The Brazilian federal police recently uncovered a large-scale money laundering case involving more than $320 million. The behind-the-scenes network involved many Internet celebrities and musicians. The key breakthrough in uncovering this criminal chain was an iCloud backup.

Previously, Brazilian authorities were investigating a case suspected of illegal gambling and transnational drug trafficking and arrested accountant Rodrigo Morgado. After gaining access to his iCloud backup, investigators unexpectedly uncovered a separate, complex money laundering scheme that paralleled the original case. According to technology media 9to5mac, citing police information, this discovery directly led to the execution of 39 provisional arrest warrants and 45 search and seizure warrants in 8 Brazilian states and the Federal District.

Police said they used this iCloud backup to systematically tease out an organizational structure suspected of laundering funds, totaling more than $320 million, through illegal gambling, sweepstakes, "head accounts," transnational drug trade, shell companies, cryptocurrency and cross-border fund transfers. In fact, the backup allowed investigators to cross-reference bank statements, contracts, conversation records, company files, financial and legal documents, receipts and other materials to outline the financial and interest connections between shell companies, Internet celebrities and artists.

Among the people involved in the case, musicians MC Ryan SP and MC Poze do Rodo are accused of being key figures in the money laundering network, and both have been arrested. Influencers Raphael Sousa Oliveira and Chrys Dias were also arrested in the operation. According to Brazilian media outlet G1, Rodrigo Morgado had “great confidence in the digital security of iCloud,” a trust that ultimately helped federal police fully outline the criminal organization. During the operation, police seized a number of luxury cars, luxury watches and jewelry, as well as weapons, cash, documents and electronic equipment.

Currently, new data retrieval orders have been issued for the data in the seized devices, as well as the iCloud and Google Drive accounts associated with the devices. If more cloud backups are found on these devices, investigators expect to be able to uncover further details of the criminal group's activities and money flows.

The case has once again brought to the forefront Apple's role in cooperating with government investigations. Apple has always clearly listed in its platform security support documents what iCloud backup data will be provided to law enforcement authorities within the scope of a legal subpoena or search warrant. For example, to facilitate users to recover information after losing iCloud keychains and trusted devices, CloudKit service keys for "information synchronization" will be saved in iCloud backups. Apple usually provides relevant iCloud service keys to law enforcement agencies to fulfill its legal obligations to government orders, but at the same time refuses to weaken the encryption security of hardware devices by retaining "backdoors".

Back in 2016, Apple had a heated dispute with the FBI over an iPhone used by a San Bernardino terror attack suspect. At that time, the FBI asked Apple to develop special software to bypass the device's security mechanism, but Apple rejected the request on the grounds that such a move would fundamentally shake the security foundation of all user devices. Since then, the tug-of-war over encryption and “backdoors” has not stopped, with the FBI repeatedly expressing concerns about Apple’s encryption strategy.

In 2022, Apple will launch the "Advanced Data Protection" function for iCloud, which will bring more cloud data into the scope of end-to-end encryption, saying that this is the "highest level of security protection" for Apple's cloud data. In this mode, the relevant data can only be decrypted on the user's trusted device and cannot be read directly by Apple itself. The FBI later publicly expressed "deep concern" about the impact of such end-to-end and "user-accessible" encryption, saying it would weaken law enforcement agencies' ability to combat cyberattacks, violent crimes against children, drug trafficking, organized crime and terrorism.

Meanwhile, in the UK, Apple chose to turn off advanced data protection features for local users rather than comply with government demands for encryption backdoors. Overall, Apple is trying to maintain a delicate balance between cooperating with legal investigations and maintaining the security of ordinary user data: it provides iCloud-related data to law enforcement agencies within the scope of legal requirements, but maintains a tough stance on the hardware-level encryption system and does not reserve destructive backdoors for any party.