SKY ECC - Was the most secure "unhackable" messaging platform compromised by law enforcement?

[Millard]

This is how SKY ECC promotes its secure devices and chat app:

"SKY ECC is the most secure messaging platform you can buy. Some call it unhackable"

Dutch police claim they have compromised SKY ECC network.

SKY ECC has strongly denied such allegations.


View: https://twitter.com/andcunningham/status/1369321520527446022


(Translation by Google)

The Argus investigation has hit organized crime hard. International organisations engaged in large-scale drug trafficking and money laundering, violent settlements, etc. are entirely dependent on shielded communication. The users feel safe and think they will stay out of the hands of the police and the judiciary. The Sky ECC platform promised its users a secure global network.

Operation Argus follows the Lemont investigation, in which in 2020 the investigating services managed to read 'live' about the shoulders of large numbers of criminals who used EncroChat.

The dismantling of Sky ECC is the superlative against this background. Many users of EncroChat switched to Sky ECC last year. The company is now the world's largest provider of crypto communications with about 70,000 users. In the Netherlands, approximately 11,000 Sky accounts are assigned to Dutch users.

Source: Nieuwe klap voor georganiseerde misdaad

 

[Millard]

Statement from SKY ECC:

SKY ECC platform remains secure and no authorized Sky ECC device has been hacked​

On March 8, 2021, SKY ECC received notification of several articles published in Belgium and the Netherlands alleging that Belgian and/or Dutch authorities have cracked or hacked SKY ECC encrypted communication software. SKY ECC maintains, after thorough investigation, that all such allegations are false.

SKY ECC authorized distributors in Belgium and the Netherlands brought to our attention that a fake phishing application falsely branded as SKY ECC was illegally created, modified and side-loaded onto unsecure devices, and security features of authorized SKY ECC phones were eliminated in these bogus devices which were then sold through unauthorized channels.
SKY ECC has not been contacted by any investigative authority. SKY ECC did not authorize or cooperate with the investigative authorities or those involved with the distribution of the fake phishing application. These actions are malicious and SKY ECC is actively investigating and pursuing legal action against the offending individuals for impersonation, false lights, trademark infringement, injurious falsehood, defamation, and fraud.

SKY ECC is built on “zero-trust” security principles which assumes every request as a breach and verifies it by employing layers of security to protect its users’ messages. All SKY ECC communications are encrypted through private tunnels via private distributed networks. All messages are encrypted with today’s highest level of encryption, 521-bit elliptic curve cryptography and end-to-end encryption.

“SKY ECC believes that the individual right to privacy is paramount for anyone acting within the law,” says Jean-François Eap, CEO of SKY ECC. “The platform exists for the prevention of identity theft and hacking, the protection of personal privacy rights, and the secure operation of legitimate personal and business affairs. With the global rise of corporate espionage, cybercrime and malicious data breaches, privacy and protection of information is the foundation of the effective functioning for many industries including legal, public health, vaccine supply chains, manufacturers, celebrities and many more.”

SKY ECC firmly denies any allegation that it is the “platform of choice for criminals”. SKY ECC has a strict zero-tolerance policy that prohibits any criminal activity on its platforms. SKY ECC users and authorized distributors are expressly prohibited under the Terms of Service from using or distributing a SKY ECC device for any illicit, illegal or criminal use. Any accounts used for criminal activity are immediately deactivated.
SKY ECC service experienced temporary interruptions in connection with its servers on March 8, 2021 from 8 PM PST to 4AM PST. Services are now back to normal and SKY ECC has not been contacted by any investigative authority. SKY ECC servers do not store any user data, messages or backups.

SKY ECC remains a global leader in secure messaging technology, and all SKY ECC phones purchased directly from SKY ECC or its authorized distributors remain secure. We continue to stand by our promise of secure devices, secure networks and secure communications.

For further news updates: skyecc.com
For media inquiries, please contact media@skyecc.com

Source: https://www.skyecc.com/sky-ecc-platform-remains-secure-and-no-authorized-sky-ecc-device-has-been-hacked/ (SKY ECC platform remains secure and no authorized Sky ECC device has been hacked)

 

[Millard]

SKY ECC claimed it was more secure than Signal:


Source: https://www.skyecc.com/signal-vs-whatsapp-vs-sky-ecc-messaging-app/ (Best Secure Messaging App: Signal vs WhatsApp vs SKY ECC)

 

[Millard]

But SKY ECC's products were very pricey - you must purchase a preconfigured secure iPhone/Android device to use the app:

 

[MindlessWork]

Bet you can't get these in the US.

 

[muscletrain]

SKY ECC claimed it was more secure than Signal:

View attachment 143489
Source: https://www.skyecc.com/signal-vs-whatsapp-vs-sky-ecc-messaging-app/ (Best Secure Messaging App: Signal vs WhatsApp vs SKY ECC)

There is absolutely no way Sky ECC was more secure than Signal, these services have been around for awhile even when I was in my teens a friend had one of these special phones. This is probably the 3rd company in this field that has been busted or had its customers busted for this.

There was Phantom Secure up here in Canada that was selling special blackberries with PGP encryption. But what the crutch to all this is, is you are trusting these 3rd party companies with their 3rd party servers. ie. their PGP server handles all messages between you and other owners of these phones.

I assume SkyECC was offering something similar but even dumber with custom coded software.

Signal is 100% open source and coded by one of the foremost people in the field Moxie Marlinspike. The code can be completely audited by anyone at anytime to confirm there are zero backdoors.

I would 10000% rather have a phone not registered to my name with Signal than a $1500 SkyECC phone. It's security theater and they are more insecure by lumping themselves into a single target with the other drug kingpins and nefarious characters.

I think these secure phone companies are dumb all around.

These people need to use PGP via key exchange through something like Email if they really want to be secure. Then you can send it via yahoo mail for all I care no one is breaking that.