more click here: https://kb.iu.edu/d/arsf.