How Police Secretly Took Over a Global Phone Network for Organised Crime

Winnie the Pooh

New Member
VICE

Encrochat
Image: Cathryn Virginia

How Police Secretly Took Over a Global Phone Network for Organised Crime
Police monitored a hundred million encrypted messages sent through Encrochat, a network used by career criminals to discuss drug deals, murders and extortion plots.

by Joseph Cox
02 July 2020, 10:45am

This article originally appeared on VICE US.

Something wasn't right. Starting earlier this year, police kept arresting associates of Mark, a UK-based alleged drug dealer. Mark took the security of his operation seriously, with the gang using code names to discuss business on custom, encrypted phones made by a company called Encrochat. For legal reasons, Motherboard is referring to Mark using a pseudonym.

Because the messages were encrypted on the devices themselves, police couldn't tap the group's phones or intercept messages as authorities normally would. On Encrochat, criminals spoke openly and negotiated their deals in granular detail, with price lists, names of customers, and explicit references to the large quantities of drugs they sold, according to documents obtained by Motherboard from sources in and around the criminal world.

Maybe it was a coincidence, but in the same time frame, police across the UK and Europe busted a wide range of criminals. In mid-June, authorities picked up an alleged member of another drug gang. A few days later, law enforcement seized millions of dollars worth of illegal drugs in Amsterdam. It was as if the police were detaining people from completely unrelated gangs simultaneously.

"[The police] all over it aren't they," the dealer wrote in one of the messages obtained by Motherboard. "My heads still baffled how they got on all my guys."

Unbeknownst to Mark, or the tens of thousands of other alleged Encrochat users, their messages weren't really secure. French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months. Investigators then shared those messages with agencies around Europe.

Only now is the astonishing scale of the operation coming into focus: It represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever, with Encrochat users spreading beyond Europe to the Middle East and elsewhere. French, Dutch, and other European agencies monitored and investigated "more than a hundred million encrypted messages" sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands, a team of international law enforcement agencies announced Thursday.

As dealers planned trades, money launderers washed their proceeds, and even criminals discussed their next murder, officers read their messages and started taking suspects off the street.

The messages "have given insight in an unprecedented large number of serious crimes, including large, international drug shipments and drug labs, murders, thrashing robberies, extortions, robberies, grave assaults and hostage takings. International drug and money laundering corridors have become crystal clear," Dutch law enforcement said.

The documents obtained by Motherboard detail some of the information intercepted by authorities, and lay out not only the actions of one alleged drug dealer, but show just how deeply law enforcement seems to have breached alleged criminal organizations. Codenames are identified as money launderers, ketamine, amphetamine, cannabis, and heroin suppliers, couriers, and customers.

The messages show how gangs allegedly directed members to gather money from customers, how to launder it safely, and where to hide drugs. In meticulous and timestamped sections, the Encrochat messages lay out alleged crime after crime.

"People are fucked," one of the sources who provided the documents to Motherboard said. "People talk about murder, buying kilos, buying guns [...] millions of pills" on the phones, referring to large-scale drug dealing and other crimes.

"They're just lifting people," another source close to criminal users of Encrochat told Motherboard as the arrests started happening. Motherboard granted multiple sources in this story anonymity to protect them from retaliation from law enforcement or violent criminals.

Do you know anything else about Encrochat? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

In the Netherlands alone, "the investigation has so far led to the arrest of more than 100 suspects, the seizure of drugs (more than 8,000 kilo cocaine and 1,200 kilo crystal meth), the dismantling of 19 synthetic drugs labs, the seizure of dozens of (automatic) fire weapons, expensive watches and 25 cars, including vehicles with hidden compartments, and almost EUR 20 million in cash," authorities said in a press release.

"What seems to be possible only in police thrillers and movies has happened before our own eyes," Andy Kraag, head of National Criminal Investigations Department in the Netherlands said in a press conference. "We’ve captured messages that give us a view of daily life in the criminal world."

On one of its related websites, Encrochat says it’s an "end-to-end security solution" that can "guarantee anonymity," and that messaging using Encrochat is "the electronic equivalent of a regular conversation between two people in an empty room" for "worry free communications." It says that "our servers, located offshore in our datacenter, never create, store, or decrypt keys, message conversations or user data." There are many types of people who may want secure communications, including security professionals or lawyers. The site states that Encrochat has resellers in Amsterdam, Rotterdam, Madrid, and Dubai, but the firm is highly secretive, and does not operate like a normal technology company.

In a statement sent to Motherboard by someone in control of a company email address, Encrochat positions itself as a legitimate company with customers in 140 countries, but sources in the criminal underground say that many of Encrochat's customers are criminals. French authorities said they estimated that more than 90 percent of the company's French customers were "engaged in criminal activity."

"We are [a] commercial company offering services to secure communication over mobile devices," the statement reads. "We set out to find the best technology on the market to provide a reliable and secure service for any organization or individual that want to secure their information."

The leaked documents obtained by Motherboard, which include evidence presented in prosecutions of Encrochat users over the last few weeks, show in stark detail the sort of information that phone hacking technology was able to grab from the devices of high-level drug traffickers, including their messages and photos. The documents also give insight into the sorts of people that Encrochat counted as customers.

"I've never seen anything like this," the source close to criminal users of Encrochat told Motherboard, describing the law enforcement action.

***

Buying an Encrochat device is not always as simple as walking into a store. One current prison inmate who said they previously used Encrochat devices explained how they bought a phone from a specific contact recommended to them.

"He does have a legit shop but I didn't meet him there. I met him down a side street and it looked like a drug deal," the inmate said of how he got the phone. "I spoke to him by the phone and went to his city and met him."

Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Encrochat took the base unit, installed its own encrypted messaging programs which route messages through the firm's own servers, and even physically removed the GPS, camera, and microphone functionality from the phone. Encrochat's phones also had a feature that would quickly wipe the device if the user entered a PIN, and ran two operating systems side-by-side. If a user wanted the device to appear innocuous, they booted into normal Android. If they wanted to return to their sensitive chats, they switched over to the Encrochat system. The company sold the phones on a subscription based model, costing thousands of dollars a year per device.

Encrochat is not the only company offering these sorts of phones. So-called "secure phone" companies often don't have public-facing executives. Instead, they hide their ownership, and some have been caught conspiring with criminals. One company, MPC, was run directly by organized criminals, as Motherboard reported last year. Vincent Ramos, the founder of another secure phone company called Phantom Secure, which started as a legitimate firm, is currently in prison in part for telling undercover agents that he created the device to help with drug trafficking. These companies regularly hire distributors based in different countries or cities, who then help sell the companies' phones directly to customers. Encrochat allegedly had ex-military personnel selling phones to criminals in at least one case.

The industry is highly competitive, with companies constantly spreading rumours about the security of each others' devices and uploading YouTube videos to discredit their rivals. Encrochat previously blocked web domains used by other firms' devices, essentially segmenting their customer base from everyone else. That means dealers often need the same sort of phone as everyone else they're working with, unless they want to be locked out of important conversations.

"Needs a fucking phone," one of the incoming Encrochat messages sent to Mark’s supposed device and obtained by Motherboard reads. "What drug dealer don't have a phone."

A screenshot of a YouTube video showing an Encrochat device. Image: YouTube

Encrochat vendors have also advertised products on crime-focused websites, marketing their wares more directly to a certain type of reader. As Martin Kok, a criminal turned blogger wrote on his site Butterfly Crime in 2015, "I see on various crime sites these things [encrypted phones] are offered for sale because many of their future clients are also criminals. Advertising on a site where bicycles are offered does not make sense for this type of company." (Motherboard previously investigated how MPC orchestrated Kok's assassination).

This is the space Encrochat sat in, controlling a sizable chunk of communications infrastructure for organized crime in Europe and several countries further afield. While a top-level Scottish drug trafficking organization created MPC and Phantom Secure's customers included members of the Sinaloa drug cartel, Encrochat was particularly popular with gangsters across Europe.

A British pair who assassinated another crime leader and an armed robber, with one acting as assassin and another as the lookout, used Encrochat phones. In one of the killings the hitman used a submachine gun. Violent drug gangs across the country also used Encrochat's phones.

"They [became] the 'industry' standard," the inmate told Motherboard.

***

In May, some Encrochat users noticed a problem: the much lauded wipe feature on their phones wasn't working. An Encrochat associate told Motherboard that at the time they believed perhaps either the user had forgotten their reset PIN number, or that the wipe feature wasn't configured properly. Nothing to be alarmed about; users make mistakes. The next month, Encrochat managed to track down one of its particular X2 model devices which had the panic wipe issue, they explained.

This wiping problem wasn't user error though. The Encrochat associate told Motherboard they found malware on the device. The phone had been hacked.

Encrypted phone companies have faced data exposure before. In 2017, someone created a website and uploaded data belonging to users of Ciphr, another firm in the space, which included email addresses and unique IMEI codes linked to the phones. This Encrochat case was different, though. This was malware on the Encrochat device itself, meaning that it could potentially read the messages written and stored on the device before they were encrypted and sent over the internet, a devastating finding for a company whose main mandate is to protect the content of communications for highly sensitive clients.

The associate told Motherboard the malware was specifically created for the X2 model. Besides disrupting the wiping feature, the malware was also designed to conceal itself from detection, record the screen lock password, and clone application data.

Realizing this was an attack, over the next two days Encrochat pushed an update to its X2 models to restore the phone's features and gather information about the malware installed on its devices around the world, the associate said.

"This was done to prevent further damage while we informed affected users," they added. Encrochat put monitoring in place to be able to keep an eye on their devices without having to physically have it in their hands.

A photo uploaded to Twitter of an Encrochat phone. Image: Twitter/@misdaadnieuw2

But almost immediately after the patch, the attackers struck again, this time seemingly harder. The malware was back and now it could change the lock screen password rather than just record it. The hackers were not stopping; they were escalating.

Going into full-on emergency mode, Encrochat sent a message to its users informing them of the ongoing attack. The company also informed its SIM provider, Dutch telecommunications firm KPN, which then blocked connections to the malicious servers, the associate claimed. Encrochat cut its own SIM service; it had an update scheduled to push to the phones, but it couldn't guarantee whether that update itself wouldn't be carrying malware too. That, and maybe KPN was working with the authorities, Encrochat's statement suggested (KPN declined to comment). Shortly after Encrochat restored SIM service, KPN removed the firewall, allowing the hackers' servers to communicate with the phones once again. Encrochat was trapped.

Encrochat decided to shut itself down entirely.

"We then took the decision to immediately shut down the SIMs and the network," the associate wrote.

Encrochat suspected this wasn't a rival company trying to mess with its infrastructure; this was likely a government.

"Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device," a message Encrochat sent to its users read. "You are advises [sic] to power off and physically dispose your device immediately," it added.

All of this came too late. Law enforcement had already extracted an extraordinary cache of data from Encrochat devices. Entire multi-million dollar drug empires nakedly laid out in reams of text messages and photos. In a press release published Thursday, French law enforcement, which spear-headed the investigation, did not go into detail about what the operation itself entailed, but said that, "The investigation made it possible to gather elements on the technical functioning of the solution [Encrochat], and led to the establishment of a technical device thanks to which unencrypted communications from users could be obtained."

"I've never seen anything like this."

The French authorities also pointed to the legal mechanism that allows for the capture of computer data by such a tool "without the consent of the interested parties, to access, in any places, computer data, to record it, to keep it and to transmit it."

The authorities had everything. Images of huge piles of narcotics laying on scales. Kilogram blocks of cocaine. Bags packed with ecstasy. Fistfuls of cannabis. Messages about planned drug drops and major deals. Photos of their family members and discussions of their other businesses.

Law enforcement agencies had acted against encrypted phone companies before. In 2018, the FBI arrested the owner of Phantom Secure. The FBI tried to convince the owner to install a backdoor into the communications system—he declined—before shutting the network down itself.

But here, authorities had managed to break in and eavesdrop not only on what criminals were saying, but listen when the criminals felt the most secure.

"Charge him 33'500 each?" one of the messages extracted from the Encrochat device allegedly owned by Mark reads. "Take 4.5 out get 6k," the texts continue, discussing specific large-scale drug deals step-by-step. Other documents mention shipments of drugs in Europe. The messages stretched back months, with some in the documents dating to April, months before Encrochat discovered the malware.

In one Encrochat message rather ironically obtained by investigators, one alleged gang member tells another that iPhones are not safe from police examination.

In the aftermath of Encrochat's message, users of the network started to panic, according to other screenshots of messages obtained by Motherboard. Multiple people tried to determine whether their particular model of Encrochat phone had been impacted.

Law enforcement's quiet coup of Encrochat was over. Over the next several days, the puzzle pieces started to fall into place: The seized shipments, the raids on drug traffickers, the mounting arrests. The common thread among all of them was Encrochat.

The encrypted phone industry source said that after the episode, Encrochat resellers couldn't log into their portal used to manage sales, locking them out of funds.

Right now, the criminal world is in disarray, their main way of communicating ruptured. Paranoid, some people are going offline, unsure of what devices to trust. Others are trying to cross borders before they are detained, the source close to criminal Encrochat users said. The source said that buying drugs in bulk just got a lot harder.

They added, "Everybody's going to ground."

In the press release, French authorities wrote "Despite the findings of the criminal use of Encrochat terminals [phones]," that they hope "users claiming to be of good faith and wishing to have their personal data deleted from the legal proceedings can send their request to the investigation department." They also invited administrators or managers of Encrochat itself to contact them if they wanted to discuss the legality of law enforcement deploying the technical tool to read messages.

Already, other encrypted phone companies are trying to fill the void left by Encrochat. A company called Omerta has been advertising directly to Encrochat's old customers. "ENCROCHAT HACKED, USERS EXPOSED & ARRESTS GALORE - THE KING IS DEAD," a blog post on its site reads. Omerta told Motherboard in an email it has seen a rise in traffic recently.

"Did you narrowly escape the recent Mass Extinction Event? Celebrate with 10 percent off. Join the Omerta family and communicate with impunity."

How Police Secretly Took Over a Global Phone Network for Organised Crime
 
You'd think with that many LE agencies involved somebody somewhere would have been on the take and leaked this out to the bad guys.
 
This is a great article. And also why I would NEVER fucking trust my freedom to some app that claims to be encrypted. You have no idea how they handle their data, how they secure their systems, where the crypto keys are stored that could decrypt all your incriminating messages in a second.

This is also the GOP congress members have introduced multiple bills that targeted privacy and freedom of speech/expression. It is so hypocritical they claim to be pro-free speech and all that, but then introduce bills that are blatant intrusions on privacy/free speech. Perfect example: Lindsey Graham (what a fucking asshole, let us hope he rots in hell) introduced the EARN IT act last year. What a nice name, right? EARN IT! Yeah! I think people should EARN IT and not be entitled to stuff?! Oh wait, except fucking PRIVACY. Yeah, everyone is entitled to privacy. Thankfully the bill died, but it is a scary thought that they are consistently trying to seize more power and move us closer and closer to a police state.

From Prostasia Organization:
"The EARN IT Act is a trojan horse bill that uses the language of child protection as cover for an insidious agenda to undermine your rights. If this Act is passed, a committee of government appointees could rewrite the rules that Internet platforms of all sizes are required to follow. These rules are likely to include requirements to weaken security and to censor discussion of sensitive topics. Still worse, EARN IT excludes actual experts in child sexual abuse prevention. Internet companies aren’t up to the task of ending child abuse. Don’t let the government get away with it!"

The bill aimed to make encryption ILLEGAL for public use. It would require police and government to be provided backdoors into ANY AND ALL encryption used on any platforms. From messages to emails to computers and hard drives, the bill aims to destroy the citizens ability to have any semblance of privacy in their communications or storage of data. Even just the simple act of PGP encrypting a message and sending it to a friend would be made illegal.

THANKFULLY the bill died and didn't receive a vote. But there were others and there will be more. It is fucking VITALLY IMPORTANT that the citizens pay attention to these things and are VOCAL in their opposition to them. Too many people are too busy watching tik tok videos and looking at pictures of buttholes on instagram.

And I am sure we are all aware of the copyright law changes that were snuck into the GOP's COVID relief bill last fall. Now sharing the wrong meme can land you a $30,000 fine. What a fucking world we live in. That's what happens when we have legalized corruption via lobbying and massive campaign donations, causing our politicians on both sides to be more aligned to big businesses and The People.

Peace out.
 
This issue isn't one sided, although the the GOP has consistently been much worse about it and initiates/sponsors these awful bills much more frequently. More recently, the Trump administration and even some of the policies of the Obama administration consistently infringed on our rights and put into place policies and programs that really make the US look more like communist China than America the land of the free.
- Trump signs internet privacy repeal
- repealed net neutrality
- attempted to expand collection of biometric data as part of "immigration enforcement"
- passed a bill to allow ISPs to sell your web browsing history and data (use a fucking VPN!) ISPs can't see encrypted data over HTTPS, but they can still see what websites/URLs you're visiting and they can figure out a TON of information based off just that. For example, you're browsing meso all dat and your ISP now knows you do steroids. They can figure out your hobbies, your sexual preferences, what kind of foods you like, where you shop at, SO MUCH info is in our browsing data and the GOP just opened it up to these fucking parasitic companies because apparently they weren't making enough money already.
- and quite a few more I don't really feel like digging up and listing.

One really important thing to know is that after the "EARN IT" bill died, Lindsey Graham and 2 of his GOP allies, Cotton and Blackburn from AR and TN, introduced a NEW BILL that is EVEN WORSE!!

The new bill MANDATES a backdoor to ALL ENCRYPTION for both data in motion (messages, emails, phone calls, etc.) and data at rest (stored data on hard drives, in the cloud, etc.).

This is written to apply to essentially every device, app, operating system, messaging/chat/social media platform, email, cloud storage, videoconferencing, smartphones and laptops, desktops, video game devices like Xbox, etc., voting machines, and even IoT devices.

Sound familiar? This is what Communist China does. Why is the GOP, who says they are all about the constitution and small government and shit, introducing all these bills to take us into a police state that resembles Russia or China, the two main countries we always say we hate and never want to be anything like?

In China the government will show up at someone's door and arrest them for some shit they found out via blatant invasion of that persons privacy, all by legally spying on them through their fucking backdoors they mandated in all technologies. This bill also could have a sweeping impact as far as making VPNs illegal, since they would be considered encryption. Way to go Lindsey Graham, you have done it again.

The sponsors say that having encryption like this is hindering the US law enforcement from catching criminals and terrorists. Yeah fucking right. I don't buy that bullshit for a fucking second. Then the only private communication option would be snail mail--and if they abolish USPS even that would be gone because UPS and FedEx can open any package they want to!!!

And I am sure we are all aware of the copyright law changes that were snuck into the GOP's COVID relief bill last fall. Now sharing the wrong meme can land you a $30,000 fine. What a fucking world we live in. That's what happens when we have legalized corruption via lobbying and massive campaign donations, causing our politicians on both sides to be more aligned to big businesses and The People.

I don't understand why people still vote for these fucking GOP assholes. Like I said, the democrats suck too, but they are definitely the lesser of two evils (with the exception of their insane thoughts on gun control, but that is a completely separate issue).

Peace out.
 
Back
Top