Police First Hack Then Demolish Organised Crime Gangs

Police have now arrested more than 800 people across Europe after shutting down an encrypted phone system, EncroChat, used by organised crime groups to plot murders and drug deals. More than two tonnes of drugs and £54m Sub-machine guns, an assault rifle, high value cars and luxury watches were impounded, says the NCA. 

The operation, launched at the height of the coronavirus lockdown, was the "deepest ever" UK operation into serious organised crime.

The top-secret phone system, had been used by criminals to trade drugs and guns has been successfully penetrated and shut down, says the British National Crime Agency (NCA).  The NCA worked with forces across Europe on the UK's "biggest and most significant" law enforcement operation, named Operation Venetic. British police have arrested 746 people as a result of the operation in what it called a "massive breakthrough" against organised crime, while the Netherlands held more than 100 people and there were arrests in Norway, Spain, and Sweden.

EncroChat sent a message to its estimated 60,000 users in June warning them to throw away their 1,000-euro devices as its servers had been "seized illegally by government entities". It has now been shut down.

Police monitored a hundred million encrypted messages sent through Encrochat, a network used by career criminals to discuss drug deals, murders, and extortion plots. Starting earlier this year, police kept arresting associates of Mark, a UK-based alleged drug dealer. Mark took the security of his operation seriously, with the gang using code names to discuss business on custom, encrypted phones made by a company called Encrochat. For legal reasons, Motherboard is referring to Mark using a pseudonym.

Because the messages were encrypted on the devices themselves, police couldn't tap the group's phones or intercept messages as authorities normally would. 

On Encrochat, criminals spoke openly and negotiated their deals in granular detail, with price lists, names of customers, and explicit references to the large quantities of drugs they sold, according to documents obtained by Vice Media's Motherboard from sources in and around the criminal world. At the same time frame, police across the UK and Europe busted a wide range of criminals. In mid-June, authorities picked up an alleged member of a drug gang. A few days later, law enforcement seized millions of dollar’s-worth of illegal drugs, in Amsterdam. It was as if the police were detaining people from completely unrelated gangs simultaneously.

In fact, for tens of thousands of criminal Encrochat users, their messages weren't really secure.

French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months. Investigators then shared those messages with agencies around Europe.

This represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever. 

European agencies monitored and investigated "more than a hundred million encrypted messages" sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands. As dealers planned trades, money launderers washed their proceeds, and even criminals discussed their next murder, officers read their messages and started taking suspects off the street.

The messages show how gangs allegedly directed members to gather money from customers, how to launder it safely, and where to hide drugs. In meticulous and time-stamped sections, the Encrochat messages lay out alleged crime after crime.
Encrochat positions itself as a legitimate firm with customers in 140 countries, but sources in the criminal underground say that many of Encrochat's customers are criminals. 

French authorities said they estimated that more than 90 percent of the company's French customers were "engaged in criminal activity."

Buying an Encrochat device is not straightforward and available only through criminal sources. Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Encrochat took the base unit, installed its own encrypted messaging programs which route messages through the firm's own servers, and even physically removed the GPS, camera, and microphone functionality from the phone. The company sold the phones on a subscription based model, costing thousands of dollars a year per device.

Encrochat is not the only company offering these sorts of phones. So-called ‘secure phone’ companies often don't have public-facing executives. Instead, they hide their ownership, and some have been caught conspiring with criminals. 

Law enforcement agencies had acted against encrypted phone companies before. In 2018, the FBI arrested the owner of Phantom Secure. The FBI tried to convince the owner to install a backdoor that they could use into the communications system. But he declined, before shutting the network down itself.

Law enforcement agencies are understood to have extracted an extraordinary batch of data from Encrochat devices. In a press release, French law enforcement agency  which spear-headed the investigation told France24 that "The investigation made it possible to gather elements on the technical functioning of Encrochat, and led to the establishment of a technical device, thanks to which unencrypted communications from users could be obtained."

Dozens of organised crime groups have been dismantled, says the NCA, with the bulk of arrests in London and north-west England. 

National Crime Agency:     France24:      BBC:       Vice:       Birmingham Live

You Might Also Read:  

French Cyber-Police, Avast & FBI Neutralise Global Botnet:
 

« Artificial Intelligence – A Brief History
Hong Kongers Erase Their Digital Footprints »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

Zadara Storage

Zadara Storage

Zadara provide complete data backup and protection delivered as a fully-managed service.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

Cybellum

Cybellum

Cybellum brings the entire product security workflow into one dedicated platform, allowing device manufacturers to keep the connected products they build cyber-secure and cyber-compliant.

Pyxsoft PowerWAF

Pyxsoft PowerWAF

Pyxsoft PowerWAF responds to the problem of business cybersecurity. We protect our clients' websites and data against attacks and exploitation of all kinds of vulnerabilities.

Vantea SMART

Vantea SMART

Vantea SMART have decades of experience in cybersecurity resulting in an approach of proactive prevention - Security by Design and by Default.

Grant Thornton

Grant Thornton

Grant Thornton is one of the world’s leading networks of independent assurance, tax and advisory firms.

SRG Security Resource Group

SRG Security Resource Group

SRG Security Resource Group is a Canadian company dedicated to providing world-class Physical and Cyber Security services.

ClosingLock

ClosingLock

ClosingLock is the leading provider of wire fraud prevention software for the real estate industry.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

QFunction

QFunction

QFunction works within your existing security stack to detect anomalies and threats within your data.

Triskele Labs

Triskele Labs

Triskele Labs deliver services including Penetration Testing, Compliance and Risk Management through to 24*7*365 Security Operations and outsourced Cybersecurity Managers.

Cysmo Cyber Risk

Cysmo Cyber Risk

Cysmo is an innovative cyber risk assessment platform specifically designed for the needs of the German insurance industry.

Offenso Hackers Academy

Offenso Hackers Academy

At Offenso we focus on cyber security training focused on producing cyber security professionals with a wide range of abilities to counter threats from the internet and cloud to a business.

Health Sector Cybersecurity Coordination Center (HC3)

Health Sector Cybersecurity Coordination Center (HC3)

HC3 was created by the US Department of Health and Human Services to aid in the protection of vital, controlled, healthcare-related information.

StrongDM

StrongDM

StrongDM is the leader in Zero Trust Privileged Access Management (PAM).