The kicker? The campaign was probably avoidable. SIGAINT doesn't encrypt its normal website, which let the perpetrator get away with the impersonation necessary for this campaign. The service tells Motherboard that it doesn't lock this site because it's both a hassle for users and ineffective against fake security certificates, but that's not much consolation if you're affected. SIGAINT hasn't said exactly what it will do, but it's looking at either encrypting its page or pulling the public Tor link to reduce the chances of this kind of assault.

It's not clear who's responsible, and there's no clear evidence that this was a government agency trying to spy on drug dealers and terrorists. Given the low odds of intercepting any useful messages, the attack could just as easily be the work of criminals hoping to get lucky, or even someone holding a grudge. Whoever's at fault, the incident suggests that you'll want to be careful about sending sensitive messages, no matter how secure you think a service might be.