MENUMENU

Owner of email service used by L.A. bomb-threat hoaxster speaks out as investigation deepens

glitched image of keys

Moyan Brenn / flickr (CC by 2.0) | Remix by Max Fleishman

After fake bomb threats led police to Cock.li, the saga of this email service is just beginning.

German authorities on Monday seized a data-center hard drive hosting the email service used to send fake bomb threats to multiple U.S. school districts, but the owner of that service isn’t too worried about legal consequences.

In a video explaining the seizure of his data, Vincent Canfield, the administrator of novelty domain-name service Cock.li, said, “SSL keys and private keys and full mail content of all 65,000 of my users—as well as hashed passwords, registration time, and the last seven days of logs—were all confiscated and now are in the hands of German authorities.”

The fake bomb threats, one of which prompted Los Angeles authorities to close their entire school district, reportedly came from [email protected].

Canfield declined to directly connect the seizure with the investigation into the bomb-threat hoaxes, but he said that people could “draw their own conclusions.”

“I will say that I have the utmost respect for law enforcement,” Canfield said in the video. “I’ve always been [compliant with] things that they have asked [for] when it involves getting an actual legal order for user information.”

In an interview with the Daily Dot via an encrypted messaging service, Canfield explained the service he provided and how the Internet’s more colorful characters used it.

“The majority of the users I’ve spoken to seem to come from 4chan or 8chan, which is where the site was first made available for public registration,” he said. “So uh, there’s that! Other than that, the domain name attracts trolls, for sure, some of [whom] are actually funny and some of [whom] do really unfunny stuff like [make fake bomb threats].”

One person, he said, created “a programming language that was meant as a jab [at] politically correct social justice warriors.” The creator “used a cock.li email address and outraged emails sent to 4chan founder Christopher Poole.”

“More surreal I guess than funny,” Canfield said of that example. “But the fact that it’s sent from a cock.li address certainly adds some humor.”

Canfield hinted at 8chan with several jokes at the end of his public video.

“It’s a very grim situation indeed,” he said, not breaking his monotone demeanor. “But I think that with all of us combined, we’re all gonna make it, brah. Shoutout to zyzz, rest in peace.  I don’t really know what else to say that isn’t like, shitposting. It’s raining dicks right now. The forecast isn’t that good either. There’s a 90% chance of dicks all throughout tonight and a 90% chance of dicks all throughout tomorrow, too.”

Cock.li is still up and running, Canfield said in his video, because the server was using a RAID1 configuration, meaning there were two hard drives with the exact same data. When German authorities grabbed one drive, the second one took over and continued powering the service.

Canfield has retained lawyer Jesselyn Radack, whose other clients include NSA whistleblowers Edward Snowden and Thomas Drake. Radack, who is representing Canfield pro bono, told the Daily Dot that her client has received “bogus gag orders.”

Canfield said that Radack reached out to him because “she has seen way too many services providers be in the situation I’m in, where I may be subject to retaliation by [the] government due to embarrassment they’ve received.”

As part of his transparency commitment to his users, Canfield has posted the subpoenas he’s received, along with all of his phone calls with law enforcement. 

“You can probably guess about how I’m doing—really stressed,” Canfield told the Daily Dot. But, he said, he’s not worried.

“From a legal perspective I haven’t done anything wrong,” he said. “Google doesn’t get fucked when people abuse Gmail.”

Canfield said that his users had “mixed responses” to their data being seized, but he added that they were “generally pretty positive.”

“People who understand the situation are generally pretty understanding,” he said.

Is he striving to protect his users’ privacy? To an extent, he said. “Privacy is something I have always advocated for and I hold to be extremely important. However, it was never a major tenant of the site.”

“What you see in the site that is privacy-respecting—not blocking Tor or VPNs, strictly holding myself to my privacy policy, not releasing data without a legal order—are extensions of my own passion for digital privacy,” he said. “But I have always maintained that stuff like email encryption is the responsibility of the user.”

The investigation into the fake bomb threats is ongoing and Canfield has not been charged with a crime.

Editor’s note, 12:33pm CT, Dec. 22: Clarified language of a quote.

Photo via Moyan Brenn/Flickr (CC BY 2.0) | Remix by Max Fleishman

William Turton

William Turton

Once named one of Forbes’ 20 Under 20 and hired as a staff writer for the Daily Dot when he was still a senior in high school, William Turton is a rising tech reporter focusing on information security, hacking culture, and politics. Since leaving the Daily Dot in April 2016, his work has appeared on Gizmodo, the Outline, and Vice News Tonight on HBO.