easyDNS is pleased to sponsor Jesse Hirsh‘s “Future Fibre / Future Tools” segments of his new email list, Metaviews
Cops and robbers plus hackers
I’m kind of in holiday mode, but wanted to share and comment on this news story that dropped today.
BREAKING A top-secret communications system – Encrochat- relied on by organised criminals to trade drugs and firearms has been “successfully penetrated” resulting in over 700 arrests & the dismantling of “dozens” of crime networks, the National Crime Agency says.
— Danny Shaw (@DannyShawBBC) July 2, 2020
This is an interesting episode, not just because of the technology, but also the narrative or spin that accompanies it.
A command and control system for organised crime in the UK has been smashed in largest ever crackdown on the country’s criminal underworld.
£54m, tonnes of cocaine and class B drugs, 77 guns including assault rifles, and hand grenades have been seized and 746 so far arrested
— simon israel (@simonisrael) July 2, 2020
The story itself has clearly been wound up in anticipation of release, and as it dropped today like a bomb, it reflects a narrative arc that is neither spontaneous nor novel.
Huge success in dismantling the secure communications of the highest risk #OrganisedCrime groups.
Decent society owes a debt of gratitude and should sleep easier tonight ???????? pic.twitter.com/YSEodRcinG
— Roy McComb (@RoyMcComb) July 2, 2020
It does feel like an episode of the Wire, only rather than Baltimore, this is Europe and beyond. However I’m not sure the hype is backed up.
The core of this story is that a technical service was infiltrated. Not broken, or cracked, but compromised. In so doing the entire network of users was exposed, many of whom have been caught up in a wave of arrests.
What is #EncroChat?
The bespoke encrypted communication platform offered a secure mobile phone messaging service to organised crime groups, but an international law enforcement team cracked the company’s encryption.https://t.co/ZPfHhhgmVo pic.twitter.com/VFO1IS542y
— National Crime Agency (NCA) (@NCA_UK) July 2, 2020
EncroChat was a combination of hardware and secure services. For premium fee, users could buy a handset, that came with two operating systems, one for normal use, and one for secure use. The secure system had it’s own sim card and could only connect with other users of the network.
French police first discovered the existence of this network a few years ago, and were credited with infiltrating and compromising it, enabling the arrests that were reported today.
NEW: documents obtained by @josephfcox detail one of the largest police hacking operations of all time. Police breached Encrochat, an encrypted phone network used by organized crime. They read messages discussing murder, extortion, massive drug dealshttps://t.co/sNAYZrTOwU pic.twitter.com/oPa0jOj3tO
— Jason Koebler (@jason_koebler) July 2, 2020
Only now is the astonishing scale of the operation coming into focus: It represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever, with Encrochat users spreading beyond Europe to the Middle East and elsewhere. French, Dutch, and other European agencies monitored and investigated “more than a hundred million encrypted messages” sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands, a team of international law enforcement agencies announced Thursday.
As dealers planned trades, money launderers washed their proceeds, and even criminals discussed their next murder, officers read their messages and started taking suspects off the street.
The messages “have given insight in an unprecedented large number of serious crimes, including large, international drug shipments and drug labs, murders, thrashing robberies, extortions, robberies, grave assaults and hostage takings. International drug and money laundering corridors have become crystal clear,” Dutch law enforcement said.
The story starts with Mark (for legal reasons we're not using his real name). He's an alleged UK-based drug dealer who uses Encrochat, an encrypted phone network. Takes security seriously, uses codenames and these devices https://t.co/VsCDvmEj3P pic.twitter.com/dVC8url6DM
— Joseph Cox (@josephfcox) July 2, 2020
Unbeknownst to Mark, or the tens of thousands of other alleged Encrochat users, their messages weren’t really secure. French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users’ communications for months. Investigators then shared those messages with agencies around Europe.
Don't just take the police's word for it. We've been speaking to Encrochat users, those in the crime world about the impact of this apparent mass hacking operation against a phone network used by organized crime
— Joseph Cox (@josephfcox) July 2, 2020
I think this is way more significant than the Silk Road bust, the Alphabay bust, other dark web market operations. Encrochat/encrypted phones is what *real* career/organized criminals use. This was the real thing, not people sending coke via post office https://t.co/VsCDvmEj3P
— Joseph Cox (@josephfcox) July 2, 2020
More on how the device and service operated:
Encrochat’s phones are essentially modified Android devices, with some models using the “BQ Aquaris X2,” an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Encrochat took the base unit, installed its own encrypted messaging programs which route messages through the firm’s own servers, and even physically removed the GPS, camera, and microphone functionality from the phone. Encrochat’s phones also had a feature that would quickly wipe the device if the user entered a PIN, and ran two operating systems side-by-side. If a user wanted the device to appear innocuous, they booted into normal Android. If they wanted to return to their sensitive chats, they switched over to the Encrochat system. The company sold the phones on a subscription based model, costing thousands of dollars a year per device.
Encrochat is not the only company offering these sorts of phones. So-called “secure phone” companies often don’t have public-facing executives. Instead, they hide their ownership, and some have been caught conspiring with criminals. One company, MPC, was run directly by organized criminals, as Motherboard reported last year. Vincent Ramos, the founder of another secure phone company called Phantom Secure, which started as a legitimate firm, is currently in prison in part for telling undercover agents that he created the device to help with drug trafficking. These companies regularly hire distributors based in different countries or cities, who then help sell the companies’ phones directly to customers. Encrochat allegedly had ex-military personnel selling phones to criminals in at least one case.
The industry is highly competitive, with companies constantly spreading rumours about the security of each others’ devices and uploading YouTube videos to discredit their rivals. Encrochat previously blocked web domains used by other firms’ devices, essentially segmenting their customer base from everyone else. That means dealers often need the same sort of phone as everyone else they’re working with, unless they want to be locked out of important conversations.
Wondering how many [months? years?] it will take policing and law enforcement (nationally and globally) to work their way through the amounts of data likely to have been harvested through #encrochat. A case without precedent?
— Gavin Hales (@gmhales) July 2, 2020
That’s a good question. The headlines I included above were for the UK only. Other countries are also citing hundreds of arrests.
However these are just headlines and numbers. Details of these arrests and investigations remains vague.
We can of course assume that criminal networks are adapting.
Already, other encrypted phone companies are trying to fill the void left by Encrochat. A company called Omerta has been advertising directly to Encrochat’s old customers. “ENCROCHAT HACKED, USERS EXPOSED & ARRESTS GALORE – THE KING IS DEAD,” a blog post on its site reads. Omerta told Motherboard in an email it has seen a rise in traffic recently.
“Did you narrowly escape the recent Mass Extinction Event? Celebrate with 10 percent off. Join the Omerta family and communicate with impunity.”
There’s also the significance of the timing of this event. Governments around the world are vulnerable due to the pandemic and the political economic crisis it has induced. Organized criminal networks pose an increased risk in such moments, and this particular police action seems a bit rushed.
On the one hand there’s the genuine concern that users of EncroChat could just switch to a different provider. However on the other hand, rather than allow investigations to run there course, there may have been a clear need to round up and disrupt these particular networks.
In making these busts, all these law enforcement agencies are giving up a valuable source of intelligence that came from compromising EncroChat. There’s also other criminal networks that were not using EncroChat that may be empowered by their competitors being disrupted.
Nonetheless the data and evidence gathered in this action will be substantive, and influence policing for years if not decades to come.
This major operation allowed #Europol to create a unique and global insight on the scale and functioning of organised crime. A milestone which will help law enforcement to fight criminals more successfully in the future.
???? All the details here: https://t.co/gZchC89FqC
— Europol (@Europol) July 2, 2020
We’ll have to see whether we learn the truth about this story, or are left to surf the headlines.
The reasons and logic behind this action are worth knowing.
It’s symbolic value alone is considerable.
In a moment where the state is vulnerable, its ability to exercise its powers and enforce the law is crucial.
Is today’s episode more pandemic theatre, or an expression of a renewed and reinvigourated state.