Police First Hack Then Demolish Organised Crime Gangs

Police have now arrested more than 800 people across Europe after shutting down an encrypted phone system, EncroChat, used by organised crime groups to plot murders and drug deals. More than two tonnes of drugs and £54m Sub-machine guns, an assault rifle, high value cars and luxury watches were impounded, says the NCA. 

The operation, launched at the height of the coronavirus lockdown, was the "deepest ever" UK operation into serious organised crime.

The top-secret phone system, had been used by criminals to trade drugs and guns has been successfully penetrated and shut down, says the British National Crime Agency (NCA).  The NCA worked with forces across Europe on the UK's "biggest and most significant" law enforcement operation, named Operation Venetic. British police have arrested 746 people as a result of the operation in what it called a "massive breakthrough" against organised crime, while the Netherlands held more than 100 people and there were arrests in Norway, Spain, and Sweden.

EncroChat sent a message to its estimated 60,000 users in June warning them to throw away their 1,000-euro devices as its servers had been "seized illegally by government entities". It has now been shut down.

Police monitored a hundred million encrypted messages sent through Encrochat, a network used by career criminals to discuss drug deals, murders, and extortion plots. Starting earlier this year, police kept arresting associates of Mark, a UK-based alleged drug dealer. Mark took the security of his operation seriously, with the gang using code names to discuss business on custom, encrypted phones made by a company called Encrochat. For legal reasons, Motherboard is referring to Mark using a pseudonym.

Because the messages were encrypted on the devices themselves, police couldn't tap the group's phones or intercept messages as authorities normally would. 

On Encrochat, criminals spoke openly and negotiated their deals in granular detail, with price lists, names of customers, and explicit references to the large quantities of drugs they sold, according to documents obtained by Vice Media's Motherboard from sources in and around the criminal world. At the same time frame, police across the UK and Europe busted a wide range of criminals. In mid-June, authorities picked up an alleged member of a drug gang. A few days later, law enforcement seized millions of dollar’s-worth of illegal drugs, in Amsterdam. It was as if the police were detaining people from completely unrelated gangs simultaneously.

In fact, for tens of thousands of criminal Encrochat users, their messages weren't really secure.

French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months. Investigators then shared those messages with agencies around Europe.

This represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever. 

European agencies monitored and investigated "more than a hundred million encrypted messages" sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands. As dealers planned trades, money launderers washed their proceeds, and even criminals discussed their next murder, officers read their messages and started taking suspects off the street.

The messages show how gangs allegedly directed members to gather money from customers, how to launder it safely, and where to hide drugs. In meticulous and time-stamped sections, the Encrochat messages lay out alleged crime after crime.
Encrochat positions itself as a legitimate firm with customers in 140 countries, but sources in the criminal underground say that many of Encrochat's customers are criminals. 

French authorities said they estimated that more than 90 percent of the company's French customers were "engaged in criminal activity."

Buying an Encrochat device is not straightforward and available only through criminal sources. Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Encrochat took the base unit, installed its own encrypted messaging programs which route messages through the firm's own servers, and even physically removed the GPS, camera, and microphone functionality from the phone. The company sold the phones on a subscription based model, costing thousands of dollars a year per device.

Encrochat is not the only company offering these sorts of phones. So-called ‘secure phone’ companies often don't have public-facing executives. Instead, they hide their ownership, and some have been caught conspiring with criminals. 

Law enforcement agencies had acted against encrypted phone companies before. In 2018, the FBI arrested the owner of Phantom Secure. The FBI tried to convince the owner to install a backdoor that they could use into the communications system. But he declined, before shutting the network down itself.

Law enforcement agencies are understood to have extracted an extraordinary batch of data from Encrochat devices. In a press release, French law enforcement agency  which spear-headed the investigation told France24 that "The investigation made it possible to gather elements on the technical functioning of Encrochat, and led to the establishment of a technical device, thanks to which unencrypted communications from users could be obtained."

Dozens of organised crime groups have been dismantled, says the NCA, with the bulk of arrests in London and north-west England. 

National Crime Agency:     France24:      BBC:       Vice:       Birmingham Live

You Might Also Read:  

French Cyber-Police, Avast & FBI Neutralise Global Botnet:
 

« Artificial Intelligence – A Brief History
Hong Kongers Erase Their Digital Footprints »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Snow Software

Snow Software

Snow Software is changing the way organizations think about their technology investments, empowering IT and business leaders to drive transformation with precision and agility.

Apricorn

Apricorn

Apricorn provides hardware-based 256-bit encrypted external storage products to companies and organizations that require high-level protection for their data at rest.

Hexatrust

Hexatrust

The HEXATRUST club was founded by a group of French SMEs that are complementary players with expertise in information security systems, cybersecurity, cloud confidence and digital trust.

Jumio

Jumio

Jumio’s end-to-end identity verification and authentication solutions fight fraud, maintain compliance and onboard good customers faster.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

Infosec Global

Infosec Global

Infosec Global provides technology innovation, thought leadership and expertise in cryptographic life-cycle management.

eXate

eXate

eXate provides pioneering technology that empowers organisations to protect, control and manage their sensitive data centrally, providing a complete data privacy solution.

Vulcan Cyber

Vulcan Cyber

At Vulcan, we’re modernizing the way enterprises reduce their cyber risk. From detection to resolution, we automate and orchestrate the vulnerability remediation process dynamically and at scale.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

iVision

iVision

iVision is a technology integration and management firm that engineers success for clients through objective recommendations, process and technology expertise and best-of-breed guidance.

OutKept

OutKept

OutKept offers the highest quality phishing simulation campaigns, supported by a community of ethical phishers, to build awareness, and maintain alertness.

Telenor Cyberdefence

Telenor Cyberdefence

Telenor Cyberdefence is a newly established (2024) cloud-born Managed Security Service Provider focused on the Nordic markets.

EVVO LABS

EVVO LABS

EVVO Labs empower your business with the latest IT capabilities to get you ahead of your competitors. We are experts at converging technologies to build your digital transformation.

Kaavalan

Kaavalan

Kaavalan was founded with a mission and a vision to protect you against cyber threats in the connected world.

Red Alpha Cybersecurity

Red Alpha Cybersecurity

At Red Alpha, we specialize in recruiting and rigorously training individuals passionate about cybersecurity.