Euro police forces infiltrated encrypted phone biz – and now 'criminal' EncroChat users are being rounded up

Continental capers lead to 750 UK arrests

French and Dutch police have boasted of infiltrating and killing off encrypted chat service EncroChat, alleging it was used by organised crime gangs to plot murders, sell drugs, launder criminal profits and more.

The encrypted chat platform is alleged by British, French and Dutch law enforcement agencies to have been used by around 60,000 people in total – many of whom, it is alleged, were members of organised crime gangs using the network to plan their crimes.

"Since 2017, the French gendarmerie and judicial authorities have been investigating phones that used the secured communication tool EncroChat, after discovering that the phones were regularly found in operations against organised crime groups and that the company was operating from servers in France," said EU law enforcement coordination body Eurojust in a statement.

This is what £1.4m looks like... as hauled in by the East Midlands Special Operations Unit. Pic credit: National Crime Agency

This is what £1.4m looks like... as hauled in by the East Midlands Special Operations Unit. Pic credit: National Crime Agency

In May, police in France, assisted by the Netherlands' cops, infiltrated EncroChat's core network – and in mid-June the operator pulled the plug, having realised the game was up. Users were urged to throw away their handsets.

EncroChat was a reseller of encrypted phones as well as a mobile network operator – potentially an MVNO, if Motherboard's description of its operations is accurate. Its handsets, said to be BQ Aquaris X2 Android units running two OSes side by side – one innocent, one with privacy features enabled – had a custom messaging app which routed messages through a central server.

The phones also had a panic button feature, where entering a certain PIN to the unlock screen would wipe the device. Handsets were said to cost around £1,500 for a six-month contract.

The takedown of the network has been a poorly disguised secret, with Northern Irish suspects reportedly being arrested last week after data from EncroChat's servers was shared around European police forces. Various media reported a fortnight ago that EncroChat's operators pulled the plug after realising the entire product had been compromised by police agencies.

"The data was in first instance shared with the Netherlands. Eurojust facilitated the creation of a joint investigation team (JIT) between the two countries and with the participation of Europol, the European Union Agency for Law Enforcement Cooperation, in April 2020," said Eurojust, which tantalisingly mentioned that Dutch police had access to an "encrypted data stream".

This latter phrase could be read as suggesting that EncroChat's encryption had been broken, though official sources have, perhaps understandably, been very coy about what exactly was done to compromise EncroChat's systems. More should emerge during criminal trials in the coming weeks and months.

After French and Dutch police broke into EncroChat, British police were permitted to use their findings, meaning UK police forces were then able to kick down doors and make arrests. The National Crime Agency (NCA) claims a total of 746 arrests and the seizure of two tonnes of drugs, 77 assorted firearms and £54m in cash – so far – as a result of the EncroChat intelligence.

"The NCA created the technology and specialist data exploitation capabilities required to process the EncroChat data, and help identify and locate offenders by analysing millions of messages and hundreds of thousands of images," said the UK agency in a statement about its Operation Venetic.

There is no evidence in the public domain so far to support British police claims that all 10,000 of EncroChat's UK users were criminals. Such devices are of interest to legitimate users (journalists, lawyers, academics, domestic and foreign political campaigners – to name just a few) as well as criminals, though the UK state is notably hostile to the idea of encrypted comms that its agents can't read whenever they feel like it. ®

Keep Reading

Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021