Moon of Alabama Brecht quote
May 30, 2021

'Like An Amoral Infant' - How ProtonMail Contributes To False Media Claims About Belarus

ProtonMail, an encrypted end-to-end email provider in Switzerland which promises 'Swiss Privacy Data Security and Neutrality', has been busted for making false claims about bomb threat emails which were sent through its service to Minsk airport in Belarus as well as to airport authorities in other countries.

The despicable behavior of ProtonMail has led to false headlines like the one by UPI depicted below.


ProtonMail may or may not have made that quite explicit headline claim. It is however 100% false. Belarus received a legit bomb threat against a Ryanair flight via an email sent through the ProtonMail mail servers. After receiving the email it contacted the plane in question and recommended to the pilot to divert the plane to Minsk. The pilot voluntarily followed that advice.

ProtonMail has made no effort to correct the false impression and false headlines its statement has caused. It has instead obfuscated the issue as much as it could. That is neither neutral nor fair behavior but partisan lying in an information war waged by 'western' regime changers against the people of Belarus.

Due to the malign behavior of ProtonMail new sanctions against Belarus, which will directly or indirectly hurt every Belorussian citizen, were introduced by the United States, the EU and other countries.

Moon of Alabama has detailed the publicly available evidence of the case and has called on ProtonMail to correct the record. ProtonMail responded and communicated with me via Twitter. In its communication with me ProtonMail indirectly admitted that the above headline is wrong. The complete exchange is of public interest and therefore copied below.

How did this happen?

On May 23 at 9:25 utc some yet unknown person used a ProtonMail email account to send a bomb threat against Ryanair flight 4978 witch at that time was in the air flying from Greece to Vilnius, Lithuania.

The email was directly addressed in the "Send to:" field to the Lithuanian administration responsible for Lithuanian airports. The airport of Minsk, Belarus, with the email address, was copied in the "CC to:" 'Carbon copy' field of the very same email.

In communication with me ProtonMail tried to claim that this meant that Minsk was not directly addressed in that email. That is nonsense. Any email server will handled email addresses in the "Send To:", "Carbon Copy (CC) to:" and "Blind Carbon Copy (BCC) to:" fields equally in that it will resolve the IP-address of the appropriate server responsible for receiving emails to that email-address. It will then open a session with it that server and deliver the mail. It makes no difference for the receiving side in which "To:" field of the sent email it was mentioned. It will get a full copy of the email.

Minsk received the first email at 9:25 utc. At 9:30 utc Ryanair flight 4978 entered Belorussian airspace. It was immediately contacted by the Belorussian Air Traffic Control (ATC) and made aware of the bomb threat against the plane. The complete English language radio exchange between the Ryanair pilot, call sign RYR 1TZ, and the ATC as well as a narrative of what had happened was published by the Belorussian air traffic authorities (scroll down for the English version and the radio transcript).

The pilot then asked where the bomb threat had been coming from (emph. added):

Pilot: The message, where did it come from? Where did you have information about it from?
ATC: RYR 1TZ standby please.
ATC: 09:33:42: RYR 1TZ
Pilot: Go ahead.
ATC: RYR 1TZ airport security stuff informed they received e-mail.
Pilot: Roger, Vilnius airport security stuff or from Greece?
ATC: RYR 1TZ this e-mail was shared to several airports.

At 9:33 utc (12:33 local time) the air traffic controller communicated that Minsk received the warning in an email that had been addressed to multiple entities.

This directly contradicts the above UPI headline which was based on a misleading statement ProtonMail had made towards news agencies.

The Ryanair pilot was warned of the bomb threat at 9:30 utc. He/she took until 9:47 utc to decide on the issue to then declare MAYDAY. Only several minutes later did the pilot changed the plane's course towards Minsk.

A second ProtonMail email with the bomb threat was received at Minsk airport at 9:56 utc (12:56 local time). The sender of the second email, which was addressed to in the "To:" field, might have watched the plane's course live on Flight Aware and likely prepared and sent the second email when the plane, as visible in the flightpath, seemed to not react to the first threat.


The pilots decided to go to Minsk because the risk of a potential bomb going off over Vilnius, as announced in the email, was high. The Belorussian authorities have handled the case by the book. They scrambled a fighter jet to watch over the plane as is usual with any plane that gets threatened or hijacked. The Ryanair pilot was left unaware of this.

On May 28 the Investigative Committee of Belarus, the country's prosecution service, published a note about the case (machine translation, emph. added):

It has already been established, to which we draw special attention, that there were several messages about the "mining" of the aircraft received through the Swiss anonymous mail service ProtonMail - at 12:25 and at 12:56. At the moment, the records of conversations with the pilots of the aircraft are being studied and analyzed in detail, and numerous other investigative actions are being carried out.

On May 26 the Dossier Center, a rather shady anti-Russian outfit in London financed by the exiled billionaire and company raider Mikhail Khodorkovsky, published a misleading narrative about the Ryanair incident. It produced a screenshot of the second email that had arrived at Minsk airport and falsely claimed that Belarus receive a bomb threat email only at 9:56 utc. The Daily Beast, which collaborated with the Dossier Center, headlined:

‘Bomb Threat' That Justified Belarus Hijacking Came 24 Minutes After
An exclusively obtained record shows that the Ryanair ‘Hamas bomb' email—which the Belarus president said prompted the jet landing—was sent after the crew was told of a ‘threat.'

The claim was false. Minsk airport, with the email address, had been CCed, 'Carbon Copied', in the 9:25 utc email sent "To:" Lithuanian authorities. Minsk airport was directly addressed in the second email of which the Dossier Center and the Daily Beast, by unknown means, acquired the screenshot they published.

News agencies then contacted ProtonMail and asked about the validity of the 9:56 utc email the Dossier Center had published. ProtonMail stated that the 9:56 utc email had been sent to Minsk airport. It did not mention that the 9:25 utc bomb threat email was also sent to Minsk airport. This obfuscation of the issue, and ProtonMail's unwillingness to correct the record, directly led to the false headlines and to sanctions against Belarus.

You can check the validity of the above narrative from my recent communication with ProtonMail, published for your amusement below. Earlier communication with ProtonMail was published in my previous post on the issue.

At some point the @ProtonMail account on Twitter requested to move the communication from the public realm to Direct Messaging (DM) mode. I followed up on that request. I was never asked to nor did I promise to keep the direct messaging exchange with @ProtonMail private. I believe that publishing its content is of public interest.

Here is a screenshot of the most relevant part.


And here is the whole rest of it, typos included:

Moon of Alabama @MoonofA - 14:51 utc · May 29, 2021
New on MoA:
How @ProtonMail Lost The Public Trust It Needs To Do Business
ProtonMail @ProtonMail - 15:07 utc · May 29, 2021
Replying to @MoonofA
Just to reiterate, it is not that we don't want to comment on the first email. Rather, our current privacy policy does not let us comment as the first email is not yet in the public domain. We do expect government authorities to disclose it eventually however.
Moon of Alabama @MoonofA - 15:12 utc · May 29, 2021
Replying to @ProtonMail
Knowledge of the first email is in the public domain - see my blogpost.
You can comment on the metadata of that first email just as you did comment on the metadata of the second email.
Media attribute a false claim to your company. It should by your interest to clean that up.
Moon of Alabama @MoonofA - 15:16 utc · May 29, 2021
Replying to @MoonofA and @ProtonMail
Any delay in clearing up this issue will create more damage and hurt people.
That on your conscience. But then don't claim to be neutral and secure.
ProtonMail @ProtonMail- 15:16 utc · May 29, 2021
Replying to @MoonofA
Then you would also be aware that the Lithuanian government did not contact Belarus, which raises the question of how did Belarus know about the first email.
Moon of Alabama @MoonofA - 15:17 utc · May 29, 2021
Replying to @ProtonMail
Because Belarus also received the first email. It states so in several documents.
It is on you to confirm that.
ProtonMail @ProtonMail - 15:21 utc · May 29, 2021
Replying to @MoonofA
Actually, if you double check the public reporting on the issue, sources are clear in stating that "only Lithuanian Airports received a letter".
Moon of Alabama @MoonofA - 15:24 utc · May 29, 2021
Replying to @ProtonMail
Dossier Center makes that claim but provides zero evidence for it. How would it know unless you checked your systems and told them?
Moon of Alabama @MoonofA - 15:26 utc · May 29, 2021
Replying to @MoonofA and @ProtonMail
BTW - I just wrote a 2600 word blogpost on the issue.
You may want to read that.
Some 50,000 other people will do so.
ProtonMail @ProtonMail - 15:27 utc · May 29, 2021
Replying to @MoonofA
We have never had contact with Dossier Center. Any information, would have been obtained from Lithuanian authorities with access to the email.
ProtonMail @ProtonMail - 15:30 utc · May 29, 2021
Replying to @ProtonMail and @MoonofA
As we have already reiterated, none of the emails which have been cited in any of the reporting, are sourced from us, because we cannot read/access emails due to our encryption, which can be verified in our publicly audited source code.
ProtonMail @ProtonMail - 15:44 utc · May 29, 2021
Replying to @ProtonMail and @MoonofA
Lastly, we can't comment on non-public information found in external reporting. Your question should be directed to the source of this information, the dossier center, and not to Proton.
Keith Granger @regnarGhtieK - 18:11 utc · May 29, 2021
Replying to @ProtonMail and @MoonofA
Wow, Proton, there is no good reason for you to not tell the world the timing of the first email & whether it went to Belarus or not
You've already said enough to cause harm & made yourselves look partisan
Do you have no shame - as of right now you look like an amoral infant.
ProtonMail @ProtonMail - 18:16 utc · May 29, 2021
Replying to @regnarGhtieK and @MoonofA
Commenting on non-public information related to an on-going Swiss govt investigation is generally not permissible. @MoonofA can DM us for clarification.

At 18:18 utc yesterday I followed up on @ProtonMail's suggestion to move into Direct Messaging (DM) mode. Tweets exchanged in that mode are not directly linkable. I copy/pasted the exchange below. For clarity I have marked tweets from my @MoonofA account with a preceding "M:". Tweets by the @ProtonMail account are preceded by "P:".  I also provide screenshots of the complete communication (1, 2, 3, 4). The screenshots were made today, May 30. The time marks displayed in the exchange are UTC+2.

ProtonMail @ProtonMail
Incoming envelope Secure email that respects your privacy, brought to you by CERN and MIT scientists. Creators of @ProtonVPN & @ProtonCalendar | Maintainers of @openpgpjs
321 Following 218.6K Followers
Joined October 2013

So now you claim that there is a Swiss government investigation.
Wondering why there would by one?
Yesterday, 8:18 PM

There is an investigation ongoing, and as disclosed in our statement yesterday we have received legally binding requests from the swiss government. It seems you are determined to push the belarusian narrative. if you were to receive confirmation that there was no first email sent to minsk, would you actually change your story?
Yesterday, 8:22 PM

I do not push anyone's narrative but analyze facts and point out were I see mismatches in the various claims.
If you would publicly(!) state that there was no email sent from any ProtonMail account to on May 23 at or about 9:25 utc I would publicly accuse the government of Belarus of publishing misleading information. I would also publicly demand an explanation from it.
Yesterday, 8:33 PM

we are not permitted to comment on specifics, but we can say that the reporting by is more correct than the belarussian version, which by the way, does not explicitly say that the first email was sent to minsk. all they did was repeat the claim that there was a first email, without clarifying where it was sent.
in other words, the conclusion you have drawn in your blog post is incorrect and we hope you will correct it.
Yesterday, 8:41 PM

That is, again, a very mealymouthed ("more correct") and unproven claim by you.
You are insinuating that Minsk got the email from elsewhere, not from ProtonMail.
Maybe by snooping on Lithuanian accounts or by being copied on emails sent from a Lithuania administrative account to its airports.
Knowing the current hostile relations between Lithuania and Belarus and the Belarus statement on the issue we can exlude the second alternative.
We are told by Dossier Center that the 9:25 utc email was sent to one Lithuanian administrative account, not directly to its airports. The ATC in Belarus tells the pilot at 9:33 utc that the email "was shared to several airports".
Belarus prosecutor also claims that the email arrived in Minsk from ProtonMail at the very same minute that Dossier Center says it arrived in Lithuania.
The facts and timeline I know of are inconsistent with a snooping operation and with a sharing of the email by Lithuania.
My conclusion are unchanged.
Yesterday, 9:10 PM

Only one email went to belarus, and it was the one that dossier center published, which is in public domain.
Yesterday, 9:12 PM

Interesting claim, made privately in a DM, but I fail to accept that as it is not a 'public domain' fact.
As I said: "If you would publicly(!) state that there was no email sent from any ProtonMail account to on May 23 at or about 9:25 utc ..." I will change my conclusions (and blog post).
(PS: It is nearing bedtime here and social responsibilities demand me to sign off for today.)
Yesterday, 9:21 PM

ask dossier center if the email to lithuania had belarus in cc. they should be able to give you a confirmation.
Yesterday, 9:25 PM

Anyone who is in CC of an email is a direct recipient of that email. That is independent of who is named as the first recipient in the "To" field.
It is your email server that will have directly sent a copy of an email to everyone in the "To" recipient, CC or BCC field of that email.
If Minsk airport was CCed in an email to Lithuania it was your email server that contacted and transmitted that email to the server that accepts email for .
To then claim that ProtonMail did not sent the email to Minsk airport when Minsk airport was CCed in that email is a lie.
(I have set up and configured my first sendmail daemon at or about 1987. Please don't try to bullshit me with such nonsense.)
Yesterday, 9:40 PM

we are checking with legal right now, and will update in an hour
Yesterday, 9:45 PM

but as we mentioned already, Only one email went to belarus, and it was the one that dossier center published, which is in public domain.
Yesterday, 9:46 PM

Clarification regarding ProtonMail, Belarus, and Ryanair flight 4978
we are going to update our statement here ( later tonight. will you be updating your blog to report the truth?
Yesterday, 10:12 PM

The 'updated' statement that ProtonMail published is again a mealymouthed obfuscation which in no way clarifies the issue. It says:

The only email sent to Belarus was published by to demonstrate that the “bomb threat” was sent after Ryanair flight 4978 was redirected.

That statement is however in contradiction to the public ProtonMail tweet at 15:07 utc · May 29, 2021:

... it is not that we don't want to comment on the first email. Rather, our current privacy policy does not let us comment as the first email is not yet in the public domain ...

It is also contradicted by the Belorussian prosecutor who clearly states:

... there were several messages [...] received through the Swiss anonymous mail service ProtonMail - at 12:25 and at 12:56 ...

It seems to be clear from the above communication and the publicly known facts that Minsk airport was CCed in the first email on May 23 9:25 utc which was primarily addressed to the Lithuanian airport authority. While Minsk was CCed in the 9:25 utc email it was primarily addressed in the second email received at 9:56 utc.

ProtonMail tries to differentiate between recipients of an email which are primarily addressed in the "To:" field and those which are copied in the "CC:" 'carbon copy' field. That is legally gibberish and technically nonsense. The sending email server, here ProtonMail's, will have handled all those addresses equally.

ProtonMail has the metadata which shows that in Minsk was carbon copied on the 9:25 utc email. It has stated to news agencies that (only) the second email was directly addressed to Minsk airport. This led to the false or misleading headlines and reporting as well as to sanctions against the people of Belarus. ProtonMail seems unwilling to publicly clarify the issue. It is not 'neutral' but is taking part in an information war waged by the 'west' against the people of Belarus.

Now ask yourself if you can trust ProtonMail with the handling of any of you 'encrypted' emails.

PS: We do not know who sent the bomb threat emails and to what purpose. Some will speculate that some Belorussian authority did so. Others will speculate that the 'regime change' opposition did it so to hurt Belarus. There is no public evidence to support either claim.

We do know that Belarus, after it received the 9:25 utc bomb threat email, handled the case by the book and within the realms of international law. After being informed of the threat the Ryanair pilot decided to divert the plane to Minsk where it was searched for a bomb. When none was found the crew and all passengers, except for two for whom there were outstanding arrest warrants and three who had had Minsk as their final flight destination, reentered the plane and flew to Vilnius.

I do not support the government of Belarus. But I also see no reason to criticize its behavior in this case. There is reason though to criticize the misreporting of the incident in 'western' media and to condemn ProtonMail's obfuscation which. at a minimum, contributes to that. 

Previous Moon of Alabama post on the Ryanair incident in Belarus:

Posted by b on May 30, 2021 at 11:09 UTC | Permalink

next page »

I hope Belarus will file court proceedings against Protonmail for damages. Also I hope Protonmail users will file court proceedings for deception, as the case proves that their claims to be neutral are false; elsewhere it has also been proven that their claims of end-to-end encryption are also false, and that Protonmail can evidently access content. It is obviously a CIA/NSA honeypot.

In fact, why not Belarus facilitate a class action by Protonmail users?

Posted by: BM | May 30 2021 11:27 utc | 1

Let this be a lesson to those reading (eg) articles in the Guardian and other propaganda-porn and jumping to the conclusion that promoted security solutions are "independent", "end-to-end encryption", "save no user data", "safe" ... etc. They are usually honeypots - whether Tor, Signal, search engines, proxy servers, VPN's, ... or whatever.

Posted by: BM | May 30 2021 11:32 utc | 2

Security on the internet is not to be had. The internet is not a safe place.
It is the land of bullshit and deception and grift.
The sooner everybody figures that out, the better off.
The old helpful informative internet was killed long ago by greed.

Posted by: Bemildred | May 30 2021 11:39 utc | 3

The replies of protonmail to you question are indeed infantile and stupid

Posted by: svaya | May 30 2021 11:41 utc | 4

If Protonmail knows about the email metadata such as To: and CC: and BCC: that means it's not a pure anonymous mail service. That level of detail would allow any security agency to do 90% of the work in tracing communications between individuals.

So the question is, who is protonmail selling the metadata to?

Posted by: Jezza | May 30 2021 11:53 utc | 5

Well done b

Why doesn't anyone talk to Ryanair or to the pilot? Surely he will know, the plane recorder should also have the information, the Swiss outfit should be ignored as unreliable.

The Western MSM poodle will of course ignore the truth, they cannot do anything else.

Posted by: Baron | May 30 2021 11:55 utc | 6

Thanks b

Posted by: Baron | May 30 2021 11:55 utc | 6

Yes on lame stream press.

Posted by: jo6pac | May 30 2021 11:59 utc | 7

To be fair to protonmail, their position is that they have no way of knowing what was contained in any email so they have no way of knowing how many emails containing bomb threats there are or when they were sent or to whom they were sent.

Apparently someone who had access to the second email to Belarus released it and protonmail cannot confirm the contents of that email but can confirm the time stamp matches their records.

The question is why has the first email (if it exists) not been made public?
If the first email was published and widely circulated then protonmail could be able to verify (or deny) the recipient and timestamp in the email header. Until that happens protonmail's privacy policy prevents them from commenting.

Posted by: jinn | May 30 2021 12:01 utc | 8

Now does Protonmail work?

Only email sent from one Protonmail address to another can be end-to-end encrypted. It the encrypted email is sent to a normal email address (like, then Protonmail must be able to decrypt it.

Does Protonmail keep copies of a user's sent emails, like Gmail does? If so, then it is false to claim Protonmail cannot access the content of the email.

How about multiple recipients? Would Protonmail send individual emails to each recipient, or would everyone receive the same email with the full list of recipients? For privacy reason, a sender might sometimes not want email recipients talking to each other. There is no reason to believe it happened in this case. Such obfuscation would destroy the credibility of the bomb threat.


Is the screenshot a forgery?

As Diagonal pointed out, there are hints at forgery in the screenshot.

I too believe the screenshot is a forgery. I have been trying to figure out what email program was used to display the email. To me it looks most like Gmail for some mobile device. But most of the screen is photoshop. The bomb threat text itself looks like copy-paste from some newspaper.

Another sign is the up-down arrow at the end of the To: line. In the default position it is down. Clicking it expands the header fields with the arrow left in the up position. In the screenshot the text is placed where the email headers should be.

The forger would however need to know the time of the second email. Khodorkovsky, or whoever might have forged it, could have received this information from the Vilnius airport. The original sender would also know the time, so they could have forged it to make it look like they were the receiver.

Posted by: Petri Krohn | May 30 2021 12:09 utc | 9

@jinn | May 30 2021 12:01 utc | 8

To be fair to protonmail, their position is that they have no way of knowing what was contained in any email so they have no way of knowing how many emails containing bomb threats there are or when they were sent or to whom they were sent.

No, the relevant question is how many emails were sent via the Proton mail server, at what time and who were addressed in TO: CC: or BCC: fields. Even if Proton mail is telling the truth about being unable to read the mail contents it is 100% clear the required meta information is know to them, otherwise they would not be able to operate a mail server.

This stuff is not looking good as long as Proton mail refuses to clarify information about both emails equally.

Posted by: Norwegian | May 30 2021 12:13 utc | 10

@Petri Krohn | May 30 2021 12:09 utc | 9

I too believe the screenshot is a forgery. I have been trying to figure out what email program was used to display the email. To me it looks most like Gmail for some mobile device. But most of the screen is photoshop.

Telegram creates icons like that, but it is not clear to me if you can show emails in Telegram. However:

How to Get Your Gmail in Telegram and More with Telegram Bot

If you are a Gmail and Telegram user and agree with the statement, you can try Telegram’s Gmail Bot to receive your email within the Telegram client.

So maybe...

Posted by: Norwegian | May 30 2021 12:25 utc | 11


Protonmail as a service would need access to such fields to establish the connections and attempt delivery. Whether it should maintain such metadata after that has occurred, is another topic of debate.

There are many possibilities for delivery issues between Protonmail servers and Belarus. Given filtering, and State opposition, many different facilities could have been put into place to interfere/delay/prevent delivery.

Protonmail should be able to provide complete clarity, if it retains the metadata, though as the person stated, if it is involved in an ongoing investigation, it might not be able to.

As for that investigation by Swiss authorities, it makes sense to me, a threat to a commercial airliner occurred by utilizing the systems of one of its legal entities.

Each side in this incident has something to gain and something to lose, who initiated/orchestrated it, would make for an interesting discovery. Russia/USA/Poland/Belarus/Ukraine... all have possible motives.

Posted by: MapleLeaf | May 30 2021 12:27 utc | 12

Great work b.

As a former Exim/Postfix/Sendmail administrator I can say you're bang on point on the technical details.

Traditional SMTP infrastructure needs to be replaced by a peer to peer network of durable messaging nodes owned by each unique email user, something along the lines of the blockchain. Something that will allow both anonymity and non-repudiation.

Posted by: Arch Bungle | May 30 2021 12:28 utc | 13

This phrasing is intriguing:

ProtonMail @ProtonMail - 15:07 utc · May 29, 2021
Replying to @MoonofA
Just to reiterate, it is not that we don't want to comment on the first email. Rather, our current privacy policy does not let us comment as the first email is not yet in the public domain. We do expect government authorities to disclose it eventually however.

A well trained defender of governmental mendacity would rather write

"we are not commenting on putative messages". Proton folks, bless their soul, are not well trained in this direction.

Posted by: Piotr Berman | May 30 2021 12:38 utc | 14

Belorussian comrades should learn word "staff", methinks.

Anyhow, "Then you would also be aware that the Lithuanian government did not contact Belarus, which raises the question of how did Belarus know about the first email."

How do they know that 'Lithuanian administration of the airports' (which is not, strictly speaking 'Lithuanian government') didn't contact Belarus?

Posted by: Mao Cheng Ji | May 30 2021 12:48 utc | 15

Posted by: Norwegian | May 30 2021 12:13 utc | 10

the relevant question is how many emails were sent via the Proton mail server at what time and who were addressed in TO: CC: or BCC: fields.

The number would probably be millions of emails.
Protonmail does not release any information about who or when any emails are sent.

If the information is already made public protonmail may confirm or deny.
This stuff is not looking good as long as Proton mail refuses to clarify information about both emails equally.
Only one of the emails is public.

The only possible question protonmail might answer is have they commented the existence of a first CC email to any news agency.

Posted by: jinn | May 30 2021 12:59 utc | 16

Posted by: Mao Cheng Ji | May 30 2021 12:48 utc | 15

Anyhow, "Then you would also be aware that the Lithuanian government did not contact Belarus, which raises the question of how did Belarus know about the first email."

How do they know that 'Lithuanian administration of the airports' (which is not, strictly speaking 'Lithuanian government') didn't contact Belarus?

Easy! The Lithuanian government, its airports and ProtonMail are all part of the conspiracy to wage war on Belarus.

Posted by: Petri Krohn | May 30 2021 13:04 utc | 17

It is worth to note that the whole issue stems from the usual technique used by USA and allies to "prove moral superiority". Latch in some aspect, however irrelevant, that creates a difference between the actions of "evil enemies" and their own.

For example, here the putative method of intercepting the place is "heinous" because it used spoofed messages, instead of official secret communications like those that entrapped the plane of Evo Morales. After all, Snowden did not violate any laws of Austria, a neutral country, but somehow Morales was trapped to land there, and laws and customs of international conduct were violated. Of course, "no one" blamed Austria.

One can make a long list of those distinctions.

We use weapons that can selectively destroy legitimate targets, "prediction guidance", and the evil folks do not. Like when USA precisely destroyed a restaurant, killing staff and customers, because of imprecise information that Saddam would dine there. Or Chinese embassy on an earlier occasions. Thus the superiority is not in avoiding civilian casualties but in using weapons that could.

Superiority of assassins over suicide bombers. But no kudos to Russia of not using suicide bombers.

Killing much fewer people that it was possible. "If Israel wanted genocide, we could make a parking place from Gaza/Lebanon." But no kudos to Russia for killing much fewer people in Georgia than they could, and much fewer than Israel. Actually, at that time, high American official condemned Russia for "improportional response", after approving, two years earlier, Israeli doctrine that "there is no such a thing as improportional when you deal with an asymmetrical adversary", i.e. a weaker adversary. Basically, when the adversary is weak, it is asymmetric and thus evil. Not applied to China and Russia.


Once I heard than in 1930-ties, a gossip column of a fashion monthly had this terse content in one issue: "In August, there was nobody in New York City". Sure, there were some millions of peons there, but everybody who was somebody was out of town. In that vein, we read a lot about universal consensus, like "nobody thinks that those settlements should be returned to Palestinians", "everybody knows that Putin amassed 50 billion dollars" etc. And, of course, no one blamed Austria.

Posted by: Piotr Berman | May 30 2021 13:05 utc | 18

@ jinn | May 30 2021 12:59 utc | 16

We are of course talking about the 2 emails b has mentioned. Proton mail has confirmed the existence of both, there is no confusion on their part.

Posted by: Norwegian | May 30 2021 13:08 utc | 19

OMG, I wrote prediction guidance instead of precision guidance.

Posted by: Piotr Berman | May 30 2021 13:14 utc | 20

Kamala Harris' Naval Gazing Speech, today in New York Post

I am not the one with spelling mistake today! Naval gazing, a new weapon or a new tactic?

Posted by: Piotr Berman | May 30 2021 13:20 utc | 21

Posted by: Mao Cheng Ji | May 30 2021 12:48 utc | 15

How do they know that 'Lithuanian administration of the airports' (which is not, strictly speaking 'Lithuanian government') didn't contact Belarus?
Yes it seems likely the airports would immediately notify all parties involved if this was a real terrorist threat from Muslim Jihadis.

However we know the email was fake (i.e. no bomb). So who is really behind it?

If Belarus faked the email to capture a dissident you would think they would be smart enough to send it at the correct time to back up their story.
So then perhaps somebody else sent emails timed to frame Belarus. This would be the pawn sacrifice theory. But still Belarus would have to be notified somehow and there would be a record of that.

Posted by: jinn | May 30 2021 13:22 utc | 22

The pilot could also land in Vilnius proper or Kiev, as he/she was just 70km from Vilnius, but then decide to land in Minsk, with both Protasevich and Sapiga aboard...
Recall navlny returned to Russia voluntarily making great fanafrre with video inside the plain and at the arrival airport, he´s detention and all that.

To see whether you are genuinely worried about the people in Belarus, or just are contributing to expand the noise signal ratio.

I authorize you to award yourself the finding, as I am not so worried about my own ego....

Posted by: H.Schmatz | May 30 2021 13:37 utc | 23

Posted by: Norwegian | May 30 2021 13:08 utc | 19

We are of course talking about the 2 emails b has mentioned. Proton mail has confirmed the existence of both, there is no confusion on their part.

protonmail has confirmed that they are aware that news reports say Lithuania received an earlier email. That email has not been made public and protonmail has not commented on it other than that they are aware it has been referred to in the news.

Posted by: jinn | May 30 2021 13:40 utc | 24

ProtonMail is in a bind. The core service they are offering is encrypted end to end emails to its users. I.e. secrecy and anonymity.

It needs to tread carefully about how much Information it can disclose about the emails. The mere fact that they can tell who the emails were sent to, who was CC’d and BCC’d tells me that they keep track of the metadata generated by their system and it’s that metadata that intelligence agencies are after. They want to know who is contacting whom.

Now that we know they are keeping track of the metadata it is reasonable to assume that their services are not as secure as they may claim.

That’s why they are hiding behind mealy mouthed statements and the Swiss authorities.

So desperate are they to crawl back under the shadows and avoid MOA’s public scrutiny they’ve even tried to accuse b of being a stooge.

It seems you are determined to push the belarusian narrative

Posted by: Down South | May 30 2021 13:42 utc | 25

As I understand it so far, correct me if I am wrong.

Belarus authorities have not stated they received the 12:25 email from ProtonMail only that there was a 12:25 email from ProtonMail.

The ATC transcript says:

"we have information from special services that you have bomb on board"

"airport security stuff [sic] informed they received e-mail"

This leaves open the possibility that one of the recipients of the 12:25 email could have copied the 12:25 email or made a screenshot and sent it to a Belarus address, via their email server, or even over the phone said that there was an email.

It leaves open the possibility the "information" about the email was transmitted without the first email actually being forwarded via the To or BCC fields at 12:25 via ProtonMail. So ProtonMail might be telling the truth.

As an optional interpretation the intent may have been to have had the Belarus authorities divert the plane without actually having the primary email complete with headers as evidence - thereby helping to shield the source.

Posted by: Deus Abscondis | May 30 2021 13:55 utc | 26

Protonmail is not an impartial entity by any stretch of the imagination. In an email from them to all protonmail users dated 31 July 2020 was a message "Defend Hong Kong" and on 8 April 2021 yet another of these messages referring to "Proton in Myanmar".

Posted by: Saffer | May 30 2021 14:02 utc | 27

What Deus Abscondis said.

Also, if this is a Russian, Belarus plot, then they messed up!

Posted by: Keith Granger | May 30 2021 14:05 utc | 28

@Petri Krohn | May 30 2021 12:09 utc | 9

Only email sent from one Protonmail address to another can be end-to-end encrypted. It the encrypted email is sent to a normal email address (like, then Protonmail must be able to decrypt it.

That seems to imply that Protonmail is able to decrypt any message. If a message from a Protonmail address to another Protonmail address, and CC'd to e.g., they must decrypt the message. So the claim of security seems dubious.

Does Protonmail keep copies of a user's sent emails, like Gmail does? If so, then it is false to claim Protonmail cannot access the content of the email.
Yes, Protonmail keeps copies on their server, they say so on their website.
Messages are stored on ProtonMail servers in encrypted format.
But if they can decrypt any message...

Posted by: Norwegian | May 30 2021 14:07 utc | 29

If Protonmail transmits an email to an external address, then my understanding is that it uses either PGP encryption which the receiver can use to decrypt the message or it transmits it in cleartext. This avoids them being able to decrypt internal end-to-end Protonmail transmissions. Such use of Protonmail as I describe here would only serve to protect the identity of the sender, not the content or recipient metadata of the email.

Posted by: Nairandac | May 30 2021 14:13 utc | 30

Proton are doing more than just confirming the earlier email exists; by claiming that Belarus was not sent that earlier email they are claiming to know it was not copied to Belarus - which as far as i know is information not otherwise in the public domain.

(the issue of "sent to" and "cc" already being covered).

So either proton can see their own cc data or someone has shown them the earlier received email.

Either way proton is not acting with neutrality.

Posted by: Keith Granger | May 30 2021 14:22 utc | 31

Thanks for your efforts b

Protonail is acting like its paid to act, corruptly.

What is intriguing is what this might mean to who the instigators are. If the details about how the bomb threat went down are being covered up, this seems to be occurring not from Belarus but from dying empire that is getting increasingly blatant with their attempts to start war under false pretenses.

It also says that they were and are prepared to throw Roman under the bus and any acting with him.

Where does the shit show go from here?

Posted by: psychohistorian | May 30 2021 14:42 utc | 32

Proton Mail: Then you would also be aware that the Lithuanian government did not contact Belarus ...

Wouldn't Vilinus airport/Lithuanian Govt be obligated to contact the airport that had flight control of a plane that might be in danger? Was Vilinus airport attempting to arrange diversion to non-Belarus airports? By NOT contacting Minsk, Vilinus Airport/Lithuania may have put the plane and it's passengers in danger.

Now, if Minsk was cc-ed then Vilinus would not have needed to contact them. But Minsk would also have the email and be able to prove that it was cc-ed. That Minsk haven't released that email suggests that they were not cc-ed.

Question: When was the fighter jet scrambled? Was it scrambled only after it was clear that the pilot was not diverting? Was the Ryan Air pilot 'making a run' for Lithuanian airspace? (Why would he do that?)


Posted by: Jackrabbit | May 30 2021 14:48 utc | 33

Proton Mail: Then you would also be aware that the Lithuanian government did not contact Belarus ...

Wouldn't Vilinus airport/Lithuanian Govt be obligated to contact the airport that had flight control of a plane that might be in danger? Was Vilinus airport attempting to arrange diversion to non-Belarus airports? By NOT contacting Minsk, Vilinus Airport/Lithuania may have put the plane and it's passengers in danger.

Now, if Minsk was cc-ed then Vilinus would not have needed to contact them. But Minsk would also have the email and be able to prove that it was cc-ed. That Minsk haven't released that email suggests that they were not cc-ed.

Question: When was the fighter jet scrambled? Was it scrambled only after it was clear that the pilot was not diverting? Was the Ryan Air pilot 'making a run' for Lithuanian airspace? (Why would he do that?)


Posted by: Jackrabbit | May 30 2021 14:48 utc | 34

Well you have them on the run now. It's clear, imo, that there is no neutrality, and they seem much more interested in supporting Establishment narrative than simple honesty. Indeed they want to know what info will satisfy the proprietor to change his opinion and get with the program. Perhaps the biggest thing uncovered, other than sophomoric obfuscation, is that Proton is another in a long line of cut-out frauds run by western intelligence.

Posted by: gottlieb | May 30 2021 14:48 utc | 35

As clearly shown by the map, the flight was nearer from Vilnius than from Minsk, anyway the pilot decided to land in Minsk....Why?

Posted by: Asha K. | May 30 2021 14:58 utc | 36

bang on b... thank you.. the punch line : "Now ask yourself if you can trust ProtonMail with the handling of any of you 'encrypted' emails." lolololol!

Posted by: james | May 30 2021 15:02 utc | 37

Maybe both mails were sent from the aircraft?

An intelligence op may have sent the first mail as a calculated risk, and they would know if it had been acted on, not least of all by watching the fighter jets getting scrambled. No reason for them to introduce additional risks to operational security by sending a second, more urgent, mail. That suggests amateurs at work.

If it took the pilots flying and air-traffic control 15 minutes to plan a route to the airport, prep the plane for landing, and go through the "bomb threat received check-list" the safest thing would have been for it to continue on its original route during that time. Which could easily convince a person on board they hadn't got the memo.

An elaborate defection to Russia, perhaps.

Posted by: skankworks | May 30 2021 15:02 utc | 38

@ Asha K. | May 30 2021 14:58 utc | 36.. maybe the pilot took the bomb threat seriously??? whaddu think??

Posted by: james | May 30 2021 15:03 utc | 39

"As clearly shown by the map, the flight was nearer from Vilnius than from Minsk, anyway the pilot decided to land in Minsk....Why?"

Because the bomb was geo-coded. The threat email said that plane would explode above Vilnius.

Not a good idea then to try to land there.

Posted by: b | May 30 2021 15:05 utc | 40

@ skankworks | May 30 2021 15:02 utc | 38 quote "That suggests amateurs at work." or it suggests some malevolent party with specific intents, the results we appear to read about full stop in the msm at present, from the dossier center right on down to every other bullshit outlet.. yeah..

Posted by: james | May 30 2021 15:06 utc | 41

Based on all this, I would love to know:

1. If the Lithuanian authorities have publicly admitted that they received the initial email and made an official decision to refuse to act in accordance with all laws and decency in promptly notifying everyone that they should have notified in order to prevent a tragedy. Or they could clarify that either they hate the Belarussians/Russians so much that they would rather sacrifice a plane load of people rather than so much as speak to Belarus, or that they were informed by their western "partners" that this was an ongoing operation and not to interfere.

2. 17 minutes is a LONG TIME to go without taking any action when you're flying a plane with a bomb on board. What precisely were the flight crew doing during this time? Who all were they in communication with (on alternative radio channels, not on ATC frequency), and what was said? This, and the fact of the earlier email contradicting the official narrative, may be why the west seemed so upset that the international aviation board decided to conduct an official investigation, rather than simply rubber-stamping sanctions on Belarus.

3. Why hasn't Belarus released a copy of the earlier email, if for no other reason than to make it "public domain?"

Posted by: J Swift | May 30 2021 15:06 utc | 42

Protonmail may not mind losing clients, as could well be a byproduct by CIA/NATO, at disposal from slef-dstruction at any time needed, as happens with human assets ( Skripals, and the rest who ise to evaporate from planet Earth..or die in strange circumstances ).

On the other hand, compromised or not, a quite unknown allegedly encrypted email service, only known amongst altenrative sites ( whose commenters strongly recommend sometimes..) and intelligence services, gets a whole free propaganda campaign, especially amongst the West narrative faithfull, which could weel be in the millions of people...Round business..

On the reasons which could have Switzerland as allegedly neutral country, of probable undeserved fame, it is one of major Swiss banks, along with a big German ones, who got hugely compromised by loses in the US stock market..before the pandemic...
A good reason to go along and unite the Western chorus....

Posted by: Asha K. | May 30 2021 15:07 utc | 43

One could photoshop a fake picture of an email from ahmed to minsk airport with the 9:25utc timestamp... it would then be equally as public knowledge as the picture of the 2nd email... proton would then be obliged to either confirm or deny a 9:25utc email to Minsk airport.

Belarus does bear some of the fault for the continuing confusion here. They could publish a log of the email received by Minsk and who else it was CC'd to. With the exact addresses it was CC'd to.
Of course the western media would not believe it... but again it'd be 'public' and then confirmable/deniable by proton according to their 'rules'.

Earlier I surmised that the CC list on the email Minsk received includes a non-valid Athens address. Which is why Belarus (Lukashenko) has mentioned an Athens receipient that the Greeks seemingly know nothing about. If we could get that address then we could set up an account for it and (possibly) receive a queued copy of the email.

Posted by: kons | May 30 2021 15:20 utc | 44

I can hear the conversation at Protonmail after the exchange with our host: "Holey cheese, boss-man! This guy can configure sendmail! He knows more about how email works than our entire development team combined!"

Posted by: William Gruff | May 30 2021 15:21 utc | 45

@Posted by: b | May 30 2021 15:05 utc | 40

Then why the pilot decided to land in Minsk, not by pre-planning by Lukashenko and his security services, thus case closed.
Btw, that the three passengers who then decided to get in Minsk, a Greek and two Belarusians, could well NATO assets too whi then vanished, prepared to modificate operation aboard ( like blowing up the flight to cause another MH17 incident...)in case things would not go as previewed..

Word has that also Kiev and Warsaw received the bomb aboard warning, but refused to offer landing..If the device was geo-coded, the pilot had varied possibilities then
Being both capitals of countries greatly involved in the plans for color revolution in Belarus, a clear indicative this was a false flag all the way by the results.

Navalny also flown willingly to Moscow for the propaganda operation, fully videoed by his entourage, on his sure detention and jailing once in Moscow. He lost anything, even has gained weight and clearly health in general while in jail ( as absence of toxics, good Russian food, and some physical work, does not harm anybody, on the contrary...)

Posted by: Asha K. | May 30 2021 15:24 utc | 46

The pilot's refusal to divert is probably the best evidence of a plot against Belarus.

Western plotters would need Belarus to scramble a fighter jet to "prove" that Belarus "hijacked" the flight.

There would be no need to scramble a fighter jet if the pilot had obeyed the command to divert. The refusal to divert would naturally lead authorities to suspect that the pilot might be part of the bomb plot.

So . . . when was the fighter scrambled?

PS if Belarus had cooked up a scheme to hijack a flight with a dissident journalist on board then wouldn't they cover their tracks by arranging to find a crude explosive device on board to justify their actions?


Posted by: Jackrabbit | May 30 2021 15:28 utc | 47

Can we comfortably say now that this was not initiated by Belarus to apprehend Roman?

So Belarus is being set up to overreact to the "info" that Roman had with him sounds plausible to me. Is Lukashenko still with Putin? I would conjecture that the reason Belarus has not released its copy of the email in question is because the game goes deeper than this and other events need to play out or information come to light.

All that comes to my mind is that all the spinning plates of lies and deception require ongoing projection of those lies and deceit. As time goes on and, now, with China not playing the private finance game, the geo-political spinning plates of empire are wobbling more because of their corrupt foundation.

The dog barks and the caravan of civilization war moves on. The evolution of humanity past the immorality of a global private finance elite run world is still a possibility but this situation shows that lie, cheat and steal continue to be operational modes of empire still in control.....but being challenged more and more.

Where is the tipping point of empire not being able to continue the war-for-profit-and-control game and nuking us all or crashing the world in a way where they are not brought to justice?

The shit show Narrative continues until it doesn't

Posted by: psychohistorian | May 30 2021 15:31 utc | 48

@Posted by: J Swift | May 30 2021 15:06 utc | 42

Related to the first question, Lithuania, as poor NATO colony fully dependant on NATO funds since its independence from the USSR to survive, gets to decide nothing about what happens in its territory ( as happens, btw, with almost most of EU members..).
They host the "Belarusian government in exile" and its advisers, like good ole Roman´s friend Franak Viacorka, because they are ordered to do so.

On the other hand, blowing up airliners full of passengers while on flight did not mind the West doing anytime in the past, why it should now, when they are about to enter stagnation and need some great country with rich resources to loot asap?

Posted by: Asha K. | May 30 2021 15:37 utc | 49

The pilot NEVER refused to divert.
This was a medium term emergency not a 'pan pan' immediate emergency.
In a medium term emergency the pilot is to continue flying with no change while assessing options and consulting people on the ground with more responsibility (ATC, Ryanair flight ops). When a decision of course of action is made then (AND ONLY THEN) does the pilot declare 'mayday'.

The proximity to Vilnius was assessed as the danger factor both by Minsk ATC and the pilot (and maybe Ryanair who knows). Getting close to Vilnius was the only action expressly prohibited by the risk assessment.

The Pilot used all the free time available (flight time fromhearing about the threat from MinskATC to Vilnius approach) to assess options.

The fighter jet escort is completely standard in a case like this. The pilot was never aware of it.

Posted by: kons | May 30 2021 15:39 utc | 50

"Proton are doing more than just confirming the earlier email exists; by claiming that Belarus was not sent that earlier email they are claiming to know it was not copied to Belarus - which as far as i know is information not otherwise in the public domain." Keith Granger @31

Correct. Proton revealed some more information apart from the timestamp.

People need to ask the question why would Belarus be EXCLUDED from the bomb threat?

Who would go out of their way to EXCLUDE Belarus and why?

There would have been an onus on the Lithuanian aviation authorities in particular (as the destination was Vilnius) to contact Belarus and say we have been sent a bomb threat did you get it too? Lithuanian ATC and Belarusian ATC should have been in frantic communication.

It isn't clear WHEN Belarus was first "informed". Presumably it was very close to 09:28:58 when ATC informed the pilot. The short amount of time 3 minutes and 58 seconds before the first email suggests it is highly likely someone phone Minsk ATC.

As I said it isn't clear Belarus received the ProtonMail email at 12:25 via a CC or BCC as opposed to a FORWARDED email which would not have gone via ProtonMail it would have gone through a different server. Belarus may is highly likely to have been contacted by phone before any email was forwarded from one of the other airports. If an the 12:25 email was FORWARDED to Belarus they would have seen the 12:25 email originated from ProtonMail. So what ProtonMail says may be true AND what Belarus says may be true - there is no necessary contradiction.

Why Belarus haven't said they were first contacted by phone is a mystery.

One possible interpretation is that Belarus excluded themselves from the initial email?

Posted by: Deus Abscondis | May 30 2021 15:49 utc | 51

About taking bomb threats seriously.

If I had been at Minsk airport and seen that email I would have bet 100 000€ that it is fake- I still would have acted as if it is real. It is so obviously and patently fake. Every security person whether at Minsk or Vilnius or Ryanair flight ops knew 100% that it was fake. And yet...
They all MUST take it seriously. That is the way the system works.

If an 80 year old granny makes a joke about her knitting yarn being a bomb at airport security. She MUST and will be investigated. You may think this is a stupid way of going about things, but that is the way things are done.

Posted by: kons | May 30 2021 15:50 utc | 52

Anyway, since the warning sent through "encrypted free email service" Protonmail, reveals as sender one "Ahmed Yuvalov", from "Hamas", I do not find any need of further discussion to consider this a whole hoax by NATO.
Neither one Yuvalov would be any time member of "Hamas" ( quite more probably from IS, Caucasus branch...), nor Hamas has anything to scratch from placing a bomb in a Ryanair flight ( after having reaped the major solidarity and support campaign in ages from Western public during the past war with Israel.. ), facilitating the detention of nazi Protasevich ( of Azov´s heroic doings ) and his girlfriend ( running a doxxing website for to expose personal data of Belarusian law enforecmeent forces and families..)

Why all this noise, and why neither the Belarusians, nor the Russians for that matter, move a finger to disclaim anything, as the case falls by itself, except before average citizens not learnt on geopolitics dirty play or doing it but not paying attention.

Posted by: Asha K. | May 30 2021 15:53 utc | 53

@Deus Abscondis 52

Yes, I posed the question earlier, and I wonder if you're not on the right track--perhaps Minsk was not copied directly in the first email. It is of course possible Belarus isn't releasing the email because they are following the Russian example of tending to be very formal about investigations, treating them seriously and jumping to no conclusions until the entire investigation is complete (unlike the West, which has a narrative to drive). But it is at least as possible that they acquired a copy of the email, or notice of its contents, either from a source they would rather not compromise or from their own clandestine services and don't want to alert to the fact they have compromised Lithuania's communications.

Posted by: J Swift | May 30 2021 15:59 utc | 54

Transcript of Minsk communication with pilot (from Reuters) shows no pressure on the pilot to divert to Minsk. Only a "recommendation" from Minsk and Minsk-determined threat level of "red".

But the transcript doesn't have timestamps.

"holding at present position" means circling? Judging by the flight path, it appears that the pilot began to circle then later declares an emergency and diverts.


Posted by: Jackrabbit | May 30 2021 16:12 utc | 55

IMHO you spent way to much time and energy on ProtonMail and this email issue in general. There will most likely never be evidence in order to identify the one who send the email. However, we know that the "soldiers of Hamas" mail is obviously complete nonsense. We also know who benefited from this hoax: The Belarusian state got it`s hands on Protasevich.

In my opinion what went wrong is the assessment of the Belarusian government on how the West would handle that issue. They expected them to handle it quietly. Due to Protasevich ties to the far-right Azov battailon and due to the fact that he had been on his trip back from what lookes like a regime change conference in Athens. He would have been imprisoned for a while and eventually exchanged for somebody Belarus and/or Russia want to get back.

Instead they make a big fuzz, don`t give a s*** about the revalations concerning this "journalist" and prepare to issue sanctions in response to the violation of the "free press". What was supposed to be a clever inteligence coup on part of the Belarusian KGB developes into an own goal.

Posted by: m | May 30 2021 16:23 utc | 56

The Reuters edit of the ATC transcript is heavily redacted to support their narrative. There is no technical reason that Reuters and all teh other western media that quote Reuters couldn't just include the full transcript. That they don't indicates their bias.

is the most complete transcript (needs a translator google/deepl)

Posted by: kons | May 30 2021 16:26 utc | 57

Very cool investigation, even more fascinating when you realize MoA is just a blog.

You know you're living in interesting times when an amateur blogger does more investigative journalism than all the multi-millionaire, six-figure earner, Western "journalists" put together.

However, for this specific case, this is overkill. We already know the Belarusian version of the story is true.

For starters, they publicly released the transcripts. This degree of transparency can only come from a confident part, a part that knows it is telling the truth.

Secondly, the story contained in the released e-mail (the time it was sent is irrelevant) was not denied by the part that would've benefited the most from it - the West. We know there was a bomb menace by a ME group sent through e-mail to the interested parts (i.e. the airports), regardless of the timing the information circulated. This part is indisputable by now. Unless we assume Belarus is a major player in the Middle Eastern affairs (which we don't), it is given Belarus could only take the content of the e-mail seriously, therefore it must have received the information in due time. Indeed, that's the major flaw in the West's version of the story: they should have denied the existence of the e-mail entirely, claiming the screenshots are a forgery. This way, the narrative would be pretty much straightforward: the evil communist Belarusian government, headed by a ruthless and narcissist dictator, intercepted a plane just because he wanted to arrest a honest journalist that was uncovering his atrocities.

Thirdly, the behavior of Russia. In the aftermath of the event (before the e-mail became public), the Kremlin was apparently furious at Lukashenko, and behaved as if he made a blunder. If you take the content of the Russian MSM (including the Russian language one) at the time, you'll see they were believing the Western version of the story, and was already scrambling to try to separate Lukashenko from Russia, i.e. give Lukashenko for lost. Then the e-mail leaked, and the behavior changed a little bit. Then Lukashenko flew to Sochi to talk to Putin, with a case full of evidence Belarus was innocent. Immediately after the meeting, Putin made a pronouncement, stated he was fully on Lukashenko's side. That means Lukashenko showed deciding evidence (not the amateur OSINT we do here; real, decisive and beyond dispute evidence, collected by the professionals of the KGB) to Putin, and Putin immediately realized it is a gross, vulgar propaganda warfare against Belarus. The Russian MSM then did a 180° shift of opinion, fully siding with Lukashenko; they're now poking fun at Western hysteria, and enumerating the many times they hijacked planes to achieve their trivial and petty geopolitical aims.


@ Posted by: Deus Abscondis | May 30 2021 13:55 utc | 26

Even if what you said was true (I don't know if it is, I don't think it is), your hypothesis presupposes the KGB are a bunch of psychics, because then they would have diverted the plane without knowing any e-mail to cover them up would come within the next dozen minutes. That, or you're implying Hamas has close links with the Belarusian government (you would be opening an entire new arch if you think that's the case).


@ Posted by: Asha K. | May 30 2021 15:24 utc | 46

Probably because it was the Belarusians who warned them of the bomb threat first, therefore the place where it was guaranteed of a safe lane for landing.

Also, it may be possible that the Minsk international airport was the nearest decent one in the region.

Thirdly, the route Vilnius-Minsk is common, therefore the pilots must be familiar with it.

Fourthly, it may be the case the pilots are not the brainwashed Western drones we find in the USA or in Western Europe, they must know Belarus and they must know it is not that oppressive hellhole the West say it is.

Fifthly, the pilots must know how ruthless the West is, how easily they sacrifice their pawns (see the plane downed by the neonazi Ukrainian militias, which the pilot community must already know the true story), so they didn't want to die and trusted the only government that was interested in keeping them safe and alive.

Posted by: vk | May 30 2021 16:35 utc | 58

For instance this crucial part just as the plane is about to land at Minsk, is left out of the Reuters transcript. And seems to strongly indicate that the Pilot was never able to contact Ryanair flightops.

Pilot: 10:04:14 RYR1TZ request

ATC: Go ahead

Pilot: Just wanted to know if our company was informed about about this case about this event

ATC: RYR1TZ stand by

Posted by: kons | May 30 2021 16:36 utc | 59

I guess it is important to deal with this and get Proton to clarify the situation with the first letter.
But the fact is that even without the first and/or second letter, the actions of the Belarusian authorities did not violate anything. Lukashenko was absolutely in his own right. The claims of Western politicians are untenable, absurd and inadequate. The insane statements of some dummies about "state terrorism(!)" are generally beyond sanity.

An airplane flying over the territory of a sovereign country falls under the authority of that country, becomes, as it were, its "property", and the country has the right to land it (Article 1 of the first Chapter of Convention on International Civil Aviation says that "The contracting States recognize that every State has a complete and exclusive sovereignty over the airspace above its territory"). Even without explaining the reasons. The Belarusian jet fighter accompanied (from a certain point) the airliner in the Belarusian airspace, without violating anyone's air borders. The Belarusian authorities had every right to land it without explaining anything. They could even say directly that they were landing a plane in order to confiscate Protasevich.

In 2016, the Ukrainian regime did the same - within its territory, they forced the Belarusian airliner to turn around and land in order to take the anti-Maidan activist from the board. Moreover, they openly threatened with jet fighters. There were not even attempts to somehow justify/embellish their behavior. Note that Belarus (and not only Belarus) then did not make claims, go to courts, demand sanctions, etc. Because the Ukrainian regime was in its own right. Yes, it looked arrogant, rude, but they were in their own right.
Likewise, Belarus is now in its own right. And by and large it is not obliged to explain something to someone.

So in my opinion the presence of letters is an important, but still a secondary point that does not change the essence of the matter.

P.S. Proton's references to the Dossier.Center is the same as links to propagandists from belingcat. An adequate adult person will in every possible way avoid even touching it, just as we try not to plunge into a pile of stinking garbage on the street.
Any resources, even in the slightest way connected with such persons as Browder, Khodorkovsky etc, are a priori toxic and must be ignored.

Posted by: alaff | May 30 2021 16:37 utc | 60

If the pilot was cooperating and scrambling a fighter jet is standard practice in a situation like this (as both b and kons @May30 15:39 #50 have informed us) then it may be impossible to know if Belarus or the West were behind the diversion to Minsk.

What does ProtonMail's refusal to confirm a message sent to Belarus actually mean? That refusal must be considered along with Belarus' unwillingness to release the email. If Belarus received an email from ProtonMail directly then they should have no reason not to release that fact. And if they received the email from a reputable third-party then they should likewise not be hesitant in revealing the email and the source.

We can surmise that Belarus likely got the email from intelligence sources (and I suspect that Belarus has far less capability than Russian intelligence) as suggested by J Swift @May30 15:59 #54.


Posted by: Jackrabbit | May 30 2021 16:38 utc | 61

@Posted by: m | May 30 2021 16:23 utc | 56

"We also know who benefited from this hoax: The Belarusian state got it`s hands on Protasevich".

Nonsense, and what benefit is that, there is left his partner at NEXTA, and the whole myriad of operatives they have trained as replacement as both, Azov death squad punisher elements, and "heads of Belarusian oposition in exile" the kind of Tikahnouskaya ( recall that, at first, it was her husband who was the candidate, a hair cut and some estilism and, voila!, a "new young political democratic promise", mate, they even make always the same hair cut, the same one the Skripal woman got just after being released from hospital and made that strange interview in a Uk military base...).

They may be short of hairdresser ( hence the continuous repetition of hair cut..) but not of Azov kind cannon fodder and pusnishment troops, bloggers, or "candidates" with that face of simpletons, like Guaido, Navalny, Tikahouskaya, Joshua Wong...

Posted by: Asha K. | May 30 2021 16:40 utc | 62

@ Posted by: m | May 30 2021 16:23 utc | 56

The problem with your hypothesis is that the West doesn't deny the content of the e-mail, just its timing, i.e. they recognized Hamas sent the bomb threat.

Read my @ 58.

Posted by: vk | May 30 2021 16:42 utc | 63

@ Posted by: Jackrabbit | May 30 2021 16:38 utc | 61

Yes, but the fact on the field is the Belarusian government immediately released the transcripts, while the Western MSM and governments have kept total silence over them. That means the transcripts must be genuine, otherwise the Western MSM would be crying about how Belarus was forging transcripts.

Posted by: vk | May 30 2021 16:45 utc | 64

@ jackrabbit... you have missed a lot of commentary the past few days.. you might want to read what has been said in the past few days on the various posts on this topic..i say this based on your commentary @33.. cheers..

Posted by: james | May 30 2021 16:48 utc | 65

Just came out:

Criticizing and sanctioning Lukashenko is no substitute for an actual strategy on Belarus, by John R. Bolton

Right off the bat:

The United States and the European Union made a strategic mistake last summer by mishandling the unprecedented protests against Belarusian President Alexander Lukashenko’s autocratic regime. Now, after Lukashenko’s commission of air piracy on May 23 to kidnap an opposition critic, the West appears set on compounding its error by driving Belarus further into the welcoming arms of Russian President Vladimir Putin.

If this isn't an admission the plane landing was a false flag by the West, I don't know what is. Bolton immediately related the arrest of the neonazi with the strengthening of the Belarus-Russia ties, which can only mean the West arranged the whole thing, and the whole thing backfired.

The rest of the op-ed is simply delusional and helpless. Not even worth analysis.

Posted by: vk | May 30 2021 17:14 utc | 66

james @May30 16:48 #65

Yeah, I admit that I wasn't following the matter until b started writing about it. So I'm still catching up.

b replied to me on the previous thread that Minsk must have been cc-ed because they got the (first) email so quickly after it was sent. That is logical.

But why hasn't Belarus released info about that email when the West is saying that Belarus only got an email AFTER the flight was diverted (supposedly as cover for "hijacking" the plane)?

Shouldn't it be Belarus that is attacking the credibility of ProtonMail instead of a blogger?


Posted by: Jackrabbit | May 30 2021 17:16 utc | 67

in this case i support you 100% b.

pm is clearly busted and a ic assset.

Posted by: Per/Norway | May 30 2021 17:41 utc | 68

@Jackrabbit | May 30 2021 17:16 utc | 67

But why hasn't Belarus released info about that email when the West is saying that Belarus only got an email AFTER the flight was diverted (supposedly as cover for "hijacking" the plane)?

Maybe Belarus is waiting for the hole the "west" is digging for itself to become deep enough they won't be able to climb out?

Posted by: Norwegian | May 30 2021 18:05 utc | 69

@ 67 jackrabbit... thanks.. i agree with @ 69 norwegian for one.. two - i think the concept of a phone call that was instrumental might also factor in as someone has suggested upstream.. i suspect belarus wants to hold some of the cards it has in it's hands either way... but i hear what you are saying too - share it so that it is public knowledge, although we know that the western msm will not run with any story that conflicts with the narrative they are working at writing here, regardless of belarus input.. that is standard western msm procedure at this point..

Posted by: james | May 30 2021 18:55 utc | 70

vk @58: ...In the aftermath of the event (before the e-mail became public), the Kremlin was apparently furious at Lukashenko...believing the Western version of the story"

There is no reason for me to doubt this, but I don't understand it all all. How stupid can they be? How naive? How gullible? Russia has been on the receiving end of the same kind of crappy yellow journalism non-stop for many years; since 1917 at least. The default response for them by now should be that whenever any issue of geopolitical significance appears in the West's Mockingbird mass media they immediately assume the opposite is true, or at least treat the reports with the very deepest of skepticism.

It is quite discouraging that the Russians are so easily punked by the empire.

Posted by: William Gruff | May 30 2021 18:56 utc | 71

Regardless of encryption ProtonMail knows how many recipients got the same email. Encryption just protects the text of the message body but when that encrypted text is delivered to multiple recipients, it is byte by byte identical.
It is criminal for ProtonMail to dance around this question.

According to the Geneva Conventions: Lying to promote hostility against another country is a crime against peace.
I am not suggesting that anyone can drag ProtonMail into Hague. I am saying that NATO is playing with fire. NATO has been systematically demonizing Russia and her few allies for decades. Regardless of what NATO says, this also demonizes her population. If / when war does break out; the blood will be on NATO's hands. Fareed Zakaria had one of his manic, hate Russia, shows today about Belarus. NATO is making more and more Fareed Zakaria's.

Posted by: Christian J. Chuba | May 30 2021 18:58 utc | 72

@ Posted by: William Gruff | May 30 2021 18:56 utc | 71

The journalist community in Russia is extremely pro-West, pro-liberalism, pro-neoliberalism. The reason they are so is because they hated the USSR because socialism is incompatible with the profession of journalism as we know it.

The journalists were one of the main spearheads during the sabotage of the Gorbachev government during the Perestroika. They were also the main defenders of the Yeltsin governments, and one of the architects of the sabotage of the Communist campaign in 1996.

Long story short, journalists in Russia are as ideological (on the liberal side) as their Western counterparts.

Posted by: vk | May 30 2021 19:32 utc | 73

@ Posted by: Christian J. Chuba | May 30 2021 18:58 utc | 72

I doubt the email, since it was received outside the Protonmail system, was ever encrypted at all from sender to recipient.

If it WAS encrypted and with PGP (since it was delivered outside the Protonmail system), then the bodies of the email were NOT byte for byte the same in their encrypted form since the different public keys would have been used for encryption. Else the receiver would not be able to decrypt the message. Only the unencrypted text is identical.

Also, if Proton mail is correct about end-to-end encryption then the message was encrypted, using PGP (using the different recipient public keys), at the sender's end and Protonmail could neither decrypt the message nor tell whether it was the same message other than by the (possibly or nearly) simultaneous sending time stamp.

Posted by: Nairandac | May 30 2021 19:43 utc | 74

@Posted by: vk | May 30 2021 16:35 utc | 58

Why do you along at least two of your comments so much insist, and remark, that the email was sent, first by Hamas, and then by a ME group?

You seem sharp enough to become aware that this sender name is fake, and can be faked, morevoer with such a name, Ahmed Yuvarov, just your typical Gazatian surname...

Explain, please, what do you think Hamas has to gain by sending such email after its sucess in the battle for the hearts and minds of the West by defending Al Quds.

Are you Israeli by any casuality? You seem so.

In any case, I would admit it could be a joint CIA/MOssad operation, trying to shoot two birds at the same time and try to blame Hamas, since "BiBi" would do whatever he could to restart the war, as he is on the brink of being finally displaced from government by a coalition Benet/Lapid, and thus could well easily end in jail, where he belongs, for his multiple corruption cases plus now the late genocide in Gaza he ordered.

On the other hand, another claim you keep repeating, is that Russian officials got dissapointed with Lukashenko and believed the West, as if they were some simpletond like your usual West encargados.

Look, man, I read everyday several Russian media and read nothing of the sort.
Cite the sources of such claims.

Posted by: Asha K. | May 30 2021 20:10 utc | 75

Anyone blindly trusting an online provider of secure mail services is gullible and naive. There are plenty of reasons to question protonmail, but the ones b is sporting are a bit tenacious.

Of course, by even publicly commenting on the mails in the first place, protonmail has totally discredited itself as a professional operator of secure mail services. The brouhaha that follows the misquotings by reuters and questionings by b are the inevitable consequence of this initial mistake.

As a self-confessed sendmail.m4 wrangler (shudder), b could have made the dialogue with protonmail more to the point by referring to the concepts of "header to:" and "envelope to:". By using the proper terms, the big cc:-confusion could have been cut short.

Protonmail has access to its own equivalent of /var/mail/mail.log and there is not much reason to delete or obfuscate these logs, as this information is essentially in the open anyway. All backbones are sniffed and logged for these openly transmitted metadata, not just by the NSA. Protonmail's business case is to a large extent based on this.

By acknowledging the first mail, they even implicitly admit that they keep these technical logs. It is just a bit clumsy for them to claim an embargo on commenting the second mail due to a Swiss investigation, but if said investigation only started after their initial comments, it is a valid reason. It only reinforces protonmail's stupidity of commenting on the first mail.

BTW, I still remember how easily people were fooled and astonished when I sent them emails from: "important people" back in the day when the internet was a innocent place and mail relays were welcoming hubs. Oh the days..

BTW2 (for the technically inclined) I used to work at a sizeable company and for some purposes had to use a microsoft exchange mail server. A longstanding nuisance with that particular POS was its habit of rewriting mime-headers in the body of emails - a total no no for an MTA. One fateful day the "email expert" of the Exchange team shows up with some questions for my colleague nextdesk. After his questions were answered, I politely requested his attention and inquired about Exchange's mime garbling issues. To illustrate the problem I opened a terminal and proceeded to telnet into port 25 of the offending MTA, did the obligatory "MAIL FROM:" and "RCPT TO:" dance and pasted in a mail body containing some mime headers as well. After terminating the session and telnetting to the same server's POP3 port, I managed to retreive another copy of the mail I had seconds ago pasted in, but this time with mangled mime headers in the body of the mail. I ask the "expert" to confirm that this is totally unacceptable behavior for an email server, but to no avail. The "expert" was completely baffled at what I hads shown him. He had probably never seen telnet before. It was doubtful that he knew what RFC821 was or any RFC, let alone having ever read one. Maybe he now works at the public relations desk of protonmail. Anyway, we solved the issue by emailing to the Exchange team what registry edit they had to perform in order to make exchange standards compliant ("compatible" in MS-lingo).

Posted by: Lurk | May 30 2021 20:20 utc | 76

Jackrabbit@47 et al.: "...There would be no need to scramble a fighter jet if the pilot had obeyed the command to divert. The refusal to divert would naturally lead authorities to suspect that the pilot might be part of the bomb plot..."

Maybe a bit pedantic, but there is no presumed authority of air traffic controllers over aircraft. They cannot 'command' a pilot to do anything - it's always up to the pilot in command. Aircraft pilots (like ship captains) have ultimate authority and are entirely responsible for the operation of their aircraft/ship. They can be advised or warned, but not commanded to do something like divert to a certain airport. The exception is, of course, " threat of force."

No indication that the RyanAir pilot even knew of the Belarusian fighter or acted under threat of force. The Belarusian fighter would have been above and behind RyanAir without contacting it. It's not like Hollywood where they pull up alongside the aircraft so the pilot 'knows' he's being escorted. Also no indication that the pilot had any particular aversion to landing in Minsk - it made the most sense in context (albeit inconvenient in general like any diversion). There would have been no consequences for the pilot to - instead - have chosen to return to Kiev. It's their decision. It would not have been up to the air traffic controllers to argue with the pilot that Minsk was a better choice or 'preferred' for any reason. For that matter, air traffic controllers couldn't prohibit the pilot from continuing on to Vilnius. Belarus would still have escorted the flight out of Belarusian airspace.

It would be an entirely different matter if the fighter did show itself to the RyanAir pilot and implied a potential use of force. Or if the air traffic controllers somehow suggested that threat to the pilot if he didn't choose to land at Minsk. I don't know, but doubt they would be that enthusiastic to be the bad guy. In the larger scheme of things, just how important was Protasevich to them, anyway?

Posted by: PavewayIV | May 30 2021 20:47 utc | 77

"@Posted by: Nairandac | May 30 2021 19:43 utc | 74, regarding PGP encryption"

I've never code a PGP application so I'll back off the argument that an encrypted message body would have the same bytes. I suppose if ProtonMail sends the same message to two different locations that they could separately encrypt the message using different public / private keys and they would make the encrypted bytes different.

But the email header or meta-data as MoA called it would not be encrypted because the server needs that to route the message. I bet there is enough info in the email headers to verify that both emails came from the same origin without requiring any access to the text of the message itself. If anyone has any interest, you might be able to see stuff in your own emails if you can view your email with a detailed view, you would see all kinds of interesting stuff other than just the sender.

Posted by: Christian J. Chuba | May 30 2021 20:53 utc | 78

@ Posted by: Asha K. | May 30 2021 20:10 utc | 75

In my mother tongue, it is considered more elegant to avoid repetition of proper names.

There wasn't any bomb in the plane, therefore the e-mail had the intention to make it land in Minsk.

Since Hamas obviously doesn't give two fucks about what is happening between Belarus and the West, we can already write them off: the message is not by Hamas, but it is legitimate in the sense it exists.

That leaves us either with the KGB or the West. One of them forged the e-mail to make it land in Minsk.

The West didn't deny the existence of the e-mail. What they claim is that it was sent after the plane diverted to Minsk. Implied in this is the thesis that the Belarusian jets forced the plane to do so. The only hypothesis this narrative holds water is if it was the KGB that forged and sent the e-mail and committed a blunder, by sending it some minutes after the event. This can be debunked by the release of the first e-mail, which the owner of this blog tried to get.

But there are other evidence as well. Since the plane landed on Minsk willingly (i.e. the pilots decided for themselves to divert to Minsk based on the information they received mid-flight), then it is patent the information got to them in time to divert to Minsk (i.e. there are at least two e-mails; and/or other means of communications were utilized). Since the Belarusian government released the transcripts the day after, it is 99% guaranteed this was indeed the case: the Belarusian jets didn't force the plane to divert to Minsk (most likely the pilots didn't even know they were being escorted).

Nobody seriously believes Hamas is involved. First of all, there wasn't any bomb in the plane. Secondly, Belarus doesn't have any influence over Hamas, so cooperation between them is ruled out. Thirdly, the West (who would certainly benefit from coupling the two together, as this would create a united front between the USA-EU-Israel against Belarus-Palestine) isn't even trying to blame Hamas, but Lukashenko and Lukashenko only.

The outburst against Lukashenko was everywhere in the Russian MSM during the first hours of the aftermath of the event. The Kommersant even published an op-ed speculating about the imminent end of Lukashenko. But yes, they immediately changed their opinion when more information came out (to their credit) and, now, Russian public opinion is entirely on Lukashenko's side on this issue.

Posted by: vk | May 30 2021 20:53 utc | 79

Everyone, including Ryanair, agrees that Minsk Air Traffic Control warned the pilot of the bomb threat. But Ryanair's CEO criticised the ATC for failing to give that information by telephone, as if that's the proper procedure for dealing with threats to blow up planes full of passengers. And he seems to blame them too for passing on a threat that turned out to be fake.

"In a letter to the Belarus transport ministry dated May 26, Ryanair Chief Executive described previous correspondence from Belarusian officials as "false and inaccurate" and said the plane had been "unlawfully diverted under false pretences".

"The pilot in command was left with no alternative but to divert to Minsk, when he was advised by Minsk ATC (Air Traffic Control) that there was a credible bomb threat to the aircraft, yet Minsk ATC refused to contact Ryanair, falsely claimed that Ryanair Ops would not answer the phone," the letter said."

The pilot repeatedly requested information about the alleged bomb threat before ultimately agreeing to land in Minsk, according to a transcript released on Tuesday by authorities in Belarus.

Ryanair did not respond to an emailed request for comment."

It looks like Ryanair is making excuses for being so slow to respond to the warning.

Posted by: Brendan | May 30 2021 21:33 utc | 80

Thirdly, the behavior of Russia. In the aftermath of the event (before the e-mail became public), the Kremlin was apparently furious at Lukashenko,...
Posted by: vk | May 30 2021 16:35 utc | 58

I seriously doubt it. Putin and Lukashenka have various differences, but their nature is totally divorced from such events. Most fundamentally, for years Putin wanted Belarus to behave more like a part of Russia, at least to the extend that member states of EU are obedient to EU. In the same time, Belarus wants to get as much subsidies in one form or another as they can, and Putin is a tight wad. In other words, they discuss about stuff that can be measured in billions of dollars, and not about what to do with unruly 20-somethings.

They two gentlemen also differ in style, so they may annoy each other. But at the end of the day, they are mature. Current circumstances are somewhat favorable to full reconciliation. Under Western pressure, Lukashenka has little choice but veer East. In the same time, tight wad Putin has a bit more money to balance the budget, as the oil prices seem to keep steady close to 60 dollars per barrel (well, dollars are not worth as much as, say, a year ago, but at the nadir of oil slump there were prices in 30-ties.

A funny tidbit, Belarus was a beneficiary of low prices on Russian oil, allowing them to process oil and sell products like diesel and gasoline at a fat profit. Putin more or less cut that off. But in exchange, Belarus got cheap electricity in the form of two big nuclear plants with a good financing plan (the second plant coming soon), so they can shut down a lot of thermal power stations or export (that is not an option right now but who knows...) etc.

Posted by: Piotr Berman | May 30 2021 21:37 utc | 81

The very fact that they jumped to the conclusion that you're a shill for Belarus made it clear that they think you're on the wrong side of the fence. Their business model is in tatters. They're not interested in clearing it up, they're interested in stopping pesky kids like b exposing their cosy signals post. At the very least ProtonMail is compromised and this should be yelled from every building.

Posted by: Patroklos | May 30 2021 21:39 utc | 82

This is GREAT work by b.

I actually never did trust 'ProtonMail'.

I have a paid-for FastMail account, plus a paid-for PolarisMail account for all my emails. If something goes wrong, I can actually call someone on the phone.

Posted by: blues | May 30 2021 21:42 utc | 83

@ kons | May 30 2021 16:36 utc | 59
The Pilot is "unfortunately" incinsistent

Pilot: 10:04:14 RYR1TZ request
ATC: Go ahead
Pilot: Just wanted to know if our company was informed about about this case about this event
ATC: RYR1TZ stand by

And he was asking for a frequency to join Ryanair

Pilot:09:34:49: Radar, RYR 1TZ.
Pilot: Could you give us frequency for (unreadable) company so that we would be able to (unreadable).
ATC: RYR 1TZ say again what frequency do you need.
Pilot: We just need to quawk with the operation of the company, if there any frequency for that (unreadable).
ATC. Do you need RYR operation frequency?
Pilot: That is correct 1TZ.

Is a Pilot not supposed to be in capacity to join the company at any time for emergency?
The crew will communicate to ATC the extent of the problem and receive priority routing to the alternate that is chosen. If time permits (it often does), the crew will contact the company to discuss diversion options.

Really interesting link found by Petri Krohn "From a pilot’s perspective,what is the process for diverting to an alternate airport due to an emergency situation?"

"We've already questioned several dozen people who were aboard the flight, including crew members," Rolandas Kiškis, head of the Criminal Police Bureau, told reporters on Monday. "The plane is currently being inspected at the airport, which may take until the evening,"
Those questioned include the captain of the aircraft who "made the decision [to change course to Minsk] after consulting Ryanair's management", according to Kiskis.

At what time did Ryanair receive the information? And how?
This is the next investigation to be conducted

Posted by: Rêver | May 30 2021 21:45 utc | 84

Looks like there's only 3 solutions to secure comms: homing pigeon, semaphore or two cans connected by a piece of string. But even my mum could intercept covert messages on the latter. And how do you know if pigeons are not all secretly on the NSA payroll? Best just to keep schtum and go waaaaay off grid.

Posted by: Patroklos | May 30 2021 22:02 utc | 85

Ryanair is a "budget" airline. Everything about their operation is rock bottom.

I like to joke about these types of airlines (there are a few more like Ryanair), that you have to pay an additional fee if you actually want to breathe during flight, as this luxury is not part of the basic ticket.

It is entirely consistent with the character of the company that neither Minsk and Vilnius ATC, nor its own pilot was able to contact Ryanair. You have to pay extra fees for that particular luxury.

Posted by: Lurk | May 30 2021 22:03 utc | 86

@Posted by: vk | May 30 2021 20:53 utc | 79

Kommersant... not the Russian media I would choose for reliance on any info coming from Russian officials, as they are liberals allying always with the Western system/ narrative...

For official, you better should go reading TASS, or Spuntik.

For considering that Hamas was not the real sender, as you state now, you explicitly remained repeating it as author of the email twice, you could well had talked about "the email", as the rest of us are doing, including the host.

That is why it called my attention....

My command of English may be not so good as yours, but I am sure you, and the rest for that matter, got to understand me, that is enough for me.
I am nt thinking in being elegant by any stretch of imagination when posting about a geopolitical event when in a rush minutes before going out, sorry, you seem to enjoy way more time to post than me, obviously.

Posted by: Asha K. | May 30 2021 22:20 utc | 87

This has came up today:

Belarus' top diplomat says Ryanair flight might have landed in Vilnius but opted for Minsk

"If the crew had opted to land in Vilnius, they could have easily cross the border and land in Vilnius. But they took a different decision and a fighter jet was scrambled after that to escort the plane," he [Belarusian Foreign Minister Vladimir Makey] said.

This corroborates with the logical interpretation that the pilots thought the bomb was GPS-activated, and simply wanted to live.

Makey also talked about the chronology of the e-mails:

"A couple of days ago, the aviation department chief reported about the chronology of the incident, including when the message was received, when air traffic controllers warned the crew," Makey said. "First, a bomb threat was received and then air traffic controllers warned the crew. As was already said, it took 14 minutes for the crew to take a decision. They were holding talks both with the Ryanair executives and with the Vilnius airport. Notably, our military say that no fighter jet was in the air at that moment."

This further corroborates everybody at Ryanair thought the bomb was GPS-activated. The Ryanair executives didn't want another bad PR for the company; the pilots wanted to live. Both knew Belarus is not that oppressive totalitarian state where everything that enters never leave, and that the law was being followed to the letter. The decision was obvious and, in 14 minutes, it was done. By the time the jets came to escort the plane, the plane already was heading to Minsk. And that's what happened: the plane landed safely and, after finding no bomb, allowed to go back to its original destination. The pilots are safe, the passengers are where they wanted to be (except the neonazi and his girlfriend), Ryanair got its plane and pilots back, business as usual.

Another bombastic affirmation followed:

According to the Belarusian top diplomat, the country’s authorities did not know that Roman Protasevich, one of the co-founders of the Nexta Telegram channel, which was recognized as extremist in Belarus, and his Russian girlfriend Sofia Sapega were among the passengers. "These two persons were detained after they had passed through customs and border control to board the plane after it had been checked. So, there are no links between these events. I think that we see deliberate attempts to link these things to the plane’s landing after a bomb threat," he stressed.

[...] "I learned about the plane’s landing and the detention of these persons from the news," the minister noted. "Many officials, those who are in a position to know about such things, knew about the bomb threats but the detention was reported in the evening. Initially, we had no information about it."

If true, then it is now 99.99% certain this was a Western false flag operation. A pawn sacrifice was made in order to, in the words of Lukashenko himself, "unsettle the situation up to the level of August 2020".

Belta apparently doesn't work on weekends. We'll see more updates there tomorrow, Monday.

Posted by: vk | May 30 2021 22:22 utc | 88

If an initial bomb threat was sent to Vilnius, it would be common practice to share this information with Air Traffic Control Centers the aircraft will be traversing. From that perspective the existence of such an initial threat is sufficient to explain why Minsk warned Ryanair about it up on initial contact.
Though political tensions were already high between Lithuania and Belarus, this would be almost an automatic call, and these neighboring countries are in contact with each other constantly, or traffic between them would not be possible.
As such it is (theoretically) possible that the original message was not sent to Minsk directly, but through Vilnius (or any other recipient). The second email is somewhat of an enigma. It is almost as if someone intended to frame Minsk the way it is executed now. Unless Belarus is lying about everything from start to finish. But if they were, they would never ask international aviation authorities to investigate.

All of this, tied to the fact that the media in Europe and the US refuse to talk about the Evo Morales-case, while this Hamas-mail that WAS published sounds fishy, opens the possibility that everything about this was a set-up, offering Belarus a lowly pawn on the Grand Chessboard to get things moving again, since the entire regime change effort ran out of steam.

A thorough investigation by a renowned independent civil aviation organization with the authority to make governments open up about all the relevant messages received, and sent, would be the only solution. Regrettably, international organizations are increasingly enlisted to do the bidding of certain interested parties. We may therefore never know the truth. That would be a serious loss for civil aviation, which relies heavily on transparency to improve safety.

Posted by: Jake | May 30 2021 22:40 utc | 89

@ 9 Petri Krohn

Looks like your fame is spreading :

Posted by: Merlin 2 | May 30 2021 22:42 utc | 90

On Lukashenko's "briefcase":

"Today is the informal part of the talks": what Putin and Lukashenko talked about on the second day of the meeting in Sochi

Answering a question from journalists about the possibility of publishing data on the Ryanair board provided to Lukashenka, Peskov said that there is “nothing special” in these documents.

“The Belarusian side has provided all the information. Apparently, if there are any additional questions, Minsk will be ready to provide other data, ”added Peskov.

The whole situation seems like a nothing burger from the Russian point of view. Looks like this whole circus was a cheap false flag operation by some lowly funded Western-backed asset.

Also, if Peskov's is accurate, expect the documentation to come probably through Belta from Monday on. The whole affair seems to be small potatoes to Russia, and it certainly thinks Belarus can take care of this by itself.

Posted by: vk | May 30 2021 23:20 utc | 91

"Wouldn't Vilinus airport/Lithuanian Govt be obligated to contact the airport that had flight control of a plane that might be in danger? Was Vilinus airport attempting to arrange diversion to non-Belarus airports? By NOT contacting Minsk, Vilinus Airport/Lithuania may have put the plane and it's passengers in danger." Jackrabbit @34

Yes, there would be an onus on the Lithuanian's and other recipients of the 12:25 email to contact Minsk but they would have done it by phone. We need to wait for the ICAO investigation.

Why send a bomb threat via email and not by phone given the short transit time over Belarus?

It is plausible/possible that Belarus sent both emails. They excluded themselves from the first email to put the ONUS on Vilnius or one of the other airports to raise the alarm by phoning Minsk. This way Belarus distanced themselves from the initial email.

If Belarus didn't receive the 12:25 email and was not contacted by one of the other airports this puts the onus back on Belarus to explain how they were alerted. In the case that they staged the event they would have known.

If Belarus were CC'd the 12:25 email they can prove that. If they received a phone call that might be harder to prove but I don't see why Lithuania or the other airports/countries would withhold that they contacted Belarus.

Either way, if Lithuania was alerted by the email they would have been obliged to contact Belarus. Imagine all of the recipients of the 12:25 email saying they didn't see the email and didn't contact Belarus ;) That is, giving the impression Belarus had no basis to act.

Belarus have to be clear where they got the information from IF the 12:25 email wasn't CC'd/BCC'd to them and if one of the recipients did not phone and forward the email.

Posted by: Deus Abscondis | May 30 2021 23:23 utc | 92

I don't know why ProtonMail even get to this, this is just awful political move.

Maybe their chairman/CEO got compromised or blackmailed?

Posted by: Smith | May 31 2021 0:46 utc | 93

Deus Abscondis@92 - Neither Vilinus nor Minsk Airport were, nor should have been in direct radio contact with the aircraft at the time. High-altitude transit routes are handled by a different layer of air traffic control with it's own dedicated controllers. Minsk Area Control Center (not Minsk Airport) handles all routes in Belarus Flight Information Region and would have been in communication with the RyanAir flight at the time. Minsk ACC is operated by BELAERONAVIGATSIA and uses the domain. Minsk Airport uses the domain. The ACC and airport are in constant communication with each other, but they are different organizations, FWIW.

Posted by: PavewayIV | May 31 2021 0:58 utc | 94

Ryanair happens to get themselves involved in quite a few incidents (175).
Ryanair and Belarus incident is not the first one involving terrorist threats.

Posted by: john mason | May 31 2021 0:59 utc | 95

this might have been posted already but for anyone who missed it, here is lukashenkos may 26th commentary on the plane incident..

Belarus ready to invite international experts to probe into Ryanair plane landing in Minsk

Posted by: james | May 31 2021 1:32 utc | 96

Belarus could simply publish the first email had they really received it. Had Protonmail communicated with their system, they could actually prove it. Protonmail would then be forced to comment.
That Belarus doesn't tells you everything you need to know.

Posted by: Horst | May 31 2021 6:47 utc | 97

And to be clear, the weasel statement from does NOT state THEY received an email vom Protonmail 12:25.

Posted by: Horst | May 31 2021 7:04 utc | 98

PavewayIV @94 "Neither Vilinus nor Minsk Airport were, nor should have been in direct radio contact with the aircraft at the time."

Yes, right, thanks, I could have been tighter in my language as per

So to clarify using the source above -

"On May 23, 2021, a written message with the following content was sent to the e-mail of the National Airport Minsk from the e-mail address"

"Taking into account the seriousness of the threat received, the information from the Minsk National Airport was forwarded to the relevant air traffic control bodies of the state enterprise "Belaeronavigatsia"."

"Minsk Regional Air Traffic Control Center (hereinafter - ATC) took place at 09.30 UTC (12.30 Belarusian time)"

From Dossier Centre:

"On May 23, at 12:25 pm Belarusian time, the administration of "Lithuanian Airports received a letter with the threat of a bomb explosion on board the flight FR4978 by e-mail"

The plane was over Ukraine for ~5 minutes after the email was sent. I wonder if Ukraine was one of the recipients?

One might expect a similar stratification of air traffic control in Lithuania but the exact address wasn't published but we are told by Belarus the "e-mail was shared to several airports." ( )

Michael Weiss states "Lithuania did receive the email, but not Vilnius Airport, the intended destination; rather, the recipient was State Enterprise Lithuanian Airports, the state-run company that handles three different Lithuanian airports (Vilnius, Kaunas, and Palanga)." ( )

Belarus do give the impression the 12:25 ProtonMail was sent to and that it wasn't forwarded by another source or that they initially received a phone call/s from one of the recipient countries authorities - which I find questionable given that there was a code red emergency (ATC: 09: 45: 09 RYR 1TZ they say code is red). It isn't clear who "they" are. It also isn't clear whose "special services" is being referred to - ATC doesn't say "our" special services. I would have though that Minsk Regional Air Traffic Control Center would have informed their equivalent in Vilnius OR visa-versa.

ProtonMail now disputes the email was sent to at all.

This leads to the speculation that one of the recipients forwarded the email to and Belarus omitted this (as they also appear to omit any phone contact with Lithuanian control or any of the recipients of the email).

b. speculated that Belarus KGB may have intercepted the email as an option.

I can't easily imagine the recipients of the 12:25 email not contacting Minsk Regional Air Traffic Control Center as soon as they digested the email by phone.

ProtonMail is clearly partisan, use obfuscatory language and the issue of whether received the 12:25 email is unknown until Belarus show receipt of the email.

ProtonMail has changed (at least once) the wording of its "Clarification regarding ProtonMail, Belarus, and Ryanair flight 4978"

Original: "The email in question was published by"

Amended: "The only email sent to Belarus was published by"

This is explicit that Belarus did not receive an email from at 12:25 according to ProtonMail.

In other words supports Weiss' account:

"he email was sent to Minsk’s National Airport’s general information account at 12:57 p.m. on May 23, 27 minutes after the plane first entered Belarusian airspace and 24 minutes after air traffic control in Minsk first informed the Ryanair pilot that an emailed bomb threat was “shared with several airports.” (ibid - as above).

This leaves open the question as to how Belarus was first informed.

If Belarus was not sent the 12:25 email from OR the email was not forwarded shortly after 12:25 AND Belarus were not informed by phone then where did they get the information from? This is what is generating the theory that the later email was sent (by Belarus KGB) as a post hoc justification because they didn't include themselves - National Airport Minsk - in the 12:25 email (and they haven't mentioned being alerted by phone).

It will be interesting to hear what the other recipients of the email did after receiving the email in regards to contacting Belarus.

It is curious the Dossier Centre appears to know more about the emails than anyone else. As a sole unverified source, they cannot be held to be authoritative, nor can ProtonMail so far IMO.

Posted by: Deus Abscondis | May 31 2021 7:38 utc | 99

From yesterday.

Ryanair plane "diverted" after bomb thread to BER airport.

Psssst don't tell anybody

Posted by: Kartoschka | May 31 2021 8:50 utc | 100

next page »

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment