Tomcat
Professional
- Messages
- 2,695
- Reaction score
- 1,072
- Points
- 113
Europol, the UK's National Crime Agency (NCA), and law enforcement agencies in France, Sweden, Norway and the Netherlands have officially announced the elimination of Encrochat, an encrypted communications platform used by more than 60,000 criminals around the world.
How it worked
As you can see on the archived copy of the company's website, Encrochat phones guaranteed their users absolute anonymity, since they did not have a device or SIM card tied to the client's account and were purchased under conditions that guarantee the impossibility of tracing their origin. Complete confidentiality was also guaranteed: the encrypted interface was reliably hidden, and the device itself was modified - the camera, microphone, GPS module and USB port were physically missing.
Encrochat phone
The devices came with two operating systems at once: if the user wanted the device to look harmless, he loaded regular Android. If it was necessary to use secret chats, the user switched to the Encrochat system.
According to Vice Motherboard, the Encrochat phones were built around modified BQ Aquaris X2 Android smartphones released in 2018 by a Spanish electronics company.
Operators of the Encrochat platform installed their own encrypted messaging and VoIP calling programs on their phones, which routed traffic through the company's own servers. Also, the phones had the function of quick and complete zeroing of the device if the user entered a special PIN-code.
The company sold phones by subscription: a six-month contract cost about £ 1,500. Although the site says that Encrochat has resellers in Amsterdam, Rotterdam, Madrid and Dubai, in reality the company was very secretive.
Edition Vice Motherboard, devote a great article of the law enforcement operation, writes that someone controls the e-mail address of the company Encrochat, told reporters that Encrochat - working within the framework of the law company with customers in 140 countries.
At the same time, according to law enforcement officers, 90% of Encrochat clients are criminals. Encrochat had around 60,000 users worldwide, and approximately 10,000 of them lived in the UK.
Journalists say that buying the Encrochat device was not easy at all. The publication's own source (a former Encrochat user who is currently serving a prison sentence) said that he had purchased his phone in a regular store, from its owner. However, it all took place in an alley behind the building and "looked like a drug deal."
Implementation in Encrochat
Law enforcers say that the joint operation, dubbed Venetic, became one of the largest in history and has already led to the arrest of 746 people, the seizure of £ 54 million in cash ($ 67.4 million), 77 firearms (machine guns, pistols , four grenades and more than 1,800 cartridges), 55 expensive cars and more than two tons of drugs.For example, French law enforcement officers refused to disclose the details of their investigations and their results, but the Dutch authorities said that they had liquidated 19 laboratories for the production of synthetic drugs, arrested more than 100 suspects, seized more than 8000 kilograms of cocaine , 1200 kilograms of methamphetamine, dozens of pistols, luxury cars (including machines with hidden compartments) and watches, as well as almost € 20,000,000 ($ 22.5 million) in cash.
Withdrawn cash
The investigation that led to the above results began back in 2017 in France, codenamed Emma 95. Then it spread to the Netherlands, where it bore the name Lamont, and eventually law enforcement officers joined forces, and the UK, Sweden and Norway were involved in the case.
Investigators say they found a way to hack Encrochat without breaking the platform's encryption itself. Instead, a few months ago, French law enforcement officers infiltrated the Encrochat network and injected malware on the company's devices that allowed the criminals' messages to be read before they were sent. As a result, European police officers examined "over a hundred million encrypted messages" and witnessed how drug traffickers negotiated wholesale deals, criminals discussed murders and money laundering.
Panic in the criminal world
Back in May of this year, some Encrochat users noticed a problem: the zeroing function on their phones did not work. An anonymous Encrochat employee told Vice Motherboard that the company then believed that the user had probably simply forgotten their PIN, or that the reset function was incorrectly configured.But already the next month, Encrochat was able to track down one of these "buggy" X2 devices. As it turned out, the problem was not with the user or with the settings: malware was found on the phone, and the device was jailbroken. Moreover, the malicious program was specially created for the X2 model. It not only interfered with the correct operation of the device cleaning function, but was designed in such a way as to hide itself from detection, write down the screen lock password and clone application data.
Realizing that this was an attack, over the next days, Encrochat released an update to its devices in order to restore their functionality and collect information about malware that had infiltrated the company's phones around the world. Encrochat developers began to notify users and monitor what was happening remotely, without being able to get physical access to devices.
However, almost immediately after the release of this patch, the attackers struck again: the malware returned, and now it could also change the password to lock the screen, and not just write it down.
Encrochat operators began to panic. They sent out a message to their users informing them of the ongoing attack. The company also notified its SIM card provider, the Dutch telecommunications company KPN, about the situation, and the latter blocked connections to the attackers' servers for malware. But, apparently, by that time, KPN had already cooperated with the authorities (KPN representatives are still refusing to comment), so the company soon removed the firewall, which again allowed the attackers' servers to communicate with Encrochat phones.
Then Encrochat decided to completely scale back all operations. “We made the decision to immediately turn off all SIM cards and the network,” says a company employee. The fact is that by that time the company already understood that they were opposed not by another competing company, but by the government.
Message from the Encrochat operators
After this message from Encrochat, many users panicked. According to the screenshots that Vice Motherboard obtained, some users even tried to determine if their particular phone model was affected by the attack.
But it was already too late. By this time, European law enforcement agencies had long ago extracted a lot of data from Encrochat devices around the world, and multimillion-dollar drug empires and crime syndicates appeared before them in the form of text messages and photos. The police had literally everything: photographs of huge piles of drugs lying on the scales; kilogram briquettes of cocaine; bags full of ecstasy. Messages about planned deals and deliveries. Photographs of family members of the alleged perpetrators and discussions about their personal affairs.
After that, law enforcement officers began to act: confiscation of goods, raids on drug dealers, and mass arrests followed. And the common denominator was Encrochat.
Journalists note that, according to a source close to Encrochat users, the criminal world is in disarray, as it has lost one of the main methods of communication. Many Encrochat customers are now trying to cross borders and avoid being detained. The source also noted that it has become much more difficult to buy drugs in bulk.
Not the first time
The elimination of EncroChat and the arrest of users is far from unprecedented. For example, in 2018, the executive director of Phantom Secure, a company that produced "unbreakable" phones for criminals, was arrested.Phantom Secure hosted its servers in Panama and Hong Kong and used virtual proxies to hide their physical location. The platform also helped to remotely destroy data on devices already seized by law enforcement agencies.
A subscription to the Phantom Secure service cost about 2-3 thousand dollars in six months. To protect the anonymity of customers and the activities of Phantom Secure itself, transactions were made in digital currencies, including bitcoins. For this money, a person received a device where both software and hardware were modified in such a way as to ensure anonymity and encryption of all communications. GPS navigation, microphone, camera, internet access and messenger, and even voice transmission technology, everything was done with the special needs of customers in mind.
Phantom phones have enjoyed great popularity in the underworld, including at the very top of transnational criminal gangs. In particular, members of the famous Sinaloa drug cartel in Mexico were clients of Phantom Secure.
Another similar company, MPC, was created and operated by an organized crime group from Scotland associated with drug trafficking.
Vice Motherboard reporters point out that the competition in this area is fierce. For example, companies regularly spread rumors about the insecurity of each other's devices and upload videos to YouTube that discredit competitors. Or, for example, Encrochat previously blocked domains of other companies altogether.
Other companies offering secure communications services are already trying to fill the gap created by the disappearance of Encrochat. For example, Omerta has already targeted its former customers with Encrochat.
Representatives of Omerta told reporters that they have indeed seen an increase in traffic lately.
